Antispyware Soft - unable to remove

View previous topic View next topic Go down

Antispyware Soft - unable to remove

Post by jarrettdelorenzo on Sun May 23, 2010 5:08 pm

Hello and thank you for taking the time to read my issue:

I have the "Antispyware Soft" virus on my computer and it's seemingly progressed and taken over. Currently, the only thing I'm able to do is log into my windows account and only see my background and cursor. No icons or menu bars pop up, per normal.

I have Malwarbytes' and Spybot on my computer (unfortunately unsure of when both were last updated), so I went into safe mode and ran them both. Nothing was found through either program.

While in safe mode, I am unable to access the internet (this may be normal, I'm not very familiar with how safe mode works, and what you're able to access).

I've followed most of the steps on every forum I could find, but most people seem to have caught it before I did.

When logged into my account, I am unable to use my keyboard to type in my password. So I went into safe mode and removed the password, but still cannot access anything without going into safe mode.

I saw that "OTL" seems to be a log to help you understand what's going on with each PC, but I wasn't sure if I needed to access it in normal mode, instead of safe mode.

Thanks again for your time,

-Jarrett

jarrettdelorenzo
Novice
Novice

Status :
Online
Offline

Posts : 26
Joined : 2010-05-23
OS : Windows XP

View user profile

Back to top Go down

Re: Antispyware Soft - unable to remove

Post by Belahzur on Sun May 23, 2010 5:10 pm

Hello.

Open the Task Manager via ctrl/alt/del. Go to the "Applications" tab, and press "New Task..."

In the open field, type in explorer an hit the OK button.

Does your Desktop load now?



We need to use the RKill Tool by Grinler

[You must be registered and logged in to see this link.]

  • Please Download Rkill.com. Save it to your Desktop.
  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this [You must be registered and logged in to see this link.] if you are not sure how.

  • NOTE: If you are unable to connect to the site to download rkill, then you should download it to a clean computer and copy it to the infected one via a USB flash drive or CDROM.

  • Once it is downloaded, double-click on the rkill.com in order to automatically attempt to stop any processes associated with Rogue programs.
  • Please be patient while the program looks for various malware programs and ends them.
  • When it has finished, the black window will automatically close and you can continue with the next step.
NOTE: If you get a message that rkill is an infection, do not be concerned. This message is just a fake warning given by the rogue program, when it terminates programs that may potentially remove it. If you run into these infections warnings that close Rkill, a trick is to leave the warning on the screen and then run Rkill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself so that rkill can terminate the rogue program. So, please try running Rkill until the malware is no longer running. You will then be able to proceed with the rest of the steps.

If you continue having problems running rkill.com, you can download:
[You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.]
which are renamed copies of rkill.com, and try them instead.

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Antispyware Soft - unable to remove

Post by jarrettdelorenzo on Sun May 23, 2010 5:12 pm

Sorry, did you want me to follow these instructions in safe mode, or try logging into normal mode? In normal mode, my keyboard is not functioning.

jarrettdelorenzo
Novice
Novice

Status :
Online
Offline

Posts : 26
Joined : 2010-05-23
OS : Windows XP

View user profile

Back to top Go down

Re: Antispyware Soft - unable to remove

Post by Belahzur on Sun May 23, 2010 5:24 pm

Safe Mode then. Smile


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Antispyware Soft - unable to remove

Post by jarrettdelorenzo on Mon May 24, 2010 11:49 pm

OTL logfile created on: 5/24/2010 4:44:38 PM - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Jarr\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 78.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.79 Gb Total Space | 8.71 Gb Free Space | 12.47% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DFR1NK81
Current User Name: Jarr
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/24 16:44:00 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jarr\My Documents\Downloads\OTL.exe
PRC - [2010/04/03 11:54:13 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/05/24 16:44:00 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jarr\My Documents\Downloads\OTL.exe
MOD - [2008/04/13 17:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/11/24 15:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/11/24 15:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/11/24 15:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/11/24 15:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2008/04/24 13:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2)
SRV - [2007/03/07 16:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Stopped] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2005/04/25 19:34:12 | 000,466,944 | ---- | M] (Dell) [On_Demand | Stopped] -- C:\WINDOWS\System32\dlbucoms.exe -- (dlbu_device)
SRV - [2002/12/17 17:23:30 | 000,311,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlagent.EXE -- (SQLAgent$MICROSOFTBCM)


========== Driver Services (SafeList) ==========

DRV - [2010/04/30 17:49:47 | 000,000,000 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.hs -- (LVUVC) Logitech QuickCam Pro 9000(UVC)
DRV - [2009/11/24 15:50:59 | 000,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009/11/24 15:50:12 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2009/11/24 15:50:00 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/11/24 15:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009/11/24 15:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009/11/24 15:47:54 | 000,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/02/18 20:12:31 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/04/13 11:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/13 11:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 11:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 11:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 09:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/02/25 13:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 17:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/06/14 20:40:08 | 000,180,864 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) High Definition Audio Driver (WDM)
DRV - [2005/05/31 06:33:00 | 000,100,605 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2005/05/31 06:33:00 | 000,098,716 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2005/05/31 06:33:00 | 000,086,876 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2005/05/31 06:33:00 | 000,034,845 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2005/05/31 06:33:00 | 000,025,725 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2005/05/31 06:33:00 | 000,015,069 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2005/05/31 06:33:00 | 000,006,365 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2005/05/31 06:33:00 | 000,004,125 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2005/05/31 06:33:00 | 000,002,241 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres)
DRV - [2005/05/13 11:37:28 | 000,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5)
DRV - [2005/05/13 11:37:20 | 000,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln)
DRV - [2005/04/22 04:22:00 | 000,088,352 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2005/04/21 03:56:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm)
DRV - [2005/03/30 03:03:06 | 001,035,264 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/11/02 13:12:14 | 000,019,456 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iqvw32.sys -- (NAL)
DRV - [2004/08/10 03:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/10 03:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2004/08/03 20:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/06/16 01:52:40 | 000,061,157 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
DRV - [2004/03/06 02:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)
DRV - [2004/03/06 02:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
DRV - [2004/03/06 02:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)
DRV - [2002/11/08 17:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)
DRV - [2001/08/17 12:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 12:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 12:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 12:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 12:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 11:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 11:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 11:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 11:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 11:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 11:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 11:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 11:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 11:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 11:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 11:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=&query="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0.0.071303000006
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.3
FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=&query="

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/04/10 21:16:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/10 21:16:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/10 21:16:54 | 000,000,000 | ---D | M]

[2009/01/06 18:43:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jarr\Application Data\Mozilla\Extensions
[2010/05/21 10:09:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jarr\Application Data\Mozilla\Firefox\Profiles\ap2wdtov.default\extensions
[2009/05/15 14:58:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jarr\Application Data\Mozilla\Firefox\Profiles\ap2wdtov.default\extensions\moveplayer@movenetworks.com
[2009/10/17 13:24:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jarr\Application Data\Mozilla\Firefox\Profiles\ap2wdtov.default\extensions\staged-xpis
[2009/05/07 11:57:26 | 000,001,728 | ---- | M] () -- C:\Documents and Settings\Jarr\Application Data\Mozilla\Firefox\Profiles\ap2wdtov.default\searchplugins\aim-search.xml
[2010/05/23 10:23:14 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/02/16 22:06:54 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/02/27 21:35:54 | 000,036,864 | ---- | M] (Homestead Technologies, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nphssb.dll
[2005/04/27 13:10:49 | 000,102,400 | ---- | M] (RealNetworks) -- C:\Program Files\Mozilla Firefox\plugins\npracplug.dll
[2007/04/16 10:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: ([2009/01/18 17:39:47 | 000,290,772 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 10015 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - No CLSID value found.
O2 - BHO: (no name) - {76B682FE-3229-42C0-A73C-92E1D8B6A850} - No CLSID value found.
O2 - BHO: (no name) - {97FA8DA8-AEF3-49AF-BE7A-60AF509EC473} - No CLSID value found.
O2 - BHO: (no name) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - No CLSID value found.
O2 - BHO: () - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O2 - BHO: (no name) - {DB35C569-5624-4CFC-8043-E5139F55A073} - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [ddoctorv2] C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [Dell Photo AIO Printer 942] C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe ()
O4 - HKLM..\Run: [DellMCM] C:\Program Files\Dell Photo AIO Printer 942\memcard.exe ()
O4 - HKLM..\Run: [DLBUCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBUtime.DLL ()
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit, Inc.)
O4 - Startup: C:\Documents and Settings\Jarr\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: XCQIlG2vLd = C:\Documents and Settings\All Users\Application Data\alqnobmr\yrmlcryt.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} [You must be registered and logged in to see this link.] (Snapfish Activia)
O16 - DPF: {42D06124-98A2-47EC-8098-3778B58CE7D5} [You must be registered and logged in to see this link.] (SupportSoft External Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} [You must be registered and logged in to see this link.] (MSN Photo Upload Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O16 - DPF: Microsoft XML Parser for Java [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\inbox {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\vtUklkJY: DllName - vtUklkJY.dll - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Jarr\Application Data\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jarr\Application Data\Mozilla\Firefox\Desktop Background.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/19 14:07:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/05/23 12:04:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/05/22 14:50:25 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2010/05/21 17:51:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/05/21 17:51:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/05/21 17:45:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jarr\Local Settings\Application Data\phpbfjmpp
[2010/04/30 17:42:39 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/24 16:39:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/24 16:38:13 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/24 16:38:08 | 008,388,608 | -H-- | M] () -- C:\Documents and Settings\Jarr\NTUSER.DAT
[2010/05/24 16:38:08 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Jarr\ntuser.ini
[2010/05/24 07:28:52 | 000,001,044 | ---- | M] () -- C:\Documents and Settings\Jarr\Application Data\vso_ts_preview.xml
[2010/05/23 15:16:47 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-624974805-3402187148-1052777800-1007.job
[2010/05/23 15:16:47 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-624974805-3402187148-1052777800-1008.job
[2010/05/23 14:00:00 | 000,000,308 | ---- | M] () -- C:\WINDOWS\tasks\osmxvkqe.job
[2010/05/23 13:18:37 | 004,314,316 | -H-- | M] () -- C:\Documents and Settings\Jarr\Local Settings\Application Data\IconCache.db
[2010/05/23 10:33:05 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/05/23 10:30:54 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-624974805-3402187148-1052777800-1007.job
[2010/05/23 09:29:51 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/05/23 09:17:14 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/05/23 09:17:12 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\Jarr\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/21 17:29:12 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-624974805-3402187148-1052777800-1008.job
[2010/05/21 10:28:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/05/15 20:21:41 | 000,000,067 | ---- | M] () -- C:\WINDOWS\Easy Avi Divx Xvid to DVD Burner.INI
[2010/05/09 14:17:48 | 000,463,200 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/05/09 14:17:48 | 000,080,226 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/05/09 14:17:47 | 000,550,872 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/05/08 11:36:52 | 000,000,151 | ---- | M] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2010/04/30 17:49:47 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/23 10:30:57 | 000,000,280 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-624974805-3402187148-1052777800-1007.job
[2010/05/23 10:30:54 | 000,000,288 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-624974805-3402187148-1052777800-1007.job
[2010/05/23 09:29:48 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/05/08 11:36:52 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2009/05/15 23:39:42 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/05/15 22:57:22 | 000,000,039 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2009/05/15 20:57:52 | 000,000,067 | ---- | C] () -- C:\WINDOWS\Easy Avi Divx Xvid to DVD Burner.INI
[2009/03/30 18:23:27 | 000,000,365 | ---- | C] () -- C:\WINDOWS\S3D.ini
[2009/02/18 20:12:30 | 000,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009/02/13 19:45:19 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2009/02/13 19:45:19 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2009/02/13 19:45:19 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2008/11/16 13:05:13 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2007/10/29 17:36:17 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2007/10/29 14:31:46 | 000,000,615 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2005/09/28 10:01:23 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/09/28 09:52:56 | 000,000,504 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/09/28 09:40:37 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/09/28 09:13:10 | 000,000,394 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/05/25 18:24:22 | 000,000,378 | ---- | C] () -- C:\WINDOWS\System32\dlbuplc.ini
[2005/05/04 20:58:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/04/15 03:22:24 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\dlbuinsr.dll
[2005/04/15 03:22:20 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\dlbucur.dll
[2005/04/15 03:22:02 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\dlbujswr.dll
[2005/04/15 03:14:50 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlbuinsb.dll
[2005/04/15 03:14:44 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\dlbucub.dll
[2005/04/15 03:14:40 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\dlbuins.dll
[2005/04/15 03:13:42 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\dlbucu.dll
[2005/04/15 02:59:46 | 000,397,312 | ---- | C] () -- C:\WINDOWS\System32\dlbuutil.dll
[2005/04/12 19:20:38 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\dlbusnls.dll
[2005/04/12 19:19:58 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlbucoin.dll
[2005/02/23 19:12:10 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbuvs.dll
[2004/08/19 14:20:39 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/19 14:01:43 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/01/07 13:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
< End of report >

jarrettdelorenzo
Novice
Novice

Status :
Online
Offline

Posts : 26
Joined : 2010-05-23
OS : Windows XP

View user profile

Back to top Go down

Re: Antispyware Soft - unable to remove

Post by jarrettdelorenzo on Tue May 25, 2010 12:03 am

For some reason I cannot post the other log...it keeps telling me the connection is reset.

"The connection was reset.



The connection to the server was reset while the page was loading.

* The site could be temporarily unavailable or too busy. Try again in a few
moments.

* If you are unable to load any pages, check your computer's network
connection.

