Internet Security 2010 [Archive] - Safer-Networking Forums

View Full Version : Internet Security 2010

chrisbattista03

2010-02-09, 02:58

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:56:57 PM, on 2/8/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\smss32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\InternetSecurity2010\IS2010.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://hjt-data.trendmicro.com/hjt/analyzethis/index.php?report=12235351
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\winlogon32.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [smss32.exe] C:\WINDOWS\system32\smss32.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [smss32.exe] C:\WINDOWS\system32\smss32.exe
O4 - HKCU\..\Run: [Internet Security 2010] C:\Program Files\InternetSecurity2010\IS2010.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\helper32.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\helper32.dll
O15 - Trusted Zone: http://*.buy-internetsecurity10.com
O15 - Trusted Zone: http://*.buy-is2010.com
O15 - Trusted Zone: http://*.is-software-download.com
O15 - Trusted Zone: http://*.is-software-download25.com
O15 - Trusted Zone: http://*.is10-soft-download.com
O15 - Trusted Zone: http://*.buy-internetsecurity10.com (HKLM)
O15 - Trusted Zone: http://*.buy-is2010.com (HKLM)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe

--
End of file - 4169 bytes

http://forums.spybot.info/showthread.php?p=356884#post356884

ken545

2010-02-09, 10:33

Hi,

Is this the same computer we just cleaned ?

chrisbattista03

2010-02-10, 01:14

it is buddy. This is my friends machine. I go through these motions with you guys on behalf of my friends because they are clueless and it helps me learn. I have health issues take me to the hospital and I assumed we were done anyway so i gave back the PC. I remember old threads get archived after a few days so i started a new thread.. he called yesterday and this was a new issue.

the machine was used by kids only on the guest account. This new infection has taken to all the admin accounts too. changes the background and has disabled the Task Manager. I'm sure you're familiar with the symptoms. It showed up the day I installed and ran Avira Antivir. it won't let Avira complete a scan.

ken545

2010-02-10, 02:01

No matter what account infected the computer, the computer is infected period, when we run scans or programs to remove this garbage, just log on to the main user or as administrator.

Backup Your Registry with ERUNT:
Download erunt.zip to your Desktop from here:
http://aumha.org/downloads/erunt.zip
Right-click erunt.zip, select Extract All... and follow the prompts to extract ERUNT to a new folder on your Desktop
Inside the new folder, double-click ERUNT.exe to start the program
OK all the prompts to back up your registry to the default location.Note: to restore your registry, go to the backup folder and start ERUNT.exe

Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.

