Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help with virtumonde.prx


  • Please log in to reply
36 replies to this topic

#1 plhelp

plhelp

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:11 AM

Posted 21 October 2010 - 11:34 PM

hi, I have virtumonde.prx infecting my computer, slowing it down and redirecting web pages. Spybot can detect it but cannot remove it. It is not allowing Malware byte's anti malware to start. I have tried super antispyware remover and Emsisoft antimalware but it cannot find it. Please help.

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:11 PM

Posted 21 October 2010 - 11:40 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

Note** If you are having problems posting the complete log into this thread upload them here http://www.rapidshare.com/ and post the links in this thread

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

I would like to get a better look at your system, please do the following so I can get some more detailed logs.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

Scan With RKUnHooker

  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


information and logs:

In your next post I need the following

1.logs from DDS
2.RKUnHooker
3.let me know of any problems you may have had
[/list]
Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 plhelp

plhelp
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:11 AM

Posted 22 October 2010 - 12:04 AM

Thanks a lot. I forgot to mention that I can only run my computer in safe mode. Will it cause any problem?
Thanks again


Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

Note** If you are having problems posting the complete log into this thread upload them here http://www.rapidshare.com/ and post the links in this thread

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

I would like to get a better look at your system, please do the following so I can get some more detailed logs.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

Scan With RKUnHooker

  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


information and logs:

In your next post I need the following

1.logs from DDS
2.RKUnHooker
3.let me know of any problems you may have had
[/list]
Gringo



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:11 PM

Posted 22 October 2010 - 12:06 AM

Rkunhooker will not run in safe mode but DDS will start with that


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 plhelp

plhelp
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:11 AM

Posted 22 October 2010 - 12:35 AM

Hi, this is the log below.
DDS (Ver_10-10-21.02) - NTFSx86 NETWORK
Run by Administrator at 0:43:03.95 on Fri 10/22/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1382 [GMT -4:00]

AV: Norton Internet Security *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
AV: Emsisoft Anti-Malware *On-access scanning disabled* (Outdated) {0F8591BB-342B-4493-91C3-4E948ED21255}
AV: Security Guard *On-access scanning enabled* (Updated) {E859B1E6-B89D-47AE-9BE9-C8048C283EAC}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
FW: Security Guard *enabled* {228C0DF1-F4F1-4FE1-B697-10F884B704BE}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Netscape\Navigator 9\navigator.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

mWindow Title = Windows Internet Explorer provided by Comcast
uURLSearchHooks: H - No File
BHO: {1e8a6170-7264-4d0f-beae-d42a53123c75} - c:\program files\common files\symantec shared\coshared\browser\1.0\NppBho.dll
BHO: {28272170-BB7E-4188-9885-1BE9AE8B8C74} - No File
BHO: {2C606830-3A8C-438F-8531-3C7C64E4D891} - No File
BHO: {45E32508-68B2-4B98-B272-B950D2E81CE5} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {62b71f4f-693c-433f-b432-0a47c2e88c17} - c:\windows\system32\mlJYsPFy.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
BHO: {8de78383-2ef3-4a51-bfb8-8676b122cdfc} - No File
BHO: {9D567D4C-83FC-4C6B-B6D4-3141E0AF3B42} - No File
BHO: {B378C694-CCE1-4D50-95A9-145ED3FC9544} - No File
BHO: {B6A0B0E4-1128-45DC-90BF-12287D54E490} - No File
BHO: {B7F473F3-CB81-46BB-A71A-6DA360D8AB62} - No File
BHO: {BCA368DC-612D-4567-AE1B-B909C9F9F05F} - No File
BHO: {E4C30839-A7C9-4E4B-8ED8-FFF047C9F0CE} - No File
BHO: {F4492E17-BC8B-489B-A11E-2FD0E5C95204} - No File
BHO: {F63C35B9-A768-42C6-89E8-B88619C9B1D4} - No File
TB: Show Norton Toolbar: {90222687-f593-4738-b738-fbee9c7b26df} - c:\program files\common files\symantec shared\coshared\browser\1.0\UIBHO.dll
uRun: [ModemOnHold] c:\program files\netwaiting\netWaiting.exe
uRun: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup
uRun: [DellAutomatedPCTuneUp] "c:\program files\dellautomatedpctuneup\PTAgnt.exe" /startup
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Eraser] c:\program files\eraser\eraser.exe -hide
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\NPSWF32_FlashUtil.exe -p
uRunOnce: [SpybotDeletingB8515] command /c del "c:\windows\system32\mlJYsPFy.dll_old"
uRunOnce: [SpybotDeletingD508] cmd /c del "c:\windows\system32\mlJYsPFy.dll_old"
uRunOnce: [SpybotDeletingB6028] command.com /c del "c:\windows\system32\uses32.dat"
uRunOnce: [SpybotDeletingD1638] cmd.exe /c del "c:\windows\system32\uses32.dat"
uRunOnce: [SpybotDeletingB2164] command.com /c del "c:\windows\system32\winlogon86.exe"
uRunOnce: [SpybotDeletingD6103] cmd.exe /c del "c:\windows\system32\winlogon86.exe"
uRunOnce: [SpybotDeletingB9394] command.com /c del "c:\windows\system32\404Fix.exe"
uRunOnce: [SpybotDeletingD5058] cmd.exe /c del "c:\windows\system32\404Fix.exe"
uRunOnce: [SpybotDeletingB587] command.com /c del "c:\windows\system32\o4Patch.exe"
uRunOnce: [SpybotDeletingD3294] cmd.exe /c del "c:\windows\system32\o4Patch.exe"
uRunOnce: [SpybotDeletingB3764] command.com /c del "c:\windows\system32\Agent.OMZ.Fix.exe"
uRunOnce: [SpybotDeletingD584] cmd.exe /c del "c:\windows\system32\Agent.OMZ.Fix.exe"
uRunOnce: [SpybotDeletingB7874] command.com /c del "c:\windows\system32\IEDFix.exe"
uRunOnce: [SpybotDeletingD6145] cmd.exe /c del "c:\windows\system32\IEDFix.exe"
uRunOnce: [SpybotDeletingB7373] command.com /c del "c:\windows\system32\IEDFix.C.exe"
uRunOnce: [SpybotDeletingD7565] cmd.exe /c del "c:\windows\system32\IEDFix.C.exe"
uRunOnce: [SpybotDeletingB8151] command.com /c del "c:\windows\system32\VACFix.exe"
uRunOnce: [SpybotDeletingD3357] cmd.exe /c del "c:\windows\system32\VACFix.exe"
uRunOnce: [SpybotDeletingB1925] command.com /c del "c:\windows\system32\uses32.dat"
uRunOnce: [SpybotDeletingD5605] cmd.exe /c del "c:\windows\system32\uses32.dat"
uRunOnce: [SpybotDeletingB8534] command.com /c del "c:\windows\system32\winlogon86.exe"
uRunOnce: [SpybotDeletingD6599] cmd.exe /c del "c:\windows\system32\winlogon86.exe"
uRunOnce: [SpybotDeletingB9549] command.com /c del "c:\windows\system32\404Fix.exe"
uRunOnce: [SpybotDeletingD7301] cmd.exe /c del "c:\windows\system32\404Fix.exe"
uRunOnce: [SpybotDeletingB4467] command.com /c del "c:\windows\system32\o4Patch.exe"
uRunOnce: [SpybotDeletingD4710] cmd.exe /c del "c:\windows\system32\o4Patch.exe"
uRunOnce: [SpybotDeletingB2529] command.com /c del "c:\windows\system32\Agent.OMZ.Fix.exe"
uRunOnce: [SpybotDeletingD3032] cmd.exe /c del "c:\windows\system32\Agent.OMZ.Fix.exe"
uRunOnce: [SpybotDeletingB6041] command.com /c del "c:\windows\system32\IEDFix.exe"
uRunOnce: [SpybotDeletingD4846] cmd.exe /c del "c:\windows\system32\IEDFix.exe"
uRunOnce: [SpybotDeletingB4533] command.com /c del "c:\windows\system32\IEDFix.C.exe"
uRunOnce: [SpybotDeletingD5516] cmd.exe /c del "c:\windows\system32\IEDFix.C.exe"
uRunOnce: [SpybotDeletingB6867] command.com /c del "c:\windows\system32\VACFix.exe"
uRunOnce: [SpybotDeletingD4358] cmd.exe /c del "c:\windows\system32\VACFix.exe"
uRunOnce: [SpybotDeletingB8381] command.com /c del "c:\windows\system32\uses32.dat"
uRunOnce: [SpybotDeletingD9605] cmd.exe /c del "c:\windows\system32\uses32.dat"
uRunOnce: [SpybotDeletingB7377] command.com /c del "c:\windows\system32\winlogon86.exe"
uRunOnce: [SpybotDeletingD2431] cmd.exe /c del "c:\windows\system32\winlogon86.exe"
uRunOnce: [SpybotDeletingB8285] command.com /c del "c:\windows\system32\404Fix.exe"
uRunOnce: [SpybotDeletingD3731] cmd.exe /c del "c:\windows\system32\404Fix.exe"
uRunOnce: [SpybotDeletingB8211] command.com /c del "c:\windows\system32\o4Patch.exe"
uRunOnce: [SpybotDeletingD8015] cmd.exe /c del "c:\windows\system32\o4Patch.exe"
uRunOnce: [SpybotDeletingB549] command.com /c del "c:\windows\system32\Agent.OMZ.Fix.exe"
uRunOnce: [SpybotDeletingD5376] cmd.exe /c del "c:\windows\system32\Agent.OMZ.Fix.exe"
uRunOnce: [SpybotDeletingB8249] command.com /c del "c:\windows\system32\IEDFix.exe"
uRunOnce: [SpybotDeletingD2751] cmd.exe /c del "c:\windows\system32\IEDFix.exe"
uRunOnce: [SpybotDeletingB3928] command.com /c del "c:\windows\system32\IEDFix.C.exe"
uRunOnce: [SpybotDeletingD5822] cmd.exe /c del "c:\windows\system32\IEDFix.C.exe"
uRunOnce: [SpybotDeletingB9467] command.com /c del "c:\windows\system32\VACFix.exe"
uRunOnce: [SpybotDeletingD6416] cmd.exe /c del "c:\windows\system32\VACFix.exe"
uRunOnce: [SpybotDeletingB1904] command.com /c del "c:\windows\system32\ssttur.dll_old"
uRunOnce: [SpybotDeletingD7129] cmd.exe /c del "c:\windows\system32\ssttur.dll_old"
uRunOnce: [SpybotDeletingB875] command.com /c del "c:\windows\system32\rqpnml.dll_old"
uRunOnce: [SpybotDeletingD3470] cmd.exe /c del "c:\windows\system32\rqpnml.dll_old"
uRunOnce: [SpybotDeletingB5420] command.com /c del "c:\windows\system32\ssttur.dll_old"
uRunOnce: [SpybotDeletingD793] cmd.exe /c del "c:\windows\system32\ssttur.dll_old"
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [Corel Photo Downloader] c:\program files\corel\corel snapfire plus\Corel Photo Downloader.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [osCheck] "c:\program files\norton internet security\osCheck.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [ddoctorv2] "c:\program files\comcast\desktop doctor\bin\sprtcmd.exe" /P ddoctorv2
mRun: [<NO NAME>]
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [DownloadStudio] c:\program files\conceiva\downloadstudio\DownloadStudioScheduleMonitor.exe
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [IObit Security 360] "c:\program files\iobit\iobit security 360\IS360tray.exe" /autostart
mRun: [jkkljksys] rundll32.exe "ssttur.dll",s
mRunOnce: [NoIE4StubProcessing] c:\windows\system32\reg.exe delete "hklm\software\microsoft\active setup\Installed Components" /v "NoIE4StubProcessing" /f
mRunOnce: [SpybotDeletingA9138] command /c del "c:\documents and settings\kashif raza\start menu\programs\outerinfo\Uninstall.lnk"
mRunOnce: [SpybotDeletingC1622] cmd /c del "c:\documents and settings\kashif raza\start menu\programs\outerinfo\Uninstall.lnk"
mRunOnce: [Spybot - Search & Destroy] "c:\program files\spybot - search & destroy\SpybotSD.exe" /autocheck
mRunOnce: [SpybotDeletingA3210] command /c del "c:\windows\system32\mlJYsPFy.dll_old"
mRunOnce: [SpybotDeletingC930] cmd /c del "c:\windows\system32\mlJYsPFy.dll_old"
mRunOnce: [SpybotDeletingA1395] command.com /c del "c:\windows\system32\uses32.dat"
mRunOnce: [SpybotDeletingC694] cmd.exe /c del "c:\windows\system32\uses32.dat"
mRunOnce: [SpybotDeletingA5724] command.com /c del "c:\windows\system32\winlogon86.exe"
mRunOnce: [SpybotDeletingC3429] cmd.exe /c del "c:\windows\system32\winlogon86.exe"
mRunOnce: [SpybotDeletingA8002] command.com /c del "c:\windows\system32\404Fix.exe"
mRunOnce: [SpybotDeletingC1196] cmd.exe /c del "c:\windows\system32\404Fix.exe"
mRunOnce: [SpybotDeletingA5425] command.com /c del "c:\windows\system32\o4Patch.exe"
mRunOnce: [SpybotDeletingC5013] cmd.exe /c del "c:\windows\system32\o4Patch.exe"
mRunOnce: [SpybotDeletingA6267] command.com /c del "c:\windows\system32\Agent.OMZ.Fix.exe"
mRunOnce: [SpybotDeletingC7205] cmd.exe /c del "c:\windows\system32\Agent.OMZ.Fix.exe"
mRunOnce: [SpybotDeletingA3501] command.com /c del "c:\windows\system32\IEDFix.exe"
mRunOnce: [SpybotDeletingC9013] cmd.exe /c del "c:\windows\system32\IEDFix.exe"
mRunOnce: [SpybotDeletingA2196] command.com /c del "c:\windows\system32\IEDFix.C.exe"
mRunOnce: [SpybotDeletingC4469] cmd.exe /c del "c:\windows\system32\IEDFix.C.exe"
mRunOnce: [SpybotDeletingA2640] command.com /c del "c:\windows\system32\VACFix.exe"
mRunOnce: [SpybotDeletingC3052] cmd.exe /c del "c:\windows\system32\VACFix.exe"
mRunOnce: [SpybotDeletingA4956] command.com /c del "c:\windows\system32\uses32.dat"
mRunOnce: [SpybotDeletingC9939] cmd.exe /c del "c:\windows\system32\uses32.dat"
mRunOnce: [SpybotDeletingA1122] command.com /c del "c:\windows\system32\winlogon86.exe"
mRunOnce: [SpybotDeletingC9832] cmd.exe /c del "c:\windows\system32\winlogon86.exe"
mRunOnce: [SpybotDeletingA7886] command.com /c del "c:\windows\system32\404Fix.exe"
mRunOnce: [SpybotDeletingC7920] cmd.exe /c del "c:\windows\system32\404Fix.exe"
mRunOnce: [SpybotDeletingA2389] command.com /c del "c:\windows\system32\o4Patch.exe"
mRunOnce: [SpybotDeletingC6645] cmd.exe /c del "c:\windows\system32\o4Patch.exe"
mRunOnce: [SpybotDeletingA1423] command.com /c del "c:\windows\system32\Agent.OMZ.Fix.exe"
mRunOnce: [SpybotDeletingC7728] cmd.exe /c del "c:\windows\system32\Agent.OMZ.Fix.exe"
mRunOnce: [SpybotDeletingA6800] command.com /c del "c:\windows\system32\IEDFix.exe"
mRunOnce: [SpybotDeletingC2265] cmd.exe /c del "c:\windows\system32\IEDFix.exe"
mRunOnce: [SpybotDeletingA7256] command.com /c del "c:\windows\system32\IEDFix.C.exe"
mRunOnce: [SpybotDeletingC637] cmd.exe /c del "c:\windows\system32\IEDFix.C.exe"
mRunOnce: [SpybotDeletingA430] command.com /c del "c:\windows\system32\VACFix.exe"
mRunOnce: [SpybotDeletingC2783] cmd.exe /c del "c:\windows\system32\VACFix.exe"
mRunOnce: [SpybotDeletingA447] command.com /c del "c:\windows\system32\uses32.dat"
mRunOnce: [SpybotDeletingC725] cmd.exe /c del "c:\windows\system32\uses32.dat"
mRunOnce: [SpybotDeletingA3603] command.com /c del "c:\windows\system32\winlogon86.exe"
mRunOnce: [SpybotDeletingC6095] cmd.exe /c del "c:\windows\system32\winlogon86.exe"
mRunOnce: [SpybotDeletingA2661] command.com /c del "c:\windows\system32\404Fix.exe"
mRunOnce: [SpybotDeletingC8072] cmd.exe /c del "c:\windows\system32\404Fix.exe"
mRunOnce: [SpybotDeletingA9798] command.com /c del "c:\windows\system32\o4Patch.exe"
mRunOnce: [SpybotDeletingC6843] cmd.exe /c del "c:\windows\system32\o4Patch.exe"
mRunOnce: [SpybotDeletingA8154] command.com /c del "c:\windows\system32\Agent.OMZ.Fix.exe"
mRunOnce: [SpybotDeletingC390] cmd.exe /c del "c:\windows\system32\Agent.OMZ.Fix.exe"
mRunOnce: [SpybotDeletingA4864] command.com /c del "c:\windows\system32\IEDFix.exe"
mRunOnce: [SpybotDeletingC299] cmd.exe /c del "c:\windows\system32\IEDFix.exe"
mRunOnce: [SpybotDeletingA8676] command.com /c del "c:\windows\system32\IEDFix.C.exe"
mRunOnce: [SpybotDeletingC2303] cmd.exe /c del "c:\windows\system32\IEDFix.C.exe"
mRunOnce: [SpybotDeletingA9749] command.com /c del "c:\windows\system32\VACFix.exe"
mRunOnce: [SpybotDeletingC7593] cmd.exe /c del "c:\windows\system32\VACFix.exe"
mRunOnce: [SpybotDeletingA3269] command.com /c del "c:\windows\system32\ssttur.dll_old"
mRunOnce: [SpybotDeletingC4493] cmd.exe /c del "c:\windows\system32\ssttur.dll_old"
mRunOnce: [SpybotDeletingA4844] command.com /c del "c:\windows\system32\rqpnml.dll_old"
mRunOnce: [SpybotDeletingC8809] cmd.exe /c del "c:\windows\system32\rqpnml.dll_old"
mRunOnce: [SpybotSnD] "c:\program files\spybot - search & destroy\SpybotSD.exe" /autocheck
mRunOnce: [SpybotDeletingA9172] command.com /c del "c:\windows\system32\ssttur.dll_old"
mRunOnce: [SpybotDeletingC1624] cmd.exe /c del "c:\windows\system32\ssttur.dll_old"
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRun: [yaxuvtaudio] rundll32.exe "fcyxwu.dll",s
dRun: [fcbbyasys] rundll32.exe "ssttur.dll",s
dRun: [wvvuuuaudio] rundll32.exe "urspol.dll",s
dRunOnce: [SGD] "c:\windows\temp\tazofehu.exe" /cs:2
mExplorerRun: [KRAZA] .vbe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\npjpi160_03.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {41564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab
DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxp://www.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\480\G2AWinLogon.dll
SSODL: dazatawih - {614d2f26-0871-4567-914d-7207c339e559} - c:\windows\system32\wapajemu.dll
SSODL: giwatosud - {97c1e86f-2078-4fc2-8b85-abcedc7de71b} - c:\windows\system32\bemevoyu.dll
SSODL: joluzeton - {c21cdc52-77df-4c7c-8407-16c47268a413} - c:\windows\system32\ritinezu.dll
SSODL: nisesideg - {4a0c3145-86a8-4e22-ab34-50472fe70dda} - c:\windows\system32\dotipiwu.dll
SSODL: dopupavaw - {08176f99-9c07-43f3-a372-cdebf6760d8c} - c:\windows\system32\wepanibe.dll
SSODL: pategomaw - {248cf8d6-ab90-44d9-8ad9-c5b696ae390f} - c:\windows\system32\gabogope.dll
SSODL: powevugul - {a3bc7b65-c4e4-448c-9854-e6bdd3fe92e3} - c:\windows\system32\mujorebi.dll
STS: tokatiluy: {614d2f26-0871-4567-914d-7207c339e559} - c:\windows\system32\wapajemu.dll
STS: gahurihor: {97c1e86f-2078-4fc2-8b85-abcedc7de71b} - c:\windows\system32\bemevoyu.dll
STS: jugezatag: {c21cdc52-77df-4c7c-8407-16c47268a413} - c:\windows\system32\ritinezu.dll
STS: gahurihor: {4a0c3145-86a8-4e22-ab34-50472fe70dda} - c:\windows\system32\dotipiwu.dll
STS: jugezatag: {08176f99-9c07-43f3-a372-cdebf6760d8c} - c:\windows\system32\wepanibe.dll
STS: tokatiluy: {248cf8d6-ab90-44d9-8ad9-c5b696ae390f} - c:\windows\system32\gabogope.dll
STS: jugezatag: {a3bc7b65-c4e4-448c-9854-e6bdd3fe92e3} - c:\windows\system32\mujorebi.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, msansspc.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\mlJYsPFy ssttur.dll
LSA: Notification Packages = scecli hefudebo.dll
IFEO: image file execution options - svchost.exe
Hosts: 91.206.201.8 system-guard2009.com
Hosts: 91.206.201.8 www.system-guard2009.com
Hosts: 74.125.45.100 4-open-davinci.com
Hosts: 74.125.45.100 securitysoftwarepayments.com
Hosts: 74.125.45.100 privatesecuredpayments.com

