TheTerrorist_75

*NEW* TDSSSERV[RESOLVED]

Recommended Posts

Even with all f the programs to protect him he still went to bad sites and got infected.

AntiVir Log

Avira AntiVir Personal

Report file date: Sunday, June 06, 2010 16:34

Scanning for 2190565 virus strains and unwanted programs.

The program is running as an unrestricted full version.

Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus

Serial number : 0000149996-ADJIE-0000001

Platform : Windows XP

Windows version : (Service Pack 3) [5.1.2600]

Boot mode : Normally booted

Username : SYSTEM

Computer name : GROOVIN

Version information:

BUILD.DAT : 10.0.0.567 32097 Bytes 4/19/2010 15:07:00

AVSCAN.EXE : 10.0.3.0 433832 Bytes 4/1/2010 17:37:38

AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 17:57:04

LUKE.DLL : 10.0.2.3 104296 Bytes 3/7/2010 23:33:04

LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 04:40:49

VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 14:05:36

VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 00:27:49

VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 22:37:42

VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 21:37:42

VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 16:29:03

VBASE005.VDF : 7.10.6.82 2494464 Bytes 4/15/2010 20:28:30

VBASE006.VDF : 7.10.7.218 2294784 Bytes 6/2/2010 20:28:37

VBASE007.VDF : 7.10.7.219 2048 Bytes 6/2/2010 20:28:37

VBASE008.VDF : 7.10.7.220 2048 Bytes 6/2/2010 20:28:37

VBASE009.VDF : 7.10.7.221 2048 Bytes 6/2/2010 20:28:38

VBASE010.VDF : 7.10.7.222 2048 Bytes 6/2/2010 20:28:38

VBASE011.VDF : 7.10.7.223 2048 Bytes 6/2/2010 20:28:38

VBASE012.VDF : 7.10.7.224 2048 Bytes 6/2/2010 20:28:38

VBASE013.VDF : 7.10.7.225 2048 Bytes 6/2/2010 20:28:38

VBASE014.VDF : 7.10.7.226 2048 Bytes 6/2/2010 20:28:38

VBASE015.VDF : 7.10.7.227 2048 Bytes 6/2/2010 20:28:38

VBASE016.VDF : 7.10.7.228 2048 Bytes 6/2/2010 20:28:39

VBASE017.VDF : 7.10.7.229 2048 Bytes 6/2/2010 20:28:39

VBASE018.VDF : 7.10.7.230 2048 Bytes 6/2/2010 20:28:39

VBASE019.VDF : 7.10.7.231 2048 Bytes 6/2/2010 20:28:39

VBASE020.VDF : 7.10.7.232 2048 Bytes 6/2/2010 20:28:39

VBASE021.VDF : 7.10.7.233 2048 Bytes 6/2/2010 20:28:39

VBASE022.VDF : 7.10.7.234 2048 Bytes 6/2/2010 20:28:39

VBASE023.VDF : 7.10.7.235 2048 Bytes 6/2/2010 20:28:40

VBASE024.VDF : 7.10.7.236 2048 Bytes 6/2/2010 20:28:40

VBASE025.VDF : 7.10.7.237 2048 Bytes 6/2/2010 20:28:40

VBASE026.VDF : 7.10.7.238 2048 Bytes 6/2/2010 20:28:40

VBASE027.VDF : 7.10.7.239 2048 Bytes 6/2/2010 20:28:40

VBASE028.VDF : 7.10.7.240 2048 Bytes 6/2/2010 20:28:40

VBASE029.VDF : 7.10.7.241 2048 Bytes 6/2/2010 20:28:40

VBASE030.VDF : 7.10.7.242 2048 Bytes 6/2/2010 20:28:41

VBASE031.VDF : 7.10.7.252 87552 Bytes 6/6/2010 20:28:41

Engineversion : 8.2.2.6

AEVDF.DLL : 8.1.2.0 106868 Bytes 6/6/2010 20:28:51

AESCRIPT.DLL : 8.1.3.31 1352058 Bytes 6/6/2010 20:28:50

AESCN.DLL : 8.1.6.1 127347 Bytes 6/6/2010 20:28:49

AESBX.DLL : 8.1.3.1 254324 Bytes 6/6/2010 20:28:51

AERDL.DLL : 8.1.4.6 541043 Bytes 6/6/2010 20:28:49

AEPACK.DLL : 8.2.1.1 426358 Bytes 3/19/2010 17:34:51

AEOFFICE.DLL : 8.1.1.0 201081 Bytes 6/6/2010 20:28:48

AEHEUR.DLL : 8.1.1.33 2724214 Bytes 6/6/2010 20:28:47

AEHELP.DLL : 8.1.11.5 242038 Bytes 6/6/2010 20:28:44

AEGEN.DLL : 8.1.3.10 377205 Bytes 6/6/2010 20:28:44

AEEMU.DLL : 8.1.2.0 393588 Bytes 6/6/2010 20:28:43

AECORE.DLL : 8.1.15.3 192886 Bytes 6/6/2010 20:28:42

AEBB.DLL : 8.1.1.0 53618 Bytes 6/6/2010 20:28:42

AVWINLL.DLL : 10.0.0.0 19304 Bytes 1/14/2010 17:03:38

AVPREF.DLL : 10.0.0.0 44904 Bytes 1/14/2010 17:03:35

AVREP.DLL : 10.0.0.8 62209 Bytes 2/18/2010 21:47:40

AVREG.DLL : 10.0.3.0 53096 Bytes 4/1/2010 17:35:46

AVSCPLR.DLL : 10.0.3.0 83816 Bytes 4/1/2010 17:39:51

AVARKT.DLL : 10.0.0.14 227176 Bytes 4/1/2010 17:22:13

AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 1/26/2010 14:53:30

SQLITE3.DLL : 3.6.19.0 355688 Bytes 1/28/2010 17:57:58

AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/16/2010 20:38:56

NETNT.DLL : 10.0.0.0 11624 Bytes 2/19/2010 19:41:00

RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 18:10:20

RCTEXT.DLL : 10.0.53.0 97128 Bytes 4/9/2010 19:14:29

Configuration settings for the scan:

Jobname.............................: Complete system scan

Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp

Logging.............................: low

Primary action......................: quarantine

Secondary action....................: ignore

Scan master boot sector.............: on

Scan boot sector....................: on

Boot sectors........................: C:,

Process scan........................: on

Extended process scan...............: on

Scan registry.......................: on

Search for rootkits.................: on

Integrity checking of system files..: off

Scan all files......................: All files

Scan archives.......................: on

Recursion depth.....................: 20

Smart extensions....................: on

Macro heuristic.....................: on

File heuristic......................: medium

Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR,

Start of the scan: Sunday, June 06, 2010 16:34

Starting search for hidden objects.

The scan of running processes will be started

Scan process 'dllhost.exe' - '50' Module(s) have been scanned

Scan process 'dllhost.exe' - '45' Module(s) have been scanned

Scan process 'vssvc.exe' - '48' Module(s) have been scanned

Scan process 'avscan.exe' - '64' Module(s) have been scanned

Scan process 'avcenter.exe' - '63' Module(s) have been scanned

Scan process 'avgnt.exe' - '53' Module(s) have been scanned

Scan process 'sched.exe' - '55' Module(s) have been scanned

Scan process 'avshadow.exe' - '26' Module(s) have been scanned

Scan process 'avguard.exe' - '55' Module(s) have been scanned

Scan process 'GoogleToolbarNotifier.exe' - '54' Module(s) have been scanned

Scan process 'ctfmon.exe' - '26' Module(s) have been scanned

Scan process 'msmsgs.exe' - '42' Module(s) have been scanned

Scan process 'jusched.exe' - '21' Module(s) have been scanned

Scan process 'SiteAdv.exe' - '51' Module(s) have been scanned

Scan process 'ezprint.exe' - '62' Module(s) have been scanned

Scan process 'lxcymon.exe' - '29' Module(s) have been scanned

Scan process 'hkcmd.exe' - '31' Module(s) have been scanned

Scan process 'igfxtray.exe' - '31' Module(s) have been scanned

Scan process 'Explorer.EXE' - '106' Module(s) have been scanned

Scan process 'alg.exe' - '33' Module(s) have been scanned

Scan process 'dmadmin.exe' - '27' Module(s) have been scanned

Scan process 'svchost.exe' - '39' Module(s) have been scanned

Scan process 'SeaPort.exe' - '56' Module(s) have been scanned

Scan process 'lxcycoms.exe' - '28' Module(s) have been scanned

Scan process 'jqs.exe' - '33' Module(s) have been scanned

Scan process 'spoolsv.exe' - '61' Module(s) have been scanned

Scan process 'svchost.exe' - '30' Module(s) have been scanned

Scan process 'svchost.exe' - '161' Module(s) have been scanned

Scan process 'svchost.exe' - '38' Module(s) have been scanned

Scan process 'svchost.exe' - '39' Module(s) have been scanned

Scan process 'lsass.exe' - '51' Module(s) have been scanned

Scan process 'services.exe' - '36' Module(s) have been scanned

Scan process 'winlogon.exe' - '71' Module(s) have been scanned

Scan process 'csrss.exe' - '12' Module(s) have been scanned

Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting master boot sector scan:

Master boot sector HD0

[iNFO] No virus was found!