Run OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

:OTL
[Unregister Dlls]
[Custom Items]
:Services
lmuytnv
ndisdrv
qvazdxe
:Files
helper32.dll /lsp
winhelper86.dll /lsp
%systemdrive%\Internet Security 2010.lnk /s
%systemroot%\System32\winlogon32.exe
%systemroot%\System32\smss32.exe
%systemroot%\System32\AVR10.exe
%systemroot%\System32\helper32.dll
%systemroot%\System32\winhelper86.dll
%systemroot%\System32\smss32.exe
%systemroot%\System32\warning.html
%systemroot%\system32\IS15.exe
%systemroot%\System32\winhelper86.dll
%systemdrive%\trhh.exe
%systemdrive%\sdigdvmg.exe
%systemdrive%\wgqi.exe
%systemdrive%\byyk.exe
%systemroot%\lsass.exe
%systemroot%\odbn0.exe
%systemroot%\System32\sdra64.exe
%systemroot%\System32\41.exe
%systemroot%\System32\153.exe
%systemroot%\System32\292.exe
%systemroot%\System32\491.exe
%systemroot%\System32\1869.exe
%systemroot%\system32\2876.exe
%systemroot%\System32\2995.exe
%systemroot%\System32\3902.exe
%systemroot%\System32\4827.exe
%systemroot%\System32\5436.exe
%systemroot%\System32\5447.exe
%systemroot%\System32\5705.exe
%systemroot%\System32\6334.exe
%systemroot%\System32\7376.exe
%systemroot%\System32\9961.exe
%systemroot%\System32\11478.exe
%systemroot%\System32\11538.exe
%systemroot%\System32\11942.exe
%systemroot%\System32\12382.exe
%systemroot%\system32\12662.exe
%systemroot%\System32\13931.exe
%systemroot%\system32\14070.exe
%systemroot%\System32\14604.exe
%systemroot%\System32\14771.exe
%systemroot%\System32\15724.exe
%systemroot%\System32\16827.exe
%systemroot%\System32\16944.exe
%systemroot%\system32\17125.exe
%systemroot%\System32\17421.exe
%systemroot%\System32\18467.exe
%systemroot%\System32\18716.exe
%systemroot%\System32\19169.exe
%systemroot%\System32\19718.exe
%systemroot%\System32\19895.exe
%systemroot%\system32\19905.exe
%systemroot%\System32\19912.exe
%systemroot%\system32\21386.exe
%systemroot%\System32\21726.exe
%systemroot%\system32\22934.exe
%systemroot%\System32\23281.exe
%systemroot%\system32\24242.exe
%systemroot%\System32\24464.exe
%systemroot%\system32\24478.exe
%systemroot%\System32\26308.exe
%systemroot%\System32\26500.exe
%systemroot%\System32\26962.exe
%systemroot%\system32\27213.exe
%systemroot%\System32\28145.exe
%systemroot%\system32\28466.exe
%systemroot%\System32\29358.exe
%systemroot%\System32\32391.exe
%systemroot%\System32\32439.exe
%systemroot%\system32\ndisdrv.sys
%systemdrive%\s
%systemroot%\system32\kbdsock.dll
%systemroot%\system32\mshlps.dll
%systemroot%\system32\drivers\kdrhkukb.sys
%PROGRAMFILES%\InternetSecurity2010
%systemroot%\System32\lowsec
:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"="explorer.exe"
"Userinit"="C:\\WINDOWS\\system32\\Userinit.exe,"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoSetActiveDesktop"=-
"NoActiveDesktopChanges"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoSetActiveDesktop"=-
"NoActiveDesktopChanges"=-
[CREATERESTOREPOINT]
[resethosts]
:end
[Purity]
[Empty Temp Folders]

Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done

Post the log please

chrisbattista03

2010-02-13, 23:34

========== OTL ==========
Folder register Dlls]\ not found.
File stom Items] not found.
========== SERVICES/DRIVERS ==========
Error: No service named lmuytnv was found to stop!
Unable to stop service lmuytnv!
Error: No service named ndisdrv was found to stop!
Unable to stop service ndisdrv!
Error: No service named qvazdxe was found to stop!
Unable to stop service qvazdxe!
========== FILES ==========
C:\_OTL\MovedFiles\02132010_162511\C_Documents and Settings\Heber & Dianne\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Security 2010.lnk moved successfully.
C:\_OTL\MovedFiles\02132010_162511\C_Documents and Settings\Heber & Dianne\Desktop\Internet Security 2010.lnk moved successfully.
C:\_OTL\MovedFiles\02132010_162629\C_Documents and Settings\Heber & Dianne\Start Menu\Internet Security 2010.lnk moved successfully.
C:\_OTL\MovedFiles\02132010_172541\C__OTL\MovedFiles\02132010_162511\C_Documents and Settings\Heber & Dianne\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Security 2010.lnk moved successfully.
C:\_OTL\MovedFiles\02132010_172541\C__OTL\MovedFiles\02132010_162511\C_Documents and Settings\Heber & Dianne\Desktop\Internet Security 2010.lnk moved successfully.
C:\_OTL\MovedFiles\02132010_172541\C__OTL\MovedFiles\02132010_162629\C_Documents and Settings\Heber & Dianne\Start Menu\Internet Security 2010.lnk moved successfully.
C:\WINDOWS\System32\winlogon32.exe moved successfully.
File/Folder C:\WINDOWS\System32\smss32.exe not found.
File/Folder C:\WINDOWS\System32\AVR10.exe not found.
File/Folder C:\WINDOWS\System32\helper32.dll not found.
File/Folder C:\WINDOWS\System32\winhelper86.dll not found.
File/Folder C:\WINDOWS\System32\smss32.exe not found.
C:\WINDOWS\System32\warning.html moved successfully.
File/Folder C:\WINDOWS\system32\IS15.exe not found.
File/Folder C:\WINDOWS\System32\winhelper86.dll not found.
File/Folder C:\trhh.exe not found.
File/Folder C:\sdigdvmg.exe not found.
File/Folder C:\wgqi.exe not found.
File/Folder C:\byyk.exe not found.
File/Folder C:\WINDOWS\lsass.exe not found.
File/Folder C:\WINDOWS\odbn0.exe not found.
File/Folder C:\WINDOWS\System32\sdra64.exe not found.
File/Folder C:\WINDOWS\System32\41.exe not found.
File/Folder C:\WINDOWS\System32\153.exe not found.
File/Folder C:\WINDOWS\System32\292.exe not found.
File/Folder C:\WINDOWS\System32\491.exe not found.
File/Folder C:\WINDOWS\System32\1869.exe not found.
File/Folder C:\WINDOWS\system32\2876.exe not found.
File/Folder C:\WINDOWS\System32\2995.exe not found.
File/Folder C:\WINDOWS\System32\3902.exe not found.
File/Folder C:\WINDOWS\System32\4827.exe not found.
File/Folder C:\WINDOWS\System32\5436.exe not found.
File/Folder C:\WINDOWS\System32\5447.exe not found.
File/Folder C:\WINDOWS\System32\5705.exe not found.
File/Folder C:\WINDOWS\System32\6334.exe not found.
File/Folder C:\WINDOWS\System32\7376.exe not found.
File/Folder C:\WINDOWS\System32\9961.exe not found.
File/Folder C:\WINDOWS\System32\11478.exe not found.