* If your computer or network is protected by a firewall or proxy, make sure
that Firefox is permitted to access the Web."

jarrettdelorenzo
Novice
Novice

Status :
Online
Offline

Posts : 26
Joined : 2010-05-23
OS : Windows XP

View user profile

Back to top Go down

Re: Antispyware Soft - unable to remove

Post by jarrettdelorenzo on Tue May 25, 2010 12:05 am

OTL Extras logfile created on: 5/24/2010 4:44:38 PM - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Jarr\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 78.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.79 Gb Total Space | 8.71 Gb Free Space | 12.47% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DFR1NK81
Current User Name: Jarr
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Grisoft\AVG7\avginet.exe" = C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe -- File not found
"C:\Program Files\Grisoft\AVG7\avgamsvr.exe" = C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe -- File not found
"C:\Program Files\Grisoft\AVG7\avgcc.exe" = C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe -- File not found
"C:\Program Files\Grisoft\AVG7\avgemc.exe" = C:\Program Files\Grisoft\AVG7\avgemc.exe:*:Enabled:avgemc.exe -- File not found
"C:\Program Files\World of Warcraft\BackgroundDownloader.exe" = C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader -- File not found
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- File not found
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- File not found
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- File not found
"C:\World of Warcraft\BackgroundDownloader.exe" = C:\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader -- File not found
"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- ()
"C:\Program Files\Curse\CurseClient.exe" = C:\Program Files\Curse\CurseClient.exe:*:Enabled:Curse Client -- File not found
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- File not found
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze -- (Vuze Inc.)
"C:\Documents and Settings\Jarr\Local Settings\Apps\2.0\JVH44PNE.CVJ\B8QZZMWK.7N6\curs..tion_eee711038731a406_0004.0000_152ef8e82e8f5a48\CurseClient.exe" = C:\Documents and Settings\Jarr\Local Settings\Apps\2.0\JVH44PNE.CVJ\B8QZZMWK.7N6\curs..tion_eee711038731a406_0004.0000_152ef8e82e8f5a48\CurseClient.exe:*:Enabled:Curse Client 4.0 -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07059A92-DAB8-442C-85FE-0B0938E41033}" = Nero 7 Essentials
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{0F756CD9-4A1E-409B-B101-601DDC4C03AA}" = Qualxserve Service Agreement
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{14374619-0900-4056-BA06-C87C900AF9E6}" = QuickBooks Simple Start Special Edition
"{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}" = Rhapsody Player Engine
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 17
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZeroInstallers
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{36BD0774-6CD6-4FF9-A148-83CA09AC123E}" = Intel(R) PROSafe for Wired Connections
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Modem On Hold
"{403EF592-953B-4794-BCEF-ECAB835C2095}" = Intel(R) PROSafe for Wired Connections
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{612AD33D-9824-4E87-8396-92374E91C4BB}_is1" = Inbox Toolbar
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{66563AD8-637B-407F-BCA7-0233A16891AB}" = Business Contact Manager for Outlook 2003
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.6.4.158
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}" = Modem Event Monitor
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{91CA0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{AF06CAE4-C134-44B1-B699-14FBDB63BD37}" = Dell Picture Studio v3.0
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D87149B3-7A1D-4548-9CBF-032B791E5908}" = Desktop Doctor
"{E7559288-223B-453C-9F06-340E3BE21E39}" = MyWay Search Assistant
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{FF523622-F4CB-463C-86EF-7EB94C5DD7BB}" = G23942EN
"8461-7759-5462-8226" = Vuze
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ATI Display Driver" = ATI Display Driver
"avast!" = avast! Antivirus
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"Dell Photo AIO Printer 942" = Dell Photo AIO Printer 942
"Easy Avi/Divx/Xvid to DVD Burner_is1" = Easy Avi/Divx/Xvid to DVD Burner 2.5.1
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Intel(R) 537EP V9x DF PCI Modem" = Intel(R) 537EP V9x DF PCI Modem
"Intuit SiteBuilder" = Intuit SiteBuilder
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PROSetDX" = Intel(R) PRO Network Connections Software v9.2.4.11
"RealPlayer 12.0" = RealPlayer
"ST6UNST #1" = DKP Profiler
"StreetPlugin" = Learn2 Player (Uninstall Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"WebCyberCoach_wtrb" = WebCyberCoach 3.2 Dell
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
"538e2a4af313161a" = FasterPing

========== Last 10 Event Log Errors ==========

jarrettdelorenzo
Novice
Novice

Status :
Online
Offline

Posts : 26
Joined : 2010-05-23
OS : Windows XP

View user profile

Back to top Go down

Re: Antispyware Soft - unable to remove

Post by jarrettdelorenzo on Tue May 25, 2010 12:07 am

Now it only let me post part of it. Ugh.

jarrettdelorenzo
Novice
Novice

Status :
Online
Offline

Posts : 26
Joined : 2010-05-23
OS : Windows XP

View user profile

Back to top Go down

Re: Antispyware Soft - unable to remove

Post by Belahzur on Tue May 25, 2010 12:20 am

Hello.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :OTL
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (no name) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - No CLSID value found.
    O2 - BHO: (no name) - {76B682FE-3229-42C0-A73C-92E1D8B6A850} - No CLSID value found.
    O2 - BHO: (no name) - {97FA8DA8-AEF3-49AF-BE7A-60AF509EC473} - No CLSID value found.
    O2 - BHO: (no name) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - No CLSID value found.
    O2 - BHO: (no name) - {DB35C569-5624-4CFC-8043-E5139F55A073} - No CLSID value found.
    O20 - Winlogon\Notify\vtUklkJY: DllName - vtUklkJY.dll - File not found
    [2010/05/21 17:45:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jarr\Local Settings\Application Data\phpbfjmpp
    [2010/05/23 14:00:00 | 000,000,308 | ---- | M] () -- C:\WINDOWS\tasks\osmxvkqe.job



  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Antispyware Soft - unable to remove

Post by jarrettdelorenzo on Tue May 25, 2010 1:53 am

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{76B682FE-3229-42C0-A73C-92E1D8B6A850}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{76B682FE-3229-42C0-A73C-92E1D8B6A850}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{97FA8DA8-AEF3-49AF-BE7A-60AF509EC473}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{97FA8DA8-AEF3-49AF-BE7A-60AF509EC473}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b0cda128-b425-4eef-a174-61a11ac5dbf8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b0cda128-b425-4eef-a174-61a11ac5dbf8}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DB35C569-5624-4CFC-8043-E5139F55A073}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DB35C569-5624-4CFC-8043-E5139F55A073}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\vtUklkJY\ deleted successfully.
C:\Documents and Settings\Jarr\Local Settings\Application Data\phpbfjmpp folder moved successfully.
C:\WINDOWS\tasks\osmxvkqe.job moved successfully.

OTL by OldTimer - Version 3.2.5.0 log created on 05242010_185247

jarrettdelorenzo
Novice
Novice

Status :
Online
Offline

Posts : 26
Joined : 2010-05-23
OS : Windows XP

View user profile

Back to top Go down

Re: Antispyware Soft - unable to remove

Post by Belahzur on Tue May 25, 2010 8:27 pm

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Antispyware Soft - unable to remove

Post by jarrettdelorenzo on Tue May 25, 2010 11:04 pm

Malwarebytes' Anti-Malware 1.46
[You must be registered and logged in to see this link.]

Database version: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/25/2010 4:02:08 PM
mbam-log-2010-05-25 (16-02-08).txt

Scan type: Quick scan
Objects scanned: 151421
Time elapsed: 14 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

jarrettdelorenzo
Novice
Novice

Status :
Online
Offline

Posts : 26
Joined : 2010-05-23
OS : Windows XP

View user profile

Back to top Go down

Re: Antispyware Soft - unable to remove

Post by Belahzur on Tue May 25, 2010 11:05 pm

Hello.

Please re-open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan.

Post the new log when done.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Antispyware Soft - unable to remove

Post by jarrettdelorenzo on Tue May 25, 2010 11:12 pm

Sorry about that, though it was already updated. I've had MBAM on my computer for awhile now, but was only recently able to get on my desktop and the internet without using safe mode (I've ran MBAM about 1200 times since then).
It seems most of the problems have been fixed, but I'm still unable to use my keyboard...some of my desktop icons disappeared, and I get a few random pop ups in normal mode. Firefox also prompted me to check a bunch of boxes for addons or continue in "SAfe Mode". I wasn't sure what to do, so I just continued in safe mode.
I'm running MBAM now and I'll post the log when it's done. Just thought I'd update you on what's happening on this end. Thanks again for your time/patience.

-Jarrett

jarrettdelorenzo
Novice
Novice

Status :
Online
Offline

Posts : 26
Joined : 2010-05-23
OS : Windows XP

View user profile

Back to top Go down

Re: Antispyware Soft - unable to remove

Post by jarrettdelorenzo on Tue May 25, 2010 11:21 pm

I ran this in safe mode, hope that doesn't matter.



Malwarebytes' Anti-Malware 1.46
[You must be registered and logged in to see this link.]

Database version: 4143

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

5/25/2010 4:18:28 PM
mbam-log-2010-05-25 (16-18-28).txt

Scan type: Quick scan
Objects scanned: 155009
Time elapsed: 10 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

jarrettdelorenzo
Novice
Novice

Status :
Online
Offline

Posts : 26
Joined : 2010-05-23
OS : Windows XP

View user profile

Back to top Go down

Re: Antispyware Soft - unable to remove

Post by Belahzur on Tue May 25, 2010 11:29 pm

Hello.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    Adobe Reader 7.0
    Java 2 Runtime Environment, SE v1.4.2_03
    Java(TM) 6 Update 6
    Java(TM) 6 Update 17
    Viewpoint Media Player

Updating Java:

  • Download the latest version of [You must be registered and logged in to see this link.].
  • Click the "Download JRE" button to the right.
  • In the Window that opens, select your platform, check the "agree" box, and click Continue.
  • Click on the link to download Windows Offline Installation and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Then from your desktop double-click on jre-6u20-windows-i586.exe that you downloaded to install the newest version.

Then download and install [You must be registered and logged in to see this link.]

Run ESET Online Scan
Please do an online scan with [You must be registered and logged in to see this link.]. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Antispyware Soft - unable to remove

Post by jarrettdelorenzo on Wed May 26, 2010 12:02 am

I lost internet again...and when I tried to log over to normal mode to delete those programs, my desktop wouldn't show up...took a few restarts to get it running. Not sure why the internet isn't working again on that computer...this and the other are on the same connection.

jarrettdelorenzo
Novice
Novice

Status :
Online
Offline

Posts : 26
Joined : 2010-05-23
OS : Windows XP

View user profile

Back to top Go down

Re: Antispyware Soft - unable to remove

Post by Belahzur on Wed May 26, 2010 12:03 am

Hello.

Remove the Proxy setting in Internet Explorer and/or in FireFox.

    In Internet Explorer
  1. Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.

    In Firefox
  1. Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection > Choose "No Proxy"
  2. Click the apply button and restart that computer in normal mode.

Do you have net connection now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Antispyware Soft - unable to remove

Post by jarrettdelorenzo on Wed May 26, 2010 5:35 am

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=ebf1364825e5c546aa8bc999e5c771b7
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-05-26 03:33:35
# local_time=2010-05-25 08:33:35 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=769 16775125 100 98 0 210203270 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=103769
# found=4
# cleaned=4
# scan_time=8299
C:\Documents and Settings\Brenda\Local Settings\Temporary Internet Files\Content.IE5\ITL6K5IL\warning[1].gif Win32/TrojanDownloader.FakeAlert.ACR trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Brenda\Local Settings\Temporary Internet Files\Content.IE5\RNJZM7WK\winlogon[1].htm probably a variant of Win32/TrojanDownloader.Agent trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\AQYA9BOI\warning[1].gif Win32/TrojanDownloader.FakeAlert.ACR trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\ZY7SKPQ5\winlogon[1].htm probably a variant of Win32/TrojanDownloader.Agent trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

jarrettdelorenzo
Novice
Novice

Status :
Online
Offline

Posts : 26
Joined : 2010-05-23
OS : Windows XP

View user profile

Back to top Go down

Re: Antispyware Soft - unable to remove

Post by Belahzur on Wed May 26, 2010 10:01 pm

Hello.

Please download [You must be registered and logged in to see this link.] to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp
    files, execution time should be anywhere from a few seconds to a minute
    or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.


How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Antispyware Soft - unable to remove

Post by jarrettdelorenzo on Wed May 26, 2010 10:34 pm

Still unable to use my keyboard unless I'm in safe mode. And when I try to log into my account, sometimes it won't load windows...all I see is my background.

There is a window that pops up when I first log into my account. Not sure if it has relevance to anything:

"Launching Application..."
Then it thinks for a minute and says:

"Cannot Start Application"

Application cannot be started. Contact the application vendor.
"Okay" "Details"

Here are the "Details":

PLATFORM VERSION INFO
Windows : 5.1.2600.196608 (Win32NT)
Common Language Runtime : 2.0.50727.3603
System.Deployment.dll : 2.0.50727.3053 (netfxsp.050727-3000)
mscorwks.dll : 2.0.50727.3603 (GDR.050727-3600)
dfdll.dll : 2.0.50727.3053 (netfxsp.050727-3000)
dfshim.dll : 2.0.50727.3053 (netfxsp.050727-3000)

SOURCES
Deployment url : [You must be registered and logged in to see this link.]

ERROR SUMMARY
Below is a summary of the errors, details of these errors are listed later in the log.
* Activation of C:\Documents and Settings\Jarr\Start Menu\Programs\Startup\CurseClientStartup.ccip resulted in exception. Following failure messages were detected:
+ Activation failed.
+ The system cannot find the file specified. (Exception from HRESULT: 0x80070002)

COMPONENT STORE TRANSACTION FAILURE SUMMARY
No transaction error was detected.