Note: multiple HOSTS entries found. Please refer to Attach.txt

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\w79femgi.default\
FF - plugin: c:\program files\joost plugin\npjoost.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

============= SERVICES / DRIVERS ===============

S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
S2 a2AntiMalware;Emsisoft Anti-Malware 5.0 - Service;c:\program files\emsisoft anti-malware\a2service.exe [2010-10-18 2909536]
S2 CAMTHWDM;WebcamMax, WDM Video Capture;c:\windows\system32\drivers\CAMTHWDM.sys [2008-9-7 941784]
S2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2006-9-3 108648]
S2 COMServer;COMServer;"c:\windows\system32\msapps\comsrvr.exe" s --> c:\windows\system32\msapps\comsrvr.exe [?]
S2 IS360service;IS360service;c:\program files\iobit\iobit security 360\is360srv.exe [2010-9-5 312152]
S3 a2acc;a2acc;c:\program files\emsisoft anti-malware\a2accx86.sys [2010-10-18 72808]
S3 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2006-9-3 108648]
S3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20071107.018\NAVENG.SYS [2007-11-7 81232]
S3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20071107.018\NAVEX15.SYS [2007-11-7 865904]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 34064]
S3 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2007-8-12 1251720]
S3 TridVid;Video Grabber;c:\windows\system32\drivers\tridvid.sys [2008-3-9 99200]

=============== Created Last 30 ================

2010-10-22 02:33:06 50176 ---ha-w- c:\windows\system32\cidatify.dll
2010-10-22 02:29:27 104448 ---ha-w- c:\windows\system32\byvspo.dll
2010-10-20 11:42:13 101888 ---ha-w- c:\windows\system32\dddawu.dll
2010-10-20 10:42:14 101888 ---ha-w- c:\windows\system32\qonmjh.dll
2010-10-20 09:42:14 101888 ---ha-w- c:\windows\system32\qonnoo.dll
2010-10-20 08:42:14 101888 ---ha-w- c:\windows\system32\khijig.dll
2010-10-20 07:42:13 101888 ---ha-w- c:\windows\system32\awutss.dll
2010-10-20 06:42:13 101888 ---ha-w- c:\windows\system32\xxxwtr.dll
2010-10-20 05:42:14 101888 ---ha-w- c:\windows\system32\ssrsrq.dll
2010-10-20 04:42:15 101888 ---ha-w- c:\windows\system32\efffef.dll
2010-10-20 03:42:15 101888 ---ha-w- c:\windows\system32\efcyyv.dll
2010-10-20 02:42:14 101888 ---ha-w- c:\windows\system32\khghij.dll
2010-10-20 01:42:33 101888 ---ha-w- c:\windows\system32\nnomml.dll
2010-10-20 00:42:40 101888 ---ha-w- c:\windows\system32\nnoono.dll
2010-10-19 23:42:37 101888 ---ha-w- c:\windows\system32\jkkihe.dll
2010-10-19 22:32:37 101888 ---ha-w- c:\windows\system32\ljifgd.dll
2010-10-19 21:32:48 101888 ---ha-w- c:\windows\system32\bywvus.dll
2010-10-19 20:32:38 101888 ---ha-w- c:\windows\system32\jkjjig.dll
2010-10-19 19:32:42 101888 ---ha-w- c:\windows\system32\vtuspm.dll
2010-10-19 18:32:39 101888 ---ha-w- c:\windows\system32\ddayxx.dll
2010-10-19 17:32:41 101888 ---ha-w- c:\windows\system32\awuspo.dll
2010-10-19 16:32:36 101888 ---ha-w- c:\windows\system32\ddbbaa.dll
2010-10-19 15:32:18 101888 ---ha-w- c:\windows\system32\efdbba.dll
2010-10-19 14:32:33 101888 ---ha-w- c:\windows\system32\tuvtur.dll
2010-10-19 13:32:16 101888 ---ha-w- c:\windows\system32\fcyxxw.dll
2010-10-19 12:32:13 122368 ---ha-w- c:\windows\system32\byvwwx.dll
2010-10-19 11:32:13 122368 ---ha-w- c:\windows\system32\hgffcb.dll
2010-10-19 10:32:14 122368 ---ha-w- c:\windows\system32\pmnkkh.dll
2010-10-19 09:32:14 122368 ---ha-w- c:\windows\system32\gedddc.dll
2010-10-19 08:32:13 122368 ---ha-w- c:\windows\system32\awwwuu.dll
2010-10-19 07:32:14 122368 ---ha-w- c:\windows\system32\mlkkll.dll
2010-10-19 06:32:13 122368 ---ha-w- c:\windows\system32\mlijif.dll
2010-10-19 05:32:13 122368 ---ha-w- c:\windows\system32\gebyax.dll
2010-10-19 04:32:13 122368 ---ha-w- c:\windows\system32\vtuusp.dll
2010-10-19 03:32:13 122368 ---ha-w- c:\windows\system32\ssroon.dll
2010-10-19 02:32:22 122368 ---ha-w- c:\windows\system32\urspol.dll
2010-10-19 02:28:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-19 02:28:45 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-19 02:28:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-19 01:48:01 122368 ---ha-w- c:\windows\system32\mlmkhi.dll
2010-10-19 01:45:16 -------- d-----w- c:\program files\PC Tools Security
2010-10-19 00:48:22 122368 ---ha-w- c:\windows\system32\fcyxwu.dll
2010-10-19 00:37:46 122368 ---ha-w- c:\windows\system32\iihhgd.dll
2010-10-18 23:38:01 122368 ---ha-w- c:\windows\system32\fcbbay.dll
2010-10-18 22:37:50 122368 ---ha-w- c:\windows\system32\bywwvw.dll
2010-10-18 05:47:28 119296 ---ha-w- c:\windows\system32\awuvss.dll
2010-10-18 05:43:12 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2010-10-18 05:23:01 -------- dc-h--w- c:\docume~1\alluse~1\applic~1\{ECC164E0-3133-4C70-A831-F08DB2940F70}
2010-10-18 03:58:50 91136 ---ha-w- c:\windows\system32\ssttur.dll
2010-10-02 03:03:50 -------- d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2010-09-30 04:30:16 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-09-30 04:30:16 -------- d-----w- c:\docume~1\admini~1\applic~1\SUPERAntiSpyware.com
2010-09-30 04:28:22 -------- d-----w- c:\program files\SUPERAntiSpyware

==================== Find3M ====================

2010-10-08 07:30:16 5642 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-10-08 07:28:50 168 --sh--r- c:\windows\system32\119210CEEA.sys
2010-09-04 03:09:59 6358 ----a-w- c:\windows\system32\tmp.reg
2010-03-05 18:10:56 42496 --sha-w- c:\windows\system32\sujobapi.exe

============= FINISH: 0:55:09.60 ===============

Here is 2nd log below.

==== Hosts File Hijack ======================

Hosts: 91.206.201.8 system-guard2009.com
Hosts: 91.206.201.8 www.system-guard2009.com
Hosts: 74.125.45.100 4-open-davinci.com
Hosts: 74.125.45.100 securitysoftwarepayments.com
Hosts: 74.125.45.100 privatesecuredpayments.com
Hosts: 74.125.45.100 secure.privatesecuredpayments.com
Hosts: 74.125.45.100 getantivirusplusnow.com
Hosts: 74.125.45.100 secure-plus-payments.com
Hosts: 74.125.45.100 www.getantivirusplusnow.com
Hosts: 74.125.45.100 www.secure-plus-payments.com
Hosts: 74.125.45.100 www.getavplusnow.com
Hosts: 74.125.45.100 safebrowsing-cache.google.com
Hosts: 74.125.45.100 urs.microsoft.com
Hosts: 74.125.45.100 www.securesoftwarebill.com
Hosts: 74.125.45.100 secure.paysecuresystem.com
Hosts: 74.125.45.100 paysoftbillsolution.com
Hosts: 74.125.45.100 protected.maxisoftwaremart.com
Hosts: 94.75.207.107 www.google.com
Hosts: 94.75.207.107 google.com
Hosts: 94.75.207.107 google.com.au
Hosts: 94.75.207.107 www.google.com.au
Hosts: 94.75.207.107 google.be
Hosts: 94.75.207.107 www.google.be
Hosts: 94.75.207.107 google.com.br
Hosts: 94.75.207.107 www.google.com.br
Hosts: 94.75.207.107 google.ca
Hosts: 94.75.207.107 www.google.ca
Hosts: 94.75.207.107 google.ch
Hosts: 94.75.207.107 www.google.ch
Hosts: 94.75.207.107 google.de
Hosts: 94.75.207.107 www.google.de
Hosts: 94.75.207.107 google.dk
Hosts: 94.75.207.107 www.google.dk
Hosts: 94.75.207.107 google.fr
Hosts: 94.75.207.107 www.google.fr
Hosts: 94.75.207.107 google.ie
Hosts: 94.75.207.107 www.google.ie
Hosts: 94.75.207.107 google.it
Hosts: 94.75.207.107 www.google.it
Hosts: 94.75.207.107 google.co.jp
Hosts: 94.75.207.107 www.google.co.jp
Hosts: 94.75.207.107 google.nl
Hosts: 94.75.207.107 www.google.nl
Hosts: 94.75.207.107 google.no
Hosts: 94.75.207.107 www.google.no
Hosts: 94.75.207.107 google.co.nz
Hosts: 94.75.207.107 www.google.co.nz
Hosts: 94.75.207.107 google.pl
Hosts: 94.75.207.107 www.google.pl
Hosts: 94.75.207.107 google.se
Hosts: 94.75.207.107 www.google.se
Hosts: 94.75.207.107 google.co.uk
Hosts: 94.75.207.107 google.co.za
Hosts: 94.75.207.107 www.google.co.za
Hosts: 94.75.207.107 www.google-analytics.com
Hosts: 94.75.207.107 www.bing.com
Hosts: 94.75.207.107 search.yahoo.com
Hosts: 94.75.207.107 www.search.yahoo.com
Hosts: 94.75.207.107 uk.search.yahoo.com
Hosts: 94.75.207.107 ca.search.yahoo.com
Hosts: 94.75.207.107 de.search.yahoo.com
Hosts: 94.75.207.107 fr.search.yahoo.com
Hosts: 94.75.207.107 au.search.yahoo.com

==== Installed Programs ======================

AAC Decoder
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0.8
Adobe Shockwave Player 11.5
AppCore
Apple Software Update
ATI Catalyst Control Center
ATI Display Driver
Auslogics Disk Defrag
AutoUpdate
AV
Broadcom Management Programs
ccCommon
Comcast Universal Installer v1.2
Conexant HDA D110 MDC V.92 Modem
Corel Paint Shop Pro Photo XI
Corel Snapfire Plus
Dell Automated PC TuneUp
Dell Support 3.2.1
Dell System Restore
Desktop Doctor
Digital Line Detect
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
DownloadStudio
Driver Setup
Emsisoft Anti-Malware 5.0
eMule
Eraser 5.8.7
GoToAssist 8.0.0.480
H.264 Decoder
High Definition Audio Driver Package - KB835221
Hooked on Math Learn to Count
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB896256)
Hotfix for Windows XP (KB906569)
Hotfix for Windows XP (KB908673)
Hotfix for Windows XP (KB909095)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB952287)
Intel® PROSet/Wireless Software
IObit Security 360
J2SE Runtime Environment 5.0 Update 6
Java™ 6 Update 2
Java™ 6 Update 3
Joost ™ Beta 1.1.4
Joost Plugin
LiveUpdate 3.1 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Malwarebytes' Anti-Malware
mCore
mDriver
mDrWiFi
MediaDirect
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
mIWA
MKV Splitter
mLogView
mMHouse
Modem Helper
Mozilla Firefox (3.6.3)
mPfMgr
mPfWiz
mProSafe
mSCfg
MSRedist
mSSO
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
mWlsSafe
mWMI
mZConfig
Netscape Navigator (9.0.0.6)
NetWaiting
Norton AntiVirus
Norton Confidential Browser Component
Norton Confidential Web Protection Component
Norton Internet Security
Norton Internet Security (Symantec Corporation)
Norton Protection Center
OutlookAddinSetup
Power2Go 5.0
PowerDirector
PowerProducer
Qualxserve Service Agreement
QuickSet
QuickTime
Real War Rogue States
RealPlayer
SearchAssist
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Sonic DLA
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
SopCast 2.0.4
SPBBC 32bit
Spybot - Search & Destroy
SUPERAntiSpyware
Symantec Real Time Storage Protection Component
SymNet
Synaptics Pointing Device Driver
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB912945)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB951072-v2)
URL Assistant
VideoLAN VLC media player 0.8.6c
Virtools 3D Life Player
WebcamMax
WebFldrs XP
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885855
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB889673
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB892627
Windows XP Hotfix - KB893056
WinPcap 4.0.2
WinRAR archiver

==== End Of File ===========================

Thanks again


Rkunhooker will not run in safe mode but DDS will start with that


Gringo



#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:11 PM

Posted 22 October 2010 - 12:51 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

Edited by gringo_pr, 22 October 2010 - 12:52 AM.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 plhelp

plhelp
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:11 AM

Posted 23 October 2010 - 01:07 AM

I ran combofix and log is below. I am able to run anti malware bytes and it didnot find anything. computer is working better at moment.

