Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Another Google redirect; Vundo infection


  • This topic is locked This topic is locked
20 replies to this topic

#1 Brian E

Brian E

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:33 AM

Posted 17 December 2009 - 08:16 PM

First off, I'd like to say "Thank You" for providing this forum/service. A helping hand should always be appreciated.

The story...My mother in law has asked me to take a look at her PC. It's been running slow and acting "funny". After looking at it for a little while, I noticed the Google redirect problem. I ran Ad-Aware and AntiMalware. I believe it was the AntiMalware that alerted me to the Vundo trojan. I ran across this site while looking for a solution. I've used some of the suggestions on making the PC quicker. It made a big difference. (Much appreciated!). I also started reading a few of the other posts about this Vundo trojan. As a result, I ran SuperAntiSpyware. I still have the log if needed. After getting the results from it, I decided I was in over my head and should ask for help. Here are my DDS and RootRepeal logs.

Thank you again for your help!


DDS (Ver_09-12-01.01) - NTFSx86
Run by Cathy L at 18:31:40.59 on Thu 12/17/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.766.266 [GMT -5:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\1112964485\ee\AOLSoftware.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Brownie\BrstsWnd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Brownie\brpjp04a.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Cathy L\My Documents\BleepingComputer\dds.scr

============== Pseudo HJT Report ===============

uWindow Title = Microsoft Internet Explorer provided by Comcast
mWindow Title = Microsoft Internet Explorer provided by Comcast
uInternet Settings,ProxyOverride = localhost;*.local
uURLSearchHooks: IAOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol toolbar\aoltb.dll
mURLSearchHooks: IAOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol toolbar\aoltb.dll
mWinlogon: Shell=Explorer.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: AOL Toolbar Loader: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol toolbar\aoltb.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol toolbar\aoltb.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [REGSHAVE] c:\program files\regshave\REGSHAVE.EXE /AUTORUN
mRun: [HostManager] c:\program files\common files\aol\1112964485\ee\AOLSoftware.exe
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [BrStsWnd] c:\program files\brownie\BrstsWnd.exe Autorun
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
dPolicies-system: DisableTaskMgr = 1 (0x1)
IE: &AOL Toolbar Search - c:\documents and settings\all users\application data\aol\ietoolbar\resources\en-us\local\search.html
IE: {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/
IE: {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/
IE: {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: musicmatch.com\online
DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} - hxxp://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
DPF: {0E0D50BC-E086-4E3A-B07D-C5C5869C0FFF} - hxxp://www.gamehouse.com/realarcade-webgames/adventureball/abx.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} - hxxp://zone.msn.com/bingame/trix/default/TriJinx.1.0.0.67.cab
DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} - hxxp://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
DPF: {3DA5D23B-EFE1-4181-ADB7-7D457567AACA} - hxxp://zone.msn.com/bingame/pacz/default/pandaonline.cab
DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} - hxxp://zone.msn.com/bingame/rtlw/default/ReflexiveWebGameLoader.cab
DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - hxxp://aolcc.aol.com/computercheckup/qdiagcc.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,99/mcinsctl.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} - hxxp://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} - hxxp://mirror.worldwinner.com/games/v45/blockwerx/blockwerx.cab
DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} - hxxp://www.gamehouse.com/realarcade-webgames/gamehouse/gamehouseplayer.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} - hxxp://us-download.mcafee.com/products/protected/mvt/mvt.cab
DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} - hxxp://legacy.aolsvc.aol.com/onlinegames/ghtumblebugs/axhost.cab
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://81.1.41.137/activex/AxisCamControl.cab
DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} - hxxp://zone.msn.com/binGame/ZAxRcMgr.cab
DPF: {ABB660B6-6694-407B-950A-EDBA5A159722} - hxxp://www.gamehouse.com/realarcade-webgames/thedavincicode/DVCDownloadControl.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} - hxxp://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://www.gamehouse.com/realarcade-webgames/zylom/zylomplayer.cab
DPF: {CA797B15-445F-4AA9-9828-8A88502F560F} - hxxp://www.worldwinner.com/games/shared/uninstall.cab
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} - hxxp://sympatico.zone.msn.com/bingame/gold/UnSkin/gf.cab
DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} - hxxp://zone.msn.com/binframework/v10/StProxy.cab55579.cab
DPF: {DADE1C2F-5A48-445C-82B5-3A5F102E84DF} - hxxp://meijer.lifepics.com/common/UserUpload/LifePicsUploader.CAB
DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} - hxxp://zone.msn.com/bingame/hsol/default/SCEWebLauncher.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://zone.msn.com/bingame/popcaploader_v10.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - hxxp://fdl.msn.com/zone/datafiles/heartbeat.cab
DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} - hxxp://chat.msn.com/bin/msnchat45.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxsrvc.dll
AppInit_DLLs: c:\windows\system32\zuvararo.dll pajoyuso.dll c:\windows\system32\yetubiyi.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: kokogonow - {e1581752-aa97-476e-b889-9e543f769c6e} - c:\windows\system32\zuvararo.dll
SSODL: dadukohow - {c91cfbbb-59d6-4722-8eeb-8e268d7f675a} - No File
STS: jugezatag: {e1581752-aa97-476e-b889-9e543f769c6e} - c:\windows\system32\zuvararo.dll
STS: {c91cfbbb-59d6-4722-8eeb-8e268d7f675a} - No File
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Authentication Packages = msv1_0 c:\windows\system32\ssqPijKB
LSA: Notification Packages = scecli gadagore.dll

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-9-22 214664]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-11-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-11-23 74480]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2008-9-22 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2008-9-22 144704]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-9-22 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-9-22 35272]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-11-23 7408]
S1 bthpann;bthpann;c:\windows\system32\drivers\bthpann.sys --> c:\windows\system32\drivers\bthpann.sys [?]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-9-22 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-9-22 40552]
S4 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2008-9-22 606736]

=============== Created Last 30 ================

2009-12-17 11:58:20 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-12-17 11:58:06 0 d-----w- c:\program files\SUPERAntiSpyware
2009-12-17 11:58:06 0 d-----w- c:\docume~1\cathyl~1\applic~1\SUPERAntiSpyware.com
2009-12-17 11:56:40 0 d-----w- c:\program files\common files\Wise Installation Wizard
2009-12-17 04:22:36 0 d-----w- c:\program files\ESET
2009-12-17 04:05:10 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-17 04:05:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-17 04:05:07 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-17 01:48:13 0 d-----w- c:\program files\CodeStuff
2009-12-13 00:48:48 0 d-----w- c:\docume~1\alluse~1\applic~1\PCDr
2009-12-13 00:45:52 0 d-----w- c:\program files\Dell Support Center
2009-12-12 18:11:04 0 d-----w- c:\docume~1\alluse~1\applic~1\IObit
2009-12-12 18:11:00 0 d-----w- c:\program files\IObit
2009-12-09 23:09:03 142592 ----a-w- c:\windows\system32\dllcache\aec.sys

==================== Find3M ====================

2009-12-12 19:01:54 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-12-12 19:01:54 96512 ----a-w- c:\windows\system32\dllcache\atapi.sys
2009-10-11 09:17:27 411368 ----a-w- c:\windows\system32\deploytk.dll
2005-03-30 09:34:25 3267395 ----a-w- c:\program files\18 - Don't Let The Rain Fall On Me .mp3
2005-03-20 20:27:03 20798256 ----a-w- c:\program files\AdbeRdr70_enu_full.exe
2005-03-20 20:23:35 6811904 ----a-w- c:\program files\psa2011se_us.exe

============= FINISH: 18:35:02.06 ===============




ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/12/17 19:17
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: ACPI.sys
Image Path: ACPI.sys
Address: 0xF7595000 Size: 187776 File Visible: - Signed: -
Status: -

Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x804D7000 Size: 2189184 File Visible: - Signed: -
Status: -

Name: aeaudio.sys
Image Path: C:\WINDOWS\system32\drivers\aeaudio.sys
Address: 0xF7B30000 Size: 4384 File Visible: - Signed: -
Status: -

Name: afd.sys
Image Path: C:\WINDOWS\System32\drivers\afd.sys
Address: 0xED813000 Size: 138496 File Visible: - Signed: -
Status: -

Name: atapi.sys
Image Path: atapi.sys
Address: 0xF754D000 Size: 96512 File Visible: - Signed: -
Status: -

Name: ATMFD.DLL
Image Path: C:\WINDOWS\System32\ATMFD.DLL
Address: 0xBFFA0000 Size: 286720 File Visible: - Signed: -
Status: -

Name: audstub.sys
Image Path: C:\WINDOWS\System32\DRIVERS\audstub.sys
Address: 0xF7CC3000 Size: 3072 File Visible: - Signed: -
Status: -

Name: bcm4sbxp.sys
Image Path: C:\WINDOWS\System32\DRIVERS\bcm4sbxp.sys
Address: 0xF6DE5000 Size: 43136 File Visible: - Signed: -
Status: -

Name: BCMSM.sys
Image Path: C:\WINDOWS\System32\DRIVERS\BCMSM.sys
Address: 0xF63FF000 Size: 1101696 File Visible: - Signed: -
Status: -

Name: Beep.SYS
Image Path: C:\WINDOWS\System32\Drivers\Beep.SYS
Address: 0xF7B66000 Size: 4224 File Visible: - Signed: -
Status: -

Name: BOOTVID.dll
Image Path: C:\WINDOWS\system32\BOOTVID.dll
Address: 0xF79F4000 Size: 12288 File Visible: - Signed: -
Status: -

Name: Cdfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Address: 0xB65EF000 Size: 63744 File Visible: - Signed: -
Status: -

Name: cdrom.sys
Image Path: C:\WINDOWS\System32\DRIVERS\cdrom.sys
Address: 0xF6DC5000 Size: 62976 File Visible: - Signed: -
Status: -

Name: CLASSPNP.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS
Address: 0xF7624000 Size: 53248 File Visible: - Signed: -
Status: -

Name: disk.sys
Image Path: disk.sys
Address: 0xF7614000 Size: 36352 File Visible: - Signed: -
Status: -

Name: drmk.sys
Image Path: C:\WINDOWS\system32\drivers\drmk.sys
Address: 0xF6DA5000 Size: 61440 File Visible: - Signed: -
Status: -

Name: drvmcdb.sys
Image Path: drvmcdb.sys
Address: 0xF7506000 Size: 82496 File Visible: - Signed: -
Status: -

Name: drvnddm.sys
Image Path: C:\WINDOWS\system32\drivers\drvnddm.sys
Address: 0xBA6EC000 Size: 38208 File Visible: - Signed: -
Status: -

Name: Dxapi.sys
Image Path: C:\WINDOWS\System32\drivers\Dxapi.sys
Address: 0xB6C19000 Size: 12288 File Visible: - Signed: -
Status: -

Name: dxg.sys
Image Path: C:\WINDOWS\System32\drivers\dxg.sys
Address: 0xBF9C3000 Size: 73728 File Visible: - Signed: -
Status: -

Name: dxgthk.sys
Image Path: C:\WINDOWS\System32\drivers\dxgthk.sys
Address: 0xF7BEB000 Size: 4096 File Visible: - Signed: -
Status: -

Name: Fastfat.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fastfat.SYS
Address: 0xB5BCB000 Size: 143744 File Visible: - Signed: -
Status: -

Name: fdc.sys
Image Path: C:\WINDOWS\System32\DRIVERS\fdc.sys
Address: 0xF78EC000 Size: 27392 File Visible: - Signed: -
Status: -

Name: Fips.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fips.SYS
Address: 0xF77F4000 Size: 44544 File Visible: - Signed: -
Status: -

Name: flpydisk.sys
Image Path: C:\WINDOWS\System32\DRIVERS\flpydisk.sys
Address: 0xF79AC000 Size: 20480 File Visible: - Signed: -
Status: -

Name: fltmgr.sys
Image Path: fltmgr.sys
Address: 0xF752D000 Size: 129792 File Visible: - Signed: -
Status: -

Name: Fs_Rec.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Address: 0xF7B64000 Size: 7936 File Visible: - Signed: -
Status: -

Name: ftdisk.sys
Image Path: ftdisk.sys
Address: 0xF7565000 Size: 125056 File Visible: - Signed: -
Status: -

Name: GEARAspiWDM.sys
Image Path: C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys
Address: 0xF7A78000 Size: 9984 File Visible: - Signed: -
Status: -

Name: hal.dll
Image Path: C:\WINDOWS\system32\hal.dll
Address: 0x806EE000 Size: 131840 File Visible: - Signed: -
Status: -

Name: HIDCLASS.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS
Address: 0xEDB30000 Size: 36864 File Visible: - Signed: -
Status: -

Name: HIDPARSE.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS
Address: 0xF79C4000 Size: 28672 File Visible: - Signed: -
Status: -

Name: hidusb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\hidusb.sys
Address: 0xED95A000 Size: 10368 File Visible: - Signed: -
Status: -

Name: HTTP.sys
Image Path: C:\WINDOWS\System32\Drivers\HTTP.sys
Address: 0xB531E000 Size: 264832 File Visible: - Signed: -
Status: -

Name: i2omgmt.SYS
Image Path: C:\WINDOWS\System32\Drivers\i2omgmt.SYS
Address: 0xF732C000 Size: 8576 File Visible: - Signed: -
Status: -

Name: ialmdd5.DLL
Image Path: C:\WINDOWS\System32\ialmdd5.DLL
Address: 0xBFA2E000 Size: 905216 File Visible: - Signed: -
Status: -

Name: ialmdev5.DLL
Image Path: C:\WINDOWS\System32\ialmdev5.DLL
Address: 0xBFA02000 Size: 180224 File Visible: - Signed: -
Status: -

Name: ialmdnt5.dll
Image Path: C:\WINDOWS\System32\ialmdnt5.dll
Address: 0xBF9E3000 Size: 126976 File Visible: - Signed: -
Status: -

Name: ialmnt5.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ialmnt5.sys
Address: 0xF6544000 Size: 807872 File Visible: - Signed: -
Status: -

Name: ialmrnt5.dll
Image Path: C:\WINDOWS\System32\ialmrnt5.dll
Address: 0xBF9D5000 Size: 57344 File Visible: - Signed: -
Status: -

Name: intelppm.sys
Image Path: C:\WINDOWS\System32\DRIVERS\intelppm.sys
Address: 0xF6DF5000 Size: 36352 File Visible: - Signed: -
Status: -

Name: ipfltdrv.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys
Address: 0xF77A4000 Size: 32896 File Visible: - Signed: -
Status: -

Name: ipnat.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ipnat.sys
Address: 0xED85D000 Size: 152832 File Visible: - Signed: -
Status: -

