1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved Seach Results Redirected/Win32 stops responding

Discussion in 'Malware and Virus Removal Archive' started by Dippndots, 2011/01/03.

  1. 2011/01/03
    Dippndots

    Dippndots Inactive Thread Starter

    Joined:
    2011/01/02
    Messages:
    20
    Likes Received:
    0
    [Resolved] Seach Results Redirected/Win32 stops responding

    Hi,

    My computer has been redirecting search results, and I have also been getting the message "Win32 has encountered a problem and has stoppedâ€. Regardless of whether I choose to send the error report or not, my internet will stop working, and requires a reboot to reconnect.

    I have run several scans from different programs including; Microsoft Security Essentials, Spybot, Trojan Remover, SuperAntiSpyware, and Malware Bytes. All of which now show no malicious files. I say "now" because I ran scans last week that showed numerous tracking cookies, and one instance of the Trojan Win32.autorun.tmp, but they were all deleted without any error.

    I’m on vacation and using my netbook (no CD drive) that I haven’t used in a few months (but should be up to date with windows updates), and haven’t installed any recent software other than virus scanners and the newest version of flash, and adobe reader. I also believe that the malware (or whatever it is) is very recent, as I didn’t have any of the problems the last time I used this computer.

    I had serious issues with GMER, I was unable to get a complete scan, or save a log. Regardless of safe-mode; with or without devices checked. GMER would either stop responding or my computer would hard-lock (except I could move the mouse around). The GMER log I’m posting is the one after it does the initial scan when loading the program (it’s the only one I could get).

    I’d love to hear solutions if you guys have one, below are the other requested logs.
     
  2. 2011/01/03
    Dippndots

    Dippndots Inactive Thread Starter

    Joined:
    2011/01/02
    Messages:
    20
    Likes Received:
    0
    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 5444

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    1/2/2011 5:33:49 PM
    mbam-log-2011-01-02 (17-33-49).txt

    Scan type: Quick scan
    Objects scanned: 196334
    Time elapsed: 51 minute(s), 17 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     

  3. to hide this advert.

  4. 2011/01/03
    Dippndots

    Dippndots Inactive Thread Starter

    Joined:
    2011/01/02
    Messages:
    20
    Likes Received:
    0
    here's the only log I could get out of GMER

    -----------------------------------------

    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit quick scan 2011-01-02 20:44:51
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort0 ST9160310AS rev.0303
    Running: vozqzmrb.exe; Driver: C:\DOCUME~1\Alx\LOCALS~1\Temp\kgldrpog.sys


    ---- Disk sectors - GMER 1.0.15 ----

    Disk \Device\Harddisk0\DR0 sector 10: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 62: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior;

    ---- Devices - GMER 1.0.15 ----

    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 8393439B
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 8393439B
    Device Ntfs.sys (NT File System Driver/Microsoft Corporation)

    AttachedDevice cfrmd.sys (COMODO Safe Delete Filter/COMODO Security Solutions Inc.)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

    Device \Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskST9160310AS_____________________________0303____#5&17e46ae0&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

    ---- EOF - GMER 1.0.15 ----
     
  5. 2011/01/04
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Welcome aboard :)

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =============================================================

    That's a good log.

    Continue with MBRCheck and DDS.
     
  6. 2011/01/04
    Dippndots

    Dippndots Inactive Thread Starter

    Joined:
    2011/01/02
    Messages:
    20
    Likes Received:
    0
    thanks broni, my posts kept waiting for mod approval. here are the other 3 logs

    ---------------------------------------------------------------------------

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows XP Home Edition
    Windows Information: Service Pack 3 (build 2600)
    Logical Drives Mask: 0x00000004

    Kernel Drivers (total 115):
    0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
    0x806E4000 \WINDOWS\system32\hal.dll
    0x838EC000 \WINDOWS\system32\KDCOM.DLL
    0xF79C4000 \WINDOWS\system32\BOOTVID.dll
    0xF7481000 ACPI.sys
    0xF7AB0000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
    0xF7470000 pci.sys
    0xF75B0000 isapnp.sys
    0xF79C8000 compbatt.sys
    0xF79CC000 \WINDOWS\system32\DRIVERS\BATTC.SYS
    0xF7B78000 pciide.sys
    0xF7830000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    0xF75C0000 MountMgr.sys
    0xF7451000 ftdisk.sys
    0xF79D0000 ACPIEC.sys
    0xF7B79000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
    0xF7838000 PartMgr.sys
    0xF75D0000 VolSnap.sys
    0xF7439000 atapi.sys
    0xF75E0000 disk.sys
    0xF75F0000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    0xF7419000 fltMgr.sys
    0xF7407000 sr.sys
    0xF73E8000 cfrmd.sys
    0xF73CA000 TPkd.sys
    0xF73B3000 KSecDD.sys
    0xF739C000 WudfPf.sys
    0xF730F000 Ntfs.sys
    0xF72E2000 NDIS.sys
    0xF72C8000 Mup.sys
    0xF7280000 \SystemRoot\system32\DRIVERS\CmBatt.sys
    0xF6A14000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
    0xF7720000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0xF55B3000 \SystemRoot\system32\DRIVERS\igxpmp32.sys
    0xF559F000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    0xF5577000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0xF5556000 \SystemRoot\system32\DRIVERS\Rtenicxp.sys
    0xF540D000 \SystemRoot\system32\DRIVERS\athw.sys
    0xF78D0000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0xF53E9000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0xF78D8000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0xF7730000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0xF78E0000 \SystemRoot\system32\DRIVERS\DKbFltr.sys
    0xF78E8000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0xF53B8000 \SystemRoot\system32\DRIVERS\SynTP.sys
    0xF7AF0000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0xF7740000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS
    0xF5347000 \SystemRoot\System32\Drivers\wdf01000.sys
    0xF7868000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0xF7B34000 \SystemRoot\system32\DRIVERS\serscan.sys
    0xF7CCA000 \SystemRoot\system32\DRIVERS\audstub.sys
    0xF7810000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0xF7A74000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0xF35D2000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0xF7820000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0xF7610000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0xF7870000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0xF35C1000 \SystemRoot\system32\DRIVERS\psched.sys
    0xF7620000 \SystemRoot\system32\DRIVERS\msgpc.sys
    0xF7878000 \SystemRoot\system32\DRIVERS\ptilink.sys
    0xF7880000 \SystemRoot\system32\DRIVERS\raspti.sys
    0xF7630000 \SystemRoot\system32\DRIVERS\termdd.sys
    0xF7B36000 \SystemRoot\system32\DRIVERS\swenum.sys
    0xF359E000 \SystemRoot\system32\DRIVERS\ks.sys
    0xF3540000 \SystemRoot\system32\DRIVERS\update.sys
    0xF7A7C000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0xF7640000 \SystemRoot\system32\DRIVERS\zumbus.sys
    0xF7650000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0xF2E90000 \SystemRoot\system32\drivers\RtkHDAud.sys
    0xEDB56000 \SystemRoot\system32\drivers\portcls.sys
    0xEE50C000 \SystemRoot\system32\drivers\drmk.sys
    0xEE4EC000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0xF1A76000 \SystemRoot\System32\Drivers\i2omgmt.SYS
    0xEDB2F000 \SystemRoot\system32\DRIVERS\MpFilter.sys
    0xF7B54000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0xF7C4B000 \SystemRoot\System32\Drivers\Null.SYS
    0xF7B56000 \SystemRoot\System32\Drivers\Beep.SYS
    0xF2E0B000 \SystemRoot\System32\drivers\vga.sys
    0xF7B60000 \SystemRoot\System32\Drivers\mnmdd.SYS
    0xF7B62000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0xF2E03000 \SystemRoot\System32\Drivers\Msfs.SYS
    0xF2DEB000 \SystemRoot\System32\Drivers\Npfs.SYS
    0xF0F9A000 \SystemRoot\system32\DRIVERS\rasacd.sys
    0xEDAFC000 \SystemRoot\system32\DRIVERS\ipsec.sys
    0xEDAA3000 \SystemRoot\system32\DRIVERS\tcpip.sys
    0xEDA7B000 \SystemRoot\system32\DRIVERS\netbt.sys
    0xEDA55000 \SystemRoot\system32\DRIVERS\ipnat.sys
    0xEDA33000 \SystemRoot\System32\drivers\afd.sys
    0xEE4BC000 \SystemRoot\system32\DRIVERS\netbios.sys
    0xEDA11000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
    0xF78A8000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
    0xED9E6000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0xED976000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0xEE0EF000 \SystemRoot\System32\Drivers\Fips.SYS
    0xF78C8000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0xED958000 \SystemRoot\System32\Drivers\usbvideo.sys
    0xED940000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0xF7B74000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
    0xEDBCA000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0xBF800000 \SystemRoot\System32\win32k.sys
    0xF69F4000 \SystemRoot\System32\drivers\Dxapi.sys
    0xF40D0000 \SystemRoot\System32\watchdog.sys
    0xBF000000 \SystemRoot\System32\drivers\dxg.sys
    0xEE648000 \SystemRoot\System32\drivers\dxgthk.sys
    0xBF01E000 \SystemRoot\System32\igxpdd32.dll
    0xBF012000 \SystemRoot\System32\igxprd32.dll
    0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
    0xB174B000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0xB163E000 \SystemRoot\system32\DRIVERS\mrxdav.sys
    0xB1601000 \SystemRoot\system32\drivers\wdmaud.sys
    0xF1358000 \SystemRoot\system32\drivers\sysaudio.sys
    0xB13EB000 \SystemRoot\system32\DRIVERS\srv.sys
    0xB103A000 \SystemRoot\System32\Drivers\HTTP.sys
    0xF2DFB000 \??\C:\DOCUME~1\Alx\LOCALS~1\Temp\mbr.sys
    0x7C900000 \WINDOWS\system32\ntdll.dll