WARNINGS
There were no warnings during this operation.

OPERATION PROGRESS STATUS
* [5/26/2010 3:36:52 PM] : Activation of C:\Documents and Settings\Jarr\Start Menu\Programs\Startup\CurseClientStartup.ccip has started.
* [5/26/2010 3:36:58 PM] : Performing necessary update check as specified by the deployment.

ERROR DETAILS
Following errors were detected during this operation.
* [5/26/2010 3:37:00 PM] System.Deployment.Application.DeploymentException (Activation)
- Activation failed.
- Source: System.Deployment
- Stack trace:
at System.Deployment.Application.ComponentStore.ActivateApplication(DefinitionAppId appId, String activationParameter, Boolean useActivationParameter)
at System.Deployment.Application.SubscriptionStore.ActivateApplication(DefinitionAppId appId, String activationParameter, Boolean useActivationParameter)
at System.Deployment.Application.ApplicationActivator.Activate(DefinitionAppId appId, AssemblyManifest appManifest, String activationParameter, Boolean useActivationParameter)
at System.Deployment.Application.ApplicationActivator.ProcessOrFollowExtension(Uri associatedFile, String textualSubId, String deploymentProviderUrlFromExtension, String& errorPageUrl, TempFile& deployFile)
at System.Deployment.Application.ApplicationActivator.PerformDeploymentActivation(Uri activationUri, Boolean isShortcut, String textualSubId, String deploymentProviderUrlFromExtension, BrowserSettings browserSettings, String& errorPageUrl)
at System.Deployment.Application.ApplicationActivator.ActivateDeploymentWorker(Object state)
--- Inner Exception ---
System.IO.FileNotFoundException
- The system cannot find the file specified. (Exception from HRESULT: 0x80070002)
- Source: System.Deployment
- Stack trace:
at System.Deployment.Application.NativeMethods.CorLaunchApplication(UInt32 hostType, String applicationFullName, Int32 manifestPathsCount, String[] manifestPaths, Int32 activationDataCount, String[] activationData, PROCESS_INFORMATION processInformation)
at System.Deployment.Application.ComponentStore.ActivateApplication(DefinitionAppId appId, String activationParameter, Boolean useActivationParameter)

COMPONENT STORE TRANSACTION DETAILS
No transaction information is available.

jarrettdelorenzo
Novice
Novice

Status :
Online
Offline

Posts : 26
Joined : 2010-05-23
OS : Windows XP

View user profile

Back to top Go down

Re: Antispyware Soft - unable to remove

Post by jarrettdelorenzo on Fri May 28, 2010 10:44 pm

Bump.

jarrettdelorenzo
Novice
Novice

Status :
Online
Offline

Posts : 26
Joined : 2010-05-23
OS : Windows XP

View user profile

Back to top Go down

Re: Antispyware Soft - unable to remove

Post by Belahzur on Sat May 29, 2010 9:21 pm

Please download the current version of HijackThis from [You must be registered and logged in to see this link.]

  • Double click and run the installer.
  • It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  • After installing, you should get the user agreement, press accept and Hijack This will run.
  • Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Antispyware Soft - unable to remove

Post by jarrettdelorenzo on Sun May 30, 2010 12:00 am

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 5:00:22 PM, on 5/29/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell Photo AIO Printer 942\memcard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - (no file)
O2 - BHO: (no name) - {76B682FE-3229-42C0-A73C-92E1D8B6A850} - (no file)
O2 - BHO: (no name) - {97FA8DA8-AEF3-49AF-BE7A-60AF509EC473} - (no file)
O2 - BHO: (no name) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - (no file)
O2 - BHO: (no name) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\PROGRA~1\INBOXT~1\Inbox.dll
O2 - BHO: (no name) - {DB35C569-5624-4CFC-8043-E5139F55A073} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Inbox Toolbar - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\PROGRA~1\INBOXT~1\Inbox.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Dell Photo AIO Printer 942] "C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe"
O4 - HKLM\..\Run: [DellMCM] "C:\Program Files\Dell Photo AIO Printer 942\memcard.exe"
O4 - HKLM\..\Run: [DLBUCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBUtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [XCQIlG2vLd] C:\Documents and Settings\All Users\Application Data\alqnobmr\yrmlcryt.exe
O4 - HKUS\S-1-5-18\..\Run: [msiexec.exe] msiconf.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msiexec.exe] msiconf.exe (User 'Default user')
O4 - Startup: CurseClientStartup.ccip
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - [You must be registered and logged in to see this link.]
O16 - DPF: {42D06124-98A2-47EC-8098-3778B58CE7D5} (SupportSoft External Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - [You must be registered and logged in to see this link.]
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - [You must be registered and logged in to see this link.]
O18 - Protocol: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~1\INBOXT~1\Inbox.dll
O20 - Winlogon Notify: vtUklkJY - Invalid registry found
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlbu_device - Dell - C:\WINDOWS\system32\dlbucoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (file missing)
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe

--
End of file - 10970 bytes

jarrettdelorenzo
Novice
Novice

Status :
Online
Offline

Posts : 26
Joined : 2010-05-23
OS : Windows XP

View user profile

Back to top Go down

Re: Antispyware Soft - unable to remove

Post by Belahzur on Sun May 30, 2010 10:07 pm

Hello.

  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Antispyware Soft - unable to remove

Post by jarrettdelorenzo on Mon May 31, 2010 8:01 pm

ComboFix 10-05-30.09 - Jarr 05/31/2010 12:32:24.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1534.1054 [GMT -7:00]
Running from: c:\restore\Jarr\Desktop\Combo-Fix.exe
AV: avast! antivirus 4.8.1368 [VPS 100531-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Jarr\Application Data\inst.exe
c:\temp\tpBe12
c:\windows\system32\bszip.dll
c:\windows\system32\ineWc01
c:\windows\system32\test.ttt

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SENEKA


((((((((((((((((((((((((( Files Created from 2010-04-28 to 2010-05-31 )))))))))))))))))))))))))))))))
.

2010-05-29 23:59 . 2010-05-29 23:59 -------- d-----w- c:\program files\TrendMicro
2010-05-29 23:56 . 2010-05-29 23:56 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
2010-05-26 01:12 . 2010-05-26 01:12 -------- d-----w- c:\program files\ESET
2010-05-26 01:02 . 2010-05-26 01:02 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-05-26 01:02 . 2010-05-26 01:02 -------- dc----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2010-05-26 01:02 . 2010-05-26 01:02 -------- dc----w- c:\documents and settings\All Users\Application Data\McAfee
2010-05-26 01:02 . 2010-05-29 22:52 -------- d-----w- c:\program files\McAfee Security Scan
2010-05-26 01:01 . 2010-05-26 22:28 -------- dc----w- c:\documents and settings\All Users\Application Data\NOS
2010-05-26 01:00 . 2010-05-26 01:00 -------- d-----w- c:\program files\Common Files\Java
2010-05-26 01:00 . 2010-05-26 00:59 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-25 01:52 . 2010-05-25 01:52 -------- dc----w- C:\_OTL
2010-05-23 17:23 . 2010-05-23 17:23 -------- d-----w- c:\documents and settings\Brenda\Application Data\Malwarebytes
2010-05-23 16:29 . 2010-05-26 00:05 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-22 21:51 . 2010-05-22 21:51 -------- dcsh--w- c:\documents and settings\Administrator\PrivacIE
2010-05-22 21:32 . 2010-05-22 21:32 -------- dc----w- c:\documents and settings\Administrator\Local Settings\Application Data\BVRP Software
2010-05-22 02:35 . 2010-05-22 02:35 -------- dc----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-05-22 02:34 . 2010-05-22 02:34 -------- dcsh--w- c:\documents and settings\Administrator\IETldCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-31 18:52 . 2009-06-01 07:07 -------- d-----w- c:\documents and settings\Jarr\Application Data\Vso
2010-05-29 23:59 . 2010-05-29 23:59 388096 ----a-r- c:\documents and settings\Jarr\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-05-27 04:09 . 2009-02-14 03:03 -------- d-----w- c:\documents and settings\Jarr\Application Data\Azureus
2010-05-26 01:04 . 2007-11-24 20:15 -------- d-----w- c:\program files\Common Files\Adobe
2010-05-26 01:02 . 2010-05-26 01:02 86016 -c--a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2010-05-26 01:00 . 2010-05-26 01:00 503808 ----a-w- c:\documents and settings\Jarr\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-27c61ba7-n\msvcp71.dll
2010-05-26 01:00 . 2010-05-26 01:00 499712 ----a-w- c:\documents and settings\Jarr\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-27c61ba7-n\jmc.dll
2010-05-26 01:00 . 2010-05-26 01:00 348160 ----a-w- c:\documents and settings\Jarr\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-27c61ba7-n\msvcr71.dll
2010-05-26 01:00 . 2010-05-26 01:00 61440 ----a-w- c:\documents and settings\Jarr\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-4b39493b-n\decora-sse.dll
2010-05-26 01:00 . 2010-05-26 01:00 12800 ----a-w- c:\documents and settings\Jarr\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-4b39493b-n\decora-d3d.dll
2010-05-25 23:56 . 2005-09-28 16:51 -------- dc----w- c:\documents and settings\All Users\Application Data\Viewpoint
2010-05-25 23:56 . 2005-09-28 16:32 -------- d-----w- c:\program files\Java
2010-05-23 17:43 . 2009-01-08 09:49 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-05-23 17:24 . 2009-01-10 03:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-22 02:32 . 2010-03-31 10:17 660712 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-05-16 16:50 . 2009-02-14 03:03 -------- d-----w- c:\program files\Vuze
2010-05-01 00:55 . 2008-06-08 06:51 -------- d-----w- c:\documents and settings\Jarr\Application Data\Yahoo!
2010-05-01 00:55 . 2008-06-07 16:50 -------- dc----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-05-01 00:54 . 2005-09-28 16:38 -------- d-----w- c:\program files\CyberLink
2010-05-01 00:49 . 2008-06-12 03:48 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-05-01 00:48 . 2008-06-12 03:40 -------- dc----w- c:\documents and settings\All Users\Application Data\Logishrd
2010-05-01 00:46 . 2008-06-07 16:50 -------- d-----w- c:\program files\Yahoo!
2010-04-29 22:39 . 2009-01-10 03:32 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 22:39 . 2009-01-10 03:32 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-17 18:00 . 2009-04-23 22:48 4141117 ----a-w- c:\documents and settings\Jarr\Application Data\Azureus\plugins\vuzexcode\mediainfo.exe
2010-04-17 18:00 . 2010-04-17 18:00 7282688 ----a-w- c:\documents and settings\Jarr\Application Data\Azureus\plugins\vuzexcode\ffmpeg.exe
2010-04-16 10:07 . 2008-06-12 03:47 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2010-04-14 00:38 . 2010-04-14 00:38 249856 ------w- c:\windows\Setup1.exe
2010-04-14 00:38 . 2010-04-14 00:38 73216 ----a-w- c:\windows\ST6UNST.EXE
2010-04-11 19:27 . 2009-06-01 07:07 47360 ----a-w- c:\documents and settings\Jarr\Application Data\pcouffin.sys
2010-04-11 19:27 . 2009-06-01 07:07 47360 ----a-w- c:\documents and settings\Jarr\Application Data\pcouffin.sys
2010-04-11 04:16 . 2010-04-11 04:16 45056 -c--a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-04-11 04:16 . 2010-04-11 04:16 45056 -c--a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-04-11 04:16 . 2010-04-11 04:16 45056 -c--a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-04-11 04:16 . 2010-04-11 04:16 49152 -c--a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-04-11 04:16 . 2010-04-11 04:16 45056 -c--a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-04-11 04:16 . 2010-04-11 04:16 308808 -c--a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-04-11 04:16 . 2010-04-11 04:16 14848 -c--a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
2010-04-11 04:16 . 2010-04-11 04:16 40960 -c--a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-04-11 04:16 . 2010-04-11 04:16 341600 -c--a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-04-11 04:16 . 2005-09-28 16:50 -------- d-----w- c:\program files\Common Files\Real
2010-04-11 04:16 . 2005-09-28 16:50 -------- d-----w- c:\program files\Real
2010-04-11 04:16 . 2010-04-11 04:16 -------- d-----w- c:\program files\Common Files\xing shared
2010-04-11 03:53 . 2009-02-24 20:24 10686001 ----a-w- c:\documents and settings\Jarr\Application Data\Azureus\plugins\azump\mplayer.exe
2010-04-04 08:58 . 2007-10-30 01:32 70392 ----a-w- c:\documents and settings\Jarr\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-03 19:01 . 2010-04-03 19:01 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-04-03 18:58 . 2005-09-28 16:39 -------- d-----w- c:\program files\Microsoft Works
2010-04-03 02:58 . 2010-04-03 02:58 -------- d-----w- c:\program files\Microsoft Silverlight
2010-04-02 14:23 . 2010-04-02 14:23 20846064 ----a-w- c:\documents and settings\Jarr\Application Data\Real\Update\setup3.10\rp\RealPlayerSPGold.exe
2010-04-02 14:23 . 2010-04-02 14:23 8405312 ----a-w- c:\documents and settings\Jarr\Application Data\Real\Update\setup3.10\gtb\GOOGLE_TOOLBAR\GoogleToolbarInstaller.exe
2010-04-02 14:23 . 2010-04-02 14:23 149000 ----a-w- c:\documents and settings\Jarr\Application Data\Real\Update\setup3.10\chr_helper\LaunchHelper.exe
2010-04-02 14:23 . 2010-04-02 14:22 10309448 ----a-w- c:\documents and settings\Jarr\Application Data\Real\Update\setup3.10\chr\ChromeInstaller.exe
2010-04-02 14:22 . 2010-04-02 14:22 79368 ----a-w- c:\documents and settings\Jarr\Application Data\Real\Update\setup3.10\RUP\vista.exe
2010-04-02 14:22 . 2010-04-02 14:22 64000 ----a-w- c:\documents and settings\Jarr\Application Data\Real\Update\setup3.10\RUP\inst_config\gcapi_dll.dll
2010-04-02 14:22 . 2010-04-02 14:22 52288 ----a-w- c:\documents and settings\Jarr\Application Data\Real\Update\setup3.10\RUP\inst_config\gtapi.dll
2010-04-02 14:22 . 2010-04-02 14:22 50688 ----a-w- c:\documents and settings\Jarr\Application Data\Real\Update\setup3.10\RUP\inst_config\fftbapi.dll
2010-04-02 14:22 . 2010-04-02 14:22 49152 ----a-w- c:\documents and settings\Jarr\Application Data\Real\Update\setup3.10\RUP\inst_config\CarboniteCompatibility.dll
2010-04-02 14:22 . 2010-04-02 14:22 118784 ----a-w- c:\documents and settings\Jarr\Application Data\Real\Update\setup3.10\RUP\inst_config\compat.dll
2010-04-02 06:22 . 2010-04-02 06:22 439816 ----a-w- c:\documents and settings\Jarr\Application Data\Real\Update\setup3.10\setup.exe
2010-03-25 23:27 . 2010-03-25 23:27 152576 ----a-w- c:\documents and settings\Jarr\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-03-25 23:27 . 2010-03-25 23:27 79488 ----a-w- c:\documents and settings\Jarr\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-03-10 06:15 . 2004-08-19 20:49 420352 ----a-w- c:\windows\system32\vbscript.dll
2008-02-17 05:33 . 2008-02-17 05:33 774144 -c--a-w- c:\program files\RngInterstitial.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-08-22 94208]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 339968]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"Dell Photo AIO Printer 942"="c:\program files\Dell Photo AIO Printer 942\dlbubmgr.exe" [2005-04-28 294912]
"DellMCM"="c:\program files\Dell Photo AIO Printer 942\memcard.exe" [2004-07-27 262144]
"DLBUCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLBUtime.dll" [2004-11-10 69632]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]
"ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-04-11 202256]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