ComboFix 10-10-22.04 - Administrator 10/23/2010 0:25.1.2 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1808 [GMT -4:00]
Running from: c:\documents and settings\Administrator\My Documents\Downloads\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\549d693
c:\documents and settings\All Users\Application Data\549d693\88.mof
c:\documents and settings\All Users\Application Data\549d693\BackUp\Adobe Reader Speed Launch.lnk
c:\documents and settings\All Users\Application Data\549d693\BackUp\Digital Line Detect.lnk
c:\documents and settings\All Users\Application Data\549d693\SGD.ico
c:\documents and settings\All Users\Application Data\549d693\SGDSys\vd952342.bd
c:\documents and settings\All Users\Application Data\96789056.ini
c:\documents and settings\All Users\Application Data\Macromedia\SwUpdate
c:\documents and settings\All Users\Application Data\Macromedia\SwUpdate\Flags.dtd
c:\documents and settings\All Users\Application Data\Macromedia\SwUpdate\Local.dtd
c:\documents and settings\All Users\Application Data\Macromedia\SwUpdate\swupdate.dll
c:\documents and settings\All Users\Application Data\Macromedia\SwUpdate\Ui.dtd
c:\program files\Common Files\icroso~1
c:\program files\Common Files\smbols~1
c:\program files\driver
c:\windows\run.log
c:\windows\system32\11478.exe
c:\windows\system32\15724.exe
c:\windows\system32\19169.exe
c:\windows\system32\23281.exe
c:\windows\system32\24464.exe
c:\windows\system32\26500.exe
c:\windows\system32\26962.exe
c:\windows\system32\28145.exe
c:\windows\system32\29358.exe
c:\windows\system32\5705.exe
c:\windows\system32\abovetuf.ini
c:\windows\system32\agodakes.ini
c:\windows\system32\ahvxuywr.ini
c:\windows\system32\akuvatan.ini
c:\windows\system32\ametigok.ini
c:\windows\system32\anelagaw.ini
c:\windows\system32\awuvss.dll
c:\windows\system32\awwwuu.dll
c:\windows\system32\azebezod.ini
c:\windows\system32\bcmghodt.ini
c:\windows\system32\byvwwx.dll
c:\windows\system32\bywwvw.dll
c:\windows\system32\cidatify.dll
c:\windows\system32\dumphive.exe
c:\windows\system32\eberowod.ini
c:\windows\system32\ekepurag.ini
c:\windows\system32\ekusahun.ini
c:\windows\system32\eloyuviz.ini
c:\windows\system32\epopiwus.ini
c:\windows\system32\ezafanol.ini
c:\windows\system32\ezumozos.ini
c:\windows\system32\fbtvouyi.ini
c:\windows\system32\fcbbay.dll
c:\windows\system32\fcjskxhc.ini
c:\windows\system32\fcyxwu.dll
c:\windows\system32\fnts~1
c:\windows\system32\gebyax.dll
c:\windows\system32\gedddc.dll
c:\windows\system32\hgffcb.dll
c:\windows\system32\ibadedez.ini
c:\windows\system32\ibatupas.ini
c:\windows\system32\ibofezal.ini
c:\windows\system32\igenesil.ini
c:\windows\system32\ihajepoy.ini
c:\windows\system32\ihajetum.ini
c:\windows\system32\ihamuper.ini
c:\windows\system32\iihhgd.dll
c:\windows\system32\imagabur.ini
c:\windows\system32\imibakup.ini
c:\windows\system32\irovaduk.ini
c:\windows\system32\isekufay.ini
c:\windows\system32\lakwspfw.ini
c:\windows\system32\lpmnxktj.ini
c:\windows\system32\mlijif.dll
c:\windows\system32\mlkkll.dll
c:\windows\system32\mlmkhi.dll
c:\windows\system32\ntnet.drv
c:\windows\system32\okumehob.ini
c:\windows\system32\opebatuj.ini
c:\windows\system32\operabem.ini
c:\windows\system32\owalejon.ini
c:\windows\system32\ozeruruv.ini
c:\windows\system32\ozukoyaw.ini
c:\windows\system32\Process.exe
c:\windows\system32\spool\prtprocs\w32x86\xKUO3o7.dll
c:\windows\system32\spool\prtprocs\w32x86\xy5555.dll
c:\windows\system32\SrchSTS.exe
c:\windows\system32\ssttur.dll
c:\windows\system32\sujobapi.exe
c:\windows\system32\tiocflet.ini
c:\windows\system32\tmp.reg
c:\windows\system32\tsxshrqm.ini
c:\windows\system32\ufiyirog.ini
c:\windows\system32\ugapihij.ini
c:\windows\system32\umoyamuz.ini
c:\windows\system32\urqmoykl.ini
c:\windows\system32\urspol.dll
c:\windows\system32\uzowimok.ini
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
c:\windows\system32\wvwwtq.dll
c:\windows\system32\ystem~1
c:\windows\wiaservv.log

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DRIVER
-------\Legacy_DRIVERDRV
-------\Legacy_PODMENA
-------\Legacy_PODMENADRV
-------\Legacy_TDSSSERV
-------\Service_usbehci


((((((((((((((((((((((((( Files Created from 2010-09-23 to 2010-10-23 )))))))))))))))))))))))))))))))
.

2010-10-23 03:31 . 2010-10-23 03:31 102400 ---ha-w- c:\windows\system32\geeeed.dll
2010-10-22 06:15 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-22 06:15 . 2010-10-22 06:15 -------- d-----w- c:\program files\obtes
2010-10-22 06:15 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-22 05:38 . 2010-10-22 05:38 -------- d-----w- C:\VundoFix Backups
2010-10-22 03:01 . 2010-10-22 03:01 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-10-22 02:47 . 2010-10-22 02:47 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-10-22 02:29 . 2010-10-22 02:29 104448 ---ha-w- c:\windows\system32\byvspo.dll
2010-10-20 11:42 . 2010-10-20 11:42 101888 ---ha-w- c:\windows\system32\dddawu.dll
2010-10-20 10:42 . 2010-10-20 10:42 101888 ---ha-w- c:\windows\system32\qonmjh.dll
2010-10-20 09:42 . 2010-10-20 09:42 101888 ---ha-w- c:\windows\system32\qonnoo.dll
2010-10-20 08:42 . 2010-10-20 08:42 101888 ---ha-w- c:\windows\system32\khijig.dll
2010-10-20 07:42 . 2010-10-20 07:42 101888 ---ha-w- c:\windows\system32\awutss.dll
2010-10-20 06:42 . 2010-10-20 06:42 101888 ---ha-w- c:\windows\system32\xxxwtr.dll
2010-10-20 05:42 . 2010-10-20 05:42 101888 ---ha-w- c:\windows\system32\ssrsrq.dll
2010-10-20 04:42 . 2010-10-20 04:42 101888 ---ha-w- c:\windows\system32\efffef.dll
2010-10-20 03:42 . 2010-10-20 03:42 101888 ---ha-w- c:\windows\system32\efcyyv.dll
2010-10-20 02:42 . 2010-10-20 02:42 101888 ---ha-w- c:\windows\system32\khghij.dll
2010-10-20 01:42 . 2010-10-20 01:42 101888 ---ha-w- c:\windows\system32\nnomml.dll
2010-10-20 00:42 . 2010-10-20 00:42 101888 ---ha-w- c:\windows\system32\nnoono.dll
2010-10-19 23:42 . 2010-10-19 23:42 101888 ---ha-w- c:\windows\system32\jkkihe.dll
2010-10-19 22:32 . 2010-10-19 22:32 101888 ---ha-w- c:\windows\system32\ljifgd.dll
2010-10-19 21:32 . 2010-10-19 21:32 101888 ---ha-w- c:\windows\system32\bywvus.dll
2010-10-19 20:32 . 2010-10-19 20:32 101888 ---ha-w- c:\windows\system32\jkjjig.dll
2010-10-19 19:32 . 2010-10-19 19:32 101888 ---ha-w- c:\windows\system32\vtuspm.dll
2010-10-19 18:32 . 2010-10-19 18:32 101888 ---ha-w- c:\windows\system32\ddayxx.dll
2010-10-19 17:32 . 2010-10-19 17:32 101888 ---ha-w- c:\windows\system32\awuspo.dll
2010-10-19 16:32 . 2010-10-19 16:32 101888 ---ha-w- c:\windows\system32\ddbbaa.dll
2010-10-19 15:32 . 2010-10-19 15:32 101888 ---ha-w- c:\windows\system32\efdbba.dll
2010-10-19 14:32 . 2010-10-19 14:32 101888 ---ha-w- c:\windows\system32\tuvtur.dll
2010-10-19 13:32 . 2010-10-19 13:32 101888 ---ha-w- c:\windows\system32\fcyxxw.dll
2010-10-19 10:32 . 2010-10-19 10:32 122368 ---ha-w- c:\windows\system32\pmnkkh.dll
2010-10-19 04:32 . 2010-10-19 04:32 122368 ---ha-w- c:\windows\system32\vtuusp.dll
2010-10-19 03:32 . 2010-10-19 03:32 122368 ---ha-w- c:\windows\system32\ssroon.dll
2010-10-19 01:45 . 2010-10-19 02:26 -------- d-----w- c:\program files\PC Tools Security
2010-10-18 05:43 . 2010-10-18 05:43 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2010-10-18 05:23 . 2010-10-18 05:23 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}
2010-10-02 03:03 . 2010-10-02 03:03 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-09-30 04:30 . 2010-09-30 04:30 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-09-30 04:30 . 2010-09-30 04:30 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2010-09-30 04:28 . 2010-09-30 04:30 -------- d-----w- c:\program files\SUPERAntiSpyware

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Lnpuxa"="c:\documents and settings\Kashif Raza\Application Data\M?crosoft\?serinit.exe" [?]
"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-08-29 395776]
"DellAutomatedPCTuneUp"="c:\program files\DellAutomatedPCTuneUp\PTAgnt.exe" [2007-10-11 465136]
"Power2GoExpress"="c:\program files\Home Cinema\Power2Go\Power2GoExpress.exe" [2007-05-16 2483760]
"Universal Installer"="c:\program files\ComcastUI\Universal Installer\uinstaller.exe" [2008-03-18 984616]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"eMuleAutoStart"="c:\program files\eMule\emule.exe" [2007-05-13 5308416]
"Kgonuvazijuqum"="c:\windows\dmsyom.dll" [2007-03-08 80896]
"yaawtsaudio"="ddbbaa.dll" [2010-10-19 101888]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingB8461"="command" [X]
"SpybotDeletingD3472"="del" [X]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe" [2009-07-18 257440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-05-02 184320]
"Corel Photo Downloader"="c:\program files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe" [2006-08-14 462336]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 115816]
"osCheck"="c:\program files\Norton Internet Security\osCheck.exe" [2006-09-06 26248]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-07-25 823296]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-07-25 974848]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-09-18 185632]
"ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-29 583048]
"DownloadStudio"="c:\program files\Conceiva\DownloadStudio\DownloadStudioScheduleMonitor.exe" [2008-08-26 156312]
"IObit Security 360"="c:\program files\IObit\IObit Security 360\IS360tray.exe" [2010-06-11 1280344]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-6-15 24576]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2007-09-16 22:10 10792 ----a-w- c:\program files\Citrix\GoToAssist\480\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
"c:\\Program Files\\Home Cinema\\PowerDirector\\PDR.exe"=
"c:\\Program Files\\Joost Plugin\\joostws.exe"=
"c:\\Program Files\\Joost\\xulrunner\\tvprunner.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\DOCUME~1\\KASHIF~1\\LOCALS~1\\Temp\\0.7327281382285458.exe"=

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]
S2 a2AntiMalware;Emsisoft Anti-Malware 5.0 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [10/18/2010 1:43 AM 2909536]
S2 CAMTHWDM;WebcamMax, WDM Video Capture;c:\windows\system32\drivers\CAMTHWDM.sys [9/7/2008 11:39 PM 941784]
S2 COMServer;COMServer;"c:\windows\system32\msapps\comsrvr.exe" s --> c:\windows\system32\msapps\comsrvr.exe [?]
S2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\is360srv.exe [9/5/2010 2:42 PM 312152]
S3 a2acc;a2acc;c:\program files\Emsisoft Anti-Malware\a2accx86.sys [10/18/2010 1:43 AM 72808]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [11/6/2007 4:22 PM 34064]
S3 TridVid;Video Grabber;c:\windows\system32\drivers\tridvid.sys [3/9/2008 1:47 AM 99200]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4b12fa2e-676b-11dc-9963-0019b979615b}]
\Shell\AutoRun\command - wscript.exe .\.vbs
\Shell\open\command - wscript.exe .\.vbs
.
Contents of the 'Scheduled Tasks' folder

2008-10-19 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Kashif Raza.job
- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2006-09-07 05:38]
.
.
------- Supplementary Scan -------
.
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Connection Wizard,ShellNext = hxxp://www.buffalotech.com/wireless/wizard/index.html
uInternet Settings,ProxyServer = http=127.0.0.1:50370
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Kashif Raza\Application Data\Mozilla\Firefox\Profiles\klpu5s4o.default\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 50370
FF - prefs.js: network.proxy.type - 1
FF - plugin: c:\program files\Joost Plugin\npjoost.dll
.
- - - - ORPHANS REMOVED - - - -

BHO-{28272170-BB7E-4188-9885-1BE9AE8B8C74} - (no file)
BHO-{2C606830-3A8C-438F-8531-3C7C64E4D891} - (no file)
BHO-{45E32508-68B2-4B98-B272-B950D2E81CE5} - (no file)
BHO-{62B71F4F-693C-433F-B432-0A47C2E88C17} - c:\windows\system32\mlJYsPFy.dll
BHO-{8de78383-2ef3-4a51-bfb8-8676b122cdfc} - (no file)
BHO-{9D567D4C-83FC-4C6B-B6D4-3141E0AF3B42} - (no file)
BHO-{B378C694-CCE1-4D50-95A9-145ED3FC9544} - (no file)
BHO-{B6A0B0E4-1128-45DC-90BF-12287D54E490} - (no file)
BHO-{B7F473F3-CB81-46BB-A71A-6DA360D8AB62} - (no file)
BHO-{BCA368DC-612D-4567-AE1B-B909C9F9F05F} - (no file)
BHO-{E4C30839-A7C9-4E4B-8ED8-FFF047C9F0CE} - (no file)
BHO-{F4492E17-BC8B-489B-A11E-2FD0E5C95204} - (no file)
BHO-{F63C35B9-A768-42C6-89E8-B88619C9B1D4} - (no file)
HKCU-Run-VnrBlock21 - c:\program files\VnrBlock\VnrBlock21.exe
HKCU-Run-wfdwrsiv - c:\documents and settings\Kashif Raza\Local Settings\Application Data\fagkwssiv\ujhliwetssd.exe
HKCU-Run-csjfhgir - c:\documents and settings\Kashif Raza\Local Settings\Application Data\fstdsmxqd\xeotxvxtssd.exe
HKCU-Run-qtbaqrxa - c:\documents and settings\Kashif Raza\Local Settings\Application Data\cikeskawl\pfkjfxbtssd.exe
HKCU-Run-iihijisys - ssttur.dll
HKCU-Run-ursttqaudio - ddddeb.dll
HKCU-Run-hgfeefaudio - rqpnml.dll
HKCU-Run-hgdaxyaudio - wvwwtq.dll
HKCU-RunOnce-LaunchComcastOnlineInstall - (no file)
HKCU-RunOnce-WSD - c:\docume~1\KASHIF~1\LOCALS~1\Temp\rascsnet.tmp
HKLM-Run-Malwarebytes Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware\mbam.exe
HKLM-Run-jkkljksys - ssttur.dll
HKLM-Run-opqqqqaudio - wvwwtq.dll
HKU-Default-Run-yaxuvtaudio - fcyxwu.dll
HKU-Default-Run-fcbbyasys - ssttur.dll
HKU-Default-Run-wvvuuuaudio - urspol.dll
HKU-Default-Run-hgfebcaudio - wvwwtq.dll
HKU-Default-RunOnce-SGD - c:\windows\TEMP\tazofehu.exe
HKLM-Explorer_Run-KRAZA - .vbe
SharedTaskScheduler-{614d2f26-0871-4567-914d-7207c339e559} - c:\windows\system32\wapajemu.dll
SharedTaskScheduler-{97c1e86f-2078-4fc2-8b85-abcedc7de71b} - c:\windows\system32\bemevoyu.dll
SharedTaskScheduler-{c21cdc52-77df-4c7c-8407-16c47268a413} - c:\windows\system32\ritinezu.dll
SharedTaskScheduler-{4a0c3145-86a8-4e22-ab34-50472fe70dda} - c:\windows\system32\dotipiwu.dll
SharedTaskScheduler-{08176f99-9c07-43f3-a372-cdebf6760d8c} - c:\windows\system32\wepanibe.dll
SharedTaskScheduler-{248cf8d6-ab90-44d9-8ad9-c5b696ae390f} - c:\windows\system32\gabogope.dll
SharedTaskScheduler-{a3bc7b65-c4e4-448c-9854-e6bdd3fe92e3} - c:\windows\system32\mujorebi.dll
SSODL-dazatawih-{614d2f26-0871-4567-914d-7207c339e559} - c:\windows\system32\wapajemu.dll
SSODL-giwatosud-{97c1e86f-2078-4fc2-8b85-abcedc7de71b} - c:\windows\system32\bemevoyu.dll
SSODL-joluzeton-{c21cdc52-77df-4c7c-8407-16c47268a413} - c:\windows\system32\ritinezu.dll
SSODL-nisesideg-{4a0c3145-86a8-4e22-ab34-50472fe70dda} - c:\windows\system32\dotipiwu.dll
SSODL-dopupavaw-{08176f99-9c07-43f3-a372-cdebf6760d8c} - c:\windows\system32\wepanibe.dll
SSODL-pategomaw-{248cf8d6-ab90-44d9-8ad9-c5b696ae390f} - c:\windows\system32\gabogope.dll
SSODL-powevugul-{a3bc7b65-c4e4-448c-9854-e6bdd3fe92e3} - c:\windows\system32\mujorebi.dll
SafeBoot-TDSSmqlt.sys
AddRemove-Advanced Archive Password Recovery - c:\documents and settings\Kashif Raza\Desktop\Advanced Archive Password Recovery\uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-23 00:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A948446]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf763bfc3
\Driver\ACPI -> ACPI.sys @ 0xf75aecb8
\Driver\atapi -> atapi.sys @ 0xf74a07b4
IoDeviceObjectType -> ParseProcedure -> ntoskrnl.exe @ 0x8057d886
\Device\Harddisk0\DR0 -> ParseProcedure -> ntoskrnl.exe @ 0x8057d886
NDIS: Broadcom 440x 10/100 Integrated Controller -> SendCompleteHandler -> NDIS.sys @ 0xf7424ba0
PacketIndicateHandler -> NDIS.sys @ 0xf7413a0b
SendHandler -> NDIS.sys @ 0xf7427b31
user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1318334319-2979968734-2655777505-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1b,bb,85,3d,69,b2,11,42,8e,8c,3c,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1b,bb,85,3d,69,b2,11,42,8e,8c,3c,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(860)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\Ati2evxx.dll
c:\program files\Citrix\GoToAssist\480\G2AWinLogon.dll

- - - - - - - > 'winlogon.exe'(1864)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\Ati2evxx.dll
c:\program files\Citrix\GoToAssist\480\G2AWinLogon.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\taskmgr.exe
c:\program files\Citrix\GoToAssist\480\G2AProcessFactory.exe
c:\documents and settings\Kashif Raza\Application Data\Microsoft\Windows\shell.exe
c:\documents and settings\Kashif Raza\Application Data\Microsoft\svchost.exe
c:\docume~1\KASHIF~1\LOCALS~1\Temp\dwm.exe
.
**************************************************************************
.
Completion time: 2010-10-23 00:51:18 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-23 04:51

Pre-Run: 5,238,366,208 bytes free
Post-Run: 5,198,868,480 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

Current=2 Default=2 Failed=3 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 4B08F281626AECBAE8D4F3D908BB2FC7


Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo



#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:11 PM

Posted 23 October 2010 - 01:18 AM

Hello

It looks like the rootkit is still active. I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 plhelp

plhelp
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:11 AM

Posted 23 October 2010 - 01:39 AM

I ran TDSSKiller and here is the log.

2010/10/23 01:55:14.0687 TDSS rootkit removing tool 2.4.4.0 Oct 4 2010 09:06:59
2010/10/23 01:55:14.0687 ================================================================================
2010/10/23 01:55:14.0687 SystemInfo:
2010/10/23 01:55:14.0687
2010/10/23 01:55:14.0687 OS Version: 5.1.2600 ServicePack: 2.0
2010/10/23 01:55:14.0687 Product type: Workstation
2010/10/23 01:55:14.0687 ComputerName: KRAZA
2010/10/23 01:55:14.0687 UserName: Administrator
2010/10/23 01:55:14.0687 Windows directory: C:\WINDOWS
2010/10/23 01:55:14.0687 System windows directory: C:\WINDOWS
2010/10/23 01:55:14.0687 Processor architecture: Intel x86
2010/10/23 01:55:14.0687 Number of processors: 2
2010/10/23 01:55:14.0687 Page size: 0x1000
2010/10/23 01:55:14.0687 Boot type: Safe boot with network
2010/10/23 01:55:14.0687 ================================================================================
2010/10/23 01:55:15.0265 Initialize success
2010/10/23 01:55:20.0000 ================================================================================
2010/10/23 01:55:20.0000 Scan started
2010/10/23 01:55:20.0000 Mode: Manual;
2010/10/23 01:55:20.0000 ================================================================================
2010/10/23 01:55:24.0015 a2acc (2d1e1a70041319338035c3df51bfd200) C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys
2010/10/23 01:55:24.0312 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2010/10/23 01:55:24.0421 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/10/23 01:55:24.0609 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/10/23 01:55:24.0671 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2010/10/23 01:55:24.0750 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
2010/10/23 01:55:24.0968 AegisP (a1ad1a4a9f18d900ca9c93fa3efdcb56) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2010/10/23 01:55:25.0140 AFD (944ca435bfcfc82cc1ed9e3a7d731aa9) C:\WINDOWS\System32\drivers\afd.sys
2010/10/23 01:55:25.0203 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys
2010/10/23 01:55:25.0390 agpCPQ (67288b07d6aba6c1267b626e67bc56fd) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2010/10/23 01:55:25.0437 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2010/10/23 01:55:25.0531 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2010/10/23 01:55:25.0593 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2010/10/23 01:55:25.0671 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2010/10/23 01:55:25.0875 alim1541 (f312b7cef21eff52fa23056b9d815fad) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2010/10/23 01:55:25.0921 amdagp (675c16a3c1f8482f85ee4a97fc0dde3d) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2010/10/23 01:55:25.0968 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2010/10/23 01:55:26.0062 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
2010/10/23 01:55:26.0312 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/10/23 01:55:26.0375 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2010/10/23 01:55:26.0421 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2010/10/23 01:55:26.0484 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2010/10/23 01:55:26.0750 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/10/23 01:55:26.0828 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/10/23 01:55:27.0031 ati2mtag (2573c08729dd52b7b4f18df1592e0b37) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2010/10/23 01:55:27.0296 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/10/23 01:55:27.0375 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/10/23 01:55:27.0453 bcm4sbxp (6489310d11971f6ba6c7f49be0baf6e0) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
2010/10/23 01:55:27.0625 BUFADPT (ea6e259775163b7f2174dc7794abe241) C:\WINDOWS\system32\BUFADPT.SYS
2010/10/23 01:55:27.0875 BVRPMPR5 (18e0f9c1e7ec4aae40b3f67eab0aee99) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
2010/10/23 01:55:27.0968 CAMTHWDM (09d6e1a2de692f4460dbb9fa64b2c615) C:\WINDOWS\system32\DRIVERS\CAMTHWDM.sys
2010/10/23 01:55:28.0281 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2010/10/23 01:55:28.0312 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/10/23 01:55:28.0406 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/10/23 01:55:28.0484 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2010/10/23 01:55:28.0578 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/10/23 01:55:28.0765 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/10/23 01:55:28.0875 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/10/23 01:55:29.0062 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2010/10/23 01:55:29.0234 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2010/10/23 01:55:29.0343 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/10/23 01:55:29.0484 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2010/10/23 01:55:29.0687 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2010/10/23 01:55:29.0765 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2010/10/23 01:55:29.0828 datunidr (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\datunidr.sys
2010/10/23 01:55:29.0968 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/10/23 01:55:30.0218 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2010/10/23 01:55:30.0500 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
2010/10/23 01:55:30.0562 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/10/23 01:55:30.0656 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2010/10/23 01:55:30.0875 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2010/10/23 01:55:30.0937 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/10/23 01:55:31.0031 drvmcdb (e814854e6b246ccf498874839ab64d77) C:\WINDOWS\system32\drivers\drvmcdb.sys
2010/10/23 01:55:31.0265 drvnddm (ee83a4ebae70bc93cf14879d062f548b) C:\WINDOWS\system32\drivers\drvnddm.sys
2010/10/23 01:55:31.0437 DSproct (2ac2372ffad9adc85672cc8e8ae14be9) C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys
2010/10/23 01:55:31.0640 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2010/10/23 01:55:31.0812 eeCtrl (31c959319ef45b548d2111e338412270) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2010/10/23 01:55:32.0109 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/10/23 01:55:32.0203 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/10/23 01:55:32.0312 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2010/10/23 01:55:32.0531 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/10/23 01:55:32.0625 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2010/10/23 01:55:32.0687 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/10/23 01:55:32.0937 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/10/23 01:55:33.0015 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/10/23 01:55:33.0109 HDAudBus (e31363d186b3e1d7c4e9117884a6aee5) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/10/23 01:55:33.0328 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2010/10/23 01:55:33.0406 HSFHWAZL (1c8caa80e91fb71864e9426f9eed048d) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
2010/10/23 01:55:33.0484 HSF_DPV (698204d9c2832e53633e53a30a53fc3d) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
2010/10/23 01:55:33.0734 HTTP (cb77bb47e67e84deb17ba29632501730) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/10/23 01:55:33.0953 i2omgmt (8f09f91b5c91363b77bcd15599570f2c) C:\WINDOWS\system32\drivers\i2omgmt.sys
2010/10/23 01:55:34.0000 i2omp (ed6bf9e441fdea13292a6d30a64a24c3) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2010/10/23 01:55:34.0109 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/10/23 01:55:34.0187 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/10/23 01:55:34.0437 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2010/10/23 01:55:34.0500 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/10/23 01:55:34.0578 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/10/23 01:55:34.0640 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2010/10/23 01:55:34.0703 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/10/23 01:55:34.0984 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/10/23 01:55:35.0062 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/10/23 01:55:35.0156 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/10/23 01:55:35.0375 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/10/23 01:55:35.0484 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/10/23 01:55:35.0578 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/10/23 01:55:35.0796 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
2010/10/23 01:55:35.0921 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/10/23 01:55:36.0187 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2010/10/23 01:55:36.0421 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/10/23 01:55:36.0500 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2010/10/23 01:55:36.0593 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/10/23 01:55:36.0671 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/10/23 01:55:36.0859 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2010/10/23 01:55:36.0953 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/10/23 01:55:37.0109 MRxSmb (025af03ce51645c62f3b6907a7e2be5e) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/10/23 01:55:37.0359 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2010/10/23 01:55:37.0453 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/10/23 01:55:37.0500 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/10/23 01:55:37.0562 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/10/23 01:55:37.0765 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/10/23 01:55:37.0843 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/10/23 01:55:37.0953 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2010/10/23 01:55:38.0140 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/10/23 01:55:38.0375 NAVENG (a6f5ab84104412cd9742e7ee942ea08d) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20071107.018\NAVENG.SYS
2010/10/23 01:55:38.0453 NAVEX15 (c8069bf95363a58441cb33e4b989dd4f) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20071107.018\NAVEX15.SYS
2010/10/23 01:55:38.0734 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2010/10/23 01:55:38.0843 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/10/23 01:55:39.0000 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/10/23 01:55:39.0078 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/10/23 01:55:39.0125 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/10/23 01:55:39.0187 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/10/23 01:55:39.0281 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/10/23 01:55:39.0546 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/10/23 01:55:39.0781 NETw3x32 (71371ed9086a3d65f43967c89634e9a9) C:\WINDOWS\system32\DRIVERS\NETw3x32.sys
2010/10/23 01:55:40.0125 NETw4x32 (b5ab1108b377b5f3d37409fabda01453) C:\WINDOWS\system32\DRIVERS\NETw4x32.sys
2010/10/23 01:55:40.0375 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/10/23 01:55:40.0468 nm (60cf8c7192b3614f240838ddbaa4a245) C:\WINDOWS\system32\DRIVERS\NMnt.sys
2010/10/23 01:55:40.0531 NPF (6623e51595c0076755c29c00846c4eb2) C:\WINDOWS\system32\drivers\npf.sys
2010/10/23 01:55:40.0609 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2010/10/23 01:55:40.0843 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/10/23 01:55:41.0078 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/10/23 01:55:41.0203 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/10/23 01:55:41.0453 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/10/23 01:55:41.0515 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/10/23 01:55:41.0625 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/10/23 01:55:41.0703 omci (b17228142cec9b3c222239fd935a37ca) C:\WINDOWS\system32\DRIVERS\omci.sys
2010/10/23 01:55:41.0921 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/10/23 01:55:42.0000 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/10/23 01:55:42.0046 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/10/23 01:55:42.0156 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/10/23 01:55:42.0421 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/10/23 01:55:42.0500 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/10/23 01:55:42.0781 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2010/10/23 01:55:42.0984 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2010/10/23 01:55:43.0171 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/10/23 01:55:43.0218 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/10/23 01:55:43.0281 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/10/23 01:55:43.0468 PTproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellAutomatedPCTuneUp\GTAction\triggers\PTproct.sys
2010/10/23 01:55:43.0703 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/10/23 01:55:43.0765 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2010/10/23 01:55:43.0843 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2010/10/23 01:55:43.0906 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2010/10/23 01:55:44.0109 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2010/10/23 01:55:44.0171 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2010/10/23 01:55:44.0234 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/10/23 01:55:44.0484 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/10/23 01:55:44.0531 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/10/23 01:55:44.0593 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/10/23 01:55:44.0718 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/10/23 01:55:44.0781 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/10/23 01:55:45.0015 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/10/23 01:55:45.0109 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/10/23 01:55:45.0218 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/10/23 01:55:45.0500 rimmptsk (24ed7af20651f9fa1f249482e7c1f165) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
2010/10/23 01:55:45.0546 rimsptsk (1bdba2d2d402415a78a4ba766dfe0f7b) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
2010/10/23 01:55:45.0625 rismxdp (f774ecd11a064f0debb2d4395418153c) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
2010/10/23 01:55:45.0984 s24trans (eadfb87f911a7a75d1b80617f92901e8) C:\WINDOWS\system32\DRIVERS\s24trans.sys
2010/10/23 01:55:46.0125 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2010/10/23 01:55:46.0171 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2010/10/23 01:55:46.0296 sdbus (02fc71b020ec8700ee8a46c58bc6f276) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2010/10/23 01:55:46.0500 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/10/23 01:55:46.0593 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/10/23 01:55:46.0703 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/10/23 01:55:46.0890 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/10/23 01:55:47.0046 sisagp (732d859b286da692119f286b21a2a114) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2010/10/23 01:55:47.0125 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/10/23 01:55:47.0359 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
2010/10/23 01:55:47.0421 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2010/10/23 01:55:47.0640 SPBBCDrv (cdea9a0a0e547fef4c44ccae35a9b09c) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
2010/10/23 01:55:47.0843 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
2010/10/23 01:55:48.0000 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/10/23 01:55:48.0125 SRTSP (655773f2f1a3730c6cf20280a49f4ee1) C:\WINDOWS\system32\Drivers\SRTSP.SYS
2010/10/23 01:55:48.0328 SRTSPL (2a0aaf370d4c6574a34ae2f4a0709cae) C:\WINDOWS\system32\Drivers\SRTSPL.SYS
2010/10/23 01:55:48.0562 SRTSPX (3104bdceace2d5710776dd05e6a286c1) C:\WINDOWS\system32\Drivers\SRTSPX.SYS
2010/10/23 01:55:48.0640 Srv (ea554a3ffc3f536fe8320eb38f5e4843) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/10/23 01:55:48.0875 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys
2010/10/23 01:55:48.0953 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys
2010/10/23 01:55:49.0078 STHDA (3ad78e22210d3fbd9f76de84a8df19b5) C:\WINDOWS\system32\drivers\sthda.sys
2010/10/23 01:55:49.0328 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/10/23 01:55:49.0390 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/10/23 01:55:49.0484 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2010/10/23 01:55:49.0593 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2010/10/23 01:55:49.0781 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2010/10/23 01:55:49.0859 SYMDNS (1d8fb1e5d6859d38e3ebca5febc6839f) C:\WINDOWS\System32\Drivers\SYMDNS.SYS
2010/10/23 01:55:49.0937 SymEvent (9e4188476848b2ef86f9c44d5164e724) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
2010/10/23 01:55:50.0109 SYMFW (91fcddf2cbaf898126ae7dfa5ce570ed) C:\WINDOWS\System32\Drivers\SYMFW.SYS
2010/10/23 01:55:50.0171 SYMIDS (9584e278787ad65e82eec5694f77cb54) C:\WINDOWS\System32\Drivers\SYMIDS.SYS
2010/10/23 01:55:50.0343 SYMIDSCO (5ea7a6b3f5bcfe67097f059aa36ddf60) C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20071106.002\SymIDSCo.sys
2010/10/23 01:55:50.0531 SYMNDIS (ceadd29bd10fe8775775e5707790dd6c) C:\WINDOWS\System32\Drivers\SYMNDIS.SYS
2010/10/23 01:55:50.0578 SYMREDRV (9181892e5af5df8d2ac3d9d2cea48afd) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
2010/10/23 01:55:50.0718 SYMTDI (d539f317e6caaa4e08911a84c2180938) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
2010/10/23 01:55:50.0921 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2010/10/23 01:55:50.0968 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2010/10/23 01:55:51.0093 SynTP (fa2daa32bed908023272a0f77d625dae) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2010/10/23 01:55:51.0171 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/10/23 01:55:51.0484 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/10/23 01:55:51.0546 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/10/23 01:55:51.0750 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/10/23 01:55:51.0843 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/10/23 01:55:51.0921 tfsnboio (30698355067d07da5f9eb81132c9fdd6) C:\WINDOWS\system32\dla\tfsnboio.sys
2010/10/23 01:55:52.0062 tfsncofs (fb9d825bb4a2abdf24600f7505050e2b) C:\WINDOWS\system32\dla\tfsncofs.sys
2010/10/23 01:55:52.0140 tfsndrct (cafd8cca11aa1e8b6d2ea1ba8f70ec33) C:\WINDOWS\system32\dla\tfsndrct.sys
2010/10/23 01:55:52.0218 tfsndres (8db1e78fbf7c426d8ec3d8f1a33d6485) C:\WINDOWS\system32\dla\tfsndres.sys
2010/10/23 01:55:52.0250 tfsnifs (b92f67a71cc8176f331b8aa8d9f555ad) C:\WINDOWS\system32\dla\tfsnifs.sys
2010/10/23 01:55:52.0312 tfsnopio (85985faa9a71e2358fcc2edefc2a3c5c) C:\WINDOWS\system32\dla\tfsnopio.sys
2010/10/23 01:55:52.0359 tfsnpool (bba22094f0f7c210567efdaf11f64495) C:\WINDOWS\system32\dla\tfsnpool.sys
2010/10/23 01:55:52.0421 tfsnudf (81340bef80b9811e98ce64611e67e3ff) C:\WINDOWS\system32\dla\tfsnudf.sys
2010/10/23 01:55:52.0484 tfsnudfa (c035fd116224ccc8325f384776b6a8bb) C:\WINDOWS\system32\dla\tfsnudfa.sys
2010/10/23 01:55:52.0593 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2010/10/23 01:55:52.0656 TridVid (b58e17ec1a91a3753d56c03bc2d5f8e2) C:\WINDOWS\system32\DRIVERS\TridVid.sys
2010/10/23 01:55:52.0765 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2010/10/23 01:55:52.0984 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2010/10/23 01:55:53.0078 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys
2010/10/23 01:55:53.0343 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/10/23 01:55:53.0406 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/10/23 01:55:53.0468 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/10/23 01:55:53.0546 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2010/10/23 01:55:53.0765 viaagp (d92e7c8a30cfd14d8e15b5f7f032151b) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2010/10/23 01:55:53.0843 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys
2010/10/23 01:55:53.0921 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/10/23 01:55:54.0062 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/10/23 01:55:54.0328 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/10/23 01:55:54.0468 winachsf (74cf3f2e4e40c4a2e18d39d6300a5c24) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2010/10/23 01:55:54.0937 WmiAcpi (ae2c8544e747c20062db27456ea2d67a) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2010/10/23 01:55:55.0046 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2010/10/23 01:55:55.0125 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/10/23 01:55:55.0328 \HardDisk0\MBR - detected Rootkit.Win32.TDSS.tdl4 (0)
2010/10/23 01:55:55.0343 ================================================================================
2010/10/23 01:55:55.0343 Scan finished
2010/10/23 01:55:55.0343 ================================================================================
2010/10/23 01:55:55.0406 Detected object count: 1
2010/10/23 01:56:16.0406 \HardDisk0\MBR - will be cured after reboot
2010/10/23 01:56:16.0406 Rootkit.Win32.TDSS.tdl4(\HardDisk0\MBR) - User select action: Cure
2010/10/23 01:59:43.0390 Deinitialize success


Hello

It looks like the rootkit is still active. I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo



#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:11 PM

Posted 23 October 2010 - 01:58 AM

Greetings

Good That cleaned up some bad guys but I see some other stuff that we need to go after, so I want you to run this custom script for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

File::
c:\windows\system32\byvspo.dll
c:\windows\system32\dddawu.dll
c:\windows\system32\qonmjh.dll
c:\windows\system32\qonnoo.dll
c:\windows\system32\khijig.dll
c:\windows\system32\awutss.dll
c:\windows\system32\xxxwtr.dll
c:\windows\system32\ssrsrq.dll
c:\windows\system32\efffef.dll
c:\windows\system32\efcyyv.dll
c:\windows\system32\khghij.dll
c:\windows\system32\nnomml.dll
c:\windows\system32\nnoono.dll
c:\windows\system32\jkkihe.dll
c:\windows\system32\ljifgd.dll
c:\windows\system32\bywvus.dll
c:\windows\system32\jkjjig.dll
c:\windows\system32\vtuspm.dll
c:\windows\system32\ddayxx.dll
c:\windows\system32\awuspo.dll
c:\windows\system32\ddbbaa.dll
c:\windows\system32\efdbba.dll
c:\windows\system32\tuvtur.dll
c:\windows\system32\fcyxxw.dll
c:\windows\system32\pmnkkh.dll
c:\windows\system32\vtuusp.dll
c:\windows\system32\ssroon.dll
c:\windows\system32\geeeed.dll
c:\documents and settings\Kashif Raza\Application Data\Microsoft\Windows\shell.exe
c:\documents and settings\Kashif Raza\Application Data\Microsoft\svchost.exe

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"yaawtsaudio"=-

Driver::
COMServer

DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:50370
uInternet Settings,ProxyOverride = <local>

RegLock::
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]


Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Download and run OTL
Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized we don't need this report
  • Please post the contents of OTListIt.txt in your next reply.



"information and logs"

  • In your next post I need the following

  • report from Combofix
  • OTListit report
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 plhelp

plhelp
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:11 AM

Posted 23 October 2010 - 02:33 AM

I ran them both. First combofix then OTL. here are logs.
First combofix log.

ComboFix 10-10-22.04 - Administrator 10/23/2010 2:34.2.2 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1812 [GMT -4:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: Emsisoft Anti-Malware *On-access scanning disabled* (Outdated) {0F8591BB-342B-4493-91C3-4E948ED21255}
AV: Norton Internet Security *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

FILE ::
"c:\documents and settings\Kashif Raza\Application Data\Microsoft\svchost.exe"
"c:\documents and settings\Kashif Raza\Application Data\Microsoft\Windows\shell.exe"
"c:\windows\system32\awuspo.dll"
"c:\windows\system32\awutss.dll"
"c:\windows\system32\byvspo.dll"
"c:\windows\system32\bywvus.dll"
"c:\windows\system32\ddayxx.dll"
"c:\windows\system32\ddbbaa.dll"
"c:\windows\system32\dddawu.dll"
"c:\windows\system32\efcyyv.dll"
"c:\windows\system32\efdbba.dll"
"c:\windows\system32\efffef.dll"
"c:\windows\system32\fcyxxw.dll"
"c:\windows\system32\geeeed.dll"
"c:\windows\system32\jkjjig.dll"
"c:\windows\system32\jkkihe.dll"
"c:\windows\system32\khghij.dll"
"c:\windows\system32\khijig.dll"
"c:\windows\system32\ljifgd.dll"
"c:\windows\system32\nnomml.dll"
"c:\windows\system32\nnoono.dll"
"c:\windows\system32\pmnkkh.dll"
"c:\windows\system32\qonmjh.dll"
"c:\windows\system32\qonnoo.dll"
"c:\windows\system32\ssroon.dll"
"c:\windows\system32\ssrsrq.dll"
"c:\windows\system32\tuvtur.dll"
"c:\windows\system32\vtuspm.dll"
"c:\windows\system32\vtuusp.dll"
"c:\windows\system32\xxxwtr.dll"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Kashif Raza\Application Data\64dlls.exe
c:\documents and settings\Kashif Raza\Application Data\intel64.exe
c:\documents and settings\Kashif Raza\Application Data\Kernel32.exe
c:\documents and settings\Kashif Raza\Application Data\localsys64.exe
c:\documents and settings\Kashif Raza\Application Data\ntos.exe
c:\documents and settings\Kashif Raza\Application Data\oembios.exe
c:\documents and settings\Kashif Raza\Application Data\sdra64.exe
c:\documents and settings\Kashif Raza\Application Data\sdra73.exe
c:\documents and settings\Kashif Raza\Application Data\swin32.exe
c:\documents and settings\Kashif Raza\Application Data\twex.exe
c:\documents and settings\Kashif Raza\Application Data\twext.exe
c:\documents and settings\Kashif Raza\Application Data\wsnpoema.exe
c:\windows\system32\awuspo.dll
c:\windows\system32\awutss.dll
c:\windows\system32\byvspo.dll
c:\windows\system32\bywvus.dll
c:\windows\system32\ddayxx.dll
c:\windows\system32\ddbbaa.dll
c:\windows\system32\dddawu.dll
c:\windows\system32\efcyyv.dll
c:\windows\system32\efdbba.dll
c:\windows\system32\efffef.dll
c:\windows\system32\fcyxxw.dll
c:\windows\system32\geeeed.dll
c:\windows\system32\jkjjig.dll
c:\windows\system32\jkkihe.dll
c:\windows\system32\khghij.dll
c:\windows\system32\khijig.dll
c:\windows\system32\ljifgd.dll
c:\windows\system32\nnomml.dll
c:\windows\system32\nnoono.dll
c:\windows\system32\pmnkkh.dll
c:\windows\system32\qonmjh.dll
c:\windows\system32\qonnoo.dll
c:\windows\system32\ssroon.dll
c:\windows\system32\ssrsrq.dll
c:\windows\system32\tuvtur.dll
c:\windows\system32\vtuspm.dll
c:\windows\system32\vtuusp.dll
c:\windows\system32\xxxwtr.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_COMSERVER
-------\Service_COMServer


((((((((((((((((((((((((( Files Created from 2010-09-23 to 2010-10-23 )))))))))))))))))))))))))))))))
.

2010-10-23 05:43 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-23 05:43 . 2010-10-23 05:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-23 05:43 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-22 05:38 . 2010-10-22 05:38 -------- d-----w- C:\VundoFix Backups
2010-10-22 03:01 . 2010-10-22 03:01 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-10-22 02:47 . 2010-10-22 02:47 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-10-19 01:45 . 2010-10-19 02:26 -------- d-----w- c:\program files\PC Tools Security
2010-10-18 05:43 . 2010-10-18 05:43 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2010-10-18 05:23 . 2010-10-18 05:23 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}
2010-10-02 03:03 . 2010-10-02 03:03 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-09-30 04:30 . 2010-09-30 04:30 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-09-30 04:30 . 2010-09-30 04:30 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2010-09-30 04:28 . 2010-09-30 04:30 -------- d-----w- c:\program files\SUPERAntiSpyware

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((( SnapShot@2010-10-23_04.45.51 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-08-11 22:00 . 2010-10-23 06:37 53436 c:\windows\system32\perfc009.dat
- 2004-08-11 22:00 . 2010-10-23 04:46 53436 c:\windows\system32\perfc009.dat
+ 2004-08-11 22:00 . 2010-10-23 06:37 381692 c:\windows\system32\perfh009.dat
- 2004-08-11 22:00 . 2010-10-23 04:46 381692 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-08-29 395776]
"DellAutomatedPCTuneUp"="c:\program files\DellAutomatedPCTuneUp\PTAgnt.exe" [2007-10-11 465136]
"Eraser"="c:\program files\Eraser\eraser.exe" [2009-06-10 334224]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-09-10 2424560]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingB8515"="command" [X]
"SpybotDeletingD508"="del" [X]
"SpybotDeletingD1638"="del" [X]
"SpybotDeletingD6103"="del" [X]
"SpybotDeletingD5058"="del" [X]
"SpybotDeletingD3294"="del" [X]
"SpybotDeletingD584"="del" [X]
"SpybotDeletingD6145"="del" [X]
"SpybotDeletingD7565"="del" [X]
"SpybotDeletingD3357"="del" [X]
"SpybotDeletingD5605"="del" [X]
"SpybotDeletingD6599"="del" [X]
"SpybotDeletingD7301"="del" [X]
"SpybotDeletingD4710"="del" [X]
"SpybotDeletingD3032"="del" [X]
"SpybotDeletingD4846"="del" [X]
"SpybotDeletingD5516"="del" [X]
"SpybotDeletingD4358"="del" [X]
"SpybotDeletingD9605"="del" [X]
"SpybotDeletingD2431"="del" [X]
"SpybotDeletingD3731"="del" [X]
"SpybotDeletingD8015"="del" [X]
"SpybotDeletingD5376"="del" [X]
"SpybotDeletingD2751"="del" [X]
"SpybotDeletingD5822"="del" [X]
"SpybotDeletingD6416"="del" [X]
"SpybotDeletingD7129"="del" [X]
"SpybotDeletingD3470"="del" [X]
"SpybotDeletingD793"="del" [X]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe" [2009-07-18 257440]
"SpybotDeletingB6028"="command.com" [2004-08-04 50620]
"SpybotDeletingB2164"="command.com" [2004-08-04 50620]
"SpybotDeletingB9394"="command.com" [2004-08-04 50620]
"SpybotDeletingB587"="command.com" [2004-08-04 50620]
"SpybotDeletingB3764"="command.com" [2004-08-04 50620]
"SpybotDeletingB7874"="command.com" [2004-08-04 50620]
"SpybotDeletingB7373"="command.com" [2004-08-04 50620]
"SpybotDeletingB8151"="command.com" [2004-08-04 50620]
"SpybotDeletingB1925"="command.com" [2004-08-04 50620]
"SpybotDeletingB8534"="command.com" [2004-08-04 50620]
"SpybotDeletingB9549"="command.com" [2004-08-04 50620]
"SpybotDeletingB4467"="command.com" [2004-08-04 50620]
"SpybotDeletingB2529"="command.com" [2004-08-04 50620]
"SpybotDeletingB6041"="command.com" [2004-08-04 50620]
"SpybotDeletingB4533"="command.com" [2004-08-04 50620]
"SpybotDeletingB6867"="command.com" [2004-08-04 50620]
"SpybotDeletingB8381"="command.com" [2004-08-04 50620]
"SpybotDeletingB7377"="command.com" [2004-08-04 50620]
"SpybotDeletingB8285"="command.com" [2004-08-04 50620]
"SpybotDeletingB8211"="command.com" [2004-08-04 50620]
"SpybotDeletingB549"="command.com" [2004-08-04 50620]
"SpybotDeletingB8249"="command.com" [2004-08-04 50620]
"SpybotDeletingB3928"="command.com" [2004-08-04 50620]
"SpybotDeletingB9467"="command.com" [2004-08-04 50620]
"SpybotDeletingB1904"="command.com" [2004-08-04 50620]
"SpybotDeletingB875"="command.com" [2004-08-04 50620]
"SpybotDeletingB5420"="command.com" [2004-08-04 50620]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-05-02 184320]
"Corel Photo Downloader"="c:\program files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe" [2006-08-14 462336]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 115816]
"osCheck"="c:\program files\Norton Internet Security\osCheck.exe" [2006-09-06 26248]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-07-25 823296]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-07-25 974848]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-09-18 185632]
"ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-29 583048]
"DownloadStudio"="c:\program files\Conceiva\DownloadStudio\DownloadStudioScheduleMonitor.exe" [2008-08-26 156312]
"IObit Security 360"="c:\program files\IObit\IObit Security 360\IS360tray.exe" [2010-06-11 1280344]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-6-15 24576]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2007-09-16 22:10 10792 ----a-w- c:\program files\Citrix\GoToAssist\480\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
"c:\\Program Files\\Home Cinema\\PowerDirector\\PDR.exe"=
"c:\\Program Files\\Joost Plugin\\joostws.exe"=
"c:\\Program Files\\Joost\\xulrunner\\tvprunner.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]
S2 a2AntiMalware;Emsisoft Anti-Malware 5.0 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [10/18/2010 1:43 AM 2909536]
S2 CAMTHWDM;WebcamMax, WDM Video Capture;c:\windows\system32\drivers\CAMTHWDM.sys [9/7/2008 11:39 PM 941784]
S2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\is360srv.exe [9/5/2010 2:42 PM 312152]
S3 a2acc;a2acc;c:\program files\Emsisoft Anti-Malware\a2accx86.sys [10/18/2010 1:43 AM 72808]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [11/6/2007 4:22 PM 34064]
S3 TridVid;Video Grabber;c:\windows\system32\drivers\tridvid.sys [3/9/2008 1:47 AM 99200]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST
.
Contents of the 'Scheduled Tasks' folder

2008-10-19 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Kashif Raza.job
- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2006-09-07 05:38]
.
.
------- Supplementary Scan -------
.
mWindow Title = Windows Internet Explorer provided by Comcast
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-23 02:41
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1318334319-2979968734-2655777505-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1b,bb,85,3d,69,b2,11,42,8e,8c,3c,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1b,bb,85,3d,69,b2,11,42,8e,8c,3c,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(856)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\Ati2evxx.dll
c:\program files\Citrix\GoToAssist\480\G2AWinLogon.dll
.
Completion time: 2010-10-23 02:44:56 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-23 06:44
ComboFix2.txt 2010-10-23 04:51

Pre-Run: 5,107,216,384 bytes free
Post-Run: 5,157,584,896 bytes free

Current=2 Default=2 Failed=3 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 290DC284BECB7B55433D6CB27658F546

Now OTL log.

OTL logfile created on: 10/23/2010 2:51:05 AM - Run 1
OTL by OldTimer - Version 3.2.16.0 Folder = C:\Documents and Settings\Administrator\My Documents\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 83.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 143.99 Gb Total Space | 4.84 Gb Free Space | 3.36% Space Free | Partition Type: NTFS

Computer Name: KRAZA | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Administrator\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Administrator\My Documents\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found
SRV - (a2AntiMalware) -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe (Emsi Software GmbH)
SRV - (IS360service) -- C:\Program Files\IObit\IObit Security 360\is360srv.exe (IObit)
SRV - (spupdsvc) -- C:\WINDOWS\system32\spupdsvc.exe (Microsoft Corporation)
SRV - (Symantec Core LC) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()
SRV - (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (LiveUpdate Notice Service) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies)
SRV - (GoToAssist) -- C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (DellAMBrokerService) -- C:\Program Files\DellAutomatedPCTuneUp\brkrsvc.exe ()
SRV - (EvtEng) Intel® -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
SRV - (WLANKEEPER) Intel® -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel® Corporation)
SRV - (S24EventMonitor) Intel® -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
SRV - (RegSrvc) Intel® -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
SRV - (LiveUpdate Notice Ex) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (CLTNetCnService) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ISPwdSvc) -- C:\Program Files\Norton Internet Security\isPwdSvc.exe (Symantec Corporation)
SRV - (comHost) -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe (Symantec Corporation)
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE (Symantec Corporation)
SRV - (Automatic LiveUpdate Scheduler) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)
SRV - (SymAppCore) -- C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe (Symantec Corporation)


========== Driver Services (SafeList) ==========

DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (a2acc) -- C:\Program Files\Emsisoft Anti-Malware\a2accx86.sys (Emsi Software GmbH)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (CAMTHWDM) -- C:\WINDOWS\system32\drivers\CAMTHWDM.sys ()
DRV - (SRTSPL) -- C:\WINDOWS\system32\drivers\srtspl.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\WINDOWS\system32\drivers\srtsp.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\WINDOWS\system32\drivers\srtspx.sys (Symantec Corporation)
DRV - (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies)
DRV - (SYMIDSCO) -- C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\20071106.002\SymIDSCo.sys (Symantec Corporation)
DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMREDRV) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (SYMIDS) -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS (Symantec Corporation)
DRV - (SYMNDIS) -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS (Symantec Corporation)
DRV - (SYMFW) -- C:\WINDOWS\System32\Drivers\SYMFW.SYS (Symantec Corporation)
DRV - (SYMDNS) -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (datunidr) -- C:\WINDOWS\system32\drivers\datunidr.sys (Gteko Ltd.)
DRV - (NETw4x32) Intel® -- C:\WINDOWS\system32\drivers\NETw4x32.sys (Intel Corporation)
DRV - (NAVEX15) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071107.018\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071107.018\NAVENG.SYS (Symantec Corporation)
DRV - (TridVid) -- C:\WINDOWS\system32\drivers\tridvid.sys (10moons)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (BUFADPT) -- C:\WINDOWS\system32\BUFADPT.SYS (BUFFALO INC.)
DRV - (NETw3x32) Intel® -- C:\WINDOWS\system32\drivers\NETw3x32.sys (IntelŪ Corporation)
DRV - (BVRPMPR5) -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS (BVRP Software)
DRV - (PTproct) -- C:\Program Files\DellAutomatedPCTuneUp\GTAction\triggers\PTproct.sys (Gteko Ltd.)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (DSproct) -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys (GTek Technologies Ltd.)
DRV - (rismxdp) -- C:\WINDOWS\system32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC)
DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)
DRV - (APPDRV) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (Dell Inc)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (tfsnudfa) -- C:\WINDOWS\system32\dla\tfsnudfa.sys (Sonic Solutions)
DRV - (tfsnudf) -- C:\WINDOWS\system32\dla\tfsnudf.sys (Sonic Solutions)
DRV - (tfsnifs) -- C:\WINDOWS\system32\dla\tfsnifs.sys (Sonic Solutions)
DRV - (tfsncofs) -- C:\WINDOWS\system32\dla\tfsncofs.sys (Sonic Solutions)
DRV - (tfsnboio) -- C:\WINDOWS\system32\dla\tfsnboio.sys (Sonic Solutions)
DRV - (tfsnopio) -- C:\WINDOWS\system32\dla\tfsnopio.sys (Sonic Solutions)
DRV - (tfsnpool) -- C:\WINDOWS\system32\dla\tfsnpool.sys (Sonic Solutions)
DRV - (tfsndrct) -- C:\WINDOWS\system32\dla\tfsndrct.sys (Sonic Solutions)
DRV - (tfsndres) -- C:\WINDOWS\system32\dla\tfsndres.sys (Sonic Solutions)
DRV - (drvmcdb) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions)
DRV - (drvnddm) -- C:\WINDOWS\system32\drivers\drvnddm.sys (Sonic Solutions)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (sscdbhk5) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys (Sonic Solutions)
DRV - (ssrtln) -- C:\WINDOWS\system32\drivers\ssrtln.sys (Sonic Solutions)
DRV - (omci) -- C:\WINDOWS\system32\drivers\omci.sys (Dell Inc)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6070615
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6070615


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6070615
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6070615
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1318334319-2979968734-2655777505-500\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
IE - HKU\S-1-5-21-1318334319-2979968734-2655777505-500\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1318334319-2979968734-2655777505-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/23 02:45:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/23 02:45:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Navigator 9.0.0.6\extensions\\Components: C:\Program Files\Netscape\Navigator 9\components [2008/10/21 23:51:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Navigator 9.0.0.6\extensions\\Plugins: C:\Program Files\Netscape\Navigator 9\plugins [2009/09/07 16:16:01 | 000,000,000 | ---D | M]

[2010/04/25 13:11:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2010/04/25 13:11:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\w79femgi.default\extensions
[2010/04/17 16:28:31 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/10/23 02:41:29 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBHO.dll (Symantec Corporation)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll (Symantec Corporation)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe (Corel, Inc.)
O4 - HKLM..\Run: [ddoctorv2] C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [DownloadStudio] C:\Program Files\Conceiva\DownloadStudio\DownloadStudioScheduleMonitor.exe (Conceiva Pty. Ltd.)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [IObit Security 360] C:\Program Files\IObit\IObit Security 360\IS360tray.exe (IObit)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [osCheck] C:\Program Files\Norton Internet Security\osCheck.exe (Symantec Corporation)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\Run: [DellAutomatedPCTuneUp] C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe (Gteko Ltd.)
O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe (The Eraser Project)
O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netwaiting.exe ()
O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\NPSWF32_FlashUtil.exe (Adobe Systems, Inc.)
O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingB1904] C:\WINDOWS\System32\command.com ()
O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingB1925] C:\WINDOWS\System32\command.com ()
O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingB2164] C:\WINDOWS\System32\command.com ()
O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingB2529] C:\WINDOWS\System32\command.com ()
O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingB3764] C:\WINDOWS\System32\command.com ()
O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingB3928] C:\WINDOWS\System32\command.com ()
O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingB4467] C:\WINDOWS\System32\command.com ()
O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingB4533] C:\WINDOWS\System32\command.com ()
O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingB5420] C:\WINDOWS\System32\command.com ()
O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingB549] C:\WINDOWS\System32\command.com ()
O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingB587] C:\WINDOWS\System32\command.com ()
O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingB6028] C:\WINDOWS\System32\command.com ()
O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingB6041] C:\WINDOWS\System32\command.com ()
O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingB6867] C:\WINDOWS\System32\command.com ()
O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingB7373] C:\WINDOWS\System32\command.com ()
O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingB7377] C:\WINDOWS\System32\command.com ()
O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingB7874] C:\WINDOWS\System32\command.com ()
O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingB8151] C:\WINDOWS\System32\command.com ()
O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingB8211] C:\WINDOWS\System32\command.com ()
O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingB8249] C:\WINDOWS\System32\command.com ()
O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingB8285] C:\WINDOWS\System32\command.com ()
O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingB8381] C:\WINDOWS\System32\command.com ()
O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingB8515] C:\WINDOWS\System32\command.com ()
O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingB8534] C:\WINDOWS\System32\command.com ()
O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingB875] C:\WINDOWS\System32\command.com ()
O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingB9394] C:\WINDOWS\System32\command.com ()
O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingB9467] C:\WINDOWS\System32\command.com ()
O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingB9549] C:\WINDOWS\System32\command.com ()
O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingD1638] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingD2431] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingD2751] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingD3032] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingD3294] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingD3357] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingD3470] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingD3731] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingD4358] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingD4710] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingD4846] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingD5058] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingD508] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingD5376] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingD5516] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingD5605] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingD5822] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingD584] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingD6103] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingD6145] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingD6416] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingD6599] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingD7129] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingD7301] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingD7565] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingD793] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingD8015] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingD9605] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {41564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab (Reg Error: Key error.)
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} http://www.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab (Symantec Script Runner Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe (Virtools WebPlayer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 216.181.134.16 216.181.30.11
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\480\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop BackupWallPaper: C:\WINDOWS\Dell.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 18:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/23 02:44:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/10/23 01:54:31 | 001,325,656 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Administrator\Desktop\TDSSKiller.exe
[2010/10/23 01:54:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\WinRAR
[2010/10/23 01:43:10 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/10/23 01:43:09 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/10/23 01:43:09 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/23 00:16:30 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/10/23 00:12:27 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/10/23 00:12:27 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/10/23 00:12:26 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/10/23 00:12:26 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/10/23 00:11:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/10/23 00:10:55 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/10/22 22:57:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Macromedia
[2010/10/22 01:38:10 | 000,000,000 | ---D | C] -- C:\VundoFix Backups
[2010/10/21 23:00:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/10/21 23:00:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/10/21 22:48:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/10/18 21:45:16 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
[2010/10/18 01:43:12 | 000,000,000 | ---D | C] -- C:\Program Files\Emsisoft Anti-Malware
[2010/10/18 01:43:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Anti-Malware
[2010/10/18 01:32:58 | 096,140,336 | ---- | C] (Emsi Software GmbH ) -- C:\Documents and Settings\Administrator\Desktop\a2AntiMalwareSetup.exe
[2010/10/18 01:23:01 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}
[2010/10/01 23:03:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2010/09/30 00:30:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/09/30 00:30:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
[2010/09/30 00:28:22 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/09/30 00:26:12 | 009,458,552 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Administrator\Desktop\SUPERAntiSpyware.exe
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/23 02:45:39 | 000,381,692 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/10/23 02:45:39 | 000,053,436 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/10/23 02:41:29 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/10/23 02:41:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/23 01:43:13 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/23 00:16:39 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010/10/23 00:10:15 | 003,884,020 | R--- | M] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2010/10/22 02:45:00 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/22 02:44:54 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/10/18 21:19:47 | 000,002,741 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/10/18 01:43:37 | 000,000,688 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Emsisoft Anti-Malware.lnk
[2010/10/18 01:42:05 | 096,140,336 | ---- | M] (Emsi Software GmbH ) -- C:\Documents and Settings\Administrator\Desktop\a2AntiMalwareSetup.exe
[2010/10/08 03:30:16 | 000,005,642 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2010/10/08 03:28:50 | 000,000,168 | RHS- | M] () -- C:\WINDOWS\System32\119210CEEA.sys
[2010/10/04 09:08:00 | 001,325,656 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Administrator\Desktop\TDSSKiller.exe
[2010/10/01 22:34:41 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/30 00:28:37 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/09/30 00:27:03 | 009,458,552 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Administrator\Desktop\SUPERAntiSpyware.exe
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/23 01:43:13 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/23 00:16:39 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/10/23 00:16:31 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/10/23 00:12:27 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/10/23 00:12:27 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/10/23 00:12:27 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/10/23 00:12:27 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/10/23 00:12:26 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/10/23 00:09:44 | 003,884,020 | R--- | C] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2010/10/18 01:43:37 | 000,000,688 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Emsisoft Anti-Malware.lnk
[2010/09/30 00:28:37 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/04/10 02:18:49 | 000,014,430 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\ytyF335s1G6
[2008/10/21 21:59:15 | 000,185,344 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/08 00:26:46 | 000,000,033 | ---- | C] () -- C:\WINDOWS\DownloadStudioScheduleMonitor.INI
[2008/09/07 23:39:38 | 000,941,784 | ---- | C] () -- C:\WINDOWS\System32\drivers\CAMTHWDM.sys
[2008/05/22 15:22:54 | 000,005,642 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2008/05/22 15:22:54 | 000,000,168 | RHS- | C] () -- C:\WINDOWS\System32\119210CEEA.sys
[2008/02/23 16:39:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EAREMOVE.INI
[2007/11/06 16:19:28 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2007/09/18 02:54:28 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/08/28 17:59:21 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/06/15 04:02:04 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/06/15 04:01:22 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2007/06/15 03:57:47 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll
[2007/06/15 03:50:59 | 000,002,741 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/06/15 03:20:37 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2007/06/15 03:19:28 | 000,001,121 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2007/01/11 09:20:28 | 000,026,097 | ---- | C] () -- C:\WINDOWS\UN800114.INI
[2005/04/09 11:04:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/11 18:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 18:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 18:07:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/11 18:00:36 | 000,080,896 | ---- | C] () -- C:\WINDOWS\dmsyom.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >
[2010/10/23 02:47:55 | 000,303,104 | -H-- | M] () -- C:\Documents and Settings\Administrator\ntuser.dat.LOG
[2010/10/23 02:45:58 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2010/10/23 02:44:58 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Local Settings
[2010/10/23 02:41:39 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/10/23 02:41:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/23 02:40:24 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/10/23 02:40:23 | 001,310,720 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010/10/23 02:38:31 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2010/10/23 02:33:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Desktop
[2010/10/23 02:27:58 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Administrator\Recent
[2010/10/23 01:54:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\WinRAR
[2010/10/23 01:43:14 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/23 01:43:13 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/23 01:43:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Desktop
[2010/10/23 00:39:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Macromedia
[2010/10/23 00:36:34 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data
[2010/10/23 00:22:26 | 000,001,024 | -H-- | M] () -- C:\Documents and Settings\All Users\NTUSER.DAT.LOG
[2010/10/23 00:17:49 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Administrator\Application Data
[2010/10/23 00:10:15 | 003,884,020 | R--- | M] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2010/10/23 00:08:30 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Administrator\Cookies
[2010/10/22 02:44:54 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/10/21 23:00:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/10/21 23:00:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/10/21 23:00:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/10/21 22:48:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/10/18 22:26:35 | 000,000,000 | ---D | M] -- C:\Program Files\PC Tools Security
[2010/10/18 22:25:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/10/18 21:19:47 | 000,002,741 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/10/18 01:43:51 | 000,000,000 | ---D | M] -- C:\Program Files\Emsisoft Anti-Malware
[2010/10/18 01:43:37 | 000,000,688 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Emsisoft Anti-Malware.lnk
[2010/10/18 01:43:12 | 000,000,000 | R--D | M] -- C:\Documents and Settings\Administrator\My Documents
[2010/10/18 01:42:05 | 096,140,336 | ---- | M] (Emsi Software GmbH ) -- C:\Documents and Settings\Administrator\Desktop\a2AntiMalwareSetup.exe
[2010/10/18 01:23:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}
[2010/10/17 22:59:26 | 000,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy
[2010/10/04 09:08:00 | 001,325,656 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Administrator\Desktop\TDSSKiller.exe
[2010/10/01 23:03:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2010/10/01 22:34:41 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/30 00:30:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/09/30 00:30:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
[2010/09/30 00:30:16 | 000,000,000 | ---D | M] -- C:\Program Files\SUPERAntiSpyware
[2010/09/30 00:28:37 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/09/30 00:27:03 | 009,458,552 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Administrator\Desktop\SUPERAntiSpyware.exe
[2010/04/17 16:10:55 | 000,014,430 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\ytyF335s1G6
[2009/12/18 23:10:10 | 004,240,656 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2008/10/22 02:24:37 | 000,185,344 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/03/12 16:46:37 | 000,033,128 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2007/06/15 04:01:22 | 000,000,136 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2004/08/11 18:07:12 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2004/08/11 18:07:12 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Administrator\Application Data\desktop.ini
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/23 02:45:39 | 000,381,692 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/10/23 02:45:39 | 000,053,436 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/10/23 02:41:29 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/10/23 02:41:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/23 01:43:13 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/23 00:16:39 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010/10/23 00:10:15 | 003,884,020 | R--- | M] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2010/10/22 02:45:00 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/22 02:44:54 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/10/18 21:19:47 | 000,002,741 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/10/18 01:43:37 | 000,000,688 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Emsisoft Anti-Malware.lnk
[2010/10/18 01:42:05 | 096,140,336 | ---- | M] (Emsi Software GmbH ) -- C:\Documents and Settings\Administrator\Desktop\a2AntiMalwareSetup.exe
[2010/10/08 03:30:16 | 000,005,642 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2010/10/08 03:28:50 | 000,000,168 | RHS- | M] () -- C:\WINDOWS\System32\119210CEEA.sys
[2010/10/04 09:08:00 | 001,325,656 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Administrator\Desktop\TDSSKiller.exe
[2010/10/01 22:34:41 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/30 00:28:37 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/09/30 00:27:03 | 009,458,552 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Administrator\Desktop\SUPERAntiSpyware.exe
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (a2acc) -- C:\Program Files\Emsisoft Anti-Malware\a2accx86.sys (Emsi Software GmbH)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (CAMTHWDM) -- C:\WINDOWS\system32\drivers\CAMTHWDM.sys ()
DRV - (SRTSPL) -- C:\WINDOWS\system32\drivers\srtspl.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\WINDOWS\system32\drivers\srtsp.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\WINDOWS\system32\drivers\srtspx.sys (Symantec Corporation)
DRV - (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies)
DRV - (SYMIDSCO) -- C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\20071106.002\SymIDSCo.sys (Symantec Corporation)
DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMREDRV) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (SYMIDS) -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS (Symantec Corporation)
DRV - (SYMNDIS) -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS (Symantec Corporation)
DRV - (SYMFW) -- C:\WINDOWS\System32\Drivers\SYMFW.SYS (Symantec Corporation)
DRV - (SYMDNS) -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (datunidr) -- C:\WINDOWS\system32\drivers\datunidr.sys (Gteko Ltd.)
DRV - (NETw4x32) Intel® -- C:\WINDOWS\system32\drivers\NETw4x32.sys (Intel Corporation)
DRV - (NAVEX15) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071107.018\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071107.018\NAVENG.SYS (Symantec Corporation)
DRV - (TridVid) -- C:\WINDOWS\system32\drivers\tridvid.sys (10moons)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (BUFADPT) -- C:\WINDOWS\system32\BUFADPT.SYS (BUFFALO INC.)
DRV - (NETw3x32) Intel® -- C:\WINDOWS\system32\drivers\NETw3x32.sys (IntelŪ Corporation)
DRV - (BVRPMPR5) -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS (BVRP Software)
DRV - (PTproct) -- C:\Program Files\DellAutomatedPCTuneUp\GTAction\triggers\PTproct.sys (Gteko Ltd.)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (DSproct) -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys (GTek Technologies Ltd.)
DRV - (rismxdp) -- C:\WINDOWS\system32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC)
DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)
DRV - (APPDRV) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (Dell Inc)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (tfsnudfa) -- C:\WINDOWS\system32\dla\tfsnudfa.sys (Sonic Solutions)
DRV - (tfsnudf) -- C:\WINDOWS\system32\dla\tfsnudf.sys (Sonic Solutions)
DRV - (tfsnifs) -- C:\WINDOWS\system32\dla\tfsnifs.sys (Sonic Solutions)
DRV - (tfsncofs) -- C:\WINDOWS\system32\dla\tfsncofs.sys (Sonic Solutions)
DRV - (tfsnboio) -- C:\WINDOWS\system32\dla\tfsnboio.sys (Sonic Solutions)
DRV - (tfsnopio) -- C:\WINDOWS\system32\dla\tfsnopio.sys (Sonic Solutions)
DRV - (tfsnpool) -- C:\WINDOWS\system32\dla\tfsnpool.sys (Sonic Solutions)
DRV - (tfsndrct) -- C:\WINDOWS\system32\dla\tfsndrct.sys (Sonic Solutions)
DRV - (tfsndres) -- C:\WINDOWS\system32\dla\tfsndres.sys (Sonic Solutions)
DRV - (drvmcdb) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions)
DRV - (drvnddm) -- C:\WINDOWS\system32\drivers\drvnddm.sys (Sonic Solutions)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (sscdbhk5) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys (Sonic Solutions)
DRV - (ssrtln) -- C:\WINDOWS\system32\drivers\ssrtln.sys (Sonic Solutions)
DRV - (omci) -- C:\WINDOWS\system32\drivers\omci.sys (Dell Inc)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6070615
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6070615