File/Folder C:\WINDOWS\System32\11538.exe not found.
File/Folder C:\WINDOWS\System32\11942.exe not found.
File/Folder C:\WINDOWS\System32\12382.exe not found.
File/Folder C:\WINDOWS\system32\12662.exe not found.
File/Folder C:\WINDOWS\System32\13931.exe not found.
File/Folder C:\WINDOWS\system32\14070.exe not found.
File/Folder C:\WINDOWS\System32\14604.exe not found.
File/Folder C:\WINDOWS\System32\14771.exe not found.
File/Folder C:\WINDOWS\System32\15724.exe not found.
File/Folder C:\WINDOWS\System32\16827.exe not found.
File/Folder C:\WINDOWS\System32\16944.exe not found.
File/Folder C:\WINDOWS\system32\17125.exe not found.
File/Folder C:\WINDOWS\System32\17421.exe not found.
C:\WINDOWS\System32\18467.exe moved successfully.
File/Folder C:\WINDOWS\System32\18716.exe not found.
File/Folder C:\WINDOWS\System32\19169.exe not found.
File/Folder C:\WINDOWS\System32\19718.exe not found.
File/Folder C:\WINDOWS\System32\19895.exe not found.
File/Folder C:\WINDOWS\system32\19905.exe not found.
File/Folder C:\WINDOWS\System32\19912.exe not found.
File/Folder C:\WINDOWS\system32\21386.exe not found.
File/Folder C:\WINDOWS\System32\21726.exe not found.
File/Folder C:\WINDOWS\system32\22934.exe not found.
File/Folder C:\WINDOWS\System32\23281.exe not found.
File/Folder C:\WINDOWS\system32\24242.exe not found.
File/Folder C:\WINDOWS\System32\24464.exe not found.
File/Folder C:\WINDOWS\system32\24478.exe not found.
File/Folder C:\WINDOWS\System32\26308.exe not found.
File/Folder C:\WINDOWS\System32\26500.exe not found.
File/Folder C:\WINDOWS\System32\26962.exe not found.
File/Folder C:\WINDOWS\system32\27213.exe not found.
File/Folder C:\WINDOWS\System32\28145.exe not found.
File/Folder C:\WINDOWS\system32\28466.exe not found.
File/Folder C:\WINDOWS\System32\29358.exe not found.
File/Folder C:\WINDOWS\System32\32391.exe not found.
File/Folder C:\WINDOWS\System32\32439.exe not found.
File/Folder C:\WINDOWS\system32\ndisdrv.sys not found.
C:\s moved successfully.
File/Folder C:\WINDOWS\system32\kbdsock.dll not found.
File/Folder C:\WINDOWS\system32\mshlps.dll not found.
File/Folder C:\WINDOWS\system32\drivers\kdrhkukb.sys not found.
C:\Program Files\InternetSecurity2010 folder moved successfully.
File/Folder C:\WINDOWS\System32\lowsec not found.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\"Shell"|"explorer.exe" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\"Userinit"|"C:\\WINDOWS\\system32\\Userinit.exe," /E : value set successfully!
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\\DisableTaskMgr not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\\DisableTaskMgr not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetActiveDesktop not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoActiveDesktopChanges not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetActiveDesktop not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoActiveDesktopChanges not found.
Error: Unable to interpret <:end> in the current context!
Error: Unable to interpret <[Purity]> in the current context!
Error: Unable to interpret <[Empty Temp Folders]> in the current context!