c:\documents and settings\Jarr\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2010-3-27 0]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 806912]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [1/6/2009 3:31 AM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1/6/2009 3:31 AM 20560]
S0 gugre;gugre;c:\windows\system32\drivers\oauhjfq.sys --> c:\windows\system32\drivers\oauhjfq.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 5:49 AM 227232]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2/18/2009 8:12 PM 717296]
.
Contents of the 'Scheduled Tasks' folder

2010-05-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2010-05-31 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-624974805-3402187148-1052777800-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 05:09]

2010-05-31 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-624974805-3402187148-1052777800-1008.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 05:09]

2010-05-30 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-624974805-3402187148-1052777800-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 05:09]

2010-05-26 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-624974805-3402187148-1052777800-1008.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 05:09]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mWindow Title = Windows Internet Explorer provided by Comcast
mSearch Bar = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyServer = http=127.0.0.1:5555
IE: &AIM Toolbar Search
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
DPF: {42D06124-98A2-47EC-8098-3778B58CE7D5} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\Jarr\Application Data\Mozilla\Firefox\Profiles\ap2wdtov.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nphssb.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

BHO-{76B682FE-3229-42C0-A73C-92E1D8B6A850} - (no file)
BHO-{97FA8DA8-AEF3-49AF-BE7A-60AF509EC473} - (no file)
BHO-{DB35C569-5624-4CFC-8043-E5139F55A073} - (no file)
HKU-Default-Run-msiexec.exe - msiconf.exe
HKLM-Explorer_Run-XCQIlG2vLd - c:\documents and settings\All Users\Application Data\alqnobmr\yrmlcryt.exe
Notify-vtUklkJY - (no file)
AddRemove-B3EE3001-DC24-4cd1-8743-5692C716659F - c:\program files\EnglishOtto\uninstallotto.exe
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-05-31 12:51
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLBUCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLBUtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, [You must be registered and logged in to see this link.]

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x89E6CD01]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf763bf28
\Driver\ACPI -> ACPI.sys @ 0xf75aecb8
\Driver\atapi -> atapi.sys @ 0xf74a0852
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805e710a
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805e710a
NDIS: -> SendCompleteHandler -> 0x0
PacketIndicateHandler -> 0x0
SendHandler -> 0x0
user & kernel MBR OK

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(684)
c:\windows\system32\WININET.dll

- - - - - - - > 'lsass.exe'(744)
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(3948)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
c:\program files\Comcast\Desktop Doctor\bin\sprtsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\stsystra.exe
c:\windows\eHome\ehmsas.exe
c:\windows\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-05-31 13:00:01 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-31 19:59

Pre-Run: 12,207,042,560 bytes free
Post-Run: 13,909,209,088 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

- - End Of File - - A2EADDA1E8D48BF40B948736D2212BA8

jarrettdelorenzo
Novice
Novice

Status :
Online
Offline

Posts : 26
Joined : 2010-05-23
OS : Windows XP

View user profile

Back to top Go down

Re: Antispyware Soft - unable to remove

Post by Belahzur on Mon May 31, 2010 11:41 pm

Hello.


  • Download [You must be registered and logged in to see this link.] and save it to your Desktop.
  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v

  • If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
  • When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Antispyware Soft - unable to remove

Post by jarrettdelorenzo on Tue Jun 01, 2010 1:04 am

I did as you said...but when I went to "Run", copy and pasted the address provided...it says "Windows cannot find (C:\Documents and Settings\Jarr\Desktop\TDSSKiller.exe". Make sure you typed the name correct, and then try again. To search for a file, click the Start button, and then click Search."

The .exe and the notepad file are extracted on my desktop.

Not sure if this helps at all, but I went to the TDSSKiller Properties and it says the location is..."C:\restore\Jarr\Desktop".

jarrettdelorenzo
Novice
Novice

Status :
Online
Offline

Posts : 26
Joined : 2010-05-23
OS : Windows XP

View user profile

Back to top Go down

Re: Antispyware Soft - unable to remove

Post by Belahzur on Tue Jun 01, 2010 8:38 pm

Hello.

Download the GMER rootkit scan from here: [You must be registered and logged in to see this link.]

  1. Unzip it and start GMER.
  2. Click the >>> tab and then click the Scan button.
  3. Once done, click the Copy button.
  4. This will copy the results to your clipboard.
  5. Paste the results in your next reply.
Note:
If you're having problems with running GMER.exe, try it in safe mode. This tools works in safe mode.
You can also try renaming it since some malware blocks GMER.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Antispyware Soft - unable to remove

Post by jarrettdelorenzo on Wed Jun 02, 2010 2:54 am

GMER 1.0.15.15281 - [You must be registered and logged in to see this link.]
Rootkit scan 2010-06-01 19:54:02
Windows 5.1.2600 Service Pack 3
Running: 6zmh8sji.exe; Driver: C:\DOCUME~1\Jarr\LOCALS~1\Temp\afdoapoc.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xB74FE6B8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xB74FE574]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xB74FEA52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xB74FE14C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xB74FE64E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xB74FE08C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xB74FE0F0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xB74FE76E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xB74FE72E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xB74FE8AE]

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!ZwYieldExecution + 17A 804E49D4 4 Bytes JMP D747B74F
.text ntoskrnl.exe!ZwYieldExecution + 452 804E4CAC 4 Bytes CALL A4660400
init C:\WINDOWS\system32\DRIVERS\mohfilt.sys entry point in "init" section [0xF77FA760]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\Explorer.EXE[560] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B7000A
.text C:\WINDOWS\Explorer.EXE[560] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00C1000A
.text C:\WINDOWS\Explorer.EXE[560] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B6000C
.text C:\WINDOWS\system32\svchost.exe[1356] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 009A000A
.text C:\WINDOWS\system32\svchost.exe[1356] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 009B000A
.text C:\WINDOWS\system32\svchost.exe[1356] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0099000C
.text C:\WINDOWS\system32\svchost.exe[1356] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 0198000A
.text C:\WINDOWS\system32\svchost.exe[1356] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 00ED000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3728] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0139000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3728] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 013A000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3728] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0138000C

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[732] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003B0002
IAT C:\WINDOWS\system32\services.exe[732] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003B0000

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \FileSystem\Fastfat \Fat B2701D20
Device \FileSystem\Fastfat \Fat B26FE7B4

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x16 0x46 0x20 0xAF ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x16 0x46 0x20 0xAF ...

---- EOF - GMER 1.0.15 ----

jarrettdelorenzo
Novice
Novice

Status :
Online
Offline

Posts : 26
Joined : 2010-05-23
OS : Windows XP

View user profile

Back to top Go down

Re: Antispyware Soft - unable to remove

Post by Belahzur on Wed Jun 02, 2010 8:06 pm

Hello.

Submit a file for analysis.

  1. Please visit this website: [You must be registered and logged in to see this link.]
  2. Press the "Browse" button and locate the following file in bold:
    C:\WINDOWS\system32\driver\mohfilt.sys
  3. Press the "Submit File button to submit the file for analysis.
  4. Allow it to be scanned, it could take a few minutes depending on server load.
  5. Copy and paste the result back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Antispyware Soft - unable to remove

Post by jarrettdelorenzo on Wed Jun 02, 2010 10:24 pm

Filename: mohfilt.sys
Status:
Scan finished. 0 out of 19 scanners reported malware.
Scan taken on: Thu 3 Jun 2010 00:23:14 (CET) Permalink

jarrettdelorenzo
Novice
Novice

Status :
Online
Offline

Posts : 26
Joined : 2010-05-23
OS : Windows XP

View user profile

Back to top Go down

Re: Antispyware Soft - unable to remove

Post by Belahzur on Thu Jun 03, 2010 9:47 pm

Hello.

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:
    Code:

    DDS::
    uInternet Settings,ProxyServer = http=127.0.0.1:5555

  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Antispyware Soft - unable to remove

Post by jarrettdelorenzo on Thu Jun 03, 2010 11:01 pm

ComboFix 10-06-03.01 - Jarr 06/03/2010 15:40:28.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1534.1051 [GMT -7:00]
Running from: c:\restore\Jarr\Desktop\Combo-Fix.exe
Command switches used :: c:\restore\Jarr\Desktop\CFscript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((( Files Created from 2010-05-03 to 2010-06-03 )))))))))))))))))))))))))))))))
.