Master boot sector HD1

[iNFO] No virus was found!

Start scanning boot sectors:

Boot sector 'C:\'

[iNFO] No virus was found!

Starting to scan executable files (registry).

The registry was scanned ( '427' files ).

Starting the file scan:

Begin scan in 'C:\'

C:\Documents and Settings\Buc\Local Settings\Application Data\Opera\Opera\cache\opr0000P

[WARNING] The file could not be read!

C:\System Volume Information\_restore{2156839D-A153-4825-B240-21D536D4E5B7}\RP574\A0042414.exe

[DETECTION] Is the TR/Crypt.XPACK.Gen2 Trojan

[NOTE] The file was moved to the quarantine directory under the name '46b79ff3.qua'.

C:\System Volume Information\_restore{2156839D-A153-4825-B240-21D536D4E5B7}\RP577\A0042996.dll

[DETECTION] Is the TR/Trash.Gen Trojan

[NOTE] The file was moved to the quarantine directory under the name '5e20b031.qua'.

C:\System Volume Information\_restore{2156839D-A153-4825-B240-21D536D4E5B7}\RP577\A0042997.exe

[DETECTION] Is the TR/Trash.Gen Trojan

[NOTE] The file was moved to the quarantine directory under the name '0c7feada.qua'.

C:\System Volume Information\_restore{2156839D-A153-4825-B240-21D536D4E5B7}\RP577\A0042999.dll

[DETECTION] Is the TR/Trash.Gen Trojan

[NOTE] The file was moved to the quarantine directory under the name '6a48a518.qua'.

C:\System Volume Information\_restore{2156839D-A153-4825-B240-21D536D4E5B7}\RP577\A0043000.exe

[DETECTION] Is the TR/Trash.Gen Trojan

[NOTE] The file was moved to the quarantine directory under the name '2fcc8826.qua'.

C:\System Volume Information\_restore{2156839D-A153-4825-B240-21D536D4E5B7}\RP577\A0043001.exe

[DETECTION] Is the TR/Trash.Gen Trojan

[NOTE] The file was moved to the quarantine directory under the name '50d7ba47.qua'.

C:\System Volume Information\_restore{2156839D-A153-4825-B240-21D536D4E5B7}\RP577\A0043002.exe

[DETECTION] Is the TR/Trash.Gen Trojan

[NOTE] The file was moved to the quarantine directory under the name '1c6f960d.qua'.

End of the scan: Sunday, June 06, 2010 17:00

Used time: 26:26 Minute(s)

The scan has been done completely.

5460 Scanned directories

122218 Files were scanned

7 Viruses and/or unwanted programs were found

0 Files were classified as suspicious

0 files were deleted

0 Viruses and unwanted programs were repaired

7 Files were moved to quarantine

0 Files were renamed

0 Files cannot be scanned

122211 Files not concerned

636 Archives were scanned

1 Warnings

7 Notes

292381 Objects were scanned with rootkit scan

0 Hidden objects were found

SAS log

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

Generated 06/06/2010 at 07:19 PM

Application Version : 4.38.1004

Core Rules Database Version : 5038

Trace Rules Database Version: 2850

Scan type : Complete Scan

Total Scan Time : 00:25:04

Memory items scanned : 449

Memory threats detected : 0

Registry items scanned : 5145

Registry threats detected : 2

File items scanned : 17136

File threats detected : 0

Rootkit.TDSServ

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TDSSserv.sys

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDSSserv.sys

MBAM log

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4173

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

6/6/2010 3:41:12 PM

mbam-log-2010-06-06 (15-41-12).txt

Scan type: Quick scan

Objects scanned: 134263

Time elapsed: 5 minute(s), 11 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 37

Registry Values Infected: 3

Registry Data Items Infected: 0

Folders Infected: 20

Files Infected: 26

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\Interface\{480098c6-f6ad-4c61-9b5c-2bae228a34d1} (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{6160f76a-1992-4b17-a32d-0c706d159105} (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{877f3eab-4462-44df-8475-6064eafd7fbf} (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{883dfc00-8a21-411d-956c-73a4e4b7d16f} (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{ac5ab953-ed25-4f9c-87f0-b086b0178ffa} (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{c28a0312-c403-417b-a425-a915bc0519cd} (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{25b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\{5617ECA9-488D-4BA2-8562-9710B9AB78D2} (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\F5JMWNZTHI (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Internet Saving Optimizer (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Media Access Startup (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\ROUA3O12PW (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Internet Saving Optimizer (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Media Access Startup (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{16b6279b-9ff5-41fb-8bf9-404324f5dd1f}}_is1 (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1fb52ab3-5987-45a2-85e0-f3ec30dddc29}}_is1 (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\TDSSserv (Rootkit.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{0ba0192d-94a5-45e3-b2b8-3ec5a1a0b5ec} (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{2224e955-00e9-4613-a844-ce69fccaae91} (Adware.DoubleD) -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

C:\Program Files\Internet Saving Optimizer (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Program Files\Internet Saving Optimizer\3.4.0.4340 (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Program Files\Internet Saving Optimizer\3.4.0.4340\Data (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\chrome (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\chrome\content (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\components (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Program Files\Media Access Startup (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Program Files\Media Access Startup\1.5.0.850 (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Program Files\Media Access Startup\1.5.0.850\Data (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Program Files\Media Access Startup\1.5.0.850\FF (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Program Files\Media Access Startup\1.5.0.850\FF\chrome (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Program Files\Media Access Startup\1.5.0.850\FF\chrome\content (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Program Files\Media Access Startup\1.5.0.850\FF\components (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Buc\Local Settings\Application Data\Internet Saving Optimizer (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Buc\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340 (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Buc\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340 (Adware.DoubleD) -> Files: 2781 -> Quarantined and deleted successfully.

C:\Documents and Settings\Buc\Local Settings\Application Data\Media Access Startup (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Buc\Local Settings\Application Data\Media Access Startup\1.5.0.850 (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Buc\Local Settings\Application Data\Media Access Startup\1.5.0.850 (Adware.DoubleD) -> Files: 529 -> Quarantined and deleted successfully.

Files Infected:

C:\Program Files\Internet Saving Optimizer\3.4.0.4340\NPCommon.dll (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Program Files\Internet Saving Optimizer\3.4.0.4340\unins000.dat (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Program Files\Internet Saving Optimizer\3.4.0.4340\unins000.exe (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Program Files\Internet Saving Optimizer\3.4.0.4340\Data\config.md (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\chrome.manifest (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\install.rdf (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\chrome\NPAddOn.jar (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\chrome\content\NPAddOn.js (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\chrome\content\NPAddOn.xul (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\components\NPFFAddOn.dll (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\components\NPFFAddOn.xpt (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\components\NPFFHelperComponent.js (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Program Files\Media Access Startup\1.5.0.850\hppx.exe (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Program Files\Media Access Startup\1.5.0.850\MAHelper.exe (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Program Files\Media Access Startup\1.5.0.850\unins000.dat (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Program Files\Media Access Startup\1.5.0.850\unins000.exe (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Program Files\Media Access Startup\1.5.0.850\Data\config.md (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Program Files\Media Access Startup\1.5.0.850\FF\chrome.manifest (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Program Files\Media Access Startup\1.5.0.850\FF\install.rdf (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Program Files\Media Access Startup\1.5.0.850\FF\chrome\HPAddOn.jar (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Program Files\Media Access Startup\1.5.0.850\FF\chrome\content\HPAddOn.js (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Program Files\Media Access Startup\1.5.0.850\FF\chrome\content\HPAddOn.xul (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Program Files\Media Access Startup\1.5.0.850\FF\components\HPFFAddOn.xpt (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Program Files\Media Access Startup\1.5.0.850\FF\components\HPFFHelperComponent.js (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

Rooter log

Rooter.exe (v1.0.2) by Eric_71

.

