Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with viruses


  • This topic is locked This topic is locked
18 replies to this topic

#1 track4444

track4444

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:01 PM

Posted 20 June 2011 - 08:51 AM

Well I get redirected on google and get 100% cpu usage. I used spybot and found the security center was breached. I Then killed the virus and they where back then this security shield was installed on my computer again i ran superspy something and found the rouge, but im still getting 100% cpu usage and redirected. I checked and its the svchost.exe file it only takes cpu when i connect to the internet. Iv been with this problem for 2 weeks and have not been able to solve it.
OTL Extras logfile created on: 6/20/2011 9:21:54 AM - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\Axel.ACER-365\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.87 Mb Total Physical Memory | 523.95 Mb Available Physical Memory | 51.68% Memory free
2.39 Gb Paging File | 1.84 Gb Available in Paging File | 77.20% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 123.40 Gb Free Space | 82.79% Space Free | Partition Type: NTFS

Computer Name: ACER-365 | User Name: Axel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"56288:TCP" = 56288:TCP:*:Enabled:Pando Media Booster
"56288:UDP" = 56288:UDP:*:Enabled:Pando Media Booster
"57242:TCP" = 57242:TCP:*:Enabled:Pando Media Booster
"57242:UDP" = 57242:UDP:*:Enabled:Pando Media Booster

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"56288:TCP" = 56288:TCP:*:Enabled:Pando Media Booster
"56288:UDP" = 56288:UDP:*:Enabled:Pando Media Booster
"57242:TCP" = 57242:TCP:*:Enabled:Pando Media Booster
"57242:UDP" = 57242:UDP:*:Enabled:Pando Media Booster
"1043:TCP" = 1043:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
"D:\Installation\Setupx.exe" = D:\Installation\Setupx.exe:*:Enabled:Nero ProductSetup
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0343760F-927D-41D9-B085-2B9397D1478A}" = Solstice Reborn
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.6.5
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{40719211-D09A-11DF-BA30-0013D3D69929}" = MSVCRT Redists
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{56A648C2-D185-46A9-BBFF-78AE7A503000}" = Webcam
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = USB2.0 Card Reader Software
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{99397301-31A0-474B-9FA7-B1F2B72D7AC3}" = Solstice Reborn
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A0F1CE9B-1908-4BDA-8298-2DAB5F2040F6}" = CLEAR Connection Manager
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A1570454-ED12-4050-A7AC-9282C7AFB23C}" = Window Shopper
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DE822B36-A0F1-4396-85E0-DFC277A31403}_is1" = XenOnline
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4194A69-7B8F-4C9B-BDFF-E55126C9200F}_is1" = Anti-Malware Toolkit 1.13.326
"{F6B3786B-B921-40CB-8868-C67FE904D0CD}" = Subversion
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Akamai" = Akamai NetSession Interface
"DivX Setup.divx.com" = DivX Setup
"HDMI" = Intel® Graphics Media Accelerator Driver
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.17)" = Mozilla Firefox (3.6.17)
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"StartNow Toolbar" = StartNow Toolbar 2.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"ToggleEN Toolbar" = ToggleEN Toolbar
"Wdf01007" = Microsoft
I cant post on this site only edit so please read my edits instead thank you

Edited by track4444, 20 June 2011 - 10:02 AM.


BC AdBot (Login to Remove)

 


#2 track4444

track4444
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:01 PM

Posted 20 June 2011 - 10:04 AM

bump please help idk if this will post
OTL logfile created on: 6/21/2011 9:07:34 AM - Run 2
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\Axel.ACER-365\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.87 Mb Total Physical Memory | 586.86 Mb Available Physical Memory | 57.88% Memory free
2.39 Gb Paging File | 1.92 Gb Available in Paging File | 80.68% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 123.65 Gb Free Space | 82.96% Space Free | Partition Type: NTFS

Computer Name: ACER-365 | User Name: Axel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/20 09:04:13 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Axel.ACER-365\My Documents\Downloads\OTL.exe
PRC - [2011/06/15 23:01:05 | 000,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\DNA\btdna.exe
PRC - [2011/05/26 20:07:18 | 000,212,992 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Documents and Settings\Axel.ACER-365\Local Settings\Temp\RtkBtMnt.exe
PRC - [2010/09/01 15:00:20 | 000,107,856 | ---- | M] () -- C:\Program Files\Clearwire\Connection Manager\DeviceLaunchSvc.exe
PRC - [2010/06/17 17:55:10 | 000,398,848 | ---- | M] () -- C:\Program Files\Clearwire\Connection Manager\clearwireDeviceDiagnosticsService.exe
PRC - [2009/03/16 06:29:28 | 006,562,432 | ---- | M] () -- C:\xampp\mysql\bin\mysqld.exe
PRC - [2008/12/09 18:10:14 | 000,024,636 | ---- | M] (Apache Software Foundation) -- C:\xampp\apache\bin\httpd.exe
PRC - [2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/06/20 09:04:13 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Axel.ACER-365\My Documents\Downloads\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (IAANTMON) Intel®
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/06/15 21:47:24 | 003,435,096 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_e877e12.dll -- (Akamai)
SRV - [2011/03/24 04:59:34 | 000,199,904 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe -- (Toolbar Updater Service)
SRV - [2010/09/01 15:00:30 | 000,120,144 | ---- | M] (SmithMicro Inc.) [On_Demand | Stopped] -- C:\Program Files\Clearwire\Connection Manager\RcAppSvc.exe -- (CLEARWIRERcAppSvc)
SRV - [2010/09/01 15:00:20 | 000,107,856 | ---- | M] () [Auto | Running] -- C:\Program Files\Clearwire\Connection Manager\DeviceLaunchSvc.exe -- (SMSI Device Launch Service)
SRV - [2010/06/17 17:55:10 | 000,398,848 | ---- | M] () [Auto | Running] -- C:\Program Files\Clearwire\Connection Manager\clearwireDeviceDiagnosticsService.exe -- (clearwireDeviceDiagnosticsService)
SRV - [2009/03/16 06:29:28 | 006,562,432 | ---- | M] () [Auto | Running] -- C:\xampp\mysql\bin\mysqld.exe -- (MySQL)
SRV - [2008/12/09 18:10:14 | 000,024,636 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\xampp\apache\bin\httpd.exe -- (Apache2.2)


========== Driver Services (SafeList) ==========

DRV - [2010/09/01 14:30:00 | 000,039,632 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\swmsflt.sys -- (swmsflt)
DRV - [2010/09/01 14:21:00 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCTINDIS5.sys -- (PCTINDIS5)
DRV - [2010/07/08 14:32:54 | 000,318,464 | ---- | M] (Beceem communications pvt ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\drxvi314.sys -- (bcm)
DRV - [2010/07/08 14:29:32 | 000,051,456 | ---- | M] (Beceem communications pvt ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BcmBusCtr.sys -- (bcmbusctr)
DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/03/02 21:47:32 | 001,605,864 | ---- | M] (TamoSoft) [CommView] Atheros AR5008 Wireless Network Adapter Service 7.7 [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ts_athw.sys -- (TS_AR5416)
DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/05/18 09:08:26 | 001,566,080 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2009/03/02 13:03:48 | 000,038,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c)
DRV - [2009/02/20 16:53:18 | 001,952,512 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2009/01/02 20:33:54 | 000,145,408 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\M3000KNT.sys -- (M3000Srv)
DRV - [2008/12/26 04:27:26 | 004,968,448 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/11/21 05:36:46 | 000,160,256 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTS5121.sys -- (RSUSBSTOR)
DRV - [2008/09/23 12:15:00 | 000,038,400 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\l1e51x86.sys -- (L1e)
DRV - [2007/08/26 23:58:18 | 000,074,656 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006/10/18 21:47:10 | 000,542,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\blackbox.dll -- (BlackBox)
DRV - [2005/08/03 00:10:12 | 000,032,512 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0909&m=aspire_one
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = ${URL_STARTPAGE}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0909&m=aspire_one
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0909&m=aspire_one
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0909&m=aspire_one
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.startup.homepage: "http://www.startnow.com/?src=startpage&provider=Bing&provider_code=Z057&partner_id=333&product_id=519&affiliate_id=&channel=DPGL15&toolbar_id=200&toolbar_version=2.0&install_country=US&install_date=20110530&user_guid=FD5D666CADDE433AAD2BA8E7D83402B3&machine_id=76a401bfe5730c109a60f99cb183200a&browser=FF&os=win&os_version=5.1-x86-SP3"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {5911488E-9D1E-40ec-8CBB-06B231CC153F}:2.0
FF - prefs.js..extensions.enabledItems: superfish@superfish.com:1.2.0.8
FF - prefs.js..keyword.URL: "http://www.startnow.com/s/?src=addrbar&provider=Bing&provider_code=Z057&partner_id=333&product_id=519&affiliate_id=&channel=DPGL15&toolbar_id=200&toolbar_version=2.0&install_country=US&install_date=20110530&user_guid=FD5D666CADDE433AAD2BA8E7D83402B3&machine_id=76a401bfe5730c109a60f99cb183200a&browser=FF&os=win&os_version=5.1-x86-SP3&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\searchpredict@speedbit.com: C:\Program Files\SearchPredict\PRFireFox
FF - HKLM\software\mozilla\Firefox\Extensions\\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}: C:\Program Files\SpeedBit Video Downloader\SPFireFox
FF - HKLM\software\mozilla\Firefox\Extensions\\superfish@superfish.com: C:\Documents and Settings\All Users\Application DataMozilla\Extensions\superfish@superfish.com [2011/06/20 07:01:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/10 23:39:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/01 20:58:52 | 000,000,000 | ---D | M]

[2011/05/22 07:50:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Axel.ACER-365\Application Data\Mozilla\Extensions
[2011/06/18 12:12:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Axel.ACER-365\Application Data\Mozilla\Firefox\Profiles\jh0uth7v.default\extensions
[2011/05/30 19:53:08 | 000,000,000 | ---D | M] (StartNow Toolbar) -- C:\Documents and Settings\Axel.ACER-365\Application Data\Mozilla\Firefox\Profiles\jh0uth7v.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
[2011/05/30 10:26:38 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\Axel.ACER-365\Application Data\Mozilla\Firefox\Profiles\jh0uth7v.default\searchplugins\bing-zugo.xml
[2011/06/18 12:12:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/06 09:28:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/06/20 07:01:55 | 000,000,000 | ---D | M] (Window Shopper - Powered by Superfish) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATAMOZILLA\EXTENSIONS\SUPERFISH@SUPERFISH.COM
[2010/08/06 09:28:31 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/09/05 16:21:58 | 000,002,226 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml

O1 HOSTS File: ([2011/06/15 17:43:57 | 000,000,916 | RH-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 184.95.59.211 www.google.com
O1 - Hosts: 184.95.59.212 search.yahoo.com
O1 - Hosts: 184.95.59.212 www.bing.com
O2 - BHO: (ToggleEN Toolbar) - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\prxtbTog0.dll (Conduit Ltd.)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (StartNow Toolbar Helper) - {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll (Zugo)
O2 - BHO: (Window Shopper) - {74F475FA-6C75-43BD-AAB9-ECDA6184F600} - C:\Program Files\Superfish\Window Shopper\SuperfishIEAddon.dll (Superfish)
O3 - HKLM\..\Toolbar: (ToggleEN Toolbar) - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\prxtbTog0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (StartNow Toolbar) - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll (Zugo)
O3 - HKCU\..\Toolbar\WebBrowser: (ToggleEN Toolbar) - {038CB5C7-48EA-4AF9-94E0-A1646542E62B} - C:\Program Files\ToggleEN\prxtbTog0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\Drivers\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [cleanddm] File not found
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKCU..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Window Shopper - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - C:\Program Files\Superfish\Window Shopper\SuperfishIEAddon.dll (Superfish)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\TPSvc: DllName - TPSvc.dll - File not found
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Acer.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Acer.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/01/16 18:34:13 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/18 09:07:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Axel.ACER-365\Application Data\PriceGong
[2011/06/16 09:20:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Axel.ACER-365\Application Data\XenOnline
[2011/06/16 08:58:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\XenOnline
[2011/06/16 08:48:32 | 000,000,000 | ---D | C] -- C:\MAYN Games
[2011/06/16 07:03:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2011/06/15 23:00:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Axel.ACER-365\Local Settings\Application Data\DNA
[2011/06/15 23:00:57 | 000,000,000 | ---D | C] -- C:\Program Files\DNA
[2011/06/15 23:00:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Axel.ACER-365\Application Data\DNA
[2011/06/15 11:47:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Axel.ACER-365\Application Data\SUPERAntiSpyware.com
[2011/06/15 11:47:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Axel.ACER-365\Start Menu\Programs\SUPERAntiSpyware
[2011/06/15 11:47:15 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/06/11 14:02:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2011/06/09 09:09:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/06/09 09:09:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/06/01 11:03:04 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/06/01 11:03:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/06/01 11:02:59 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/06/01 11:02:59 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/06/01 10:23:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Axel.ACER-365\Desktop\Download
[2011/06/01 10:21:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Lunarsoft
[2011/06/01 10:21:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Axel.ACER-365\Local Settings\Application Data\Lunarsoft
[2011/06/01 10:21:00 | 000,000,000 | ---D | C] -- C:\Program Files\Lunarsoft
[2011/06/01 09:55:45 | 000,076,696 | ---- | C] (Prevx) -- C:\WINDOWS\System32\drivers\pxrts.sys
[2011/06/01 09:55:44 | 000,000,000 | ---D | C] -- C:\Program Files\Prevx
[2011/06/01 09:55:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PrevxCSI
[2011/05/30 19:53:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Axel.ACER-365\WINDOWS
[2011/05/30 19:53:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Axel.ACER-365\Local Settings\Application Data\Conduit
[2011/05/30 18:57:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2011/05/30 18:11:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Axel.ACER-365\Application Data\Superfish
[2011/05/30 10:38:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Axel.ACER-365\My Documents\DriverPerformer
[2011/05/30 10:26:34 | 000,000,000 | ---D | C] -- C:\Program Files\StartNow Toolbar
[2011/05/30 10:26:28 | 000,000,000 | ---D | C] -- C:\Program Files\Superfish
[2011/05/30 10:26:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application DataMozilla
[2011/05/29 21:36:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Axel.ACER-365\Application Data\WinRAR
[2011/05/24 22:40:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Axel.ACER-365\Application Data\DriverCure
[2011/05/24 22:40:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Axel.ACER-365\Application Data\ParetoLogic
[2011/05/23 22:54:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Axel.ACER-365\Local Settings\Application Data\ConduitEngine
[2011/05/23 22:54:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Axel.ACER-365\Local Settings\Application Data\ToggleEN
[2011/05/23 22:30:13 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/05/23 22:26:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/05/22 12:46:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Axel.ACER-365\Application Data\Sun
[2011/05/22 11:11:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/05/22 11:02:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Axel.ACER-365\Application Data\Solstice Reborn
[2011/05/22 09:26:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/01/16 18:19:00 | 000,049,152 | ---- | C] ( ) -- C:\WINDOWS\Interop.IWshRuntimeLibrary.dll
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/21 09:07:03 | 000,434,834 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/21 09:07:03 | 000,068,788 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/21 09:02:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/21 09:02:26 | 1063,194,624 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/16 08:58:21 | 000,001,505 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\XenOnline.lnk
[2011/06/16 08:47:41 | 1125,821,228 | ---- | M] () -- C:\Documents and Settings\Axel.ACER-365\Desktop\Copy 1 of XenOnlineInstall.exe
[2011/06/16 07:03:14 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/06/15 17:43:57 | 000,000,916 | RH-- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/06/15 16:51:39 | 000,000,240 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2011/06/15 11:47:20 | 000,001,682 | ---- | M] () -- C:\Documents and Settings\Axel.ACER-365\Desktop\SUPERAntiSpyware Professional.lnk
[2011/06/14 08:32:33 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/11 14:08:36 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/09 18:00:00 | 000,000,440 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration.job
[2011/06/04 08:34:14 | 004,228,078 | ---- | M] () -- C:\Documents and Settings\Axel.ACER-365\My Documents\svchost.dmp
[2011/06/03 13:34:10 | 000,000,808 | ---- | M] () -- C:\Documents and Settings\Axel.ACER-365\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/06/03 13:34:10 | 000,000,790 | ---- | M] () -- C:\Documents and Settings\Axel.ACER-365\Desktop\Windows Media Player.lnk
[2011/06/01 11:03:04 | 000,000,788 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/01 10:21:22 | 000,000,850 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Anti-Malware Toolkit.lnk
[2011/06/01 09:56:36 | 000,000,053 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2011/06/01 09:55:45 | 000,076,696 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxrts.sys
[2011/05/31 15:37:57 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/25 17:48:14 | 000,000,286 | ---- | M] () -- C:\WINDOWS\reimage.ini
[2011/05/24 14:08:22 | 000,248,696 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/20 08:01:57 | 1063,194,624 | -HS- | C] () -- C:\hiberfil.sys
[2011/06/16 08:58:21 | 000,001,505 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\XenOnline.lnk
[2011/06/16 07:20:28 | 1125,821,228 | ---- | C] () -- C:\Documents and Settings\Axel.ACER-365\Desktop\Copy 1 of XenOnlineInstall.exe
[2011/06/15 16:51:39 | 000,000,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2011/06/15 11:47:20 | 000,001,682 | ---- | C] () -- C:\Documents and Settings\Axel.ACER-365\Desktop\SUPERAntiSpyware Professional.lnk
[2011/06/04 08:34:11 | 004,228,078 | ---- | C] () -- C:\Documents and Settings\Axel.ACER-365\My Documents\svchost.dmp
[2011/06/03 13:34:10 | 000,000,808 | ---- | C] () -- C:\Documents and Settings\Axel.ACER-365\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/06/01 11:03:04 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/01 10:21:22 | 000,000,850 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Anti-Malware Toolkit.lnk
[2011/06/01 09:55:21 | 000,000,053 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2011/05/25 17:47:50 | 000,000,286 | ---- | C] () -- C:\WINDOWS\reimage.ini
[2011/05/21 14:56:44 | 000,012,798 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\ip3jtogxs440p0u42l6m1ckh
[2011/04/05 17:34:57 | 000,084,480 | ---- | C] () -- C:\WINDOWS\System32\EasyHook32.dll
[2010/11/22 10:00:36 | 000,230,752 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2010/11/22 10:00:35 | 000,118,176 | ---- | C] () -- C:\WINDOWS\patchw.dll
[2010/11/19 21:44:14 | 000,039,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\swmsflt.sys
[2010/11/19 21:31:34 | 002,033,744 | ---- | C] () -- C:\WINDOWS\System32\drivers\macxvi200.bin
[2010/09/11 21:14:42 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2010/09/11 18:54:02 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/09/11 18:54:02 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/07/01 18:45:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ud.sys
[2009/09/22 03:06:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/05/21 17:52:04 | 000,000,008 | RHS- | C] () -- C:\WINDOWS\System32\Desktop_.ini
[2009/05/21 17:48:39 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\M3000DIF.dll
[2009/05/21 17:48:39 | 000,145,408 | ---- | C] () -- C:\WINDOWS\System32\drivers\M3000KNT.sys
[2009/05/21 17:48:39 | 000,015,190 | ---- | C] () -- C:\WINDOWS\M3000Twn.ini
[2009/02/24 06:37:32 | 000,020,480 | ---- | C] () -- C:\WINDOWS\LauncheRyDiscCalc.exe
[2009/01/16 20:24:45 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/01/16 19:24:55 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\drivers\rtkhdaud.dat
[2009/01/16 18:37:00 | 000,032,768 | ---- | C] () -- C:\WINDOWS\AMove.exe
[2009/01/16 18:37:00 | 000,006,782 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2009/01/16 18:36:07 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/01/16 18:32:20 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/01/16 18:31:35 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2009/01/16 18:18:51 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2009/01/16 18:18:50 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2009/01/16 18:18:50 | 000,434,834 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2009/01/16 18:18:50 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2009/01/16 18:18:50 | 000,068,788 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2009/01/16 18:18:50 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2009/01/16 18:18:50 | 000,004,524 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2009/01/16 18:18:49 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2009/01/16 18:18:48 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2009/01/16 18:18:48 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2009/01/16 18:18:45 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2009/01/16 18:18:43 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2009/01/16 10:29:22 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/01/16 10:28:39 | 000,248,696 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:553CA6CA
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 12 bytes -> C:\WINDOWS\system32:{4B9A1497-0817-47C4-9612-D6A1C53ACF57}

< End of report >
Edit sorry i hope this are the right ones

Edited by track4444, 21 June 2011 - 09:14 AM.


#3 track4444

track4444
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:01 PM

Posted 21 June 2011 - 10:16 AM

The infection happend May 21 2011
OTL logfile created on: 6/21/2011 10:07:19 AM - Run 4
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\Axel.ACER-365\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.87 Mb Total Physical Memory | 509.36 Mb Available Physical Memory | 50.24% Memory free
2.39 Gb Paging File | 1.84 Gb Available in Paging File | 76.94% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 123.64 Gb Free Space | 82.96% Space Free | Partition Type: NTFS

Computer Name: ACER-365 | User Name: Axel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days

========== Processes (SafeList) ==========

PRC - [2011/06/20 09:04:13 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Axel.ACER-365\My Documents\Downloads\OTL.exe
PRC - [2011/06/15 23:01:05 | 000,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\DNA\btdna.exe
PRC - [2011/05/26 20:07:18 | 000,212,992 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Documents and Settings\Axel.ACER-365\Local Settings\Temp\RtkBtMnt.exe
PRC - [2011/05/01 20:58:46 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/09/07 23:05:54 | 000,054,608 | ---- | M] (ClearwireCM) -- C:\Program Files\Clearwire\Connection Manager\ClearwireCM.exe
PRC - [2010/09/01 15:00:30 | 000,120,144 | ---- | M] (SmithMicro Inc.) -- C:\Program Files\Clearwire\Connection Manager\RcAppSvc.exe
PRC - [2010/09/01 15:00:20 | 000,107,856 | ---- | M] () -- C:\Program Files\Clearwire\Connection Manager\DeviceLaunchSvc.exe
PRC - [2010/06/17 17:55:10 | 000,398,848 | ---- | M] () -- C:\Program Files\Clearwire\Connection Manager\clearwireDeviceDiagnosticsService.exe
PRC - [2009/03/16 06:29:28 | 006,562,432 | ---- | M] () -- C:\xampp\mysql\bin\mysqld.exe
PRC - [2008/12/09 18:10:14 | 000,024,636 | ---- | M] (Apache Software Foundation) -- C:\xampp\apache\bin\httpd.exe
PRC - [2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/06/20 09:04:13 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Axel.ACER-365\My Documents\Downloads\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (IAANTMON) Intel®
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/06/15 21:47:24 | 003,435,096 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_e877e12.dll -- (Akamai)
SRV - [2011/03/24 04:59:34 | 000,199,904 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe -- (Toolbar Updater Service)
SRV - [2010/09/01 15:00:30 | 000,120,144 | ---- | M] (SmithMicro Inc.) [On_Demand | Running] -- C:\Program Files\Clearwire\Connection Manager\RcAppSvc.exe -- (CLEARWIRERcAppSvc)
SRV - [2010/09/01 15:00:20 | 000,107,856 | ---- | M] () [Auto | Running] -- C:\Program Files\Clearwire\Connection Manager\DeviceLaunchSvc.exe -- (SMSI Device Launch Service)
SRV - [2010/06/17 17:55:10 | 000,398,848 | ---- | M] () [Auto | Running] -- C:\Program Files\Clearwire\Connection Manager\clearwireDeviceDiagnosticsService.exe -- (clearwireDeviceDiagnosticsService)
SRV - [2009/03/16 06:29:28 | 006,562,432 | ---- | M] () [Auto | Running] -- C:\xampp\mysql\bin\mysqld.exe -- (MySQL)
SRV - [2008/12/09 18:10:14 | 000,024,636 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\xampp\apache\bin\httpd.exe -- (Apache2.2)


========== Driver Services (SafeList) ==========

DRV - [2010/09/01 14:30:00 | 000,039,632 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\swmsflt.sys -- (swmsflt)
DRV - [2010/09/01 14:21:00 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCTINDIS5.sys -- (PCTINDIS5)
DRV - [2010/07/08 14:32:54 | 000,318,464 | ---- | M] (Beceem communications pvt ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\drxvi314.sys -- (bcm)
DRV - [2010/07/08 14:29:32 | 000,051,456 | ---- | M] (Beceem communications pvt ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BcmBusCtr.sys -- (bcmbusctr)
DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/03/02 21:47:32 | 001,605,864 | ---- | M] (TamoSoft) [CommView] Atheros AR5008 Wireless Network Adapter Service 7.7 [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ts_athw.sys -- (TS_AR5416)
DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/05/18 09:08:26 | 001,566,080 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2009/03/02 13:03:48 | 000,038,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c)
DRV - [2009/02/20 16:53:18 | 001,952,512 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2009/01/02 20:33:54 | 000,145,408 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\M3000KNT.sys -- (M3000Srv)
DRV - [2008/12/26 04:27:26 | 004,968,448 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/11/21 05:36:46 | 000,160,256 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTS5121.sys -- (RSUSBSTOR)
DRV - [2008/09/23 12:15:00 | 000,038,400 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\l1e51x86.sys -- (L1e)
DRV - [2007/08/26 23:58:18 | 000,074,656 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006/10/18 21:47:10 | 000,542,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\blackbox.dll -- (BlackBox)
DRV - [2005/08/03 00:10:12 | 000,032,512 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0909&m=aspire_one
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = ${URL_STARTPAGE}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0909&m=aspire_one
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0909&m=aspire_one
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0909&m=aspire_one
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.startup.homepage: "http://www.startnow.com/?src=startpage&provider=Bing&provider_code=Z057&partner_id=333&product_id=519&affiliate_id=&channel=DPGL15&toolbar_id=200&toolbar_version=2.0&install_country=US&install_date=20110530&user_guid=FD5D666CADDE433AAD2BA8E7D83402B3&machine_id=76a401bfe5730c109a60f99cb183200a&browser=FF&os=win&os_version=5.1-x86-SP3"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {5911488E-9D1E-40ec-8CBB-06B231CC153F}:2.0
FF - prefs.js..extensions.enabledItems: superfish@superfish.com:1.2.0.8
FF - prefs.js..keyword.URL: "http://www.startnow.com/s/?src=addrbar&provider=Bing&provider_code=Z057&partner_id=333&product_id=519&affiliate_id=&channel=DPGL15&toolbar_id=200&toolbar_version=2.0&install_country=US&install_date=20110530&user_guid=FD5D666CADDE433AAD2BA8E7D83402B3&machine_id=76a401bfe5730c109a60f99cb183200a&browser=FF&os=win&os_version=5.1-x86-SP3&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\searchpredict@speedbit.com: C:\Program Files\SearchPredict\PRFireFox
FF - HKLM\software\mozilla\Firefox\Extensions\\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}: C:\Program Files\SpeedBit Video Downloader\SPFireFox
FF - HKLM\software\mozilla\Firefox\Extensions\\superfish@superfish.com: C:\Documents and Settings\All Users\Application DataMozilla\Extensions\superfish@superfish.com [2011/06/20 07:01:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/10 23:39:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/01 20:58:52 | 000,000,000 | ---D | M]

[2011/05/22 07:50:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Axel.ACER-365\Application Data\Mozilla\Extensions
[2011/06/18 12:12:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Axel.ACER-365\Application Data\Mozilla\Firefox\Profiles\jh0uth7v.default\extensions
[2011/05/30 19:53:08 | 000,000,000 | ---D | M] (StartNow Toolbar) -- C:\Documents and Settings\Axel.ACER-365\Application Data\Mozilla\Firefox\Profiles\jh0uth7v.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
[2011/05/30 10:26:38 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\Axel.ACER-365\Application Data\Mozilla\Firefox\Profiles\jh0uth7v.default\searchplugins\bing-zugo.xml
[2011/06/18 12:12:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/06 09:28:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/06/20 07:01:55 | 000,000,000 | ---D | M] (Window Shopper - Powered by Superfish) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATAMOZILLA\EXTENSIONS\SUPERFISH@SUPERFISH.COM
[2010/08/06 09:28:31 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/09/05 16:21:58 | 000,002,226 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml

O1 HOSTS File: ([2011/06/15 17:43:57 | 000,000,916 | RH-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 184.95.59.211 www.google.com
O1 - Hosts: 184.95.59.212 search.yahoo.com
O1 - Hosts: 184.95.59.212 www.bing.com
O2 - BHO: (ToggleEN Toolbar) - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\prxtbTog0.dll (Conduit Ltd.)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (StartNow Toolbar Helper) - {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll (Zugo)
O2 - BHO: (Window Shopper) - {74F475FA-6C75-43BD-AAB9-ECDA6184F600} - C:\Program Files\Superfish\Window Shopper\SuperfishIEAddon.dll (Superfish)
O3 - HKLM\..\Toolbar: (ToggleEN Toolbar) - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\prxtbTog0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (StartNow Toolbar) - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll (Zugo)
O3 - HKCU\..\Toolbar\WebBrowser: (ToggleEN Toolbar) - {038CB5C7-48EA-4AF9-94E0-A1646542E62B} - C:\Program Files\ToggleEN\prxtbTog0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\Drivers\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [cleanddm] File not found
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKCU..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Window Shopper - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - C:\Program Files\Superfish\Window Shopper\SuperfishIEAddon.dll (Superfish)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\TPSvc: DllName - TPSvc.dll - File not found
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Acer.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Acer.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/01/16 18:34:13 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 60 Days ==========