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6070615
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6070615
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1318334319-2979968734-2655777505-500\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
IE - HKU\S-1-5-21-1318334319-2979968734-2655777505-500\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1318334319-2979968734-2655777505-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/23 02:45:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/23 02:45:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Navigator 9.0.0.6\extensions\\Components: C:\Program Files\Netscape\Navigator 9\components [2008/10/21 23:51:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Navigator 9.0.0.6\extensions\\Plugins: C:\Program Files\Netscape\Navigator 9\plugins [2009/09/07 16:16:01 | 000,000,000 | ---D | M]

[2010/04/25 13:11:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2010/04/25 13:11:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\w79femgi.default\extensions
[2010/04/17 16:28:31 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/10/23 02:41:29 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBHO.dll (Symantec Corporation)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll (Symantec Corporation)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe (Corel, Inc.)
O4 - HKLM..\Run: [ddoctorv2] C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [DownloadStudio] C:\Program Files\Conceiva\DownloadStudio\DownloadStudioScheduleMonitor.exe (Conceiva Pty. Ltd.)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [IObit Security 360] C:\Program Files\IObit\IObit Security 360\IS360tray.exe (IObit)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [osCheck] C:\Program Files\Norton Internet Security\osCheck.exe (Symantec Corporation)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\Run: [DellAutomatedPCTuneUp] C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe (Gteko Ltd.)
O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe (The Eraser Project)
O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netwaiting.exe ()
O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\NPSWF32_FlashUtil.exe (Adobe Systems, Inc.)
O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingB1904] C:\WINDOWS\System32\command.com ()
O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingB1925] C:\WINDOWS\System32\command.com ()
O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingB2164] C:\WINDOWS\System32\command.com ()
O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingB2529] C:\WINDOWS\System32\command.com ()
O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingB3764] C:\WINDOWS\System32\command.com ()
O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingB3928] C:\WINDOWS\System32\command.com ()
O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingB4467] C:\WINDOWS\System32\command.com ()
O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingB4533] C:\WINDOWS\System32\command.com ()
O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingB5420] C:\WINDOWS\System32\command.com ()
O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingB549] C:\WINDOWS\System32\command.com ()
O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingB587] C:\WINDOWS\System32\command.com ()
O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingB6028] C:\WINDOWS\System32\command.com ()
O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingB6041] C:\WINDOWS\System32\command.com ()
O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingB6867] C:\WINDOWS\System32\command.com ()
O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingB7373] C:\WINDOWS\System32\command.com ()
O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingB7377] C:\WINDOWS\System32\command.com ()
O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingB7874] C:\WINDOWS\System32\command.com ()
O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingB8151] C:\WINDOWS\System32\command.com ()
O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingB8211] C:\WINDOWS\System32\command.com ()
O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingB8249] C:\WINDOWS\System32\command.com ()
O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingB8285] C:\WINDOWS\System32\command.com ()
O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingB8381] C:\WINDOWS\System32\command.com ()
O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingB8515] C:\WINDOWS\System32\command.com ()
O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingB8534] C:\WINDOWS\System32\command.com ()
O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingB875] C:\WINDOWS\System32\command.com ()
O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingB9394] C:\WINDOWS\System32\command.com ()
O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingB9467] C:\WINDOWS\System32\command.com ()
O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingB9549] C:\WINDOWS\System32\command.com ()
O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingD1638] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingD2431] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingD2751] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingD3032] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingD3294] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingD3357] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingD3470] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingD3731] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingD4358] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingD4710] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingD4846] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingD5058] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingD508] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingD5376] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingD5516] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingD5605] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingD5822] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingD584] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingD6103] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingD6145] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingD6416] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingD6599] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingD7129] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingD7301] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingD7565] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingD793] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingD8015] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingD9605] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {41564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab (Reg Error: Key error.)
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} http://www.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab (Symantec Script Runner Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe (Virtools WebPlayer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 216.181.134.16 216.181.30.11
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\480\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop BackupWallPaper: C:\WINDOWS\Dell.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 18:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/23 02:44:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/10/23 01:54:31 | 001,325,656 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Administrator\Desktop\TDSSKiller.exe
[2010/10/23 01:54:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\WinRAR
[2010/10/23 01:43:10 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/10/23 01:43:09 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/10/23 01:43:09 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/23 00:16:30 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/10/23 00:12:27 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/10/23 00:12:27 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/10/23 00:12:26 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/10/23 00:12:26 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/10/23 00:11:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/10/23 00:10:55 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/10/22 22:57:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Macromedia
[2010/10/22 01:38:10 | 000,000,000 | ---D | C] -- C:\VundoFix Backups
[2010/10/21 23:00:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/10/21 23:00:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/10/21 22:48:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/10/18 21:45:16 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
[2010/10/18 01:43:12 | 000,000,000 | ---D | C] -- C:\Program Files\Emsisoft Anti-Malware
[2010/10/18 01:43:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Anti-Malware
[2010/10/18 01:32:58 | 096,140,336 | ---- | C] (Emsi Software GmbH ) -- C:\Documents and Settings\Administrator\Desktop\a2AntiMalwareSetup.exe
[2010/10/18 01:23:01 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}
[2010/10/01 23:03:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2010/09/30 00:30:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/09/30 00:30:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
[2010/09/30 00:28:22 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/09/30 00:26:12 | 009,458,552 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Administrator\Desktop\SUPERAntiSpyware.exe
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/23 02:45:39 | 000,381,692 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/10/23 02:45:39 | 000,053,436 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/10/23 02:41:29 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/10/23 02:41:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/23 01:43:13 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/23 00:16:39 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010/10/23 00:10:15 | 003,884,020 | R--- | M] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2010/10/22 02:45:00 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/22 02:44:54 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/10/18 21:19:47 | 000,002,741 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/10/18 01:43:37 | 000,000,688 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Emsisoft Anti-Malware.lnk
[2010/10/18 01:42:05 | 096,140,336 | ---- | M] (Emsi Software GmbH ) -- C:\Documents and Settings\Administrator\Desktop\a2AntiMalwareSetup.exe
[2010/10/08 03:30:16 | 000,005,642 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2010/10/08 03:28:50 | 000,000,168 | RHS- | M] () -- C:\WINDOWS\System32\119210CEEA.sys
[2010/10/04 09:08:00 | 001,325,656 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Administrator\Desktop\TDSSKiller.exe
[2010/10/01 22:34:41 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/30 00:28:37 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/09/30 00:27:03 | 009,458,552 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Administrator\Desktop\SUPERAntiSpyware.exe
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/23 01:43:13 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/23 00:16:39 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/10/23 00:16:31 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/10/23 00:12:27 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/10/23 00:12:27 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/10/23 00:12:27 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/10/23 00:12:27 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/10/23 00:12:26 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/10/23 00:09:44 | 003,884,020 | R--- | C] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2010/10/18 01:43:37 | 000,000,688 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Emsisoft Anti-Malware.lnk
[2010/09/30 00:28:37 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/04/10 02:18:49 | 000,014,430 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\ytyF335s1G6
[2008/10/21 21:59:15 | 000,185,344 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/08 00:26:46 | 000,000,033 | ---- | C] () -- C:\WINDOWS\DownloadStudioScheduleMonitor.INI
[2008/09/07 23:39:38 | 000,941,784 | ---- | C] () -- C:\WINDOWS\System32\drivers\CAMTHWDM.sys
[2008/05/22 15:22:54 | 000,005,642 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2008/05/22 15:22:54 | 000,000,168 | RHS- | C] () -- C:\WINDOWS\System32\119210CEEA.sys
[2008/02/23 16:39:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EAREMOVE.INI
[2007/11/06 16:19:28 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2007/09/18 02:54:28 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/08/28 17:59:21 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/06/15 04:02:04 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/06/15 04:01:22 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2007/06/15 03:57:47 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll
[2007/06/15 03:50:59 | 000,002,741 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/06/15 03:20:37 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2007/06/15 03:19:28 | 000,001,121 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2007/01/11 09:20:28 | 000,026,097 | ---- | C] () -- C:\WINDOWS\UN800114.INI
[2005/04/09 11:04:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/11 18:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 18:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 18:07:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/11 18:00:36 | 000,080,896 | ---- | C] () -- C:\WINDOWS\dmsyom.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >
Thanks a lot.

Greetings

Good That cleaned up some bad guys but I see some other stuff that we need to go after, so I want you to run this custom script for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

File::
c:\windows\system32\byvspo.dll
c:\windows\system32\dddawu.dll
c:\windows\system32\qonmjh.dll
c:\windows\system32\qonnoo.dll
c:\windows\system32\khijig.dll
c:\windows\system32\awutss.dll
c:\windows\system32\xxxwtr.dll
c:\windows\system32\ssrsrq.dll
c:\windows\system32\efffef.dll
c:\windows\system32\efcyyv.dll
c:\windows\system32\khghij.dll
c:\windows\system32\nnomml.dll
c:\windows\system32\nnoono.dll
c:\windows\system32\jkkihe.dll
c:\windows\system32\ljifgd.dll
c:\windows\system32\bywvus.dll
c:\windows\system32\jkjjig.dll
c:\windows\system32\vtuspm.dll
c:\windows\system32\ddayxx.dll
c:\windows\system32\awuspo.dll
c:\windows\system32\ddbbaa.dll
c:\windows\system32\efdbba.dll
c:\windows\system32\tuvtur.dll
c:\windows\system32\fcyxxw.dll
c:\windows\system32\pmnkkh.dll
c:\windows\system32\vtuusp.dll
c:\windows\system32\ssroon.dll
c:\windows\system32\geeeed.dll
c:\documents and settings\Kashif Raza\Application Data\Microsoft\Windows\shell.exe
c:\documents and settings\Kashif Raza\Application Data\Microsoft\svchost.exe

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"yaawtsaudio"=-

Driver::
COMServer

DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:50370
uInternet Settings,ProxyOverride = <local>

RegLock::
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]


Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Download and run OTL
Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized we don't need this report
  • Please post the contents of OTListIt.txt in your next reply.



"information and logs"

  • In your next post I need the following

  • report from Combofix
  • OTListit report
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo



#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:11 PM

Posted 23 October 2010 - 03:13 AM

Run OTL Script

We need to run an OTL Fix

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\NPSWF32_FlashUtil.exe (Adobe Systems, Inc.)
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingB1904] C:\WINDOWS\System32\command.com ()
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingB1925] C:\WINDOWS\System32\command.com ()
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingB2164] C:\WINDOWS\System32\command.com ()
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingB2529] C:\WINDOWS\System32\command.com ()
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingB3764] C:\WINDOWS\System32\command.com ()
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingB3928] C:\WINDOWS\System32\command.com ()
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingB4467] C:\WINDOWS\System32\command.com ()
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingB4533] C:\WINDOWS\System32\command.com ()
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingB5420] C:\WINDOWS\System32\command.com ()
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingB549] C:\WINDOWS\System32\command.com ()
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingB587] C:\WINDOWS\System32\command.com ()
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingB6028] C:\WINDOWS\System32\command.com ()
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingB6041] C:\WINDOWS\System32\command.com ()
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingB6867] C:\WINDOWS\System32\command.com ()
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingB7373] C:\WINDOWS\System32\command.com ()
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingB7377] C:\WINDOWS\System32\command.com ()
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingB7874] C:\WINDOWS\System32\command.com ()
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingB8151] C:\WINDOWS\System32\command.com ()
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingB8211] C:\WINDOWS\System32\command.com ()
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingB8249] C:\WINDOWS\System32\command.com ()
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingB8285] C:\WINDOWS\System32\command.com ()
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingB8381] C:\WINDOWS\System32\command.com ()
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingB8515] C:\WINDOWS\System32\command.com ()
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingB8534] C:\WINDOWS\System32\command.com ()
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingB875] C:\WINDOWS\System32\command.com ()
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingB9394] C:\WINDOWS\System32\command.com ()
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingB9467] C:\WINDOWS\System32\command.com ()
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingB9549] C:\WINDOWS\System32\command.com ()
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingD1638] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingD2431] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingD2751] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingD3032] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingD3294] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingD3357] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingD3470] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingD3731] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingD4358] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingD4710] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingD4846] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingD5058] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingD508] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingD5376] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingD5516] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingD5605] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingD5822] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingD584] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingD6103] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingD6145] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingD6416] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingD6599] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingD7129] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingD7301] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingD7565] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingD793] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingD8015] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingD9605] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    [2004/08/11 18:00:36 | 000,080,896 | ---- | C] () -- C:\WINDOWS\dmsyom.dll
    @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
    :Commands
    [PURITY] 
    [EMPTYTEMP]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.