SeDebugPrivilege granted successfully ...

.

Windows XP Home Edition (5.1.2600) Service Pack 3

[32_bits] - x86 Family 15 Model 2 Stepping 9, GenuineIntel

.

[wscsvc] (Security Center) RUNNING (state:4)

[sharedAccess] RUNNING (state:4)

Windows Firewall -> Enabled

.

Internet Explorer 8.0.6001.18702

.

A:\ [Removable]

C:\ [Fixed-NTFS] .. ( Total:74 Go - Free:61 Go )

D:\ [CD_Rom]

.

Scan : 21:12.51

Path : C:\Documents and Settings\Buc\Desktop\Rooter.exe

User : Buc ( Administrator -> YES )

.

----------------------\\ Processes

.

Locked [system Process] (0)

______ System (4)

______ \SystemRoot\System32\smss.exe (292)

______ \??\C:\WINDOWS\system32\csrss.exe (340)

______ \??\C:\WINDOWS\system32\winlogon.exe (364)

______ C:\WINDOWS\system32\services.exe (408)

______ C:\WINDOWS\system32\lsass.exe (420)

______ C:\WINDOWS\system32\svchost.exe (580)

______ C:\WINDOWS\system32\svchost.exe (640)

______ C:\WINDOWS\System32\svchost.exe (680)

______ C:\WINDOWS\system32\svchost.exe (716)

______ C:\WINDOWS\system32\spoolsv.exe (884)

______ C:\Program Files\Avira\AntiVir Desktop\sched.exe (928)

______ C:\Program Files\Avira\AntiVir Desktop\avguard.exe (1068)

______ C:\Program Files\Java\jre6\bin\jqs.exe (1172)

______ C:\WINDOWS\system32\lxcycoms.exe (1216)

______ C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (1248)

______ C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (1264)

______ C:\WINDOWS\System32\svchost.exe (1348)

______ C:\WINDOWS\System32\dmadmin.exe (1424)

______ C:\WINDOWS\system32\wuauclt.exe (1504)

______ C:\WINDOWS\Explorer.EXE (1784)

______ C:\WINDOWS\system32\igfxtray.exe (1952)

______ C:\WINDOWS\system32\hkcmd.exe (1960)

______ C:\Program Files\Lexmark 3400 Series\lxcymon.exe (1984)

______ C:\Program Files\Lexmark 3400 Series\ezprint.exe (1996)

______ C:\Program Files\SiteAdvisor\6253\SiteAdv.exe (2044)

______ C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (196)

______ C:\Program Files\Common Files\Java\Java Update\jusched.exe (232)

______ C:\Program Files\Messenger\msmsgs.exe (272)

______ C:\WINDOWS\system32\ctfmon.exe (260)

______ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (320)

______ C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (332)

______ C:\WINDOWS\System32\alg.exe (988)

______ C:\WINDOWS\system32\wuauclt.exe (2428)

______ C:\Documents and Settings\Buc\Desktop\Rooter.exe (2660)

.

----------------------\\ Device\Harddisk0\

.

\Device\Harddisk0 [sectors : 63 x 512 Bytes]

.

\Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:32256 | Length:80023233024)

.

----------------------\\ Scheduled Tasks

.

C:\WINDOWS\Tasks\desktop.ini

C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

C:\WINDOWS\Tasks\NSSstub.job

C:\WINDOWS\Tasks\SA.DAT

C:\WINDOWS\Tasks\User_Feed_Synchronization-{422E5770-D947-4E46-90F1-DE548591BFEE}.job

.

----------------------\\ Registry

.

Rootkit! ... [HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_TDSSSERV]

Rootkit! ... [HKLM\SYSTEM\ControlSet002\Enum\Root\LEGACY_TDSSSERV]

Rootkit! ... [HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TDSSSERV]

.

----------------------\\ Files & Folders

.

C:\DOCUME~1\Buc\My Documents\Downloads\NTI_CD-Maker_Platinum_v6[1].0.0.64_by_Vietcrack\cdmaker_60064_crack.exe

==> Cracks & Keygens <==

.

----------------------\\ Scan completed at 21:12.58

.

C:\Rooter$\Rooter_1.txt - (06/06/2010 | 21:12.58).c

LockSearch

LockSearch by jpshortstuff (05.11.09.1)

Log created at 21:14 on 06/06/2010 (Buc)

Scanning C:\

C:\pagefile.sys

-------------------------

-=E.O.F=-

CKScanner log

CKScanner - Additional Security Risks - These are not necessarily bad

c:\documents and settings\buc\my documents\downloads\nti_cd-maker_platinum_v6[1].0.0.64_by_vietcrack\cdmaker_60064_crack.exe

c:\documents and settings\buc\my documents\downloads\nti_cd-maker_platinum_v6[1].0.0.64_by_vietcrack\nti_cd~1.exe

c:\documents and settings\buc\my documents\downloads\nti_cd-maker_platinum_v6[1].0.0.64_by_vietcrack\readme.txt

scanner sequence 3.CP.11

----- EOF -----

WVCheck

No file created

GMER log

GMER 1.0.15.15281 - http://www.gmer.net

Rootkit scan 2010-06-06 23:06:04

Windows 5.1.2600 Service Pack 3

Running: gmer.exe; Driver: C:\DOCUME~1\Buc\LOCALS~1\Temp\pxldqpog.sys

---- System - GMER 1.0.15 ----

SSDT F7C9C386 ZwCreateKey

SSDT F7C9C37C ZwCreateThread

SSDT F7C9C38B ZwDeleteKey

SSDT F7C9C395 ZwDeleteValueKey

SSDT F7C9C39A ZwLoadKey

SSDT F7C9C368 ZwOpenProcess

SSDT F7C9C36D ZwOpenThread

SSDT F7C9C3A4 ZwReplaceKey

SSDT F7C9C39F ZwRestoreKey

SSDT F7C9C390 ZwSetValueKey

SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xED4C3620]

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 450 804E2AAC 1 Byte [20]

.rsrc C:\WINDOWS\system32\drivers\atapi.sys entry point in ".rsrc" section [0xF74C8780]

---- Devices - GMER 1.0.15 ----

Device \Driver\atapi \Device\Ide\IdePort0 [F74BBB3A] atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xac]}

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F74BBB3A] atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xac]}

Device \Driver\atapi \Device\Ide\IdePort1 [F74BBB3A] atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xac]}

Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e [F74BBB3A] atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xac]}

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet003\Services\[email protected] 1

Reg HKLM\SYSTEM\ControlSet003\Services\[email protected] 1

Reg HKLM\SYSTEM\ControlSet003\Services\[email protected] \systemroot\system32\drivers\TDSSserv.sys

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----

OTL logs

OTL logfile created on: 6/6/2010 11:08:10 PM - Run 1

OTL by OldTimer - Version 3.2.5.3 Folder = C:\Documents and Settings\Buc\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

759.00 Mb Total Physical Memory | 444.00 Mb Available Physical Memory | 58.00% Memory free

2.00 Gb Paging File | 1.00 Gb Available in Paging File | 80.00% Paging File free

Paging file location(s): C:\pagefile.sys 1140 2280 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 74.53 Gb Total Space | 61.98 Gb Free Space | 83.17% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: GROOVIN

Current User Name: Buc

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/06/06 20:54:56 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Buc\Desktop\OTL.exe