2010-06-02 22:41 . 2010-06-02 22:41 -------- d-----w- c:\program files\TuneUpMedia
2010-06-02 22:40 . 2010-06-02 22:40 -------- d-----w- c:\documents and settings\Jarr\Application Data\TuneUpMedia
2010-06-02 22:40 . 2010-06-02 22:41 -------- dc----w- c:\documents and settings\All Users\Application Data\TuneUpMedia
2010-06-02 03:17 . 2010-06-02 03:17 -------- dc----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-06-01 00:55 . 2010-06-01 00:55 -------- dc----w- C:\Jarr
2010-06-01 00:52 . 2010-06-01 00:52 52432 ----a-w- c:\windows\system32\drivers\klmd.sys
2010-05-31 19:00 . 2010-05-31 20:00 -------- dc----w- C:\Combo-Fix
2010-05-29 23:59 . 2010-05-29 23:59 388096 ----a-r- c:\documents and settings\Jarr\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-05-29 23:59 . 2010-05-29 23:59 -------- d-----w- c:\program files\TrendMicro
2010-05-29 23:56 . 2010-05-29 23:56 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
2010-05-26 01:12 . 2010-05-26 01:12 -------- d-----w- c:\program files\ESET
2010-05-26 01:02 . 2010-05-26 01:02 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-05-26 01:02 . 2010-05-26 01:02 -------- dc----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2010-05-26 01:02 . 2010-05-26 01:02 -------- dc----w- c:\documents and settings\All Users\Application Data\McAfee
2010-05-26 01:02 . 2010-05-29 22:52 -------- d-----w- c:\program files\McAfee Security Scan
2010-05-26 01:02 . 2010-05-26 01:02 86016 -c--a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2010-05-26 01:01 . 2010-05-26 22:28 -------- dc----w- c:\documents and settings\All Users\Application Data\NOS
2010-05-26 01:00 . 2010-05-26 01:00 503808 ----a-w- c:\documents and settings\Jarr\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-27c61ba7-n\msvcp71.dll
2010-05-26 01:00 . 2010-05-26 01:00 499712 ----a-w- c:\documents and settings\Jarr\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-27c61ba7-n\jmc.dll
2010-05-26 01:00 . 2010-05-26 01:00 348160 ----a-w- c:\documents and settings\Jarr\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-27c61ba7-n\msvcr71.dll
2010-05-26 01:00 . 2010-05-26 01:00 61440 ----a-w- c:\documents and settings\Jarr\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-4b39493b-n\decora-sse.dll
2010-05-26 01:00 . 2010-05-26 01:00 12800 ----a-w- c:\documents and settings\Jarr\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-4b39493b-n\decora-d3d.dll
2010-05-26 01:00 . 2010-05-26 01:00 -------- d-----w- c:\program files\Common Files\Java
2010-05-26 01:00 . 2010-05-26 00:59 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-25 01:52 . 2010-05-25 01:52 -------- dc----w- C:\_OTL
2010-05-23 17:23 . 2010-05-23 17:23 -------- d-----w- c:\documents and settings\Brenda\Application Data\Malwarebytes
2010-05-23 16:29 . 2010-05-26 00:05 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-22 21:51 . 2010-05-22 21:51 -------- dcsh--w- c:\documents and settings\Administrator\PrivacIE
2010-05-22 21:32 . 2010-05-22 21:32 -------- dc----w- c:\documents and settings\Administrator\Local Settings\Application Data\BVRP Software
2010-05-22 02:35 . 2010-05-22 02:35 -------- dc----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-05-22 02:34 . 2010-05-22 02:34 -------- dcsh--w- c:\documents and settings\Administrator\IETldCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-03 22:21 . 2009-02-14 03:03 -------- d-----w- c:\documents and settings\Jarr\Application Data\Azureus
2010-06-02 22:41 . 2009-08-31 22:35 -------- d-----w- c:\program files\iTunes
2010-06-02 22:39 . 2009-02-14 03:03 -------- d-----w- c:\program files\Vuze
2010-06-02 22:26 . 2009-01-06 10:31 -------- d-----w- c:\program files\Alwil Software
2010-06-01 03:33 . 2009-06-01 07:07 -------- d-----w- c:\documents and settings\Jarr\Application Data\Vso
2010-05-26 01:04 . 2007-11-24 20:15 -------- d-----w- c:\program files\Common Files\Adobe
2010-05-25 23:56 . 2005-09-28 16:51 -------- dc----w- c:\documents and settings\All Users\Application Data\Viewpoint
2010-05-25 23:56 . 2005-09-28 16:32 -------- d-----w- c:\program files\Java
2010-05-23 17:43 . 2009-01-08 09:49 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-05-23 17:24 . 2009-01-10 03:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-22 02:32 . 2010-03-31 10:17 660712 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-05-06 20:59 . 2009-01-06 10:31 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-05-06 20:59 . 2009-01-06 10:31 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-05-06 20:39 . 2009-01-06 10:31 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-05-06 20:39 . 2009-01-06 10:31 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-05-06 20:34 . 2009-01-06 10:31 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-05-06 20:33 . 2009-01-06 10:31 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-05-06 20:33 . 2009-01-06 10:31 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-05-06 20:33 . 2009-01-06 10:31 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-05-06 20:33 . 2009-01-06 10:31 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-05-01 00:55 . 2008-06-08 06:51 -------- d-----w- c:\documents and settings\Jarr\Application Data\Yahoo!
2010-05-01 00:55 . 2008-06-07 16:50 -------- dc----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-05-01 00:54 . 2005-09-28 16:38 -------- d-----w- c:\program files\CyberLink
2010-05-01 00:49 . 2008-06-12 03:48 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-05-01 00:48 . 2008-06-12 03:40 -------- dc----w- c:\documents and settings\All Users\Application Data\Logishrd
2010-05-01 00:46 . 2008-06-07 16:50 -------- d-----w- c:\program files\Yahoo!
2010-04-29 22:39 . 2009-01-10 03:32 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 22:39 . 2009-01-10 03:32 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-17 18:00 . 2009-04-23 22:48 4141117 ----a-w- c:\documents and settings\Jarr\Application Data\Azureus\plugins\vuzexcode\mediainfo.exe
2010-04-17 18:00 . 2010-04-17 18:00 7282688 ----a-w- c:\documents and settings\Jarr\Application Data\Azureus\plugins\vuzexcode\ffmpeg.exe
2010-04-16 10:07 . 2008-06-12 03:47 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2010-04-14 00:38 . 2010-04-14 00:38 249856 ------w- c:\windows\Setup1.exe
2010-04-14 00:38 . 2010-04-14 00:38 73216 ----a-w- c:\windows\ST6UNST.EXE
2010-04-11 19:27 . 2009-06-01 07:07 47360 ----a-w- c:\documents and settings\Jarr\Application Data\pcouffin.sys
2010-04-11 19:27 . 2009-06-01 07:07 47360 ----a-w- c:\documents and settings\Jarr\Application Data\pcouffin.sys
2010-04-11 04:16 . 2010-04-11 04:16 45056 -c--a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-04-11 04:16 . 2010-04-11 04:16 45056 -c--a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-04-11 04:16 . 2010-04-11 04:16 45056 -c--a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-04-11 04:16 . 2010-04-11 04:16 49152 -c--a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-04-11 04:16 . 2010-04-11 04:16 45056 -c--a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-04-11 04:16 . 2010-04-11 04:16 308808 -c--a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-04-11 04:16 . 2010-04-11 04:16 14848 -c--a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
2010-04-11 04:16 . 2010-04-11 04:16 40960 -c--a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-04-11 04:16 . 2010-04-11 04:16 341600 -c--a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-04-11 04:16 . 2005-09-28 16:50 -------- d-----w- c:\program files\Common Files\Real
2010-04-11 04:16 . 2005-09-28 16:50 -------- d-----w- c:\program files\Real
2010-04-11 04:16 . 2010-04-11 04:16 -------- d-----w- c:\program files\Common Files\xing shared
2010-04-11 03:53 . 2009-02-24 20:24 10686001 ----a-w- c:\documents and settings\Jarr\Application Data\Azureus\plugins\azump\mplayer.exe
2010-04-04 08:58 . 2007-10-30 01:32 70392 ----a-w- c:\documents and settings\Jarr\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-02 14:23 . 2010-04-02 14:23 20846064 ----a-w- c:\documents and settings\Jarr\Application Data\Real\Update\setup3.10\rp\RealPlayerSPGold.exe
2010-04-02 14:23 . 2010-04-02 14:23 8405312 ----a-w- c:\documents and settings\Jarr\Application Data\Real\Update\setup3.10\gtb\GOOGLE_TOOLBAR\GoogleToolbarInstaller.exe
2010-04-02 14:23 . 2010-04-02 14:23 149000 ----a-w- c:\documents and settings\Jarr\Application Data\Real\Update\setup3.10\chr_helper\LaunchHelper.exe
2010-04-02 14:23 . 2010-04-02 14:22 10309448 ----a-w- c:\documents and settings\Jarr\Application Data\Real\Update\setup3.10\chr\ChromeInstaller.exe
2010-04-02 14:22 . 2010-04-02 14:22 79368 ----a-w- c:\documents and settings\Jarr\Application Data\Real\Update\setup3.10\RUP\vista.exe
2010-04-02 14:22 . 2010-04-02 14:22 64000 ----a-w- c:\documents and settings\Jarr\Application Data\Real\Update\setup3.10\RUP\inst_config\gcapi_dll.dll
2010-04-02 14:22 . 2010-04-02 14:22 52288 ----a-w- c:\documents and settings\Jarr\Application Data\Real\Update\setup3.10\RUP\inst_config\gtapi.dll
2010-04-02 14:22 . 2010-04-02 14:22 50688 ----a-w- c:\documents and settings\Jarr\Application Data\Real\Update\setup3.10\RUP\inst_config\fftbapi.dll
2010-04-02 14:22 . 2010-04-02 14:22 49152 ----a-w- c:\documents and settings\Jarr\Application Data\Real\Update\setup3.10\RUP\inst_config\CarboniteCompatibility.dll
2010-04-02 14:22 . 2010-04-02 14:22 118784 ----a-w- c:\documents and settings\Jarr\Application Data\Real\Update\setup3.10\RUP\inst_config\compat.dll
2010-04-02 06:22 . 2010-04-02 06:22 439816 ----a-w- c:\documents and settings\Jarr\Application Data\Real\Update\setup3.10\setup.exe
2010-03-25 23:27 . 2010-03-25 23:27 152576 ----a-w- c:\documents and settings\Jarr\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-03-25 23:27 . 2010-03-25 23:27 79488 ----a-w- c:\documents and settings\Jarr\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-03-10 06:15 . 2004-08-19 20:49 420352 ----a-w- c:\windows\system32\vbscript.dll
2008-02-17 05:33 . 2008-02-17 05:33 774144 -c--a-w- c:\program files\RngInterstitial.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-08-22 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 339968]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"Dell Photo AIO Printer 942"="c:\program files\Dell Photo AIO Printer 942\dlbubmgr.exe" [2005-04-28 294912]
"DellMCM"="c:\program files\Dell Photo AIO Printer 942\memcard.exe" [2004-07-27 262144]
"DLBUCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLBUtime.dll" [2004-11-10 69632]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]
"ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-04-11 202256]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]

c:\documents and settings\Jarr\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2010-3-27 0]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 806912]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtUklkJY]
[BU]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [1/6/2009 3:31 AM 164048]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1/6/2009 3:31 AM 19024]
S0 gugre;gugre;c:\windows\system32\drivers\oauhjfq.sys --> c:\windows\system32\drivers\oauhjfq.sys [?]
S3 klmd23;klmd23;c:\windows\system32\drivers\klmd.sys [5/31/2010 5:52 PM 52432]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 5:49 AM 227232]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2/18/2009 8:12 PM 717296]
.
Contents of the 'Scheduled Tasks' folder

2010-05-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2010-06-03 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-624974805-3402187148-1052777800-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 05:09]

2010-06-03 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-624974805-3402187148-1052777800-1008.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 05:09]

2010-05-30 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-624974805-3402187148-1052777800-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 05:09]

2010-06-01 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-624974805-3402187148-1052777800-1008.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 05:09]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mWindow Title = Windows Internet Explorer provided by Comcast
mSearch Bar = [You must be registered and logged in to see this link.]
IE: &AIM Toolbar Search
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
DPF: {42D06124-98A2-47EC-8098-3778B58CE7D5} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\Jarr\Application Data\Mozilla\Firefox\Profiles\ap2wdtov.default\
FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nphssb.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

BHO-{76B682FE-3229-42C0-A73C-92E1D8B6A850} - (no file)
BHO-{97FA8DA8-AEF3-49AF-BE7A-60AF509EC473} - (no file)
BHO-{DB35C569-5624-4CFC-8043-E5139F55A073} - (no file)
SafeBoot-klmd23.sys



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-06-03 15:50
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLBUCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLBUtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, [You must be registered and logged in to see this link.]

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys >>UNKNOWN [0x899E0D01]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf763bf28
\Driver\ACPI -> ACPI.sys @ 0xf75aecb8
\Driver\atapi -> atapi.sys @ 0xf74a0852
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805e710a
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805e710a
NDIS: -> SendCompleteHandler -> 0x0
PacketIndicateHandler -> 0x0
SendHandler -> 0x0
user & kernel MBR OK

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(688)
c:\windows\system32\WININET.dll

- - - - - - - > 'lsass.exe'(748)
c:\windows\system32\WININET.dll
.
Completion time: 2010-06-03 15:55:43
ComboFix-quarantined-files.txt 2010-06-03 22:55
ComboFix2.txt 2010-05-31 20:00

Pre-Run: 3,095,965,696 bytes free
Post-Run: 3,142,852,608 bytes free

- - End Of File - - 36D2741D2232B19F52BC4F682B678D18

jarrettdelorenzo
Novice
Novice

Status :
Online
Offline

Posts : 26
Joined : 2010-05-23
OS : Windows XP

View user profile

Back to top Go down

Re: Antispyware Soft - unable to remove

Post by Belahzur on Fri Jun 04, 2010 9:20 pm

Hello.

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:
    Code:

    Registry::
    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoSetActiveDesktop"=-
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtUklkJY]

    Driver::
    gugre

    Rootkit::
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Antispyware Soft - unable to remove

Post by jarrettdelorenzo on Sun Jun 06, 2010 6:11 am

ComboFix 10-06-05.01 - Jarr 06/05/2010 22:17:45.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1534.1154 [GMT -7:00]
Running from: c:\restore\Jarr\Desktop\Combo-Fix.exe
Command switches used :: c:\restore\Jarr\Desktop\CFscript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_gugre


((((((((((((((((((((((((( Files Created from 2010-05-06 to 2010-06-06 )))))))))))))))))))))))))))))))
.