How is the computer doing now?


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 plhelp

plhelp
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:11 AM

Posted 23 October 2010 - 11:38 PM

I ran OTL as you said and it asked for reboot but after reboot there is no report.
Thanks again

Run OTL Script

We need to run an OTL Fix

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\NPSWF32_FlashUtil.exe (Adobe Systems, Inc.)
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingB1904] C:\WINDOWS\System32\command.com ()
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingB1925] C:\WINDOWS\System32\command.com ()
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingB2164] C:\WINDOWS\System32\command.com ()
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingB2529] C:\WINDOWS\System32\command.com ()
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingB3764] C:\WINDOWS\System32\command.com ()
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingB3928] C:\WINDOWS\System32\command.com ()
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingB4467] C:\WINDOWS\System32\command.com ()
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingB4533] C:\WINDOWS\System32\command.com ()
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingB5420] C:\WINDOWS\System32\command.com ()
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingB549] C:\WINDOWS\System32\command.com ()
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingB587] C:\WINDOWS\System32\command.com ()
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingB6028] C:\WINDOWS\System32\command.com ()
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingB6041] C:\WINDOWS\System32\command.com ()
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingB6867] C:\WINDOWS\System32\command.com ()
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingB7373] C:\WINDOWS\System32\command.com ()
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingB7377] C:\WINDOWS\System32\command.com ()
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingB7874] C:\WINDOWS\System32\command.com ()
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingB8151] C:\WINDOWS\System32\command.com ()
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingB8211] C:\WINDOWS\System32\command.com ()
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingB8249] C:\WINDOWS\System32\command.com ()
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingB8285] C:\WINDOWS\System32\command.com ()
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingB8381] C:\WINDOWS\System32\command.com ()
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingB8515] C:\WINDOWS\System32\command.com ()
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingB8534] C:\WINDOWS\System32\command.com ()
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingB875] C:\WINDOWS\System32\command.com ()
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingB9394] C:\WINDOWS\System32\command.com ()
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingB9467] C:\WINDOWS\System32\command.com ()
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingB9549] C:\WINDOWS\System32\command.com ()
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingD1638] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingD2431] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingD2751] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingD3032] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingD3294] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingD3357] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingD3470] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingD3731] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingD4358] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingD4710] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingD4846] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingD5058] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingD508] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingD5376] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingD5516] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingD5605] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingD5822] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingD584] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingD6103] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingD6145] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingD6416] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingD6599] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingD7129] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingD7301] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingD7565] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingD793] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingD8015] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingD9605] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    [2004/08/11 18:00:36 | 000,080,896 | ---- | C] () -- C:\WINDOWS\dmsyom.dll
    @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
    :Commands
    [PURITY] 
    [EMPTYTEMP]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.


How is the computer doing now?


Gringo



#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:11 PM

Posted 23 October 2010 - 11:51 PM

Hello

Ok rerun combofix for me and let me have that report so i can see where we stand

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 plhelp

plhelp
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:11 AM

Posted 25 October 2010 - 12:06 AM

I tried CFScript.txt file to run combofix but instead of it running I got report which appears from OTL run before. If I need to run combofix how should I do it? I tried clicking on combofix icon on desktop, and it starts to run with the bar appears filling but instead of running blue screen it just stops. looks like something is blocking it. Here is log from OTL.

All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-1318334319-2979968734-2655777505-500\Software\Microsoft\Windows\CurrentVersion\RunOnce\\FlashPlayerUpdate deleted successfully.
C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-1318334319-2979968734-2655777505-500\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingB1904 deleted successfully.
C:\WINDOWS\system32\command.com moved successfully.
Registry value HKEY_USERS\S-1-5-21-1318334319-2979968734-2655777505-500\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingB1925 deleted successfully.
File C:\WINDOWS\System32\command.com not found.
Registry value HKEY_USERS\S-1-5-21-1318334319-2979968734-2655777505-500\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingB2164 deleted successfully.
File C:\WINDOWS\System32\command.com not found.
Registry value HKEY_USERS\S-1-5-21-1318334319-2979968734-2655777505-500\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingB2529 deleted successfully.
File C:\WINDOWS\System32\command.com not found.
Registry value HKEY_USERS\S-1-5-21-1318334319-2979968734-2655777505-500\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingB3764 deleted successfully.
File C:\WINDOWS\System32\command.com not found.
Registry value HKEY_USERS\S-1-5-21-1318334319-2979968734-2655777505-500\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingB3928 deleted successfully.
File C:\WINDOWS\System32\command.com not found.
Registry value HKEY_USERS\S-1-5-21-1318334319-2979968734-2655777505-500\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingB4467 deleted successfully.
File C:\WINDOWS\System32\command.com not found.
Registry value HKEY_USERS\S-1-5-21-1318334319-2979968734-2655777505-500\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingB4533 deleted successfully.
File C:\WINDOWS\System32\command.com not found.
Registry value HKEY_USERS\S-1-5-21-1318334319-2979968734-2655777505-500\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingB5420 deleted successfully.
File C:\WINDOWS\System32\command.com not found.
Registry value HKEY_USERS\S-1-5-21-1318334319-2979968734-2655777505-500\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingB549 deleted successfully.
File C:\WINDOWS\System32\command.com not found.
Registry value HKEY_USERS\S-1-5-21-1318334319-2979968734-2655777505-500\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingB587 deleted successfully.
File C:\WINDOWS\System32\command.com not found.
Registry value HKEY_USERS\S-1-5-21-1318334319-2979968734-2655777505-500\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingB6028 deleted successfully.
File C:\WINDOWS\System32\command.com not found.
Registry value HKEY_USERS\S-1-5-21-1318334319-2979968734-2655777505-500\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingB6041 deleted successfully.
File C:\WINDOWS\System32\command.com not found.
Registry value HKEY_USERS\S-1-5-21-1318334319-2979968734-2655777505-500\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingB6867 deleted successfully.
File C:\WINDOWS\System32\command.com not found.
Registry value HKEY_USERS\S-1-5-21-1318334319-2979968734-2655777505-500\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingB7373 deleted successfully.
File C:\WINDOWS\System32\command.com not found.
Registry value HKEY_USERS\S-1-5-21-1318334319-2979968734-2655777505-500\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingB7377 deleted successfully.
File C:\WINDOWS\System32\command.com not found.
Registry value HKEY_USERS\S-1-5-21-1318334319-2979968734-2655777505-500\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingB7874 deleted successfully.
File C:\WINDOWS\System32\command.com not found.
Registry value HKEY_USERS\S-1-5-21-1318334319-2979968734-2655777505-500\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingB8151 deleted successfully.
File C:\WINDOWS\System32\command.com not found.
Registry value HKEY_USERS\S-1-5-21-1318334319-2979968734-2655777505-500\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingB8211 deleted successfully.
File C:\WINDOWS\System32\command.com not found.
Registry value HKEY_USERS\S-1-5-21-1318334319-2979968734-2655777505-500\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingB8249 deleted successfully.
File C:\WINDOWS\System32\command.com not found.
Registry value HKEY_USERS\S-1-5-21-1318334319-2979968734-2655777505-500\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingB8285 deleted successfully.
File C:\WINDOWS\System32\command.com not found.
Registry value HKEY_USERS\S-1-5-21-1318334319-2979968734-2655777505-500\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingB8381 deleted successfully.
File C:\WINDOWS\System32\command.com not found.
Registry value HKEY_USERS\S-1-5-21-1318334319-2979968734-2655777505-500\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingB8515 deleted successfully.
File C:\WINDOWS\System32\command.com not found.
Registry value HKEY_USERS\S-1-5-21-1318334319-2979968734-2655777505-500\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingB8534 deleted successfully.
File C:\WINDOWS\System32\command.com not found.
Registry value HKEY_USERS\S-1-5-21-1318334319-2979968734-2655777505-500\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingB875 deleted successfully.
File C:\WINDOWS\System32\command.com not found.
Registry value HKEY_USERS\S-1-5-21-1318334319-2979968734-2655777505-500\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingB9394 deleted successfully.
File C:\WINDOWS\System32\command.com not found.
Registry value HKEY_USERS\S-1-5-21-1318334319-2979968734-2655777505-500\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingB9467 deleted successfully.
File C:\WINDOWS\System32\command.com not found.
Registry value HKEY_USERS\S-1-5-21-1318334319-2979968734-2655777505-500\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingB9549 deleted successfully.
File C:\WINDOWS\System32\command.com not found.
Registry value HKEY_USERS\S-1-5-21-1318334319-2979968734-2655777505-500\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingD1638 deleted successfully.
C:\WINDOWS\system32\cmd.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-1318334319-2979968734-2655777505-500\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingD2431 deleted successfully.
File C:\WINDOWS\System32\cmd.exe not found.
Registry value HKEY_USERS\S-1-5-21-1318334319-2979968734-2655777505-500\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingD2751 deleted successfully.
File C:\WINDOWS\System32\cmd.exe not found.
Registry value HKEY_USERS\S-1-5-21-1318334319-2979968734-2655777505-500\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingD3032 deleted successfully.
File C:\WINDOWS\System32\cmd.exe not found.
Registry value HKEY_USERS\S-1-5-21-1318334319-2979968734-2655777505-500\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingD3294 deleted successfully.
File C:\WINDOWS\System32\cmd.exe not found.
Registry value HKEY_USERS\S-1-5-21-1318334319-2979968734-2655777505-500\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingD3357 deleted successfully.
File C:\WINDOWS\System32\cmd.exe not found.
Registry value HKEY_USERS\S-1-5-21-1318334319-2979968734-2655777505-500\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingD3470 deleted successfully.
File C:\WINDOWS\System32\cmd.exe not found.
Registry value HKEY_USERS\S-1-5-21-1318334319-2979968734-2655777505-500\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingD3731 deleted successfully.
File C:\WINDOWS\System32\cmd.exe not found.
Registry value HKEY_USERS\S-1-5-21-1318334319-2979968734-2655777505-500\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingD4358 deleted successfully.
File C:\WINDOWS\System32\cmd.exe not found.
Registry value HKEY_USERS\S-1-5-21-1318334319-2979968734-2655777505-500\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingD4710 deleted successfully.
File C:\WINDOWS\System32\cmd.exe not found.
Registry value HKEY_USERS\S-1-5-21-1318334319-2979968734-2655777505-500\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingD4846 deleted successfully.
File C:\WINDOWS\System32\cmd.exe not found.
Registry value HKEY_USERS\S-1-5-21-1318334319-2979968734-2655777505-500\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingD5058 deleted successfully.
File C:\WINDOWS\System32\cmd.exe not found.
Registry value HKEY_USERS\S-1-5-21-1318334319-2979968734-2655777505-500\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingD508 deleted successfully.
File C:\WINDOWS\System32\cmd.exe not found.
Registry value HKEY_USERS\S-1-5-21-1318334319-2979968734-2655777505-500\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingD5376 deleted successfully.
File C:\WINDOWS\System32\cmd.exe not found.
Registry value HKEY_USERS\S-1-5-21-1318334319-2979968734-2655777505-500\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingD5516 deleted successfully.
File C:\WINDOWS\System32\cmd.exe not found.
Registry value HKEY_USERS\S-1-5-21-1318334319-2979968734-2655777505-500\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingD5605 deleted successfully.
File C:\WINDOWS\System32\cmd.exe not found.
Registry value HKEY_USERS\S-1-5-21-1318334319-2979968734-2655777505-500\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingD5822 deleted successfully.
File C:\WINDOWS\System32\cmd.exe not found.
Registry value HKEY_USERS\S-1-5-21-1318334319-2979968734-2655777505-500\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingD584 deleted successfully.
File C:\WINDOWS\System32\cmd.exe not found.
Registry value HKEY_USERS\S-1-5-21-1318334319-2979968734-2655777505-500\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingD6103 deleted successfully.
File C:\WINDOWS\System32\cmd.exe not found.
Registry value HKEY_USERS\S-1-5-21-1318334319-2979968734-2655777505-500\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingD6145 deleted successfully.
File C:\WINDOWS\System32\cmd.exe not found.
Registry value HKEY_USERS\S-1-5-21-1318334319-2979968734-2655777505-500\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingD6416 deleted successfully.
File C:\WINDOWS\System32\cmd.exe not found.
Registry value HKEY_USERS\S-1-5-21-1318334319-2979968734-2655777505-500\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingD6599 deleted successfully.
File C:\WINDOWS\System32\cmd.exe not found.
Registry value HKEY_USERS\S-1-5-21-1318334319-2979968734-2655777505-500\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingD7129 deleted successfully.
File C:\WINDOWS\System32\cmd.exe not found.
Registry value HKEY_USERS\S-1-5-21-1318334319-2979968734-2655777505-500\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingD7301 deleted successfully.
File C:\WINDOWS\System32\cmd.exe not found.
Registry value HKEY_USERS\S-1-5-21-1318334319-2979968734-2655777505-500\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingD7565 deleted successfully.
File C:\WINDOWS\System32\cmd.exe not found.
Registry value HKEY_USERS\S-1-5-21-1318334319-2979968734-2655777505-500\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingD793 deleted successfully.
File C:\WINDOWS\System32\cmd.exe not found.
Registry value HKEY_USERS\S-1-5-21-1318334319-2979968734-2655777505-500\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingD8015 deleted successfully.
File C:\WINDOWS\System32\cmd.exe not found.
Registry value HKEY_USERS\S-1-5-21-1318334319-2979968734-2655777505-500\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingD9605 deleted successfully.
File C:\WINDOWS\System32\cmd.exe not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
C:\WINDOWS\dmsyom.dll moved successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 41819112 bytes
->Flash cache emptied: 886 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes

User: Kashif Raza

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 3688 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 78991 bytes
->Java cache emptied: 12 bytes
->Flash cache emptied: 6559 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 1075809 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 218607 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 41.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User

User: Kashif Raza

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.16.0 log created on 10232010_235615

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Thanks a lot


I ran OTL as you said and it asked for reboot but after reboot there is no report.
Thanks again


Run OTL Script

We need to run an OTL Fix

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\NPSWF32_FlashUtil.exe (Adobe Systems, Inc.)
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingB1904] C:\WINDOWS\System32\command.com ()
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingB1925] C:\WINDOWS\System32\command.com ()
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingB2164] C:\WINDOWS\System32\command.com ()
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingB2529] C:\WINDOWS\System32\command.com ()
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingB3764] C:\WINDOWS\System32\command.com ()
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingB3928] C:\WINDOWS\System32\command.com ()
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingB4467] C:\WINDOWS\System32\command.com ()
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingB4533] C:\WINDOWS\System32\command.com ()
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingB5420] C:\WINDOWS\System32\command.com ()
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingB549] C:\WINDOWS\System32\command.com ()
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingB587] C:\WINDOWS\System32\command.com ()
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingB6028] C:\WINDOWS\System32\command.com ()
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingB6041] C:\WINDOWS\System32\command.com ()
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingB6867] C:\WINDOWS\System32\command.com ()
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingB7373] C:\WINDOWS\System32\command.com ()
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingB7377] C:\WINDOWS\System32\command.com ()
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingB7874] C:\WINDOWS\System32\command.com ()
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingB8151] C:\WINDOWS\System32\command.com ()
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingB8211] C:\WINDOWS\System32\command.com ()
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingB8249] C:\WINDOWS\System32\command.com ()
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingB8285] C:\WINDOWS\System32\command.com ()
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingB8381] C:\WINDOWS\System32\command.com ()
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingB8515] C:\WINDOWS\System32\command.com ()
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingB8534] C:\WINDOWS\System32\command.com ()
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingB875] C:\WINDOWS\System32\command.com ()
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingB9394] C:\WINDOWS\System32\command.com ()
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingB9467] C:\WINDOWS\System32\command.com ()
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingB9549] C:\WINDOWS\System32\command.com ()
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingD1638] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingD2431] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingD2751] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingD3032] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingD3294] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingD3357] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingD3470] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingD3731] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingD4358] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingD4710] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingD4846] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingD5058] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingD508] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingD5376] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingD5516] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingD5605] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingD5822] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingD584] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingD6103] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingD6145] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingD6416] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingD6599] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingD7129] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingD7301] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingD7565] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingD793] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingD8015] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-1318334319-2979968734-2655777505-500..\RunOnce: [SpybotDeletingD9605] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    [2004/08/11 18:00:36 | 000,080,896 | ---- | C] () -- C:\WINDOWS\dmsyom.dll
    @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
    :Commands
    [PURITY] 
    [EMPTYTEMP]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.


How is the computer doing now?


Gringo


Edited by plhelp, 25 October 2010 - 12:22 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users