[2011/06/18 09:07:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Axel.ACER-365\Application Data\PriceGong
[2011/06/16 09:20:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Axel.ACER-365\Application Data\XenOnline
[2011/06/16 08:58:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\XenOnline
[2011/06/16 08:48:32 | 000,000,000 | ---D | C] -- C:\MAYN Games
[2011/06/16 07:03:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2011/06/15 23:00:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Axel.ACER-365\Local Settings\Application Data\DNA
[2011/06/15 23:00:57 | 000,000,000 | ---D | C] -- C:\Program Files\DNA
[2011/06/15 23:00:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Axel.ACER-365\Application Data\DNA
[2011/06/15 11:47:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Axel.ACER-365\Application Data\SUPERAntiSpyware.com
[2011/06/15 11:47:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Axel.ACER-365\Start Menu\Programs\SUPERAntiSpyware
[2011/06/15 11:47:15 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/06/11 14:02:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2011/06/09 09:09:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/06/09 09:09:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/06/01 11:03:04 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/06/01 11:03:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/06/01 11:02:59 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/06/01 11:02:59 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/06/01 10:23:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Axel.ACER-365\Desktop\Download
[2011/06/01 10:21:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Lunarsoft
[2011/06/01 10:21:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Axel.ACER-365\Local Settings\Application Data\Lunarsoft
[2011/06/01 10:21:00 | 000,000,000 | ---D | C] -- C:\Program Files\Lunarsoft
[2011/06/01 09:55:45 | 000,076,696 | ---- | C] (Prevx) -- C:\WINDOWS\System32\drivers\pxrts.sys
[2011/06/01 09:55:44 | 000,000,000 | ---D | C] -- C:\Program Files\Prevx
[2011/06/01 09:55:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PrevxCSI
[2011/05/30 19:53:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Axel.ACER-365\WINDOWS
[2011/05/30 19:53:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Axel.ACER-365\Local Settings\Application Data\Conduit
[2011/05/30 18:57:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2011/05/30 18:11:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Axel.ACER-365\Application Data\Superfish
[2011/05/30 10:38:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Axel.ACER-365\My Documents\DriverPerformer
[2011/05/30 10:26:34 | 000,000,000 | ---D | C] -- C:\Program Files\StartNow Toolbar
[2011/05/30 10:26:28 | 000,000,000 | ---D | C] -- C:\Program Files\Superfish
[2011/05/30 10:26:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application DataMozilla
[2011/05/29 21:36:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Axel.ACER-365\Application Data\WinRAR
[2011/05/24 22:40:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Axel.ACER-365\Application Data\DriverCure
[2011/05/24 22:40:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Axel.ACER-365\Application Data\ParetoLogic
[2011/05/23 22:54:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Axel.ACER-365\Local Settings\Application Data\ConduitEngine
[2011/05/23 22:54:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Axel.ACER-365\Local Settings\Application Data\ToggleEN
[2011/05/23 22:30:13 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/05/23 22:26:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/05/22 12:46:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Axel.ACER-365\Application Data\Sun
[2011/05/22 11:11:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/05/22 11:02:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Axel.ACER-365\Application Data\Solstice Reborn
[2011/05/22 09:26:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/05/22 08:08:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Axel.ACER-365\Application Data\Malwarebytes
[2011/05/22 08:06:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/05/22 07:55:07 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Axel.ACER-365\My Documents\Downloads
[2011/05/22 07:50:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Axel.ACER-365\Local Settings\Application Data\Mozilla
[2011/05/22 07:50:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Axel.ACER-365\Application Data\Mozilla
[2011/05/22 07:32:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Axel.ACER-365\Application Data\Clearwire
[2011/05/22 07:30:59 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Axel.ACER-365\Application Data\Microsoft
[2011/05/22 07:30:59 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Axel.ACER-365\SendTo
[2011/05/22 07:30:59 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Axel.ACER-365\Recent
[2011/05/22 07:30:59 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Axel.ACER-365\Application Data
[2011/05/22 07:30:59 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Axel.ACER-365\Start Menu\Programs\Startup
[2011/05/22 07:30:59 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Axel.ACER-365\Start Menu
[2011/05/22 07:30:59 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Axel.ACER-365\My Documents\My Pictures
[2011/05/22 07:30:59 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Axel.ACER-365\My Documents\My Music
[2011/05/22 07:30:59 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Axel.ACER-365\My Documents
[2011/05/22 07:30:59 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Axel.ACER-365\Favorites
[2011/05/22 07:30:59 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Axel.ACER-365\Start Menu\Programs\Accessories
[2011/05/22 07:30:59 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Axel.ACER-365\Cookies
[2011/05/22 07:30:59 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Axel.ACER-365\Templates
[2011/05/22 07:30:59 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Axel.ACER-365\PrintHood
[2011/05/22 07:30:59 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Axel.ACER-365\NetHood
[2011/05/22 07:30:59 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Axel.ACER-365\Local Settings
[2011/05/22 07:30:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Axel.ACER-365\My Documents\My Google Gadgets
[2011/05/22 07:30:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Axel.ACER-365\Local Settings\Application Data\Microsoft Help
[2011/05/22 07:30:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Axel.ACER-365\Local Settings\Application Data\Microsoft
[2011/05/22 07:30:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Axel.ACER-365\Application Data\Macromedia
[2011/05/22 07:30:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Axel.ACER-365\Application Data\InstallShield
[2011/05/22 07:30:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Axel.ACER-365\Application Data\Identities
[2011/05/22 07:30:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Axel.ACER-365\Local Settings\Application Data\Google
[2011/05/22 07:30:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Axel.ACER-365\Desktop
[2011/05/22 07:30:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Axel.ACER-365\Application Data\Adobe
[2011/05/22 07:30:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Axel.ACER-365\Application Data\Acer
[2011/05/21 18:43:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/05/21 18:10:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/05/13 17:30:23 | 000,000,000 | ---D | C] -- C:\Program Files\ConduitEngine
[2009/01/16 18:19:00 | 000,049,152 | ---- | C] ( ) -- C:\WINDOWS\Interop.IWshRuntimeLibrary.dll
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 60 Days ==========

[2011/06/21 09:07:03 | 000,434,834 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/21 09:07:03 | 000,068,788 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/21 09:02:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/21 09:02:26 | 1063,194,624 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/16 08:58:21 | 000,001,505 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\XenOnline.lnk
[2011/06/16 08:47:41 | 1125,821,228 | ---- | M] () -- C:\Documents and Settings\Axel.ACER-365\Desktop\Copy 1 of XenOnlineInstall.exe
[2011/06/16 07:03:14 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/06/15 17:43:57 | 000,000,916 | RH-- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/06/15 16:51:39 | 000,000,240 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2011/06/15 11:47:20 | 000,001,682 | ---- | M] () -- C:\Documents and Settings\Axel.ACER-365\Desktop\SUPERAntiSpyware Professional.lnk
[2011/06/14 08:32:33 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/11 14:08:36 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/09 18:00:00 | 000,000,440 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration.job
[2011/06/04 08:34:14 | 004,228,078 | ---- | M] () -- C:\Documents and Settings\Axel.ACER-365\My Documents\svchost.dmp
[2011/06/03 13:34:10 | 000,000,808 | ---- | M] () -- C:\Documents and Settings\Axel.ACER-365\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/06/03 13:34:10 | 000,000,790 | ---- | M] () -- C:\Documents and Settings\Axel.ACER-365\Desktop\Windows Media Player.lnk
[2011/06/01 11:03:04 | 000,000,788 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/01 10:21:22 | 000,000,850 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Anti-Malware Toolkit.lnk
[2011/06/01 09:56:36 | 000,000,053 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2011/06/01 09:55:45 | 000,076,696 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxrts.sys
[2011/05/31 15:37:57 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/25 17:48:14 | 000,000,286 | ---- | M] () -- C:\WINDOWS\reimage.ini
[2011/05/24 14:08:22 | 000,248,696 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/05/22 07:31:52 | 000,000,819 | ---- | M] () -- C:\Documents and Settings\Axel.ACER-365\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/22 07:24:19 | 000,012,798 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\ip3jtogxs440p0u42l6m1ckh
[2011/05/09 00:33:01 | 000,000,414 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Update Version2.job
[2011/05/01 19:52:16 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\Driver Robot.job
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/20 08:01:57 | 1063,194,624 | -HS- | C] () -- C:\hiberfil.sys
[2011/06/16 08:58:21 | 000,001,505 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\XenOnline.lnk
[2011/06/16 07:20:28 | 1125,821,228 | ---- | C] () -- C:\Documents and Settings\Axel.ACER-365\Desktop\Copy 1 of XenOnlineInstall.exe
[2011/06/15 16:51:39 | 000,000,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2011/06/15 11:47:20 | 000,001,682 | ---- | C] () -- C:\Documents and Settings\Axel.ACER-365\Desktop\SUPERAntiSpyware Professional.lnk
[2011/06/04 08:34:11 | 004,228,078 | ---- | C] () -- C:\Documents and Settings\Axel.ACER-365\My Documents\svchost.dmp
[2011/06/03 13:34:10 | 000,000,808 | ---- | C] () -- C:\Documents and Settings\Axel.ACER-365\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/06/01 11:03:04 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/01 10:21:22 | 000,000,850 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Anti-Malware Toolkit.lnk
[2011/06/01 09:55:21 | 000,000,053 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2011/05/25 17:47:50 | 000,000,286 | ---- | C] () -- C:\WINDOWS\reimage.ini
[2011/05/22 07:31:52 | 000,000,807 | ---- | C] () -- C:\Documents and Settings\Axel.ACER-365\Start Menu\Programs\Internet Explorer.lnk
[2011/05/22 07:31:32 | 000,000,796 | ---- | C] () -- C:\Documents and Settings\Axel.ACER-365\Start Menu\Programs\Windows Media Player.lnk
[2011/05/22 07:31:32 | 000,000,790 | ---- | C] () -- C:\Documents and Settings\Axel.ACER-365\Desktop\Windows Media Player.lnk
[2011/05/22 07:31:01 | 000,000,819 | ---- | C] () -- C:\Documents and Settings\Axel.ACER-365\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/22 07:31:01 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Axel.ACER-365\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/05/22 07:30:59 | 000,001,603 | ---- | C] () -- C:\Documents and Settings\Axel.ACER-365\Start Menu\Programs\Remote Assistance.lnk
[2011/05/22 07:30:59 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Axel.ACER-365\Start Menu\Programs\Outlook Express.lnk
[2011/05/21 14:56:44 | 000,012,798 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\ip3jtogxs440p0u42l6m1ckh
[2011/04/05 17:34:57 | 000,084,480 | ---- | C] () -- C:\WINDOWS\System32\EasyHook32.dll
[2010/11/22 10:00:36 | 000,230,752 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2010/11/22 10:00:35 | 000,118,176 | ---- | C] () -- C:\WINDOWS\patchw.dll
[2010/11/19 21:44:14 | 000,039,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\swmsflt.sys
[2010/11/19 21:31:34 | 002,033,744 | ---- | C] () -- C:\WINDOWS\System32\drivers\macxvi200.bin
[2010/09/11 21:14:42 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2010/09/11 18:54:02 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/09/11 18:54:02 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/07/01 18:45:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ud.sys
[2009/09/22 03:06:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/05/21 17:52:04 | 000,000,008 | RHS- | C] () -- C:\WINDOWS\System32\Desktop_.ini
[2009/05/21 17:48:39 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\M3000DIF.dll
[2009/05/21 17:48:39 | 000,145,408 | ---- | C] () -- C:\WINDOWS\System32\drivers\M3000KNT.sys
[2009/05/21 17:48:39 | 000,015,190 | ---- | C] () -- C:\WINDOWS\M3000Twn.ini
[2009/02/24 06:37:32 | 000,020,480 | ---- | C] () -- C:\WINDOWS\LauncheRyDiscCalc.exe
[2009/01/16 20:24:45 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/01/16 19:24:55 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\drivers\rtkhdaud.dat
[2009/01/16 18:37:00 | 000,032,768 | ---- | C] () -- C:\WINDOWS\AMove.exe
[2009/01/16 18:37:00 | 000,006,782 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2009/01/16 18:36:07 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/01/16 18:32:20 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/01/16 18:31:35 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2009/01/16 18:18:51 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2009/01/16 18:18:50 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2009/01/16 18:18:50 | 000,434,834 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2009/01/16 18:18:50 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2009/01/16 18:18:50 | 000,068,788 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2009/01/16 18:18:50 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2009/01/16 18:18:50 | 000,004,524 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2009/01/16 18:18:49 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2009/01/16 18:18:48 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2009/01/16 18:18:48 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2009/01/16 18:18:45 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2009/01/16 18:18:43 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2009/01/16 10:29:22 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/01/16 10:28:39 | 000,248,696 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:553CA6CA
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 12 bytes -> C:\WINDOWS\system32:{4B9A1497-0817-47C4-9612-D6A1C53ACF57}

< End of report >
This is the 60 day OTL

#4 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:04:01 PM

Posted 28 June 2011 - 10:23 AM

Hi,

Welcome to Bleeping Computer.

My name is Shannon and I will be working with you to remove the malware that is on your machine.

I apologize for the delay in replying to your post, but this forum is extremely busy.

Please Track this topic - On the top right on this tread, click on the Option button, and, in the drop-down list, click on 'Track this topic'. Under Subscription Information, click on 'Immediate Email Notification' and then click on the Proceed button at the bottom.

Do Not make any changes on your own to the infected computer.

Please set your system to show all files.
Click Start, open My Computer, select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.

Now, let's look more thoroughly at the infected computer -

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a log from the GMER anti-rootkit scanner, but, first, we need to disable your CD Emulation drivers.

Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.

Next, please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

Once you have the above logs, click on the Add Reply button below, copy in the DDS log, and include the Attach.txt and the GMER log as attachments. Also include any comments that you might have concerning the infection(s) and the infected computer.
Shannon