OTL by OldTimer - Version 3.1.28.0 log created on 02132010_172541

chrisbattista03

2010-02-13, 23:40

Windows Firewall has been disabled. from the firewall icon in control panel it tells me that windows cannot start the ICS.

My ability to control the wireless network has also been taken away. If i try to view wireless connections i get the same message i get if your wireless card has software to manage the connection. this leaves the PC with no internet connection.

logging into a windows profile also takes roughly 8-10 minutes.

ken545

2010-02-14, 00:00

Outside of a few entries related to IS2010, nothing else was changed on your system

Do a system restore to before you ran OTL

http://www.bleepingcomputer.com/tutorials/tutorial56.html

Then run OTL just to scan your system and post the log

chrisbattista03

2010-02-14, 00:20

It restored to a point before the infection was known.

OTL logfile created on: 2/13/2010 6:15:09 PM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\Fixxer\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 80.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 61.31 Gb Free Space | 82.29% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: USER-PC
Current User Name: Fixxer
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/02/13 18:14:46 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Fixxer\Desktop\OTL.exe
PRC - [2010/02/04 16:07:13 | 001,518,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SoftwareDistribution\Download\Install\windows-kb890830-v3.4-delta.exe
PRC - [2010/02/01 11:26:18 | 000,057,800 | ---- | M] (Microsoft Corporation) -- c:\4de7bfac9abb3f15d6af3abdefc2\mrtstub.exe
PRC - [2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/12/18 18:26:54 | 000,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2003/08/28 14:01:22 | 000,061,440 | ---- | M] () -- C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe

========== Modules (SafeList) ==========

MOD - [2010/02/13 18:14:46 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Fixxer\Desktop\OTL.exe
MOD - [2006/08/25 10:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2005/12/18 18:26:54 | 000,073,728 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2003/08/28 14:01:22 | 000,061,440 | ---- | M] () [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe -- (spkrmon)