    Processes (total 40):
    0 System Idle Process
    4 System
    432 C:\WINDOWS\system32\smss.exe
    680 csrss.exe
    744 C:\WINDOWS\system32\winlogon.exe
    792 C:\WINDOWS\system32\services.exe
    804 C:\WINDOWS\system32\lsass.exe
    968 C:\WINDOWS\system32\svchost.exe
    1024 svchost.exe
    1084 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    1140 C:\WINDOWS\system32\svchost.exe
    1224 C:\WINDOWS\system32\svchost.exe
    1380 svchost.exe
    1416 svchost.exe
    1584 C:\WINDOWS\system32\spoolsv.exe
    1668 svchost.exe
    1712 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    1944 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    2016 C:\Program Files\Bonjour\mDNSResponder.exe
    2024 C:\WINDOWS\explorer.exe
    132 C:\Program Files\Digidesign\Drivers\MMERefresh.exe
    264 C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
    496 C:\WINDOWS\system32\HPZipm12.exe
    716 C:\WINDOWS\system32\svchost.exe
    1376 C:\WINDOWS\system32\ZuneBusEnum.exe
    2276 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    2292 C:\WINDOWS\system32\hkcmd.exe
    2300 C:\WINDOWS\system32\PersistenceThread.exe
    2308 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    2316 C:\Program Files\Microsoft Security Client\msseces.exe
    2324 C:\Program Files\Launch Manager\LManager.exe
    2344 C:\WINDOWS\system32\ctfmon.exe
    2604 C:\WINDOWS\system32\igfxsrvc.exe
    2664 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
    2676 alg.exe
    2960 C:\WINDOWS\system32\igfxext.exe
    3152 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    3392 C:\WINDOWS\system32\msiexec.exe
    3172 <unknown>
    3284 C:\Documents and Settings\Alx\Desktop\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`00100000 (NTFS)

    PhysicalDrive0 Model Number: ST9160310AS, Rev: 0303

    Size Device Name MBR Status
    --------------------------------------------
    149 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
    SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


    Done!
     
  7. 2011/01/04
    Dippndots

    Dippndots Inactive Thread Starter

    Joined:
    2011/01/02
    Messages:
    20
    Likes Received:
    0
    DDS (Ver_10-12-12.02) - NTFSx86
    Run by Alx at 18:58:37.42 on Mon 01/03/2011
    Internet Explorer: 8.0.6001.18702
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.328 [GMT -8:00]

    AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Digidesign\Drivers\MMERefresh.exe
    C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    c:\WINDOWS\system32\ZuneBusEnum.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\system32\PersistenceThread.exe
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\Launch Manager\LManager.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
    C:\WINDOWS\system32\igfxext.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Documents and Settings\Alx\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uDefault_Page_URL = hxxp://www.msn.com
    uInternet Connection Wizard,ShellNext = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0809&m=ao751h
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    mRun: [AzMixerSel] c:\program files\realtek\audio\drivers\AzMixerSel.exe
    mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
    mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
    mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [PersistenceThread] c:\windows\system32\PersistenceThread.exe
    mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
    mRun: [LManager] c:\program files\launch manager\LManager.exe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe "
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe "
    dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} - hxxp://www.yougamers.com/systeminfo/FMSI.cab
    DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
    Notify: igdlogin - igdlogin.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
    Hosts: 127.0.0.1 www.spywareinfo.com

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\alx\applic~1\mozilla\firefox\profiles\c976r9t6.default\
    FF - prefs.js: browser.search.selectedEngine - Bing
    FF - prefs.js: browser.startup.homepage - hxxp://www.maximumpc.com/
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: All-in-One Sidebar: {097d3191-e6fa-4728-9826-b533d755359d} - %profile%\extensions\{097d3191-e6fa-4728-9826-b533d755359d}
    FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard
    FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

    ============= SERVICES / DRIVERS ===============

    R0 CFRMD;cfrmd;c:\windows\system32\drivers\CFRMD.sys [2009-11-15 132424]
    R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
    R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-5-1 181544]
    R3 igd;igd;c:\windows\system32\drivers\igxpmp32.sys [2009-4-15 5097632]
    S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-4-15 1684736]
    S3 cpuz130;cpuz130;\??\c:\docume~1\alx\locals~1\temp\cpuz130\cpuz_x32.sys --> c:\docume~1\alx\locals~1\temp\cpuz130\cpuz_x32.sys [?]
    S3 dalwdmservice;dal service;c:\windows\system32\drivers\Dalwdm.sys [2010-10-16 85008]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-4-15 164864]
    S3 RtsUIR;Realtek IR Driver;c:\windows\system32\drivers\rts516xir.sys --> c:\windows\system32\drivers\Rts516xIR.sys [?]

    =============== Created Last 30 ================

    2011-01-04 02:37:19 6273872 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{9d9cefc1-edb8-437d-b5d5-0b679920bb7e}\mpengine.dll
    2011-01-02 20:16:58 77312 ----a-w- c:\windows\system32\ztvunace26.dll
    2011-01-02 20:16:57 75264 ----a-w- c:\windows\system32\unacev2.dll
    2011-01-02 20:16:57 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
    2011-01-02 20:16:57 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
    2011-01-02 20:16:56 153088 ----a-w- c:\windows\system32\UNRAR3.dll
    2011-01-02 20:15:40 -------- d-----w- c:\program files\Trojan Remover
    2011-01-02 20:15:40 -------- d-----w- c:\docume~1\alx\applic~1\Simply Super Software
    2011-01-02 20:15:40 -------- d-----w- c:\docume~1\alluse~1\applic~1\Simply Super Software
    2011-01-02 04:07:07 6273872 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
    2010-12-26 05:38:06 222080 ------w- c:\windows\system32\MpSigStub.exe
    2010-12-26 05:37:40 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2010-12-26 05:37:40 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
    2010-12-26 05:36:47 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-12-26 05:36:44 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-12-26 05:36:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-12-26 05:34:26 -------- d-----w- c:\program files\Microsoft Security Client

    ==================== Find3M ====================

    2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
    2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-11-06 00:26:58 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-11-06 00:26:58 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec
    2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll
    2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys

    =================== ROOTKIT ====================

    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 5.1.2600 Disk: ST9160310AS rev.0303 -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-3

    device: opened successfully
    user: MBR read successfully

    Disk trace:
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x83948555]<<
    _asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8394e7b0]; MOV EAX, [0x8394e82c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
    1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8396BAB8]
    3 CLASSPNP[0xF75F0FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\00000067[0x839C5DC0]
    5 ACPI[0xF7487620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x8393D940]
    \Driver\atapi[0x83957270] -> IRP_MJ_CREATE -> 0x83948555
    kernel: MBR read successfully
    _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; }
    detected disk devices:
    \Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskST9160310AS_____________________________0303____#5&17e46ae0&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
    detected hooks:
    \Driver\atapi DriverStartIo -> 0x8394839B
    user & kernel MBR OK
    Warning: possible TDL3 rootkit infection !

    ============= FINISH: 19:06:39.76 ===============
     
  8. 2011/01/04
    Dippndots

    Dippndots Inactive Thread Starter

    Joined:
    2011/01/02
    Messages:
    20
    Likes Received:
    0
    It didnt upload my dds log? I'll give it a min before trying again, just so it doesnt duplicate post
     
  9. 2011/01/04
    Dippndots

    Dippndots Inactive Thread Starter

    Joined:
    2011/01/02
    Messages:
    20
    Likes Received:
    0
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-12-12.02)

    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume2
    Install Date: 8/3/2009 8:54:56 AM
    System Uptime: 1/3/2011 6:25:54 PM (1 hours ago)

    Motherboard: Acer | | JV11-ML
    Processor: Intel(R) Atom(TM) CPU Z520 @ 1.33GHz | U3E1 | 1240/mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 141 GiB total, 15.627 GiB free.

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP221: 10/15/2010 6:14:46 AM - Installed TotalMedia Extreme
    RP222: 10/15/2010 6:20:59 AM - Installed Connect Service
    RP223: 10/15/2010 6:25:09 AM - Installed Pro Tools LE
    RP224: 10/15/2010 6:27:11 AM - Installed Digidesign Audio Drivers
    RP225: 10/15/2010 1:57:07 PM - Revo Uninstaller's restore point - Digidesign ElevenRack Driver 1.0.8 (x86)
    RP226: 10/15/2010 1:57:19 PM - Removed Digidesign ElevenRack Driver 1.0.8 (x86)
    RP227: 10/15/2010 1:59:33 PM - Installed Pro Tools LE
    RP228: 10/16/2010 1:01:53 AM - Installed Pro Tools LE
    RP229: 10/16/2010 1:02:37 AM - Installed Digidesign Audio Drivers
    RP230: 10/16/2010 1:04:26 AM - Revo Uninstaller's restore point - Digidesign Pro Tools LE 8.0.3
    RP231: 10/16/2010 1:04:48 AM - Removed Pro Tools LE
    RP232: 10/16/2010 1:06:31 AM - Removed Digidesign Audio Drivers
    RP233: 10/16/2010 1:11:20 AM - Installed Pro Tools LE
    RP234: 10/16/2010 1:13:53 AM - Installed Digidesign Audio Drivers
    RP235: 10/16/2010 1:39:02 AM - Installed Pro Tools LE
    RP236: 10/16/2010 1:39:42 AM - Installed Digidesign Audio Drivers
    RP237: 12/19/2010 1:31:22 PM - Installed Connect Service
    RP238: 12/19/2010 1:32:21 PM - Software Distribution Service 3.0
    RP239: 12/20/2010 10:24:44 AM - Software Distribution Service 3.0
    RP240: 12/20/2010 3:54:14 PM - Software Distribution Service 3.0
    RP241: 12/21/2010 4:30:54 PM - System Checkpoint
    RP242: 12/22/2010 1:01:10 AM - Installed Windows XP Wudf01009.
    RP243: 12/22/2010 1:02:33 AM - Installed Windows XP winusb0100.
    RP244: 12/23/2010 2:02:50 AM - System Checkpoint
    RP245: 12/24/2010 2:37:14 AM - System Checkpoint
    RP246: 12/25/2010 2:56:24 PM - System Checkpoint
    RP247: 12/28/2010 12:19:02 PM - System Checkpoint
    RP248: 12/30/2010 2:40:39 AM - System Checkpoint
    RP249: 1/1/2011 7:18:53 PM - Revo Uninstaller's restore point - Java(TM) 6 Update 21
    RP250: 1/1/2011 7:20:37 PM - Removed Java(TM) 6 Update 15

    ==== Installed Programs ======================

    Acer Crystal Eye webcam 2.2.0.2
    Acer eRecovery Management
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.2
    AiO_Scan_CDA
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ArcSoft TotalMedia Extreme
    Atheros Driver Installation Program
    Bonjour
    Choice Guard
    COMODO System-Cleaner
    Compatibility Pack for the 2007 Office system
    Digidesign ElevenRack Driver 1.0.8 (x86)
    Dropbox
    Futuremark SystemInfo
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB932716-v2)
    Hotfix for Windows XP (KB949764)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB954708)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    HP Photosmart, Officejet and Deskjet 7.0.A
    Intel(R) Graphics Media Accelerator 500
    Interlok driver setup x32
    iTunes
    Java Auto Updater
    Launch Manager
    Malwarebytes' Anti-Malware
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Antimalware
    Microsoft Application Error Reporting
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    Microsoft National Language Support Downlevel APIs
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Professional 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Silverlight
    Microsoft Software Update for Web Folders (English) 12
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft User-Mode Driver Framework Feature Pack 1.9
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft WinUsb 1.0
    Mozilla Firefox (3.6.3)
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    QFolder
    QuickTime
    REALTEK GbE & FE Ethernet PCI-E NIC Driver
    Realtek High Definition Audio Driver
    Revo Uninstaller 1.91
    Samsung ML-2250 Series
    Scan
    Seagate Manager Installer
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2289158)
    Security Update for 2007 Microsoft Office System (KB2344875)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Excel 2007 (KB2345035)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office Outlook 2007 (KB2288953)
    Security Update for Microsoft Office PowerPoint 2007 (KB982158)
    Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
    Security Update for Microsoft Office Publisher 2007 (KB2284697)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB972260)
    Security Update for Windows Internet Explorer 8 (KB974455)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player (KB979402)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165-v2)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Segoe UI
    Skype web features
    Skypeâ„¢ 4.2
    Spelling Dictionaries Support For Adobe Reader 9
    Spybot - Search & Destroy
    SUPERAntiSpyware
    Synaptics Pointing Device Driver
    Trojan Remover 6.8.2
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Outlook 2007 Junk Email Filter (KB2466076)
    Update for Windows Internet Explorer 8 (KB972636)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB976749)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    USB2.0 Card Reader Software
    VLC media player 1.0.1
    WebFldrs XP
    Windows Internet Explorer 8
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Upload Tool
    Windows Media Format 11 runtime
    Zune
    Zune Language Pack (ES)
    Zune Language Pack (FR)

    ==== Event Viewer Messages From Past Week ========

    1/3/2011 6:21:52 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    1/3/2011 6:21:49 PM, error: Service Control Manager [7034] - The Seagate Service service terminated unexpectedly. It has done this 1 time(s).
    1/3/2011 6:11:28 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
    1/3/2011 6:05:36 PM, error: Print [23] - Printer Send To OneNote 2007 failed to initialize because a suitable Send To Microsoft OneNote Driver driver could not be found.
    1/3/2011 5:51:02 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments " " in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
    1/3/2011 5:50:52 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    1/3/2011 5:50:50 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MpFilter MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL Tcpip
    1/3/2011 5:50:50 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
    1/3/2011 5:50:50 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
    1/3/2011 5:50:50 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    1/3/2011 5:50:50 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
    1/3/2011 5:50:50 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    1/3/2011 5:50:50 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

    ==== End Of File ===========================
     
  10. 2011/01/04
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Good :)

    We'll start with removing a rootkit...

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  11. 2011/01/05
    Dippndots

    Dippndots Inactive Thread Starter

    Joined:
    2011/01/02
    Messages:
    20
    Likes Received:
    0
    here's the TDSS log, do you want a screengrab of the other suspicious files it picked up; not all of them are listed in the log.

    --------------------------------------------------------------------------

    2011/01/04 22:59:40.0484 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46
    2011/01/04 22:59:40.0484 ================================================================================
    2011/01/04 22:59:40.0484 SystemInfo:
    2011/01/04 22:59:40.0484
    2011/01/04 22:59:40.0484 OS Version: 5.1.2600 ServicePack: 3.0
    2011/01/04 22:59:40.0484 Product type: Workstation
    2011/01/04 22:59:40.0484 ComputerName: ALXNET
    2011/01/04 22:59:40.0484 UserName: Alx
    2011/01/04 22:59:40.0484 Windows directory: C:\WINDOWS
    2011/01/04 22:59:40.0484 System windows directory: C:\WINDOWS
    2011/01/04 22:59:40.0484 Processor architecture: Intel x86
    2011/01/04 22:59:40.0484 Number of processors: 2
    2011/01/04 22:59:40.0484 Page size: 0x1000
    2011/01/04 22:59:40.0484 Boot type: Normal boot
    2011/01/04 22:59:40.0484 ================================================================================
    2011/01/04 22:59:41.0796 Initialize success
    2011/01/04 22:59:54.0312 ================================================================================
    2011/01/04 22:59:54.0312 Scan started
    2011/01/04 22:59:54.0312 Mode: Manual;
    2011/01/04 22:59:54.0312 ================================================================================
    2011/01/04 22:59:55.0765 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
    2011/01/04 22:59:56.0546 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    2011/01/04 22:59:57.0140 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
    2011/01/04 22:59:57.0734 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
    2011/01/04 22:59:58.0406 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    2011/01/04 22:59:59.0187 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
    2011/01/04 22:59:59.0671 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
    2011/01/04 23:00:00.0140 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
    2011/01/04 23:00:00.0656 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
    2011/01/04 23:00:01.0140 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
    2011/01/04 23:00:01.0703 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
    2011/01/04 23:00:02.0203 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
    2011/01/04 23:00:02.0734 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
    2011/01/04 23:00:04.0000 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys
    2011/01/04 23:00:05.0312 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
    2011/01/04 23:00:05.0890 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
    2011/01/04 23:00:07.0046 AR5416 (a2f96787b7a958989a962ef3824d9ca8) C:\WINDOWS\system32\DRIVERS\athw.sys
    2011/01/04 23:00:08.0703 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
    2011/01/04 23:00:09.0203 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
    2011/01/04 23:00:09.0781 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
    2011/01/04 23:00:10.0343 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    2011/01/04 23:00:10.0890 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    2011/01/04 23:00:12.0343 athr (d6ed40129c5f70a7485185bab27b8330) C:\WINDOWS\system32\DRIVERS\athr.sys
    2011/01/04 23:00:13.0453 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    2011/01/04 23:00:14.0015 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    2011/01/04 23:00:14.0453 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    2011/01/04 23:00:15.0093 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
    2011/01/04 23:00:15.0531 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    2011/01/04 23:00:16.0062 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    2011/01/04 23:00:16.0734 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
    2011/01/04 23:00:17.0218 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    2011/01/04 23:00:17.0718 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    2011/01/04 23:00:18.0375 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    2011/01/04 23:00:18.0953 CFRMD (78c6c479caf588b8a9a411f64f81e7d9) C:\WINDOWS\system32\drivers\cfrmd.sys
    2011/01/04 23:00:20.0015 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
    2011/01/04 23:00:20.0468 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
    2011/01/04 23:00:20.0953 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
    2011/01/04 23:00:21.0406 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
    2011/01/04 23:00:22.0437 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
    2011/01/04 23:00:22.0984 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
    2011/01/04 23:00:23.0515 dalwdmservice (014810830a80659b7962655b697e3af1) C:\WINDOWS\system32\drivers\dalwdm.sys
    2011/01/04 23:00:23.0625 Suspicious file (Forged): C:\WINDOWS\system32\drivers\dalwdm.sys. Real md5: 014810830a80659b7962655b697e3af1, Fake md5: 09a2fd9e9270e76b1a3b9cb74f1db325
    2011/01/04 23:00:23.0640 dalwdmservice - detected Forged file (1)
    2011/01/04 23:00:24.0171 DgiVecp (a5034f77b278f07e224fe07cf98a8b76) C:\WINDOWS\system32\Drivers\DgiVecp.sys
    2011/01/04 23:00:24.0781 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    2011/01/04 23:00:25.0250 DKbFltr (08d30af92c270f2e76787c81589dbad6) C:\WINDOWS\system32\DRIVERS\DKbFltr.sys
    2011/01/04 23:00:26.0156 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    2011/01/04 23:00:27.0125 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    2011/01/04 23:00:27.0687 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    2011/01/04 23:00:28.0187 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    2011/01/04 23:00:29.0843 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
    2011/01/04 23:00:31.0015 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    2011/01/04 23:00:32.0187 ENTECH (16ebd8bf1d5090923694cc972c7ce1b4) C:\WINDOWS\system32\DRIVERS\ENTECH.sys
    2011/01/04 23:00:33.0562 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    2011/01/04 23:00:35.0031 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
    2011/01/04 23:00:36.0296 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    2011/01/04 23:00:37.0703 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
    2011/01/04 23:00:40.0015 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
    2011/01/04 23:00:42.0343 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    2011/01/04 23:00:44.0921 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    2011/01/04 23:00:47.0750 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
    2011/01/04 23:00:50.0156 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    2011/01/04 23:00:52.0250 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    2011/01/04 23:00:53.0453 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    2011/01/04 23:00:54.0234 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
    2011/01/04 23:00:56.0156 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
    2011/01/04 23:00:57.0421 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
    2011/01/04 23:00:58.0062 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
    2011/01/04 23:00:58.0828 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    2011/01/04 23:00:59.0421 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
    2011/01/04 23:01:00.0578 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
    2011/01/04 23:01:01.0796 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    2011/01/04 23:01:05.0703 igd (4a1e0f6367ff47f87cbe8a7ecf38b01d) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
    2011/01/04 23:01:10.0234 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    2011/01/04 23:01:11.0531 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
    2011/01/04 23:01:15.0281 IntcAzAudAddService (7f33081e463863a38ff231f211a004a9) C:\WINDOWS\system32\drivers\RtkHDAud.sys
    2011/01/04 23:01:19.0343 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
    2011/01/04 23:01:19.0843 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    2011/01/04 23:01:20.0390 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
    2011/01/04 23:01:20.0812 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    2011/01/04 23:01:21.0375 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    2011/01/04 23:01:21.0796 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    2011/01/04 23:01:22.0484 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    2011/01/04 23:01:23.0031 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    2011/01/04 23:01:23.0578 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    2011/01/04 23:01:23.0984 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    2011/01/04 23:01:24.0578 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    2011/01/04 23:01:25.0093 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    2011/01/04 23:01:26.0343 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    2011/01/04 23:01:26.0812 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    2011/01/04 23:01:27.0953 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys
    2011/01/04 23:01:29.0250 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    2011/01/04 23:01:29.0828 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    2011/01/04 23:01:30.0359 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    2011/01/04 23:01:30.0875 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
    2011/01/04 23:01:31.0406 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
    2011/01/04 23:01:31.0953 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    2011/01/04 23:01:32.0687 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    2011/01/04 23:01:33.0421 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    2011/01/04 23:01:33.0968 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    2011/01/04 23:01:34.0343 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    2011/01/04 23:01:34.0812 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    2011/01/04 23:01:35.0281 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    2011/01/04 23:01:35.0687 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
    2011/01/04 23:01:36.0156 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
    2011/01/04 23:01:36.0828 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    2011/01/04 23:01:37.0390 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    2011/01/04 23:01:38.0062 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    2011/01/04 23:01:38.0531 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    2011/01/04 23:01:39.0000 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    2011/01/04 23:01:39.0609 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    2011/01/04 23:01:40.0250 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    2011/01/04 23:01:40.0984 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    2011/01/04 23:01:42.0531 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    2011/01/04 23:01:44.0843 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    2011/01/04 23:01:48.0515 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    2011/01/04 23:01:51.0890 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    2011/01/04 23:01:53.0234 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    2011/01/04 23:01:54.0281 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    2011/01/04 23:01:54.0921 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
    2011/01/04 23:01:55.0781 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    2011/01/04 23:01:56.0296 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    2011/01/04 23:01:56.0921 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    2011/01/04 23:01:57.0906 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    2011/01/04 23:01:58.0468 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
    2011/01/04 23:02:01.0109 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
    2011/01/04 23:02:02.0578 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
    2011/01/04 23:02:03.0296 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    2011/01/04 23:02:04.0562 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    2011/01/04 23:02:04.0937 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    2011/01/04 23:02:05.0312 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
    2011/01/04 23:02:05.0703 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
    2011/01/04 23:02:06.0109 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
    2011/01/04 23:02:06.0578 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
    2011/01/04 23:02:07.0125 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
    2011/01/04 23:02:07.0656 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    2011/01/04 23:02:08.0234 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    2011/01/04 23:02:08.0812 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    2011/01/04 23:02:09.0281 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    2011/01/04 23:02:09.0890 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    2011/01/04 23:02:10.0500 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    2011/01/04 23:02:11.0000 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    2011/01/04 23:02:11.0593 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
    2011/01/04 23:02:12.0390 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    2011/01/04 23:02:13.0015 RSUSBSTOR (2ab66b8ccd92d4d8e33c98fea874325b) C:\WINDOWS\system32\Drivers\RtsUStor.sys
    2011/01/04 23:02:13.0812 RTLE8023xp (f42679371a71a94a451785e714ef2710) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
    2011/01/04 23:02:14.0656 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
    2011/01/04 23:02:14.0750 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
    2011/01/04 23:02:15.0312 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    2011/01/04 23:02:15.0812 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
    2011/01/04 23:02:16.0531 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    2011/01/04 23:02:17.0390 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
    2011/01/04 23:02:17.0875 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
    2011/01/04 23:02:18.0359 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
    2011/01/04 23:02:19.0156 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    2011/01/04 23:02:19.0750 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    2011/01/04 23:02:20.0515 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
    2011/01/04 23:02:21.0281 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
    2011/01/04 23:02:21.0734 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    2011/01/04 23:02:22.0203 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    2011/01/04 23:02:22.0687 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    2011/01/04 23:02:23.0296 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
    2011/01/04 23:02:23.0859 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
    2011/01/04 23:02:24.0390 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
    2011/01/04 23:02:24.0921 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
    2011/01/04 23:02:25.0468 SynTP (60cd166ae4261920b4008a1a114ae97c) C:\WINDOWS\system32\DRIVERS\SynTP.sys
    2011/01/04 23:02:26.0359 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    2011/01/04 23:02:27.0015 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    2011/01/04 23:02:27.0703 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    2011/01/04 23:02:28.0218 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    2011/01/04 23:02:28.0828 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    2011/01/04 23:02:29.0328 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
    2011/01/04 23:02:29.0859 TPkd (2f4e8077febfe11199ee3b011a34cd18) C:\WINDOWS\system32\drivers\TPkd.sys
    2011/01/04 23:02:30.0984 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    2011/01/04 23:02:31.0484 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
    2011/01/04 23:02:32.0218 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    2011/01/04 23:02:32.0921 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\WINDOWS\system32\Drivers\usbaapl.sys
    2011/01/04 23:02:33.0453 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
    2011/01/04 23:02:34.0046 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    2011/01/04 23:02:35.0046 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    2011/01/04 23:02:35.0562 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    2011/01/04 23:02:36.0171 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    2011/01/04 23:02:36.0718 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    2011/01/04 23:02:37.0281 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    2011/01/04 23:02:37.0734 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    2011/01/04 23:02:38.0203 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
    2011/01/04 23:02:38.0671 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    2011/01/04 23:02:39.0343 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
    2011/01/04 23:02:39.0812 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
    2011/01/04 23:02:40.0390 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    2011/01/04 23:02:40.0937 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    2011/01/04 23:02:41.0687 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
    2011/01/04 23:02:42.0875 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    2011/01/04 23:02:43.0546 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys
    2011/01/04 23:02:44.0187 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
    2011/01/04 23:02:44.0828 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    2011/01/04 23:02:45.0515 WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    2011/01/04 23:02:46.0125 WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    2011/01/04 23:02:46.0781 zumbus (9b2c9d322e3fbb1814d7c17a980c1286) C:\WINDOWS\system32\DRIVERS\zumbus.sys
    2011/01/04 23:02:47.0000 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
    2011/01/04 23:02:47.0015 ================================================================================
    2011/01/04 23:02:47.0015 Scan finished
    2011/01/04 23:02:47.0015 ================================================================================
    2011/01/04 23:02:47.0062 Detected object count: 2
    2011/01/04 23:13:01.0296 Forged file(dalwdmservice) - User select action: Skip
    2011/01/04 23:13:01.0390 \HardDisk0 - will be cured after reboot
    2011/01/04 23:13:01.0390 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
    2011/01/04 23:13:06.0640 Deinitialize success
     
  12. 2011/01/05
    Dippndots

    Dippndots Inactive Thread Starter

    Joined:
    2011/01/02
    Messages:
    20
    Likes Received:
    0
    It seems to look like the redirecting, and win32 errors have stopped. It happened somewhat randomly so I'll keep an eye on it. Thanks again, is there anything else you want me to run?
     
  13. 2011/01/05
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Yes, we just removed a rootkit, but we have run couple more scans to make sure your computer is totally clean.
    Good news though :)

    Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

    [color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".
      • Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • [color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  14. 2011/01/05
    Dippndots

    Dippndots Inactive Thread Starter

    Joined:
    2011/01/02
    Messages:
    20
    Likes Received:
    0
    Here's the combofix log

    --------------------------------------

    ComboFix 11-01-05.01 - Alx 01/05/2011 17:21:21.1.2 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.379 [GMT -8:00]
    Running from: c:\documents and settings\Alx\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    .

    ((((((((((((((((((((((((( Files Created from 2010-12-06 to 2011-01-06 )))))))))))))))))))))))))))))))
    .

    2011-01-06 00:58 . 2011-01-06 01:02 -------- d-----w- c:\documents and settings\Alx\Application Data\U3
    2011-01-04 02:37 . 2010-11-16 20:01 6273872 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9D9CEFC1-EDB8-437D-B5D5-0B679920BB7E}\mpengine.dll
    2011-01-02 20:16 . 2005-08-26 08:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
    2011-01-02 20:16 . 2006-06-19 20:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
    2011-01-02 20:16 . 2006-05-25 22:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
    2011-01-02 20:16 . 2002-03-06 08:00 75264 ----a-w- c:\windows\system32\unacev2.dll
    2011-01-02 20:16 . 2003-02-03 03:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
    2011-01-02 20:15 . 2011-01-02 20:17 -------- d-----w- c:\program files\Trojan Remover
    2011-01-02 20:15 . 2011-01-02 20:15 -------- d-----w- c:\documents and settings\Alx\Application Data\Simply Super Software
    2011-01-02 20:15 . 2011-01-02 20:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software
    2011-01-02 04:07 . 2010-11-16 20:01 6273872 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2011-01-01 23:59 . 2011-01-01 23:59 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Apple
    2010-12-30 09:45 . 2010-12-30 09:45 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
    2010-12-29 09:40 . 2010-12-29 09:41 -------- d-----w- c:\documents and settings\backup

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-11-18 18:12 . 2009-04-15 12:43 81920 ----a-w- c:\windows\system32\isign32.dll
    2010-11-06 00:26 . 2009-04-15 13:23 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-11-06 00:26 . 2009-04-15 13:23 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-11-06 00:26 . 2009-04-15 13:23 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2010-11-03 12:25 . 2009-04-15 13:23 385024 ----a-w- c:\windows\system32\html.iec
    2010-11-02 15:17 . 2009-04-15 13:23 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
    2010-10-28 13:13 . 2009-04-15 13:22 290048 ----a-w- c:\windows\system32\atmfd.dll
    2010-10-26 13:25 . 2009-04-15 13:23 1853312 ----a-w- c:\windows\system32\win32k.sys
    2010-10-25 05:25 . 2010-10-25 05:25 165264 ----a-w- c:\windows\system32\drivers\MpFilter.sys
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @= "{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Alx\Application Data\Dropbox\bin\DropboxExt.13.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @= "{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Alx\Application Data\Dropbox\bin\DropboxExt.13.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @= "{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Alx\Application Data\Dropbox\bin\DropboxExt.13.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AzMixerSel "= "c:\program files\Realtek\Audio\Drivers\AzMixerSel.exe" [2009-10-06 53248]
    "IMJPMIG8.1 "= "c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
    "MSPY2002 "= "c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
    "PHIME2002ASync "= "c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
    "PHIME2002A "= "c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
    "SynTPEnh "= "c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-27 1434920]
    "IgfxTray "= "c:\windows\system32\igfxtray.exe" [2009-10-06 137752]
    "HotKeysCmds "= "c:\windows\system32\hkcmd.exe" [2009-10-06 354840]
    "PersistenceThread "= "c:\windows\system32\PersistenceThread.exe" [2009-10-06 96792]
    "ArcSoft Connection Service "= "c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
    "MSC "= "c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
    "LManager "= "c:\program files\Launch Manager\LManager.exe" [2009-02-20 817672]
    "Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
    "Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "DWQueuedReporting "= "c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-03 435096]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\igdlogin]
    2009-10-06 08:04 65536 ----a-w- c:\windows\system32\igdlogin.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @= "Service "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
    @= "Service "

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acer VCM.lnk]
    backup=c:\windows\pss\Acer VCM.lnkCommon Startup
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2010-09-23 12:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DigidesignMMERefresh]
    2009-12-18 09:29 77824 ----a-w- c:\program files\Digidesign\Drivers\MMERefresh.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2010-02-15 07:07 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaxMenuMgr]
    2009-05-01 21:35 185640 ----a-w- c:\program files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2008-04-14 12:42 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2009-11-10 12:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
    2009-03-06 00:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2010-05-14 01:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
    2010-12-14 20:02 2424560 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
    2009-09-04 03:16 158448 ----a-w- c:\program files\Zune\ZuneLauncher.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall "= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe "=
    "%windir%\\system32\\sessmgr.exe "=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe "=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE "=
    "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe "=
    "c:\\Documents and Settings\\Alx\\Application Data\\Dropbox\\bin\\Dropbox.exe "=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
    "c:\\Program Files\\iTunes\\iTunes.exe "=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe "=

    R0 CFRMD;cfrmd;c:\windows\system32\drivers\CFRMD.sys [11/15/2009 9:52 PM 132424]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 10:25 AM 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 10:41 AM 67656]
    R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [5/1/2009 1:35 PM 181544]
    R3 igd;igd;c:\windows\system32\drivers\igxpmp32.sys [4/15/2009 5:48 AM 5097632]
    S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [4/15/2009 5:52 AM 1684736]
    S3 cpuz130;cpuz130;\??\c:\docume~1\Alx\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\Alx\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
    S3 dalwdmservice;dal service;c:\windows\system32\drivers\Dalwdm.sys [10/16/2010 12:13 AM 85008]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [4/15/2009 5:53 AM 164864]
    S3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
    .
    Contents of the 'Scheduled Tasks' folder

    2011-01-01 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 01:34]

    2011-01-06 c:\windows\Tasks\COMODO System Cleaner Update.job
    - c:\program files\COMODO\COMODO System-Cleaner\UpdateApplications.exe [2009-10-27 07:18]

    2011-01-05 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 20:26]
    .
    .
    ------- Supplementary Scan -------
    .
    uInternet Connection Wizard,ShellNext = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0809&m=ao751h
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    FF - ProfilePath - c:\documents and settings\Alx\Application Data\Mozilla\Firefox\Profiles\c976r9t6.default\
    FF - prefs.js: browser.search.selectedEngine - Bing
    FF - prefs.js: browser.startup.homepage - hxxp://www.maximumpc.com/
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: All-in-One Sidebar: {097d3191-e6fa-4728-9826-b533d755359d} - %profile%\extensions\{097d3191-e6fa-4728-9826-b533d755359d}
    FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard
    FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    .
    - - - - ORPHANS REMOVED - - - -

    SafeBoot-WudfPf
    SafeBoot-WudfRd



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-01-05 17:45
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(744)
    c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    c:\windows\system32\WININET.dll

    - - - - - - - > 'explorer.exe'(2196)
    c:\windows\system32\WININET.dll
    c:\documents and settings\Alx\Application Data\Dropbox\bin\DropboxExt.13.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    Completion time: 2011-01-05 17:52:24
    ComboFix-quarantined-files.txt 2011-01-06 01:52

    Pre-Run: 20,485,271,552 bytes free
    Post-Run: 21,974,650,880 bytes free

    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug= "do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS= "Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

    - - End Of File - - 65291CEDBAE3D00ACB3FC3360636A47F
     
  15. 2011/01/05
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Looks good :)

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  16. 2011/01/05
    Dippndots

    Dippndots Inactive Thread Starter

    Joined:
    2011/01/02
    Messages:
    20
    Likes Received:
    0
    Here's the first 1/2 of OTL.txt

    ------------------------------------------------------------------------

    OTL logfile created on: 1/5/2011 6:54:17 PM - Run 1
    OTL by OldTimer - Version 3.2.20.1 Folder = C:\Documents and Settings\Alx\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1,014.00 Mb Total Physical Memory | 300.00 Mb Available Physical Memory | 30.00% Memory free
    2.00 Gb Paging File | 2.00 Gb Available in Paging File | 75.00% Paging File free
    Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 141.05 Gb Total Space | 20.48 Gb Free Space | 14.52% Space Free | Partition Type: NTFS

    Computer Name: ALXNET | User Name: Alx | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/01/05 18:38:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Alx\Desktop\OTL.exe
    PRC - [2010/11/30 13:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
    PRC - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    PRC - [2010/10/27 00:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    PRC - [2010/08/24 16:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
    PRC - [2010/03/17 16:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    PRC - [2009/12/18 01:29:06 | 000,077,824 | ---- | M] (Avid, Inc. All rights reserved.) -- C:\Program Files\Digidesign\Drivers\MMERefresh.exe
    PRC - [2009/10/06 00:04:51 | 000,096,792 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\PersistenceThread.exe
    PRC - [2009/10/06 00:04:49 | 000,170,520 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxext.exe
    PRC - [2009/09/03 19:16:54 | 000,058,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ZuneBusEnum.exe
    PRC - [2009/05/01 13:35:54 | 000,181,544 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
    PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    PRC - [2009/02/19 17:52:20 | 000,817,672 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
    PRC - [2008/04/14 04:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


    ========== Modules (SafeList) ==========

    MOD - [2011/01/05 18:38:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Alx\Desktop\OTL.exe
    MOD - [2010/08/23 08:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
    SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
    SRV - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
    SRV - [2010/03/17 16:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
    SRV - [2009/12/18 01:29:06 | 000,077,824 | ---- | M] (Avid, Inc. All rights reserved.) [Auto | Running] -- C:\Program Files\Digidesign\Drivers\MMERefresh.exe -- (DigiRefresh)
    SRV - [2009/09/03 19:17:00 | 000,447,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
    SRV - [2009/09/03 19:16:54 | 005,893,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
    SRV - [2009/09/03 19:16:54 | 000,058,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ZuneBusEnum.exe -- (ZuneBusEnum)
    SRV - [2009/05/01 13:35:54 | 000,181,544 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
    SRV - [2006/03/03 02:03:10 | 000,069,632 | ---- | M] (HP) [Unknown | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\RtsUCcid.sys -- (USBCCID)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\Rts516xIR.sys -- (RtsUIR)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\NSNDIS5.SYS -- (NSNDIS5)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Alx\LOCALS~1\Temp\cpuz130\cpuz_x32.sys -- (cpuz130)
    DRV - [2010/05/10 10:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2010/02/17 10:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
    DRV - [2009/12/18 04:39:34 | 000,085,008 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Dalwdm.sys -- (dalwdmservice)
    DRV - [2009/12/01 18:56:16 | 000,092,792 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\TPkd.sys -- (TPkd)
    DRV - [2009/10/26 20:46:30 | 000,132,424 | ---- | M] (COMODO Security Solutions Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\cfrmd.sys -- (CFRMD)
    DRV - [2009/10/06 00:05:02 | 005,870,080 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
    DRV - [2009/10/06 00:04:50 | 005,097,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (igd)
    DRV - [2009/10/05 23:09:35 | 001,181,184 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\athr.sys -- (athr)
    DRV - [2009/04/15 19:10:06 | 000,132,480 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
    DRV - [2009/03/11 23:55:32 | 000,164,864 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtsUStor.sys -- (RSUSBSTOR)
    DRV - [2009/02/27 00:21:52 | 000,205,360 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
    DRV - [2008/12/29 09:02:32 | 001,346,464 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
    DRV - [2008/08/05 04:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
    DRV - [2008/04/14 04:00:00 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
    DRV - [2008/04/14 04:00:00 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
    DRV - [2008/04/14 04:00:00 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
    DRV - [2008/04/14 04:00:00 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
    DRV - [2008/04/14 04:00:00 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
    DRV - [2008/04/14 04:00:00 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
    DRV - [2008/04/14 04:00:00 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
    DRV - [2008/04/14 04:00:00 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
    DRV - [2008/04/14 04:00:00 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
    DRV - [2008/04/14 04:00:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
    DRV - [2008/04/14 04:00:00 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
    DRV - [2008/04/14 04:00:00 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
    DRV - [2008/04/14 04:00:00 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
    DRV - [2008/04/14 04:00:00 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
    DRV - [2008/04/14 04:00:00 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
    DRV - [2008/04/14 04:00:00 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
    DRV - [2008/04/13 23:06:40 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
    DRV - [2008/04/13 23:06:40 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
    DRV - [2008/04/13 05:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
    DRV - [2006/11/02 06:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
    DRV - [2006/01/03 23:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
    DRV - [2004/12/07 22:10:00 | 000,016,896 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DKbFltr.SYS -- (DKbFltr)
    DRV - [2004/05/17 21:04:16 | 000,041,984 | ---- | M] (DeviceGuys, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\DGIVECP.SYS -- (DgiVecp)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========


    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.bing.com [binary data]
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.selectedEngine: "Bing "
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://www.maximumpc.com/ "
    FF - prefs.js..extensions.enabledItems: {097d3191-e6fa-4728-9826-b533d755359d}:0.7.12
    FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.1
    FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
    FF - prefs.js..network.proxy.no_proxies_on: "*.local "

    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/25 02:21:27 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/01/03 19:35:29 | 000,000,000 | ---D | M]

    [2009/08/07 08:14:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Alx\Application Data\Mozilla\Extensions
    [2011/01/04 23:03:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Alx\Application Data\Mozilla\Firefox\Profiles\c976r9t6.default\extensions
    [2010/12/31 00:13:25 | 000,000,000 | ---D | M] (All-in-One Sidebar) -- C:\Documents and Settings\Alx\Application Data\Mozilla\Firefox\Profiles\c976r9t6.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}
    [2010/09/07 20:54:01 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Alx\Application Data\Mozilla\Firefox\Profiles\c976r9t6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2010/12/28 00:09:08 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Alx\Application Data\Mozilla\Firefox\Profiles\c976r9t6.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    [2010/12/31 00:13:24 | 000,000,000 | ---D | M] (Personas) -- C:\Documents and Settings\Alx\Application Data\Mozilla\Firefox\Profiles\c976r9t6.default\extensions\personas@christopher.beard
    [2009/09/29 05:32:58 | 000,002,172 | ---- | M] () -- C:\Documents and Settings\Alx\Application Data\Mozilla\Firefox\Profiles\c976r9t6.default\searchplugins\bing.xml
    [2011/01/05 01:44:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2010/07/16 11:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

    O1 HOSTS File: ([2010/12/30 13:15:18 | 000,428,313 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: 127.0.0.1 www.007guard.com
    O1 - Hosts: 127.0.0.1 007guard.com
    O1 - Hosts: 127.0.0.1 008i.com
    O1 - Hosts: 127.0.0.1 www.008k.com
    O1 - Hosts: 127.0.0.1 008k.com
    O1 - Hosts: 127.0.0.1 www.00hq.com
    O1 - Hosts: 127.0.0.1 00hq.com
    O1 - Hosts: 127.0.0.1 010402.com
    O1 - Hosts: 127.0.0.1 www.032439.com
    O1 - Hosts: 127.0.0.1 032439.com
    O1 - Hosts: 127.0.0.1 www.0scan.com
    O1 - Hosts: 127.0.0.1 0scan.com
    O1 - Hosts: 127.0.0.1 1000gratisproben.com
    O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
    O1 - Hosts: 127.0.0.1 1001namen.com
    O1 - Hosts: 127.0.0.1 www.1001namen.com
    O1 - Hosts: 127.0.0.1 100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100sexlinks.com
    O1 - Hosts: 127.0.0.1 100sexlinks.com
    O1 - Hosts: 127.0.0.1 10sek.com
    O1 - Hosts: 127.0.0.1 www.10sek.com
    O1 - Hosts: 127.0.0.1 www.1-2005-search.com
    O1 - Hosts: 127.0.0.1 1-2005-search.com
    O1 - Hosts: 14748 more lines...
    O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
    O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
    O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\Drivers\AzMixerSel.exe (Realtek Semiconductor Corp.)
    O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
    O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
    O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
    O4 - HKLM..\Run: [PersistenceThread] C:\WINDOWS\system32\PersistenceThread.exe (Intel Corporation)
    O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
    O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
    O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} http://www.yougamers.com/systeminfo/FMSI.cab (Futuremark SystemInfo)
    O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
    O20 - Winlogon\Notify\igdlogin: DllName - igdlogin.dll - C:\WINDOWS\System32\igdlogin.dll ()
    O24 - Desktop WallPaper: C:\Documents and Settings\Alx\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Alx\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/04/15 04:46:19 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/01/05 18:38:31 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Alx\Desktop\OTL.exe
    [2011/01/05 17:52:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
    [2011/01/05 17:18:44 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2011/01/05 17:07:26 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2011/01/05 17:07:26 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2011/01/05 17:07:26 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2011/01/05 17:07:26 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2011/01/05 17:06:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2011/01/05 17:06:41 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/01/04 22:58:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alx\Desktop\tdsskiller
    [2011/01/02 12:17:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alx\My Documents\Simply Super Software
    [2010/12/25 21:36:47 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010/12/25 21:36:44 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/12/23 01:04:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alx\Desktop\movies
    [2010/12/22 00:51:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alx\Desktop\Zune
    [2010/12/22 00:51:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alx\Desktop\Chemical Transport
    [2010/12/21 15:59:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alx\My Documents\My Music
    [2009/04/15 05:23:42 | 000,049,152 | ---- | C] ( ) -- C:\WINDOWS\Interop.IWshRuntimeLibrary.dll
    [4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/01/05 18:38:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Alx\Desktop\OTL.exe
    [2011/01/05 17:18:55 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2011/01/05 16:55:44 | 004,148,657 | R--- | M] () -- C:\Documents and Settings\Alx\Desktop\ComboFix.exe
    [2011/01/05 16:53:20 | 000,000,440 | ---- | M] () -- C:\WINDOWS\tasks\COMODO System Cleaner Update.job
    [2011/01/05 01:39:06 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
    [2011/01/05 01:32:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2011/01/05 01:31:56 | 1063,510,016 | -HS- | M] () -- C:\hiberfil.sys
    [2011/01/04 23:12:57 | 000,129,140 | ---- | M] () -- C:\Documents and Settings\Alx\Desktop\scan results.JPG
    [2011/01/04 22:57:30 | 001,232,020 | ---- | M] () -- C:\Documents and Settings\Alx\Desktop\tdsskiller.zip
    [2011/01/03 22:09:48 | 000,000,211 | ---- | M] () -- C:\Boot.bak
    [2011/01/03 19:35:32 | 000,001,732 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
    [2011/01/02 16:45:17 | 000,624,128 | ---- | M] () -- C:\Documents and Settings\Alx\Desktop\dds.scr
    [2011/01/02 16:43:58 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Alx\Desktop\MBRCheck.exe
    [2011/01/02 16:43:21 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\Alx\Desktop\vozqzmrb.exe
    [2011/01/02 12:17:34 | 000,000,787 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Trojan Remover.lnk
    [2011/01/02 11:41:53 | 000,001,681 | ---- | M] () -- C:\Documents and Settings\Alx\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2011/01/01 19:13:10 | 000,000,920 | ---- | M] () -- C:\Documents and Settings\Alx\Desktop\Revo Uninstaller.lnk
    [2011/01/01 15:59:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2010/12/30 13:15:18 | 000,428,313 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2010/12/25 21:38:06 | 000,000,954 | ---- | M] () -- C:\Documents and Settings\Alx\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
    [2010/12/25 21:38:06 | 000,000,936 | ---- | M] () -- C:\Documents and Settings\Alx\Desktop\Spybot - Search & Destroy.lnk
    [2010/12/25 21:36:47 | 000,000,699 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/12/25 21:35:12 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
    [2010/12/25 21:34:40 | 000,001,683 | ---- | M] () -- C:\Documents and Settings\Alx\Desktop\Microsoft Security Essentials.lnk
    [2010/12/25 21:34:12 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/12/23 01:00:07 | 000,437,170 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2010/12/23 01:00:07 | 000,069,230 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2010/12/22 01:02:40 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_User_ZuneDriver_01_09_00.Wdf
    [2010/12/22 01:02:40 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_WinUSB_01009.Wdf
    [2010/12/22 01:01:23 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_user_01_09_00.Wdf
    [2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010/12/20 16:00:48 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2010/12/20 12:53:39 | 000,356,952 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2010/12/20 10:46:15 | 000,200,704 | ---- | M] () -- C:\Documents and Settings\Alx\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/01/05 17:18:55 | 000,000,211 | ---- | C] () -- C:\Boot.bak
    [2011/01/05 17:18:50 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2011/01/05 17:07:26 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2011/01/05 17:07:26 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2011/01/05 17:07:26 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2011/01/05 17:07:26 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2011/01/05 17:07:26 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2011/01/05 16:54:53 | 004,148,657 | R--- | C] () -- C:\Documents and Settings\Alx\Desktop\ComboFix.exe
    [2011/01/04 23:12:57 | 000,129,140 | ---- | C] () -- C:\Documents and Settings\Alx\Desktop\scan results.JPG
    [2011/01/04 22:57:11 | 001,232,020 | ---- | C] () -- C:\Documents and Settings\Alx\Desktop\tdsskiller.zip
    [2011/01/03 19:32:23 | 000,001,732 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
    [2011/01/03 18:04:37 | 1063,510,016 | -HS- | C] () -- C:\hiberfil.sys
    [2011/01/02 20:43:18 | 000,624,128 | ---- | C] () -- C:\Documents and Settings\Alx\Desktop\dds.scr
    [2011/01/02 20:43:18 | 000,296,448 | ---- | C] () -- C:\Documents and Settings\Alx\Desktop\vozqzmrb.exe
    [2011/01/02 20:43:18 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Alx\Desktop\MBRCheck.exe
    [2011/01/02 12:17:34 | 000,000,787 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Trojan Remover.lnk
    [2011/01/02 12:16:58 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
    [2011/01/02 12:16:57 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
    [2011/01/02 12:16:57 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
    [2011/01/02 12:16:56 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll
    [2011/01/02 11:41:53 | 000,001,681 | ---- | C] () -- C:\Documents and Settings\Alx\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2010/12/25 21:40:01 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
    [2010/12/25 21:38:06 | 000,000,954 | ---- | C] () -- C:\Documents and Settings\Alx\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
    [2010/12/25 21:38:06 | 000,000,936 | ---- | C] () -- C:\Documents and Settings\Alx\Desktop\Spybot - Search & Destroy.lnk
    [2010/12/25 21:36:47 | 000,000,699 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/12/25 21:35:12 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
    [2010/12/25 21:34:40 | 000,001,683 | ---- | C] () -- C:\Documents and Settings\Alx\Desktop\Microsoft Security Essentials.lnk
    [2010/12/22 01:02:40 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_User_ZuneDriver_01_09_00.Wdf
    [2010/12/22 01:02:40 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_WinUSB_01009.Wdf
    [2010/12/22 01:01:23 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_user_01_09_00.Wdf
    [2010/10/16 00:13:56 | 000,085,008 | ---- | C] () -- C:\WINDOWS\System32\drivers\Dalwdm.sys
    [2010/10/15 05:27:14 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\qtmlClient.dll
    [2009/12/17 03:49:00 | 000,000,734 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
    [2009/12/01 15:18:31 | 000,000,163 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
    [2009/11/15 03:41:24 | 000,005,847 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
    [2009/11/15 03:40:52 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
    [2009/08/02 17:35:33 | 000,200,704 | ---- | C] () -- C:\Documents and Settings\Alx\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/05/18 12:36:17 | 000,626,688 | ---- | C] () -- C:\WINDOWS\Image.dll
    [2009/04/15 07:27:37 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2009/04/15 05:50:25 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
    [2009/04/15 05:48:51 | 000,004,343 | ---- | C] () -- C:\WINDOWS\System32\lpgun.ini
    [2009/04/15 05:48:41 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\igdlogin.dll
    [2009/04/15 04:50:09 | 000,006,782 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
    [2009/04/15 04:42:14 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
    [2009/04/14 21:37:47 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2001/07/06 08:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

    ========== LOP Check ==========

    [2011/01/05 01:39:06 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2009/04/15 04:46:19 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2011/01/03 22:09:48 | 000,000,211 | ---- | M] () -- C:\Boot.bak
    [2011/01/05 17:18:55 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
    [2011/01/05 17:52:25 | 000,013,957 | ---- | M] () -- C:\ComboFix.txt
    [2009/04/15 04:46:19 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2011/01/05 01:31:56 | 1063,510,016 | -HS- | M] () -- C:\hiberfil.sys
    [2009/04/15 04:46:19 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2010/12/25 21:38:20 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
    [2009/03/16 23:43:12 | 000,002,016 | ---- | M] () -- C:\MOD01SET0J00P2000O.enc
    [2008/08/06 17:16:21 | 000,002,488 | ---- | M] () -- C:\MOD01WOS02ENP20001.enc
    [2009/04/15 04:46:19 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2008/04/14 04:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2008/04/14 04:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2011/01/05 01:31:38 | 1598,029,824 | -HS- | M] () -- C:\pagefile.sys
    [2009/04/15 05:52:57 | 000,001,876 | ---- | M] () -- C:\RHDSetup.log
    [2009/04/15 05:47:59 | 000,000,190 | ---- | M] () -- C:\Setup.log
    [2011/01/04 23:13:06 | 000,050,120 | ---- | M] () -- C:\TDSSKiller.2.4.12.0_04.01.2011_22.59.40_log.txt

    < %systemroot%\Fonts\*.com >
    [2006/04/18 14:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
    [2006/06/29 13:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
    [2006/04/18 14:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
    [2006/06/29 13:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/04/15 04:45:40 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2008/07/06 04:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    [2006/04/09 19:02:32 | 000,074,240 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp054.dll
    [2006/10/26 18:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll
    [2008/07/06 02:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2008/12/04 21:55:20 | 000,307,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WLXPGSS.SCR
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >
    [2009/08/02 18:21:22 | 000,001,634 | -H-- | M] () -- C:\Documents and Settings\Alx\Application Data\Microsoft\LastFlashConfig.WFC

    < %PROGRAMFILES%\*.* >

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2009/04/14 21:36:24 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
    [2009/04/14 21:36:24 | 001,064,960 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
    [2009/04/14 21:36:23 | 000,888,832 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
    [2009/04/15 04:46:26 | 000,000,294 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2009/08/03 07:55:47 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Alx\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
    [2009/04/15 04:50:29 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Alx\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

    < %USERPROFILE%\Desktop\*.exe >
    [2009/11/15 03:40:04 | 073,702,216 | ---- | M] () -- C:\Documents and Settings\Alx\Desktop\AiO_071_000_201_000_CDA_DriverOnly_Network_enu_NB.exe
    [2011/01/05 16:55:44 | 004,148,657 | R--- | M] () -- C:\Documents and Settings\Alx\Desktop\ComboFix.exe
    [2010/01/07 00:10:53 | 013,515,048 | ---- | M] () -- C:\Documents and Settings\Alx\Desktop\Dropbox 0.7.97.exe
    [2011/01/02 16:43:58 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Alx\Desktop\MBRCheck.exe
    [2011/01/05 18:38:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Alx\Desktop\OTL.exe
    [2011/01/02 16:43:21 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\Alx\Desktop\vozqzmrb.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2008/04/14 04:00:00 | 000,000,791 | ---- | M] () -- C:\WINDOWS\addins\fxsext.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2009/08/03 07:55:47 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Alx\Favorites\Desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >
    Acer Crystal Eye webcam.exe

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >
    [2011/01/05 18:40:19 | 000,081,920 | -HS- | M] () -- C:\Documents and Settings\Alx\Cookies\index.dat

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >
    [2008/04/14 04:00:00 | 000,208,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >
    [2008/04/14 04:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
    [2007/04/02 22:37:24 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
    [2007/04/02 22:37:24 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
    [2008/05/02 06:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
    [2008/04/13 22:00:30 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
    [2008/04/14 04:42:30 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
    [2007/04/02 22:37:24 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
    [2007/04/02 22:37:24 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
    [2007/04/02 22:37:26 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
    [2007/04/02 22:37:28 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
    [2007/04/02 22:34:02 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >
     
  17. 2011/01/05
    Dippndots

    Dippndots Inactive Thread Starter

    Joined:
    2011/01/02
    Messages:
    20
    Likes Received:
    0
    the 2nd 1/2
    ----------------------------------------------------------------------------

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:CB0AACC9
    @Alternate Data Stream - 1159 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:ON7IOPld6VFJGA5bhE7CKREH4f
    @Alternate Data Stream - 1125 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:OtREItrFXSbbEgPf3wJf7vG
    @Alternate Data Stream - 1042 bytes -> C:\Program Files\Outlook Express:q7jI5EIBwgJuUHv4uLEo

    < End of report >
     
    Last edited by a moderator: 2011/01/05
  18. 2011/01/05
    Dippndots

    Dippndots Inactive Thread Starter

    Joined:
    2011/01/02
    Messages:
    20
    Likes Received:
    0
    here's the extras.txt

    ----------------------------------------------------------------------------

    OTL Extras logfile created on: 1/5/2011 6:54:17 PM - Run 1
    OTL by OldTimer - Version 3.2.20.1 Folder = C:\Documents and Settings\Alx\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1,014.00 Mb Total Physical Memory | 300.00 Mb Available Physical Memory | 30.00% Memory free
    2.00 Gb Paging File | 2.00 Gb Available in Paging File | 75.00% Paging File free
    Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 141.05 Gb Total Space | 20.48 Gb Free Space | 14.52% Space Free | Partition Type: NTFS

    Computer Name: ALXNET | User Name: Alx | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1 "
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0
    "DoNotAllowExceptions" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0
    "DoNotAllowExceptions" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
    "C:\Documents and Settings\Alx\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Alx\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- ()
    "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
    "{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}" = Zune Language Pack (FR)
    "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
    "{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{25613C10-27D2-410B-942B-D922D5C3A7BE}" = Interlok driver setup x32
    "{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{3A316611-45D1-429C-AA26-B71259C44689}" = HP Photosmart, Officejet and Deskjet 7.0.A
    "{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
    "{3FFBBFC4-FC05-4F2E-8BB5-F0ABBA0E6487}" = Digidesign ElevenRack Driver 1.0.8 (x86)
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
    "{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
    "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
    "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
    "{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes
    "{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
    "{888FFC82-688D-46AB-A776-B417885432B6}" = Zune
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
    "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_PROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_PROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
    "{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = USB2.0 Card Reader Software
    "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye webcam 2.2.0.2
    "{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
    "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
    "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
    "{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skypeâ„¢ 4.2
    "{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
    "{E6F019F1-DFB6-4853-A87D-6E31624755A9}" = Seagate Manager Installer
    "{ED19FDBF-21F0-48EC-92AB-818BB1A600DB}" = COMODO System-Cleaner
    "{EE4ACABF-531E-419A-9225-B8E0FA4955AF}" = Zune Language Pack (ES)
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
    "{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
    "{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery
    "{F97B750E-554D-4194-BF3F-41EA91389E10}" = ArcSoft TotalMedia Extreme
    "{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie8" = Windows Internet Explorer 8
    "InstallShield_{E6F019F1-DFB6-4853-A87D-6E31624755A9}" = Seagate Manager Installer
    "LManager" = Launch Manager
    "LPCO" = Intel(R) Graphics Media Accelerator 500
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft Security Client" = Microsoft Security Essentials
    "Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "PROR" = Microsoft Office Professional 2007
    "Revo Uninstaller" = Revo Uninstaller 1.91
    "Samsung ML-2250 Series" = Samsung ML-2250 Series
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "Trojan Remover_is1" = Trojan Remover 6.8.2
    "VLC media player" = VLC media player 1.0.1
    "Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
    "Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "winusb0100" = Microsoft WinUsb 1.0
    "WMFDist11" = Windows Media Format 11 runtime
    "Wudf01009" = Microsoft User-Mode Driver Framework Feature Pack 1.9
    "Zune" = Zune

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Dropbox" = Dropbox

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 3/12/2010 10:40:32 PM | Computer Name = ALXNET | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 3/12/2010 10:40:34 PM | Computer Name = ALXNET | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 3/12/2010 10:40:40 PM | Computer Name = ALXNET | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 3/20/2010 11:14:21 PM | Computer Name = ALXNET | Source = MsiInstaller | ID = 10005
    Description = Product: iTunes -- You do not have sufficient privileges to complete
    this installation for all users of the machine. Log on as an administrator and
    then retry this installation.