#5 track4444

track4444
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:01 PM

Posted 28 June 2011 - 01:07 PM

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_26
Run by Axel at 11:24:22 on 2011-06-28
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.510 [GMT -5:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\xampp\apache\bin\httpd.exe
C:\Program Files\Clearwire\Connection Manager\clearwireDeviceDiagnosticsService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\xampp\mysql\bin\mysqld.exe
C:\Program Files\Clearwire\Connection Manager\DeviceLaunchSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\xampp\apache\bin\httpd.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\DOCUME~1\AXEL~1.ACE\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Clearwire\Connection Manager\ClearwireCM.exe
C:\Program Files\Clearwire\Connection Manager\RcAppSvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0909&m=aspire_one
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0909&m=aspire_one
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0909&m=aspire_one
mSearch Page = ${URL_SEARCHPAGE}
mStart Page = ${URL_STARTPAGE}
mSearchAssistant =
BHO: ToggleEN Toolbar: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - c:\program files\toggleen\prxtbTog0.dll
BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: StartNow Toolbar Helper: {6e13d095-45c3-4271-9475-f3b48227dd9f} - c:\program files\startnow toolbar\Toolbar32.dll
BHO: Window Shopper: {74f475fa-6c75-43bd-aab9-ecda6184f600} - c:\program files\superfish\window shopper\SuperfishIEAddon.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: ToggleEN Toolbar: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - c:\program files\toggleen\prxtbTog0.dll
TB: StartNow Toolbar: {5911488e-9d1e-40ec-8cbb-06b231cc153f} - c:\program files\startnow toolbar\Toolbar32.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
mRun: [AzMixerSel] c:\program files\realtek\audio\drivers\AzMixerSel.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [cleanddm] %APPDATA%\cleanddm.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
dRunOnce: [eulqzvwv] c:\docume~1\locals~1\locals~1\applic~1\eulqzvwv.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - c:\program files\superfish\window shopper\SuperfishIEAddon.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: Interfaces\{4E5B3101-F6D8-44B3-99B1-42061829D166} : DhcpNameServer = 192.168.5.1
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
Notify: TPSvc - TPSvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 184.95.59.211 www.google.com
Hosts: 184.95.59.212 search.yahoo.com
Hosts: 184.95.59.212 www.bing.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\axel.acer-365\application data\mozilla\firefox\profiles\jh0uth7v.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.startnow.com/?src=startpage&provider=Bing&provider_code=Z057&partner_id=333&product_id=519&affiliate_id=&channel=DPGL15&toolbar_id=200&toolbar_version=2.0&install_country=US&install_date=20110530&user_guid=FD5D666CADDE433AAD2BA8E7D83402B3&machine_id=76a401bfe5730c109a60f99cb183200a&browser=FF&os=win&os_version=5.1-x86-SP3
FF - prefs.js: keyword.URL - hxxp://www.startnow.com/s/?src=addrbar&provider=Bing&provider_code=Z057&partner_id=333&product_id=519&affiliate_id=&channel=DPGL15&toolbar_id=200&toolbar_version=2.0&install_country=US&install_date=20110530&user_guid=FD5D666CADDE433AAD2BA8E7D83402B3&machine_id=76a401bfe5730c109a60f99cb183200a&browser=FF&os=win&os_version=5.1-x86-SP3&q=
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: StartNow Toolbar: {5911488E-9D1E-40ec-8CBB-06B231CC153F} - %profile%\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
FF - Ext: Window Shopper - Powered by Superfish: superfish@superfish.com - c:\documents and settings\all users\application datamozilla\extensions\superfish@superfish.com
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
.
============= SERVICES / DRIVERS ===============
.
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-1-16 14336]
R2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [2009-9-22 24636]
R2 clearwireDeviceDiagnosticsService;Clearwire Device Diagnostics Service;c:\program files\clearwire\connection manager\clearwireDeviceDiagnosticsService.exe [2010-6-17 398848]
R2 SMSI Device Launch Service;Clearwire Device Launch Service;c:\program files\clearwire\connection manager\DeviceLaunchSvc.exe [2010-9-1 107856]
R3 bcm;WiMAX Network Adapter;c:\windows\system32\drivers\drxvi314.sys [2010-11-19 318464]
R3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\drivers\BcmBusCtr.sys [2010-11-19 51456]
R3 CLEARWIRERcAppSvc;Clearwire RcAppSvc;c:\program files\clearwire\connection manager\RcAppSvc.exe [2010-9-1 120144]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2009-3-2 38912]
S3 BlackBox;BlackBox SR2; [x]
S3 cpuz134;cpuz134;\??\c:\docume~1\axel~1.ace\locals~1\temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\axel~1.ace\locals~1\temp\cpuz134\cpuz134_x32.sys [?]
S3 M3000Srv;WebCam Driver;c:\windows\system32\drivers\M3000KNT.sys [2009-5-21 145408]
S3 NPF;Netgroup Packet Filter;c:\windows\system32\drivers\npf.sys [2010-7-19 32512]
S3 PEEK5;PEEK5 Protocol Driver;\??\c:\docume~1\brilli~1\desktop\winair~1\winair~1\winair~1\files\peek5.sys --> c:\docume~1\brilli~1\desktop\winair~1\winair~1\winair~1\files\PEEK5.SYS [?]
S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [2009-1-16 160256]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\drivers\rts516xir.sys --> c:\windows\system32\drivers\Rts516xIR.sys [?]
S3 TS_AR5416;[CommView] Atheros AR5008 Wireless Network Adapter Service 7.7;c:\windows\system32\drivers\ts_athw.sys [2010-7-19 1605864]
S4 Toolbar Updater Service;Toolbar Updater Service;c:\program files\startnow toolbar\ToolbarUpdaterService.exe [2011-3-24 199904]
.
=============== File Associations ===============
.
exefile="c:\documents and settings\localservice\local settings\application data\ccd.exe" -a "%1" %*
.
=============== Created Last 30 ================
.
2011-06-26 16:44:40 -------- d-----w- c:\documents and settings\axel.acer-365\local settings\application data\WMTools Downloaded Files
2011-06-18 14:07:53 -------- d-----w- c:\documents and settings\axel.acer-365\application data\PriceGong
2011-06-16 14:20:19 -------- d-----w- c:\documents and settings\axel.acer-365\application data\XenOnline
2011-06-16 13:48:32 -------- d-----w- C:\MAYN Games
2011-06-16 04:00:59 -------- d-----w- c:\documents and settings\axel.acer-365\local settings\application data\DNA
2011-06-16 04:00:57 -------- d-----w- c:\program files\DNA
2011-06-16 04:00:57 -------- d-----w- c:\documents and settings\axel.acer-365\application data\DNA
2011-06-15 16:47:32 -------- d-----w- c:\documents and settings\axel.acer-365\application data\SUPERAntiSpyware.com
2011-06-15 16:47:15 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-06-11 19:02:07 -------- d-----w- c:\documents and settings\all users\application data\STOPzilla!
2011-06-01 16:03:04 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-01 16:02:59 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-01 16:02:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-01 15:21:08 -------- d-----w- c:\documents and settings\axel.acer-365\local settings\application data\Lunarsoft
2011-06-01 15:21:00 -------- d-----w- c:\program files\Lunarsoft
2011-06-01 14:55:45 76696 ----a-w- c:\windows\system32\drivers\pxrts.sys
2011-06-01 14:55:44 -------- d-----w- c:\program files\Prevx
2011-06-01 14:55:22 -------- d-----w- c:\documents and settings\all users\application data\PrevxCSI
2011-05-31 00:53:42 -------- d-----w- c:\documents and settings\axel.acer-365\WINDOWS
2011-05-31 00:53:41 -------- d-----w- c:\documents and settings\axel.acer-365\local settings\application data\Conduit
2011-05-30 23:57:17 -------- d-----w- c:\documents and settings\all users\application data\SecTaskMan
2011-05-30 23:11:34 -------- d-----w- c:\documents and settings\axel.acer-365\application data\Superfish
2011-05-30 15:26:34 -------- d-----w- c:\program files\StartNow Toolbar
2011-05-30 15:26:28 -------- d-----w- c:\program files\Superfish
2011-05-30 15:26:22 -------- d-----w- c:\documents and settings\all users\Application DataMozilla
.
==================== Find3M ====================
.
2011-05-13 22:30:23 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-05-04 09:52:22 472808 -c--a-w- c:\windows\system32\deployJava1.dll
2011-05-04 07:25:49 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-04-05 22:34:58 84480 ----a-w- c:\windows\system32\EasyHook32.dll
.
============= FINISH: 11:25:33.43 ===============
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 11:36 on 28/06/2011 (Axel)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-06-28 13:03:25
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 TOSHIBA_ rev.FG01
Running: v8fk8prh.exe; Driver: C:\DOCUME~1\AXEL~1.ACE\LOCALS~1\Temp\kxrcrpob.sys


---- Kernel code sections - GMER 1.0.15 ----

? C:\DOCUME~1\AXEL~1.ACE\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
Edit:I forgot to say when i disabled the emulators it did not ask me to restart. I killed a rootkit a few days back. Do you want me to post that log as well or no? I would also like so say thank you for your hard work.:)The only problem is the redirecting on google the svchost seems to be fine now though. Also at start up i get errors telling me if i want to run a program. I also can't turn on automatic updates on for some reason.

Attached Files


Edited by track4444, 28 June 2011 - 01:11 PM.


#6 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:04:01 PM

Posted 28 June 2011 - 02:02 PM

Please send the log. What software did you use to kill it with?
Shannon

#7 track4444

track4444
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:01 PM

Posted 28 June 2011 - 05:29 PM

Sorry I was at the pool I used.. well its on the description lol I will post it.
2011/06/25 18:21:43.0328 0456 TDSS rootkit removing tool 2.5.5.0 Jun 16 2011 15:25:15
2011/06/25 18:21:43.0359 0456 ================================================================================
2011/06/25 18:21:43.0359 0456 SystemInfo:
2011/06/25 18:21:43.0359 0456
2011/06/25 18:21:43.0359 0456 OS Version: 5.1.2600 ServicePack: 3.0
2011/06/25 18:21:43.0359 0456 Product type: Workstation
2011/06/25 18:21:43.0359 0456 ComputerName: ACER-365
2011/06/25 18:21:43.0359 0456 UserName: Axel
2011/06/25 18:21:43.0359 0456 Windows directory: C:\WINDOWS
2011/06/25 18:21:43.0359 0456 System windows directory: C:\WINDOWS
2011/06/25 18:21:43.0359 0456 Processor architecture: Intel x86
2011/06/25 18:21:43.0359 0456 Number of processors: 2
2011/06/25 18:21:43.0359 0456 Page size: 0x1000
2011/06/25 18:21:43.0359 0456 Boot type: Normal boot
2011/06/25 18:21:43.0359 0456 ================================================================================
2011/06/25 18:21:43.0843 0456 Initialize success
2011/06/25 18:21:50.0125 3772 ================================================================================
2011/06/25 18:21:50.0125 3772 Scan started
2011/06/25 18:21:50.0125 3772 Mode: Manual;
2011/06/25 18:21:50.0125 3772 ================================================================================
2011/06/25 18:21:50.0796 3772 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/06/25 18:21:50.0875 3772 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/06/25 18:21:51.0046 3772 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/06/25 18:21:51.0125 3772 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/06/25 18:21:51.0296 3772 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/06/25 18:21:51.0468 3772 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/06/25 18:21:51.0562 3772 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/06/25 18:21:51.0796 3772 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/06/25 18:21:51.0953 3772 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/06/25 18:21:52.0000 3772 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/06/25 18:21:52.0046 3772 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/06/25 18:21:52.0140 3772 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/06/25 18:21:52.0296 3772 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/06/25 18:21:52.0375 3772 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/06/25 18:21:52.0515 3772 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/06/25 18:21:52.0687 3772 AR5416 (ba7ec22eb21e195dc74201d3d0bfe03b) C:\WINDOWS\system32\DRIVERS\athw.sys
2011/06/25 18:21:52.0890 3772 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/06/25 18:21:52.0968 3772 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/06/25 18:21:53.0125 3772 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/06/25 18:21:53.0250 3772 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/06/25 18:21:53.0328 3772 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/06/25 18:21:53.0562 3772 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/06/25 18:21:53.0781 3772 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/06/25 18:21:54.0000 3772 bcm (99ec3b1c50a6fcb07b5f3f153a938e19) C:\WINDOWS\system32\DRIVERS\drxvi314.sys
2011/06/25 18:21:54.0359 3772 BCM43XX (fe4ed785396eaa554c561992106a35fa) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2011/06/25 18:21:54.0671 3772 bcmbusctr (c303a3c17d7605d07293e1b4cdde0c08) C:\WINDOWS\system32\DRIVERS\BcmBusCtr.sys
2011/06/25 18:21:54.0859 3772 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/06/25 18:21:55.0140 3772 BTWUSB (ad7f4b81a3f8d330dd8382b7cf4df341) C:\WINDOWS\system32\Drivers\btwusb.sys
2011/06/25 18:21:55.0312 3772 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/06/25 18:21:55.0484 3772 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/06/25 18:21:55.0625 3772 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/06/25 18:21:55.0671 3772 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/06/25 18:21:55.0843 3772 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/06/25 18:21:56.0031 3772 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/06/25 18:21:56.0203 3772 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/06/25 18:21:56.0437 3772 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/06/25 18:21:56.0609 3772 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/06/25 18:21:56.0640 3772 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/06/25 18:21:56.0859 3772 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/06/25 18:21:57.0140 3772 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/06/25 18:21:57.0203 3772 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/06/25 18:21:57.0421 3772 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/06/25 18:21:57.0546 3772 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/06/25 18:21:57.0750 3772 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/06/25 18:21:57.0921 3772 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/06/25 18:21:58.0125 3772 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/06/25 18:21:58.0343 3772 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/06/25 18:21:58.0546 3772 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/06/25 18:21:58.0671 3772 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/06/25 18:21:58.0843 3772 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/06/25 18:21:58.0906 3772 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/06/25 18:21:59.0046 3772 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/06/25 18:21:59.0218 3772 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/06/25 18:21:59.0328 3772 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/06/25 18:21:59.0500 3772 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/06/25 18:21:59.0562 3772 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/06/25 18:21:59.0734 3772 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/06/25 18:21:59.0828 3772 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/06/25 18:22:00.0015 3772 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/06/25 18:22:00.0187 3772 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/06/25 18:22:00.0328 3772 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/06/25 18:22:00.0531 3772 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/06/25 18:22:00.0625 3772 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/06/25 18:22:00.0906 3772 ialm (48846b31be5a4fa662ccfde7a1ba86b9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2011/06/25 18:22:01.0171 3772 iaStor (db0cc620b27a928d968c1a1e9cd9cb87) C:\WINDOWS\system32\drivers\iaStor.sys
2011/06/25 18:22:01.0359 3772 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/06/25 18:22:01.0546 3772 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/06/25 18:22:01.0906 3772 IntcAzAudAddService (662b65eeb8d070bd1162a7b63859afcf) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/06/25 18:22:02.0109 3772 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/06/25 18:22:02.0265 3772 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/06/25 18:22:02.0328 3772 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/06/25 18:22:02.0531 3772 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/06/25 18:22:02.0687 3772 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/06/25 18:22:02.0859 3772 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/06/25 18:22:03.0062 3772 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/06/25 18:22:03.0234 3772 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/06/25 18:22:03.0453 3772 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/06/25 18:22:03.0562 3772 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/06/25 18:22:03.0765 3772 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/06/25 18:22:03.0921 3772 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/06/25 18:22:04.0000 3772 L1c (6c8658587e91ea25b0fd2e71781ad228) C:\WINDOWS\system32\DRIVERS\l1c51x86.sys
2011/06/25 18:22:04.0156 3772 L1e (fa46f5d09edf93e0c71fe6500fe3f4ae) C:\WINDOWS\system32\DRIVERS\l1e51x86.sys
2011/06/25 18:22:04.0515 3772 M3000Srv (b47da7eb985a6676623f378642e417b6) C:\WINDOWS\system32\Drivers\M3000KNT.sys
2011/06/25 18:22:04.0687 3772 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/06/25 18:22:04.0843 3772 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/06/25 18:22:04.0921 3772 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/06/25 18:22:05.0093 3772 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/06/25 18:22:05.0265 3772 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/06/25 18:22:05.0437 3772 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/06/25 18:22:05.0515 3772 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/06/25 18:22:05.0703 3772 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/06/25 18:22:05.0937 3772 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/06/25 18:22:06.0140 3772 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/06/25 18:22:06.0343 3772 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/06/25 18:22:06.0484 3772 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/06/25 18:22:06.0546 3772 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/06/25 18:22:06.0687 3772 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/06/25 18:22:06.0781 3772 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/06/25 18:22:06.0953 3772 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/06/25 18:22:07.0171 3772 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/06/25 18:22:07.0375 3772 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/06/25 18:22:07.0453 3772 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/06/25 18:22:07.0593 3772 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/06/25 18:22:07.0671 3772 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/06/25 18:22:07.0828 3772 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/06/25 18:22:07.0890 3772 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/06/25 18:22:08.0062 3772 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/06/25 18:22:08.0234 3772 NPF (d21fee8db254ba762656878168ac1db6) C:\WINDOWS\system32\drivers\npf.sys
2011/06/25 18:22:08.0390 3772 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/06/25 18:22:08.0593 3772 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/06/25 18:22:08.0796 3772 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/06/25 18:22:08.0859 3772 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/06/25 18:22:09.0046 3772 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/06/25 18:22:09.0234 3772 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2011/06/25 18:22:09.0421 3772 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/06/25 18:22:09.0453 3772 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/06/25 18:22:09.0625 3772 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/06/25 18:22:09.0859 3772 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/06/25 18:22:10.0031 3772 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/06/25 18:22:10.0265 3772 PCTINDIS5 (1e715247efffdda938c085913045d599) C:\WINDOWS\system32\PCTINDIS5.SYS
2011/06/25 18:22:10.0843 3772 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/06/25 18:22:11.0000 3772 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/06/25 18:22:11.0250 3772 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/06/25 18:22:11.0437 3772 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/06/25 18:22:11.0593 3772 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/06/25 18:22:11.0656 3772 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/06/25 18:22:11.0828 3772 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/06/25 18:22:12.0000 3772 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/06/25 18:22:12.0093 3772 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/06/25 18:22:12.0281 3772 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/06/25 18:22:12.0437 3772 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/06/25 18:22:12.0515 3772 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/06/25 18:22:12.0687 3772 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/06/25 18:22:12.0859 3772 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/06/25 18:22:12.0921 3772 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/06/25 18:22:13.0015 3772 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/06/25 18:22:13.0187 3772 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/06/25 18:22:13.0281 3772 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/06/25 18:22:13.0453 3772 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/06/25 18:22:13.0531 3772 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/06/25 18:22:13.0750 3772 RSUSBSTOR (030442f08aec1a5d7cf035cc514374b9) C:\WINDOWS\system32\Drivers\RTS5121.sys
2011/06/25 18:22:14.0031 3772 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/06/25 18:22:14.0093 3772 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/06/25 18:22:14.0312 3772 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/06/25 18:22:14.0375 3772 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2011/06/25 18:22:14.0593 3772 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/06/25 18:22:14.0734 3772 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/06/25 18:22:14.0890 3772 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/06/25 18:22:14.0968 3772 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/06/25 18:22:15.0109 3772 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/06/25 18:22:15.0171 3772 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/06/25 18:22:15.0390 3772 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/06/25 18:22:15.0625 3772 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/06/25 18:22:15.0812 3772 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/06/25 18:22:16.0000 3772 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/06/25 18:22:16.0125 3772 swmsflt (40ff1af10735cf67746b50780eff7ae4) C:\WINDOWS\System32\drivers\swmsflt.sys
2011/06/25 18:22:16.0328 3772 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/06/25 18:22:16.0484 3772 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/06/25 18:22:16.0515 3772 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/06/25 18:22:16.0562 3772 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/06/25 18:22:16.0640 3772 SynTP (5c3e900f41426a372de60675afc8aa07) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2011/06/25 18:22:16.0796 3772 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/06/25 18:22:16.0921 3772 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/06/25 18:22:17.0093 3772 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/06/25 18:22:17.0281 3772 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/06/25 18:22:17.0437 3772 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/06/25 18:22:17.0593 3772 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/06/25 18:22:17.0843 3772 TS_AR5416 (86a7df019a144db8b63d86ace0c19ef5) C:\WINDOWS\system32\DRIVERS\ts_athw.sys
2011/06/25 18:22:18.0031 3772 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/06/25 18:22:18.0187 3772 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/06/25 18:22:18.0312 3772 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/06/25 18:22:18.0531 3772 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/06/25 18:22:18.0671 3772 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/06/25 18:22:18.0843 3772 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/06/25 18:22:18.0890 3772 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/06/25 18:22:19.0062 3772 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/06/25 18:22:19.0234 3772 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/06/25 18:22:19.0453 3772 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2011/06/25 18:22:19.0625 3772 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/06/25 18:22:19.0796 3772 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/06/25 18:22:19.0875 3772 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/06/25 18:22:20.0046 3772 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/06/25 18:22:20.0140 3772 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/06/25 18:22:20.0312 3772 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
2011/06/25 18:22:20.0531 3772 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/06/25 18:22:20.0843 3772 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/06/25 18:22:21.0078 3772 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/06/25 18:22:21.0250 3772 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/06/25 18:22:21.0437 3772 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/06/25 18:22:21.0718 3772 MBR (0x1B8) (04d4350ae5fb6fc2ad3e7c26b1323c68) \Device\Harddisk0\DR0
2011/06/25 18:22:21.0750 3772 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/06/25 18:22:21.0765 3772 ================================================================================
2011/06/25 18:22:21.0765 3772 Scan finished
2011/06/25 18:22:21.0765 3772 ================================================================================
2011/06/25 18:22:21.0796 3516 Detected object count: 1
2011/06/25 18:22:21.0796 3516 Actual detected object count: 1
2011/06/25 18:22:39.0515 3516 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/06/25 18:22:39.0515 3516 \Device\Harddisk0\DR0 - ok
2011/06/25 18:22:39.0515 3516 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure
2011/06/25 18:22:43.0093 4036 Deinitialize success
Edit: Also I know its a backdoor rootkit which tries to take control of my computer via internet. This is why I told some of the members its hard for me to be checking on my topic. It's fine, but it might still be hiding somewhere. D:

Edited by track4444, 28 June 2011 - 05:35 PM.


#8 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:04:01 PM

Posted 29 June 2011 - 09:51 AM

Hi-

Thanks for the TDSSKiller log. You seem to be aware of the backdoor threat, but just in case - a backdoor trojan allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still finish cleaning this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

If you decide to continue with the cleanup -

First, download Combofix from either of the links below, and save it to your desktop. For information regarding this download, please visit this webpage: how-to-use-combofix

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

How to Temporarily Disable your Anti-virusl


Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please copy the "C:\ComboFix.txt" into your reply.
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall


Next, please run Malwarebytes' Anti-Malware (MBAM)
  • Click on the Update tab and click the Check for Updates button.
  • When the update is finished, click on the Scanner tab.
  • Select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy & Paste the entire report in your next reply.

Then, do a new OTL scan.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • A report will open, copy and paste it into your reply:
  • OTL.txt <-- Will be the opened report

In your reply, please copy in the contents of the ComboFix, the MBAM, and OTL reports. How is your computer doing now?
Shannon

#9 track4444

track4444
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:01 PM

Posted 29 June 2011 - 11:43 AM

ComboFix 11-06-29.03 - Axel 06/29/2011 10:14:10.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.664 [GMT -5:00]
Running from: c:\documents and settings\Axel.ACER-365\My Documents\Downloads\ComboFix.exe
* Created a new restore point
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
ADS - system32: deleted 12 bytes in 1 streams.
ADS - svchost.exe: deleted 0 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Axel.ACER-365\Application Data\PriceGong
c:\documents and settings\Axel.ACER-365\WINDOWS
c:\documents and settings\Axel.ACER-365\WINDOWS\win.ini
c:\documents and settings\Axel\Application Data\PriceGong
c:\documents and settings\Axel\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Axel\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Axel\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Axel\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Axel\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Axel\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Axel\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Axel\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Axel\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Axel\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Axel\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Axel\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Axel\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Axel\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Axel\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Axel\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Axel\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Axel\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Axel\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Axel\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Axel\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Axel\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Axel\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Axel\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Axel\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Axel\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Axel\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Axel\Application Data\PriceGong\Data\z.xml
c:\windows\system32\Desktop_.ini
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
c:\windows\ud.sys
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2011-05-28 to 2011-06-29 )))))))))))))))))))))))))))))))
.
.
2011-06-26 16:45 . 2011-06-26 16:45 -------- d-----w- c:\documents and settings\Axel.ACER-365\Application Data\DivX
2011-06-26 16:44 . 2011-06-26 16:44 -------- d-----w- c:\documents and settings\Axel.ACER-365\Local Settings\Application Data\WMTools Downloaded Files
2011-06-26 15:41 . 2011-06-26 15:41 -------- d-----w- c:\program files\Common Files\Java
2011-06-20 12:01 . 2011-06-20 12:01 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2011-06-20 11:56 . 2011-06-20 11:56 -------- d-----w- c:\documents and settings\Administrator\Application Data\Clearwire
2011-06-16 14:20 . 2011-06-16 14:20 -------- d-----w- c:\documents and settings\Axel.ACER-365\Application Data\XenOnline
2011-06-16 13:48 . 2011-06-16 13:48 -------- d-----w- C:\MAYN Games
2011-06-16 12:03 . 2011-06-16 12:03 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2011-06-16 04:00 . 2011-06-16 04:00 -------- d-----w- c:\documents and settings\Axel.ACER-365\Local Settings\Application Data\DNA
2011-06-16 04:00 . 2011-06-29 15:37 -------- d-----w- c:\program files\DNA
2011-06-16 04:00 . 2011-06-29 15:37 -------- d-----w- c:\documents and settings\Axel.ACER-365\Application Data\DNA
2011-06-15 16:47 . 2011-06-15 16:47 -------- d-----w- c:\documents and settings\Axel.ACER-365\Application Data\SUPERAntiSpyware.com
2011-06-15 16:47 . 2011-06-17 13:38 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-06-11 19:02 . 2011-06-15 21:56 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2011-06-11 17:53 . 2011-06-11 17:53 -------- d-----w- c:\documents and settings\Guest account
2011-06-01 16:03 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-01 16:02 . 2011-06-01 16:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-01 16:02 . 2011-05-29 14:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-01 15:21 . 2011-06-01 15:21 -------- d-----w- c:\documents and settings\Axel.ACER-365\Local Settings\Application Data\Lunarsoft
2011-06-01 15:21 . 2011-06-01 15:21 -------- d-----w- c:\program files\Lunarsoft
2011-06-01 14:55 . 2011-06-01 14:55 76696 ----a-w- c:\windows\system32\drivers\pxrts.sys
2011-06-01 14:55 . 2011-06-01 14:55 -------- d-----w- c:\program files\Prevx
2011-06-01 14:55 . 2011-06-01 15:00 -------- d-----w- c:\documents and settings\All Users\Application Data\PrevxCSI
2011-05-30 23:57 . 2011-06-17 13:31 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
2011-05-30 23:11 . 2011-05-30 23:11 -------- d-----w- c:\documents and settings\Axel.ACER-365\Application Data\Superfish
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-13 22:30 . 2011-05-13 22:30 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-05-04 09:52 . 2010-08-06 14:28 472808 -c--a-w- c:\windows\system32\deployJava1.dll
2011-05-04 07:25 . 2010-08-06 14:28 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-04-05 22:34 . 2011-04-05 22:34 84480 ----a-w- c:\windows\system32\EasyHook32.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]
2011-01-17 14:54 175912 ----a-w- c:\program files\ToggleEN\prxtbTog0.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{038cb5c7-48ea-4af9-94e0-a1646542e62b}"= "c:\program files\ToggleEN\prxtbTog0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{038CB5C7-48EA-4AF9-94E0-A1646542E62B}"= "c:\program files\ToggleEN\prxtbTog0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2011-06-16 323392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AzMixerSel"="c:\program files\Realtek\Audio\Drivers\AzMixerSel.exe" [2006-01-25 53248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-06 1430824]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"RTHDCPL"="RTHDCPL.EXE" [2008-12-26 18081280]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-09-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-09-12 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-09-12 137752]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Toolbar Updater Service"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56288:TCP"= 56288:TCP:Pando Media Booster
"56288:UDP"= 56288:UDP:Pando Media Booster
"57242:TCP"= 57242:TCP:Pando Media Booster
"57242:UDP"= 57242:UDP:Pando Media Booster
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [1/16/2009 6:18 PM 14336]
R2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [9/22/2009 3:06 AM 24636]
R2 clearwireDeviceDiagnosticsService;Clearwire Device Diagnostics Service;c:\program files\Clearwire\Connection Manager\clearwireDeviceDiagnosticsService.exe [6/17/2010 5:55 PM 398848]
R2 SMSI Device Launch Service;Clearwire Device Launch Service;c:\program files\Clearwire\Connection Manager\DeviceLaunchSvc.exe [9/1/2010 3:00 PM 107856]
R3 bcm;WiMAX Network Adapter;c:\windows\system32\drivers\drxvi314.sys [11/19/2010 9:31 PM 318464]
R3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\drivers\BcmBusCtr.sys [11/19/2010 9:31 PM 51456]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [3/2/2009 1:03 PM 38912]
S3 BlackBox;BlackBox SR2; [x]
S3 CLEARWIRERcAppSvc;Clearwire RcAppSvc;c:\program files\Clearwire\Connection Manager\RcAppSvc.exe [9/1/2010 3:00 PM 120144]
S3 cpuz134;cpuz134;\??\c:\docume~1\AXEL~1.ACE\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\AXEL~1.ACE\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [?]
S3 M3000Srv;WebCam Driver;c:\windows\system32\drivers\M3000KNT.sys [5/21/2009 5:48 PM 145408]
S3 PEEK5;PEEK5 Protocol Driver;\??\c:\docume~1\BRILLI~1\Desktop\WINAIR~1\WINAIR~1\WINAIR~1\files\PEEK5.SYS --> c:\docume~1\BRILLI~1\Desktop\WINAIR~1\WINAIR~1\WINAIR~1\files\PEEK5.SYS [?]
S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [1/16/2009 7:26 PM 160256]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
S3 TS_AR5416;[CommView] Atheros AR5008 Wireless Network Adapter Service 7.7;c:\windows\system32\drivers\ts_athw.sys [7/19/2010 2:29 PM 1605864]
S4 Toolbar Updater Service;Toolbar Updater Service;c:\program files\StartNow Toolbar\ToolbarUpdaterService.exe [3/24/2011 4:59 AM 199904]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WUAUSERV
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0909&m=aspire_one
mStart Page = ${URL_STARTPAGE}
IE: {{A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - c:\program files\Superfish\Window Shopper\SuperfishIEAddon.dll
FF - ProfilePath - c:\documents and settings\Axel.ACER-365\Application Data\Mozilla\Firefox\Profiles\jh0uth7v.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.startnow.com/?src=startpage&provider=Bing&provider_code=Z057&partner_id=333&product_id=519&affiliate_id=&channel=DPGL15&toolbar_id=200&toolbar_version=2.0&install_country=US&install_date=20110530&user_guid=FD5D666CADDE433AAD2BA8E7D83402B3&machine_id=76a401bfe5730c109a60f99cb183200a&browser=FF&os=win&os_version=5.1-x86-SP3
FF - prefs.js: keyword.URL - hxxp://www.startnow.com/s/?src=addrbar&provider=Bing&provider_code=Z057&partner_id=333&product_id=519&affiliate_id=&channel=DPGL15&toolbar_id=200&toolbar_version=2.0&install_country=US&install_date=20110530&user_guid=FD5D666CADDE433AAD2BA8E7D83402B3&machine_id=76a401bfe5730c109a60f99cb183200a&browser=FF&os=win&os_version=5.1-x86-SP3&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: StartNow Toolbar: {5911488E-9D1E-40ec-8CBB-06B231CC153F} - %profile%\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
FF - Ext: Window Shopper - Powered by Superfish: superfish@superfish.com - c:\documents and settings\All Users\Application DataMozilla\Extensions\superfish@superfish.com
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
.
------- File Associations -------
.
exefile="c:\documents and settings\LocalService\Local Settings\Application Data\ccd.exe" -a "%1" %*
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-cleanddm - c:\documents and settings\Axel.ACER-365\Application Data\cleanddm.exe
HKU-Default-RunOnce-eulqzvwv - c:\docume~1\LOCALS~1\LOCALS~1\APPLIC~1\eulqzvwv.exe
Notify-TPSvc - TPSvc.dll
AddRemove-{28006915-2739-4EBE-B5E8-49B25D32EB33} - c:\program files\InstallShield Installation Information\{28006915-2739-4EBE-B5E8-49B25D32EB33}\setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-29 10:37
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(896)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\documents and settings\Axel.ACER-365\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
c:\documents and settings\Axel.ACER-365\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
c:\documents and settings\Axel.ACER-365\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
c:\documents and settings\Axel.ACER-365\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
.
- - - - - - - > 'explorer.exe'(664)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\xampp\mysql\bin\mysqld.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
.
**************************************************************************
.
Completion time: 2011-06-29 10:40:23 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-29 15:40
.
Pre-Run: 131,610,017,792 bytes free
Post-Run: 132,646,146,048 bytes free
.
Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - BD619D18F06705EB045AC05746112BC1
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6745

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

6/29/2011 11:26:27 AM
mbam-log-2011-06-29 (11-26-27).txt

Scan type: Full scan (C:\|)
Objects scanned: 247811
Time elapsed: 41 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
OTL logfile created on: 6/29/2011 11:27:49 AM - Run 5
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\Axel.ACER-365\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.87 Mb Total Physical Memory | 556.62 Mb Available Physical Memory | 54.90% Memory free
2.39 Gb Paging File | 1.92 Gb Available in Paging File | 80.38% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 123.50 Gb Free Space | 82.86% Space Free | Partition Type: NTFS

Computer Name: ACER-365 | User Name: Axel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days

========== Processes (SafeList) ==========

PRC - [2011/06/20 09:04:13 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Axel.ACER-365\My Documents\Downloads\OTL.exe
PRC - [2011/06/15 23:01:05 | 000,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\DNA\btdna.exe
PRC - [2010/09/07 23:05:54 | 000,054,608 | ---- | M] (ClearwireCM) -- C:\Program Files\Clearwire\Connection Manager\ClearwireCM.exe
PRC - [2010/09/01 15:00:30 | 000,120,144 | ---- | M] (SmithMicro Inc.) -- C:\Program Files\Clearwire\Connection Manager\RcAppSvc.exe
PRC - [2010/09/01 15:00:20 | 000,107,856 | ---- | M] () -- C:\Program Files\Clearwire\Connection Manager\DeviceLaunchSvc.exe
PRC - [2010/06/17 17:55:10 | 000,398,848 | ---- | M] () -- C:\Program Files\Clearwire\Connection Manager\clearwireDeviceDiagnosticsService.exe
PRC - [2009/03/16 06:29:28 | 006,562,432 | ---- | M] () -- C:\xampp\mysql\bin\mysqld.exe
PRC - [2008/12/09 18:10:14 | 000,024,636 | ---- | M] (Apache Software Foundation) -- C:\xampp\apache\bin\httpd.exe
PRC - [2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/06/20 09:04:13 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Axel.ACER-365\My Documents\Downloads\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (IAANTMON) Intel®
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/06/15 21:47:24 | 003,435,096 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_e877e12.dll -- (Akamai)
SRV - [2011/03/24 04:59:34 | 000,199,904 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe -- (Toolbar Updater Service)
SRV - [2010/09/01 15:00:30 | 000,120,144 | ---- | M] (SmithMicro Inc.) [On_Demand | Running] -- C:\Program Files\Clearwire\Connection Manager\RcAppSvc.exe -- (CLEARWIRERcAppSvc)
SRV - [2010/09/01 15:00:20 | 000,107,856 | ---- | M] () [Auto | Running] -- C:\Program Files\Clearwire\Connection Manager\DeviceLaunchSvc.exe -- (SMSI Device Launch Service)
SRV - [2010/06/17 17:55:10 | 000,398,848 | ---- | M] () [Auto | Running] -- C:\Program Files\Clearwire\Connection Manager\clearwireDeviceDiagnosticsService.exe -- (clearwireDeviceDiagnosticsService)
SRV - [2009/03/16 06:29:28 | 006,562,432 | ---- | M] () [Auto | Running] -- C:\xampp\mysql\bin\mysqld.exe -- (MySQL)
SRV - [2008/12/09 18:10:14 | 000,024,636 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\xampp\apache\bin\httpd.exe -- (Apache2.2)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2010/09/01 14:30:00 | 000,039,632 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\swmsflt.sys -- (swmsflt)
DRV - [2010/09/01 14:21:00 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCTINDIS5.sys -- (PCTINDIS5)
DRV - [2010/07/08 14:32:54 | 000,318,464 | ---- | M] (Beceem communications pvt ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\drxvi314.sys -- (bcm)
DRV - [2010/07/08 14:29:32 | 000,051,456 | ---- | M] (Beceem communications pvt ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BcmBusCtr.sys -- (bcmbusctr)
DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/03/02 21:47:32 | 001,605,864 | ---- | M] (TamoSoft) [CommView] Atheros AR5008 Wireless Network Adapter Service 7.7 [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ts_athw.sys -- (TS_AR5416)
DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/05/18 09:08:26 | 001,566,080 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2009/03/02 13:03:48 | 000,038,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c)
DRV - [2009/02/20 16:53:18 | 001,952,512 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2009/01/02 20:33:54 | 000,145,408 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\M3000KNT.sys -- (M3000Srv)
DRV - [2008/12/26 04:27:26 | 004,968,448 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/11/21 05:36:46 | 000,160,256 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTS5121.sys -- (RSUSBSTOR)
DRV - [2008/09/23 12:15:00 | 000,038,400 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\l1e51x86.sys -- (L1e)
DRV - [2007/08/26 23:58:18 | 000,074,656 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006/10/18 21:47:10 | 000,542,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\blackbox.dll -- (BlackBox)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = ${URL_STARTPAGE}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0909&m=aspire_one
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0909&m=aspire_one
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.startup.homepage: "http://www.startnow.com/?src=startpage&provider=Bing&provider_code=Z057&partner_id=333&product_id=519&affiliate_id=&channel=DPGL15&toolbar_id=200&toolbar_version=2.0&install_country=US&install_date=20110530&user_guid=FD5D666CADDE433AAD2BA8E7D83402B3&machine_id=76a401bfe5730c109a60f99cb183200a&browser=FF&os=win&os_version=5.1-x86-SP3"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {5911488E-9D1E-40ec-8CBB-06B231CC153F}:2.0
FF - prefs.js..extensions.enabledItems: superfish@superfish.com:1.2.0.8
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..keyword.URL: "http://www.startnow.com/s/?src=addrbar&provider=Bing&provider_code=Z057&partner_id=333&product_id=519&affiliate_id=&channel=DPGL15&toolbar_id=200&toolbar_version=2.0&install_country=US&install_date=20110530&user_guid=FD5D666CADDE433AAD2BA8E7D83402B3&machine_id=76a401bfe5730c109a60f99cb183200a&browser=FF&os=win&os_version=5.1-x86-SP3&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\searchpredict@speedbit.com: C:\Program Files\SearchPredict\PRFireFox
FF - HKLM\software\mozilla\Firefox\Extensions\\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}: C:\Program Files\SpeedBit Video Downloader\SPFireFox
FF - HKLM\software\mozilla\Firefox\Extensions\\superfish@superfish.com: C:\Documents and Settings\All Users\Application DataMozilla\Extensions\superfish@superfish.com [2011/06/20 07:01:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/10 23:39:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/01 20:58:52 | 000,000,000 | ---D | M]

[2011/05/22 07:50:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Axel.ACER-365\Application Data\Mozilla\Extensions
[2011/06/28 11:31:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Axel.ACER-365\Application Data\Mozilla\Firefox\Profiles\jh0uth7v.default\extensions
[2011/05/30 19:53:08 | 000,000,000 | ---D | M] (StartNow Toolbar) -- C:\Documents and Settings\Axel.ACER-365\Application Data\Mozilla\Firefox\Profiles\jh0uth7v.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
[2011/05/30 10:26:38 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\Axel.ACER-365\Application Data\Mozilla\Firefox\Profiles\jh0uth7v.default\searchplugins\bing-zugo.xml
[2011/06/28 11:31:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/06 09:28:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/06/26 10:40:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/06/20 07:01:55 | 000,000,000 | ---D | M] (Window Shopper - Powered by Superfish) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATAMOZILLA\EXTENSIONS\SUPERFISH@SUPERFISH.COM
[2010/08/06 09:28:32 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/09/05 16:21:58 | 000,002,226 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml

O1 HOSTS File: ([2011/06/29 10:37:21 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (ToggleEN Toolbar) - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\prxtbTog0.dll (Conduit Ltd.)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Window Shopper) - {74F475FA-6C75-43BD-AAB9-ECDA6184F600} - C:\Program Files\Superfish\Window Shopper\SuperfishIEAddon.dll (Superfish)
O3 - HKLM\..\Toolbar: (ToggleEN Toolbar) - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\prxtbTog0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (ToggleEN Toolbar) - {038CB5C7-48EA-4AF9-94E0-A1646542E62B} - C:\Program Files\ToggleEN\prxtbTog0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\Drivers\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKCU..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Window Shopper - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - C:\Program Files\Superfish\Window Shopper\SuperfishIEAddon.dll (Superfish)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 71.22.6.12 64.13.115.12
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Acer.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Acer.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/01/16 18:34:13 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "C:\Documents and Settings\LocalService\Local Settings\Application Data\ccd.exe" -a "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "C:\Documents and Settings\LocalService\Local Settings\Application Data\ccd.exe" -a "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 60 Days ==========

[2011/06/29 10:45:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/06/29 10:11:38 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/06/29 10:11:38 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/06/29 10:11:38 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/06/29 10:11:38 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/06/29 10:11:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/06/29 10:11:21 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/06/28 11:24:22 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Axel.ACER-365\Start Menu\Programs\Administrative Tools
[2011/06/26 11:45:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Axel.ACER-365\Application Data\DivX
[2011/06/26 11:44:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Axel.ACER-365\Local Settings\Application Data\WMTools Downloaded Files
[2011/06/26 11:44:38 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Axel.ACER-365\My Documents\My Videos
[2011/06/26 10:41:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/06/26 10:40:47 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/06/26 10:40:47 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/06/26 10:40:47 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/06/24 14:38:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2011/06/16 09:20:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Axel.ACER-365\Application Data\XenOnline
[2011/06/16 08:58:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\XenOnline
[2011/06/16 08:48:32 | 000,000,000 | ---D | C] -- C:\MAYN Games
[2011/06/16 07:03:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2011/06/15 23:00:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Axel.ACER-365\Local Settings\Application Data\DNA
[2011/06/15 23:00:57 | 000,000,000 | ---D | C] -- C:\Program Files\DNA
[2011/06/15 23:00:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Axel.ACER-365\Application Data\DNA
[2011/06/15 11:47:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Axel.ACER-365\Application Data\SUPERAntiSpyware.com
[2011/06/15 11:47:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Axel.ACER-365\Start Menu\Programs\SUPERAntiSpyware
[2011/06/15 11:47:15 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/06/11 14:02:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2011/06/09 09:09:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/06/09 09:09:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/06/01 11:03:04 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/06/01 11:03:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/06/01 11:02:59 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/06/01 11:02:59 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/06/01 10:23:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Axel.ACER-365\Desktop\Download
[2011/06/01 10:21:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Lunarsoft
[2011/06/01 10:21:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Axel.ACER-365\Local Settings\Application Data\Lunarsoft
[2011/06/01 10:21:00 | 000,000,000 | ---D | C] -- C:\Program Files\Lunarsoft
[2011/06/01 09:55:45 | 000,076,696 | ---- | C] (Prevx) -- C:\WINDOWS\System32\drivers\pxrts.sys
[2011/06/01 09:55:44 | 000,000,000 | ---D | C] -- C:\Program Files\Prevx
[2011/06/01 09:55:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PrevxCSI
[2011/05/30 19:53:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Axel.ACER-365\Local Settings\Application Data\Conduit
[2011/05/30 18:57:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2011/05/30 18:11:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Axel.ACER-365\Application Data\Superfish
[2011/05/30 10:38:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Axel.ACER-365\My Documents\DriverPerformer
[2011/05/30 10:26:34 | 000,000,000 | ---D | C] -- C:\Program Files\StartNow Toolbar
[2011/05/30 10:26:28 | 000,000,000 | ---D | C] -- C:\Program Files\Superfish
[2011/05/30 10:26:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application DataMozilla
[2011/05/29 21:36:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Axel.ACER-365\Application Data\WinRAR
[2011/05/24 22:40:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Axel.ACER-365\Application Data\DriverCure
[2011/05/24 22:40:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Axel.ACER-365\Application Data\ParetoLogic
[2011/05/23 22:54:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Axel.ACER-365\Local Settings\Application Data\ConduitEngine
[2011/05/23 22:54:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Axel.ACER-365\Local Settings\Application Data\ToggleEN
[2011/05/23 22:30:13 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/05/23 22:26:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/05/22 12:46:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Axel.ACER-365\Application Data\Sun
[2011/05/22 11:11:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/05/22 11:02:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Axel.ACER-365\Application Data\Solstice Reborn
[2011/05/22 09:26:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/05/22 08:08:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Axel.ACER-365\Application Data\Malwarebytes
[2011/05/22 08:06:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/05/22 07:55:07 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Axel.ACER-365\My Documents\Downloads
[2011/05/22 07:50:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Axel.ACER-365\Local Settings\Application Data\Mozilla
[2011/05/22 07:50:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Axel.ACER-365\Application Data\Mozilla
[2011/05/22 07:32:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Axel.ACER-365\Application Data\Clearwire
[2011/05/22 07:30:59 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Axel.ACER-365\Application Data\Microsoft
[2011/05/22 07:30:59 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Axel.ACER-365\SendTo
[2011/05/22 07:30:59 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Axel.ACER-365\Recent
[2011/05/22 07:30:59 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Axel.ACER-365\Application Data
[2011/05/22 07:30:59 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Axel.ACER-365\Start Menu\Programs\Startup
[2011/05/22 07:30:59 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Axel.ACER-365\Start Menu
[2011/05/22 07:30:59 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Axel.ACER-365\My Documents\My Pictures
[2011/05/22 07:30:59 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Axel.ACER-365\My Documents\My Music
[2011/05/22 07:30:59 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Axel.ACER-365\My Documents
[2011/05/22 07:30:59 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Axel.ACER-365\Favorites
[2011/05/22 07:30:59 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Axel.ACER-365\Start Menu\Programs\Accessories
[2011/05/22 07:30:59 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Axel.ACER-365\Cookies
[2011/05/22 07:30:59 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Axel.ACER-365\Templates
[2011/05/22 07:30:59 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Axel.ACER-365\PrintHood
[2011/05/22 07:30:59 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Axel.ACER-365\NetHood
[2011/05/22 07:30:59 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Axel.ACER-365\Local Settings
[2011/05/22 07:30:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Axel.ACER-365\My Documents\My Google Gadgets
[2011/05/22 07:30:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Axel.ACER-365\Local Settings\Application Data\Microsoft Help
[2011/05/22 07:30:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Axel.ACER-365\Local Settings\Application Data\Microsoft
[2011/05/22 07:30:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Axel.ACER-365\Application Data\Macromedia
[2011/05/22 07:30:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Axel.ACER-365\Application Data\InstallShield
[2011/05/22 07:30:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Axel.ACER-365\Application Data\Identities
[2011/05/22 07:30:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Axel.ACER-365\Local Settings\Application Data\Google
[2011/05/22 07:30:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Axel.ACER-365\Desktop
[2011/05/22 07:30:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Axel.ACER-365\Application Data\Adobe
[2011/05/22 07:30:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Axel.ACER-365\Application Data\Acer
[2011/05/21 18:43:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/05/21 18:10:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/05/13 17:30:23 | 000,000,000 | ---D | C] -- C:\Program Files\ConduitEngine
[2009/01/16 18:19:00 | 000,049,152 | ---- | C] ( ) -- C:\WINDOWS\Interop.IWshRuntimeLibrary.dll
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 60 Days ==========

[2011/06/29 10:38:56 | 000,434,834 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/29 10:38:56 | 000,068,788 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/29 10:37:21 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/06/29 10:28:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/29 10:28:48 | 1063,194,624 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/28 11:28:11 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Axel.ACER-365\defogger_reenable
[2011/06/26 10:57:32 | 000,000,801 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\YouTube Downloader.lnk
[2011/06/25 18:04:14 | 000,010,762 | -HS- | M] () -- C:\Documents and Settings\Axel.ACER-365\Local Settings\Application Data\pslfh888qr6kqq7l08484432
[2011/06/25 18:04:14 | 000,010,762 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\pslfh888qr6kqq7l08484432
[2011/06/25 13:40:04 | 000,010,786 | -HS- | M] () -- C:\Documents and Settings\Axel.ACER-365\Local Settings\Application Data\2702064725
[2011/06/25 13:40:04 | 000,010,786 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\2271568364
[2011/06/25 12:59:37 | 000,010,908 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\2702064725
[2011/06/16 08:58:21 | 000,001,505 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\XenOnline.lnk
[2011/06/16 08:47:41 | 1125,821,228 | ---- | M] () -- C:\Documents and Settings\Axel.ACER-365\Desktop\Copy 1 of XenOnlineInstall.exe
[2011/06/16 07:03:14 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/06/15 16:51:39 | 000,000,240 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2011/06/15 11:47:20 | 000,001,682 | ---- | M] () -- C:\Documents and Settings\Axel.ACER-365\Desktop\SUPERAntiSpyware Professional.lnk
[2011/06/14 08:32:33 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/11 14:08:36 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/04 08:34:14 | 004,228,078 | ---- | M] () -- C:\Documents and Settings\Axel.ACER-365\My Documents\svchost.dmp
[2011/06/03 13:34:10 | 000,000,808 | ---- | M] () -- C:\Documents and Settings\Axel.ACER-365\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/06/03 13:34:10 | 000,000,790 | ---- | M] () -- C:\Documents and Settings\Axel.ACER-365\Desktop\Windows Media Player.lnk
[2011/06/01 11:03:04 | 000,000,788 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/01 10:21:22 | 000,000,850 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Anti-Malware Toolkit.lnk
[2011/06/01 09:56:36 | 000,000,053 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2011/06/01 09:55:45 | 000,076,696 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxrts.sys
[2011/05/31 15:37:57 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/25 17:48:14 | 000,000,286 | ---- | M] () -- C:\WINDOWS\reimage.ini
[2011/05/24 14:08:22 | 000,248,696 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/05/22 07:31:52 | 000,000,819 | ---- | M] () -- C:\Documents and Settings\Axel.ACER-365\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/22 07:24:19 | 000,012,798 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\ip3jtogxs440p0u42l6m1ckh
[2011/05/04 04:52:34 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/05/04 04:52:33 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/05/04 04:52:32 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/05/04 04:52:22 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/05/04 02:25:49 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/29 10:11:38 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/06/29 10:11:38 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/06/29 10:11:38 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/06/29 10:11:38 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/06/29 10:11:38 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/06/28 11:28:11 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Axel.ACER-365\defogger_reenable
[2011/06/25 18:11:34 | 1063,194,624 | -HS- | C] () -- C:\hiberfil.sys
[2011/06/25 12:59:57 | 000,010,786 | -HS- | C] () -- C:\Documents and Settings\Axel.ACER-365\Local Settings\Application Data\2702064725
[2011/06/25 12:59:57 | 000,010,786 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\2271568364
[2011/06/25 12:57:16 | 000,010,908 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\2702064725
[2011/06/25 12:57:16 | 000,010,762 | -HS- | C] () -- C:\Documents and Settings\Axel.ACER-365\Local Settings\Application Data\pslfh888qr6kqq7l08484432
[2011/06/25 12:55:42 | 000,011,496 | -HS- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\pslfh888qr6kqq7l08484432
[2011/06/25 12:55:42 | 000,010,762 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\pslfh888qr6kqq7l08484432
[2011/06/16 08:58:21 | 000,001,505 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\XenOnline.lnk
[2011/06/16 07:20:28 | 1125,821,228 | ---- | C] () -- C:\Documents and Settings\Axel.ACER-365\Desktop\Copy 1 of XenOnlineInstall.exe
[2011/06/15 16:51:39 | 000,000,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2011/06/15 11:47:20 | 000,001,682 | ---- | C] () -- C:\Documents and Settings\Axel.ACER-365\Desktop\SUPERAntiSpyware Professional.lnk
[2011/06/04 08:34:11 | 004,228,078 | ---- | C] () -- C:\Documents and Settings\Axel.ACER-365\My Documents\svchost.dmp
[2011/06/03 13:34:10 | 000,000,808 | ---- | C] () -- C:\Documents and Settings\Axel.ACER-365\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/06/01 11:03:04 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/01 10:21:22 | 000,000,850 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Anti-Malware Toolkit.lnk
[2011/06/01 09:55:21 | 000,000,053 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2011/05/25 17:47:50 | 000,000,286 | ---- | C] () -- C:\WINDOWS\reimage.ini
[2011/05/22 07:31:52 | 000,000,807 | ---- | C] () -- C:\Documents and Settings\Axel.ACER-365\Start Menu\Programs\Internet Explorer.lnk
[2011/05/22 07:31:32 | 000,000,796 | ---- | C] () -- C:\Documents and Settings\Axel.ACER-365\Start Menu\Programs\Windows Media Player.lnk
[2011/05/22 07:31:32 | 000,000,790 | ---- | C] () -- C:\Documents and Settings\Axel.ACER-365\Desktop\Windows Media Player.lnk
[2011/05/22 07:31:01 | 000,000,819 | ---- | C] () -- C:\Documents and Settings\Axel.ACER-365\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/22 07:31:01 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Axel.ACER-365\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/05/22 07:30:59 | 000,001,603 | ---- | C] () -- C:\Documents and Settings\Axel.ACER-365\Start Menu\Programs\Remote Assistance.lnk
[2011/05/22 07:30:59 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Axel.ACER-365\Start Menu\Programs\Outlook Express.lnk
[2011/05/21 14:56:44 | 000,012,798 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\ip3jtogxs440p0u42l6m1ckh
[2011/04/05 17:34:57 | 000,084,480 | ---- | C] () -- C:\WINDOWS\System32\EasyHook32.dll
[2010/11/22 10:00:36 | 000,230,752 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2010/11/22 10:00:35 | 000,118,176 | ---- | C] () -- C:\WINDOWS\patchw.dll
[2010/11/19 21:44:14 | 000,039,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\swmsflt.sys
[2010/11/19 21:31:34 | 002,033,744 | ---- | C] () -- C:\WINDOWS\System32\drivers\macxvi200.bin
[2010/09/11 21:14:42 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2010/09/11 18:54:02 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/09/11 18:54:02 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2009/09/22 03:06:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/05/21 17:48:39 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\M3000DIF.dll
[2009/05/21 17:48:39 | 000,145,408 | ---- | C] () -- C:\WINDOWS\System32\drivers\M3000KNT.sys
[2009/05/21 17:48:39 | 000,015,190 | ---- | C] () -- C:\WINDOWS\M3000Twn.ini
[2009/02/24 06:37:32 | 000,020,480 | ---- | C] () -- C:\WINDOWS\LauncheRyDiscCalc.exe
[2009/01/16 20:24:45 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/01/16 19:24:55 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\drivers\rtkhdaud.dat
[2009/01/16 18:37:00 | 000,032,768 | ---- | C] () -- C:\WINDOWS\AMove.exe
[2009/01/16 18:37:00 | 000,006,782 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2009/01/16 18:36:07 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/01/16 18:32:20 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/01/16 18:31:35 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2009/01/16 18:18:51 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2009/01/16 18:18:50 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2009/01/16 18:18:50 | 000,434,834 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2009/01/16 18:18:50 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2009/01/16 18:18:50 | 000,068,788 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2009/01/16 18:18:50 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2009/01/16 18:18:50 | 000,004,524 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2009/01/16 18:18:49 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2009/01/16 18:18:48 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2009/01/16 18:18:48 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2009/01/16 18:18:45 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2009/01/16 18:18:43 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2009/01/16 10:29:22 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/01/16 10:28:39 | 000,248,696 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:553CA6CA
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >
Well the redirecting finally stopped. Automatic updates is working again and im currently installing the updates. I guess im read for the next step boss. I will also be changing all passwords this weekend. As for credit card info I did use my brothers ones, before the infection. The page asked me if I wanted to save the info for faster transaction I put no. Though I will tell him to check if his credit card is fine. Also when the computer started acting weird I erased all history and deleted this account completly. Not sure if the computer still manages to save critical info or not. Again thanks for the help buddy.

#10 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:04:01 PM

Posted 29 June 2011 - 01:15 PM

Hi-

Sounds good.

Need to check on a file -

Before we start, please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Please click this link-->Jotti
When the Jotti page has finished loading, click Jotti's Browse button and navigate to the following file and click the Submit file button within Jotti.

c:\documents and settings\localservice\local settings\application data\ccd.exe

If Jotti reports that the file has been scanned before and gives you those results, click on the Scan Again button.
Please post back the results of the scan in your next post. You can just send me the link to the results.
If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/

Looking at the logs, I don't see an Anti Virus Program running on your machine and one is needed to help prevent more infections
  • Download and install an antivirus program, and make sure that you keep it updated.
    New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.
    Two good antivirus programs, free for non-commercial home use, are Avast! and Antivir
    Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impair the performance of your PC.
I'd like for you to scan your machine with ESET OnlineScan
  • Hold down Control key and click on the following link to open ESET OnlineScan in a new window.
  • ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip the next two steps)
  • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

In your reply, please send me the results of the Jotti scan and copy in the contents of the ESET Online Scan report.
Shannon

#11 track4444

track4444
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:01 PM

Posted 30 June 2011 - 09:21 AM

C:\Config.Msi\17ed0d.rbf Win32/RegistryBooster application cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde1.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde11.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde13.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde15.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde17.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde19.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde21.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde23.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde25.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde3.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde5.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde7.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde9.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\Documents and Settings\Axel.ACER-365\Application Data\Sun\Java\Deployment\cache\6.0\39\58ec35a7-3fe578b5 a variant of Java/Exploit.CVE-2010-4452.A trojan cleaned by deleting - quarantined
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\11\3a24020b-66722f39 Java/TrojanDownloader.OpenStream.NBV trojan deleted - quarantined
C:\System Volume Information\_restore{EECCC067-5764-4761-8178-47FA5F6368E3}\RP1\A0001157.exe a variant of Win32/Adware.OneStep.L application cleaned by deleting - quarantined
C:\System Volume Information\_restore{EECCC067-5764-4761-8178-47FA5F6368E3}\RP1\A0001159.exe a variant of Win32/Adware.OneStep.L application cleaned by deleting - quarantined
C:\System Volume Information\_restore{EECCC067-5764-4761-8178-47FA5F6368E3}\RP1\A0012523.dll Win32/Toolbar.Zugo application cleaned by deleting - quarantined
C:\System Volume Information\_restore{EECCC067-5764-4761-8178-47FA5F6368E3}\RP3\A0069150.exe Win32/Adware.SecurityShield.C application cleaned by deleting - quarantined
C:\System Volume Information\_restore{EECCC067-5764-4761-8178-47FA5F6368E3}\RP4\A0113327.exe a variant of Win32/Kryptik.PMC trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{EECCC067-5764-4761-8178-47FA5F6368E3}\RP7\A0115518.rbf Win32/RegistryBooster application cleaned by deleting - quarantined
I feel a little slower with the antivirus avast is this normal? not a whole lot though and man was I still infected...
Edit It also keeps telling me about a sandbox and i lag everytime it pops up i just press okay though...
2ndEdit Okay it only comes up when I open my documents on downloads folder. keeps telling me OTL might be unsafe and the file explorer.exe is trying to open it. It keeps asking me the same question lol.
3rd Edit I deleted OTL and it stopped showing me the message. The only time i get minor latency is when i go to downloads because it opens safe bin. The rest is fine though. Well im ready for the next step.

Edited by track4444, 30 June 2011 - 09:33 AM.


#12 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:04:01 PM

Posted 30 June 2011 - 11:13 AM

Hi-

We are about finished.

Please download ExeFix.scr by Farbar and save it your C:\ drive. Double click on the downloaded file to run it. If asked to reboot, please do so.

Clean up time-

First, to re-enable your Emulation drivers, double click Defogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • Defogger will now ask to reboot the machine - click OK

Next, we will uninstall ComboFix
  • Click on the Start button in your system tray
  • click on Run
  • key in the following in bold type:
    • combofix /Uninstall
  • click on Ok

Then, we should remove the tools we used and we will do that with OTL, but first you will have to re-install it!!
  • Double click on the Posted Image icon on your desktop.
  • Click the "CleanUp" button.
  • Restart your computer when prompted.

Please take the time to read below to secure your machine and take the necessary steps to keep it clean.

One of the most common questions found when cleaning Spyware or other Malware is "how did my machine get infected?". There are a variety of reasons, but the most common ones are that you are going to sites that you are not practicing Safe Internet, you are not running the proper security software, and that your computer's security settings are set too low.

Below I have outlined a series of categories that outline how you can increase the security of your computer so that you will not be infected again in the future.

Practice Safe Internet

One of the main reasons people get infected in the first place is that they are not practicing Safe Internet. You practice Safe Internet when you educate yourself on how to properly use the Internet through the use of security tools and good practice. Knowing how you can get infected and what types of files and sites to avoid will be the most crucial step in keeping your computer malware free. The reality is that the majority of people who are infected with malware are ones who click on things they shouldn't be clicking on. Whether these things are files or sites it doesn't really matter. If something is out to get you, and you click on it, it most likely will. Below are a list of simple precautions to take to keep your computer clean and running securely:
  • If you receive an attachment from someone you do not know, DO NOT OPEN IT! Simple as that. Opening attachments from people you do not know is a very common method for viruses or worms to infect your computer.
  • If you receive an attachment and it ends with a .exe, .com, .bat, or .pif do not open the attachment unless you know for a fact that it is clean. For the casual computer user, you will almost never receive a valid attachment of this type.
  • If you receive an attachment from someone you know, and it looks suspicious, then it probably is. The email could be from someone you know infected with a malware that is trying to infect everyone in their address book.
  • If you are browsing the Internet and a pop up appears saying that you are infected, ignore it!. These are, as far as I am concerned, scams that are being used to scare you into purchasing a piece of software. For an example of these types of pop ups, or Foistware, you should read this article: Foistware, And how to avoid it.

    There are also programs that disguise themselves as Anti-Spyware or security products but are instead scams. For a list of these types of programs we recommend you visit this link: Rogue/Suspect Anti-Spyware Products & Web Sites
  • Another tactic to fool you on the web is when a site displays a pop up that looks like a normal Windows message or alert. When you click on them, though, they instead bring you to another site that is trying to push a product on you. We suggest that you close these windows by clicking on the X instead of the OK button. Alternatively, you can check to see if it's a real alert by right-clicking on the window. If there is a menu that comes up saying Add to Favorites... you know it's a fake.
  • Do not go to adult sites. I know this may bother some of you, but the fact is that a large amount of malware is pushed through these types of sites. I am not saying all adult sites do this, but a lot do.
  • When using an Instant Messaging program be cautious about clicking on links people send to you. It is not uncommon for infections to send a message to everyone in the infected person's contact list that contains a link to an infection. Instead when you receive a message that contains a link, message back to the person asking if it is legit before you click on it.
  • Stay away from Warez and Crack sites! In addition to the obvious copyright issues, the downloads from these sites are typically overrun with infections.
  • Be careful of what you download off of web sites and Peer-2-Peer networks. Some sites disguise malware as legitimate software to trick you into installing them and Peer-2-Peer networks are crawling with it. If you want to download a piece of software a from a site, and are not sure if they are legitimate, you can use McAfee Siteadvisor to look up info on the site.
  • DO NOT INSTALL any software without first reading the End User License Agreement, otherwise known as the EULA. A tactic that some developers use is to offer their software for free, but have spyware and other programs you do not want bundled with it. This is where they make their money. By reading the agreement there is a good chance you can spot this and not install the software.