========== Driver Services (SafeList) ==========

DRV - [2010/01/17 18:40:55 | 000,451,456 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Dr71WU.sys -- (RT73)
DRV - [2007/11/13 05:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2006/12/12 19:54:35 | 000,347,648 | R--- | M] (D-Link Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\A5AGU.sys -- (A5AGU)
DRV - [2006/03/23 21:47:06 | 001,166,972 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm)
DRV - [2004/12/13 16:14:00 | 000,039,904 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\cercsr6.sys -- (cercsr6)
DRV - [2004/08/23 14:49:30 | 000,121,472 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004/08/04 05:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/04/09 12:41:30 | 000,612,352 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm)
DRV - [2002/04/01 13:15:00 | 000,004,816 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (aeaudio)
DRV - [2001/08/17 12:56:16 | 000,007,552 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SONYPVU1.SYS -- (SONYPVU1) Sony USB Filter Driver (SONYPVU1)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "google.com/firefox"

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/17 19:08:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/08 09:55:46 | 000,000,000 | ---D | M]

[2010/01/17 19:08:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fixxer\Application Data\Mozilla\Extensions
[2010/01/17 19:08:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fixxer\Application Data\Mozilla\Firefox\Profiles\y4ihpf58.default\extensions
[2009/01/15 08:03:32 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2004/08/04 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.68.166 68.87.74.166
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/29 15:03:07 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/02/13 18:14:45 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Fixxer\Desktop\OTL.exe
[2010/02/13 18:14:23 | 000,000,000 | ---D | C] -- C:\4de7bfac9abb3f15d6af3abdefc2
[2010/02/13 18:12:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010/02/13 16:25:11 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/02/13 16:21:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fixxer\Desktop\erunt
[2010/02/08 20:56:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fixxer\Desktop\old log
[2010/02/07 10:10:02 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/02/07 10:10:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2010/01/22 22:44:54 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/01/22 22:43:13 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\Fixxer\Desktop\ATF-Cleaner.exe
[2010/01/22 11:49:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/01/22 11:45:08 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/01/21 23:38:17 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/01/21 23:33:22 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/01/21 23:33:22 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/01/21 23:33:22 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/01/21 23:31:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/01/21 23:31:13 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/01/21 20:40:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fixxer\Application Data\Malwarebytes
[2010/01/21 20:40:11 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/21 20:40:09 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/21 20:40:09 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/01/21 20:40:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/01/20 21:59:18 | 000,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Fixxer\Desktop\RootRepeal.exe
[2010/01/17 19:10:01 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Fixxer\Desktop\HijackThisInstaller.exe
[2010/01/17 19:08:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fixxer\Local Settings\Application Data\Mozilla
[2010/01/17 19:08:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fixxer\Application Data\Mozilla
[2010/01/17 19:07:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fixxer\Application Data\Identities
[2010/01/17 19:07:15 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Fixxer\My Documents\My Pictures
[2010/01/17 19:07:15 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Fixxer\My Documents\My Music
[2010/01/17 19:07:10 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Fixxer\Application Data\Microsoft
[2010/01/17 19:07:10 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Fixxer\SendTo
[2010/01/17 19:07:10 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Fixxer\Recent
[2010/01/17 19:07:10 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Fixxer\Application Data
[2010/01/17 19:07:10 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Fixxer\Start Menu
[2010/01/17 19:07:10 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Fixxer\My Documents
[2010/01/17 19:07:10 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Fixxer\Favorites
[2010/01/17 19:07:10 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Fixxer\Cookies
[2010/01/17 19:07:10 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Fixxer\Templates
[2010/01/17 19:07:10 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Fixxer\PrintHood
[2010/01/17 19:07:10 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Fixxer\NetHood
[2010/01/17 19:07:10 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Fixxer\Local Settings
[2010/01/17 19:07:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fixxer\Local Settings\Application Data\Microsoft
[2010/01/17 19:07:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fixxer\Desktop
[2010/01/17 18:54:19 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/01/14 18:40:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MpEngineStore
[2008/08/29 15:06:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/08/29 15:06:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2008/08/29 15:02:59 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2008/08/29 15:02:59 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/02/13 18:16:44 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/02/13 18:14:46 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Fixxer\Desktop\OTL.exe
[2010/02/13 18:10:14 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/13 18:10:02 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/13 18:09:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/13 18:08:47 | 006,291,456 | -H-- | M] () -- C:\Documents and Settings\Fixxer\Local Settings\Application Data\IconCache.db
[2010/02/13 16:54:58 | 000,070,616 | ---- | M] () -- C:\Documents and Settings\Fixxer\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/02/08 20:56:57 | 000,004,170 | ---- | M] () -- C:\Documents and Settings\Fixxer\Desktop\HJT1
[2010/01/24 11:01:54 | 000,356,120 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/01/24 11:01:54 | 000,311,604 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/01/24 11:01:54 | 000,039,992 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/01/22 22:47:19 | 001,048,576 | -H-- | M] () -- C:\Documents and Settings\Fixxer\ntuser.dat
[2010/01/22 22:47:19 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Fixxer\ntuser.ini
[2010/01/22 11:48:42 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/01/22 11:26:25 | 003,833,308 | R--- | M] () -- C:\Documents and Settings\Fixxer\Desktop\ComboFix.exe
[2010/01/21 23:38:21 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/01/21 20:40:13 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/21 20:35:38 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\Fixxer\Desktop\ATF-Cleaner.exe
[2010/01/20 21:59:19 | 000,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Fixxer\Desktop\RootRepeal.exe
[2010/01/17 19:10:47 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Fixxer\Desktop\HijackThis.lnk
[2010/01/17 19:10:05 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Fixxer\Desktop\HijackThisInstaller.exe
[2010/01/17 18:40:55 | 000,451,456 | ---- | M] (Ralink Technology, Corp.) -- C:\WINDOWS\System32\drivers\Dr71WU.sys
[2010/01/17 18:11:28 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/01/14 18:40:29 | 000,000,118 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/08 20:56:57 | 000,004,170 | ---- | C] () -- C:\Documents and Settings\Fixxer\Desktop\HJT1
[2010/01/22 11:44:45 | 003,833,308 | R--- | C] () -- C:\Documents and Settings\Fixxer\Desktop\ComboFix.exe
[2010/01/21 23:38:21 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/01/21 23:38:18 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/01/21 23:33:22 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/01/21 23:33:22 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/01/21 23:33:22 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/01/21 23:33:22 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/01/21 23:33:22 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/01/21 20:40:13 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/17 19:10:47 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\Fixxer\Desktop\HijackThis.lnk
[2010/01/17 19:07:12 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Fixxer\ntuser.ini
[2010/01/17 19:07:10 | 001,048,576 | -H-- | C] () -- C:\Documents and Settings\Fixxer\ntuser.dat
[2009/12/09 22:25:19 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/08/28 12:00:54 | 000,006,456 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\rinubeba
[2008/12/12 18:51:30 | 000,000,165 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2008/10/23 16:08:15 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
< End of report >