2010-06-02 22:41 . 2010-06-02 22:41 -------- d-----w- c:\program files\TuneUpMedia
2010-06-02 22:40 . 2010-06-02 22:40 -------- d-----w- c:\documents and settings\Jarr\Application Data\TuneUpMedia
2010-06-02 22:40 . 2010-06-02 22:41 -------- dc----w- c:\documents and settings\All Users\Application Data\TuneUpMedia
2010-06-02 03:17 . 2010-06-02 03:17 -------- dc----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-06-01 00:55 . 2010-06-01 00:55 -------- dc----w- C:\Jarr
2010-06-01 00:52 . 2010-06-01 00:52 52432 ----a-w- c:\windows\system32\drivers\klmd.sys
2010-05-31 19:00 . 2010-05-31 20:00 -------- dc----w- C:\Combo-Fix
2010-05-29 23:59 . 2010-05-29 23:59 -------- d-----w- c:\program files\TrendMicro
2010-05-29 23:56 . 2010-05-29 23:56 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
2010-05-26 01:12 . 2010-05-26 01:12 -------- d-----w- c:\program files\ESET
2010-05-26 01:02 . 2010-05-26 01:02 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-05-26 01:02 . 2010-05-26 01:02 -------- dc----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2010-05-26 01:02 . 2010-05-26 01:02 -------- dc----w- c:\documents and settings\All Users\Application Data\McAfee
2010-05-26 01:02 . 2010-05-29 22:52 -------- d-----w- c:\program files\McAfee Security Scan
2010-05-26 01:01 . 2010-05-26 22:28 -------- dc----w- c:\documents and settings\All Users\Application Data\NOS
2010-05-26 01:00 . 2010-05-26 01:00 -------- d-----w- c:\program files\Common Files\Java
2010-05-26 01:00 . 2010-05-26 00:59 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-25 01:52 . 2010-05-25 01:52 -------- dc----w- C:\_OTL
2010-05-23 17:23 . 2010-05-23 17:23 -------- d-----w- c:\documents and settings\Brenda\Application Data\Malwarebytes
2010-05-23 16:29 . 2010-05-26 00:05 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-22 21:51 . 2010-05-22 21:51 -------- dcsh--w- c:\documents and settings\Administrator\PrivacIE
2010-05-22 21:32 . 2010-05-22 21:32 -------- dc----w- c:\documents and settings\Administrator\Local Settings\Application Data\BVRP Software
2010-05-22 02:35 . 2010-05-22 02:35 -------- dc----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-05-22 02:34 . 2010-05-22 02:34 -------- dcsh--w- c:\documents and settings\Administrator\IETldCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-06 04:24 . 2009-06-01 07:07 -------- d-----w- c:\documents and settings\Jarr\Application Data\Vso
2010-06-03 22:21 . 2009-02-14 03:03 -------- d-----w- c:\documents and settings\Jarr\Application Data\Azureus
2010-06-02 22:41 . 2009-08-31 22:35 -------- d-----w- c:\program files\iTunes
2010-06-02 22:39 . 2009-02-14 03:03 -------- d-----w- c:\program files\Vuze
2010-06-02 22:26 . 2009-01-06 10:31 -------- d-----w- c:\program files\Alwil Software
2010-05-29 23:59 . 2010-05-29 23:59 388096 ----a-r- c:\documents and settings\Jarr\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-05-26 01:04 . 2007-11-24 20:15 -------- d-----w- c:\program files\Common Files\Adobe
2010-05-26 01:02 . 2010-05-26 01:02 86016 -c--a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2010-05-26 01:00 . 2010-05-26 01:00 503808 ----a-w- c:\documents and settings\Jarr\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-27c61ba7-n\msvcp71.dll
2010-05-26 01:00 . 2010-05-26 01:00 499712 ----a-w- c:\documents and settings\Jarr\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-27c61ba7-n\jmc.dll
2010-05-26 01:00 . 2010-05-26 01:00 348160 ----a-w- c:\documents and settings\Jarr\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-27c61ba7-n\msvcr71.dll
2010-05-26 01:00 . 2010-05-26 01:00 61440 ----a-w- c:\documents and settings\Jarr\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-4b39493b-n\decora-sse.dll
2010-05-26 01:00 . 2010-05-26 01:00 12800 ----a-w- c:\documents and settings\Jarr\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-4b39493b-n\decora-d3d.dll
2010-05-25 23:56 . 2005-09-28 16:51 -------- dc----w- c:\documents and settings\All Users\Application Data\Viewpoint
2010-05-25 23:56 . 2005-09-28 16:32 -------- d-----w- c:\program files\Java
2010-05-23 17:43 . 2009-01-08 09:49 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-05-23 17:24 . 2009-01-10 03:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-22 02:32 . 2010-03-31 10:17 660712 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-05-06 20:59 . 2009-01-06 10:31 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-05-06 20:59 . 2009-01-06 10:31 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-05-06 20:39 . 2009-01-06 10:31 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-05-06 20:39 . 2009-01-06 10:31 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-05-06 20:34 . 2009-01-06 10:31 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-05-06 20:33 . 2009-01-06 10:31 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-05-06 20:33 . 2009-01-06 10:31 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-05-06 20:33 . 2009-01-06 10:31 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-05-06 20:33 . 2009-01-06 10:31 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-05-01 00:55 . 2008-06-08 06:51 -------- d-----w- c:\documents and settings\Jarr\Application Data\Yahoo!
2010-05-01 00:55 . 2008-06-07 16:50 -------- dc----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-05-01 00:54 . 2005-09-28 16:38 -------- d-----w- c:\program files\CyberLink
2010-05-01 00:49 . 2008-06-12 03:48 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-05-01 00:48 . 2008-06-12 03:40 -------- dc----w- c:\documents and settings\All Users\Application Data\Logishrd
2010-05-01 00:46 . 2008-06-07 16:50 -------- d-----w- c:\program files\Yahoo!
2010-04-29 22:39 . 2009-01-10 03:32 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 22:39 . 2009-01-10 03:32 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-17 18:00 . 2009-04-23 22:48 4141117 ----a-w- c:\documents and settings\Jarr\Application Data\Azureus\plugins\vuzexcode\mediainfo.exe
2010-04-17 18:00 . 2010-04-17 18:00 7282688 ----a-w- c:\documents and settings\Jarr\Application Data\Azureus\plugins\vuzexcode\ffmpeg.exe
2010-04-16 10:07 . 2008-06-12 03:47 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2010-04-14 00:38 . 2010-04-14 00:38 249856 ------w- c:\windows\Setup1.exe
2010-04-14 00:38 . 2010-04-14 00:38 73216 ----a-w- c:\windows\ST6UNST.EXE
2010-04-11 19:27 . 2009-06-01 07:07 47360 ----a-w- c:\documents and settings\Jarr\Application Data\pcouffin.sys
2010-04-11 19:27 . 2009-06-01 07:07 47360 ----a-w- c:\documents and settings\Jarr\Application Data\pcouffin.sys
2010-04-11 04:16 . 2010-04-11 04:16 45056 -c--a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-04-11 04:16 . 2010-04-11 04:16 45056 -c--a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-04-11 04:16 . 2010-04-11 04:16 45056 -c--a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-04-11 04:16 . 2010-04-11 04:16 49152 -c--a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-04-11 04:16 . 2010-04-11 04:16 45056 -c--a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-04-11 04:16 . 2010-04-11 04:16 308808 -c--a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-04-11 04:16 . 2010-04-11 04:16 14848 -c--a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
2010-04-11 04:16 . 2010-04-11 04:16 40960 -c--a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-04-11 04:16 . 2010-04-11 04:16 341600 -c--a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-04-11 04:16 . 2005-09-28 16:50 -------- d-----w- c:\program files\Common Files\Real
2010-04-11 04:16 . 2005-09-28 16:50 -------- d-----w- c:\program files\Real
2010-04-11 04:16 . 2010-04-11 04:16 -------- d-----w- c:\program files\Common Files\xing shared
2010-04-11 03:53 . 2009-02-24 20:24 10686001 ----a-w- c:\documents and settings\Jarr\Application Data\Azureus\plugins\azump\mplayer.exe
2010-04-04 08:58 . 2007-10-30 01:32 70392 ----a-w- c:\documents and settings\Jarr\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-02 14:23 . 2010-04-02 14:23 20846064 ----a-w- c:\documents and settings\Jarr\Application Data\Real\Update\setup3.10\rp\RealPlayerSPGold.exe
2010-04-02 14:23 . 2010-04-02 14:23 8405312 ----a-w- c:\documents and settings\Jarr\Application Data\Real\Update\setup3.10\gtb\GOOGLE_TOOLBAR\GoogleToolbarInstaller.exe
2010-04-02 14:23 . 2010-04-02 14:23 149000 ----a-w- c:\documents and settings\Jarr\Application Data\Real\Update\setup3.10\chr_helper\LaunchHelper.exe
2010-04-02 14:23 . 2010-04-02 14:22 10309448 ----a-w- c:\documents and settings\Jarr\Application Data\Real\Update\setup3.10\chr\ChromeInstaller.exe
2010-04-02 14:22 . 2010-04-02 14:22 79368 ----a-w- c:\documents and settings\Jarr\Application Data\Real\Update\setup3.10\RUP\vista.exe
2010-04-02 14:22 . 2010-04-02 14:22 64000 ----a-w- c:\documents and settings\Jarr\Application Data\Real\Update\setup3.10\RUP\inst_config\gcapi_dll.dll
2010-04-02 14:22 . 2010-04-02 14:22 52288 ----a-w- c:\documents and settings\Jarr\Application Data\Real\Update\setup3.10\RUP\inst_config\gtapi.dll
2010-04-02 14:22 . 2010-04-02 14:22 50688 ----a-w- c:\documents and settings\Jarr\Application Data\Real\Update\setup3.10\RUP\inst_config\fftbapi.dll
2010-04-02 14:22 . 2010-04-02 14:22 49152 ----a-w- c:\documents and settings\Jarr\Application Data\Real\Update\setup3.10\RUP\inst_config\CarboniteCompatibility.dll
2010-04-02 14:22 . 2010-04-02 14:22 118784 ----a-w- c:\documents and settings\Jarr\Application Data\Real\Update\setup3.10\RUP\inst_config\compat.dll
2010-04-02 06:22 . 2010-04-02 06:22 439816 ----a-w- c:\documents and settings\Jarr\Application Data\Real\Update\setup3.10\setup.exe
2010-03-25 23:27 . 2010-03-25 23:27 152576 ----a-w- c:\documents and settings\Jarr\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-03-25 23:27 . 2010-03-25 23:27 79488 ----a-w- c:\documents and settings\Jarr\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-03-10 06:15 . 2004-08-19 20:49 420352 ----a-w- c:\windows\system32\vbscript.dll
2008-02-17 05:33 . 2008-02-17 05:33 774144 -c--a-w- c:\program files\RngInterstitial.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-08-22 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 339968]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"Dell Photo AIO Printer 942"="c:\program files\Dell Photo AIO Printer 942\dlbubmgr.exe" [2005-04-28 294912]
"DellMCM"="c:\program files\Dell Photo AIO Printer 942\memcard.exe" [2004-07-27 262144]
"DLBUCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLBUtime.dll" [2004-11-10 69632]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]
"ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-04-11 202256]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]

c:\documents and settings\Jarr\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2010-3-27 0]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 806912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtUklkJY]
[BU]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\klmd23.sys]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [1/6/2009 3:31 AM 164048]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1/6/2009 3:31 AM 19024]
S3 klmd23;klmd23;c:\windows\system32\drivers\klmd.sys [5/31/2010 5:52 PM 52432]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 5:49 AM 227232]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2/18/2009 8:12 PM 717296]
.
Contents of the 'Scheduled Tasks' folder

2010-06-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2010-06-06 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-624974805-3402187148-1052777800-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 05:09]

2010-06-06 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-624974805-3402187148-1052777800-1008.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 05:09]

2010-05-30 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-624974805-3402187148-1052777800-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 05:09]

2010-06-01 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-624974805-3402187148-1052777800-1008.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 05:09]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mWindow Title = Windows Internet Explorer provided by Comcast
mSearch Bar = [You must be registered and logged in to see this link.]
IE: &AIM Toolbar Search
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
DPF: {42D06124-98A2-47EC-8098-3778B58CE7D5} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\Jarr\Application Data\Mozilla\Firefox\Profiles\ap2wdtov.default\
FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nphssb.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

BHO-{76B682FE-3229-42C0-A73C-92E1D8B6A850} - (no file)
BHO-{97FA8DA8-AEF3-49AF-BE7A-60AF509EC473} - (no file)
BHO-{DB35C569-5624-4CFC-8043-E5139F55A073} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-06-05 22:32
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLBUCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLBUtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, [You must be registered and logged in to see this link.]

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x89CFED01]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf763bf28
\Driver\ACPI -> ACPI.sys @ 0xf75aecb8
\Driver\atapi -> atapi.sys @ 0xf74a0852
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805e710a
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805e710a
NDIS: -> SendCompleteHandler -> 0x0
PacketIndicateHandler -> 0x0
SendHandler -> 0x0
user & kernel MBR OK

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(692)
c:\windows\system32\WININET.dll

- - - - - - - > 'lsass.exe'(752)
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(1940)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
c:\program files\Comcast\Desktop Doctor\bin\sprtsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\stsystra.exe
c:\windows\eHome\ehmsas.exe
c:\windows\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-06-05 22:41:31 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-06 05:41
ComboFix2.txt 2010-06-03 22:55
ComboFix3.txt 2010-05-31 20:00

Pre-Run: 5,322,747,904 bytes free
Post-Run: 5,310,410,752 bytes free

- - End Of File - - 26EE843E38EC7F8E710B6E16C05C8B58

jarrettdelorenzo
Novice
Novice

Status :
Online
Offline

Posts : 26
Joined : 2010-05-23
OS : Windows XP

View user profile

Back to top Go down

Re: Antispyware Soft - unable to remove

Post by Belahzur on Sun Jun 06, 2010 11:56 pm

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Antispyware Soft - unable to remove

Post by jarrettdelorenzo on Tue Jun 08, 2010 1:49 am

Malwarebytes' Anti-Malware 1.46
[You must be registered and logged in to see this link.]

Database version: 4177

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/7/2010 6:26:00 PM
mbam-log-2010-06-07 (18-26-00).txt

Scan type: Quick scan
Objects scanned: 147228
Time elapsed: 11 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

jarrettdelorenzo
Novice
Novice

Status :
Online
Offline

Posts : 26
Joined : 2010-05-23
OS : Windows XP

View user profile

Back to top Go down

Re: Antispyware Soft - unable to remove

Post by Belahzur on Tue Jun 08, 2010 5:02 pm

Hello.
We need to run TDSSKiller.

See this post for instructions:
[You must be registered and logged in to see this link.]

When it comes to running the Run command, try this.

"c:restoreJarrDesktopTDSSKiller.exe" -l C:TDSSKiller.txt -v


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Antispyware Soft - unable to remove

Post by jarrettdelorenzo on Tue Jun 08, 2010 10:26 pm

I did as you said...but when I went to "Run", copy and pasted the address provided...it says "Windows cannot find c:restoreJarrDesktopTDSSKiller.exe. Make sure you typed the name correct, and then try again. To search for a file, click the Start button, and then click Search."

jarrettdelorenzo
Novice
Novice

Status :
Online
Offline

Posts : 26
Joined : 2010-05-23
OS : Windows XP

View user profile

Back to top Go down

Re: Antispyware Soft - unable to remove

Post by Belahzur on Tue Jun 08, 2010 10:53 pm

Grrrr. Forumotion bug causing an error in my scripting.