PRC - [2010/05/18 13:26:23 | 002,397,424 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

PRC - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe

PRC - [2010/03/02 11:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

PRC - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe

PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

PRC - [2009/01/14 17:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2007/12/04 17:03:00 | 000,036,640 | ---- | M] () -- C:\Program Files\SiteAdvisor\6253\SiteAdv.exe

PRC - [2007/06/25 10:34:56 | 000,082,608 | ---- | M] (Lexmark International Inc.) -- C:\Program Files\Lexmark 3400 Series\ezprint.exe

PRC - [2007/06/25 10:34:55 | 000,291,504 | ---- | M] () -- C:\Program Files\Lexmark 3400 Series\lxcymon.exe

PRC - [2007/06/20 06:28:55 | 000,537,264 | ---- | M] ( ) -- C:\WINDOWS\system32\lxcycoms.exe

PRC - [2007/06/08 19:25:40 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

========== Modules (SafeList) ==========

MOD - [2010/06/06 20:54:56 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Buc\Desktop\OTL.exe

MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

MOD - [2008/02/02 09:37:11 | 000,011,552 | ---- | M] () -- C:\Program Files\SiteAdvisor\6253\saHook.dll

========== Win32 Services (SafeList) ==========

SRV - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2009/01/14 17:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)

SRV - [2007/06/20 06:28:55 | 000,537,264 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\lxcycoms.exe -- (lxcy_device)

========== Driver Services (SafeList) ==========

DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)

DRV - [2010/03/01 10:05:24 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)

DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)

DRV - [2010/02/16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2009/05/11 12:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)

DRV - [2009/05/11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2004/10/01 10:24:00 | 002,279,424 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)

DRV - [2004/08/03 22:41:36 | 000,606,684 | ---- | M] (LT) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)

DRV - [2004/08/03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)

DRV - [2003/11/26 18:14:10 | 000,028,857 | ---- | M] (Efficient Networks, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\enethusb.sys -- (ENETHUSB)

DRV - [2002/07/17 08:53:02 | 000,016,877 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Aspi32.sys -- (ASPI32)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://www.yahoo.com/ext/search/search.html'>http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com'>http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.yahoo.com [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

Hosts file not found

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll ()

O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()

O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)

O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()

O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)

O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.

O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll ()

O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()

O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)

O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()

O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()

O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark 3400 Series\ezprint.exe (Lexmark International Inc.)

O4 - HKLM..\Run: [FaxCenterServer] C:\Program Files\Lexmark Fax Solutions\fm3032.exe ()

O4 - HKLM..\Run: [LXCYCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.DLL (Lexmark International Inc.)

O4 - HKLM..\Run: [lxcymon.exe] C:\Program Files\Lexmark 3400 Series\lxcymon.exe ()

O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corp.)

O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)

O4 - HKLM..\Run: [siteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe ()

O4 - HKCU..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)

O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

O4 - HKLM..\RunOnce: [NSSInstallation] C:\WINDOWS\System32\Adobe\Shockwave 11\nssstub.exe (Symantec Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMorePrograms = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogOff = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarCustomize = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0

O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1176029080890 (WUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} http://support.f-secure.com/ols/fscax.cab (F-Secure Online Scanner 3.3)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)

O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254

O18 - Protocol\Handler\siteadvisor {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll ()

O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)

O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)

O24 - Desktop Components:0 () -

O24 - Desktop WallPaper: C:\Documents and Settings\Buc\Application Data\IrfanView\IrfanView_Wallpaper.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Buc\Application Data\IrfanView\IrfanView_Wallpaper.bmp

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2007/04/06 07:45:01 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found

NetSvcs: Ias - C:\WINDOWS\system32\ias [2007/04/06 07:44:38 | 000,000,000 | ---D | M]

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: LanmanServer - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)

NetSvcs: WmdmPmSp - File not found

MsConfig - State: "system.ini" - 0

MsConfig - State: "win.ini" - 0

MsConfig - State: "bootini" - 0

MsConfig - State: "services" - 0

MsConfig - State: "startup" - 0

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: sermouse.sys - Driver

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vds - Service

SafeBootMin: vga.sys - Driver

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: LanmanServer - File not found

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: sermouse.sys - Driver

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: UploadMgr - Service

SafeBootNet: vga.sys - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608555} - Internet Explorer Classes for Java

ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)

ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4

ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.4

ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation

ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.4

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe

ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)

ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)

ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework

ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework

ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

ActiveX: Microsoft Base Smart Card Crypto Provider Package -

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)

Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)

Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)

Drivers32: VIDC.DIVX - C:\WINDOWS\System32\divx.dll (DivX, Inc.)

Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()

Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: VIDC.wmv3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation)

Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()

Drivers32: vidc.yv12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)

CREATERESTOREPOINT

Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2010/06/06 21:12:54 | 000,000,000 | ---D | C] -- C:\Rooter$

[2010/06/06 20:58:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2010/06/06 20:54:56 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Buc\Desktop\OTL.exe

[2010/06/06 20:52:51 | 000,173,119 | ---- | C] (Eric_71) -- C:\Documents and Settings\Buc\Desktop\Rooter.exe

[2010/06/06 20:52:03 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Buc\Desktop\TFC.exe

[2010/06/06 20:25:35 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Buc\Recent

[2010/06/06 18:49:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Buc\Application Data\SUPERAntiSpyware.com

[2010/06/06 18:49:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

[2010/06/06 18:49:30 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware

[2010/06/06 18:37:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun

[2010/06/06 18:36:53 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll

[2010/06/06 18:36:53 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe

[2010/06/06 18:36:53 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe

[2010/06/06 18:36:53 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe

[2010/06/06 18:36:53 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl

[2010/06/06 18:36:33 | 000,000,000 | ---D | C] -- C:\Program Files\Java

[2010/06/06 17:20:15 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2010/06/06 16:34:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData

[2010/06/06 16:30:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Buc\Application Data\Avira

[2010/06/06 16:27:14 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys

[2010/06/06 16:27:14 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys

[2010/06/06 16:27:14 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys

[2010/06/06 16:27:13 | 000,000,000 | ---D | C] -- C:\Program Files\Avira

[2010/06/06 16:27:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira

[2010/06/06 16:20:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Buc\Local Settings\Application Data\Opera

[2010/06/06 16:20:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Buc\Application Data\Opera

[2010/06/06 16:20:21 | 000,000,000 | ---D | C] -- C:\Program Files\Opera

[2010/06/06 15:34:39 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/06/06 15:34:38 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/06/06 15:32:10 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner

[2010/06/06 14:39:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Buc\Application Data\Malwarebytes

[2010/06/06 14:39:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2010/06/06 14:18:54 | 000,000,000 | ---D | C] -- C:\Config.Msi

[2010/06/06 14:18:17 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2008/01/13 17:23:55 | 000,323,584 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcyhcp.dll

[2007/04/04 11:40:29 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcypmui.dll

[2007/04/04 11:39:21 | 001,224,704 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcyserv.dll

[2007/04/04 11:34:13 | 000,421,888 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcycomm.dll

[2007/04/04 11:32:49 | 000,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcylmpm.dll

[2007/04/04 11:31:38 | 000,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcyiesc.dll

[2007/04/04 11:29:29 | 000,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcypplc.dll

[2007/04/04 11:28:42 | 000,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcycomc.dll

[2007/04/04 11:28:11 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcyprox.dll

[2007/04/04 11:22:25 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcyinpa.dll

[2007/04/04 11:21:51 | 000,995,328 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcyusb1.dll

[2007/04/04 11:18:18 | 000,696,320 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcyhbn3.dll

[1 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/06/06 22:25:03 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2010/06/06 21:13:04 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\NSSstub.job

[2010/06/06 21:08:26 | 000,000,876 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2010/06/06 21:08:08 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010/06/06 21:08:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/06/06 21:07:24 | 004,431,872 | ---- | M] () -- C:\Documents and Settings\Buc\ntuser.dat

[2010/06/06 21:07:24 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Buc\ntuser.ini

[2010/06/06 20:54:56 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Buc\Desktop\OTL.exe

[2010/06/06 20:54:16 | 003,513,237 | ---- | M] () -- C:\Documents and Settings\Buc\Desktop\WVCheck.exe

[2010/06/06 20:53:35 | 000,451,584 | ---- | M] () -- C:\Documents and Settings\Buc\Desktop\CKScanner.exe

[2010/06/06 20:53:10 | 000,032,653 | ---- | M] () -- C:\Documents and Settings\Buc\Desktop\LockSearch.exe

[2010/06/06 20:52:52 | 000,173,119 | ---- | M] (Eric_71) -- C:\Documents and Settings\Buc\Desktop\Rooter.exe

[2010/06/06 20:52:03 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Buc\Desktop\TFC.exe

[2010/06/06 20:31:03 | 000,000,595 | ---- | M] () -- C:\WINDOWS\win.ini

[2010/06/06 20:31:03 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini

[2010/06/06 20:31:03 | 000,000,211 | RHS- | M] () -- C:\boot.ini

[2010/06/06 20:28:55 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{422E5770-D947-4E46-90F1-DE548591BFEE}.job

[2010/06/06 18:49:33 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk

[2010/06/06 18:36:38 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe

[2010/06/06 18:36:38 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe

[2010/06/06 18:36:38 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe

[2010/06/06 18:36:38 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl

[2010/06/06 18:36:37 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll

[2010/06/06 16:27:29 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk

[2010/06/06 16:20:26 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk

[2010/06/06 16:14:48 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2010/06/06 15:41:21 | 005,562,634 | -H-- | M] () -- C:\Documents and Settings\Buc\Local Settings\Application Data\IconCache.db

[2010/06/06 15:34:42 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/06/06 15:32:11 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\Buc\Desktop\CCleaner.lnk

[2010/06/06 15:22:37 | 000,612,432 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.new

[2010/06/06 14:23:21 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk

[2010/06/06 13:51:10 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/05/31 07:10:07 | 000,000,341 | ---- | M] () -- C:\Documents and Settings\Buc\Desktop\12.url

[2010/05/22 21:34:42 | 000,000,231 | ---- | M] () -- C:\Documents and Settings\Buc\Desktop\Social Security Online.url

[1 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/06 20:55:47 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Buc\Desktop\gmer.exe

[2010/06/06 20:54:10 | 003,513,237 | ---- | C] () -- C:\Documents and Settings\Buc\Desktop\WVCheck.exe

[2010/06/06 20:53:35 | 000,451,584 | ---- | C] () -- C:\Documents and Settings\Buc\Desktop\CKScanner.exe

[2010/06/06 20:53:10 | 000,032,653 | ---- | C] () -- C:\Documents and Settings\Buc\Desktop\LockSearch.exe

[2010/06/06 18:49:33 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk

[2010/06/06 16:27:29 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk

[2010/06/06 16:20:26 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk

[2010/06/06 15:34:42 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/06/06 15:32:11 | 000,001,548 | ---- | C] () -- C:\Documents and Settings\Buc\Desktop\CCleaner.lnk

[2010/06/06 14:23:21 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk

[2008/01/13 17:25:36 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\LXPRMON.DLL

[2008/01/13 17:25:36 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXPMONUI.DLL

[2008/01/13 17:23:55 | 000,274,432 | ---- | C] () -- C:\WINDOWS\System32\lxcyinst.dll

[2008/01/13 17:23:18 | 000,344,064 | R--- | C] () -- C:\WINDOWS\System32\lxcycoin.dll

[2007/04/28 10:52:23 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2007/04/26 19:53:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iplayer.INI

[2007/04/12 10:12:59 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll

[2007/04/12 10:12:59 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2007/04/12 10:12:59 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2007/04/12 10:12:58 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2007/04/12 10:12:58 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest

[2007/04/08 20:47:48 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll

[2006/08/14 17:07:04 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxcycaps.dll

[2006/08/08 15:58:04 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\lxcydrs.dll

[2006/03/23 04:33:20 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxcyvs.dll

[2006/01/25 18:11:04 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\lxcycnv4.dll

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >

[2007/04/06 07:45:01 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT

[2010/06/06 20:31:03 | 000,000,211 | RHS- | M] () -- C:\boot.ini

[2007/04/06 07:45:01 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS

[2007/07/19 12:13:23 | 000,000,076 | ---- | M] () -- C:\DVDPATH.TXT

[2007/04/06 07:45:01 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

[2007/06/22 10:29:14 | 000,001,659 | -H-- | M] () -- C:\IPH.PH

[2010/06/06 18:37:24 | 000,019,830 | ---- | M] () -- C:\JavaRa.log

[2007/04/06 07:45:01 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2007/04/08 06:06:10 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM

[2008/09/01 16:58:58 | 000,250,048 | RHS- | M] () -- C:\ntldr

[2010/06/06 21:08:00 | 1195,376,640 | -HS- | M] () -- C:\pagefile.sys

[2007/04/08 06:42:59 | 000,008,433 | ---- | M] () -- C:\SSInst.log

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

[2007/04/06 03:30:00 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav

[2007/04/06 03:30:00 | 000,602,112 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav

[2007/04/06 03:30:00 | 000,389,120 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\user32.dll /md5 >

[2008/04/13 20:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >

[2008/04/13 20:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll

< %PROGRAMFILES%\*. >

[2008/02/05 16:53:45 | 000,000,000 | ---D | M] -- C:\Program Files\Abbyy FineReader 6.0 Sprint

[2007/06/22 10:29:14 | 000,000,000 | ---D | M] -- C:\Program Files\AIM6

[2010/06/06 16:27:13 | 000,000,000 | ---D | M] -- C:\Program Files\Avira

[2010/06/06 15:32:11 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner

[2008/06/15 09:47:17 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files

[2007/04/06 07:42:16 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications

[2007/04/08 06:27:08 | 000,000,000 | ---D | M] -- C:\Program Files\Efficient Networks

[2010/06/06 17:20:15 | 000,000,000 | ---D | M] -- C:\Program Files\ESET

[2010/06/06 14:23:05 | 000,000,000 | ---D | M] -- C:\Program Files\Google

[2008/01/24 22:47:08 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information

[2007/04/26 18:19:50 | 000,000,000 | ---D | M] -- C:\Program Files\InterActual

[2010/01/22 21:03:07 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer

[2007/04/09 15:51:34 | 000,000,000 | ---D | M] -- C:\Program Files\IrfanView

[2010/06/06 18:36:33 | 000,000,000 | ---D | M] -- C:\Program Files\Java

[2008/05/05 20:16:59 | 000,000,000 | ---D | M] -- C:\Program Files\jv16 PowerTools

[2007/04/12 10:12:58 | 000,000,000 | ---D | M] -- C:\Program Files\K-Lite Codec Pack

[2007/04/09 14:55:12 | 000,000,000 | ---D | M] -- C:\Program Files\Lavalys

[2008/01/13 17:24:51 | 000,000,000 | ---D | M] -- C:\Program Files\Lexmark 3400 Series

[2008/01/13 17:25:51 | 000,000,000 | ---D | M] -- C:\Program Files\Lexmark Fax Solutions

[2008/01/13 17:27:42 | 000,000,000 | ---D | M] -- C:\Program Files\Lexmark Toolbar

[2010/06/06 14:21:29 | 000,000,000 | ---D | M] -- C:\Program Files\lx_cats

[2010/06/06 15:34:42 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware

[2008/09/01 17:09:21 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger

[2009/08/18 20:40:16 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft

[2007/04/06 07:45:09 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage

[2008/09/01 17:03:19 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker

[2007/04/08 08:02:59 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild

[2009/08/18 20:38:34 | 000,000,000 | ---D | M] -- C:\Program Files\MSN

[2007/04/06 07:41:36 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone

[2007/08/15 09:26:13 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 6.0

[2007/04/09 14:38:16 | 000,000,000 | ---D | M] -- C:\Program Files\Nero

[2008/09/01 17:00:59 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting

[2009/07/19 19:14:07 | 000,000,000 | ---D | M] -- C:\Program Files\NOS

[2007/04/06 07:41:47 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services

[2010/06/06 16:22:40 | 000,000,000 | ---D | M] -- C:\Program Files\Opera

[2009/08/13 00:14:11 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express

[2007/04/08 07:58:57 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies

[2008/05/22 10:15:20 | 000,000,000 | ---D | M] -- C:\Program Files\SiteAdvisor

[2010/06/06 18:38:51 | 000,000,000 | ---D | M] -- C:\Program Files\SpywareBlaster

[2010/06/06 18:49:33 | 000,000,000 | ---D | M] -- C:\Program Files\SUPERAntiSpyware

[2007/04/06 07:50:14 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information

[2007/04/12 11:04:16 | 000,000,000 | ---D | M] -- C:\Program Files\Viewpoint

[2010/06/06 15:11:14 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2

[2008/09/01 17:00:55 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player

[2008/09/01 17:00:55 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT

[2007/04/06 07:41:47 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate

[2009/07/19 20:04:51 | 000,000,000 | ---D | M] -- C:\Program Files\WOT

[2007/04/06 07:45:09 | 000,000,000 | ---D | M] -- C:\Program Files\xerox

[2009/05/06 12:25:30 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-01-23 01:03:21

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >

OTL Extras logfile created on: 6/6/2010 11:08:10 PM - Run 1

OTL by OldTimer - Version 3.2.5.3 Folder = C:\Documents and Settings\Buc\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

759.00 Mb Total Physical Memory | 444.00 Mb Available Physical Memory | 58.00% Memory free

2.00 Gb Paging File | 1.00 Gb Available in Paging File | 80.00% Paging File free

Paging file location(s): C:\pagefile.sys 1140 2280 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 74.53 Gb Total Space | 61.98 Gb Free Space | 83.17% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: GROOVIN

Current User Name: Buc

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- Reg Error: Key error.

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)

"C:\WINDOWS\system32\lxcycoms.exe" = C:\WINDOWS\system32\lxcycoms.exe:*:Enabled:Lexmark Communications System -- ( )

"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- File not found

"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{07474E69-E9E4-4B03-AC0E-D24B04231033}" = Nero 7 Essentials

"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" = Lexmark Toolbar

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F85CAAA-B786-4E5B-AADD-638856992EF3}" = Opera 10.53

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java 6 Update 20

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = IntelĀ® Extreme Graphics Driver

"{98177940-C048-4831-A279-F3888B1E2C7F}" = InstallMgr

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A8AC89BA-D8CB-4372-9743-1C54D23286B0}" = MSN Toolbar

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint

"{B6EF6DCE-078E-4952-A7FA-352A9C349EB0}" = MSN Toolbar

"{B7148D71-0A8F-4501-96B4-4E1CC67F874E}" = Microsoft Default Manager

"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{DB6BD5D5-8482-45C0-99CF-745C5B924497}" = WOT for Internet Explorer

"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth

"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio

"Adobe Shockwave Player" = Adobe Shockwave Player

"AIM_6" = AIM 6

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"CCleaner" = CCleaner

"EfntSSDSL" = Efficient Networks SpeedStream DSL

"ESET Online Scanner" = ESET Online Scanner v3

"EVEREST Home Edition_is1" = EVEREST Home Edition v1.51

"HijackThis" = HijackThis 2.0.2

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"ie8" = Windows Internet Explorer 8

"InterActual Player" = InterActual Player

"IrfanView" = IrfanView (remove only)

"jv16 PowerTools_is1" = jv16 PowerTools 1.3

"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 1.70

"Lexmark 3400 Series" = Lexmark 3400 Series

"Lexmark Fax Solutions" = Lexmark Fax Solutions

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"McAfee SiteAdvisor" = McAfee SiteAdvisor

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"ViewpointMediaPlayer" = Viewpoint Media Player

"WIC" = Windows Imaging Component

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Service Pack" = Windows XP Service Pack 3

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 5/7/2010 6:00:14 AM | Computer Name = GROOVIN | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

with error: A connection with the server could not be established

Error - 5/9/2010 7:15:55 PM | Computer Name = GROOVIN | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

with error: A connection with the server could not be established

Error - 5/10/2010 7:07:35 AM | Computer Name = GROOVIN | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

with error: A connection with the server could not be established

Error - 5/12/2010 7:24:06 AM | Computer Name = GROOVIN | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

with error: A connection with the server could not be established

Error - 5/21/2010 8:47:46 AM | Computer Name = GROOVIN | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

with error: A connection with the server could not be established

Error - 6/6/2010 2:20:27 PM | Computer Name = GROOVIN | Source = Avira AntiVir | ID = 4122

Description = Unable to load file AVPREF.DLL. Returned error code: 0x45a

Error - 6/6/2010 2:33:43 PM | Computer Name = GROOVIN | Source = Avira AntiVir | ID = 4122

Description = Unable to load file AVPREF.DLL. Returned error code: 0x45a

Error - 6/6/2010 2:38:17 PM | Computer Name = GROOVIN | Source = Avira AntiVir | ID = 4122

Description = Unable to load file AVPREF.DLL. Returned error code: 0x45a

Error - 6/6/2010 4:34:26 PM | Computer Name = GROOVIN | Source = COM+ | ID = 135763

Description = The run-time environment was unable to initialize for transactions

required to support transactional components. Make sure that MS-DTC is running.

(DtcGetTransactionManagerEx(): hr = 0x8004d01

Error - 6/6/2010 7:23:14 PM | Computer Name = GROOVIN | Source = COM+ | ID = 135763

Description = The run-time environment was unable to initialize for transactions

required to support transactional components. Make sure that MS-DTC is running.

(DtcGetTransactionManagerEx(): hr = 0x8004d01

[ System Events ]

Error - 6/6/2010 4:36:43 PM | Computer Name = GROOVIN | Source = Removable Storage Service | ID = 262255

Description = RSM could not load media in drive Drive 0 of library Flash Disk USB

Device.

Error - 6/6/2010 4:38:16 PM | Computer Name = GROOVIN | Source = Removable Storage Service | ID = 262255

Description = RSM could not load media in drive Drive 0 of library Flash Disk USB

Device.

Error - 6/6/2010 4:38:18 PM | Computer Name = GROOVIN | Source = Removable Storage Service | ID = 262255

Description = RSM could not load media in drive Drive 0 of library Flash Disk USB

Device.

Error - 6/6/2010 4:46:02 PM | Computer Name = GROOVIN | Source = Removable Storage Service | ID = 262255

Description = RSM could not load media in drive Drive 0 of library Flash Disk USB

Device.

Error - 6/6/2010 4:46:04 PM | Computer Name = GROOVIN | Source = Removable Storage Service | ID = 262255

Description = RSM could not load media in drive Drive 0 of library Flash Disk USB

Device.

Error - 6/6/2010 4:59:15 PM | Computer Name = GROOVIN | Source = Removable Storage Service | ID = 262255

Description = RSM could not load media in drive Drive 0 of library Flash Disk USB

Device.

Error - 6/6/2010 4:59:18 PM | Computer Name = GROOVIN | Source = Removable Storage Service | ID = 262255

Description = RSM could not load media in drive Drive 0 of library Flash Disk USB

Device.

Error - 6/6/2010 8:59:17 PM | Computer Name = GROOVIN | Source = Service Control Manager | ID = 7034

Description = The Java Quick Starter service terminated unexpectedly. It has done

this 1 time(s).

Error - 6/6/2010 8:59:17 PM | Computer Name = GROOVIN | Source = Service Control Manager | ID = 7034

Description = The lxcy_device service terminated unexpectedly. It has done this

1 time(s).

Error - 6/6/2010 8:59:17 PM | Computer Name = GROOVIN | Source = Service Control Manager | ID = 7034

Description = The SeaPort service terminated unexpectedly. It has done this 1 time(s).

< End of report >

Share this post


Link to post
Share on other sites

Download ComboFix here :

Link 1

Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them
    Click me
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

Share this post


Link to post
Share on other sites

ComboFix 10-06-07.03 - Buc 06/07/2010 21:03:39.1.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.759.505 [GMT -4:00]

Running from: c:\documents and settings\Buc\Desktop\ComboFix.exe

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

Infected copy of c:\windows\system32\drivers\atapi.sys was found and disinfected

Restored copy from - Kitty had a snack :P

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_TDSSSERV

((((((((((((((((((((((((( Files Created from 2010-05-08 to 2010-06-08 )))))))))))))))))))))))))))))))

.

2010-06-07 01:12 . 2010-06-07 01:12 -------- d-----w- C:\Rooter$

2010-06-06 22:50 . 2010-06-06 22:50 63488 ----a-w- c:\documents and settings\Buc\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll

2010-06-06 22:50 . 2010-06-06 22:50 52224 ----a-w- c:\documents and settings\Buc\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll

2010-06-06 22:50 . 2010-06-06 22:50 117760 ----a-w- c:\documents and settings\Buc\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

2010-06-06 22:49 . 2010-06-06 22:49 -------- d-----w- c:\documents and settings\Buc\Application Data\SUPERAntiSpyware.com

2010-06-06 22:49 . 2010-06-06 22:49 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2010-06-06 22:49 . 2010-06-06 22:49 -------- d-----w- c:\program files\SUPERAntiSpyware

2010-06-06 22:36 . 2010-06-06 22:36 411368 ----a-w- c:\windows\system32\deployJava1.dll

2010-06-06 22:36 . 2010-06-06 22:36 -------- d-----w- c:\program files\Java

2010-06-06 22:35 . 2010-06-06 22:35 79488 ----a-w- c:\documents and settings\Buc\Application Data\Sun\Java\jre1.6.0_20\gtapi.dll

2010-06-06 22:35 . 2010-06-06 22:35 152576 ----a-w- c:\documents and settings\Buc\Application Data\Sun\Java\jre1.6.0_20\lzma.dll

2010-06-06 21:20 . 2010-06-06 21:20 -------- d-----w- c:\program files\ESET

2010-06-06 20:34 . 2010-06-06 23:49 -------- d-----w- c:\windows\system32\NtmsData

2010-06-06 20:30 . 2010-06-06 20:30 -------- d-----w- c:\documents and settings\Buc\Application Data\Avira

2010-06-06 20:27 . 2010-03-01 14:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys

2010-06-06 20:27 . 2009-05-11 16:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys

2010-06-06 20:27 . 2009-05-11 16:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys

2010-06-06 20:27 . 2010-06-06 20:27 -------- d-----w- c:\program files\Avira

2010-06-06 20:27 . 2010-06-06 20:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira

2010-06-06 20:20 . 2010-06-06 20:20 -------- d-----w- c:\documents and settings\Buc\Local Settings\Application Data\Opera

2010-06-06 20:20 . 2010-06-06 20:22 -------- d-----w- c:\program files\Opera

2010-06-06 19:34 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-06-06 19:34 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-06-06 19:32 . 2010-06-06 19:32 -------- d-----w- c:\program files\CCleaner

2010-06-06 18:39 . 2010-06-06 18:39 -------- d-----w- c:\documents and settings\Buc\Application Data\Malwarebytes

2010-06-06 18:39 . 2010-06-06 18:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-06-06 18:19 . 2010-06-06 18:19 -------- d-----w- c:\windows\system32\wbem\Repository

2010-06-06 18:18 . 2010-06-06 19:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-06-06 22:38 . 2008-06-15 13:39 -------- d-----w- c:\program files\SpywareBlaster

2010-06-06 22:37 . 2008-06-15 13:47 -------- d-----w- c:\program files\Common Files\Java

2010-06-06 22:31 . 2008-04-30 13:16 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2010-06-06 19:11 . 2007-04-26 15:59 -------- d-----w- c:\program files\Windows Media Connect 2

2010-06-06 18:23 . 2007-04-09 19:22 -------- d-----w- c:\program files\Google

2010-06-06 18:21 . 2008-01-13 21:26 -------- d-----w- c:\program files\lx_cats

2010-05-25 17:02 . 2008-02-05 20:40 -------- d-----w- c:\documents and settings\Buc\Application Data\MSN6

2010-05-01 11:28 . 2008-02-02 13:35 -------- d-----w- c:\documents and settings\Buc\Application Data\SiteAdvisor

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-08 68856]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-05-18 2397424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-11-02 155648]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-11-02 126976]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]

"lxcymon.exe"="c:\program files\Lexmark 3400 Series\lxcymon.exe" [2007-06-25 291504]

"EzPrint"="c:\program files\Lexmark 3400 Series\ezprint.exe" [2007-06-25 82608]

"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2007-06-25 295600]

"LXCYCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll" [2006-11-21 106496]

"SiteAdvisor"="c:\program files\SiteAdvisor\6253\SiteAdv.exe" [2007-12-04 36640]

"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"NSSInstallation"="c:\windows\system32\Adobe\Shockwave 11\nssstub.exe" [2009-02-12 181624]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\WINDOWS\\system32\\lxcycoms.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Opera\\opera.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [6/6/2010 4:27 PM 135336]

R2 lxcy_device;lxcy_device;c:\windows\system32\lxcycoms.exe -service --> c:\windows\system32\lxcycoms.exe -service [?]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/23/2009 9:59 PM 133104]

.

Contents of the 'Scheduled Tasks' folder

2010-06-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-24 01:59]

2010-06-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-24 01:59]

2010-06-08 c:\windows\Tasks\NSSstub.job

- c:\windows\system32\Adobe\Shockwave 11\nssstub.exe [2009-02-12 13:22]

2010-06-08 c:\windows\Tasks\User_Feed_Synchronization-{422E5770-D947-4E46-90F1-DE548591BFEE}.job

- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]

.

.

------- Supplementary Scan -------

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html

uInternet Connection Wizard,ShellNext = iexplore

uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

.

- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-06-07 21:10

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(364)

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(3284)

c:\windows\system32\WININET.dll

c:\program files\SiteAdvisor\6253\saHook.dll

c:\progra~1\WINDOW~2\wmpband.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Avira\AntiVir Desktop\avguard.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\system32\lxcycoms.exe

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files\Avira\AntiVir Desktop\avshadow.exe

.

**************************************************************************

.

Completion time: 2010-06-07 21:13:41 - machine was rebooted

ComboFix-quarantined-files.txt 2010-06-08 01:13

Pre-Run: 66,460,205,056 bytes free

Post-Run: 66,375,041,024 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

- - End Of File - - 48F0FA5D7D552DAE7DA2C9BAF87B6116

Share this post


Link to post
Share on other sites

Download TDSSKiller and save it to your Desktop.

  • Extract the file and run it.
  • Once completed it will create a log in your C:\ drive
  • Please post the contents of that log

Download TFC to your desktop

  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Go to Kaspersky website and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases

[*]Click on My Computer under Scan.

[*]Once the scan is complete, it will display the results. Click on View Scan Report.

[*]You will see a list of infected items there. Click on Save Report As....

[*]Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

Share this post


Link to post
Share on other sites

Kaspersky will not run. It says I need to install Java, but Java is up to date and functional. Internet Explorer closes saying it can't open this site. Opera doesn't have a problem.

14:20:56:203 3116 TDSS rootkit removing tool 2.3.2.0 May 31 2010 10:39:48

14:20:56:203 3116 ================================================================================

14:20:56:203 3116 SystemInfo:

14:20:56:203 3116 OS Version: 5.1.2600 ServicePack: 3.0

14:20:56:203 3116 Product type: Workstation

14:20:56:203 3116 ComputerName: GROOVIN

14:20:56:203 3116 UserName: Buc

14:20:56:203 3116 Windows directory: C:\WINDOWS

14:20:56:203 3116 Processor architecture: Intel x86

14:20:56:203 3116 Number of processors: 1

14:20:56:203 3116 Page size: 0x1000

14:20:56:203 3116 Boot type: Normal boot

14:20:56:203 3116 ================================================================================

14:20:56:531 3116 Initialize success

14:20:56:531 3116

14:20:56:531 3116 Scanning Services ...

14:20:56:859 3116 Raw services enum returned 312 services

14:20:56:859 3116

14:20:56:859 3116 Scanning Drivers ...

14:20:57:453 3116 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

14:20:57:500 3116 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

14:20:57:546 3116 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

14:20:57:640 3116 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

14:20:57:796 3116 ALCXWDM (8d6c30e515717248e0e52b85fd7ac466) C:\WINDOWS\system32\drivers\ALCXWDM.SYS

14:20:57:984 3116 ASPI32 (5b01af89d16d562825c4db4530f20cbb) C:\WINDOWS\system32\drivers\ASPI32.sys

14:20:58:031 3116 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

14:20:58:093 3116 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

14:20:58:171 3116 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

14:20:58:187 3116 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

14:20:58:281 3116 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys

14:20:58:343 3116 avgntflt (a88d29d928ad2b830e87b53e3f9bc182) C:\WINDOWS\system32\DRIVERS\avgntflt.sys

14:20:58:406 3116 avipbb (1289e9a5d9118a25a13c0009519088e3) C:\WINDOWS\system32\DRIVERS\avipbb.sys

14:20:58:437 3116 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

14:20:58:468 3116 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

14:20:58:515 3116 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

14:20:58:546 3116 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

14:20:58:593 3116 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

14:20:58:703 3116 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

14:20:58:750 3116 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

14:20:58:828 3116 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

14:20:58:875 3116 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

14:20:58:906 3116 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

14:20:58:984 3116 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

14:20:59:031 3116 ENETHUSB (299369fc1a8e34c2f117fddbdeac3c65) C:\WINDOWS\system32\DRIVERS\enethusb.sys

14:20:59:078 3116 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

14:20:59:125 3116 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

14:20:59:140 3116 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

14:20:59:171 3116 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

14:20:59:234 3116 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

14:20:59:281 3116 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

14:20:59:343 3116 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

14:20:59:390 3116 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

14:20:59:453 3116 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

14:20:59:531 3116 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

14:20:59:625 3116 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

14:20:59:687 3116 ialm (d4405bd2b6e95efdc8e674ed4032874f) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

14:20:59:796 3116 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

14:20:59:843 3116 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

14:20:59:906 3116 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

14:20:59:968 3116 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

14:21:00:015 3116 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

14:21:00:046 3116 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

14:21:00:093 3116 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

14:21:00:156 3116 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

14:21:00:203 3116 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

14:21:00:234 3116 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

14:21:00:265 3116 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

14:21:00:328 3116 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

14:21:00:375 3116 klmd23 (67e1faa88fb397b3d56909d7e04f4dd3) C:\WINDOWS\system32\drivers\klmd.sys

14:21:00:406 3116 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

14:21:00:468 3116 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

14:21:00:578 3116 ltmodem5 (9ee18a5a45552673a67532ea37370377) C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys

14:21:00:656 3116 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

14:21:00:671 3116 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

14:21:00:687 3116 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

14:21:00:734 3116 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

14:21:00:765 3116 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

14:21:00:812 3116 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

14:21:00:906 3116 MRxSmb (60ae98742484e7ab80c3c1450e708148) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

14:21:00:968 3116 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

14:21:01:015 3116 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

14:21:01:046 3116 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

14:21:01:062 3116 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

14:21:01:109 3116 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

14:21:01:125 3116 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

14:21:01:156 3116 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

14:21:01:218 3116 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

14:21:01:250 3116 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

14:21:01:265 3116 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

14:21:01:343 3116 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys

14:21:01:562 3116 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

14:21:01:656 3116 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

14:21:01:718 3116 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

14:21:01:796 3116 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

14:21:01:828 3116 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

14:21:01:875 3116 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

14:21:01:890 3116 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

14:21:01:937 3116 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

14:21:01:968 3116 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

14:21:02:015 3116 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

14:21:02:078 3116 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

14:21:02:140 3116 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys

14:21:02:187 3116 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

14:21:02:296 3116 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

14:21:02:328 3116 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

14:21:02:343 3116 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

14:21:02:437 3116 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

14:21:02:468 3116 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

14:21:02:484 3116 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

14:21:02:515 3116 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

14:21:02:562 3116 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

14:21:02:609 3116 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

14:21:02:640 3116 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

14:21:02:703 3116 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

14:21:02:750 3116 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS

14:21:02:828 3116 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS

14:21:02:828 3116 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

14:21:02:875 3116 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

14:21:02:906 3116 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

14:21:02:968 3116 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

14:21:03:031 3116 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

14:21:03:078 3116 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

14:21:03:125 3116 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

14:21:03:171 3116 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys

14:21:03:203 3116 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

14:21:03:234 3116 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

14:21:03:328 3116 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

14:21:03:421 3116 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

14:21:03:468 3116 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

14:21:03:484 3116 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

14:21:03:546 3116 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

14:21:03:593 3116 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

14:21:03:671 3116 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

14:21:03:718 3116 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

14:21:03:750 3116 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

14:21:03:765 3116 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

14:21:03:796 3116 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

14:21:03:812 3116 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

14:21:03:828 3116 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

14:21:03:859 3116 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

14:21:03:906 3116 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

14:21:03:953 3116 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

14:21:03:984 3116 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

14:21:04:031 3116 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

14:21:04:078 3116 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

14:21:04:156 3116 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

14:21:04:218 3116 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

14:21:04:218 3116

14:21:04:218 3116 Completed

14:21:04:218 3116

14:21:04:218 3116 Results:

14:21:04:218 3116 Registry objects infected / cured / cured on reboot: 0 / 0 / 0

14:21:04:218 3116 File objects infected / cured / cured on reboot: 0 / 0 / 0

14:21:04:218 3116

14:21:04:234 3116 KLMD(ARK) unloaded successfully

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4180

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

6/8/2010 2:32:57 PM

mbam-log-2010-06-08 (14-32-57).txt

Scan type: Quick scan

Objects scanned: 134778

Time elapsed: 6 minute(s), 11 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Share this post


Link to post
Share on other sites

* Go here to run an online scannner from ESET.

  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Check next options: Remove found threats and Scan unwanted applications.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\ESET Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic

Share this post


Link to post
Share on other sites

Seeing as IE is still not functioning right I downloaded the ESET online scanner and ran it.

ESET scan results

C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\atapi.sys.vir Win32/Olmarik.TM trojan cleaned - quarantined

Share this post


Link to post
Share on other sites

well your logs are clean

lets see bout fixing that IE problem

Please download OTM

  • Save it to your desktop.
  • Please double-click OTM to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :Processes

    :Services

    :Reg

    :Files

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [EMPTYFLASH]
    [Reboot]


  • Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM and reboot your PC.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

click start > run > type cmd > type ipconfig /flushdns > click ok

reboot, IE better ?

Share this post


Link to post
Share on other sites

Could not flush DNS. I will look into that. I can't remember if I set this PC up last year to use OpenDNS. If not it will soon be. IE now seems to be functioning fine. No redirects or Java issues.

OTM log

All processes killed

========== PROCESSES ==========

========== SERVICES/DRIVERS ==========

========== REGISTRY ==========

========== FILES ==========

========== COMMANDS ==========

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Buc

->Temp folder emptied: 2693021 bytes

->Temporary Internet Files folder emptied: 7882925 bytes

->Java cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 32902 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 10.00 mb

Restore point Set: OTM Restore Point (0)

OTM by OldTimer - Version 3.1.12.2 log created on 06092010_165308

Share this post


Link to post
Share on other sites

Your logs are clean

Follow these steps to uninstall Combofix and tools used in the removal of malware

Uninstall ComboFix

Remove Combofix now that we're done with it.

  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
    CF_Uninstall-1.jpg
  • Please follow the prompts to uninstall Combofix.
  • You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

  • Open OTL
  • Under the Custom Scans/Fixes box at the bottom, paste the following:
    :Commands
    [clearallrestorepoints]


  • Click the Run Fix button at the top
  • It might ask you to reboot, if so click YES

  • Open OTL to run it. (Vista users, right click on OTL and "Run as administrator")
  • Click on the CleanUp button.
  • Click Yes to begin the cleanup process and remove tools, including this application
  • You may be asked to reboot the machine to finish the cleanup process - if so, choose Yes

  • Please read my guide on how to prevent malware and about safe computing here

Thank you for your patience, and performing all of the procedures requested.

Share this post


Link to post
Share on other sites

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.