chrisbattista03

2010-02-14, 00:21

OTL logfile created on: 2/13/2010 6:15:09 PM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\Fixxer\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 80.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 61.31 Gb Free Space | 82.29% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: USER-PC
Current User Name: Fixxer
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/02/13 18:14:46 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Fixxer\Desktop\OTL.exe
PRC - [2010/02/04 16:07:13 | 001,518,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SoftwareDistribution\Download\Install\windows-kb890830-v3.4-delta.exe
PRC - [2010/02/01 11:26:18 | 000,057,800 | ---- | M] (Microsoft Corporation) -- c:\4de7bfac9abb3f15d6af3abdefc2\mrtstub.exe
PRC - [2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/12/18 18:26:54 | 000,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2003/08/28 14:01:22 | 000,061,440 | ---- | M] () -- C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe

========== Modules (SafeList) ==========

MOD - [2010/02/13 18:14:46 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Fixxer\Desktop\OTL.exe
MOD - [2006/08/25 10:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2005/12/18 18:26:54 | 000,073,728 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2003/08/28 14:01:22 | 000,061,440 | ---- | M] () [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe -- (spkrmon)

========== Driver Services (SafeList) ==========

DRV - [2010/01/17 18:40:55 | 000,451,456 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Dr71WU.sys -- (RT73)
DRV - [2007/11/13 05:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2006/12/12 19:54:35 | 000,347,648 | R--- | M] (D-Link Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\A5AGU.sys -- (A5AGU)
DRV - [2006/03/23 21:47:06 | 001,166,972 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm)
DRV - [2004/12/13 16:14:00 | 000,039,904 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\cercsr6.sys -- (cercsr6)
DRV - [2004/08/23 14:49:30 | 000,121,472 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004/08/04 05:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/04/09 12:41:30 | 000,612,352 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm)
DRV - [2002/04/01 13:15:00 | 000,004,816 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (aeaudio)
DRV - [2001/08/17 12:56:16 | 000,007,552 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SONYPVU1.SYS -- (SONYPVU1) Sony USB Filter Driver (SONYPVU1)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "google.com/firefox"

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/17 19:08:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/08 09:55:46 | 000,000,000 | ---D | M]