Nevermind doing the script bit for now, just double click TDSSKiller and run it.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Antispyware Soft - unable to remove

Post by jarrettdelorenzo on Wed Jun 09, 2010 4:30 am

20:34:05:695 2712 TDSS rootkit removing tool 2.3.2.0 May 31 2010 10:39:48
20:34:05:695 2712 ================================================================================
20:34:05:695 2712 SystemInfo:

20:34:05:695 2712 OS Version: 5.1.2600 ServicePack: 3.0
20:34:05:695 2712 Product type: Workstation
20:34:05:695 2712 ComputerName: DFR1NK81
20:34:05:695 2712 UserName: Jarr
20:34:05:695 2712 Windows directory: C:WINDOWS
20:34:05:695 2712 Processor architecture: Intel x86
20:34:05:695 2712 Number of processors: 2
20:34:05:695 2712 Page size: 0x1000
20:34:05:695 2712 Boot type: Normal boot
20:34:05:695 2712 ================================================================================
20:34:06:226 2712 Initialize success
20:34:06:226 2712
20:34:06:226 2712 Scanning Services ...
20:34:07:054 2712 Raw services enum returned 385 services
20:34:07:070 2712
20:34:07:070 2712 Scanning Drivers ...
20:34:08:883 2712 Aavmker4 (a5246ed2586aa807af0bcf63165a71cc) C:WINDOWSsystem32driversAavmker4.sys
20:34:08:961 2712 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:WINDOWSsystem32DRIVERSABP480N5.SYS
20:34:09:054 2712 ACPI (8fd99680a539792a30e97944fdaecf17) C:WINDOWSsystem32DRIVERSACPI.sys
20:34:09:117 2712 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:WINDOWSsystem32driversACPIEC.sys
20:34:09:179 2712 adpu160m (9a11864873da202c996558b2106b0bbc) C:WINDOWSsystem32DRIVERSadpu160m.sys
20:34:09:242 2712 aec (8bed39e3c35d6a489438b8141717a557) C:WINDOWSsystem32driversaec.sys
20:34:09:414 2712 AFD (7e775010ef291da96ad17ca4b17137d7) C:WINDOWSSystem32driversafd.sys
20:34:09:539 2712 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:WINDOWSsystem32DRIVERSagp440.sys
20:34:09:633 2712 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:WINDOWSsystem32DRIVERSagpCPQ.sys
20:34:09:695 2712 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:WINDOWSsystem32DRIVERSaha154x.sys
20:34:09:758 2712 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:WINDOWSsystem32DRIVERSaic78u2.sys
20:34:09:820 2712 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:WINDOWSsystem32DRIVERSaic78xx.sys
20:34:09:914 2712 AliIde (1140ab9938809700b46bb88e46d72a96) C:WINDOWSsystem32DRIVERSaliide.sys
20:34:10:008 2712 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:WINDOWSsystem32DRIVERSalim1541.sys
20:34:10:179 2712 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:WINDOWSsystem32DRIVERSamdagp.sys
20:34:10:273 2712 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:WINDOWSsystem32DRIVERSamsint.sys
20:34:10:351 2712 asc (62d318e9a0c8fc9b780008e724283707) C:WINDOWSsystem32DRIVERSasc.sys
20:34:10:461 2712 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:WINDOWSsystem32DRIVERSasc3350p.sys
20:34:10:523 2712 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:WINDOWSsystem32DRIVERSasc3550.sys
20:34:10:617 2712 aswFsBlk (1b6ed99291ddf5d2501554cc5757aab6) C:WINDOWSsystem32driversaswFsBlk.sys
20:34:10:695 2712 aswMon2 (81432b1a4b31036c822eb967decf613c) C:WINDOWSsystem32driversaswMon2.sys
20:34:10:914 2712 aswRdr (3e2b6112d2766f87eda8466fde86a986) C:WINDOWSsystem32driversaswRdr.sys
20:34:11:476 2712 aswSP (d78b644816db540e103d0b0766fd9967) C:WINDOWSsystem32driversaswSP.sys
20:34:11:851 2712 aswTdi (606d731008d98b6ef946730c597c1642) C:WINDOWSsystem32driversaswTdi.sys
20:34:12:039 2712 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:WINDOWSsystem32DRIVERSasyncmac.sys
20:34:12:195 2712 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:WINDOWSsystem32DRIVERSatapi.sys
20:34:12:461 2712 ati2mtag (5b9320783e76a46ef97734f113a82ad8) C:WINDOWSsystem32DRIVERSati2mtag.sys
20:34:12:789 2712 Atmarpc (9916c1225104ba14794209cfa8012159) C:WINDOWSsystem32DRIVERSatmarpc.sys
20:34:12:929 2712 audstub (d9f724aa26c010a217c97606b160ed68) C:WINDOWSsystem32DRIVERSaudstub.sys
20:34:12:961 2712 Beep (da1f27d85e0d1525f6621372e7b685e9) C:WINDOWSsystem32driversBeep.sys
20:34:13:023 2712 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:WINDOWSsystem32DRIVERScbidf2k.sys
20:34:13:070 2712 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:WINDOWSsystem32driverscbidf2k.sys
20:34:13:117 2712 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:WINDOWSsystem32DRIVERSCCDECODE.sys
20:34:13:211 2712 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:WINDOWSsystem32DRIVERScd20xrnt.sys
20:34:13:273 2712 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:WINDOWSsystem32driversCdaudio.sys
20:34:13:429 2712 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:WINDOWSsystem32driversCdfs.sys
20:34:13:554 2712 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:WINDOWSsystem32DRIVERScdrom.sys
20:34:13:789 2712 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:WINDOWSsystem32DRIVERScmdide.sys
20:34:13:961 2712 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:WINDOWSsystem32DRIVERScpqarray.sys
20:34:14:070 2712 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:WINDOWSsystem32DRIVERSdac2w2k.sys
20:34:14:164 2712 dac960nt (683789caa3864eb46125ae86ff677d34) C:WINDOWSsystem32DRIVERSdac960nt.sys
20:34:14:304 2712 Disk (044452051f3e02e7963599fc8f4f3e25) C:WINDOWSsystem32DRIVERSdisk.sys
20:34:14:586 2712 dmboot (d992fe1274bde0f84ad826acae022a41) C:WINDOWSsystem32driversdmboot.sys
20:34:14:883 2712 dmio (7c824cf7bbde77d95c08005717a95f6f) C:WINDOWSsystem32driversdmio.sys
20:34:15:133 2712 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:WINDOWSsystem32driversdmload.sys
20:34:15:195 2712 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:WINDOWSsystem32driversDMusic.sys
20:34:15:273 2712 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:WINDOWSsystem32DRIVERSdpti2o.sys
20:34:15:320 2712 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:WINDOWSsystem32driversdrmkaud.sys
20:34:15:398 2712 drvmcdb (96bc8f872f0270c10edc3931f1c03776) C:WINDOWSsystem32driversdrvmcdb.sys
20:34:15:492 2712 drvnddm (5afbec7a6ac61b211633dfdb1d9e0c89) C:WINDOWSsystem32driversdrvnddm.sys
20:34:15:648 2712 DSproct (413f2d5f9d802688242c23b38f767ecb) C:Program FilesDellSupportGTActiontriggersDSproct.sys
20:34:15:789 2712 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:WINDOWSsystem32DRIVERSdsunidrv.sys
20:34:15:976 2712 E100B (95974e66d3de4951d29e28e8bc0b644c) C:WINDOWSsystem32DRIVERSe100b325.sys
20:34:16:086 2712 Fastfat (38d332a6d56af32635675f132548343e) C:WINDOWSsystem32driversFastfat.sys
20:34:16:273 2712 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:WINDOWSsystem32DRIVERSfdc.sys
20:34:16:461 2712 Fips (d45926117eb9fa946a6af572fbe1caa3) C:WINDOWSsystem32driversFips.sys
20:34:16:570 2712 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:WINDOWSsystem32DRIVERSflpydisk.sys
20:34:16:773 2712 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:WINDOWSsystem32driversfltmgr.sys
20:34:17:117 2712 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:WINDOWSsystem32driversFs_Rec.sys
20:34:17:523 2712 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:WINDOWSsystem32DRIVERSftdisk.sys
20:34:17:664 2712 GEARAspiWDM (f2f431d1573ee632975c524418655b84) C:WINDOWSsystem32DRIVERSGEARAspiWDM.sys
20:34:17:961 2712 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:WINDOWSsystem32DRIVERSmsgpc.sys
20:34:18:304 2712 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:WINDOWSsystem32DRIVERSHDAudBus.sys
20:34:18:664 2712 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:WINDOWSsystem32DRIVERShidusb.sys
20:34:19:008 2712 hpn (b028377dea0546a5fcfba928a8aefae0) C:WINDOWSsystem32DRIVERShpn.sys
20:34:19:289 2712 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:WINDOWSsystem32DriversHTTP.sys
20:34:19:523 2712 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:WINDOWSsystem32driversi2omgmt.sys
20:34:19:773 2712 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:WINDOWSsystem32DRIVERSi2omp.sys
20:34:20:101 2712 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:WINDOWSsystem32DRIVERSi8042prt.sys
20:34:20:258 2712 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:WINDOWSsystem32DRIVERSimapi.sys
20:34:20:351 2712 ini910u (4a40e045faee58631fd8d91afc620719) C:WINDOWSsystem32DRIVERSini910u.sys
20:34:20:570 2712 IntelC51 (7509c548400f4c9e0211e3f6e66abbe6) C:WINDOWSsystem32DRIVERSIntelC51.sys
20:34:20:789 2712 IntelC52 (9584ffdd41d37f2c239681d0dac2513e) C:WINDOWSsystem32DRIVERSIntelC52.sys
20:34:20:976 2712 IntelC53 (cf0b937710cec6ef39416edecd803cbb) C:WINDOWSsystem32DRIVERSIntelC53.sys
20:34:21:164 2712 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:WINDOWSsystem32DRIVERSintelide.sys
20:34:21:273 2712 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:WINDOWSsystem32DRIVERSintelppm.sys
20:34:21:351 2712 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:WINDOWSsystem32driversip6fw.sys
20:34:21:476 2712 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:WINDOWSsystem32DRIVERSipfltdrv.sys
20:34:21:586 2712 IpInIp (b87ab476dcf76e72010632b5550955f5) C:WINDOWSsystem32DRIVERSipinip.sys
20:34:21:633 2712 IpNat (cc748ea12c6effde940ee98098bf96bb) C:WINDOWSsystem32DRIVERSipnat.sys
20:34:21:726 2712 IPSec (23c74d75e36e7158768dd63d92789a91) C:WINDOWSsystem32DRIVERSipsec.sys
20:34:21:789 2712 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:WINDOWSsystem32DRIVERSirenum.sys
20:34:21:914 2712 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:WINDOWSsystem32DRIVERSisapnp.sys
20:34:22:008 2712 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:WINDOWSsystem32DRIVERSkbdclass.sys
20:34:22:164 2712 kbdhid (24f674c7b3bc36c0b36d60957559554a) C:WINDOWSsystem32DRIVERSkbdhid.sys
20:34:22:164 2712 Suspicious file (Forged): C:WINDOWSsystem32DRIVERSkbdhid.sys. Real md5: 24f674c7b3bc36c0b36d60957559554a, Fake md5: 9ef487a186dea361aa06913a75b3fa99
20:34:22:164 2712 File "C:WINDOWSsystem32DRIVERSkbdhid.sys" infected by TDSS rootkit ... 20:34:23:711 2712 Backup copy found, using it..
20:34:23:836 2712 will be cured on next reboot
20:34:24:008 2712 klmd23 (67e1faa88fb397b3d56909d7e04f4dd3) C:WINDOWSsystem32driversklmd.sys
20:34:24:086 2712 kmixer (692bcf44383d056aed41b045a323d378) C:WINDOWSsystem32driverskmixer.sys
20:34:24:195 2712 KSecDD (b467646c54cc746128904e1654c750c1) C:WINDOWSsystem32driversKSecDD.sys
20:34:24:601 2712 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:WINDOWSsystem32DRIVERSmhndrv.sys
20:34:24:648 2712 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:WINDOWSsystem32driversmnmdd.sys
20:34:24:711 2712 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:WINDOWSsystem32driversModem.sys
20:34:24:758 2712 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:WINDOWSsystem32driversMODEMCSA.sys
20:34:24:789 2712 mohfilt (59b8b11ff70728eec60e72131c58b716) C:WINDOWSsystem32DRIVERSmohfilt.sys
20:34:24:820 2712 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:WINDOWSsystem32DRIVERSmouclass.sys
20:34:24:867 2712 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:WINDOWSsystem32DRIVERSmouhid.sys
20:34:24:898 2712 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:WINDOWSsystem32driversMountMgr.sys
20:34:24:945 2712 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:WINDOWSsystem32DRIVERSmraid35x.sys
20:34:24:992 2712 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:WINDOWSsystem32DRIVERSmrxdav.sys
20:34:25:070 2712 MRxSmb (f3aefb11abc521122b67095044169e98) C:WINDOWSsystem32DRIVERSmrxsmb.sys
20:34:25:117 2712 Msfs (c941ea2454ba8350021d774daf0f1027) C:WINDOWSsystem32driversMsfs.sys
20:34:25:148 2712 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:WINDOWSsystem32driversMSKSSRV.sys
20:34:25:164 2712 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:WINDOWSsystem32driversMSPCLOCK.sys
20:34:25:242 2712 MSPQM (bad59648ba099da4a17680b39730cb3d) C:WINDOWSsystem32driversMSPQM.sys
20:34:25:304 2712 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:WINDOWSsystem32DRIVERSmssmbios.sys
20:34:25:367 2712 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:WINDOWSsystem32driversMSTEE.sys
20:34:25:429 2712 Mup (2f625d11385b1a94360bfc70aaefdee1) C:WINDOWSsystem32driversMup.sys
20:34:25:461 2712 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:WINDOWSsystem32DRIVERSNABTSFEC.sys
20:34:25:492 2712 NAL (9121d8ffff773c66bbf4955e4f7aac23) C:WINDOWSsystem32Driversiqvw32.sys
20:34:25:554 2712 NDIS (1df7f42665c94b825322fae71721130d) C:WINDOWSsystem32driversNDIS.sys
20:34:25:601 2712 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:WINDOWSsystem32DRIVERSNdisIP.sys
20:34:25:633 2712 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:WINDOWSsystem32DRIVERSndistapi.sys
20:34:25:648 2712 Ndisuio (f927a4434c5028758a842943ef1a3849) C:WINDOWSsystem32DRIVERSndisuio.sys
20:34:25:711 2712 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:WINDOWSsystem32DRIVERSndiswan.sys
20:34:25:773 2712 NDProxy (6215023940cfd3702b46abc304e1d45a) C:WINDOWSsystem32driversNDProxy.sys
20:34:25:914 2712 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:WINDOWSsystem32DRIVERSnetbios.sys
20:34:25:992 2712 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:WINDOWSsystem32DRIVERSnetbt.sys
20:34:26:086 2712 Npfs (3182d64ae053d6fb034f44b6def8034a) C:WINDOWSsystem32driversNpfs.sys
20:34:26:148 2712 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:WINDOWSsystem32driversNtfs.sys
20:34:26:242 2712 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:WINDOWSsystem32driversNull.sys
20:34:26:336 2712 nv (2b298519edbfcf451d43e0f1e8f1006d) C:WINDOWSsystem32DRIVERSnv4_mini.sys
20:34:26:523 2712 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:WINDOWSsystem32DRIVERSnwlnkflt.sys
20:34:26:648 2712 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:WINDOWSsystem32DRIVERSnwlnkfwd.sys
20:34:26:726 2712 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:WINDOWSsystem32DRIVERSnwlnkipx.sys
20:34:26:804 2712 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:WINDOWSsystem32DRIVERSnwlnknb.sys
20:34:26:867 2712 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:WINDOWSsystem32DRIVERSnwlnkspx.sys
20:34:26:914 2712 omci (53d5f1278d9edb21689bbbcecc09108d) C:WINDOWSsystem32DRIVERSomci.sys
20:34:27:039 2712 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:WINDOWSsystem32DRIVERSparport.sys
20:34:27:101 2712 PartMgr (beb3ba25197665d82ec7065b724171c6) C:WINDOWSsystem32driversPartMgr.sys
20:34:27:148 2712 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:WINDOWSsystem32driversParVdm.sys
20:34:27:289 2712 PCI (a219903ccf74233761d92bef471a07b1) C:WINDOWSsystem32DRIVERSpci.sys
20:34:27:351 2712 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:WINDOWSsystem32DRIVERSpciide.sys
20:34:27:476 2712 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:WINDOWSsystem32driversPcmcia.sys
20:34:27:554 2712 pcouffin (5b6c11de7e839c05248ced8825470fef) C:WINDOWSsystem32Driverspcouffin.sys
20:34:27:711 2712 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:WINDOWSsystem32DRIVERSperc2.sys
20:34:27:773 2712 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:WINDOWSsystem32DRIVERSperc2hib.sys
20:34:27:836 2712 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:WINDOWSsystem32DRIVERSraspptp.sys
20:34:27:883 2712 PSched (09298ec810b07e5d582cb3a3f9255424) C:WINDOWSsystem32DRIVERSpsched.sys
20:34:27:945 2712 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:WINDOWSsystem32DRIVERSptilink.sys
20:34:28:008 2712 PxHelp20 (7c81ae3c9b82ba2da437ed4d31bc56cf) C:WINDOWSsystem32DriversPxHelp20.sys
20:34:28:054 2712 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:WINDOWSsystem32DRIVERSql1080.sys
20:34:28:133 2712 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:WINDOWSsystem32DRIVERSql10wnt.sys
20:34:28:211 2712 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:WINDOWSsystem32DRIVERSql12160.sys
20:34:28:336 2712 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:WINDOWSsystem32DRIVERSql1240.sys
20:34:28:461 2712 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:WINDOWSsystem32DRIVERSql1280.sys
20:34:28:539 2712 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:WINDOWSsystem32DRIVERSrasacd.sys
20:34:28:601 2712 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:WINDOWSsystem32DRIVERSrasl2tp.sys
20:34:28:664 2712 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:WINDOWSsystem32DRIVERSraspppoe.sys
20:34:28:726 2712 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:WINDOWSsystem32DRIVERSraspti.sys
20:34:28:804 2712 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:WINDOWSsystem32DRIVERSrdbss.sys
20:34:28:836 2712 RDPCDD (4912d5b403614ce99c28420f75353332) C:WINDOWSsystem32DRIVERSRDPCDD.sys
20:34:29:070 2712 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:WINDOWSsystem32DRIVERSrdpdr.sys
20:34:29:914 2712 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:WINDOWSsystem32driversRDPWD.sys
20:34:30:101 2712 redbook (f828dd7e1419b6653894a8f97a0094c5) C:WINDOWSsystem32DRIVERSredbook.sys
20:34:30:195 2712 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:WINDOWSsystem32DRIVERSsecdrv.sys
20:34:30:367 2712 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:WINDOWSsystem32DRIVERSserenum.sys
20:34:30:445 2712 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:WINDOWSsystem32DRIVERSserial.sys
20:34:30:508 2712 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:WINDOWSsystem32driversSfloppy.sys
20:34:30:601 2712 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:WINDOWSsystem32DRIVERSsisagp.sys
20:34:30:664 2712 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:WINDOWSsystem32DRIVERSSLIP.sys
20:34:30:742 2712 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:WINDOWSsystem32DRIVERSSONYPVU1.SYS
20:34:30:820 2712 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:WINDOWSsystem32DRIVERSsparrow.sys
20:34:30:898 2712 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:WINDOWSsystem32driverssplitter.sys
20:34:30:961 2712 sptd (71e276f6d189413266ea22171806597b) C:WINDOWSsystem32Driverssptd.sys
20:34:31:117 2712 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:WINDOWSsystem32DRIVERSsr.sys
20:34:31:164 2712 Srv (89220b427890aa1dffd1a02648ae51c3) C:WINDOWSsystem32DRIVERSsrv.sys
20:34:31:336 2712 sscdbhk5 (98625722ad52b40305e74aaa83c93086) C:WINDOWSsystem32driverssscdbhk5.sys
20:34:31:461 2712 ssrtln (d79412e3942c8a257253487536d5a994) C:WINDOWSsystem32driversssrtln.sys
20:34:31:570 2712 STHDA (352b663a81402be7cd7bd4ea27c9998c) C:WINDOWSsystem32driverssthda.sys
20:34:31:679 2712 streamip (77813007ba6265c4b6098187e6ed79d2) C:WINDOWSsystem32DRIVERSStreamIP.sys
20:34:31:742 2712 swenum (3941d127aef12e93addf6fe6ee027e0f) C:WINDOWSsystem32DRIVERSswenum.sys
20:34:31:758 2712 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:WINDOWSsystem32driversswmidi.sys
20:34:31:804 2712 symc810 (1ff3217614018630d0a6758630fc698c) C:WINDOWSsystem32DRIVERSsymc810.sys
20:34:31:883 2712 symc8xx (070e001d95cf725186ef8b20335f933c) C:WINDOWSsystem32DRIVERSsymc8xx.sys
20:34:31:961 2712 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:WINDOWSsystem32DRIVERSsym_hi.sys
20:34:32:054 2712 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:WINDOWSsystem32DRIVERSsym_u3.sys
20:34:32:117 2712 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:WINDOWSsystem32driverssysaudio.sys
20:34:32:211 2712 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:WINDOWSsystem32DRIVERStcpip.sys
20:34:32:398 2712 TDPIPE (6471a66807f5e104e4885f5b67349397) C:WINDOWSsystem32driversTDPIPE.sys
20:34:32:492 2712 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:WINDOWSsystem32driversTDTCP.sys
20:34:32:570 2712 TermDD (88155247177638048422893737429d9e) C:WINDOWSsystem32DRIVERStermdd.sys
20:34:32:679 2712 tfsnboio (d0177776e11b0b3f272eebd262a69661) C:WINDOWSsystem32dlatfsnboio.sys
20:34:32:711 2712 tfsncofs (599804bc938b8305a5422319774da871) C:WINDOWSsystem32dlatfsncofs.sys
20:34:32:742 2712 tfsndrct (a1902c00adc11c4d83f8e3ed947a6a32) C:WINDOWSsystem32dlatfsndrct.sys
20:34:32:758 2712 tfsndres (d8ddb3f2b1bef15cff6728d89c042c61) C:WINDOWSsystem32dlatfsndres.sys
20:34:32:789 2712 tfsnifs (c4f2dea75300971cdaee311007de138d) C:WINDOWSsystem32dlatfsnifs.sys
20:34:32:867 2712 tfsnopio (272925be0ea919f08286d2ee6f102b0f) C:WINDOWSsystem32dlatfsnopio.sys
20:34:32:961 2712 tfsnpool (7b7d955e5cebc2fb88b03ef875d52a2f) C:WINDOWSsystem32dlatfsnpool.sys
20:34:33:008 2712 tfsnudf (e3d01263109d800c1967c12c10a0b018) C:WINDOWSsystem32dlatfsnudf.sys
20:34:33:070 2712 tfsnudfa (b9e9c377906e3a65bc74598fff7f7458) C:WINDOWSsystem32dlatfsnudfa.sys
20:34:33:133 2712 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:WINDOWSsystem32DRIVERStoside.sys
20:34:33:226 2712 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:WINDOWSsystem32driversUdfs.sys
20:34:33:336 2712 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:WINDOWSsystem32DRIVERSultra.sys
20:34:33:476 2712 Update (402ddc88356b1bac0ee3dd1580c76a31) C:WINDOWSsystem32DRIVERSupdate.sys
20:34:33:554 2712 usbaudio (e919708db44ed8543a7c017953148330) C:WINDOWSsystem32driversusbaudio.sys
20:34:33:586 2712 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:WINDOWSsystem32DRIVERSusbccgp.sys
20:34:33:601 2712 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:WINDOWSsystem32DRIVERSusbehci.sys
20:34:33:648 2712 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:WINDOWSsystem32DRIVERSusbhub.sys
20:34:33:679 2712 usbprint (a717c8721046828520c9edf31288fc00) C:WINDOWSsystem32DRIVERSusbprint.sys
20:34:33:726 2712 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:WINDOWSsystem32DRIVERSusbscan.sys
20:34:33:773 2712 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:WINDOWSsystem32DRIVERSUSBSTOR.SYS
20:34:33:804 2712 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:WINDOWSsystem32DRIVERSusbuhci.sys
20:34:33:851 2712 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:WINDOWSsystem32Driversusbvideo.sys
20:34:33:898 2712 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:WINDOWSSystem32driversvga.sys
20:34:33:961 2712 viaagp (754292ce5848b3738281b4f3607eaef4) C:WINDOWSsystem32DRIVERSviaagp.sys
20:34:34:086 2712 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:WINDOWSsystem32DRIVERSviaide.sys
20:34:34:164 2712 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:WINDOWSsystem32driversVolSnap.sys
20:34:34:195 2712 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:WINDOWSsystem32DRIVERSwanarp.sys
20:34:34:336 2712 wdmaud (6768acf64b18196494413695f0c3a00f) C:WINDOWSsystem32driverswdmaud.sys
20:34:34:476 2712 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:WINDOWSSystem32driversws2ifsl.sys
20:34:34:570 2712 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:WINDOWSsystem32DRIVERSWSTCODEC.SYS
20:34:34:570 2712 Reboot required for cure complete..
20:34:35:133 2712 Cure on reboot scheduled successfully
20:34:35:133 2712
20:34:35:133 2712 Completed
20:34:35:133 2712
20:34:35:133 2712 Results:
20:34:35:133 2712 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
20:34:35:133 2712 File objects infected / cured / cured on reboot: 1 / 0 / 1
20:34:35:133 2712
20:34:35:133 2712 KLMD(ARK) unloaded successfully