Name: ipsec.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ipsec.sys
Address: 0xED903000 Size: 75264 File Visible: - Signed: -
Status: -

Name: isapnp.sys
Image Path: isapnp.sys
Address: 0xF75E4000 Size: 37248 File Visible: - Signed: -
Status: -

Name: kbdclass.sys
Image Path: C:\WINDOWS\System32\DRIVERS\kbdclass.sys
Address: 0xF7914000 Size: 24576 File Visible: - Signed: -
Status: -

Name: kbdhid.sys
Image Path: C:\WINDOWS\system32\DRIVERS\kbdhid.sys
Address: 0xED942000 Size: 14592 File Visible: - Signed: -
Status: -

Name: KDCOM.DLL
Image Path: C:\WINDOWS\system32\KDCOM.DLL
Address: 0xF7AE4000 Size: 8192 File Visible: - Signed: -
Status: -

Name: ks.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ks.sys
Address: 0xF63DC000 Size: 143360 File Visible: - Signed: -
Status: -

Name: KSecDD.sys
Image Path: KSecDD.sys
Address: 0xF74EF000 Size: 92288 File Visible: - Signed: -
Status: -

Name: MASPINT.SYS
Image Path: C:\WINDOWS\System32\Drivers\MASPINT.SYS
Address: 0xB5B12000 Size: 8224 File Visible: - Signed: -
Status: -

Name: mfeavfk.sys
Image Path: C:\WINDOWS\system32\drivers\mfeavfk.sys
Address: 0xB563A000 Size: 73088 File Visible: - Signed: -
Status: -

Name: mfebopk.sys
Image Path: C:\WINDOWS\system32\drivers\mfebopk.sys
Address: 0xF7994000 Size: 28544 File Visible: - Signed: -
Status: -

Name: mfehidk.sys
Image Path: C:\WINDOWS\system32\drivers\mfehidk.sys
Address: 0xED6F8000 Size: 207936 File Visible: - Signed: -
Status: -

Name: mnmdd.SYS
Image Path: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Address: 0xF7B68000 Size: 4224 File Visible: - Signed: -
Status: -

Name: Modem.SYS
Image Path: C:\WINDOWS\System32\Drivers\Modem.SYS
Address: 0xF78E4000 Size: 30080 File Visible: - Signed: -
Status: -

Name: mouclass.sys
Image Path: C:\WINDOWS\System32\DRIVERS\mouclass.sys
Address: 0xF791C000 Size: 23040 File Visible: - Signed: -
Status: -

Name: mouhid.sys
Image Path: C:\WINDOWS\System32\DRIVERS\mouhid.sys
Address: 0xED93E000 Size: 12160 File Visible: - Signed: -
Status: -

Name: MountMgr.sys
Image Path: MountMgr.sys
Address: 0xF75F4000 Size: 42368 File Visible: - Signed: -
Status: -

Name: Mpfp.sys
Image Path: C:\WINDOWS\System32\Drivers\Mpfp.sys
Address: 0xED883000 Size: 159744 File Visible: - Signed: -
Status: -

Name: mrxdav.sys
Image Path: C:\WINDOWS\System32\DRIVERS\mrxdav.sys
Address: 0xB5B76000 Size: 180608 File Visible: - Signed: -
Status: -

Name: mrxsmb.sys
Image Path: C:\WINDOWS\System32\DRIVERS\mrxsmb.sys
Address: 0xED72B000 Size: 455296 File Visible: - Signed: -
Status: -

Name: Msfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Msfs.SYS
Address: 0xF79D4000 Size: 19072 File Visible: - Signed: -
Status: -

Name: msgpc.sys
Image Path: C:\WINDOWS\System32\DRIVERS\msgpc.sys
Address: 0xF7694000 Size: 35072 File Visible: - Signed: -
Status: -

Name: mssmbios.sys
Image Path: C:\WINDOWS\System32\DRIVERS\mssmbios.sys
Address: 0xF7A94000 Size: 15488 File Visible: - Signed: -
Status: -

Name: Mup.sys
Image Path: Mup.sys
Address: 0xF741B000 Size: 105344 File Visible: - Signed: -
Status: -

Name: NDIS.sys
Image Path: NDIS.sys
Address: 0xF7435000 Size: 182656 File Visible: - Signed: -
Status: -

Name: ndistapi.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ndistapi.sys
Address: 0xF7A80000 Size: 10112 File Visible: - Signed: -
Status: -

Name: ndisuio.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ndisuio.sys
Address: 0xB85C6000 Size: 14592 File Visible: - Signed: -
Status: -

Name: ndiswan.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ndiswan.sys
Address: 0xF6307000 Size: 91520 File Visible: - Signed: -
Status: -

Name: NDProxy.SYS
Image Path: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Address: 0xF76B4000 Size: 40576 File Visible: - Signed: -
Status: -

Name: netbios.sys
Image Path: C:\WINDOWS\System32\DRIVERS\netbios.sys
Address: 0xF77B4000 Size: 34688 File Visible: - Signed: -
Status: -

Name: netbt.sys
Image Path: C:\WINDOWS\System32\DRIVERS\netbt.sys
Address: 0xED835000 Size: 162816 File Visible: - Signed: -
Status: -

Name: Npfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Npfs.SYS
Address: 0xF79DC000 Size: 30848 File Visible: - Signed: -
Status: -

Name: Ntfs.sys
Image Path: Ntfs.sys
Address: 0xF7462000 Size: 574976 File Visible: - Signed: -
Status: -

Name: ntoskrnl.exe
Image Path: C:\WINDOWS\system32\ntoskrnl.exe
Address: 0x804D7000 Size: 2189184 File Visible: - Signed: -
Status: -

Name: Null.SYS
Image Path: C:\WINDOWS\System32\Drivers\Null.SYS
Address: 0xF7C1A000 Size: 2944 File Visible: - Signed: -
Status: -

Name: omci.sys
Image Path: C:\WINDOWS\System32\DRIVERS\omci.sys
Address: 0xF7924000 Size: 17152 File Visible: - Signed: -
Status: -

Name: parport.sys
Image Path: C:\WINDOWS\System32\DRIVERS\parport.sys
Address: 0xF63C8000 Size: 80128 File Visible: - Signed: -
Status: -

Name: PartMgr.sys
Image Path: PartMgr.sys
Address: 0xF786C000 Size: 19712 File Visible: - Signed: -
Status: -

Name: ParVdm.SYS
Image Path: C:\WINDOWS\System32\Drivers\ParVdm.SYS
Address: 0xF7B5C000 Size: 6784 File Visible: - Signed: -
Status: -

Name: pci.sys
Image Path: pci.sys
Address: 0xF7584000 Size: 68224 File Visible: - Signed: -
Status: -

Name: pciide.sys
Image Path: pciide.sys
Address: 0xF7BAC000 Size: 3328 File Visible: - Signed: -
Status: -

Name: PCIIDEX.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\PCIIDEX.SYS
Address: 0xF7864000 Size: 28672 File Visible: - Signed: -
Status: -

Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x804D7000 Size: 2189184 File Visible: - Signed: -
Status: -

Name: portcls.sys
Image Path: C:\WINDOWS\system32\drivers\portcls.sys
Address: 0xF631E000 Size: 147456 File Visible: - Signed: -
Status: -

Name: psched.sys
Image Path: C:\WINDOWS\System32\DRIVERS\psched.sys
Address: 0xF62F6000 Size: 69120 File Visible: - Signed: -
Status: -

Name: ptilink.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ptilink.sys
Address: 0xF78FC000 Size: 17792 File Visible: - Signed: -
Status: -

Name: PxHelp20.sys
Image Path: PxHelp20.sys
Address: 0xF7634000 Size: 35712 File Visible: - Signed: -
Status: -

Name: rasacd.sys
Image Path: C:\WINDOWS\System32\DRIVERS\rasacd.sys
Address: 0xF7324000 Size: 8832 File Visible: - Signed: -
Status: -

Name: rasl2tp.sys
Image Path: C:\WINDOWS\System32\DRIVERS\rasl2tp.sys
Address: 0xF7664000 Size: 51328 File Visible: - Signed: -
Status: -

Name: raspppoe.sys
Image Path: C:\WINDOWS\System32\DRIVERS\raspppoe.sys
Address: 0xF7674000 Size: 41472 File Visible: - Signed: -
Status: -

Name: raspptp.sys
Image Path: C:\WINDOWS\System32\DRIVERS\raspptp.sys
Address: 0xF7684000 Size: 48384 File Visible: - Signed: -
Status: -

Name: raspti.sys
Image Path: C:\WINDOWS\System32\DRIVERS\raspti.sys
Address: 0xF7904000 Size: 16512 File Visible: - Signed: -
Status: -

Name: RAW
Image Path: \FileSystem\RAW
Address: 0x804D7000 Size: 2189184 File Visible: - Signed: -
Status: -

Name: rdbss.sys
Image Path: C:\WINDOWS\System32\DRIVERS\rdbss.sys
Address: 0xED7C3000 Size: 175744 File Visible: - Signed: -
Status: -

Name: RDPCDD.sys
Image Path: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Address: 0xF7B6A000 Size: 4224 File Visible: - Signed: -
Status: -

Name: redbook.sys
Image Path: C:\WINDOWS\System32\DRIVERS\redbook.sys
Address: 0xF6DB5000 Size: 57600 File Visible: - Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB4FAE000 Size: 49152 File Visible: No Signed: -
Status: -

Name: SASDIFSV.SYS
Image Path: C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
Address: 0xF789C000 Size: 24576 File Visible: - Signed: -
Status: -

Name: SASENUM.SYS
Image Path: C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
Address: 0xB6A1D000 Size: 20480 File Visible: - Signed: -
Status: -

Name: SASKUTIL.sys
Image Path: C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
Address: 0xED7EE000 Size: 151552 File Visible: - Signed: -
Status: -

Name: serenum.sys
Image Path: C:\WINDOWS\System32\DRIVERS\serenum.sys
Address: 0xF7A74000 Size: 15744 File Visible: - Signed: -
Status: -

Name: serial.sys
Image Path: C:\WINDOWS\System32\DRIVERS\serial.sys
Address: 0xF6DD5000 Size: 64512 File Visible: - Signed: -
Status: -

Name: smwdm.sys
Image Path: C:\WINDOWS\system32\drivers\smwdm.sys
Address: 0xF6342000 Size: 545024 File Visible: - Signed: -
Status: -

Name: sr.sys
Image Path: sr.sys
Address: 0xF751B000 Size: 73472 File Visible: - Signed: -
Status: -

Name: srv.sys
Image Path: C:\WINDOWS\System32\DRIVERS\srv.sys
Address: 0xB5994000 Size: 333952 File Visible: - Signed: -
Status: -

Name: sscdbhk5.sys
Image Path: C:\WINDOWS\system32\drivers\sscdbhk5.sys
Address: 0xF7B2E000 Size: 5568 File Visible: - Signed: -
Status: -

Name: ssrtln.sys
Image Path: C:\WINDOWS\system32\drivers\ssrtln.sys
Address: 0xF79BC000 Size: 23168 File Visible: - Signed: -
Status: -

Name: swenum.sys
Image Path: C:\WINDOWS\System32\DRIVERS\swenum.sys
Address: 0xF7B32000 Size: 4352 File Visible: - Signed: -
Status: -

Name: sysaudio.sys
Image Path: C:\WINDOWS\system32\drivers\sysaudio.sys
Address: 0xB6148000 Size: 60800 File Visible: - Signed: -
Status: -

Name: tcpip.sys
Image Path: C:\WINDOWS\System32\DRIVERS\tcpip.sys
Address: 0xED8AA000 Size: 361600 File Visible: - Signed: -
Status: -

Name: TDI.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\TDI.SYS
Address: 0xF78F4000 Size: 20480 File Visible: - Signed: -
Status: -

Name: termdd.sys
Image Path: C:\WINDOWS\System32\DRIVERS\termdd.sys
Address: 0xF76A4000 Size: 40704 File Visible: - Signed: -
Status: -

Name: tfsnboio.sys
Image Path: C:\WINDOWS\system32\dla\tfsnboio.sys
Address: 0xB5D52000 Size: 25632 File Visible: - Signed: -
Status: -

Name: tfsncofs.sys
Image Path: C:\WINDOWS\system32\dla\tfsncofs.sys
Address: 0xBA6DC000 Size: 34784 File Visible: - Signed: -
Status: -

Name: tfsndrct.sys
Image Path: C:\WINDOWS\system32\dla\tfsndrct.sys
Address: 0xB6558000 Size: 4064 File Visible: - Signed: -
Status: -

Name: tfsndres.sys
Image Path: C:\WINDOWS\system32\dla\tfsndres.sys
Address: 0xB6559000 Size: 2176 File Visible: - Signed: -
Status: -

Name: tfsnifs.sys
Image Path: C:\WINDOWS\system32\dla\tfsnifs.sys
Address: 0xB5C85000 Size: 83232 File Visible: - Signed: -
Status: -

Name: tfsnopio.sys
Image Path: C:\WINDOWS\system32\dla\tfsnopio.sys
Address: 0xBA908000 Size: 14176 File Visible: - Signed: -
Status: -

Name: tfsnpool.sys
Image Path: C:\WINDOWS\system32\dla\tfsnpool.sys
Address: 0xB6D3C000 Size: 6304 File Visible: - Signed: -
Status: -

Name: tfsnudf.sys
Image Path: C:\WINDOWS\system32\dla\tfsnudf.sys
Address: 0xB5C6D000 Size: 98016 File Visible: - Signed: -
Status: -

Name: tfsnudfa.sys
Image Path: C:\WINDOWS\system32\dla\tfsnudfa.sys
Address: 0xB5C54000 Size: 100320 File Visible: - Signed: -
Status: -

Name: update.sys
Image Path: C:\WINDOWS\System32\DRIVERS\update.sys
Address: 0xF6298000 Size: 384768 File Visible: - Signed: -
Status: -

Name: USBD.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\USBD.SYS
Address: 0xF7B42000 Size: 8192 File Visible: - Signed: -
Status: -

Name: usbehci.sys
Image Path: C:\WINDOWS\System32\DRIVERS\usbehci.sys
Address: 0xF78DC000 Size: 30208 File Visible: - Signed: -
Status: -

Name: usbhub.sys
Image Path: C:\WINDOWS\System32\DRIVERS\usbhub.sys
Address: 0xF662A000 Size: 59520 File Visible: - Signed: -
Status: -

Name: USBPORT.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\USBPORT.SYS
Address: 0xF650C000 Size: 147456 File Visible: - Signed: -
Status: -

Name: usbuhci.sys
Image Path: C:\WINDOWS\System32\DRIVERS\usbuhci.sys
Address: 0xF78D4000 Size: 20608 File Visible: - Signed: -
Status: -

Name: vga.sys
Image Path: C:\WINDOWS\System32\drivers\vga.sys
Address: 0xF79CC000 Size: 20992 File Visible: - Signed: -
Status: -

Name: VIDEOPRT.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\VIDEOPRT.SYS
Address: 0xF6530000 Size: 81920 File Visible: - Signed: -
Status: -

Name: VolSnap.sys
Image Path: VolSnap.sys
Address: 0xF7604000 Size: 52352 File Visible: - Signed: -
Status: -

Name: wanarp.sys
Image Path: C:\WINDOWS\System32\DRIVERS\wanarp.sys
Address: 0xED45A000 Size: 34560 File Visible: - Signed: -
Status: -

Name: wanatw4.sys
Image Path: C:\WINDOWS\System32\DRIVERS\wanatw4.sys
Address: 0xF790C000 Size: 20512 File Visible: - Signed: -
Status: -

Name: watchdog.sys
Image Path: C:\WINDOWS\System32\watchdog.sys
Address: 0xB61B0000 Size: 20480 File Visible: - Signed: -
Status: -

Name: wdmaud.sys
Image Path: C:\WINDOWS\system32\drivers\wdmaud.sys
Address: 0xB5BEF000 Size: 83072 File Visible: - Signed: -
Status: -

Name: Win32k
Image Path: \Driver\Win32k
Address: 0xBF800000 Size: 1847296 File Visible: - Signed: -
Status: -

Name: win32k.sys
Image Path: C:\WINDOWS\System32\win32k.sys
Address: 0xBF800000 Size: 1847296 File Visible: - Signed: -
Status: -

Name: WMILIB.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\WMILIB.SYS
Address: 0xF7AE6000 Size: 8192 File Visible: - Signed: -
Status: -

Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x804D7000 Size: 2189184 File Visible: - Signed: -
Status: -

Name: ws2ifsl.sys
Image Path: C:\WINDOWS\System32\drivers\ws2ifsl.sys
Address: 0xF7318000 Size: 12032 File Visible: - Signed: -
Status: -

Attached Files



BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:03:33 PM

Posted 18 December 2009 - 08:56 AM

Hello, my name is fenzodahl512 and welcome to the forum.. Please do the following....


Please download The Comedian.exe by Rorschach112 to your desktop
  • Please disable all of your antivirus/firewall before doing this step. Please visit HERE if you don't know how..
  • Double click the program to run it. It will only take around several minutes to run.
  • It will do a series of tasks and tell you when each one is finished.
  • You will be prompted to press any key after each step
  • When it is done it will close and exit itself automatically.
  • You can delete The_Comedian.exe once it is finished
STOP! if you can't complete this step.. Tell me more about it..



NEXT


Please download OTL by OldTimer and save it to your desktop.

Under the Custom Scans/Fixes box paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT

Don't change any setting... Just click on the Run Scan button.. Let it scan till finish..

Then a log will pop-up at your Desktop. Post the content of the log here



NEXT


We need to scan for Rootkits with GMER
  • Please download GMER from one of the following locations, and save it to your desktop:
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zip Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Close any and all open programs, as this process may crash your computer.
  • Double click Posted Image or Posted Image on your desktop.
  • Allow the gmer.sys driver to load if asked.
  • You may see this window. If you do, click No.
    Posted Image
  • Click on Posted Image and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push Posted Image and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.


Post me these logs in your next reply.. Post each log in separate post..

1. OTL
2. GMER

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 Brian E

Brian E
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:33 AM

Posted 18 December 2009 - 06:12 PM

Thanks for the quick response.

OTL created two logs. One is called OTL. The other was Extras.txt. I've post the OTL and attached the Extras.

Here's the OTL Log:

OTL logfile created on: 12/18/2009 5:32:18 PM - Run 1
OTL by OldTimer - Version 3.1.18.0 Folder = C:\Documents and Settings\Cathy L\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

766.00 Mb Total Physical Memory | 409.80 Mb Available Physical Memory | 53.50% Memory free
2.21 Gb Paging File | 1.79 Gb Available in Paging File | 81.04% Paging File free
Paging file location(s): C:\pagefile.sys 1536 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 12.92 Gb Free Space | 34.69% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CATHY
Current User Name: Cathy L
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/12/18 17:31:44 | 00,564,736 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cathy L\Desktop\OTL.exe
PRC - [2009/11/23 08:43:26 | 02,001,648 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2009/10/29 06:54:44 | 01,218,008 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2009/10/27 11:19:46 | 00,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2009/10/11 04:17:36 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/09/16 09:22:08 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2009/09/16 08:28:38 | 00,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/07/09 23:26:20 | 00,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2009/07/08 10:54:34 | 00,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 18:10:02 | 02,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2008/11/20 13:20:54 | 00,290,088 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2008/11/20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/10/15 02:06:26 | 00,633,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/06/24 13:34:50 | 00,041,824 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\1112964485\EE\aolsoftware.exe
PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/11 12:54:44 | 00,090,112 | ---- | M] (brother) -- C:\Program Files\Brownie\brpjp04a.exe
PRC - [2008/01/08 09:28:02 | 00,864,256 | ---- | M] (brother) -- C:\Program Files\Brownie\BrStsWnd.exe
PRC - [2006/10/23 07:50:35 | 00,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
PRC - [2004/10/15 15:54:14 | 00,100,016 | ---- | M] (America Online, Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
PRC - [2004/10/15 15:54:12 | 00,046,768 | ---- | M] (America Online Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
PRC - [2003/08/27 10:27:44 | 00,065,536 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\wanmpsvc.exe


========== Modules (SafeList) ==========

MOD - [2009/12/18 17:31:44 | 00,564,736 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cathy L\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2009/10/27 11:19:46 | 00,895,696 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/09/16 10:23:32 | 00,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/09/16 09:22:08 | 00,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/09/16 08:28:38 | 00,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/07/09 23:26:20 | 00,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2009/07/08 10:54:34 | 00,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 18:10:02 | 02,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2008/11/20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2007/01/19 11:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2006/10/23 07:50:35 | 00,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
SRV - [2004/10/15 15:54:14 | 00,100,016 | ---- | M] (America Online, Inc) [Auto | Running] -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe -- (AOL TopSpeedMonitor)
SRV - [2004/07/15 00:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state)
SRV - [2003/08/27 10:27:44 | 00,065,536 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\WINDOWS\wanmpsvc.exe -- (WANMiniportService) WAN Miniport (ATW)


========== Driver Services (SafeList) ==========

DRV - [2009/11/23 08:43:30 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/11/23 08:43:30 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Running] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/11/23 08:43:28 | 00,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/09/16 09:22:48 | 00,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfehidk.sys -- (mfehidk)
DRV - [2009/09/16 09:22:48 | 00,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys -- (mfeavfk)
DRV - [2009/09/16 09:22:48 | 00,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 09:22:48 | 00,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys -- (mfebopk)
DRV - [2009/09/16 09:22:14 | 00,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mferkdk.sys -- (mferkdk)
DRV - [2009/07/16 11:32:26 | 00,120,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\Mpfp.sys -- (MPFP)
DRV - [2008/04/17 12:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2008/04/13 13:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 13:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\secdrv.sys -- (Secdrv)
DRV - [2007/03/07 18:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\PxHelp20.sys -- (PxHelp20)
DRV - [2005/10/19 07:59:12 | 00,807,998 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ialmnt5.sys -- (ialm)
DRV - [2004/08/04 00:29:54 | 01,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys -- (nv)
DRV - [2004/08/04 00:29:49 | 00,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys -- (iAimFP4)
DRV - [2004/08/04 00:29:47 | 00,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys -- (iAimFP3)
DRV - [2004/08/04 00:29:45 | 00,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys -- (iAimTV4)
DRV - [2004/08/04 00:29:43 | 00,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys -- (iAimTV3)
DRV - [2004/08/04 00:29:42 | 00,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys -- (iAimTV1)
DRV - [2004/08/04 00:29:41 | 00,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys -- (iAimTV0)
DRV - [2004/08/04 00:29:37 | 00,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys -- (iAimFP0)
DRV - [2004/08/04 00:29:37 | 00,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys -- (iAimFP1)
DRV - [2004/08/04 00:29:37 | 00,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys -- (iAimFP2)
DRV - [2004/08/04 00:29:36 | 00,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x)
DRV - [2003/11/07 04:50:00 | 00,070,798 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\LMouFlt2.Sys -- (LMouFlt2)
DRV - [2003/11/07 04:50:00 | 00,051,486 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\L8042PR2.SYS -- (L8042PR2)
DRV - [2003/11/07 04:50:00 | 00,037,884 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\LHidUsb.sys -- (LHidUsb)
DRV - [2003/11/07 04:50:00 | 00,025,502 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\LHidFlt2.Sys -- (LHidFlt2)
DRV - [2003/09/07 21:14:18 | 00,020,648 | R--- | M] (Thomson Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\netrcacm.sys -- (netrcacm)
DRV - [2003/08/29 04:59:24 | 01,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\BCMSM.sys -- (BCMModem)
DRV - [2003/08/06 02:04:00 | 00,100,373 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2003/08/06 02:04:00 | 00,098,068 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2003/08/06 02:04:00 | 00,083,284 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2003/08/06 02:04:00 | 00,034,837 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2003/08/06 02:04:00 | 00,025,685 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2003/08/06 02:04:00 | 00,014,229 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2003/08/06 02:04:00 | 00,006,357 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2003/08/06 02:04:00 | 00,004,117 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2003/08/06 02:04:00 | 00,002,233 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndres.sys -- (tfsndres)
DRV - [2003/07/31 04:21:00 | 00,084,576 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2003/07/14 12:28:40 | 00,005,621 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\sscdbhk5.sys -- (sscdbhk5)
DRV - [2003/07/14 12:28:22 | 00,023,219 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ssrtln.sys -- (ssrtln)
DRV - [2003/06/20 03:56:00 | 00,040,448 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\drvnddm.sys -- (drvnddm)
DRV - [2003/05/23 13:58:30 | 00,043,136 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2003/04/15 11:40:54 | 00,113,504 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ialmsbw.sys -- ({6080A529-897E-4629-A488-ABA0C29B635E}) Intel® Graphics Platform (SoftBIOS)
DRV - [2003/04/15 11:40:46 | 00,078,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ialmkchw.sys -- ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91}) Intel® Graphics Chipset (KCH)
DRV - [2003/02/28 10:17:18 | 00,545,024 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\smwdm.sys -- (smwdm)
DRV - [2003/01/10 16:13:04 | 00,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2002/11/08 14:45:06 | 00,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2002/08/29 06:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\PTILINK.SYS -- (Ptilink)
DRV - [2002/06/21 18:42:50 | 00,008,224 | ---- | M] (MicroStaff Co.,Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\MASPINT.SYS -- (MASPINT)
DRV - [2002/04/01 14:15:00 | 00,004,816 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\aeaudio.sys -- (aeaudio)
DRV - [2001/08/17 15:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 15:07:42 | 00,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 15:07:40 | 00,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 15:07:36 | 00,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 15:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 14:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 14:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 14:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 14:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 14:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 14:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 14:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 14:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 14:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 14:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 14:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 13:11:06 | 00,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90XBC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
IE - HKLM\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;*.local