[2010/01/17 19:08:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fixxer\Application Data\Mozilla\Extensions
[2010/01/17 19:08:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fixxer\Application Data\Mozilla\Firefox\Profiles\y4ihpf58.default\extensions
[2009/01/15 08:03:32 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2004/08/04 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.68.166 68.87.74.166
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/29 15:03:07 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/02/13 18:14:45 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Fixxer\Desktop\OTL.exe
[2010/02/13 18:14:23 | 000,000,000 | ---D | C] -- C:\4de7bfac9abb3f15d6af3abdefc2
[2010/02/13 18:12:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010/02/13 16:25:11 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/02/13 16:21:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fixxer\Desktop\erunt
[2010/02/08 20:56:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fixxer\Desktop\old log
[2010/02/07 10:10:02 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/02/07 10:10:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2010/01/22 22:44:54 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/01/22 22:43:13 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\Fixxer\Desktop\ATF-Cleaner.exe
[2010/01/22 11:49:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/01/22 11:45:08 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/01/21 23:38:17 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/01/21 23:33:22 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/01/21 23:33:22 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/01/21 23:33:22 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/01/21 23:31:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/01/21 23:31:13 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/01/21 20:40:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fixxer\Application Data\Malwarebytes
[2010/01/21 20:40:11 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/21 20:40:09 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/21 20:40:09 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/01/21 20:40:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/01/20 21:59:18 | 000,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Fixxer\Desktop\RootRepeal.exe
[2010/01/17 19:10:01 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Fixxer\Desktop\HijackThisInstaller.exe
[2010/01/17 19:08:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fixxer\Local Settings\Application Data\Mozilla
[2010/01/17 19:08:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fixxer\Application Data\Mozilla
[2010/01/17 19:07:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fixxer\Application Data\Identities
[2010/01/17 19:07:15 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Fixxer\My Documents\My Pictures
[2010/01/17 19:07:15 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Fixxer\My Documents\My Music
[2010/01/17 19:07:10 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Fixxer\Application Data\Microsoft
[2010/01/17 19:07:10 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Fixxer\SendTo
[2010/01/17 19:07:10 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Fixxer\Recent
[2010/01/17 19:07:10 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Fixxer\Application Data
[2010/01/17 19:07:10 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Fixxer\Start Menu
[2010/01/17 19:07:10 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Fixxer\My Documents
[2010/01/17 19:07:10 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Fixxer\Favorites
[2010/01/17 19:07:10 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Fixxer\Cookies
[2010/01/17 19:07:10 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Fixxer\Templates
[2010/01/17 19:07:10 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Fixxer\PrintHood
[2010/01/17 19:07:10 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Fixxer\NetHood
[2010/01/17 19:07:10 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Fixxer\Local Settings
[2010/01/17 19:07:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fixxer\Local Settings\Application Data\Microsoft
[2010/01/17 19:07:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fixxer\Desktop
[2010/01/17 18:54:19 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/01/14 18:40:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MpEngineStore
[2008/08/29 15:06:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/08/29 15:06:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2008/08/29 15:02:59 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2008/08/29 15:02:59 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/02/13 18:16:44 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/02/13 18:14:46 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Fixxer\Desktop\OTL.exe
[2010/02/13 18:10:14 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/13 18:10:02 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/13 18:09:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/13 18:08:47 | 006,291,456 | -H-- | M] () -- C:\Documents and Settings\Fixxer\Local Settings\Application Data\IconCache.db
[2010/02/13 16:54:58 | 000,070,616 | ---- | M] () -- C:\Documents and Settings\Fixxer\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/02/08 20:56:57 | 000,004,170 | ---- | M] () -- C:\Documents and Settings\Fixxer\Desktop\HJT1
[2010/01/24 11:01:54 | 000,356,120 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/01/24 11:01:54 | 000,311,604 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/01/24 11:01:54 | 000,039,992 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/01/22 22:47:19 | 001,048,576 | -H-- | M] () -- C:\Documents and Settings\Fixxer\ntuser.dat
[2010/01/22 22:47:19 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Fixxer\ntuser.ini
[2010/01/22 11:48:42 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/01/22 11:26:25 | 003,833,308 | R--- | M] () -- C:\Documents and Settings\Fixxer\Desktop\ComboFix.exe
[2010/01/21 23:38:21 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/01/21 20:40:13 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/21 20:35:38 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\Fixxer\Desktop\ATF-Cleaner.exe
[2010/01/20 21:59:19 | 000,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Fixxer\Desktop\RootRepeal.exe
[2010/01/17 19:10:47 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Fixxer\Desktop\HijackThis.lnk
[2010/01/17 19:10:05 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Fixxer\Desktop\HijackThisInstaller.exe
[2010/01/17 18:40:55 | 000,451,456 | ---- | M] (Ralink Technology, Corp.) -- C:\WINDOWS\System32\drivers\Dr71WU.sys
[2010/01/17 18:11:28 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/01/14 18:40:29 | 000,000,118 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/08 20:56:57 | 000,004,170 | ---- | C] () -- C:\Documents and Settings\Fixxer\Desktop\HJT1
[2010/01/22 11:44:45 | 003,833,308 | R--- | C] () -- C:\Documents and Settings\Fixxer\Desktop\ComboFix.exe
[2010/01/21 23:38:21 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/01/21 23:38:18 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/01/21 23:33:22 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/01/21 23:33:22 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/01/21 23:33:22 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/01/21 23:33:22 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/01/21 23:33:22 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/01/21 20:40:13 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/17 19:10:47 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\Fixxer\Desktop\HijackThis.lnk
[2010/01/17 19:07:12 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Fixxer\ntuser.ini
[2010/01/17 19:07:10 | 001,048,576 | -H-- | C] () -- C:\Documents and Settings\Fixxer\ntuser.dat
[2009/12/09 22:25:19 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/08/28 12:00:54 | 000,006,456 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\rinubeba
[2008/12/12 18:51:30 | 000,000,165 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2008/10/23 16:08:15 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
< End of report >

ken545

2010-02-14, 02:21

You posted both identical logs, but thats fine for now. I am not seeing any files or entries for IS2010, or anything else bad .

How are things running now ?

chrisbattista03

2010-02-14, 03:46

Sorry about the double post. it gave me 2 logs with different titles. i posted them both.

everything is running great!
apparently they installed Avira Antivirus and that was the same day as IS2010 showed up. we flashed it back to before the avira install. If you don't see any other issues then i'll get back to updating their SW and reinstall avira.

unless you have further instruction...

-Chris

ken545

2010-02-14, 13:56

Glad things are running ok, post this one last log for a doublecheck

Download random's system information tool (RSIT) by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

ken545

2010-02-18, 18:20

Due to inactivity, this thread will now be closed.

If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a new HijackThis log with a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.