jarrettdelorenzo
Novice
Novice

Status :
Online
Offline

Posts : 26
Joined : 2010-05-23
OS : Windows XP

View user profile

Back to top Go down

Re: Antispyware Soft - unable to remove

Post by jarrettdelorenzo on Wed Jun 09, 2010 4:31 am

Whoah.....And my keyboard is working now!! I just tried to start typing and was taken aback!

jarrettdelorenzo
Novice
Novice

Status :
Online
Offline

Posts : 26
Joined : 2010-05-23
OS : Windows XP

View user profile

Back to top Go down

Re: Antispyware Soft - unable to remove

Post by Belahzur on Thu Jun 10, 2010 12:55 am

Woot.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Antispyware Soft - unable to remove

Post by jarrettdelorenzo on Thu Jun 10, 2010 3:26 am

The computer seems to be running well...updated everything, ran scans to make sure nothing else was infected.

First of all, I wanted to say thank you so much for your assistance...what a relief to be able to use this computer again. I'd be happy to donate what I can when I get paid next...I really appreciate it.

Are there any precautions I should/could take to prevent something like this happening in the future? I'm current running Spybot/MBAM and Avast. Should I remove the programs you had me download to remove the infected files?

Thanks again,

-Jarrett

jarrettdelorenzo
Novice
Novice

Status :
Online
Offline

Posts : 26
Joined : 2010-05-23
OS : Windows XP

View user profile

Back to top Go down

Re: Antispyware Soft - unable to remove

Post by Belahzur on Thu Jun 10, 2010 9:02 pm

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

Run ESET Online Scan
Please do an online scan with [You must be registered and logged in to see this link.]. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum