BleepingComputer.com: Need assistance removing rootkit

Jump to content

Forum Guidelines

Posted Image Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help


Posted Image Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.


Posted Image DO NOT RUN ComboFix unless requested to.


Posted Image Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.


Posted Image When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.


Posted Image Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
Page 1 of 1
  • You cannot start a new topic
  • This topic is locked

Need assistance removing rootkit

#1 User is offline   The_Kraken666 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 7
  • Joined: 07-January 12

Posted 07 January 2012 - 09:24 PM

Hello, Ive noticed my computer acting very strange for the past 6 months and havnt thought much of it because ive been busy with other things in life so i havnt had the chance to realize the problem I have had. My computer first started giving me problems by randomly shutting off when playing games for longer than 10 mins. Which im a huge gamer and ive put some good cash into my computer to ensure that it can run anything. At first I thought that it was my power supply that was giving me problems. So i purchased a new power supply and replaced it. At first my computer worked fine for a few weeks untill it returned to its origonal problem. During this whole time I would get messages saying "End Program - l1rezerv" whenever I would try to turn off my computer.

I researched and discovered that my computer could possibly have a user-based or kernal-based rootkit inside. ive used GMER and DDS to get these files. This websight has instructed me to post the report files on here. So im hoping to get this fixed. Thank yyou. Also when i used GMER the scan showed this "C:\WINDOWS\system32\DRIVERS\redbook.sys" Ibelive that the root kit is held within these system files in the OS

P.S. I have tryed reinstalling my OS completly and it only made things worse. Right now my computer is not commecting to the internet because of this so im using my laptop to post on the form and a usb drive to transfer files from the internet and from computer to computer..

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 6/1/2008 7:34:33 PM
System Uptime: 5/30/2008 12:05:35 AM (0 hours ago)
.
Motherboard: ECS | | GeForce7050M-M
Processor: AMD Athlon™ 64 X2 Dual Core Processor 5000+ | CPU 1 | 2593/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 466 GiB total, 393.479 GiB free.
D: is Removable
E: is CDROM (UDF)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.5
AlienGUIse Theme Manager
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bing Rewards Client Installer
Conduit Engine
Demigod
Dungeon Siege 2
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB945282)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB946040)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB946308)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB947540)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB947789)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB948127)
Impulse
IMVU Avatar Chat Software
IMVU Inc Toolbar
iTunes
Java Auto Updater
Java™ 6 Update 26
LG USB Modem Drivers
MediaShow 3.0
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Default Manager
Microsoft Games for Windows - LIVE Redistributable
Microsoft Silverlight
Microsoft SQL Server 2008
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Management Objects
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
Microsoft XNA Framework Redistributable 3.1
MobileMe Control Panel
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
Nero 8 Essentials
neroxml
NETGEAR WG311v3 PCI Adapter
Nexon Game Manager
Nielsen
NVIDIA Control Panel 280.26
NVIDIA Drivers
NVIDIA Graphics Driver 280.26
NVIDIA Install Application
NVIDIA nView 135.94
NVIDIA nView Desktop Manager
NVIDIA PhysX
NVIDIA PhysX System Software 9.10.0514
NVIDIA Update 1.4.28
NVIDIA Update Components
Oblivion
OpenOffice.org 3.2
PC Matic 1.0.0.0
PowerDVD
PunkBuster Services
Quake 4™
Quick Web Player
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
Realtek High Definition Audio Driver
RealUpgrade 1.1
RPG Double Pack
Safari
Search Toolbar
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB2251487)
Security Update for Windows XP (KB923789)
Sql Server Customer Experience Improvement Program
SQL Server System CLR Types
Starcraft
System Requirements Lab
The Battle for Middle-earth ™
The Witcher
UE3Redist
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VCRedistSetup
VLC media player 1.0.5
Warcraft III
WebFldrs XP
Westwood Shared Internet Components
WhiteSmoke Bar Toolbar
WindowBlinds
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Media Format 11 runtime
Windows Media Format Runtime
Windows Media Player 11
WModem Driver Installer
Wolfenstein™ 1.2 Patch
Yahoo! Detect
.
==== Event Viewer Messages From Past Week ========
.
7/22/2008 6:23:52 AM, error: DCOM [10005] - DCOM got error "%230" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
6/2/2008 4:20:39 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AmdK8 Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
6/2/2008 4:20:39 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
6/2/2008 4:20:39 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
6/2/2008 4:20:39 AM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
6/2/2008 4:20:38 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
6/2/2008 4:20:38 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
6/2/2008 4:19:43 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
6/2/2008 4:19:34 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
6/2/2008 4:09:13 AM, error: Service Control Manager [7023] - The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error: Either the application has not called WSAStartup, or WSAStartup failed.
6/2/2008 3:31:45 AM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
6/1/2008 6:48:25 PM, error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
6/1/2008 6:29:01 PM, error: Service Control Manager [7034] - The Wireless Zero Configuration service terminated unexpectedly. It has done this 1 time(s).
6/1/2008 6:29:01 PM, error: Service Control Manager [7034] - The DHCP Client service terminated unexpectedly. It has done this 1 time(s).
6/1/2008 6:29:01 PM, error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/1/2008 6:29:01 PM, error: Service Control Manager [7024] - The SQL Server (SQLEXPRESS) service terminated with service-specific error 3417 (0xD59).
6/1/2008 6:29:01 PM, error: Service Control Manager [7023] - The IPSEC Services service terminated with the following error: A non-recoverable error occurred during a database lookup.
6/1/2008 6:29:01 PM, error: Service Control Manager [7022] - The Wireless Zero Configuration service hung on starting.
6/1/2008 6:29:01 PM, error: Service Control Manager [7022] - The Windows Image Acquisition (WIA) service hung on starting.
6/1/2008 6:29:01 PM, error: Service Control Manager [7022] - The DHCP Client service hung on starting.
6/1/2008 6:29:01 PM, error: Service Control Manager [7001] - The Windows Firewall/Internet Connection Sharing (ICS) service depends on the Network Connections service which failed to start because of the following error: The pipe state is invalid.
6/1/2008 6:29:01 PM, error: Service Control Manager [7001] - The System Event Notification service depends on the COM+ Event System service which failed to start because of the following error: The pipe state is invalid.
6/1/2008 6:29:01 PM, error: Service Control Manager [7001] - The Security Center service depends on the Windows Management Instrumentation service which failed to start because of the following error: The pipe state is invalid.
6/1/2008 6:29:01 PM, error: Service Control Manager [7001] - The Computer Browser service depends on the Workstation service which failed to start because of the following error: The pipe state is invalid.
6/1/2008 6:29:01 PM, error: Service Control Manager [7000] - The Workstation service failed to start due to the following error: The pipe state is invalid.
6/1/2008 6:29:01 PM, error: Service Control Manager [7000] - The Windows Time service failed to start due to the following error: The pipe state is invalid.
6/1/2008 6:29:01 PM, error: Service Control Manager [7000] - The Windows Audio service failed to start due to the following error: The pipe state is invalid.
6/1/2008 6:29:01 PM, error: Service Control Manager [7000] - The Task Scheduler service failed to start due to the following error: The pipe state is invalid.
6/1/2008 6:29:01 PM, error: Service Control Manager [7000] - The System Restore Service service failed to start due to the following error: The pipe state is invalid.
6/1/2008 6:29:01 PM, error: Service Control Manager [7000] - The Server service failed to start due to the following error: The pipe state is invalid.
6/1/2008 6:29:01 PM, error: Service Control Manager [7000] - The Network Connections service failed to start due to the following error: The pipe state is invalid.
6/1/2008 6:29:01 PM, error: Service Control Manager [7000] - The HID Input Service service failed to start due to the following error: The pipe state is invalid.
6/1/2008 6:29:01 PM, error: Service Control Manager [7000] - The Help and Support service failed to start due to the following error: The pipe state is invalid.
6/1/2008 6:29:01 PM, error: Service Control Manager [7000] - The Distributed Link Tracking Client service failed to start due to the following error: The pipe state is invalid.
6/1/2008 6:29:01 PM, error: Service Control Manager [7000] - The Cryptographic Services service failed to start due to the following error: The pipe state is invalid.
6/1/2008 6:29:01 PM, error: Service Control Manager [7000] - The COM+ Event System service failed to start due to the following error: The pipe state is invalid.
6/1/2008 6:29:01 PM, error: Service Control Manager [7000] - The Automatic Updates service failed to start due to the following error: The pipe state is invalid.
6/1/2008 6:00:38 PM, error: Service Control Manager [7022] - The WebClient service hung on starting.
6/1/2008 6:00:38 PM, error: Service Control Manager [7016] - The WebClient service has reported an invalid current state 11003.
6/1/2008 6:00:38 PM, error: Service Control Manager [7000] - The Fast User Switching Compatibility service failed to start due to the following error: The pipe state is invalid.
5/30/2008 7:00:49 AM, error: Setup [60055] - Windows Setup encountered non-fatal errors during installation. Please check the setuperr.log found in your Windows directory for more information.
5/30/2008 6:57:04 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service SENS with arguments "" in order to run the server: {D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}
5/30/2008 6:20:12 AM, error: Service Control Manager [7024] - The Remote Access Connection Manager service terminated with service-specific error 3221356592 (0xC0020030).
5/30/2008 1:10:21 PM, error: DCOM [10000] - Unable to start a DCOM Server: {91814EC0-B5F0-11D2-80B9-00104B1F6CEA}. The error: "%5" Happened while starting this command: C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\iKernel.exe -Embedding
.
==== End Of File ===========================



.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_26
Run by Alex Jester at 0:16:04 on 2008-05-30
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3327.2788 [GMT -7:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\1052539474:2911192001.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\update.7.1\svchostdriver.exe
C:\WINDOWS\update.7.1\svchostdriver.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\NetRatingsNetSight\NetSight\NielsenUpdate.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\update.5.0\svchost.exe srv
C:\WINDOWS\sysdriver32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\sysdriver32.exe
C:\WINDOWS\sysdriver32_.exe
C:\WINDOWS\l1rezerv.exe
C:\WINDOWS\systemup.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe
C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
C:\Program Files\Stardock\Impulse\Now\ImpulseNow.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
D:\Defrogger CD emmilator\freefileviewer_2_1283.exe
D:\Defrogger CD emmilator\freefileviewer_2_1283.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3007394
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: H - No File
uURLSearchHooks: IMVU Inc Toolbar: {90b49673-5506-483e-b92b-ca0265bd9ca8} - c:\program files\imvu_inc\prxtbIMVU.dll
uURLSearchHooks: WhiteSmoke Bar Toolbar: {167d9323-f7cc-48f5-948a-6f012831a69f} - c:\program files\whitesmoke_bar\prxtbWhit.dll
mWinlogon: Userinit=c:\windows\system32\userinit.exe,EXPLORER.EXE
BHO: WhiteSmoke Bar Toolbar: {167d9323-f7cc-48f5-948a-6f012831a69f} - c:\program files\whitesmoke_bar\prxtbWhit.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
BHO: IMVU Inc Toolbar: {90b49673-5506-483e-b92b-ca0265bd9ca8} - c:\program files\imvu_inc\prxtbIMVU.dll
BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: IMVU Inc Toolbar: {90b49673-5506-483e-b92b-ca0265bd9ca8} - c:\program files\imvu_inc\prxtbIMVU.dll
TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
TB: WhiteSmoke Bar Toolbar: {167d9323-f7cc-48f5-948a-6f012831a69f} - c:\program files\whitesmoke_bar\prxtbWhit.dll
TB: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No File
TB: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
uRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [wsctf.exe] wsctf.exe
uRun: [EXPLORER.EXE] EXPLORER.EXE
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [SkyTel] SkyTel.EXE
mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [NielsenOnline] c:\program files\netratingsnetsight\netsight\NielsenOnline.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [wxpdrv]
mRun: [4414862.exe] "c:\docume~1\alexje~1\locals~1\temp\4414862.exe"
mRun: [sysdriver32.exe] "c:\windows\sysdriver32.exe" rezerv
mRun: [sysdriver32_.exe] "c:\windows\sysdriver32_.exe" rezerv
mRun: [6571280.exe] "c:\windows\temp\6571280.exe"
mRun: [9454791.exe] "c:\docume~1\alexje~1\locals~1\temp\9454791.exe"
mRun: [53881026-loader2.exe] "c:\windows\temp\53881026-loader2.exe"
mRun: [915846.exe] "c:\windows\temp\915846.exe"
mRun: [l1rezerv.exe] "c:\windows\l1rezerv.exe"
mRun: [9139209.exe] "c:\windows\temp\9139209.exe"
mRun: [systemup] "c:\windows\systemup.exe" stand
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alexje~1\startm~1\programs\startup\alienw~1.lnk - c:\program files\alienguise\alienwaredock\ObjectDock.exe
StartupFolder: c:\docume~1\alexje~1\startm~1\programs\startup\impuls~1.lnk - c:\program files\stardock\impulse\now\ImpulseNow.exe
StartupFolder: c:\docume~1\alexje~1\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg311v3\wlancfg5.exe
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableSecureUIAPaths = 0 (0x0)
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: mswsock.dll
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/PCPitStop.CAB
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} - hxxp://utilities.pcpitstop.com/Nirvana/controls/DiskMD3Ctrl.dll
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcpitstop2.dll
TCP: DhcpNameServer = 192.168.1.1
Notify: ComPlusSetup - c:\windows\system32\catsrvut.dll
Notify: WBSrv - c:\program files\stardock\object desktop\windowblinds\wbsrv.dll
AppInit_DLLs: wbsys.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R0 nielprt;Nielsen Patch Service;c:\windows\system32\drivers\nielprt.sys [2010-12-3 24192]
R1 nnrnstdi;nnrnstdi;c:\windows\system32\drivers\nnrnstdi.sys [2010-12-3 15360]
R2 ddservice;ddservice;c:\windows\update.7.1\svchostdriver.exe srv --> c:\windows\update.7.1\svchostdriver.exe srv [?]
R2 NielsenUpdate;Nielsen Update;c:\program files\netratingsnetsight\netsight\NielsenUpdate.exe [2011-1-27 303936]
R2 srvbtcclient;srvbtcclient;c:\windows\update.5.0\svchost.exe srv --> c:\windows\update.5.0\svchost.exe srv [?]
R2 srvsysdriver32;srvsysdriver32;c:\windows\sysdriver32.exe srv --> c:\windows\sysdriver32.exe srv [?]
R3 km_filter;km_filter;c:\windows\system32\drivers\km_filter.sys [2010-12-3 10368]
R3 NielGfx;Nielsen USB GFX;c:\windows\system32\drivers\nielgfx.sys [2010-12-3 9088]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-5-26 136176]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-8-19 2255464]
S2 srviecheck;srviecheck;c:\windows\update.2\svchost.exe srv --> c:\windows\update.2\svchost.exe srv [?]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\steam\steamapps\common\dragon age origins\bin_ship\daupdatersvc.service.exe --> c:\program files\steam\steamapps\common\dragon age origins\bin_ship\DAUpdaterSvc.Service.exe [?]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\eaglexnt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-5-26 136176]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2008-7-10 47128]
S4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\pcpitstop\PCPitstopScheduleService.exe [2010-1-2 85504]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [2008-7-10 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2008-7-10 369688]
.
=============== Created Last 30 ================
.
2011-08-27 00:31:59 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2011-08-26 22:13:17 -------- d--h--w- c:\windows\update.8.1
2011-08-22 01:32:37 130560 ----a-w- c:\windows\systemup.exe
2011-08-21 02:32:50 -------- d-----w- c:\windows\ufa
2011-08-21 02:32:50 -------- d-----w- c:\windows\rpcminer
2011-08-21 02:32:50 -------- d-----w- c:\windows\phoenix
2011-08-21 01:25:01 235520 ----a-w- c:\windows\l1rezerv.exe
2011-08-21 01:21:41 -------- d--h--w- c:\windows\update.5.0
2011-08-21 01:18:30 -------- d--h--w- c:\windows\update.2
2011-08-21 01:14:12 246272 ----a-w- c:\windows\unrar.exe
2011-08-21 01:13:25 -------- d--h--w- c:\windows\update.7.1
2011-08-21 01:11:52 258048 ----a-w- c:\windows\sysdriver32_.exe
2011-08-21 01:11:38 263680 ----a-w- c:\windows\sysdriver32.exe
2011-08-21 01:10:58 1216000 ----a-w- c:\windows\services32.exe
2011-08-21 01:10:58 -------- d--h--w- c:\windows\update.1
2011-08-19 19:11:40 -------- d-----w- c:\program files\Microsoft Games
2011-08-19 19:09:51 -------- d-----w- c:\windows\AC54E5443E42443CA91DA00A6974C592.TMP
2011-08-19 17:36:54 -------- d-----w- c:\documents and settings\alex jester\application data\NVIDIA
2011-08-19 17:22:15 -------- d-----w- c:\program files\id Software
2011-08-19 16:56:29 -------- d-----w- c:\documents and settings\alex jester\local settings\application data\The Witcher
2011-08-19 16:53:34 278984 ----a-w- c:\windows\system32\drivers\atksgt.sys
2011-08-19 16:53:34 25416 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2011-08-19 16:40:40 -------- d-----w- c:\program files\The Witcher
2011-08-19 16:11:48 -------- d-----w- C:\NVIDIA
2011-08-19 15:03:09 -------- d-----w- c:\program files\SystemRequirementsLab
2011-08-10 13:44:15 -------- d-----w- c:\documents and settings\all users\application data\Nexon
2011-08-10 09:13:00 -------- d-----w- C:\2dd844bb8c164275f5d2878e9f0d
2011-08-09 19:56:45 -------- d-----w- C:\Nexon
2011-08-09 19:56:45 -------- d-----w- c:\documents and settings\all users\application data\NexonUS
2011-08-09 06:19:04 -------- d-----w- c:\program files\Pando Networks
2011-08-05 01:36:49 -------- d-----w- c:\documents and settings\alex jester\local settings\application data\assembly
2011-08-04 10:03:21 -------- d-----w- c:\documents and settings\alex jester\application data\IMVU
2011-08-04 10:02:10 -------- d-----w- c:\documents and settings\alex jester\application data\IMVUClient
2011-07-26 23:50:27 -------- d-----w- c:\documents and settings\all users\application data\FileCure
2011-07-20 07:14:22 -------- d-----w- c:\program files\iPod
2011-07-20 02:55:04 -------- d-----w- c:\documents and settings\all users\application data\Gibraltar
2011-07-14 17:34:33 -------- d-----w- c:\windows\SxsCaPendDel
2011-06-07 19:35:34 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2011-06-07 19:35:34 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2011-05-28 17:06:55 -------- d-----w- c:\program files\common files\DirectX
2011-05-28 17:06:33 -------- d-----w- c:\documents and settings\all users\application data\Divinity 2 Demo
2011-05-28 17:06:27 -------- d-----w- c:\documents and settings\alex jester\local settings\application data\Divinity 2 Demo
2011-05-15 18:53:56 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-14 04:11:54 641536 ----a-w- c:\program files\common files\microsoft shared\vc\msdia80.dll
2011-04-27 03:54:23 -------- d-----w- C:\c5e709fac9fb0e94fe94e067ae31
2011-04-19 11:47:04 670032 ----a-w- c:\program files\common files\microsoft shared\vc\msdia90.dll
2011-03-18 16:08:54 25240 ----a-w- c:\windows\system32\speedfan.sys
2011-03-13 11:15:25 -------- d-----w- c:\program files\HTC
2011-03-13 11:05:10 -------- d-----w- C:\Temp
2011-03-03 00:56:20 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-01-06 08:37:06 -------- d-----w- c:\program files\Search Toolbar
2010-12-24 11:18:34 -------- d-----w- c:\documents and settings\alex jester\local settings\application data\Apple
2010-12-24 11:18:26 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-12-24 11:18:26 42496 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-12-24 11:17:42 -------- d-----w- c:\documents and settings\alex jester\local settings\application data\Apple Computer
2010-12-16 17:56:21 -------- d-----w- c:\documents and settings\all users\application data\BioWare
2010-12-06 03:40:11 -------- d-----w- c:\program files\Raptr
2010-12-06 03:40:11 -------- d-----w- c:\documents and settings\alex jester\application data\Raptr
2010-12-06 03:34:42 -------- d-----w- C:\UJ
2010-12-04 18:41:01 -------- d-----w- c:\documents and settings\alex jester\local settings\application data\Google
2010-12-04 18:40:36 -------- d-----w- c:\documents and settings\alex jester\local settings\application data\Deployment
2010-12-04 03:12:32 15360 ----a-w- c:\windows\system32\drivers\nnrnstdi.sys
2010-12-04 03:12:31 10368 ----a-w- c:\windows\system32\drivers\km_filter.sys
2010-12-04 03:12:18 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll
2010-12-04 03:12:06 1112288 -c--a-w- c:\windows\system32\WdfCoInstaller01007.dll
2010-12-04 03:12:05 9088 ----a-w- c:\windows\system32\drivers\nielgfx.sys
2010-12-04 03:12:05 24192 ----a-w- c:\windows\system32\drivers\nielprt.sys
2010-12-04 03:07:02 -------- d-----w- c:\program files\NetRatingsNetSight
2010-12-04 02:54:08 -------- d-----w- c:\documents and settings\alex jester\application data\Vivox
2010-12-04 02:51:56 -------- d-----w- c:\program files\Conduit
2010-12-04 02:51:56 -------- d-----w- c:\documents and settings\alex jester\local settings\application data\Conduit
2010-12-04 02:51:55 -------- d-----w- c:\documents and settings\alex jester\local settings\application data\IMVU_Inc
2010-12-04 02:51:50 -------- d-----w- c:\program files\ConduitEngine
2010-12-04 02:51:50 -------- d-----w- c:\documents and settings\alex jester\local settings\application data\ConduitEngine
2010-12-04 02:51:48 -------- d-----w- c:\program files\IMVU_Inc
2010-12-04 02:51:48 -------- d-----w- c:\documents and settings\alex jester\local settings\application data\Temp
2010-12-03 07:53:07 -------- d-----w- C:\Downloads
2010-12-03 07:53:01 -------- d-----w- c:\documents and settings\alex jester\application data\BITS
2010-12-03 07:52:59 -------- d-----w- c:\documents and settings\alex jester\application data\FlashGet
2010-12-03 07:52:56 -------- d-----w- c:\documents and settings\alex jester\application data\FlashGetBHO
2010-12-03 07:52:54 -------- d-----w- c:\program files\FlashGet Network
2010-12-03 07:52:09 -------- d-----w- c:\documents and settings\alex jester\application data\FlashgetSetup
2010-12-02 08:44:13 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-12-02 08:44:13 215920 ----a-w- c:\windows\system32\muweb.dll
2010-12-02 08:44:13 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2010-12-01 15:59:27 -------- d-----w- c:\program files\Microsoft
2010-11-30 01:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-30 01:38:30 69632 -c--a-w- c:\windows\system32\QuickTime.qts
2010-11-08 14:40:08 -------- d-----w- c:\documents and settings\alex jester\local settings\application data\Adobe
2010-11-08 14:02:59 -------- d-----w- c:\documents and settings\alex jester\application data\OpenOffice.org
2010-11-08 14:01:59 -------- d-----w- c:\program files\JRE
2010-11-08 14:01:55 -------- d-----w- c:\program files\OpenOffice.org 3
2010-11-08 14:01:35 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-11-08 14:01:35 476904 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2010-11-08 14:01:35 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-29 01:25:35 -------- d-----w- c:\documents and settings\alex jester\local settings\application data\FlatOut Ultimate Carnage
2010-10-29 01:22:31 -------- d-----w- c:\windows\system32\xlive
2010-10-29 01:16:02 -------- d-----w- c:\program files\Empire Interactive
2010-08-07 06:20:19 139152 -c--a-w- c:\documents and settings\alex jester\application data\PnkBstrK.sys
2010-08-07 06:20:19 139152 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-08-07 06:20:01 111928 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-08-07 06:20:00 90112 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-08-07 06:20:00 794408 ----a-w- c:\windows\system32\pbsvc.exe
2010-08-07 06:06:14 -------- d-sh--w- c:\windows\ftpcache
2010-08-04 23:33:04 50200 -c--a-w- c:\windows\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.0.1600.22.dll
2010-08-04 23:32:51 79896 -c--a-w- c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.0.1600.22.dll
2010-08-04 23:32:17 -------- d-----w- c:\windows\system32\RsFx
2010-08-04 23:31:34 -------- d-----w- c:\program files\MSXML 6.0
2010-08-04 23:12:12 -------- d-----w- c:\program files\Microsoft SQL Server
2010-08-04 23:11:44 112640 -c--a-w- c:\documents and settings\all users\application data\microsoft\vcexpress\9.0\1033\ResourceCache.dll
2010-08-04 23:11:20 416 -c--a-w- c:\documents and settings\all users\application data\microsoft\msdn\9.0\1033\ResourceCache.dll
2010-08-04 23:11:16 -------- d-----w- c:\documents and settings\alex jester\local settings\application data\Microsoft Help
2010-08-04 23:09:28 -------- d-----w- c:\program files\common files\Merge Modules
2010-07-20 14:41:43 -------- d-----w- c:\program files\Dreamcatcher
2010-07-20 14:41:14 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\ctor.dll
2010-07-20 14:41:14 5632 -c--a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\DotNetInstaller.exe
2010-07-20 14:41:14 274432 -c--a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\iscript.dll
2010-07-20 14:41:14 180224 -c--a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\iuser.dll
2010-07-20 14:41:13 749568 -c--a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\iKernel.dll
2010-07-20 14:41:13 323716 -c--a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\setup.dll
2010-07-20 14:41:13 192644 -c--a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\iGdi.dll
2010-07-20 00:29:00 58672 -c--a-w- c:\windows\system32\wbload.dll
2010-06-25 17:37:59 -------- d-----w- C:\00c73e8b2f4d781497
2010-06-25 17:19:57 -------- d-----w- c:\windows\D56B0E274A3E46C9B5C1D93D580C099C.TMP
2010-05-27 01:55:58 -------- d-----w- c:\documents and settings\all users\application data\Isotx
2010-05-24 00:20:03 -------- d-----w- c:\documents and settings\alex jester\local settings\application data\Mozilla
2010-05-15 06:35:59 -------- d-----w- c:\documents and settings\alex jester\local settings\application data\Cadenza
2010-05-15 06:35:50 -------- d-----w- c:\program files\Microsoft XNA
2010-05-02 23:47:30 -------- d-----w- C:\HammerAutosave
2010-04-14 00:45:11 -------- d-----w- c:\documents and settings\alex jester\application data\The Longest Journey Demo
2010-04-11 22:54:39 42288 ----a-w- c:\windows\system32\wbsys.dll
2010-04-11 22:54:39 -------- d-----w- c:\program files\common files\Stardock
2010-04-11 22:54:39 -------- d-----w- c:\program files\AlienGUIse
2010-04-06 20:00:11 -------- d-----w- C:\Westwood
2010-03-31 07:16:34 99176 -c--a-w- c:\windows\system32\PresentationHostProxy.dll
2010-03-31 07:10:40 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-03-20 13:13:21 -------- d-----w- c:\program files\VideoLAN
2010-03-20 10:06:33 -------- d-----w- c:\program files\LG Electronics
2010-02-28 02:23:40 5632 -c--a-w- c:\windows\system32\ptpusb.dll
2010-02-28 02:23:39 159232 -c--a-w- c:\windows\system32\ptpusd.dll
2010-02-28 02:23:38 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-02-15 09:16:04 -------- d-----w- c:\documents and settings\alex jester\local settings\application data\Rebellion
2010-02-15 09:15:47 515416 -c--a-w- c:\windows\system32\XAudio2_5.dll
2010-02-15 09:15:46 5501792 -c--a-w- c:\windows\system32\d3dcsx_42.dll
2010-02-15 09:15:46 238936 -c--a-w- c:\windows\system32\xactengine3_5.dll
2010-02-15 09:15:46 1974616 -c--a-w- c:\windows\system32\D3DCompiler_42.dll
2010-02-15 09:15:45 453456 -c--a-w- c:\windows\system32\d3dx10_42.dll
2010-02-15 09:15:45 235344 -c--a-w- c:\windows\system32\d3dx11_42.dll
2010-02-15 09:15:45 1892184 -c--a-w- c:\windows\system32\D3DX9_42.dll
2010-02-14 19:22:23 -------- d-----w- c:\documents and settings\alex jester\application data\NationRed
2010-02-13 20:30:56 -------- d-----w- c:\documents and settings\alex jester\application data\Mount&Blade
2010-01-02 20:59:34 -------- d-----w- c:\documents and settings\all users\application data\PCPitstop
2010-01-02 20:59:31 -------- d-----w- c:\program files\PCPitstop
2009-12-27 01:09:48 -------- d-----w- c:\program files\Bethesda Softworks
2009-12-27 01:09:22 69714 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\ctor.dll
2009-12-27 01:09:22 5632 -c--a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\DotNetInstaller.exe
2009-12-27 01:09:22 274432 -c--a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iscript.dll
2009-12-27 01:09:22 184320 -c--a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iuser.dll
2009-12-27 01:09:21 753664 -c--a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iKernel.dll
2009-12-27 01:09:20 200836 -c--a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iGdi.dll
2009-12-27 01:09:19 331908 -c--a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\setup.dll
2009-12-27 01:09:05 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-12-27 01:09:01 -------- d-----w- c:\documents and settings\alex jester\local settings\application data\Oblivion
2009-12-25 08:50:38 -------- d-----w- c:\documents and settings\all users\application data\CCP
2009-12-25 08:50:36 -------- d-----w- c:\documents and settings\alex jester\local settings\application data\CCP
2009-12-17 13:41:19 51200 ----a-w- c:\windows\system32\drivers\msdv.sys
2009-12-13 00:53:02 -------- d-----w- c:\documents and settings\alex jester\local settings\application data\Gas Powered Games
2009-12-13 00:37:53 -------- d-----w- c:\documents and settings\alex jester\application data\Stardock
2009-12-13 00:37:43 -------- dc-h--w- c:\documents and settings\all users\application data\{EA77F737-0FEA-4800-BD99-D6AF1051C7A9}
2009-12-13 00:37:40 -------- d-----w- c:\program files\Stardock
2009-12-13 00:37:40 -------- d-----w- c:\documents and settings\all users\application data\Stardock
2009-12-13 00:37:15 -------- dc-h--w- c:\documents and settings\all users\application data\{BE672698-4DAC-4C83-9056-C07C3170F628}
2009-12-13 00:37:03 -------- d-----w- c:\program files\Stardock Games
2009-12-13 00:36:33 -------- d-----w- c:\documents and settings\alex jester\local settings\application data\Stardock
2009-12-03 14:16:21 -------- d-----w- c:\documents and settings\alex jester\local settings\application data\Identities
2009-11-26 23:41:05 -------- d-sh--w- c:\documents and settings\all users\application data\SecuROM
2009-11-26 23:30:03 36864 ----a-w- c:\windows\system32\drivers\AmdK8.sys
2009-11-15 17:34:03 -------- d-----w- c:\program files\Windows Media Connect 2
2009-11-15 17:33:16 -------- d-----w- c:\windows\system32\LogFiles
2009-11-14 11:02:34 -------- d-----w- c:\windows\system32\XPSViewer
2009-11-14 11:02:19 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2009-11-14 11:02:13 597504 -c----w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2009-11-14 11:02:13 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-11-14 11:02:13 1676288 -c----w- c:\windows\system32\xpssvcs.dll
2009-11-14 11:02:13 117760 -c----w- c:\windows\system32\prntvpt.dll
2009-11-14 11:02:13 -------- d-----w- C:\cc3480581a1075f910ea68da1e
2009-11-10 02:18:59 81768 -c--a-w- c:\windows\system32\xinput1_3.dll
2009-11-07 08:07:08 49488 -c--a-w- c:\windows\system32\netfxperf.dll
2009-11-07 08:07:04 297808 ----a-w- c:\windows\system32\mscoree.dll
2009-11-07 08:06:46 1130824 ----a-w- c:\windows\system32\dfshim.dll
2009-10-25 16:48:13 -------- d-----w- c:\program files\MSXML 4.0
2009-10-24 22:54:58 24064 -c----w- c:\windows\system32\msxml3a.dll
2009-10-24 22:54:41 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-10-24 22:54:23 -------- d-----w- C:\MyWorks
2009-10-24 22:53:23 32768 -c--a-w- c:\program files\common files\installshield\engine\6\intel 32\objectps.dll
2009-10-24 22:53:23 225280 -c--a-w- c:\program files\common files\installshield\iscript\iscript.dll
2009-10-24 22:53:23 176128 -c--a-w- c:\program files\common files\installshield\engine\6\intel 32\iuser.dll
2009-10-24 22:53:22 77824 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ctor.dll
2009-10-24 22:53:22 610436 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\IKernel.exe
2009-10-24 21:06:30 -------- d-sh--w- c:\documents and settings\alex jester\IECompatCache
2009-10-24 21:05:48 -------- d-sh--w- c:\documents and settings\alex jester\PrivacIE
2009-10-24 21:05:16 -------- d-sh--w- c:\documents and settings\alex jester\IETldCache
2009-10-24 20:51:11 -------- d-----w- c:\windows\ie8updates
2009-10-24 20:50:24 -------- dc-h--w- c:\windows\ie8
2009-10-24 20:37:46 -------- d-----w- c:\documents and settings\alex jester\local settings\application data\Ahead
2009-10-24 20:37:45 -------- d-----w- c:\program files\NeroInstall.bak
2009-10-24 20:35:08 -------- d-----w- c:\program files\Nero
2009-10-24 20:35:08 -------- d-----w- c:\documents and settings\all users\application data\Nero
2009-10-24 20:34:42 47616 -c--a-w- c:\program files\windows media player\msoobci.dll
2009-10-24 20:34:42 1669120 ----a-w- c:\program files\windows media player\wmsetsdk.exe
2009-10-24 20:34:29 -------- d-----w- c:\windows\RegisteredPackages
2009-10-24 20:21:53 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2009-10-24 20:21:03 26144 -c--a-w- c:\windows\system32\spupdsvc.exe
2009-10-24 20:21:03 -------- d-----w- c:\windows\system32\PreInstall
2009-10-24 20:21:02 -------- d--h--w- c:\windows\$hf_mig$
2009-10-24 20:11:42 -------- d-----w- c:\windows\system32\ReinstallBackups
2009-10-24 20:07:42 -------- d-----w- c:\windows\system32\SoftwareDistribution
2009-10-24 20:05:21 -------- d-----w- c:\windows\Downloaded Installations
2009-10-24 20:00:35 446464 -c--a-w- c:\windows\system32\nvudisp.exe
2009-10-24 20:00:35 -------- d-----w- c:\windows\nview
.
==================== Find3M ====================
.
2010-06-02 11:55:30 74072 -c--a-w- c:\windows\system32\XAPOFX1_5.dll
2010-06-02 11:55:30 527192 -c--a-w- c:\windows\system32\XAudio2_7.dll
2010-06-02 11:55:30 239960 -c--a-w- c:\windows\system32\xactengine3_7.dll
2010-05-26 18:41:02 470880 -c--a-w- c:\windows\system32\d3dx10_43.dll
2010-05-26 18:41:02 248672 -c--a-w- c:\windows\system32\d3dx11_43.dll
2010-05-26 18:41:02 2106216 -c--a-w- c:\windows\system32\D3DCompiler_43.dll
2010-05-26 18:41:02 1998168 -c--a-w- c:\windows\system32\D3DX9_43.dll
2010-05-26 18:41:02 1868128 -c--a-w- c:\windows\system32\d3dcsx_43.dll
2010-03-30 19:24:40 317440 -c----w- c:\windows\system32\mp4sdecd.dll
2010-02-04 17:01:14 74072 -c--a-w- c:\windows\system32\XAPOFX1_4.dll
2010-02-04 17:01:14 528216 -c--a-w- c:\windows\system32\XAudio2_6.dll
2010-02-04 17:01:14 238936 -c--a-w- c:\windows\system32\xactengine3_6.dll
2010-02-04 17:01:14 22360 -c--a-w- c:\windows\system32\X3DAudio1_7.dll
2009-10-24 19:47:48 315392 -c--a-w- c:\windows\HideWin.exe
2009-09-05 01:44:40 69464 -c--a-w- c:\windows\system32\XAPOFX1_3.dll
2009-08-07 03:24:18 21728 -c--a-w- c:\windows\system32\wucltui.dll.mui
2009-08-07 03:24:12 15072 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2009-08-07 03:24:06 15064 -c--a-w- c:\windows\system32\wuapi.dll.mui
2009-08-07 03:24:00 17632 ----a-w- c:\windows\system32\wuaueng.dll.mui
2009-07-21 08:05:40 1348432 ----a-w- c:\windows\system32\msxml4.dll
2009-05-18 21:17:00 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-16 22:18:32 517448 -c--a-w- c:\windows\system32\XAudio2_4.dll
2009-03-16 22:18:32 235352 -c--a-w- c:\windows\system32\xactengine3_4.dll
2009-03-16 22:18:32 22360 -c--a-w- c:\windows\system32\X3DAudio1_6.dll
2009-03-09 23:27:22 453456 -c--a-w- c:\windows\system32\d3dx10_41.dll
2009-03-09 23:27:22 4178264 -c--a-w- c:\windows\system32\D3DX9_41.dll
2009-03-09 23:27:22 1846632 -c--a-w- c:\windows\system32\D3DCompiler_41.dll
2009-03-08 21:22:46 1241088 ------w- c:\windows\system32\ieframe.dll.mui
2009-03-08 21:22:30 49152 ------w- c:\windows\system32\msrating.dll.mui
2009-03-08 21:22:18 2560 ------w- c:\windows\system32\mshta.exe.mui
2009-03-08 21:21:06 4096 -c----w- c:\windows\system32\ie4uinit.exe.mui
2009-03-08 21:21:06 10240 -c----w- c:\windows\system32\advpack.dll.mui
2009-03-08 21:20:54 81920 -c----w- c:\windows\system32\iedkcs32.dll.mui
2009-01-08 01:20:38 24576 -c--a-w- c:\windows\system32\nlsdl.dll
2009-01-08 01:20:36 26112 -c--a-w- c:\windows\system32\idndl.dll
2009-01-08 01:20:36 23552 ----a-w- c:\windows\system32\normaliz.dll
2009-01-08 01:20:18 265720 -c--a-w- c:\windows\system32\msdbg2.dll
2008-10-27 18:04:18 514384 -c--a-w- c:\windows\system32\XAudio2_3.dll
2008-10-27 18:04:16 235856 -c--a-w- c:\windows\system32\xactengine3_3.dll
2008-10-27 18:04:16 23376 -c--a-w- c:\windows\system32\X3DAudio1_5.dll
2008-10-27 18:04:14 70992 -c--a-w- c:\windows\system32\XAPOFX1_2.dll
2008-10-15 14:22:52 452440 -c--a-w- c:\windows\system32\d3dx10_40.dll
2008-10-15 14:22:52 4379984 -c--a-w- c:\windows\system32\D3DX9_40.dll
2008-10-15 14:22:52 2036576 -c--a-w- c:\windows\system32\D3DCompiler_40.dll
2008-07-31 18:41:54 238088 -c--a-w- c:\windows\system32\xactengine3_2.dll
2008-07-31 18:41:52 68616 -c--a-w- c:\windows\system32\XAPOFX1_1.dll
2008-07-31 18:40:32 509448 -c--a-w- c:\windows\system32\XAudio2_2.dll
2008-07-30 05:10:04 73720 -c--a-w- c:\windows\system32\dxva2.dll
2008-07-30 05:10:04 493048 -c--a-w- c:\windows\system32\evr.dll
2008-07-30 05:10:04 26112 -c--a-w- c:\windows\system32\TsWpfWrp.exe
2008-07-30 03:59:58 781344 -c--a-w- c:\windows\system32\PresentationNative_v0300.dll
2008-07-30 03:59:58 161296 -c--a-w- c:\windows\system32\UIAutomationCore.dll
2008-07-30 03:59:58 105016 -c--a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2008-07-30 03:24:50 97800 -c--a-w- c:\windows\system32\infocardapi.dll
2008-07-30 03:24:50 622080 -c--a-w- c:\windows\system32\icardagt.exe
2008-07-30 03:24:50 37384 -c--a-w- c:\windows\system32\infocardcpl.cpl
2008-07-30 03:24:50 11264 -c--a-w- c:\windows\system32\icardres.dll
2008-07-29 13:49:58 586240 ----a-w- c:\windows\system32\icardres.dll.mui
2008-07-25 19:16:58 83968 ----a-w- c:\windows\system32\mscories.dll
2008-07-25 19:16:58 158720 -c--a-w- c:\windows\system32\mscorier.dll
2008-07-23 22:24:40 446464 ----a-w- c:\windows\system32\NVUNINST.EXE
2008-07-12 20:10:32 723294 ----a-w- c:\windows\unins000.exe
2008-07-12 15:18:52 467984 -c--a-w- c:\windows\system32\d3dx10_39.dll
2008-07-12 15:18:52 3851784 -c--a-w- c:\windows\system32\D3DX9_39.dll
2008-07-12 15:18:52 1493528 -c--a-w- c:\windows\system32\D3DCompiler_39.dll
2008-07-11 00:28:04 34328 -c--a-w- c:\windows\system32\DTSPipelinePerf100.dll
2008-07-10 09:49:38 215576 -c--a-w- c:\windows\system32\SqlServerSpatial.dll
2008-07-10 09:49:36 2459672 -c--a-w- c:\windows\system32\sqlncli10.dll
2008-07-10 09:49:14 242712 ----a-w- c:\windows\system32\drivers\RsFx0102.sys
2008-07-10 09:49:14 239128 ----a-w- c:\windows\system32\drivers\RsFx0101.sys
2008-07-10 09:49:14 235416 ----a-w- c:\windows\system32\drivers\RsFx0100.sys
2008-07-09 13:47:01 2829 ----a-w- c:\windows\War3Unin.pif
2008-07-09 13:47:01 126976 ----a-w- c:\windows\War3Unin.exe
2008-07-07 10:10:09 967 ----a-w- c:\windows\ScUnin.pif
2008-07-07 10:10:09 94208 ----a-w- c:\windows\ScUnin.exe
2008-06-25 02:12:58 295936 ------w- c:\windows\system32\wmpeffects.dll
2008-06-02 02:27:09 280888 ----a-w- c:\windows\system32\nvdrsdb0.bin
2008-06-02 02:27:09 1 ----a-w- c:\windows\system32\nvdrssel.bin
2008-06-02 02:26:57 280888 ----a-w- c:\windows\system32\nvdrsdb1.bin
2008-05-30 22:19:18 507400 -c--a-w- c:\windows\system32\XAudio2_1.dll
2008-05-30 22:18:52 238088 -c--a-w- c:\windows\system32\xactengine3_1.dll
2008-05-30 22:17:30 65032 -c--a-w- c:\windows\system32\XAPOFX1_0.dll
2008-05-30 22:17:00 25608 -c--a-w- c:\windows\system32\X3DAudio1_4.dll
2008-05-30 22:11:46 467984 -c--a-w- c:\windows\system32\d3dx10_38.dll
2008-05-30 22:11:46 3850760 -c--a-w- c:\windows\system32\D3DX9_38.dll
2008-05-30 22:11:46 1491992 -c--a-w- c:\windows\system32\D3DCompiler_38.dll
2008-05-30 14:13:30 50112 --sha-w- c:\windows\system32\c_73601.nl_
2008-05-30 14:03:30 10536 ----a-w- c:\windows\system32\drivers\hmonitor45.sys
2008-04-17 20:12:54 107368 -c--a-w- c:\windows\system32\GEARAspi.dll
2008-04-14 12:43:22 40840 ----a-w- c:\windows\system32\drivers\termdd.sys
2008-04-14 12:42:44 129536 -c--a-w- c:\windows\system32\ksproxy.ax
2008-04-14 12:41:58 4096 ----a-w- c:\windows\system32\ksuser.dll
2008-04-14 07:15:08 6272 ----a-w- c:\windows\system32\drivers\splitter.sys
2008-04-14 07:15:02 52864 ----a-w- c:\windows\system32\drivers\DMusic.sys
2008-04-14 07:02:52 196224 ----a-w- c:\windows\system32\drivers\rdpdr.sys
2008-04-14 05:42:44 91136 -c--a-w- c:\windows\system32\kswdmcap.ax
2008-04-14 05:42:44 61952 -c--a-w- c:\windows\system32\kstvtune.ax
2008-04-14 05:42:44 43008 -c--a-w- c:\windows\system32\ksxbar.ax
2008-04-14 05:42:44 28672 -c--a-w- c:\windows\system32\vidcap.ax
2008-04-14 05:42:10 53760 -c--a-w- c:\windows\system32\vfwwdm32.dll
.
============= FINISH: 0:17:37.79 ===============

This post has been edited by The_Kraken666: 07 January 2012 - 10:01 PM

#2 User is online   fireman4it 

  • Bleepin' Fireman
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 8,322
  • Joined: 24-May 08
  • Gender:Male
  • Location:Bement, ILL

Posted 08 January 2012 - 12:49 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Please take note:

  • If you have since resolved the original problem you were having, we would appreciate you letting us know.
  • If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.

  • Please tell us if you have your original Windows CD/DVD available.
  • If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.
  • If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.
  • If you have already posted a DDS log, please do so again, as your situation may have changed.
  • Use the 'Add Reply' and add the new log to this thread.


We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step. Then proceed to run aswMbr.exe as noted below.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Note:
If you are unable to run a Gmer scan due the fact you are running a 64bit machine please run the following tool and post its log.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.




Thanks and again sorry for the delay.
" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-

Posted Image
Posted Image

If I have helped you, consider making a donation to help me continue the fight against Malware!
Just click Posted Image

#3 User is offline   The_Kraken666 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 7
  • Joined: 07-January 12

Posted 08 January 2012 - 05:05 PM

No my problem has not been resolved, and Yes I have my original Microsoft Windows XP Home edition(service pack 3) 32 bit disk and CD key. I also have all necessarly dirvers on disk. Let me know what else I can do?

Here is my DDS:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_26
Run by Alex Jester at 8:01:43 on 2008-05-30
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3327.2795 [GMT -7:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\1052539474:2911192001.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\update.7.1\svchostdriver.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\NetRatingsNetSight\NetSight\NielsenUpdate.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Smart Registry Cleaner\SmartRegistryCleanerService.exe
C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\update.5.0\svchost.exe srv
C:\WINDOWS\sysdriver32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe
C:\WINDOWS\l1rezerv.exe
C:\WINDOWS\systemup.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe
C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
C:\Program Files\Stardock\Impulse\Now\ImpulseNow.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Smart Registry Cleaner\SmartRegistryCleaner.exe
C:\WINDOWS\update.7.1\svchostdriver.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3007394
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: H - No File
uURLSearchHooks: IMVU Inc Toolbar: {90b49673-5506-483e-b92b-ca0265bd9ca8} - c:\program files\imvu_inc\prxtbIMVU.dll
uURLSearchHooks: WhiteSmoke Bar Toolbar: {167d9323-f7cc-48f5-948a-6f012831a69f} - c:\program files\whitesmoke_bar\prxtbWhit.dll
mWinlogon: Userinit=c:\windows\system32\userinit.exe,EXPLORER.EXE
BHO: WhiteSmoke Bar Toolbar: {167d9323-f7cc-48f5-948a-6f012831a69f} - c:\program files\whitesmoke_bar\prxtbWhit.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
BHO: IMVU Inc Toolbar: {90b49673-5506-483e-b92b-ca0265bd9ca8} - c:\program files\imvu_inc\prxtbIMVU.dll
BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: IMVU Inc Toolbar: {90b49673-5506-483e-b92b-ca0265bd9ca8} - c:\program files\imvu_inc\prxtbIMVU.dll
TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
TB: WhiteSmoke Bar Toolbar: {167d9323-f7cc-48f5-948a-6f012831a69f} - c:\program files\whitesmoke_bar\prxtbWhit.dll
TB: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No File
TB: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
uRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [wsctf.exe] wsctf.exe
uRun: [EXPLORER.EXE] EXPLORER.EXE
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [SkyTel] SkyTel.EXE
mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [NielsenOnline] c:\program files\netratingsnetsight\netsight\NielsenOnline.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [wxpdrv]
mRun: [4414862.exe] "c:\docume~1\alexje~1\locals~1\temp\4414862.exe"
mRun: [sysdriver32.exe] "c:\windows\sysdriver32.exe" rezerv
mRun: [sysdriver32_.exe] "c:\windows\sysdriver32_.exe" rezerv
mRun: [6571280.exe] "c:\windows\temp\6571280.exe"
mRun: [9454791.exe] "c:\docume~1\alexje~1\locals~1\temp\9454791.exe"
mRun: [53881026-loader2.exe] "c:\windows\temp\53881026-loader2.exe"
mRun: [915846.exe] "c:\windows\temp\915846.exe"
mRun: [l1rezerv.exe] "c:\windows\l1rezerv.exe"
mRun: [9139209.exe] "c:\windows\temp\9139209.exe"
mRun: [systemup] "c:\windows\systemup.exe" stand
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Trend Micro RUBotted V2.0 Beta] c:\program files\trend micro\rubotted\RUBottedGUI.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alexje~1\startm~1\programs\startup\alienw~1.lnk - c:\program files\alienguise\alienwaredock\ObjectDock.exe
StartupFolder: c:\docume~1\alexje~1\startm~1\programs\startup\impuls~1.lnk - c:\program files\stardock\impulse\now\ImpulseNow.exe
StartupFolder: c:\docume~1\alexje~1\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg311v3\wlancfg5.exe
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableSecureUIAPaths = 0 (0x0)
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: mswsock.dll
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/PCPitStop.CAB
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} - hxxp://utilities.pcpitstop.com/Nirvana/controls/DiskMD3Ctrl.dll
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcpitstop2.dll
TCP: DhcpNameServer = 192.168.1.1
Notify: ComPlusSetup - c:\windows\system32\catsrvut.dll
Notify: WBSrv - c:\program files\stardock\object desktop\windowblinds\wbsrv.dll
AppInit_DLLs: wbsys.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R0 nielprt;Nielsen Patch Service;c:\windows\system32\drivers\nielprt.sys [2010-12-3 24192]
R1 nnrnstdi;nnrnstdi;c:\windows\system32\drivers\nnrnstdi.sys [2010-12-3 15360]
R2 ddservice;ddservice;c:\windows\update.7.1\svchostdriver.exe srv --> c:\windows\update.7.1\svchostdriver.exe srv [?]
R2 NielsenUpdate;Nielsen Update;c:\program files\netratingsnetsight\netsight\NielsenUpdate.exe [2011-1-27 303936]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]
R2 RegMumService;SmartRegistryCleaner Service;c:\program files\smart registry cleaner\SmartRegistryCleanerService.exe [2008-5-30 1556464]
R2 RUBotSrv;Trend Micro RUBotted Service;c:\program files\trend micro\rubotted\RUBotSrv.exe [2008-5-30 439632]
R2 srvbtcclient;srvbtcclient;c:\windows\update.5.0\svchost.exe srv --> c:\windows\update.5.0\svchost.exe srv [?]
R2 srvsysdriver32;srvsysdriver32;c:\windows\sysdriver32.exe srv --> c:\windows\sysdriver32.exe srv [?]
R3 km_filter;km_filter;c:\windows\system32\drivers\km_filter.sys [2010-12-3 10368]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-5-26 136176]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-8-19 2255464]
S2 srviecheck;srviecheck;c:\windows\update.2\svchost.exe srv --> c:\windows\update.2\svchost.exe srv [?]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\steam\steamapps\common\dragon age origins\bin_ship\daupdatersvc.service.exe --> c:\program files\steam\steamapps\common\dragon age origins\bin_ship\DAUpdaterSvc.Service.exe [?]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\eaglexnt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-5-26 136176]
S3 NielGfx;Nielsen USB GFX;c:\windows\system32\drivers\nielgfx.sys [2010-12-3 9088]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2008-7-10 47128]
S4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\pcpitstop\PCPitstopScheduleService.exe [2010-1-2 85504]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [2008-7-10 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2008-7-10 369688]
.
=============== Created Last 30 ================
.
2011-08-27 00:31:59 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2011-08-26 22:13:17 -------- d--h--w- c:\windows\update.8.1
2011-08-22 01:32:37 130560 ----a-w- c:\windows\systemup.exe
2011-08-21 02:32:50 -------- d-----w- c:\windows\ufa
2011-08-21 02:32:50 -------- d-----w- c:\windows\rpcminer
2011-08-21 02:32:50 -------- d-----w- c:\windows\phoenix
2011-08-21 01:25:01 235520 ----a-w- c:\windows\l1rezerv.exe
2011-08-21 01:21:41 -------- d--h--w- c:\windows\update.5.0
2011-08-21 01:18:30 -------- d--h--w- c:\windows\update.2
2011-08-21 01:14:12 246272 ----a-w- c:\windows\unrar.exe
2011-08-21 01:13:25 -------- d--h--w- c:\windows\update.7.1
2011-08-21 01:11:52 258048 ----a-w- c:\windows\sysdriver32_.exe
2011-08-21 01:11:38 263680 ----a-w- c:\windows\sysdriver32.exe
2011-08-21 01:10:58 1216000 ----a-w- c:\windows\services32.exe
2011-08-21 01:10:58 -------- d--h--w- c:\windows\update.1
2011-08-19 19:11:40 -------- d-----w- c:\program files\Microsoft Games
2011-08-19 19:09:51 -------- d-----w- c:\windows\AC54E5443E42443CA91DA00A6974C592.TMP
2011-08-19 17:36:54 -------- d-----w- c:\documents and settings\alex jester\application data\NVIDIA
2011-08-19 17:22:15 -------- d-----w- c:\program files\id Software
2011-08-19 16:56:29 -------- d-----w- c:\documents and settings\alex jester\local settings\application data\The Witcher
2011-08-19 16:53:34 278984 ----a-w- c:\windows\system32\drivers\atksgt.sys
2011-08-19 16:53:34 25416 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2011-08-19 16:40:40 -------- d-----w- c:\program files\The Witcher
2011-08-19 16:11:48 -------- d-----w- C:\NVIDIA
2011-08-19 15:03:09 -------- d-----w- c:\program files\SystemRequirementsLab
2011-08-10 13:44:15 -------- d-----w- c:\documents and settings\all users\application data\Nexon
2011-08-10 09:13:00 -------- d-----w- C:\2dd844bb8c164275f5d2878e9f0d
2011-08-09 19:56:45 -------- d-----w- C:\Nexon
2011-08-09 19:56:45 -------- d-----w- c:\documents and settings\all users\application data\NexonUS
2011-08-09 06:19:04 -------- d-----w- c:\program files\Pando Networks
2011-08-05 01:36:49 -------- d-----w- c:\documents and settings\alex jester\local settings\application data\assembly
2011-08-04 10:03:21 -------- d-----w- c:\documents and settings\alex jester\application data\IMVU
2011-08-04 10:02:10 -------- d-----w- c:\documents and settings\alex jester\application data\IMVUClient
2011-07-26 23:50:27 -------- d-----w- c:\documents and settings\all users\application data\FileCure
2011-07-20 07:14:22 -------- d-----w- c:\program files\iPod
2011-07-20 02:55:04 -------- d-----w- c:\documents and settings\all users\application data\Gibraltar
2011-07-14 17:34:33 -------- d-----w- c:\windows\SxsCaPendDel
2011-06-07 19:35:34 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2011-06-07 19:35:34 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2011-05-28 17:06:55 -------- d-----w- c:\program files\common files\DirectX
2011-05-28 17:06:33 -------- d-----w- c:\documents and settings\all users\application data\Divinity 2 Demo
2011-05-28 17:06:27 -------- d-----w- c:\documents and settings\alex jester\local settings\application data\Divinity 2 Demo
2011-05-15 18:53:56 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-14 04:11:54 641536 ----a-w- c:\program files\common files\microsoft shared\vc\msdia80.dll
2011-04-27 03:54:23 -------- d-----w- C:\c5e709fac9fb0e94fe94e067ae31
2011-04-19 11:47:04 670032 ----a-w- c:\program files\common files\microsoft shared\vc\msdia90.dll
2011-03-18 16:08:54 25240 ----a-w- c:\windows\system32\speedfan.sys
2011-03-13 11:15:25 -------- d-----w- c:\program files\HTC
2011-03-13 11:05:10 -------- d-----w- C:\Temp
2011-03-03 00:56:20 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-01-06 08:37:06 -------- d-----w- c:\program files\Search Toolbar
2010-12-24 11:18:34 -------- d-----w- c:\documents and settings\alex jester\local settings\application data\Apple
2010-12-24 11:18:26 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-12-24 11:18:26 42496 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-12-24 11:17:42 -------- d-----w- c:\documents and settings\alex jester\local settings\application data\Apple Computer
2010-12-16 17:56:21 -------- d-----w- c:\documents and settings\all users\application data\BioWare
2010-12-06 03:40:11 -------- d-----w- c:\program files\Raptr
2010-12-06 03:40:11 -------- d-----w- c:\documents and settings\alex jester\application data\Raptr
2010-12-06 03:34:42 -------- d-----w- C:\UJ
2010-12-04 18:41:01 -------- d-----w- c:\documents and settings\alex jester\local settings\application data\Google
2010-12-04 18:40:36 -------- d-----w- c:\documents and settings\alex jester\local settings\application data\Deployment
2010-12-04 03:12:32 15360 ----a-w- c:\windows\system32\drivers\nnrnstdi.sys
2010-12-04 03:12:31 10368 ----a-w- c:\windows\system32\drivers\km_filter.sys
2010-12-04 03:12:18 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll
2010-12-04 03:12:06 1112288 -c--a-w- c:\windows\system32\WdfCoInstaller01007.dll
2010-12-04 03:12:05 9088 ----a-w- c:\windows\system32\drivers\nielgfx.sys
2010-12-04 03:12:05 24192 ----a-w- c:\windows\system32\drivers\nielprt.sys
2010-12-04 03:07:02 -------- d-----w- c:\program files\NetRatingsNetSight
2010-12-04 02:54:08 -------- d-----w- c:\documents and settings\alex jester\application data\Vivox
2010-12-04 02:51:56 -------- d-----w- c:\program files\Conduit
2010-12-04 02:51:56 -------- d-----w- c:\documents and settings\alex jester\local settings\application data\Conduit
2010-12-04 02:51:55 -------- d-----w- c:\documents and settings\alex jester\local settings\application data\IMVU_Inc
2010-12-04 02:51:50 -------- d-----w- c:\program files\ConduitEngine
2010-12-04 02:51:50 -------- d-----w- c:\documents and settings\alex jester\local settings\application data\ConduitEngine
2010-12-04 02:51:48 -------- d-----w- c:\program files\IMVU_Inc
2010-12-04 02:51:48 -------- d-----w- c:\documents and settings\alex jester\local settings\application data\Temp
2010-12-03 07:53:07 -------- d-----w- C:\Downloads
2010-12-03 07:53:01 -------- d-----w- c:\documents and settings\alex jester\application data\BITS
2010-12-03 07:52:59 -------- d-----w- c:\documents and settings\alex jester\application data\FlashGet
2010-12-03 07:52:56 -------- d-----w- c:\documents and settings\alex jester\application data\FlashGetBHO
2010-12-03 07:52:54 -------- d-----w- c:\program files\FlashGet Network
2010-12-03 07:52:09 -------- d-----w- c:\documents and settings\alex jester\application data\FlashgetSetup
2010-12-02 08:44:13 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-12-02 08:44:13 215920 ----a-w- c:\windows\system32\muweb.dll
2010-12-02 08:44:13 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2010-12-01 15:59:27 -------- d-----w- c:\program files\Microsoft
2010-11-30 01:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-30 01:38:30 69632 -c--a-w- c:\windows\system32\QuickTime.qts
2010-11-08 14:40:08 -------- d-----w- c:\documents and settings\alex jester\local settings\application data\Adobe
2010-11-08 14:02:59 -------- d-----w- c:\documents and settings\alex jester\application data\OpenOffice.org
2010-11-08 14:01:59 -------- d-----w- c:\program files\JRE
2010-11-08 14:01:55 -------- d-----w- c:\program files\OpenOffice.org 3
2010-11-08 14:01:35 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-11-08 14:01:35 476904 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2010-11-08 14:01:35 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-29 01:25:35 -------- d-----w- c:\documents and settings\alex jester\local settings\application data\FlatOut Ultimate Carnage
2010-10-29 01:22:31 -------- d-----w- c:\windows\system32\xlive
2010-10-29 01:16:02 -------- d-----w- c:\program files\Empire Interactive
2010-08-07 06:20:19 139152 -c--a-w- c:\documents and settings\alex jester\application data\PnkBstrK.sys
2010-08-07 06:20:19 139152 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-08-07 06:20:01 111928 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-08-07 06:20:00 90112 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-08-07 06:20:00 794408 ----a-w- c:\windows\system32\pbsvc.exe
2010-08-07 06:06:14 -------- d-sh--w- c:\windows\ftpcache
2010-08-04 23:33:04 50200 -c--a-w- c:\windows\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.0.1600.22.dll
2010-08-04 23:32:51 79896 -c--a-w- c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.0.1600.22.dll
2010-08-04 23:32:17 -------- d-----w- c:\windows\system32\RsFx
2010-08-04 23:31:34 -------- d-----w- c:\program files\MSXML 6.0
2010-08-04 23:12:12 -------- d-----w- c:\program files\Microsoft SQL Server
2010-08-04 23:11:44 112640 -c--a-w- c:\documents and settings\all users\application data\microsoft\vcexpress\9.0\1033\ResourceCache.dll
2010-08-04 23:11:20 416 -c--a-w- c:\documents and settings\all users\application data\microsoft\msdn\9.0\1033\ResourceCache.dll
2010-08-04 23:11:16 -------- d-----w- c:\documents and settings\alex jester\local settings\application data\Microsoft Help
2010-08-04 23:09:28 -------- d-----w- c:\program files\common files\Merge Modules
2010-07-20 14:41:43 -------- d-----w- c:\program files\Dreamcatcher
2010-07-20 14:41:14 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\ctor.dll
2010-07-20 14:41:14 5632 -c--a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\DotNetInstaller.exe
2010-07-20 14:41:14 274432 -c--a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\iscript.dll
2010-07-20 14:41:14 180224 -c--a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\iuser.dll
2010-07-20 14:41:13 749568 -c--a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\iKernel.dll
2010-07-20 14:41:13 323716 -c--a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\setup.dll
2010-07-20 14:41:13 192644 -c--a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\iGdi.dll
2010-07-20 00:29:00 58672 -c--a-w- c:\windows\system32\wbload.dll
2010-06-25 17:37:59 -------- d-----w- C:\00c73e8b2f4d781497
2010-06-25 17:19:57 -------- d-----w- c:\windows\D56B0E274A3E46C9B5C1D93D580C099C.TMP
2010-05-27 01:55:58 -------- d-----w- c:\documents and settings\all users\application data\Isotx
2010-05-24 00:20:03 -------- d-----w- c:\documents and settings\alex jester\local settings\application data\Mozilla
2010-05-15 06:35:59 -------- d-----w- c:\documents and settings\alex jester\local settings\application data\Cadenza
2010-05-15 06:35:50 -------- d-----w- c:\program files\Microsoft XNA
2010-05-02 23:47:30 -------- d-----w- C:\HammerAutosave
2010-04-14 00:45:11 -------- d-----w- c:\documents and settings\alex jester\application data\The Longest Journey Demo
2010-04-11 22:54:39 42288 ----a-w- c:\windows\system32\wbsys.dll
2010-04-11 22:54:39 -------- d-----w- c:\program files\common files\Stardock
2010-04-11 22:54:39 -------- d-----w- c:\program files\AlienGUIse
2010-04-06 20:00:11 -------- d-----w- C:\Westwood
2010-03-31 07:16:34 99176 -c--a-w- c:\windows\system32\PresentationHostProxy.dll
2010-03-31 07:10:40 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-03-20 13:13:21 -------- d-----w- c:\program files\VideoLAN
2010-03-20 10:06:33 -------- d-----w- c:\program files\LG Electronics
2010-02-28 02:23:40 5632 -c--a-w- c:\windows\system32\ptpusb.dll
2010-02-28 02:23:39 159232 -c--a-w- c:\windows\system32\ptpusd.dll
2010-02-28 02:23:38 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-02-15 09:16:04 -------- d-----w- c:\documents and settings\alex jester\local settings\application data\Rebellion
2010-02-15 09:15:47 515416 -c--a-w- c:\windows\system32\XAudio2_5.dll
2010-02-15 09:15:46 5501792 -c--a-w- c:\windows\system32\d3dcsx_42.dll
2010-02-15 09:15:46 238936 -c--a-w- c:\windows\system32\xactengine3_5.dll
2010-02-15 09:15:46 1974616 -c--a-w- c:\windows\system32\D3DCompiler_42.dll
2010-02-15 09:15:45 453456 -c--a-w- c:\windows\system32\d3dx10_42.dll
2010-02-15 09:15:45 235344 -c--a-w- c:\windows\system32\d3dx11_42.dll
2010-02-15 09:15:45 1892184 -c--a-w- c:\windows\system32\D3DX9_42.dll
2010-02-14 19:22:23 -------- d-----w- c:\documents and settings\alex jester\application data\NationRed
2010-02-13 20:30:56 -------- d-----w- c:\documents and settings\alex jester\application data\Mount&Blade
2010-01-02 20:59:34 -------- d-----w- c:\documents and settings\all users\application data\PCPitstop
2010-01-02 20:59:31 -------- d-----w- c:\program files\PCPitstop
2009-12-27 01:09:48 -------- d-----w- c:\program files\Bethesda Softworks
2009-12-27 01:09:22 69714 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\ctor.dll
2009-12-27 01:09:22 5632 -c--a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\DotNetInstaller.exe
2009-12-27 01:09:22 274432 -c--a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iscript.dll
2009-12-27 01:09:22 184320 -c--a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iuser.dll
2009-12-27 01:09:21 753664 -c--a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iKernel.dll
2009-12-27 01:09:20 200836 -c--a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iGdi.dll
2009-12-27 01:09:19 331908 -c--a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\setup.dll
2009-12-27 01:09:05 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-12-27 01:09:01 -------- d-----w- c:\documents and settings\alex jester\local settings\application data\Oblivion
2009-12-25 08:50:38 -------- d-----w- c:\documents and settings\all users\application data\CCP
2009-12-25 08:50:36 -------- d-----w- c:\documents and settings\alex jester\local settings\application data\CCP
2009-12-17 13:41:19 51200 ----a-w- c:\windows\system32\drivers\msdv.sys
2009-12-13 00:53:02 -------- d-----w- c:\documents and settings\alex jester\local settings\application data\Gas Powered Games
2009-12-13 00:37:53 -------- d-----w- c:\documents and settings\alex jester\application data\Stardock
2009-12-13 00:37:43 -------- dc-h--w- c:\documents and settings\all users\application data\{EA77F737-0FEA-4800-BD99-D6AF1051C7A9}
2009-12-13 00:37:40 -------- d-----w- c:\program files\Stardock
2009-12-13 00:37:40 -------- d-----w- c:\documents and settings\all users\application data\Stardock
2009-12-13 00:37:15 -------- dc-h--w- c:\documents and settings\all users\application data\{BE672698-4DAC-4C83-9056-C07C3170F628}
2009-12-13 00:37:03 -------- d-----w- c:\program files\Stardock Games
2009-12-13 00:36:33 -------- d-----w- c:\documents and settings\alex jester\local settings\application data\Stardock
2009-12-03 14:16:21 -------- d-----w- c:\documents and settings\alex jester\local settings\application data\Identities
2009-11-26 23:41:05 -------- d-sh--w- c:\documents and settings\all users\application data\SecuROM
2009-11-26 23:30:03 36864 ----a-w- c:\windows\system32\drivers\AmdK8.sys
2009-11-15 17:34:03 -------- d-----w- c:\program files\Windows Media Connect 2
2009-11-15 17:33:16 -------- d-----w- c:\windows\system32\LogFiles
2009-11-14 11:02:34 -------- d-----w- c:\windows\system32\XPSViewer
2009-11-14 11:02:19 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2009-11-14 11:02:13 597504 -c----w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2009-11-14 11:02:13 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-11-14 11:02:13 1676288 -c----w- c:\windows\system32\xpssvcs.dll
2009-11-14 11:02:13 117760 -c----w- c:\windows\system32\prntvpt.dll
2009-11-14 11:02:13 -------- d-----w- C:\cc3480581a1075f910ea68da1e
2009-11-10 02:18:59 81768 -c--a-w- c:\windows\system32\xinput1_3.dll
2009-11-07 08:07:08 49488 -c--a-w- c:\windows\system32\netfxperf.dll
2009-11-07 08:07:04 297808 ----a-w- c:\windows\system32\mscoree.dll
2009-11-07 08:06:46 1130824 ----a-w- c:\windows\system32\dfshim.dll
2009-10-25 16:48:13 -------- d-----w- c:\program files\MSXML 4.0
2009-10-24 22:54:58 24064 -c----w- c:\windows\system32\msxml3a.dll
2009-10-24 22:54:41 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-10-24 22:54:23 -------- d-----w- C:\MyWorks
2009-10-24 22:53:23 32768 -c--a-w- c:\program files\common files\installshield\engine\6\intel 32\objectps.dll
2009-10-24 22:53:23 225280 -c--a-w- c:\program files\common files\installshield\iscript\iscript.dll
2009-10-24 22:53:23 176128 -c--a-w- c:\program files\common files\installshield\engine\6\intel 32\iuser.dll
2009-10-24 22:53:22 77824 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ctor.dll
2009-10-24 22:53:22 610436 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\IKernel.exe
2009-10-24 21:06:30 -------- d-sh--w- c:\documents and settings\alex jester\IECompatCache
2009-10-24 21:05:48 -------- d-sh--w- c:\documents and settings\alex jester\PrivacIE
2009-10-24 21:05:16 -------- d-sh--w- c:\documents and settings\alex jester\IETldCache
2009-10-24 20:51:11 -------- d-----w- c:\windows\ie8updates
2009-10-24 20:50:24 -------- dc-h--w- c:\windows\ie8
2009-10-24 20:37:46 -------- d-----w- c:\documents and settings\alex jester\local settings\application data\Ahead
2009-10-24 20:37:45 -------- d-----w- c:\program files\NeroInstall.bak
2009-10-24 20:35:08 -------- d-----w- c:\program files\Nero
2009-10-24 20:35:08 -------- d-----w- c:\documents and settings\all users\application data\Nero
2009-10-24 20:34:42 47616 -c--a-w- c:\program files\windows media player\msoobci.dll
2009-10-24 20:34:42 1669120 ----a-w- c:\program files\windows media player\wmsetsdk.exe
2009-10-24 20:34:29 -------- d-----w- c:\windows\RegisteredPackages
2009-10-24 20:21:53 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2009-10-24 20:21:03 26144 -c--a-w- c:\windows\system32\spupdsvc.exe
2009-10-24 20:21:03 -------- d-----w- c:\windows\system32\PreInstall
2009-10-24 20:21:02 -------- d--h--w- c:\windows\$hf_mig$
2009-10-24 20:11:42 -------- d-----w- c:\windows\system32\ReinstallBackups
2009-10-24 20:07:42 -------- d-----w- c:\windows\system32\SoftwareDistribution
2009-10-24 20:05:21 -------- d-----w- c:\windows\Downloaded Installations
2009-10-24 20:00:35 446464 -c--a-w- c:\windows\system32\nvudisp.exe
2009-10-24 20:00:35 -------- d-----w- c:\windows\nview
.
==================== Find3M ====================
.
2010-06-02 11:55:30 74072 -c--a-w- c:\windows\system32\XAPOFX1_5.dll
2010-06-02 11:55:30 527192 -c--a-w- c:\windows\system32\XAudio2_7.dll
2010-06-02 11:55:30 239960 -c--a-w- c:\windows\system32\xactengine3_7.dll
2010-05-26 18:41:02 470880 -c--a-w- c:\windows\system32\d3dx10_43.dll
2010-05-26 18:41:02 248672 -c--a-w- c:\windows\system32\d3dx11_43.dll
2010-05-26 18:41:02 2106216 -c--a-w- c:\windows\system32\D3DCompiler_43.dll
2010-05-26 18:41:02 1998168 -c--a-w- c:\windows\system32\D3DX9_43.dll
2010-05-26 18:41:02 1868128 -c--a-w- c:\windows\system32\d3dcsx_43.dll
2010-03-30 19:24:40 317440 -c----w- c:\windows\system32\mp4sdecd.dll
2010-02-04 17:01:14 74072 -c--a-w- c:\windows\system32\XAPOFX1_4.dll
2010-02-04 17:01:14 528216 -c--a-w- c:\windows\system32\XAudio2_6.dll
2010-02-04 17:01:14 238936 -c--a-w- c:\windows\system32\xactengine3_6.dll
2010-02-04 17:01:14 22360 -c--a-w- c:\windows\system32\X3DAudio1_7.dll
2009-10-24 19:47:48 315392 -c--a-w- c:\windows\HideWin.exe
2009-10-20 18:19:54 281104 ----a-w- c:\windows\system32\wpcap.dll
2009-10-20 18:19:46 100880 ----a-w- c:\windows\system32\Packet.dll
2009-10-20 18:19:44 50704 ----a-w- c:\windows\system32\drivers\npf.sys
2009-10-20 18:19:30 53299 ----a-w- c:\windows\system32\pthreadVC.dll
2009-09-05 01:44:40 69464 -c--a-w- c:\windows\system32\XAPOFX1_3.dll
2009-08-07 03:24:18 21728 -c--a-w- c:\windows\system32\wucltui.dll.mui
2009-08-07 03:24:12 15072 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2009-08-07 03:24:06 15064 -c--a-w- c:\windows\system32\wuapi.dll.mui
2009-08-07 03:24:00 17632 ----a-w- c:\windows\system32\wuaueng.dll.mui
2009-07-21 08:05:40 1348432 ----a-w- c:\windows\system32\msxml4.dll
2009-05-18 21:17:00 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-16 22:18:32 517448 -c--a-w- c:\windows\system32\XAudio2_4.dll
2009-03-16 22:18:32 235352 -c--a-w- c:\windows\system32\xactengine3_4.dll
2009-03-16 22:18:32 22360 -c--a-w- c:\windows\system32\X3DAudio1_6.dll
2009-03-09 23:27:22 453456 -c--a-w- c:\windows\system32\d3dx10_41.dll
2009-03-09 23:27:22 4178264 -c--a-w- c:\windows\system32\D3DX9_41.dll
2009-03-09 23:27:22 1846632 -c--a-w- c:\windows\system32\D3DCompiler_41.dll
2009-03-08 21:22:46 1241088 ------w- c:\windows\system32\ieframe.dll.mui
2009-03-08 21:22:30 49152 ------w- c:\windows\system32\msrating.dll.mui
2009-03-08 21:22:18 2560 ------w- c:\windows\system32\mshta.exe.mui
2009-03-08 21:21:06 4096 -c----w- c:\windows\system32\ie4uinit.exe.mui
2009-03-08 21:21:06 10240 -c----w- c:\windows\system32\advpack.dll.mui
2009-03-08 21:20:54 81920 -c----w- c:\windows\system32\iedkcs32.dll.mui
2009-01-08 01:20:38 24576 -c--a-w- c:\windows\system32\nlsdl.dll
2009-01-08 01:20:36 26112 -c--a-w- c:\windows\system32\idndl.dll
2009-01-08 01:20:36 23552 ----a-w- c:\windows\system32\normaliz.dll
2009-01-08 01:20:18 265720 -c--a-w- c:\windows\system32\msdbg2.dll
2008-10-27 18:04:18 514384 -c--a-w- c:\windows\system32\XAudio2_3.dll
2008-10-27 18:04:16 235856 -c--a-w- c:\windows\system32\xactengine3_3.dll
2008-10-27 18:04:16 23376 -c--a-w- c:\windows\system32\X3DAudio1_5.dll
2008-10-27 18:04:14 70992 -c--a-w- c:\windows\system32\XAPOFX1_2.dll
2008-10-15 14:22:52 452440 -c--a-w- c:\windows\system32\d3dx10_40.dll
2008-10-15 14:22:52 4379984 -c--a-w- c:\windows\system32\D3DX9_40.dll
2008-10-15 14:22:52 2036576 -c--a-w- c:\windows\system32\D3DCompiler_40.dll
2008-07-31 18:41:54 238088 -c--a-w- c:\windows\system32\xactengine3_2.dll
2008-07-31 18:41:52 68616 -c--a-w- c:\windows\system32\XAPOFX1_1.dll
2008-07-31 18:40:32 509448 -c--a-w- c:\windows\system32\XAudio2_2.dll
2008-07-30 05:10:04 73720 -c--a-w- c:\windows\system32\dxva2.dll
2008-07-30 05:10:04 493048 -c--a-w- c:\windows\system32\evr.dll
2008-07-30 05:10:04 26112 -c--a-w- c:\windows\system32\TsWpfWrp.exe
2008-07-30 03:59:58 781344 -c--a-w- c:\windows\system32\PresentationNative_v0300.dll
2008-07-30 03:59:58 161296 -c--a-w- c:\windows\system32\UIAutomationCore.dll
2008-07-30 03:59:58 105016 -c--a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2008-07-30 03:24:50 97800 -c--a-w- c:\windows\system32\infocardapi.dll
2008-07-30 03:24:50 622080 -c--a-w- c:\windows\system32\icardagt.exe
2008-07-30 03:24:50 37384 -c--a-w- c:\windows\system32\infocardcpl.cpl
2008-07-30 03:24:50 11264 -c--a-w- c:\windows\system32\icardres.dll
2008-07-29 13:49:58 586240 ----a-w- c:\windows\system32\icardres.dll.mui
2008-07-25 19:16:58 83968 ----a-w- c:\windows\system32\mscories.dll
2008-07-25 19:16:58 158720 -c--a-w- c:\windows\system32\mscorier.dll
2008-07-23 22:24:40 446464 ----a-w- c:\windows\system32\NVUNINST.EXE
2008-07-12 20:10:32 723294 ----a-w- c:\windows\unins000.exe
2008-07-12 15:18:52 467984 -c--a-w- c:\windows\system32\d3dx10_39.dll
2008-07-12 15:18:52 3851784 -c--a-w- c:\windows\system32\D3DX9_39.dll
2008-07-12 15:18:52 1493528 -c--a-w- c:\windows\system32\D3DCompiler_39.dll
2008-07-11 00:28:04 34328 -c--a-w- c:\windows\system32\DTSPipelinePerf100.dll
2008-07-10 09:49:38 215576 -c--a-w- c:\windows\system32\SqlServerSpatial.dll
2008-07-10 09:49:36 2459672 -c--a-w- c:\windows\system32\sqlncli10.dll
2008-07-10 09:49:14 242712 ----a-w- c:\windows\system32\drivers\RsFx0102.sys
2008-07-10 09:49:14 239128 ----a-w- c:\windows\system32\drivers\RsFx0101.sys
2008-07-10 09:49:14 235416 ----a-w- c:\windows\system32\drivers\RsFx0100.sys
2008-07-09 13:47:01 2829 ----a-w- c:\windows\War3Unin.pif
2008-07-09 13:47:01 126976 ----a-w- c:\windows\War3Unin.exe
2008-07-07 10:10:09 967 ----a-w- c:\windows\ScUnin.pif
2008-07-07 10:10:09 94208 ----a-w- c:\windows\ScUnin.exe
2008-06-25 02:12:58 295936 ------w- c:\windows\system32\wmpeffects.dll
2008-06-02 02:27:09 280888 ----a-w- c:\windows\system32\nvdrsdb0.bin
2008-06-02 02:27:09 1 ----a-w- c:\windows\system32\nvdrssel.bin
2008-06-02 02:26:57 280888 ----a-w- c:\windows\system32\nvdrsdb1.bin
2008-05-30 22:19:18 507400 -c--a-w- c:\windows\system32\XAudio2_1.dll
2008-05-30 22:18:52 238088 -c--a-w- c:\windows\system32\xactengine3_1.dll
2008-05-30 22:17:30 65032 -c--a-w- c:\windows\system32\XAPOFX1_0.dll
2008-05-30 22:17:00 25608 -c--a-w- c:\windows\system32\X3DAudio1_4.dll
2008-05-30 22:11:46 467984 -c--a-w- c:\windows\system32\d3dx10_38.dll
2008-05-30 22:11:46 3850760 -c--a-w- c:\windows\system32\D3DX9_38.dll
2008-05-30 22:11:46 1491992 -c--a-w- c:\windows\system32\D3DCompiler_38.dll
2008-05-30 14:13:30 50112 --sha-w- c:\windows\system32\c_73601.nl_
2008-05-30 14:03:30 10536 ----a-w- c:\windows\system32\drivers\hmonitor45.sys
2008-04-17 20:12:54 107368 -c--a-w- c:\windows\system32\GEARAspi.dll
2008-04-14 12:43:22 40840 ----a-w- c:\windows\system32\drivers\termdd.sys
2008-04-14 12:42:44 129536 -c--a-w- c:\windows\system32\ksproxy.ax
2008-04-14 12:41:58 4096 ----a-w- c:\windows\system32\ksuser.dll
2008-04-14 07:15:08 6272 ----a-w- c:\windows\system32\drivers\splitter.sys
2008-04-14 07:15:02 52864 ----a-w- c:\windows\system32\drivers\DMusic.sys
2008-04-14 07:02:52 196224 ----a-w- c:\windows\system32\drivers\rdpdr.sys
2008-04-14 05:42:44 91136 -c--a-w- c:\windows\system32\kswdmcap.ax
.
============= FINISH: 8:03:12.32 ===============

Attached File(s)


#4 User is online   fireman4it 

  • Bleepin' Fireman
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 8,322
  • Joined: 24-May 08
  • Gender:Male
  • Location:Bement, ILL

Posted 08 January 2012 - 05:19 PM

1.
Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.




2.
Install Recovery Console and Run ComboFix

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • Posted Image
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.


Things to include in your next reply::
TdssKIller log
Combofix.txt
How is your machine running now?
" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-

Posted Image
Posted Image

If I have helped you, consider making a donation to help me continue the fight against Malware!
Just click Posted Image

#5 User is offline   The_Kraken666 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 7
  • Joined: 07-January 12

Posted 09 January 2012 - 12:17 AM

I couldnt connect to the internet because its not letting me accuire the internet address. but here is the report



ComboFix 12-01-07.04 - Alex Jester 01/08/2012 21:33:52.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3327.2994 [GMT -8:00]
Running from: c:\documents and settings\Alex Jester\Desktop\ComboFix.exe
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\ALEXJE~1\LOCALS~1\Temp\4414862.exe
c:\docume~1\ALEXJE~1\LOCALS~1\Temp\9454791.exe
c:\documents and settings\Alex Jester\Application Data\Mozilla\Firefox\Profiles\lad4omcc.default\searchplugins\bing-zugo.xml
c:\documents and settings\Alex Jester\Local Settings\Application Data\assembly\tmp
C:\install.exe
c:\program files\Search Toolbar
c:\program files\Search Toolbar\icon.ico
c:\program files\Search Toolbar\SearchToolbar.dll
c:\program files\Search Toolbar\SearchToolbarUninstall.exe
c:\program files\Search Toolbar\SearchToolbarUpdater.exe
c:\windows\$NtUninstallKB4539$
c:\windows\$NtUninstallKB4539$\1383775294\{1B372133-BFFA-4dba-9CCF-5474BED6A9F6}
c:\windows\$NtUninstallKB4539$\1383775294\L\uqcoczll
c:\windows\$NtUninstallKB4539$\1996707711
c:\windows\{2521BB91-29B1-4d7e-9137-AC9875D77735}
c:\windows\assembly\GAC_MSIL\desktop.ini
c:\windows\btc_client_iplist.txt
c:\windows\front_ip_list.txt
c:\windows\geoiplist
c:\windows\geoiplist.rar
c:\windows\iecheck_iplist.txt
c:\windows\info1
c:\windows\iplist.txt
c:\windows\l1rezerv.exe
c:\windows\loader2.exe_ok
c:\windows\phoenix
c:\windows\phoenix.rar
c:\windows\phoenix\kernels\phatk\__init__.py
c:\windows\phoenix\kernels\phatk\__init__.pyc
c:\windows\phoenix\kernels\phatk\21de824c2a9b807471c8af229313da42.elf
c:\windows\phoenix\kernels\phatk\BFIPatcher.py
c:\windows\phoenix\kernels\phatk\BFIPatcher.pyc
c:\windows\phoenix\kernels\phatk\ff7594f383da85930f2546deebf5ceb2.elf
c:\windows\phoenix\kernels\phatk\kernel.cl
c:\windows\phoenix\kernels\poclbm\__init__.py
c:\windows\phoenix\kernels\poclbm\__init__.pyc
c:\windows\phoenix\kernels\poclbm\2bfc62898c8ece774047e272d36be15c.elf
c:\windows\phoenix\kernels\poclbm\a3385c51f776259eebf5ac3698f3b247.elf
c:\windows\phoenix\kernels\poclbm\BFIPatcher.py
c:\windows\phoenix\kernels\poclbm\BFIPatcher.pyc
c:\windows\phoenix\kernels\poclbm\kernel.cl
c:\windows\phoenix\phoenix.exe
c:\windows\proc_list1.log
c:\windows\rpcminer
c:\windows\rpcminer.rar
c:\windows\rpcminer\bitcoinminercuda_10.cubin
c:\windows\rpcminer\bitcoinminercuda_11.cubin
c:\windows\rpcminer\bitcoinminercuda_20.cubin
c:\windows\rpcminer\bitcoinmineropencl.cl
c:\windows\rpcminer\cudart32_32_16.dll
c:\windows\rpcminer\curllib.dll
c:\windows\rpcminer\libeay32.dll
c:\windows\rpcminer\libsasl.dll
c:\windows\rpcminer\openldap.dll
c:\windows\rpcminer\rpcminer-4way.exe
c:\windows\rpcminer\rpcminer-cpu.exe
c:\windows\rpcminer\rpcminer-cuda.exe
c:\windows\rpcminer\rpcminer-opencl.exe
c:\windows\rpcminer\ssleay32.dll
c:\windows\services32.exe
c:\windows\sysdriver32.exe
c:\windows\sysdriver32_.exe
c:\windows\system32\drivers\etc\HSTS~1
c:\windows\systemup.exe
c:\windows\TEMP\53881026-loader2.exe
c:\windows\TEMP\6571280.exe
c:\windows\TEMP\915846.exe
c:\windows\ufa.rar
c:\windows\update.1
c:\windows\update.1\svchost.exe
c:\windows\update.2
c:\windows\update.2\svchost.exe
c:\windows\update.5.0
c:\windows\update.5.0\svchost.exe
c:\windows\update.7.1
c:\windows\update.7.1\svchostdriver.exe
c:\windows\winsetupapi.log
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe . . . is infected!!
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe . . . was deleted!! You should re-install the program it pertains to
.
c:\program files\Google\Update\GoogleUpdate.exe . . . is infected!!
c:\program files\Google\Update\GoogleUpdate.exe . . . was deleted!! You should re-install the program it pertains to
.
c:\program files\iPod\bin\iPodService.exe . . . is infected!!
c:\program files\iPod\bin\iPodService.exe . . . was deleted!! You should re-install the program it pertains to
.
c:\program files\Java\jre6\bin\jqs.exe . . . is infected!!
c:\program files\Java\jre6\bin\jqs.exe . . . was deleted!! You should re-install the program it pertains to
.
c:\program files\NetRatingsNetSight\NetSight\NielsenUpdate.exe . . . is infected!!
c:\program files\NetRatingsNetSight\NetSight\NielsenUpdate.exe . . . was deleted!! You should re-install the program it pertains to
.
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe . . . is infected!!
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe . . . was deleted!! You should re-install the program it pertains to
.
c:\windows\system32\PnkBstrA.exe . . . is infected!!
c:\windows\system32\PnkBstrA.exe . . . was deleted!! You should re-install the program it pertains to
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_DDSERVICE
-------\Legacy_SRVBTCCLIENT
-------\Legacy_SRVIECHECK
-------\Legacy_SRVSYSDRIVER32
-------\Service_ddservice
-------\Service_srvbtcclient
-------\Service_srviecheck
-------\Service_srvsysdriver32
.
.
((((((((((((((((((((((((( Files Created from 2011-12-09 to 2012-01-09 )))))))))))))))))))))))))))))))
.
.
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
Cryptography Services Error !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{90b49673-5506-483e-b92b-ca0265bd9ca8}"= "c:\program files\IMVU_Inc\prxtbIMVU.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{90b49673-5506-483e-b92b-ca0265bd9ca8}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{90b49673-5506-483e-b92b-ca0265bd9ca8}]
2011-01-17 23:54 175912 ----a-w- c:\program files\IMVU_Inc\prxtbIMVU.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{90b49673-5506-483e-b92b-ca0265bd9ca8}"= "c:\program files\IMVU_Inc\prxtbIMVU.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{90b49673-5506-483e-b92b-ca0265bd9ca8}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{90B49673-5506-483E-B92B-CA0265BD9CA8}"= "c:\program files\IMVU_Inc\prxtbIMVU.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{90b49673-5506-483e-b92b-ca0265bd9ca8}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-29 1828136]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"="SkyTel.EXE" [2007-06-15 1826816]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-03-25 570664]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-19 2221352]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"NielsenOnline"="c:\program files\NetRatingsNetSight\NetSight\NielsenOnline.exe" [2009-10-30 47456]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-30 421888]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-08 421160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 16380416]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-08-03 13892200]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-08-03 111208]
"Trend Micro RUBotted V2.0 Beta"="c:\program files\Trend Micro\RUBotted\RUBottedGUI.exe" [2010-12-17 1103184]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\Alex Jester\Start Menu\Programs\Startup\
Alienware Dock.lnk - c:\program files\AlienGUIse\AlienwareDock\ObjectDock.exe [2010-4-11 2074360]
Impulse Now.lnk - c:\program files\Stardock\Impulse\Now\ImpulseNow.exe [2009-12-24 419104]
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
NETGEAR WG311v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG311v3\wlancfg5.exe [2006-1-26 1486848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ComPlusSetup]
2008-04-14 12:00 625664 ----a-w- c:\windows\system32\catsrvut.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2010-11-23 17:23 214320 ----a-w- c:\program files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wbsys.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Stardock Games\\Demigod\\bin\\Demigod.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Downloads\\software\\flashget_493.exe"=
"c:\\Program Files\\Raptr\\raptr.exe"=
"c:\\Program Files\\Raptr\\raptr_im.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Program Files\\Microsoft Games\\Dungeon Siege 2\\DungeonSiege2.exe"=
"c:\\Downloads\\software\\Flash-Player.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"59011:TCP"= 59011:TCP:Pando Media Booster
"59011:UDP"= 59011:UDP:Pando Media Booster
.
3;2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 NielsenUpdate;Nielsen Update;c:\program files\NetRatingsNetSight\NetSight\NielsenUpdate.exe [x]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\steam\steamapps\common\dragon age origins\bin_ship\DAUpdaterSvc.Service.exe [x]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 NielGfx;Nielsen USB GFX;c:\windows\system32\drivers\nielgfx.sys [2009-12-29 9088]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-11 47128]
R4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\PCPitstop\PCPitstopScheduleService.exe [2009-06-26 85504]
R4 RsFx0102;RsFx0102 Driver;c:\windows\system32\DRIVERS\RsFx0102.sys [2008-07-10 242712]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-07-11 369688]
S0 nielprt;Nielsen Patch Service;c:\windows\system32\DRIVERS\nielprt.sys [2009-12-29 24192]
S1 nnrnstdi;nnrnstdi; [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]
S2 RegMumService;SmartRegistryCleaner Service;c:\program files\Smart Registry Cleaner\SmartRegistryCleanerService.exe [2011-08-06 1556464]
S2 RUBotSrv;Trend Micro RUBotted Service;c:\program files\Trend Micro\RUBotted\RUBotSrv.exe [2010-12-17 439632]
S3 km_filter;km_filter;c:\windows\system32\drivers\km_filter.sys [2009-12-29 10368]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 00:57]
.
2008-07-15 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-18.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 17:47]
.
2008-07-15 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1004336348-764733703-682003330-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 17:47]
.
2008-07-07 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-18.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 17:47]
.
2008-07-15 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1004336348-764733703-682003330-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 17:47]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3007394
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} - hxxp://utilities.pcpitstop.com/Nirvana/controls/DiskMD3Ctrl.dll
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-wsctf.exe - wsctf.exe
HKLM-Run-wxpdrv - (no file)
HKLM-Run-l1rezerv.exe - c:\windows\l1rezerv.exe
HKLM-Run-systemup - c:\windows\systemup.exe
SafeBoot-56383421.sys
SafeBoot-Wdf01000.sys
AddRemove-Search Toolbar - c:\program files\Search Toolbar\SearchToolbarUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-08 21:56
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1004336348-764733703-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(800)
c:\windows\system32\MrvGINA.dll
c:\program files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\dwwin.exe
.
**************************************************************************
.
Completion time: 2012-01-08 21:57:49 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-09 05:57
.
Pre-Run: 422,250,840,064 bytes free
Post-Run: 423,130,583,040 bytes free
.
- - End Of File - - 8DC03CF9FA4FA6EFA951470B4DF4D7B8

This post has been edited by The_Kraken666: 09 January 2012 - 01:06 AM

#6 User is offline   The_Kraken666 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 7
  • Joined: 07-January 12

Posted 09 January 2012 - 01:07 AM

I couldnt connect to the internet because its not letting me accuire the internet address. but here is the report



ComboFix 12-01-07.04 - Alex Jester 01/08/2012 21:33:52.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3327.2994 [GMT -8:00]
Running from: c:\documents and settings\Alex Jester\Desktop\ComboFix.exe
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\ALEXJE~1\LOCALS~1\Temp\4414862.exe
c:\docume~1\ALEXJE~1\LOCALS~1\Temp\9454791.exe
c:\documents and settings\Alex Jester\Application Data\Mozilla\Firefox\Profiles\lad4omcc.default\searchplugins\bing-zugo.xml
c:\documents and settings\Alex Jester\Local Settings\Application Data\assembly\tmp
C:\install.exe
c:\program files\Search Toolbar
c:\program files\Search Toolbar\icon.ico
c:\program files\Search Toolbar\SearchToolbar.dll
c:\program files\Search Toolbar\SearchToolbarUninstall.exe
c:\program files\Search Toolbar\SearchToolbarUpdater.exe
c:\windows\$NtUninstallKB4539$
c:\windows\$NtUninstallKB4539$\1383775294\{1B372133-BFFA-4dba-9CCF-5474BED6A9F6}
c:\windows\$NtUninstallKB4539$\1383775294\L\uqcoczll
c:\windows\$NtUninstallKB4539$\1996707711
c:\windows\{2521BB91-29B1-4d7e-9137-AC9875D77735}
c:\windows\assembly\GAC_MSIL\desktop.ini
c:\windows\btc_client_iplist.txt
c:\windows\front_ip_list.txt
c:\windows\geoiplist
c:\windows\geoiplist.rar
c:\windows\iecheck_iplist.txt
c:\windows\info1
c:\windows\iplist.txt
c:\windows\l1rezerv.exe
c:\windows\loader2.exe_ok
c:\windows\phoenix
c:\windows\phoenix.rar
c:\windows\phoenix\kernels\phatk\__init__.py
c:\windows\phoenix\kernels\phatk\__init__.pyc
c:\windows\phoenix\kernels\phatk\21de824c2a9b807471c8af229313da42.elf
c:\windows\phoenix\kernels\phatk\BFIPatcher.py
c:\windows\phoenix\kernels\phatk\BFIPatcher.pyc
c:\windows\phoenix\kernels\phatk\ff7594f383da85930f2546deebf5ceb2.elf
c:\windows\phoenix\kernels\phatk\kernel.cl
c:\windows\phoenix\kernels\poclbm\__init__.py
c:\windows\phoenix\kernels\poclbm\__init__.pyc
c:\windows\phoenix\kernels\poclbm\2bfc62898c8ece774047e272d36be15c.elf
c:\windows\phoenix\kernels\poclbm\a3385c51f776259eebf5ac3698f3b247.elf
c:\windows\phoenix\kernels\poclbm\BFIPatcher.py
c:\windows\phoenix\kernels\poclbm\BFIPatcher.pyc
c:\windows\phoenix\kernels\poclbm\kernel.cl
c:\windows\phoenix\phoenix.exe
c:\windows\proc_list1.log
c:\windows\rpcminer
c:\windows\rpcminer.rar
c:\windows\rpcminer\bitcoinminercuda_10.cubin
c:\windows\rpcminer\bitcoinminercuda_11.cubin
c:\windows\rpcminer\bitcoinminercuda_20.cubin
c:\windows\rpcminer\bitcoinmineropencl.cl
c:\windows\rpcminer\cudart32_32_16.dll
c:\windows\rpcminer\curllib.dll
c:\windows\rpcminer\libeay32.dll
c:\windows\rpcminer\libsasl.dll
c:\windows\rpcminer\openldap.dll
c:\windows\rpcminer\rpcminer-4way.exe
c:\windows\rpcminer\rpcminer-cpu.exe
c:\windows\rpcminer\rpcminer-cuda.exe
c:\windows\rpcminer\rpcminer-opencl.exe
c:\windows\rpcminer\ssleay32.dll
c:\windows\services32.exe
c:\windows\sysdriver32.exe
c:\windows\sysdriver32_.exe
c:\windows\system32\drivers\etc\HSTS~1
c:\windows\systemup.exe
c:\windows\TEMP\53881026-loader2.exe
c:\windows\TEMP\6571280.exe
c:\windows\TEMP\915846.exe
c:\windows\ufa.rar
c:\windows\update.1
c:\windows\update.1\svchost.exe
c:\windows\update.2
c:\windows\update.2\svchost.exe
c:\windows\update.5.0
c:\windows\update.5.0\svchost.exe
c:\windows\update.7.1
c:\windows\update.7.1\svchostdriver.exe
c:\windows\winsetupapi.log
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe . . . is infected!!
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe . . . was deleted!! You should re-install the program it pertains to
.
c:\program files\Google\Update\GoogleUpdate.exe . . . is infected!!
c:\program files\Google\Update\GoogleUpdate.exe . . . was deleted!! You should re-install the program it pertains to
.
c:\program files\iPod\bin\iPodService.exe . . . is infected!!
c:\program files\iPod\bin\iPodService.exe . . . was deleted!! You should re-install the program it pertains to
.
c:\program files\Java\jre6\bin\jqs.exe . . . is infected!!
c:\program files\Java\jre6\bin\jqs.exe . . . was deleted!! You should re-install the program it pertains to
.
c:\program files\NetRatingsNetSight\NetSight\NielsenUpdate.exe . . . is infected!!
c:\program files\NetRatingsNetSight\NetSight\NielsenUpdate.exe . . . was deleted!! You should re-install the program it pertains to
.
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe . . . is infected!!
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe . . . was deleted!! You should re-install the program it pertains to
.
c:\windows\system32\PnkBstrA.exe . . . is infected!!
c:\windows\system32\PnkBstrA.exe . . . was deleted!! You should re-install the program it pertains to
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_DDSERVICE
-------\Legacy_SRVBTCCLIENT
-------\Legacy_SRVIECHECK
-------\Legacy_SRVSYSDRIVER32
-------\Service_ddservice
-------\Service_srvbtcclient
-------\Service_srviecheck
-------\Service_srvsysdriver32
.
.
((((((((((((((((((((((((( Files Created from 2011-12-09 to 2012-01-09 )))))))))))))))))))))))))))))))
.
.
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
Cryptography Services Error !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{90b49673-5506-483e-b92b-ca0265bd9ca8}"= "c:\program files\IMVU_Inc\prxtbIMVU.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{90b49673-5506-483e-b92b-ca0265bd9ca8}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{90b49673-5506-483e-b92b-ca0265bd9ca8}]
2011-01-17 23:54 175912 ----a-w- c:\program files\IMVU_Inc\prxtbIMVU.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{90b49673-5506-483e-b92b-ca0265bd9ca8}"= "c:\program files\IMVU_Inc\prxtbIMVU.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{90b49673-5506-483e-b92b-ca0265bd9ca8}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{90B49673-5506-483E-B92B-CA0265BD9CA8}"= "c:\program files\IMVU_Inc\prxtbIMVU.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{90b49673-5506-483e-b92b-ca0265bd9ca8}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-29 1828136]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"="SkyTel.EXE" [2007-06-15 1826816]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-03-25 570664]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-19 2221352]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"NielsenOnline"="c:\program files\NetRatingsNetSight\NetSight\NielsenOnline.exe" [2009-10-30 47456]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-30 421888]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-08 421160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 16380416]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-08-03 13892200]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-08-03 111208]
"Trend Micro RUBotted V2.0 Beta"="c:\program files\Trend Micro\RUBotted\RUBottedGUI.exe" [2010-12-17 1103184]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\Alex Jester\Start Menu\Programs\Startup\
Alienware Dock.lnk - c:\program files\AlienGUIse\AlienwareDock\ObjectDock.exe [2010-4-11 2074360]
Impulse Now.lnk - c:\program files\Stardock\Impulse\Now\ImpulseNow.exe [2009-12-24 419104]
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
NETGEAR WG311v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG311v3\wlancfg5.exe [2006-1-26 1486848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ComPlusSetup]
2008-04-14 12:00 625664 ----a-w- c:\windows\system32\catsrvut.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2010-11-23 17:23 214320 ----a-w- c:\program files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wbsys.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Stardock Games\\Demigod\\bin\\Demigod.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Downloads\\software\\flashget_493.exe"=
"c:\\Program Files\\Raptr\\raptr.exe"=
"c:\\Program Files\\Raptr\\raptr_im.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Program Files\\Microsoft Games\\Dungeon Siege 2\\DungeonSiege2.exe"=
"c:\\Downloads\\software\\Flash-Player.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"59011:TCP"= 59011:TCP:Pando Media Booster
"59011:UDP"= 59011:UDP:Pando Media Booster
.
3;2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 NielsenUpdate;Nielsen Update;c:\program files\NetRatingsNetSight\NetSight\NielsenUpdate.exe [x]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\steam\steamapps\common\dragon age origins\bin_ship\DAUpdaterSvc.Service.exe [x]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 NielGfx;Nielsen USB GFX;c:\windows\system32\drivers\nielgfx.sys [2009-12-29 9088]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-11 47128]
R4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\PCPitstop\PCPitstopScheduleService.exe [2009-06-26 85504]
R4 RsFx0102;RsFx0102 Driver;c:\windows\system32\DRIVERS\RsFx0102.sys [2008-07-10 242712]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-07-11 369688]
S0 nielprt;Nielsen Patch Service;c:\windows\system32\DRIVERS\nielprt.sys [2009-12-29 24192]
S1 nnrnstdi;nnrnstdi; [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]
S2 RegMumService;SmartRegistryCleaner Service;c:\program files\Smart Registry Cleaner\SmartRegistryCleanerService.exe [2011-08-06 1556464]
S2 RUBotSrv;Trend Micro RUBotted Service;c:\program files\Trend Micro\RUBotted\RUBotSrv.exe [2010-12-17 439632]
S3 km_filter;km_filter;c:\windows\system32\drivers\km_filter.sys [2009-12-29 10368]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 00:57]
.
2008-07-15 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-18.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 17:47]
.
2008-07-15 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1004336348-764733703-682003330-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 17:47]
.
2008-07-07 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-18.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 17:47]
.
2008-07-15 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1004336348-764733703-682003330-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 17:47]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3007394
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} - hxxp://utilities.pcpitstop.com/Nirvana/controls/DiskMD3Ctrl.dll
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-wsctf.exe - wsctf.exe
HKLM-Run-wxpdrv - (no file)
HKLM-Run-l1rezerv.exe - c:\windows\l1rezerv.exe
HKLM-Run-systemup - c:\windows\systemup.exe
SafeBoot-56383421.sys
SafeBoot-Wdf01000.sys
AddRemove-Search Toolbar - c:\program files\Search Toolbar\SearchToolbarUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-08 21:56
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1004336348-764733703-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(800)
c:\windows\system32\MrvGINA.dll
c:\program files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\dwwin.exe
.
**************************************************************************
.
Completion time: 2012-01-08 21:57:49 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-09 05:57
.
Pre-Run: 422,250,840,064 bytes free
Post-Run: 423,130,583,040 bytes free
.
- - End Of File - - 8DC03CF9FA4FA6EFA951470B4DF4D7B8

#7 User is online   fireman4it 

  • Bleepin' Fireman
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 8,322
  • Joined: 24-May 08
  • Gender:Male
  • Location:Bement, ILL

Posted 09 January 2012 - 06:36 PM

1.
Please download MBRCheck to your desktop.

1. Double click MBRCheck.exe to run it (Right click and run as Administrator for Vista).
2. It will open a black window, please do not fix anything (if it gives you an option).
3. Exit that window and it will produce a log (MBRCheck_date_time).
4. Please post that log when you reply.


2.
Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center

  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-

Posted Image
Posted Image

If I have helped you, consider making a donation to help me continue the fight against Malware!
Just click Posted Image

#8 User is offline   The_Kraken666 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 7
  • Joined: 07-January 12

Posted 09 January 2012 - 10:28 PM

The first file wount bring up a log file or anything it will just exit out. But i just rewrote what it says.hope it helps.


MBRCheck, version 1.2.3
<c> 2010,AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 <build 2600>
Logical Drives Mask: 0x0000001d

\\.\C: --> \\PhysicalDrive0 at offset 0x00000000'00007e00 <NTFS>

Size Devise Name MBR Status
---------------------------------------------------
465 GB \\.\PhysicalDrive0 Windows XP MBR code Detected
SHA1: DA38B874b7713D1B51CBC449F4EF809B0DEC644A

Done!
Press ENTER to exit...




Farbar Service Scanner
Ran by Alex Jester (administrator) on 09-01-2012 at 18:05:29
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.


Connection Status:
==============
Localhost is blocked.
LAN connected.
Attempt to access Google IP returned error: Other errors
Attempt to access Yahoo IP returend error: Other errors


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is OK.
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.


Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============
Srservice Service is not running. Checking service configuration:
The start type of Srservice service is OK.
The ImagePath of Srservice service is OK.
The ServiceDll of Srservice service is OK.


System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x0700000005000000010000000200000003000000040000000600000007000000
IpSec Tag value is correct.

**** End of log ****

#9 User is online   fireman4it 

  • Bleepin' Fireman
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 8,322
  • Joined: 24-May 08
  • Gender:Male
  • Location:Bement, ILL

Posted 09 January 2012 - 11:31 PM

  • Go to Start -> Control Panel -> Network and Internet Connection ->Network Connections.
  • Right-click your default connection, usually Local Area Connection or Dial-up Connection (if you are using dial-up), and left-click on the Properties option.
  • Double-click on the Internet Protocol (TCP/IP) item and select the radio button that says "Obtain DNS servers automatically".
  • Click OK twice.
    spacer.gif
  • Go to Start -> Run...
  • In the Open: field type cmd and click OK or hit Enter.
    This will open a Command Prompt.
  • At the DOS prompt screen, type in ipconfig /flushdns and then press Enter (notice the space between "ipconfig" and "/flushdns").
  • Exit the Command Prompt.
  • Reboot your PC and try to open any website.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-

Posted Image
Posted Image

If I have helped you, consider making a donation to help me continue the fight against Malware!
Just click Posted Image

#10 User is offline   The_Kraken666 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 7
  • Joined: 07-January 12

Posted 10 January 2012 - 02:26 AM

I did everything and it still dosnt work. Also whenever I boot up my computer it says "Windows cannot find 'NielsenUpdate.exe'."

Any ideas?

#11 User is online   fireman4it 

  • Bleepin' Fireman
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 8,322
  • Joined: 24-May 08
  • Gender:Male
  • Location:Bement, ILL

Posted 10 January 2012 - 06:28 PM

Hello,

This infection has corrupted and infected many of the files on your machine. I would suggest a complete reformat and reinstall.
" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-

Posted Image
Posted Image

If I have helped you, consider making a donation to help me continue the fight against Malware!
Just click Posted Image

#12 User is offline   The_Kraken666 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 7
  • Joined: 07-January 12

Posted 10 January 2012 - 11:20 PM

can you give me instructions on how you would go about completly reformating my computer and doing a clean install of my windows. Thank you so much for helping me so far. Its very apprichated

#13 User is online   fireman4it 

  • Bleepin' Fireman
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 8,322
  • Joined: 24-May 08
  • Gender:Male
  • Location:Bement, ILL

Posted 11 January 2012 - 12:37 PM

Here is a good link on how to do a clean install.

http://www.dslreports.com/faq/2891


Here is another nice article. Scroll down to where it says:
How to partition and format the hard disk using the Windows XP Setup program


Note:

If you want to back up some data please take note of the following guidelines to insure you don't reinfect your machine again.

You can back up all your important documents, personal data files, photos to a CD or DVD drive, not a flash drive or external hard drive as they may become compromised in the process. The safest practice is not to backup any executable files (*.exe), screensavers (*.scr), autorun (.ini) or script files (.php, .asp, .htm, .html, .xml ) files because they may be infected by malware. Avoid backing up compressed files (.zip, .cab, .rar) that have executables inside them as some types of malware can penetrate compressed files and infect the .exe files within them. Other types of malware may even disguise itself by hiding a file extension or adding to the existing extension as shown here so be sure you look closely at the full file name. If you cannot see the file extension, you may need to reconfigure Windows to show file name extensions . Then make sure you scan the backed up data with your anti-virus prior to to copying it back to your hard drive.

If your CD/DVD drive is unusable, another word of caution if you are considering backing up to an external usb hard drive as your only alternative. External drives are more susceptible to infection and can become compromised in the process of backing up data. I'm not saying you should not try using such devices but I want to make you aware of all your options and associated risks so you can make an informed decision if its worth that risk.

Note:
Again, do not back up any data with the following file extensions: exe, .scr, .ini, .htm, .html, .php, .asp, .xml, .zip, .rar, .cab as they may be infected.
" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-

Posted Image
Posted Image

If I have helped you, consider making a donation to help me continue the fight against Malware!
Just click Posted Image

#14 User is online   fireman4it 

  • Bleepin' Fireman
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 8,322
  • Joined: 24-May 08
  • Gender:Male
  • Location:Bement, ILL

Posted 13 January 2012 - 10:10 AM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 2-3 days the topic will need to be closed.

Thanks for understanding :)

With Regards,
fireman4it
" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-

Posted Image
Posted Image

If I have helped you, consider making a donation to help me continue the fight against Malware!
Just click Posted Image

#15 User is online   fireman4it 

  • Bleepin' Fireman
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 8,322
  • Joined: 24-May 08
  • Gender:Male
  • Location:Bement, ILL

Posted 15 January 2012 - 07:30 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-

Posted Image
Posted Image

If I have helped you, consider making a donation to help me continue the fight against Malware!
Just click Posted Image

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • This topic is locked

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users