O1 HOSTS File: (734 bytes) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (AOL Toolbar Loader) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe (brother)
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1112964485\EE\aolsoftware.exe (AOL LLC)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\SYSTEM32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE (FUJI PHOTO FILM CO., LTD.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &AOL Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html ()
O9 - Extra Button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - File not found
O9 - Extra Button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - File not found
O9 - Extra Button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O15 - HKLM\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab (StagingUI Object)
O16 - DPF: {0E0D50BC-E086-4E3A-B07D-C5C5869C0FFF} http://www.gamehouse.com/realarcade-webgam...ureball/abx.cab (Abx Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shock...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.macromedia.com/get/shock...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} http://zone.msn.com/bingame/trix/default/T...nx.1.0.0.67.cab (CPlayFirstTriJinxControl Object)
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab (MSN Games – Buddy Invite)
O16 - DPF: {3DA5D23B-EFE1-4181-ADB7-7D457567AACA} http://zone.msn.com/bingame/pacz/default/pandaonline.cab (TGOnlineCtrl Class)
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} http://zone.msn.com/bingame/rtlw/default/R...bGameLoader.cab (WebGameLoader Class)
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} http://aolcc.aol.com/computercheckup/qdiagcc.cab (QDiagAOLCCUpdateObj Class)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/m...99/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab (ZonePAChat Object)
O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} http://mirror.worldwinner.com/games/v45/bl...x/blockwerx.cab (Blockwerx Control)
O16 - DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} http://www.gamehouse.com/realarcade-webgam...houseplayer.cab (GameHouse Games Player)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} http://us-download.mcafee.com/products/protected/mvt/mvt.cab (McAfee Virtual Technician Control Class)
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} http://legacy.aolsvc.aol.com/onlinegames/g...bugs/axhost.cab (WildfireActiveXHost Class)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://81.1.41.137/activex/AxisCamControl.cab (CamImage Class)
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} http://zone.msn.com/binGame/ZAxRcMgr.cab (ZoneAxRcMgr Class)
O16 - DPF: {ABB660B6-6694-407B-950A-EDBA5A159722} http://www.gamehouse.com/realarcade-webgam...loadControl.cab (DVC Download Control)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} http://games-dl.real.com/gameconsole/Bundl...ArcadeRdxIE.cab (RealArcadeRdxIE Class)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcafee.com/molbin/shared/m...,21/mcgdmgr.cab (Reg Error: Key error.)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} http://www.gamehouse.com/realarcade-webgam...zylomplayer.cab (Zylom Games Player)
O16 - DPF: {CA797B15-445F-4AA9-9828-8A88502F560F} http://www.worldwinner.com/games/shared/uninstall.cab (Uninstall Control)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} http://sympatico.zone.msn.com/bingame/gold/UnSkin/gf.cab (TikGames Online Control)
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} http://zone.msn.com/binframework/v10/StProxy.cab55579.cab (MSN Games – Game Communicator)
O16 - DPF: {DADE1C2F-5A48-445C-82B5-3A5F102E84DF} http://meijer.lifepics.com/common/UserUplo...icsUploader.CAB (LifePicsUploader.UserControl1)
O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} http://zone.msn.com/bingame/hsol/default/SCEWebLauncher.cab (SCEWebLauncherCtl Object)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://zone.msn.com/bingame/popcaploader_v10.cab (PopCapLoader Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} http://fdl.msn.com/zone/datafiles/heartbeat.cab (HeartbeatCtl Class)
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} http://chat.msn.com/bin/msnchat45.cab (MSN Chat Control 4.5)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 192.168.0.1
O18 - Protocol\Handler\bw+0 {18b08ece-af38-40f1-ba9a-3408db81c9e6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw+0s {18b08ece-af38-40f1-ba9a-3408db81c9e6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw-0 {18b08ece-af38-40f1-ba9a-3408db81c9e6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw00 {18b08ece-af38-40f1-ba9a-3408db81c9e6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw00s {18b08ece-af38-40f1-ba9a-3408db81c9e6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw-0s {18b08ece-af38-40f1-ba9a-3408db81c9e6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw10 {18b08ece-af38-40f1-ba9a-3408db81c9e6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw10s {18b08ece-af38-40f1-ba9a-3408db81c9e6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw20 {18b08ece-af38-40f1-ba9a-3408db81c9e6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw20s {18b08ece-af38-40f1-ba9a-3408db81c9e6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw30 {18b08ece-af38-40f1-ba9a-3408db81c9e6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw30s {18b08ece-af38-40f1-ba9a-3408db81c9e6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw40 {18b08ece-af38-40f1-ba9a-3408db81c9e6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw40s {18b08ece-af38-40f1-ba9a-3408db81c9e6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw50 {18b08ece-af38-40f1-ba9a-3408db81c9e6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw50s {18b08ece-af38-40f1-ba9a-3408db81c9e6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw60 {18b08ece-af38-40f1-ba9a-3408db81c9e6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw60s {18b08ece-af38-40f1-ba9a-3408db81c9e6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw70 {18b08ece-af38-40f1-ba9a-3408db81c9e6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw70s {18b08ece-af38-40f1-ba9a-3408db81c9e6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw80 {18b08ece-af38-40f1-ba9a-3408db81c9e6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw80s {18b08ece-af38-40f1-ba9a-3408db81c9e6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw90 {18b08ece-af38-40f1-ba9a-3408db81c9e6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw90s {18b08ece-af38-40f1-ba9a-3408db81c9e6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwa0 {18b08ece-af38-40f1-ba9a-3408db81c9e6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwa0s {18b08ece-af38-40f1-ba9a-3408db81c9e6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwb0 {18b08ece-af38-40f1-ba9a-3408db81c9e6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwb0s {18b08ece-af38-40f1-ba9a-3408db81c9e6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwc0 {18b08ece-af38-40f1-ba9a-3408db81c9e6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwc0s {18b08ece-af38-40f1-ba9a-3408db81c9e6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwd0 {18b08ece-af38-40f1-ba9a-3408db81c9e6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwd0s {18b08ece-af38-40f1-ba9a-3408db81c9e6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwe0 {18b08ece-af38-40f1-ba9a-3408db81c9e6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwe0s {18b08ece-af38-40f1-ba9a-3408db81c9e6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwf0 {18b08ece-af38-40f1-ba9a-3408db81c9e6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwf0s {18b08ece-af38-40f1-ba9a-3408db81c9e6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwg0 {18b08ece-af38-40f1-ba9a-3408db81c9e6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwg0s {18b08ece-af38-40f1-ba9a-3408db81c9e6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwh0 {18b08ece-af38-40f1-ba9a-3408db81c9e6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwh0s {18b08ece-af38-40f1-ba9a-3408db81c9e6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwi0 {18b08ece-af38-40f1-ba9a-3408db81c9e6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwi0s {18b08ece-af38-40f1-ba9a-3408db81c9e6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwj0 {18b08ece-af38-40f1-ba9a-3408db81c9e6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwj0s {18b08ece-af38-40f1-ba9a-3408db81c9e6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwk0 {18b08ece-af38-40f1-ba9a-3408db81c9e6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwk0s {18b08ece-af38-40f1-ba9a-3408db81c9e6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwl0 {18b08ece-af38-40f1-ba9a-3408db81c9e6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwl0s {18b08ece-af38-40f1-ba9a-3408db81c9e6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwm0 {18b08ece-af38-40f1-ba9a-3408db81c9e6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwm0s {18b08ece-af38-40f1-ba9a-3408db81c9e6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwn0 {18b08ece-af38-40f1-ba9a-3408db81c9e6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwn0s {18b08ece-af38-40f1-ba9a-3408db81c9e6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwo0 {18b08ece-af38-40f1-ba9a-3408db81c9e6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwo0s {18b08ece-af38-40f1-ba9a-3408db81c9e6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwp0 {18b08ece-af38-40f1-ba9a-3408db81c9e6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwp0s {18b08ece-af38-40f1-ba9a-3408db81c9e6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwq0 {18b08ece-af38-40f1-ba9a-3408db81c9e6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwq0s {18b08ece-af38-40f1-ba9a-3408db81c9e6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwr0 {18b08ece-af38-40f1-ba9a-3408db81c9e6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwr0s {18b08ece-af38-40f1-ba9a-3408db81c9e6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bws0 {18b08ece-af38-40f1-ba9a-3408db81c9e6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bws0s {18b08ece-af38-40f1-ba9a-3408db81c9e6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwt0 {18b08ece-af38-40f1-ba9a-3408db81c9e6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwt0s {18b08ece-af38-40f1-ba9a-3408db81c9e6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwu0 {18b08ece-af38-40f1-ba9a-3408db81c9e6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwu0s {18b08ece-af38-40f1-ba9a-3408db81c9e6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwv0 {18b08ece-af38-40f1-ba9a-3408db81c9e6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwv0s {18b08ece-af38-40f1-ba9a-3408db81c9e6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bww0 {18b08ece-af38-40f1-ba9a-3408db81c9e6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bww0s {18b08ece-af38-40f1-ba9a-3408db81c9e6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwx0 {18b08ece-af38-40f1-ba9a-3408db81c9e6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwx0s {18b08ece-af38-40f1-ba9a-3408db81c9e6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwy0 {18b08ece-af38-40f1-ba9a-3408db81c9e6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwy0s {18b08ece-af38-40f1-ba9a-3408db81c9e6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwz0 {18b08ece-af38-40f1-ba9a-3408db81c9e6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwz0s {18b08ece-af38-40f1-ba9a-3408db81c9e6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\offline-8876480 {18B08ECE-AF38-40F1-BA9A-3408DB81C9E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O20 - AppInit_DLLs: (c:\windows\system32\zuvararo.dll) - C:\WINDOWS\System32\zuvararo.dll File not found
O20 - AppInit_DLLs: (pajoyuso.dll) - File not found
O20 - AppInit_DLLs: (c:\windows\system32\yetubiyi.dll) - C:\WINDOWS\System32\yetubiyi.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O21 - SSODL: dadukohow - {c91cfbbb-59d6-4722-8eeb-8e268d7f675a} - CLSID or File not found.
O21 - SSODL: kokogonow - {e1581752-aa97-476e-b889-9e543f769c6e} - C:\WINDOWS\System32\zuvararo.dll File not found
O22 - SharedTaskScheduler: {c91cfbbb-59d6-4722-8eeb-8e268d7f675a} - tokatiluy - Reg Error: Key error. File not found
O22 - SharedTaskScheduler: {e1581752-aa97-476e-b889-9e543f769c6e} - jugezatag - C:\WINDOWS\System32\zuvararo.dll File not found
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\ssqPijKB) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 09:59:58 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\SYSTEM32\IAS [2004/01/28 00:56:22 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\SYSTEM32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (53483694433763328)

========== Files/Folders - Created Within 30 Days ==========

[2009/12/18 17:31:29 | 00,564,736 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Cathy L\Desktop\OTL.exe
[2009/12/18 17:29:21 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/12/18 17:27:54 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/12/18 17:09:26 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Cathy L\Desktop\erunt-setup.exe
[2009/12/17 06:58:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/12/17 06:58:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Cathy L\Application Data\SUPERAntiSpyware.com
[2009/12/17 06:58:06 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/12/17 06:56:40 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009/12/16 23:22:36 | 00,000,000 | ---D | C] -- C:\Program Files\ESET
[2009/12/16 23:05:10 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/16 23:05:07 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/12/16 23:05:07 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/12/16 21:08:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Cathy L\My Documents\Open Office Files
[2009/12/16 20:48:13 | 00,000,000 | ---D | C] -- C:\Program Files\CodeStuff
[2009/12/16 20:47:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Cathy L\My Documents\BleepingComputer
[2009/12/12 20:21:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Cathy L\Local Settings\Application Data\SupportSoft
[2009/12/12 19:49:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2009/12/12 19:48:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PCDr
[2009/12/12 19:45:52 | 00,000,000 | ---D | C] -- C:\Program Files\Dell Support Center
[2009/12/12 13:11:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\IObit
[2009/12/12 13:11:00 | 00,000,000 | ---D | C] -- C:\Program Files\IObit
[2009/12/09 18:09:03 | 00,142,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aec.sys
[2009/12/09 17:18:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2008/08/23 23:58:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2008/08/23 23:58:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2007/08/08 20:14:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2007/07/10 23:01:37 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2007/05/19 16:51:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\McAfee.com Personal Firewall
[2007/03/13 11:24:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2006/11/29 21:10:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\AOL
[2005/03/20 15:23:35 | 20,798,256 | ---- | C] (Netopsystems AG ) -- C:\Program Files\AdbeRdr70_enu_full.exe
[2005/03/20 15:22:26 | 06,811,904 | ---- | C] (Adobe Systems, Inc. ) -- C:\Program Files\psa2011se_us.exe
[2004/04/09 07:54:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2004/01/28 00:58:02 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2004/01/28 00:58:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2001/07/23 18:32:46 | 00,442,368 | ---- | C] ( ) -- C:\WINDOWS\System32\comintfs.dll

========== Files - Modified Within 30 Days ==========

[2009/12/18 17:31:44 | 00,564,736 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cathy L\Desktop\OTL.exe
[2009/12/18 17:27:56 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Cathy L\Desktop\NTREGOPT.lnk
[2009/12/18 17:27:56 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Cathy L\Desktop\ERUNT.lnk
[2009/12/18 17:26:05 | 00,022,999 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2009/12/18 17:25:20 | 00,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2009/12/18 17:22:39 | 00,000,318 | ---- | M] () -- C:\WINDOWS\Brownie.ini
[2009/12/18 17:22:28 | 00,000,298 | ---- | M] () -- C:\WINDOWS\tasks\fbpcuxbf.job
[2009/12/18 17:22:28 | 00,000,296 | ---- | M] () -- C:\WINDOWS\tasks\ykkdnsmg.job
[2009/12/18 17:22:28 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/18 17:22:20 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2009/12/18 17:22:17 | 80,327,8848 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/18 17:09:26 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Cathy L\Desktop\erunt-setup.exe
[2009/12/18 17:08:53 | 00,794,112 | ---- | M] () -- C:\Documents and Settings\Cathy L\Desktop\The_Comedian.exe
[2009/12/18 17:00:00 | 00,000,320 | ---- | M] () -- C:\WINDOWS\tasks\tjgyeyiq.job
[2009/12/17 19:39:44 | 00,000,444 | ---- | M] () -- C:\Documents and Settings\Cathy L\Desktop\Shortcut to BleepingComputer.lnk
[2009/12/17 12:15:19 | 08,650,752 | -H-- | M] () -- C:\Documents and Settings\Cathy L\NTUSER.DAT
[2009/12/17 12:15:19 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Cathy L\NTUSER.INI
[2009/12/17 06:58:13 | 00,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/12/16 23:50:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/12/16 21:12:25 | 00,000,138 | -H-- | M] () -- C:\Documents and Settings\Cathy L\My Documents\.~lock.UltimatePinkSlipPartyInvitation.doc#
[2009/12/12 19:24:38 | 02,640,148 | -H-- | M] () -- C:\Documents and Settings\Cathy L\Local Settings\Application Data\IconCache.db
[2009/12/12 17:23:00 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/12/12 14:01:54 | 00,096,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atapi.sys
[2009/12/12 12:59:17 | 00,000,638 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2009/12/10 23:24:31 | 00,006,456 | -H-- | M] () -- C:\WINDOWS\System32\yesasija
[2009/12/03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/03 16:13:56 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/12/01 09:56:01 | 00,035,840 | ---- | M] () -- C:\Documents and Settings\Cathy L\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/28 19:12:18 | 02,551,552 | ---- | M] () -- C:\Documents and Settings\Cathy L\My Documents\looking_for_my_wallet.wmv

========== Files Created - No Company Name ==========

[2009/12/18 17:27:56 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Cathy L\Desktop\NTREGOPT.lnk
[2009/12/18 17:27:56 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Cathy L\Desktop\ERUNT.lnk
[2009/12/18 17:08:45 | 00,794,112 | ---- | C] () -- C:\Documents and Settings\Cathy L\Desktop\The_Comedian.exe
[2009/12/17 19:39:44 | 00,000,444 | ---- | C] () -- C:\Documents and Settings\Cathy L\Desktop\Shortcut to BleepingComputer.lnk
[2009/12/17 06:58:13 | 00,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/12/16 21:12:25 | 00,000,138 | -H-- | C] () -- C:\Documents and Settings\Cathy L\My Documents\.~lock.UltimatePinkSlipPartyInvitation.doc#
[2009/12/10 12:11:12 | 00,000,296 | ---- | C] () -- C:\WINDOWS\tasks\ykkdnsmg.job
[2009/12/09 17:25:39 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/11/28 19:12:07 | 02,551,552 | ---- | C] () -- C:\Documents and Settings\Cathy L\My Documents\looking_for_my_wallet.wmv
[2009/11/27 12:00:56 | 00,000,298 | ---- | C] () -- C:\WINDOWS\tasks\fbpcuxbf.job
[2009/07/09 09:29:22 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008/12/29 16:36:57 | 00,000,145 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI
[2008/12/29 16:36:57 | 00,000,000 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2008/12/29 16:36:19 | 00,000,114 | ---- | C] () -- C:\WINDOWS\System32\brlmw03a.ini
[2008/12/29 16:36:18 | 00,009,853 | ---- | C] () -- C:\WINDOWS\HL-2140.INI
[2008/12/29 16:35:49 | 00,000,410 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2008/12/29 16:34:42 | 00,000,318 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2007/11/14 21:38:26 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2005/04/08 07:23:02 | 00,000,101 | ---- | C] () -- C:\WINDOWS\upst.ini
[2005/04/08 07:23:02 | 00,000,032 | ---- | C] () -- C:\WINDOWS\atid.ini
[2005/03/30 04:34:15 | 03,267,395 | ---- | C] () -- C:\Program Files\18 - Don't Let The Rain Fall On Me .mp3
[2004/12/06 04:45:56 | 00,000,130 | ---- | C] () -- C:\Documents and Settings\Cathy L\Local Settings\Application Data\fusioncache.dat
[2004/11/12 20:27:19 | 00,061,678 | ---- | C] () -- C:\Documents and Settings\Cathy L\Application Data\PFP110JPR.{PB
[2004/11/12 20:27:19 | 00,012,358 | ---- | C] () -- C:\Documents and Settings\Cathy L\Application Data\PFP110JCM.{PB
[2004/09/22 16:52:58 | 00,052,824 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2004/08/11 21:43:26 | 00,030,208 | ---- | C] () -- C:\WINDOWS\System32\WNASPI32.DLL
[2004/08/11 21:43:25 | 00,000,296 | ---- | C] () -- C:\WINDOWS\msfsetup.ini
[2004/03/28 22:49:23 | 00,000,244 | ---- | C] () -- C:\WINDOWS\WSOPDELX.INI
[2004/03/13 21:00:25 | 00,035,840 | ---- | C] () -- C:\Documents and Settings\Cathy L\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/03/07 13:54:10 | 00,001,156 | ---- | C] () -- C:\WINDOWS\VPpro.ini
[2004/03/07 13:52:47 | 00,000,051 | ---- | C] () -- C:\WINDOWS\Masque.INI
[2004/02/02 23:41:05 | 00,000,174 | ---- | C] () -- C:\WINDOWS\System32\mcini.ini
[2004/02/02 19:51:50 | 00,000,784 | ---- | C] () -- C:\Documents and Settings\Cathy L\Application Data\mpauth.dat
[2004/01/28 01:52:52 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/01/28 01:43:09 | 00,000,258 | ---- | C] () -- C:\WINDOWS\System32\BDEMERGE.INI
[2004/01/28 01:37:56 | 00,000,249 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/01/28 01:34:01 | 00,000,882 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/01/28 01:15:31 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/01/28 01:15:02 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/01/28 00:59:38 | 00,000,550 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2003/11/03 15:38:02 | 00,007,731 | ---- | C] () -- C:\WINDOWS\System32\DAntivirus.ini
[2003/08/13 23:54:00 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/03/27 15:28:44 | 00,004,955 | ---- | C] () -- C:\WINDOWS\System32\DProg.ini
[1999/01/21 22:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2005/12/05 19:07:16 | 00,010,920 | ---- | M] () -- C:\aolconnfix.exe


< MD5 for: AGP440.SYS >
[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SYSTEM32\DRIVERS\agp440.sys
[2004/08/04 01:07:41 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
[2001/08/17 14:58:00 | 00,025,472 | ---- | M] (Microsoft Corporation) MD5=65880045C51AA36184841CEE915A61DF -- C:\I386\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2009/12/12 14:01:54 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SYSTEM32\DLLCACHE\atapi.sys
[2009/12/12 14:01:54 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SYSTEM32\DRIVERS\atapi.sys
[2004/08/04 00:59:42 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2003/04/23 10:29:54 | 00,087,296 | ---- | M] (Microsoft Corporation) MD5=E52B3B3F78C9AE85806CE49DCDD80C18 -- C:\I386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SYSTEM32\eventlog.dll
[2004/08/04 02:56:42 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2002/08/29 06:00:00 | 00,049,152 | ---- | M] (Microsoft Corporation) MD5=BF3C8CF53C77B48206B39910B6D6CBCC -- C:\I386\EVENTLOG.DLL

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SYSTEM32\netlogon.dll
[2002/08/29 06:00:00 | 00,399,360 | ---- | M] (Microsoft Corporation) MD5=3ADD563ED7A1C66E6F5E0F7A661AA96D -- C:\I386\NETLOGON.DLL
[2004/08/04 02:56:44 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 02:56:44 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2002/08/29 06:00:00 | 00,174,592 | ---- | M] (Microsoft Corporation) MD5=97418A5C642A5C748A28BD7CF6860B57 -- C:\I386\SCECLI.DLL
[2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SYSTEM32\scecli.dll

< %systemroot%\*. /mp /s >
< End of report >


Here's the GMER log:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2009-12-18 18:01:17
Windows 5.1.2600 Service Pack 3
Running: 211t3tm2.exe; Driver: C:\DOCUME~1\CATHYL~1\LOCALS~1\Temp\fxtdqpow.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xED73978A]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0xED739821]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xED739738]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xED73974C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xED739835]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xED739861]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xED7398CF]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xED7398B9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xED7397CA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xED7398FB]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xED73980D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xED739710]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xED739724]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xED73979E]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xED739937]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xED7398A3]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xED73988D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xED73984B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xED739923]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xED73990F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xED739776]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xED739762]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0xED739877]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xED7397F9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xED7398E5]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xED7397E0]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xED7397B4]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

Device -> \Driver\atapi \Device\Harddisk0\DR0 83B28618

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----

Attached Files



#4 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:03:33 PM

Posted 18 December 2009 - 09:23 PM

Please show hidden files and folders

First, find and delete this file..

C:\WINDOWS\SYSTEM32\DLLCACHE\atapi.sys



Next, find this file and copy it to your Desktop

C:\WINDOWS\ServicePackFiles\i386\atapi.sys



Next, do below..


Please download The Avenger by Swandog46 and unzip it to your Desktop


Please open The Avenger. Then, please copy/paste the script inside the codebox into the Input script here: box..

Begin copying here:
Files to move:
%userprofile%\Desktop\atapi.sys | C:\WINDOWS\SYSTEM32\DRIVERS\atapi.sys

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
  • Now, click on Execute. Just say Yes at every prompted
The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
Please copy/paste the content of c:\avenger.txt into your reply.



NEXT


OTL Fix step

Open OTL then do below..

Copy/paste the following into the Costum Scans/Fixes box and then click on Run Fix button.

:processes
explorer.exe

:OTL
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.
O20 - AppInit_DLLs: (c:\windows\system32\zuvararo.dll) - C:\WINDOWS\System32\zuvararo.dll File not found
O20 - AppInit_DLLs: (pajoyuso.dll) - File not found
O20 - AppInit_DLLs: (c:\windows\system32\yetubiyi.dll) - C:\WINDOWS\System32\yetubiyi.dll File not found
O21 - SSODL: dadukohow - {c91cfbbb-59d6-4722-8eeb-8e268d7f675a} - CLSID or File not found.
O21 - SSODL: kokogonow - {e1581752-aa97-476e-b889-9e543f769c6e} - C:\WINDOWS\System32\zuvararo.dll File not found
O22 - SharedTaskScheduler: {c91cfbbb-59d6-4722-8eeb-8e268d7f675a} - tokatiluy - Reg Error: Key error. File not found
O22 - SharedTaskScheduler: {e1581752-aa97-476e-b889-9e543f769c6e} - jugezatag - C:\WINDOWS\System32\zuvararo.dll File not found
O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\ssqPijKB) - File not found
[2009/12/18 17:22:28 | 00,000,298 | ---- | M] () -- C:\WINDOWS\tasks\fbpcuxbf.job
[2009/12/18 17:22:28 | 00,000,296 | ---- | M] () -- C:\WINDOWS\tasks\ykkdnsmg.job
[2009/12/10 23:24:31 | 00,006,456 | -H-- | M] () -- C:\WINDOWS\System32\yesasija
[2009/12/10 12:11:12 | 00,000,296 | ---- | C] () -- C:\WINDOWS\tasks\ykkdnsmg.job
[2009/11/27 12:00:56 | 00,000,298 | ---- | C] () -- C:\WINDOWS\tasks\fbpcuxbf.job

:commands
[purity]
[emptytemp]
[start explorer]
[reboot]

Let it run the fix. A log will then pop-up to your screen after the fix finish.. If it needs a reboot, just let it.. Post that log in your next reply...



NEXT


Run GMER once again and post the log here..

Post these logs in your next reply..

1. The Avenger
2. OTL
3. GMER..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#5 Brian E

Brian E
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:33 AM

Posted 19 December 2009 - 10:01 AM

I've not re-run OTL or GMER. When I ran Avenger, I received an error when the computer restarted. It said it could not find the file c:\cleanup.exe. It did create a log file, but it didn't created the backup file. Here's the Avenger.txt log.

Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: could not move file "C:\Documents and Settings\Cathy L\Desktop\atapi.sys"
File move operation "C:\Documents and Settings\Cathy L\Desktop\atapi.sys|C:\WINDOWS\SYSTEM32\DRIVERS\atapi.sys" failed!
Status: 0xc0000022 (STATUS_ACCESS_DENIED)


Completed script processing.

*******************

Finished! Terminate.

#6 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:03:33 PM

Posted 19 December 2009 - 10:48 AM

Okay, please complete the OTL FIX step first and after that, do the below..

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running our fixes.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download this program by sUBs and save it to your Desktop. Then after you disable all security programs, simply run it (double-click it)

If the program asked you to install Recovery Console, please do so.. It will be your best interest..

When finished, it shall produce a log for you. Post that log and a fresh HijackThis log in your next reply..

Note: DON'T do anything with your computer while the program is running.. Just let it finishes..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#7 Brian E

Brian E
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:33 AM

Posted 19 December 2009 - 11:17 AM

I got an error re-running the OTL. I've attached a picture with the error. OTL seems to have stopped with the message seen at the bottom of the window. It's been a few minutes. I've not closed the program.

#8 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:03:33 PM

Posted 19 December 2009 - 01:50 PM

I did not see any attachment from you.. Exit OTL and proceed with the next step :(

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#9 Brian E

Brian E
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:33 AM

Posted 19 December 2009 - 06:32 PM

Attached File  Attach_12.19.txt   15.05KB   61 downloads

When I ran the Kittyfix, it installed the recovery console. I got a successful message and hit okay. It went back to the command box for Kittyfix and then I got the "blue screen of death." The error meassage said Bad_Pool_Caller. I had to restart. I saw the recovery console option while the computer was booting. I didn't get a log for Kittyfix. Here's the HJT (dds) log I ran after rebooting.


DDS (Ver_09-12-01.01) - NTFSx86
Run by Cathy L at 18:20:33.62 on Sat 12/19/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.766.422 [GMT -5:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\1112964485\ee\AOLSoftware.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Brownie\BrstsWnd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Brownie\brpjp04a.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Cathy L\My Documents\BleepingComputer\dds.scr

============== Pseudo HJT Report ===============

uWindow Title = Microsoft Internet Explorer provided by Comcast
mWindow Title = Microsoft Internet Explorer provided by Comcast
uInternet Settings,ProxyOverride = localhost;*.local
uURLSearchHooks: IAOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol toolbar\aoltb.dll
mURLSearchHooks: IAOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol toolbar\aoltb.dll
mWinlogon: Shell=Explorer.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: AOL Toolbar Loader: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol toolbar\aoltb.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol toolbar\aoltb.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [REGSHAVE] c:\program files\regshave\REGSHAVE.EXE /AUTORUN
mRun: [HostManager] c:\program files\common files\aol\1112964485\ee\AOLSoftware.exe
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [BrStsWnd] c:\program files\brownie\BrstsWnd.exe Autorun
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
dPolicies-system: DisableTaskMgr = 1 (0x1)
IE: &AOL Toolbar Search - c:\documents and settings\all users\application data\aol\ietoolbar\resources\en-us\local\search.html
IE: {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/
IE: {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/
IE: {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: musicmatch.com\online
DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} - hxxp://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
DPF: {0E0D50BC-E086-4E3A-B07D-C5C5869C0FFF} - hxxp://www.gamehouse.com/realarcade-webgames/adventureball/abx.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} - hxxp://zone.msn.com/bingame/trix/default/TriJinx.1.0.0.67.cab
DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} - hxxp://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
DPF: {3DA5D23B-EFE1-4181-ADB7-7D457567AACA} - hxxp://zone.msn.com/bingame/pacz/default/pandaonline.cab
DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} - hxxp://zone.msn.com/bingame/rtlw/default/ReflexiveWebGameLoader.cab
DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - hxxp://aolcc.aol.com/computercheckup/qdiagcc.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,99/mcinsctl.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} - hxxp://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} - hxxp://mirror.worldwinner.com/games/v45/blockwerx/blockwerx.cab
DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} - hxxp://www.gamehouse.com/realarcade-webgames/gamehouse/gamehouseplayer.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} - hxxp://us-download.mcafee.com/products/protected/mvt/mvt.cab
DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} - hxxp://legacy.aolsvc.aol.com/onlinegames/ghtumblebugs/axhost.cab
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://81.1.41.137/activex/AxisCamControl.cab
DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} - hxxp://zone.msn.com/binGame/ZAxRcMgr.cab
DPF: {ABB660B6-6694-407B-950A-EDBA5A159722} - hxxp://www.gamehouse.com/realarcade-webgames/thedavincicode/DVCDownloadControl.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} - hxxp://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://www.gamehouse.com/realarcade-webgames/zylom/zylomplayer.cab
DPF: {CA797B15-445F-4AA9-9828-8A88502F560F} - hxxp://www.worldwinner.com/games/shared/uninstall.cab
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} - hxxp://sympatico.zone.msn.com/bingame/gold/UnSkin/gf.cab
DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} - hxxp://zone.msn.com/binframework/v10/StProxy.cab55579.cab
DPF: {DADE1C2F-5A48-445C-82B5-3A5F102E84DF} - hxxp://meijer.lifepics.com/common/UserUpload/LifePicsUploader.CAB
DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} - hxxp://zone.msn.com/bingame/hsol/default/SCEWebLauncher.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://zone.msn.com/bingame/popcaploader_v10.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - hxxp://fdl.msn.com/zone/datafiles/heartbeat.cab
DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} - hxxp://chat.msn.com/bin/msnchat45.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: kokogonow - {e1581752-aa97-476e-b889-9e543f769c6e} - c:\windows\system32\zuvararo.dll
SSODL: dadukohow - {c91cfbbb-59d6-4722-8eeb-8e268d7f675a} - No File
STS: jugezatag: {e1581752-aa97-476e-b889-9e543f769c6e} - c:\windows\system32\zuvararo.dll
STS: {c91cfbbb-59d6-4722-8eeb-8e268d7f675a} - No File
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Authentication Packages = msv1_0 c:\windows\system32\ssqPijKB
LSA: Notification Packages = scecli gadagore.dll

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-9-22 214664]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-11-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-11-23 74480]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2008-9-22 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2008-9-22 144704]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-9-22 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-9-22 35272]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-11-23 7408]
S1 bthpann;bthpann;c:\windows\system32\drivers\bthpann.sys --> c:\windows\system32\drivers\bthpann.sys [?]
S2 PEVSystemStart;PEVSystemStart;c:\kittyfix\PEV.cfxxe [2009-12-19 261632]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-9-22 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-9-22 40552]
S4 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2008-9-22 606736]

=============== Created Last 30 ================

2009-12-19 22:37:30 0 d-sha-r- C:\cmdcons
2009-12-19 21:58:34 98816 ----a-w- c:\windows\sed.exe
2009-12-19 21:58:34 77312 ----a-w- c:\windows\MBR.exe
2009-12-19 21:58:34 261632 ----a-w- c:\windows\PEV.exe
2009-12-19 21:58:34 161792 ----a-w- c:\windows\SWREG.exe
2009-12-19 21:57:42 0 d-s---w- C:\KittyFix
2009-12-19 14:41:43 574 ----a-w- C:\cleanup.bat
2009-12-19 14:41:43 135168 ----a-w- C:\zip.exe
2009-12-18 23:01:30 0 d-----w- C:\spoolerlogs
2009-12-17 11:58:20 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-12-17 11:58:06 0 d-----w- c:\program files\SUPERAntiSpyware
2009-12-17 11:58:06 0 d-----w- c:\docume~1\cathyl~1\applic~1\SUPERAntiSpyware.com
2009-12-17 11:56:40 0 d-----w- c:\program files\common files\Wise Installation Wizard
2009-12-17 04:22:36 0 d-----w- c:\program files\ESET
2009-12-17 04:05:10 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-17 04:05:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-17 04:05:07 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-17 01:48:13 0 d-----w- c:\program files\CodeStuff
2009-12-13 00:48:48 0 d-----w- c:\docume~1\alluse~1\applic~1\PCDr
2009-12-13 00:45:52 0 d-----w- c:\program files\Dell Support Center
2009-12-12 18:11:04 0 d-----w- c:\docume~1\alluse~1\applic~1\IObit
2009-12-12 18:11:00 0 d-----w- c:\program files\IObit
2009-12-09 23:09:03 142592 ----a-w- c:\windows\system32\dllcache\aec.sys

==================== Find3M ====================

2009-12-12 19:01:54 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-12-12 19:01:54 96512 ----a-w- c:\windows\system32\drivers\atapi.svs
2009-12-12 19:01:54 96512 ----a-w- c:\windows\system32\dllcache\atapi.sys
2009-10-11 09:17:27 411368 ----a-w- c:\windows\system32\deploytk.dll
2005-03-30 09:34:25 3267395 ----a-w- c:\program files\18 - Don't Let The Rain Fall On Me .mp3
2005-03-20 20:27:03 20798256 ----a-w- c:\program files\AdbeRdr70_enu_full.exe
2005-03-20 20:23:35 6811904 ----a-w- c:\program files\psa2011se_us.exe

============= FINISH: 18:21:10.34 ===============

#10 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:03:33 PM

Posted 19 December 2009 - 10:35 PM

Please download TDSSKiller.zip and unzip it to your Desktop

Go to Start >> Run >> copy/paste below >> Enter

"%userprofile%\Desktop\tdsskiller\TDSSKiller.exe" -l report.txt -v

A black command screen will pop-up.. Just wait till the scan finishes and press any button when asked..

Then go find the report.txt inside the tdsskiller folder on your Desktop.. Post the contents of report.txt here on your next reply..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#11 Brian E

Brian E
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:33 AM

Posted 20 December 2009 - 10:56 AM

Here it is.

10:54:50:984 484 ForceUnloadDriver: NtUnloadDriver error 2
10:54:50:984 484 ForceUnloadDriver: NtUnloadDriver error 2
10:54:50:984 484 ForceUnloadDriver: NtUnloadDriver error 2
10:54:51:46 484 main: Driver KLMD successfully dropped
10:54:51:156 484 main: Driver KLMD successfully loaded
10:54:51:156 484
Scanning Registry ...
10:54:51:218 484 ScanServices: Searching service UACd.sys
10:54:51:218 484 ScanServices: Open/Create key error 2
10:54:51:218 484 ScanServices: Searching service TDSSserv.sys
10:54:51:218 484 ScanServices: Open/Create key error 2
10:54:51:218 484 ScanServices: Searching service gaopdxserv.sys
10:54:51:218 484 ScanServices: Open/Create key error 2
10:54:51:218 484 ScanServices: Searching service gxvxcserv.sys
10:54:51:218 484 ScanServices: Open/Create key error 2
10:54:51:218 484 ScanServices: Searching service MSIVXserv.sys
10:54:51:218 484 ScanServices: Open/Create key error 2
10:54:51:218 484 UnhookRegistry: Kernel module file name: C:\windows\system32\ntoskrnl.exe, base addr: 804D7000
10:54:51:281 484 UnhookRegistry: Kernel local addr: A40000
10:54:51:281 484 UnhookRegistry: KeServiceDescriptorTable addr: AC3220
10:54:51:406 484 UnhookRegistry: KiServiceTable addr: A4B6A8
10:54:51:421 484 UnhookRegistry: NtEnumerateKey service number (local): 47
10:54:51:421 484 UnhookRegistry: NtEnumerateKey local addr: AD9D64
10:54:51:437 484 KLMD_OpenDevice: Trying to open KLMD device
10:54:51:437 484 KLMD_GetSystemRoutineAddressA: Trying to get system routine address ZwEnumerateKey
10:54:51:437 484 KLMD_GetSystemRoutineAddressW: Trying to get system routine address ZwEnumerateKey
10:54:51:437 484 KLMD_ReadMem: Trying to ReadMemory 0x804DCC49[0x4]
10:54:51:437 484 UnhookRegistry: NtEnumerateKey service number (kernel): 47
10:54:51:437 484 KLMD_ReadMem: Trying to ReadMemory 0x804E27C4[0x4]
10:54:51:437 484 UnhookRegistry: NtEnumerateKey real addr: 80570D64
10:54:51:437 484 UnhookRegistry: NtEnumerateKey calc addr: 80570D64
10:54:51:437 484 UnhookRegistry: No SDT hooks found on NtEnumerateKey
10:54:51:437 484 KLMD_ReadMem: Trying to ReadMemory 0x80570D64[0xA]
10:54:51:437 484 UnhookRegistry: No splicing found on NtEnumerateKey
10:54:51:437 484
Scanning Kernel memory ...
10:54:51:437 484 KLMD_OpenDevice: Trying to open KLMD device
10:54:51:437 484 KLMD_GetSystemObjectAddressByNameA: Trying to get system object address by name \Driver\Disk
10:54:51:437 484 KLMD_GetSystemObjectAddressByNameW: Trying to get system object address by name \Driver\Disk
10:54:51:437 484 DetectCureTDL3: \Driver\Disk PDRIVER_OBJECT: 83B69A08
10:54:51:437 484 DetectCureTDL3: KLMD_GetDeviceObjectList returned 3 DevObjects
10:54:51:437 484 DetectCureTDL3: 0 Curr stack PDEVICE_OBJECT: 83B49C68
10:54:51:437 484 KLMD_GetLowerDeviceObject: Trying to get lower device object for 83B49C68
10:54:51:437 484 KLMD_ReadMem: Trying to ReadMemory 0x83B49C68[0x38]
10:54:51:437 484 DetectCureTDL3: DRIVER_OBJECT addr: 83B69A08
10:54:51:437 484 KLMD_ReadMem: Trying to ReadMemory 0x83B69A08[0xA8]
10:54:51:437 484 KLMD_ReadMem: Trying to ReadMemory 0xE101EE58[0x208]
10:54:51:437 484 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
10:54:51:437 484 DetectCureTDL3: IrpHandler (0) addr: F762ABB0
10:54:51:437 484 DetectCureTDL3: IrpHandler (1) addr: 804FA87E
10:54:51:437 484 DetectCureTDL3: IrpHandler (2) addr: F762ABB0
10:54:51:437 484 DetectCureTDL3: IrpHandler (3) addr: F7624D1F
10:54:51:437 484 DetectCureTDL3: IrpHandler (4) addr: F7624D1F
10:54:51:437 484 DetectCureTDL3: IrpHandler (5) addr: 804FA87E
10:54:51:437 484 DetectCureTDL3: IrpHandler (6) addr: 804FA87E
10:54:51:437 484 DetectCureTDL3: IrpHandler (7) addr: 804FA87E
10:54:51:437 484 DetectCureTDL3: IrpHandler (8) addr: 804FA87E
10:54:51:437 484 DetectCureTDL3: IrpHandler (9) addr: F76252E2
10:54:51:437 484 DetectCureTDL3: IrpHandler (10) addr: 804FA87E
10:54:51:437 484 DetectCureTDL3: IrpHandler (11) addr: 804FA87E
10:54:51:437 484 DetectCureTDL3: IrpHandler (12) addr: 804FA87E
10:54:51:437 484 DetectCureTDL3: IrpHandler (13) addr: 804FA87E
10:54:51:437 484 DetectCureTDL3: IrpHandler (14) addr: F76253BB
10:54:51:437 484 DetectCureTDL3: IrpHandler (15) addr: F7628F28
10:54:51:437 484 DetectCureTDL3: IrpHandler (16) addr: F76252E2
10:54:51:437 484 DetectCureTDL3: IrpHandler (17) addr: 804FA87E
10:54:51:437 484 DetectCureTDL3: IrpHandler (18) addr: 804FA87E
10:54:51:437 484 DetectCureTDL3: IrpHandler (19) addr: 804FA87E
10:54:51:437 484 DetectCureTDL3: IrpHandler (20) addr: 804FA87E
10:54:51:437 484 DetectCureTDL3: IrpHandler (21) addr: 804FA87E
10:54:51:437 484 DetectCureTDL3: IrpHandler (22) addr: F7626C82
10:54:51:437 484 DetectCureTDL3: IrpHandler (23) addr: F762B99E
10:54:51:453 484 DetectCureTDL3: IrpHandler (24) addr: 804FA87E
10:54:51:453 484 DetectCureTDL3: IrpHandler (25) addr: 804FA87E
10:54:51:453 484 DetectCureTDL3: IrpHandler (26) addr: 804FA87E
10:54:51:453 484 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400]
10:54:51:453 484 KLMD_ReadMem: DeviceIoControl error 1
10:54:51:453 484 TDL3_StartIoHookDetect: Unable to get StartIo handler code
10:54:51:453 484 TDL3_FileDetect: Processing driver: Disk
10:54:51:453 484 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\disk.sys, C:\WINDOWS\system32\Drivers\tsk_disk.sys, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\tsk_disk.sys
10:54:51:453 484 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\disk.sys
10:54:51:453 484 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\disk.sys
10:54:51:468 484 DetectCureTDL3: 1 Curr stack PDEVICE_OBJECT: 83B4AC68
10:54:51:468 484 KLMD_GetLowerDeviceObject: Trying to get lower device object for 83B4AC68
10:54:51:468 484 KLMD_ReadMem: Trying to ReadMemory 0x83B4AC68[0x38]
10:54:51:468 484 DetectCureTDL3: DRIVER_OBJECT addr: 83B69A08
10:54:51:468 484 KLMD_ReadMem: Trying to ReadMemory 0x83B69A08[0xA8]
10:54:51:468 484 KLMD_ReadMem: Trying to ReadMemory 0xE101EE58[0x208]
10:54:51:468 484 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
10:54:51:468 484 DetectCureTDL3: IrpHandler (0) addr: F762ABB0
10:54:51:468 484 DetectCureTDL3: IrpHandler (1) addr: 804FA87E
10:54:51:468 484 DetectCureTDL3: IrpHandler (2) addr: F762ABB0
10:54:51:468 484 DetectCureTDL3: IrpHandler (3) addr: F7624D1F
10:54:51:468 484 DetectCureTDL3: IrpHandler (4) addr: F7624D1F
10:54:51:468 484 DetectCureTDL3: IrpHandler (5) addr: 804FA87E
10:54:51:468 484 DetectCureTDL3: IrpHandler (6) addr: 804FA87E
10:54:51:468 484 DetectCureTDL3: IrpHandler (7) addr: 804FA87E
10:54:51:468 484 DetectCureTDL3: IrpHandler (8) addr: 804FA87E
10:54:51:468 484 DetectCureTDL3: IrpHandler (9) addr: F76252E2
10:54:51:468 484 DetectCureTDL3: IrpHandler (10) addr: 804FA87E
10:54:51:468 484 DetectCureTDL3: IrpHandler (11) addr: 804FA87E
10:54:51:468 484 DetectCureTDL3: IrpHandler (12) addr: 804FA87E
10:54:51:468 484 DetectCureTDL3: IrpHandler (13) addr: 804FA87E
10:54:51:468 484 DetectCureTDL3: IrpHandler (14) addr: F76253BB
10:54:51:468 484 DetectCureTDL3: IrpHandler (15) addr: F7628F28
10:54:51:468 484 DetectCureTDL3: IrpHandler (16) addr: F76252E2
10:54:51:468 484 DetectCureTDL3: IrpHandler (17) addr: 804FA87E
10:54:51:468 484 DetectCureTDL3: IrpHandler (18) addr: 804FA87E
10:54:51:468 484 DetectCureTDL3: IrpHandler (19) addr: 804FA87E
10:54:51:468 484 DetectCureTDL3: IrpHandler (20) addr: 804FA87E
10:54:51:468 484 DetectCureTDL3: IrpHandler (21) addr: 804FA87E
10:54:51:468 484 DetectCureTDL3: IrpHandler (22) addr: F7626C82
10:54:51:468 484 DetectCureTDL3: IrpHandler (23) addr: F762B99E
10:54:51:468 484 DetectCureTDL3: IrpHandler (24) addr: 804FA87E
10:54:51:468 484 DetectCureTDL3: IrpHandler (25) addr: 804FA87E
10:54:51:468 484 DetectCureTDL3: IrpHandler (26) addr: 804FA87E
10:54:51:468 484 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400]
10:54:51:468 484 KLMD_ReadMem: DeviceIoControl error 1
10:54:51:468 484 TDL3_StartIoHookDetect: Unable to get StartIo handler code
10:54:51:468 484 TDL3_FileDetect: Processing driver: Disk
10:54:51:468 484 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\disk.sys, C:\WINDOWS\system32\Drivers\tsk_disk.sys, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\tsk_disk.sys
10:54:51:468 484 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\disk.sys
10:54:51:468 484 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\disk.sys
10:54:51:468 484 DetectCureTDL3: 2 Curr stack PDEVICE_OBJECT: 83B8BAB8
10:54:51:468 484 KLMD_GetLowerDeviceObject: Trying to get lower device object for 83B8BAB8
10:54:51:468 484 DetectCureTDL3: 2 Curr stack PDEVICE_OBJECT: 83B94B00
10:54:51:468 484 KLMD_GetLowerDeviceObject: Trying to get lower device object for 83B94B00
10:54:51:468 484 KLMD_ReadMem: Trying to ReadMemory 0x83B94B00[0x38]
10:54:51:468 484 DetectCureTDL3: DRIVER_OBJECT addr: 83B61D20
10:54:51:468 484 KLMD_ReadMem: Trying to ReadMemory 0x83B61D20[0xA8]
10:54:51:468 484 KLMD_ReadMem: Trying to ReadMemory 0xE101C8D0[0x208]
10:54:51:468 484 DetectCureTDL3: DRIVER_OBJECT name: \Driver\atapi, Driver Name: atapi
10:54:51:468 484 DetectCureTDL3: IrpHandler (0) addr: F75576F2
10:54:51:468 484 DetectCureTDL3: IrpHandler (1) addr: 804FA87E
10:54:51:468 484 DetectCureTDL3: IrpHandler (2) addr: F75576F2
10:54:51:468 484 DetectCureTDL3: IrpHandler (3) addr: 804FA87E
10:54:51:468 484 DetectCureTDL3: IrpHandler (4) addr: 804FA87E
10:54:51:468 484 DetectCureTDL3: IrpHandler (5) addr: 804FA87E
10:54:51:468 484 DetectCureTDL3: IrpHandler (6) addr: 804FA87E
10:54:51:468 484 DetectCureTDL3: IrpHandler (7) addr: 804FA87E
10:54:51:468 484 DetectCureTDL3: IrpHandler (8) addr: 804FA87E
10:54:51:468 484 DetectCureTDL3: IrpHandler (9) addr: 804FA87E
10:54:51:468 484 DetectCureTDL3: IrpHandler (10) addr: 804FA87E
10:54:51:468 484 DetectCureTDL3: IrpHandler (11) addr: 804FA87E
10:54:51:468 484 DetectCureTDL3: IrpHandler (12) addr: 804FA87E
10:54:51:468 484 DetectCureTDL3: IrpHandler (13) addr: 804FA87E
10:54:51:468 484 DetectCureTDL3: IrpHandler (14) addr: F7557712
10:54:51:468 484 DetectCureTDL3: IrpHandler (15) addr: F7553852
10:54:51:468 484 DetectCureTDL3: IrpHandler (16) addr: 804FA87E
10:54:51:468 484 DetectCureTDL3: IrpHandler (17) addr: 804FA87E
10:54:51:468 484 DetectCureTDL3: IrpHandler (18) addr: 804FA87E
10:54:51:484 484 DetectCureTDL3: IrpHandler (19) addr: 804FA87E
10:54:51:484 484 DetectCureTDL3: IrpHandler (20) addr: 804FA87E
10:54:51:484 484 DetectCureTDL3: IrpHandler (21) addr: 804FA87E
10:54:51:484 484 DetectCureTDL3: IrpHandler (22) addr: F755773C
10:54:51:484 484 DetectCureTDL3: IrpHandler (23) addr: F755E336
10:54:51:484 484 DetectCureTDL3: IrpHandler (24) addr: 804FA87E
10:54:51:484 484 DetectCureTDL3: IrpHandler (25) addr: 804FA87E
10:54:51:484 484 DetectCureTDL3: IrpHandler (26) addr: 804FA87E
10:54:51:484 484 KLMD_ReadMem: Trying to ReadMemory 0xF7554864[0x400]
10:54:51:484 484 TDL3_StartIoHookDetect: CheckParameters: 0, 0, 316, 0
10:54:51:484 484 TDL3_FileDetect: Processing driver: atapi
10:54:51:484 484 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\atapi.sys, C:\WINDOWS\system32\Drivers\tsk_atapi.sys, SYSTEM\CurrentControlSet\Services\atapi, system32\Drivers\tsk_atapi.sys
10:54:51:484 484 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\atapi.sys
10:54:51:484 484 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\atapi.sys
10:54:51:500 484
Completed

Results:
10:54:51:500 484 Infected objects in memory: 0
10:54:51:500 484 Cured objects in memory: 0
10:54:51:500 484 Infected objects on disk: 0
10:54:51:500 484 Objects on disk cured on reboot: 0
10:54:51:500 484 Objects on disk deleted on reboot: 0
10:54:51:500 484 Registry nodes deleted on reboot: 0
10:54:51:500 484

#12 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:03:33 PM

Posted 20 December 2009 - 11:17 AM

Delete your version of KittyFix and then please refer to below website.. Read and understand on how to run ComboFix.. Make sure you disable your antivirus/firewall first before running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Then post the log here :(

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#13 Brian E

Brian E
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:33 AM

Posted 20 December 2009 - 01:12 PM

Here's the ComboFix log:

ComboFix 09-12-19.03 - Cathy L 12/20/2009 12:15:01.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.766.459 [GMT -5:00]
Running from: c:\documents and settings\Cathy L\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\temp\1cb
c:\temp\1cb\syscheck.log
c:\windows\dat.txt
c:\windows\Downloaded Program Files\poPCaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\music\mainmenumusic.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\areabomb.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\beetlezap.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\bonusrow.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\bonustimer.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\bucketfilled.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\clearpyramid.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\cleartriangle1a.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\cleartriangle1b.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\cleartriangle1c.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\cleartriangle2a.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\cleartriangle2b.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\cleartriangle2c.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\colorchain.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\dialogbox.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\drumbeat.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\fillrow.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\gateopen.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\helptip.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\powerup.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\rotateboardleft.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\timerup.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\warning.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\warning2.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\artifacts-bb.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\bar.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\chamber0.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\chamber1.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\circledoor.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\full_screen_dialog.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\global-hs-bb_large.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\global-hs-bb_small.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\help-bb_large.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\help-bb_small.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\hexfield.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\hidden-artifact_icon.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\large_dialog.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\local-hs-bb.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\mainmenu.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\small_dialog.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\textfield.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\trifield.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetlehover1.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetlehover2.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetlehover3.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetlehover4.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetleshock1.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetleshock2.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetleshock3.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetleshock4.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetletatoo.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\dirt.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\scarabpost.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\scarabpostovr.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\tritop.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowdown_down.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowdown_over.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowdown_up.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowleft_down.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowleft_over.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowleft_up.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowright_down.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowright_over.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowright_up.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowup_down.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowup_over.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowup_up.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\bluearrowleft_down.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\bluearrowleft_over.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\bluearrowleft_up.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\bluearrowright_down.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\bluearrowright_over.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\bluearrowright_up.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\checkdown.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\checkup.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\long_button_down.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\long_button_over.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\long_button_up.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\orange-button_down.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\orange-button_over.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\orange-button_up.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\rotleft_down.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\rotleft_over.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\rotleft_up.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\rotright_down.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\rotright_over.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\rotright_up.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\simplebutton_down.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\simplebutton_over.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\simplebutton_up.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\sliderknob.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\sliderknobover.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\sliderrail.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\characters\anwar\look\pl0001.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\characters\bast\look\bl0001.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\characters\kristine\look\kl0001.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\crackedstopper.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\cursor.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\doorlights.txt
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\fonts\jackarmstrong.mvec
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\fonts\lithos.mvec
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\greybomb.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\helptips\arrowkeys.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\helptips\helptip.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\levels\levels.dat
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\models\disk.mesh
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\models\equilateraltriangle.mesh
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\models\flattri.mesh
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\models\pyramid.mesh
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\models\quad.mesh
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\models\rotatingpyramid.mesh
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\models\scarabpanel.mesh
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\p1icon.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\scenes\page1-0.xml
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\scenes\page1-1.xml
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\scenes\panel1-0-1.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\scenes\panel1-1-1.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\scorecloud.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\setup.xml
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\areashockwave.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\bolt_1.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\bolt_2.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\bolt_3.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\bolt_4.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\bolt_starter.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\bolt_tail.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\flash.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\rubble.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\smoke.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\smoke2.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\smoke3.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\splash\aol_logo.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\splash\playfirst_logo.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\statues\statue0\snake_dirty.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\statues\statue1\arm01_dirty.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\statues\statue1\mask01_1.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\statues\statue1\statue01_dirty.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\stopper.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\timer.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\timerglow.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\timericon.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\tm.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mouseblue1.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mouseblue2.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mouseblue3.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mousegreen1.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mousegreen2.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mousegreen3.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mousered1.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mousered2.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mousered3.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mouseyellow1.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mouseyellow2.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mouseyellow3.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\areabomb.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\areabombrollover.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\blue.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\bluerollover.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\boardfill.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\brick.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\brick1.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\brick2.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\brick3.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\bricktip.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\clearanim\cleared1.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\clearanim\cleared2.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\clearanim\cleared3.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\clearanim\cleared4.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\clearanim\cleared5.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\clearanim\cleared6.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\eye1.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\eye2.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\eye3.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\eye4.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\green.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\greenrollover.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\plain_tri-blue.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\plain_tri-bluerollover.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\plain_tri-green.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\plain_tri-greenrollover.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\plain_tri-red.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\plain_tri-redrollover.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\plain_tri-yellow.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\plain_tri-yellowrollover.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\red.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\redrollover.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\wild.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\wildrollover.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\yellow.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\yellowrollover.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\upsell\image0.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\upsell\image1.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\upsell\image2.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\upsell\image3.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\bluebucket.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\buckettriangle.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\chainlink.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\chaintip.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\genericbucket.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\greenbucket.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\redbucket.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\smallblue.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\smallgreen.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\smallred.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\smallyellow.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\urnglow.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\urnplatform.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\yellowbucket.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\warning.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\error.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\game.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\gameover.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\hiscore.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\hiscoreinfo.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\hiscoresubmit.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\instructions.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\leveldesign.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\levelover.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\mainarcade.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\mainconfirm.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\maincontinue.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\maingames.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\mainpuzzle.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\maphelptip.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\options.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\pause.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\quitconfirm.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\start.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\storyplayer.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\style.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\upsell.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\strings.xml
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\TriJinx.exe
c:\windows\run.log
c:\windows\search_res.txt
c:\windows\system32\dumphive.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\uniq.tll
c:\windows\system32\VCCLSID.exe
c:\windows\system32\x13
c:\windows\system32\Z55
c:\windows\Tasks\fbpcuxbf.job
c:\windows\Tasks\tjgyeyiq.job
c:\windows\Tasks\ykkdnsmg.job

----- BITS: Possible infected sites -----

hxxp://77.74.48.111
Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected
Restored copy from - Kitty ate it :(
.
((((((((((((((((((((((((( Files Created from 2009-11-20 to 2009-12-20 )))))))))))))))))))))))))))))))
.

2009-12-19 14:41 . 2009-12-19 14:41 574 ----a-w- C:\cleanup.bat
2009-12-19 14:41 . 2009-12-19 14:41 135168 ----a-w- C:\zip.exe
2009-12-18 23:01 . 2009-12-18 23:01 -------- d-----w- C:\spoolerlogs
2009-12-18 22:27 . 2009-12-18 22:28 -------- d-----w- c:\program files\ERUNT
2009-12-17 13:45 . 2009-12-17 13:46 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Adobe
2009-12-17 11:58 . 2009-12-17 11:58 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-12-17 11:58 . 2009-12-17 11:58 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-12-17 11:58 . 2009-12-17 11:58 -------- d-----w- c:\documents and settings\Cathy L\Application Data\SUPERAntiSpyware.com
2009-12-17 11:56 . 2009-12-17 11:56 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-17 04:22 . 2009-12-17 04:22 -------- d-----w- c:\program files\ESET
2009-12-17 04:05 . 2009-12-03 21:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-17 04:05 . 2009-12-17 04:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-17 04:05 . 2009-12-03 21:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-17 01:48 . 2009-12-17 01:48 -------- d-----w- c:\program files\CodeStuff
2009-12-13 01:21 . 2009-12-13 01:21 -------- d-----w- c:\documents and settings\Cathy L\Local Settings\Application Data\SupportSoft
2009-12-13 00:49 . 2009-12-13 00:49 -------- d-----w- c:\documents and settings\All Users\Application Data\SupportSoft
2009-12-13 00:48 . 2009-12-13 00:48 -------- d-----w- c:\documents and settings\All Users\Application Data\PCDr
2009-12-13 00:45 . 2009-12-17 11:57 -------- d-----w- c:\program files\Dell Support Center
2009-12-12 18:11 . 2009-12-12 18:11 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2009-12-12 18:11 . 2009-12-12 18:11 -------- d-----w- c:\program files\IObit
2009-12-09 23:09 . 2008-04-13 17:39 142592 ----a-w- c:\windows\system32\dllcache\aec.sys
2009-12-09 22:18 . 2009-12-12 17:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-17 02:49 . 2004-09-24 14:38 -------- d-----w- c:\program files\Google
2009-12-13 00:45 . 2004-01-28 06:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Dell
2009-12-12 19:01 . 2002-08-29 07:27 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-12-12 19:01 . 2002-08-29 07:27 96512 ----a-w- c:\windows\system32\drivers\atapi.svs
2009-12-12 17:42 . 2004-11-27 17:54 -------- d-----w- c:\documents and settings\Cathy L\Application Data\Lavasoft
2009-11-20 13:39 . 2007-10-09 00:21 -------- d-----w- c:\program files\McAfee
2009-11-07 15:56 . 2004-01-28 06:25 -------- d-----w- c:\program files\Java
2009-10-11 09:17 . 2009-05-13 17:51 411368 ----a-w- c:\windows\system32\deploytk.dll
2005-03-30 09:34 . 2005-03-30 09:34 3267395 ----a-w- c:\program files\18 - Don't Let The Rain Fall On Me .mp3
2005-03-20 20:27 . 2005-03-20 20:23 20798256 ----a-w- c:\program files\AdbeRdr70_enu_full.exe
2005-03-20 20:23 . 2005-03-20 20:22 6811904 ----a-w- c:\program files\psa2011se_us.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-11-23 2001648]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-10-19 155648]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-05 53248]
"HostManager"="c:\program files\Common Files\AOL\1112964485\ee\AOLSoftware.exe" [2008-06-24 41824]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-04 111936]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"BrStsWnd"="c:\program files\Brownie\BrstsWnd.exe" [2008-01-08 864256]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Exif Launcher.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Exif Launcher.lnk
backup=c:\windows\pss\Exif Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Monitor.lnk
backup=c:\windows\pss\Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
c:\windows\system32\dumprep 0 -u [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
2005-07-12 05:17 50776 ----a-w- c:\program files\America Online 9.0b\aol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
2006-10-23 12:50 71216 -c--a-r- c:\program files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG]
2003-08-29 09:59 122880 ----a-w- c:\windows\BCMSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
2003-08-06 07:04 114741 -c--a-w- c:\windows\SYSTEM32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FLMOFFICE4DMOUSE]
2005-09-05 18:23 360448 -c--a-w- c:\program files\Browser MOUSE\mouse32a.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2008-06-24 18:34 41824 ----a-w- c:\program files\Common Files\AOL\1112964485\EE\aolsoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2005-10-19 12:59 126976 ----a-w- c:\windows\SYSTEM32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
2006-07-09 13:26 36864 -c--a-w- c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]
2003-11-07 09:50 19968 ------w- c:\windows\LOGI_MWX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
2009-10-29 11:54 1218008 ----a-w- c:\progra~1\McAfee.com\Agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
2009-09-17 18:29 562928 ----a-w- c:\progra~1\McAfee.com\Agent\mcupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
2006-01-19 15:06 11776 -c--a-w- c:\progra~1\MUSICM~1\MUSICM~2\mimboot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
2006-01-19 15:06 110592 ----a-w- c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2003-08-27 01:47 204800 -c----w- c:\program files\Dell\Media Experience\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-11-04 15:30 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2005-11-02 00:37 180269 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
2003-08-19 06:01 110592 -c--a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0a\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1112964485\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\Program Files\\America Online 9.0b\\waol.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\AOL\\1112964485\\EE\\aolsoftware.exe"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\WINDOWS\\SYSTEM32\\WgaTray.exe"=
"c:\\Program Files\\McAfee.com\\Agent\\mcupdate.exe"=
"c:\\Program Files\\McAfee\\MSM\\McSmtFwk.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [11/23/2009 8:43 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [11/23/2009 8:43 AM 74480]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [11/23/2009 8:43 AM 7408]
S1 bthpann;bthpann;c:\windows\system32\drivers\bthpann.sys --> c:\windows\system32\drivers\bthpann.sys [?]
.
------- Supplementary Scan -------
.
mWindow Title = Microsoft Internet Explorer provided by Comcast
uInternet Settings,ProxyOverride = localhost;*.local
IE: &AOL Toolbar Search - c:\documents and settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
Trusted Zone: musicmatch.com\online
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {0E0D50BC-E086-4E3A-B07D-C5C5869C0FFF} - hxxp://www.gamehouse.com/realarcade-webgames/adventureball/abx.cab
DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} - hxxp://www.gamehouse.com/realarcade-webgames/gamehouse/gamehouseplayer.cab
DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} - hxxp://legacy.aolsvc.aol.com/onlinegames/ghtumblebugs/axhost.cab
DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} - hxxp://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://www.gamehouse.com/realarcade-webgames/zylom/zylomplayer.cab
.
- - - - ORPHANS REMOVED - - - -

SharedTaskScheduler-{e1581752-aa97-476e-b889-9e543f769c6e} - c:\windows\system32\zuvararo.dll
SharedTaskScheduler-{c91cfbbb-59d6-4722-8eeb-8e268d7f675a} - (no file)
SSODL-kokogonow-{e1581752-aa97-476e-b889-9e543f769c6e} - c:\windows\system32\zuvararo.dll
SSODL-dadukohow-{c91cfbbb-59d6-4722-8eeb-8e268d7f675a} - (no file)
SafeBoot-Lavasoft Ad-Aware Service
MSConfigStartUp-AOLSPScheduler - c:\program files\Common Files\AOL\1112964485\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe
MSConfigStartUp-MPFExe - c:\progra~1\McAfee.com\PERSON~1\MpfTray.exe
MSConfigStartUp-sscRun - c:\program files\Common Files\AOL\1112964485\ee\services\sscFirewallPlugin\ver1_205_1_1\SSCRun.exe
MSConfigStartUp-VirusScan Online - c:\progra~1\mcafee.com\vso\mcvsshld.exe
MSConfigStartUp-VSOCheckTask - c:\progra~1\mcafee.com\vso\mcmnhdlr.exe
MSConfigStartUp-Weather - c:\progra~1\AWS\WEATHE~1\Weather.exe
AddRemove-AOLAntivirus - c:\program files\mcafee.com\antivirus\uninst.exe
AddRemove-Dangerous Mines Lite - c:\docume~1\CATHYL~1\LOCALS~1\Temp\sce__0\ -Uninstall
AddRemove-Vegas21Club Casino - c:\windows\Vegas21Club Casino setup.exe
AddRemove-Vegas21Club.NET Casino - c:\windows\Vegas21Club.NET



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-20 12:34
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\system32\wuauclt.exe.wusetup.319968.bak 51224 bytes executable
c:\windows\system32\wuaueng.dll.wusetup.332187.bak 1809944 bytes executable

scan completed successfully
hidden files: 2

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\cbvsiuwmeqimqnt]
"imagepath"="\??\c:\windows\TEMP\11D0.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(636)
c:\program files\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'explorer.exe'(3512)
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Common Files\aolshare\aolshcpy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
c:\windows\wanmpsvc.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
c:\program files\McAfee\MPF\MPFSrv.exe
.
**************************************************************************
.
Completion time: 2009-12-20 12:59:41 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-20 17:59

Pre-Run: 13,709,422,592 bytes free
Post-Run: 13,149,548,544 bytes free

- - End Of File - - B0B5408FB9BB61E326B20205804EC60B

#14 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:03:33 PM

Posted 21 December 2009 - 06:10 AM

1. Please open Notepad
  • If you don't know how, just go to Start >> Run >> copy/paste notepad.exe >> Enter
2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::

Driver::
bthpann
cbvsiuwmeqimqnt

Rootkit::
c:\windows\system32\wuauclt.exe.wusetup.319968.bak
c:\windows\system32\wuaueng.dll.wusetup.332187.bak
c:\windows\TEMP\11D0.tmp

File::
C:\cleanup.bat
C:\zip.exe
%windir%\system32\drivers\svchost.exe
c:\windows\system32\drivers\bthpann.sys

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\drivers\\svchost.exe"=-
[-HKEY_LOCAL_MACHINE\System\ControlSet003\Services\cbvsiuwmeqimqnt]

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe/KittyFix.exe as depicted in the animation below. This will start ComboFix/KittyFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#15 Brian E

Brian E
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:33 AM

Posted 21 December 2009 - 07:21 AM

Thank you again for spending so much time on this. I appreciate it.

Here's the Combofix log:

ComboFix 09-12-19.03 - Cathy L 12/21/2009 6:48.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.766.489 [GMT -5:00]
Running from: c:\documents and settings\Cathy L\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Cathy L\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

FILE ::
"C:\cleanup.bat"
"c:\windows\system32\drivers\bthpann.sys"
"c:\windows\system32\drivers\svchost.exe"
"C:\zip.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\cleanup.bat
C:\zip.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BTHPANN
-------\Legacy_CBVSIUWMEQIMQNT
-------\Service_bthpann


((((((((((((((((((((((((( Files Created from 2009-11-21 to 2009-12-21 )))))))))))))))))))))))))))))))
.

2009-12-20 18:00 . 2009-03-06 14:22 284160 ------w- c:\windows\system32\dllcache\pdh.dll
2009-12-20 18:00 . 2009-02-09 12:10 473600 ------w- c:\windows\system32\dllcache\fastprox.dll
2009-12-20 18:00 . 2009-02-09 12:10 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-12-20 18:00 . 2009-02-09 12:10 401408 ------w- c:\windows\system32\dllcache\rpcss.dll
2009-12-20 18:00 . 2009-02-06 11:11 110592 ------w- c:\windows\system32\dllcache\services.exe
2009-12-20 18:00 . 2009-02-06 10:39 35328 ------w- c:\windows\system32\dllcache\sc.exe
2009-12-20 18:00 . 2009-02-06 10:10 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
2009-12-20 18:00 . 2009-02-09 12:10 714752 ------w- c:\windows\system32\dllcache\ntdll.dll
2009-12-20 18:00 . 2009-02-09 12:10 617472 ------w- c:\windows\system32\dllcache\advapi32.dll
2009-12-20 17:59 . 2009-06-21 21:44 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2009-12-20 17:57 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2009-12-20 17:45 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-12-20 17:45 . 2008-04-21 12:08 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
2009-12-18 23:01 . 2009-12-18 23:01 -------- d-----w- C:\spoolerlogs
2009-12-18 22:27 . 2009-12-18 22:28 -------- d-----w- c:\program files\ERUNT
2009-12-17 13:45 . 2009-12-17 13:46 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Adobe
2009-12-17 11:58 . 2009-12-17 11:58 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-12-17 11:58 . 2009-12-17 11:58 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-12-17 11:58 . 2009-12-17 11:58 -------- d-----w- c:\documents and settings\Cathy L\Application Data\SUPERAntiSpyware.com
2009-12-17 11:56 . 2009-12-17 11:56 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-17 04:22 . 2009-12-17 04:22 -------- d-----w- c:\program files\ESET
2009-12-17 04:05 . 2009-12-03 21:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-17 04:05 . 2009-12-17 04:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-17 04:05 . 2009-12-03 21:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-17 01:48 . 2009-12-17 01:48 -------- d-----w- c:\program files\CodeStuff
2009-12-13 01:21 . 2009-12-13 01:21 -------- d-----w- c:\documents and settings\Cathy L\Local Settings\Application Data\SupportSoft
2009-12-13 00:49 . 2009-12-13 00:49 -------- d-----w- c:\documents and settings\All Users\Application Data\SupportSoft
2009-12-13 00:48 . 2009-12-13 00:48 -------- d-----w- c:\documents and settings\All Users\Application Data\PCDr
2009-12-13 00:45 . 2009-12-17 11:57 -------- d-----w- c:\program files\Dell Support Center
2009-12-12 18:11 . 2009-12-12 18:11 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2009-12-12 18:11 . 2009-12-12 18:11 -------- d-----w- c:\program files\IObit
2009-12-09 23:09 . 2008-04-13 17:39 142592 ----a-w- c:\windows\system32\dllcache\aec.sys
2009-12-09 22:18 . 2009-12-12 17:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-17 02:49 . 2004-09-24 14:38 -------- d-----w- c:\program files\Google
2009-12-13 00:45 . 2004-01-28 06:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Dell
2009-12-12 19:01 . 2002-08-29 07:27 96512 ----a-w- c:\windows\system32\drivers\atapi.svs
2009-12-12 19:01 . 2002-08-29 07:27 96512 ------w- c:\windows\system32\drivers\atapi.sys
2009-12-12 17:42 . 2004-11-27 17:54 -------- d-----w- c:\documents and settings\Cathy L\Application Data\Lavasoft
2009-11-20 13:39 . 2007-10-09 00:21 -------- d-----w- c:\program files\McAfee
2009-11-07 15:56 . 2004-01-28 06:25 -------- d-----w- c:\program files\Java
2009-10-29 07:46 . 2004-08-24 01:32 832512 ----a-w- c:\windows\system32\wininet.dll
2009-10-29 07:46 . 2004-08-04 07:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-29 07:46 . 2002-08-29 11:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-10-13 10:30 . 2002-08-29 11:00 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2002-08-29 11:00 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2002-08-29 11:00 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-11 09:17 . 2009-05-13 17:51 411368 ----a-w- c:\windows\system32\deploytk.dll
2005-03-30 09:34 . 2005-03-30 09:34 3267395 ----a-w- c:\program files\18 - Don't Let The Rain Fall On Me .mp3
2005-03-20 20:27 . 2005-03-20 20:23 20798256 ----a-w- c:\program files\AdbeRdr70_enu_full.exe
2005-03-20 20:23 . 2005-03-20 20:22 6811904 ----a-w- c:\program files\psa2011se_us.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-11-23 2001648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-10-19 155648]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-05 53248]
"HostManager"="c:\program files\Common Files\AOL\1112964485\ee\AOLSoftware.exe" [2008-06-24 41824]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-04 111936]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"BrStsWnd"="c:\program files\Brownie\BrstsWnd.exe" [2008-01-08 864256]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Exif Launcher.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Exif Launcher.lnk
backup=c:\windows\pss\Exif Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Monitor.lnk
backup=c:\windows\pss\Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
c:\windows\system32\dumprep 0 -u [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
2005-07-12 05:17 50776 ----a-w- c:\program files\America Online 9.0b\aol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
2006-10-23 12:50 71216 -c--a-r- c:\program files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG]
2003-08-29 09:59 122880 ----a-w- c:\windows\BCMSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
2003-08-06 07:04 114741 -c--a-w- c:\windows\SYSTEM32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FLMOFFICE4DMOUSE]
2005-09-05 18:23 360448 -c--a-w- c:\program files\Browser MOUSE\mouse32a.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2008-06-24 18:34 41824 ----a-w- c:\program files\Common Files\AOL\1112964485\EE\aolsoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2005-10-19 12:59 126976 ----a-w- c:\windows\SYSTEM32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
2006-07-09 13:26 36864 -c--a-w- c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]
2003-11-07 09:50 19968 ------w- c:\windows\LOGI_MWX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
2009-10-29 11:54 1218008 ----a-w- c:\progra~1\McAfee.com\Agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
2009-09-17 18:29 562928 ----a-w- c:\progra~1\McAfee.com\Agent\mcupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
2006-01-19 15:06 11776 -c--a-w- c:\progra~1\MUSICM~1\MUSICM~2\mimboot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
2006-01-19 15:06 110592 ----a-w- c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2003-08-27 01:47 204800 -c----w- c:\program files\Dell\Media Experience\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-11-04 15:30 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2005-11-02 00:37 180269 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
2003-08-19 06:01 110592 -c--a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0a\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1112964485\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\Program Files\\America Online 9.0b\\waol.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\AOL\\1112964485\\EE\\aolsoftware.exe"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\WINDOWS\\SYSTEM32\\WgaTray.exe"=
"c:\\Program Files\\McAfee.com\\Agent\\mcupdate.exe"=
"c:\\Program Files\\McAfee\\MSM\\McSmtFwk.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [11/23/2009 8:43 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [11/23/2009 8:43 AM 74480]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [11/23/2009 8:43 AM 7408]
.
------- Supplementary Scan -------
.
mWindow Title = Microsoft Internet Explorer provided by Comcast
uInternet Settings,ProxyOverride = localhost;*.local
IE: &AOL Toolbar Search - c:\documents and settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
Trusted Zone: musicmatch.com\online
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {0E0D50BC-E086-4E3A-B07D-C5C5869C0FFF} - hxxp://www.gamehouse.com/realarcade-webgames/adventureball/abx.cab
DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} - hxxp://www.gamehouse.com/realarcade-webgames/gamehouse/gamehouseplayer.cab
DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} - hxxp://legacy.aolsvc.aol.com/onlinegames/ghtumblebugs/axhost.cab
DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} - hxxp://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://www.gamehouse.com/realarcade-webgames/zylom/zylomplayer.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-21 07:06
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(636)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(2572)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Common Files\aolshare\aolshcpy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
c:\windows\wanmpsvc.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
c:\program files\McAfee\MPF\MPFSrv.exe
.
**************************************************************************
.
Completion time: 2009-12-21 07:17:48 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-21 12:17
ComboFix2.txt 2009-12-20 17:59

Pre-Run: 12,537,839,616 bytes free
Post-Run: 12,532,699,136 bytes free

- - End Of File - - 993D4F202071166A0C82C870921F8BF7




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users