    Error - 3/20/2010 11:17:31 PM | Computer Name = ALXNET | Source = MsiInstaller | ID = 10005
    Description = Product: iTunes -- You do not have sufficient privileges to complete
    this installation for all users of the machine. Log on as an administrator and
    then retry this installation.

    Error - 3/22/2010 3:05:20 AM | Computer Name = ALXNET | Source = MsiInstaller | ID = 10005
    Description = Product: iTunes -- You do not have sufficient privileges to complete
    this installation for all users of the machine. Log on as an administrator and
    then retry this installation.

    Error - 3/22/2010 3:07:29 AM | Computer Name = ALXNET | Source = MsiInstaller | ID = 10005
    Description = Product: iTunes -- You do not have sufficient privileges to complete
    this installation for all users of the machine. Log on as an administrator and
    then retry this installation.

    Error - 3/22/2010 9:54:27 AM | Computer Name = ALXNET | Source = Application Hang | ID = 1002
    Description = Hanging application WLXPhotoGallery.exe, version 14.0.8051.1204, hang
    module hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 6/8/2010 5:50:05 AM | Computer Name = ALXNET | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 6/8/2010 5:51:46 AM | Computer Name = ALXNET | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    [ OSession Events ]
    Error - 6/23/2010 5:21:19 PM | Computer Name = ALXNET | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1075
    seconds with 120 seconds of active time. This session ended with a crash.

    Error - 7/6/2010 8:54:36 PM | Computer Name = ALXNET | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 55165
    seconds with 1980 seconds of active time. This session ended with a crash.

    Error - 8/10/2010 6:20:35 AM | Computer Name = ALXNET | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 25729
    seconds with 1440 seconds of active time. This session ended with a crash.

    [ System Events ]
    Error - 1/4/2011 2:39:56 AM | Computer Name = ALXNET | Source = Print | ID = 23
    Description = Printer Send To OneNote 2007 failed to initialize because a suitable
    Send To Microsoft OneNote Driver driver could not be found.

    Error - 1/4/2011 3:13:59 AM | Computer Name = ALXNET | Source = ACPIEC | ID = 327681
    Description = \Device\ACPIEC: The embedded controller (EC) hardware didn't respond
    within the timeout period. This may indicate an error in the EC hardware or firmware,
    or possibly a poorly designed BIOS which accesses the EC in an unsafe manner.
    The EC driver will retry the failed transaction if possible.

    Error - 1/4/2011 3:14:36 AM | Computer Name = ALXNET | Source = Print | ID = 23
    Description = Printer Send To OneNote 2007 failed to initialize because a suitable
    Send To Microsoft OneNote Driver driver could not be found.

    Error - 1/4/2011 4:02:32 AM | Computer Name = ALXNET | Source = Service Control Manager | ID = 7032
    Description = The Service Control Manager tried to take a corrective action (Restart
    the service) after the unexpected termination of the Windows Management Instrumentation
    service, but this action failed with the following error: %%1056

    Error - 1/4/2011 4:08:16 AM | Computer Name = ALXNET | Source = ACPIEC | ID = 327681
    Description = \Device\ACPIEC: The embedded controller (EC) hardware didn't respond
    within the timeout period. This may indicate an error in the EC hardware or firmware,
    or possibly a poorly designed BIOS which accesses the EC in an unsafe manner.
    The EC driver will retry the failed transaction if possible.

    Error - 1/4/2011 4:08:55 AM | Computer Name = ALXNET | Source = Print | ID = 23
    Description = Printer Send To OneNote 2007 failed to initialize because a suitable
    Send To Microsoft OneNote Driver driver could not be found.

    Error - 1/5/2011 2:28:12 AM | Computer Name = ALXNET | Source = Print | ID = 23
    Description = Printer Send To OneNote 2007 failed to initialize because a suitable
    Send To Microsoft OneNote Driver driver could not be found.

    Error - 1/5/2011 3:01:45 AM | Computer Name = ALXNET | Source = Microsoft Antimalware | ID = 2001
    Description = %%860 has encountered an error trying to update signatures. New Signature
    Version: Previous Signature Version: 1.95.3073.0 Update Source: %%859 Update Stage:
    %%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

    User:
    NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6402.0 Error
    code: 0x80072efe Error description: The connection with the server was terminated
    abnormally

    Error - 1/5/2011 3:17:09 AM | Computer Name = ALXNET | Source = Print | ID = 23
    Description = Printer Send To OneNote 2007 failed to initialize because a suitable
    Send To Microsoft OneNote Driver driver could not be found.

    Error - 1/5/2011 5:32:45 AM | Computer Name = ALXNET | Source = Print | ID = 23
    Description = Printer Send To OneNote 2007 failed to initialize because a suitable
    Send To Microsoft OneNote Driver driver could not be found.


    < End of report >
     
  19. 2011/01/05
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    ==============================================================

    Run OTL
    • Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following

      Code:
      :OTL
      O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
      [4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
      [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
      @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:CB0AACC9
      @Alternate Data Stream - 1159 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:ON7IOPld6VFJGA5bhE7CKREH4f
      @Alternate Data Stream - 1125 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:OtREItrFXSbbEgPf3wJf7vG
      @Alternate Data Stream - 1042 bytes -> C:\Program Files\Outlook Express:q7jI5EIBwgJuUHv4uLEo
      
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the [color= "#FF0000"]Run Fix[/color] button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ==============================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  20. 2011/01/06
    Dippndots

    Dippndots Inactive Thread Starter

    Joined:
    2011/01/02
    Messages:
    20
    Likes Received:
    0
    Here's the OTL log
    ----------------------------

    All processes killed
    ========== OTL ==========
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\ deleted successfully.
    C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
    C:\WINDOWS\System32\SET6CD.tmp deleted successfully.
    C:\WINDOWS\System32\SET6D1.tmp deleted successfully.
    C:\WINDOWS\System32\SET6D9.tmp deleted successfully.
    C:\WINDOWS\msdownld.tmp folder deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\Temp:CB0AACC9 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\Microsoft:ON7IOPld6VFJGA5bhE7CKREH4f deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\Microsoft:OtREItrFXSbbEgPf3wJf7vG deleted successfully.
    ADS C:\Program Files\Outlook Express:q7jI5EIBwgJuUHv4uLEo deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Alx
    ->Temp folder emptied: 28652239 bytes
    ->Temporary Internet Files folder emptied: 6480664 bytes
    ->Java cache emptied: 37890615 bytes
    ->FireFox cache emptied: 99051176 bytes
    ->Flash cache emptied: 6338 bytes

    User: backup
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 2815 bytes
    ->FireFox cache emptied: 80486895 bytes
    ->Flash cache emptied: 3724 bytes

    User: Default User
    ->Temp folder emptied: 60986585 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 396 bytes

    User: Guest
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 298831 bytes
    ->Java cache emptied: 3742641 bytes
    ->FireFox cache emptied: 60792539 bytes
    ->Flash cache emptied: 31818 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32835 bytes

    User: NetworkService
    ->Temp folder emptied: 1546 bytes
    ->Temporary Internet Files folder emptied: 6553667 bytes
    ->Java cache emptied: 854 bytes
    ->Flash cache emptied: 58268 bytes

    User: randoms
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 22528762 bytes
    ->Java cache emptied: 23580223 bytes
    ->FireFox cache emptied: 4512586 bytes
    ->Flash cache emptied: 20894 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 1706 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33438 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 416.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Alx
    ->Flash cache emptied: 0 bytes

    User: backup
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Guest
    ->Flash cache emptied: 0 bytes

    User: LocalService

    User: NetworkService
    ->Flash cache emptied: 0 bytes

    User: randoms
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.20.1 log created on 01052011_201629

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...
     
  21. 2011/01/06
    Dippndots

    Dippndots Inactive Thread Starter

    Joined:
    2011/01/02
    Messages:
    20
    Likes Received:
    0
    here's the security check log, not sure why it thinks java is out of date
    --------------------------------------------------------------------

    Results of screen317's Security Check version 0.99.7
    Windows XP Service Pack 3
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    Microsoft Security Essentials
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    MVPS Hosts File
    Malwarebytes' Anti-Malware
    COMODO System-Cleaner
    Java(TM) 6 Update 23
    Out of date Java installed!
    Adobe Flash Player 10.1.102.64
    Adobe Reader 9.4.1
    Out of date Adobe Reader installed!
    Mozilla Firefox (3.6.13)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Windows Defender MSMpEng.exe
    Microsoft Security Essentials msseces.exe
    Microsoft Security Client Antimalware MsMpEng.exe
    ``````````End of Log````````````
     

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.