Visit Microsoft's Windows Update Site Frequently

It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

Update your AntiVirus Software

It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.

Make sure your applications have all of their updates

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.

Install an AntiSpyware Program

A highly recommended AntiSpyware program is SuperAntiSpyware. You can download the free Home Version. or the Pro version for a 15 day trial period. another recommended, and free, AntiSpyware program is Malwarebytes' Anti-Malware (MBAM).

Installing these programs will provide spyware & hijacker protection on your computer alongside your virus protection. You should scan your computer with an AntiSpyware program on a regular basis just as you would an antivirus software.

Update your Java runtimes regularly

Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.
Download the latest version here - http://java.sun.com/javase/downloads/index.jsp. You want to select the JRE version.
Follow this list and your potential for being infected again will reduce dramatically.

Good Luck!!

Shannon

#13 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:04:01 PM

Posted 30 June 2011 - 04:16 PM

Hi-

I am glad that MSSE worked. Hold off on the last posting for now. Let's run TDSSKiller, an OTL Fix, and Malwarebytes's Anti-Malware.

First, delete your current copy of TDSSKiller - it is out-of-date.

Download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.5.8.0) from Kaspersky's website.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
  • If TDSSKiller does not run, try renaming it.

    To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.

  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. C:\TDSSKiller.2.5.0_23.07.2010_15.31.43_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.
Next, we need to run an OTL Fix. You will need to re-install it.
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
:OTL
O35 - HKLM\..exefile [open] -- "C:\Documents and Settings\LocalService\Local Settings\Application Data\ccd.exe" -a "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "C:\Documents and Settings\LocalService\Local Settings\Application Data\ccd.exe" -a "%1" %*
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.
  • If you have to reboot, once back up, open the C:\_OTL\MovedFiles folder and copy the newest log into your next reply.
Finally, please run Malwarebytes' Anti-Malware (MBAM)
  • Click on the Update tab and click the Check for Updates button.
  • When the update is finished, click on the Scanner tab.
  • Select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy & Paste the entire report in your next reply.

Copy the three reports into your reply. How is it running now?
Shannon

#14 track4444

track4444
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:01 PM

Posted 01 July 2011 - 09:50 AM

2011/06/30 21:43:13.0359 3340 TDSS rootkit removing tool 2.5.8.0 Jun 28 2011 19:12:16
2011/06/30 21:43:14.0468 3340 ================================================================================
2011/06/30 21:43:14.0468 3340 SystemInfo:
2011/06/30 21:43:14.0468 3340
2011/06/30 21:43:14.0468 3340 OS Version: 5.1.2600 ServicePack: 3.0
2011/06/30 21:43:14.0468 3340 Product type: Workstation
2011/06/30 21:43:14.0468 3340 ComputerName: ACER-365
2011/06/30 21:43:14.0468 3340 UserName: Axel
2011/06/30 21:43:14.0468 3340 Windows directory: C:\WINDOWS
2011/06/30 21:43:14.0468 3340 System windows directory: C:\WINDOWS
2011/06/30 21:43:14.0468 3340 Processor architecture: Intel x86
2011/06/30 21:43:14.0468 3340 Number of processors: 2
2011/06/30 21:43:14.0468 3340 Page size: 0x1000
2011/06/30 21:43:14.0468 3340 Boot type: Normal boot
2011/06/30 21:43:14.0468 3340 ================================================================================
2011/06/30 21:43:15.0796 3340 Initialize success
2011/06/30 21:43:19.0171 3252 ================================================================================
2011/06/30 21:43:19.0171 3252 Scan started
2011/06/30 21:43:19.0171 3252 Mode: Manual;
2011/06/30 21:43:19.0171 3252 ================================================================================
2011/06/30 21:43:19.0562 3252 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/06/30 21:43:19.0750 3252 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/06/30 21:43:19.0953 3252 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/06/30 21:43:20.0281 3252 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/06/30 21:43:20.0531 3252 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/06/30 21:43:20.0765 3252 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/06/30 21:43:21.0000 3252 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/06/30 21:43:21.0359 3252 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/06/30 21:43:21.0718 3252 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/06/30 21:43:21.0921 3252 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/06/30 21:43:22.0187 3252 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/06/30 21:43:22.0546 3252 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/06/30 21:43:22.0750 3252 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/06/30 21:43:22.0859 3252 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/06/30 21:43:23.0078 3252 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/06/30 21:43:23.0406 3252 AR5416 (ba7ec22eb21e195dc74201d3d0bfe03b) C:\WINDOWS\system32\DRIVERS\athw.sys
2011/06/30 21:43:23.0625 3252 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/06/30 21:43:23.0859 3252 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/06/30 21:43:23.0953 3252 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/06/30 21:43:24.0312 3252 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/06/30 21:43:24.0515 3252 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/06/30 21:43:24.0718 3252 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/06/30 21:43:25.0125 3252 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/06/30 21:43:25.0328 3252 bcm (99ec3b1c50a6fcb07b5f3f153a938e19) C:\WINDOWS\system32\DRIVERS\drxvi314.sys
2011/06/30 21:43:25.0656 3252 BCM43XX (fe4ed785396eaa554c561992106a35fa) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2011/06/30 21:43:25.0968 3252 bcmbusctr (c303a3c17d7605d07293e1b4cdde0c08) C:\WINDOWS\system32\DRIVERS\BcmBusCtr.sys
2011/06/30 21:43:26.0156 3252 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/06/30 21:43:26.0562 3252 BTWUSB (ad7f4b81a3f8d330dd8382b7cf4df341) C:\WINDOWS\system32\Drivers\btwusb.sys
2011/06/30 21:43:26.0890 3252 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/06/30 21:43:27.0171 3252 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/06/30 21:43:27.0359 3252 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/06/30 21:43:27.0593 3252 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/06/30 21:43:27.0859 3252 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/06/30 21:43:28.0015 3252 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/06/30 21:43:28.0406 3252 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/06/30 21:43:28.0734 3252 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/06/30 21:43:28.0984 3252 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/06/30 21:43:29.0218 3252 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/06/30 21:43:29.0515 3252 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/06/30 21:43:29.0953 3252 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/06/30 21:43:30.0312 3252 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/06/30 21:43:30.0531 3252 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/06/30 21:43:30.0843 3252 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/06/30 21:43:31.0171 3252 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/06/30 21:43:31.0453 3252 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/06/30 21:43:31.0671 3252 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/06/30 21:43:31.0875 3252 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/06/30 21:43:32.0250 3252 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/06/30 21:43:32.0531 3252 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/06/30 21:43:32.0796 3252 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/06/30 21:43:33.0015 3252 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/06/30 21:43:33.0296 3252 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/06/30 21:43:33.0546 3252 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/06/30 21:43:33.0859 3252 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/06/30 21:43:34.0125 3252 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/06/30 21:43:34.0375 3252 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/06/30 21:43:34.0625 3252 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/06/30 21:43:34.0828 3252 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/06/30 21:43:34.0984 3252 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/06/30 21:43:35.0281 3252 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/06/30 21:43:35.0484 3252 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/06/30 21:43:35.0703 3252 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/06/30 21:43:35.0953 3252 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/06/30 21:43:36.0328 3252 ialm (48846b31be5a4fa662ccfde7a1ba86b9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2011/06/30 21:43:36.0703 3252 iaStor (db0cc620b27a928d968c1a1e9cd9cb87) C:\WINDOWS\system32\drivers\iaStor.sys
2011/06/30 21:43:36.0890 3252 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/06/30 21:43:37.0171 3252 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/06/30 21:43:37.0484 3252 IntcAzAudAddService (662b65eeb8d070bd1162a7b63859afcf) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/06/30 21:43:37.0718 3252 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/06/30 21:43:37.0953 3252 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/06/30 21:43:38.0125 3252 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/06/30 21:43:38.0437 3252 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/06/30 21:43:38.0671 3252 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/06/30 21:43:38.0921 3252 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/06/30 21:43:39.0156 3252 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/06/30 21:43:39.0593 3252 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/06/30 21:43:39.0812 3252 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/06/30 21:43:39.0937 3252 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/06/30 21:43:40.0281 3252 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/06/30 21:43:40.0453 3252 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/06/30 21:43:40.0625 3252 L1c (6c8658587e91ea25b0fd2e71781ad228) C:\WINDOWS\system32\DRIVERS\l1c51x86.sys
2011/06/30 21:43:40.0796 3252 L1e (fa46f5d09edf93e0c71fe6500fe3f4ae) C:\WINDOWS\system32\DRIVERS\l1e51x86.sys
2011/06/30 21:43:41.0000 3252 M3000Srv (b47da7eb985a6676623f378642e417b6) C:\WINDOWS\system32\Drivers\M3000KNT.sys
2011/06/30 21:43:41.0234 3252 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/06/30 21:43:41.0468 3252 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/06/30 21:43:41.0703 3252 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/06/30 21:43:41.0968 3252 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/06/30 21:43:42.0156 3252 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/06/30 21:43:42.0421 3252 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
2011/06/30 21:43:42.0656 3252 MpKslf2daf73c (5f53edfead46fa7adb78eee9ecce8fdf) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2F4A8D83-7BB4-47BF-86DD-5BDC23B71A7D}\MpKslf2daf73c.sys
2011/06/30 21:43:42.0875 3252 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/06/30 21:43:43.0125 3252 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/06/30 21:43:43.0343 3252 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/06/30 21:43:43.0625 3252 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/06/30 21:43:43.0906 3252 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/06/30 21:43:44.0109 3252 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/06/30 21:43:44.0328 3252 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/06/30 21:43:44.0546 3252 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/06/30 21:43:44.0734 3252 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/06/30 21:43:44.0984 3252 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/06/30 21:43:45.0296 3252 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/06/30 21:43:45.0437 3252 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/06/30 21:43:45.0656 3252 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/06/30 21:43:45.0859 3252 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/06/30 21:43:45.0984 3252 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/06/30 21:43:46.0265 3252 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/06/30 21:43:46.0531 3252 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/06/30 21:43:46.0671 3252 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/06/30 21:43:46.0906 3252 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/06/30 21:43:47.0265 3252 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/06/30 21:43:47.0515 3252 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/06/30 21:43:47.0812 3252 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/06/30 21:43:48.0000 3252 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/06/30 21:43:48.0234 3252 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/06/30 21:43:48.0531 3252 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2011/06/30 21:43:48.0796 3252 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/06/30 21:43:49.0000 3252 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/06/30 21:43:49.0265 3252 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/06/30 21:43:49.0562 3252 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/06/30 21:43:49.0781 3252 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/06/30 21:43:50.0046 3252 PCTINDIS5 (1e715247efffdda938c085913045d599) C:\WINDOWS\system32\PCTINDIS5.SYS
2011/06/30 21:43:50.0593 3252 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/06/30 21:43:50.0812 3252 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/06/30 21:43:51.0218 3252 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/06/30 21:43:51.0484 3252 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/06/30 21:43:51.0765 3252 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/06/30 21:43:52.0031 3252 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/06/30 21:43:52.0171 3252 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/06/30 21:43:52.0359 3252 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/06/30 21:43:52.0578 3252 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/06/30 21:43:52.0812 3252 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/06/30 21:43:52.0921 3252 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/06/30 21:43:53.0156 3252 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/06/30 21:43:53.0359 3252 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/06/30 21:43:53.0609 3252 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/06/30 21:43:53.0953 3252 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/06/30 21:43:54.0171 3252 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/06/30 21:43:54.0453 3252 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/06/30 21:43:54.0718 3252 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/06/30 21:43:55.0093 3252 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/06/30 21:43:55.0437 3252 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/06/30 21:43:55.0750 3252 RSUSBSTOR (030442f08aec1a5d7cf035cc514374b9) C:\WINDOWS\system32\Drivers\RTS5121.sys
2011/06/30 21:43:56.0109 3252 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/06/30 21:43:56.0359 3252 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2011/06/30 21:43:56.0765 3252 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/06/30 21:43:57.0093 3252 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/06/30 21:43:57.0312 3252 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/06/30 21:43:57.0546 3252 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/06/30 21:43:57.0765 3252 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/06/30 21:43:57.0843 3252 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/06/30 21:43:58.0265 3252 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/06/30 21:43:58.0562 3252 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/06/30 21:43:58.0859 3252 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/06/30 21:43:58.0953 3252 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/06/30 21:43:59.0140 3252 swmsflt (40ff1af10735cf67746b50780eff7ae4) C:\WINDOWS\System32\drivers\swmsflt.sys
2011/06/30 21:43:59.0406 3252 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/06/30 21:43:59.0625 3252 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/06/30 21:43:59.0906 3252 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/06/30 21:44:00.0171 3252 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/06/30 21:44:00.0390 3252 SynTP (5c3e900f41426a372de60675afc8aa07) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2011/06/30 21:44:00.0609 3252 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/06/30 21:44:00.0875 3252 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/06/30 21:44:01.0171 3252 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/06/30 21:44:01.0421 3252 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/06/30 21:44:01.0640 3252 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/06/30 21:44:01.0937 3252 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/06/30 21:44:02.0250 3252 TS_AR5416 (86a7df019a144db8b63d86ace0c19ef5) C:\WINDOWS\system32\DRIVERS\ts_athw.sys
2011/06/30 21:44:02.0578 3252 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/06/30 21:44:02.0859 3252 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/06/30 21:44:03.0031 3252 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/06/30 21:44:03.0359 3252 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/06/30 21:44:03.0625 3252 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/06/30 21:44:03.0843 3252 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/06/30 21:44:04.0031 3252 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/06/30 21:44:04.0296 3252 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/06/30 21:44:04.0531 3252 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/06/30 21:44:04.0734 3252 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2011/06/30 21:44:04.0906 3252 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/06/30 21:44:05.0125 3252 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/06/30 21:44:05.0375 3252 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/06/30 21:44:05.0593 3252 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/06/30 21:44:05.0984 3252 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/06/30 21:44:06.0265 3252 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
2011/06/30 21:44:06.0562 3252 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/06/30 21:44:06.0968 3252 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/06/30 21:44:07.0234 3252 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/06/30 21:44:07.0500 3252 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/06/30 21:44:07.0906 3252 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/06/30 21:44:08.0281 3252 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
2011/06/30 21:44:08.0312 3252 Boot (0x1200) (549da5992a220798375665d50071bd1c) \Device\Harddisk0\DR0\Partition0
2011/06/30 21:44:08.0343 3252 ================================================================================
2011/06/30 21:44:08.0343 3252 Scan finished
2011/06/30 21:44:08.0343 3252 ================================================================================
2011/06/30 21:44:08.0375 3320 Detected object count: 0
2011/06/30 21:44:08.0375 3320 Actual detected object count: 0

========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\\'' updated successfully.
File "C:\Documents and Settings\LocalService\Local Settings\Application Data\ccd.exe" -a "%1" %* not found.
HKEY_LOCAL_MACHINE\Software\Classes\.exe\shell\open\command\\|"%1" %* /E : value set successfully!
HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!

OTL by OldTimer - Version 3.2.25.0 log created on 06302011_215103

www.malwarebytes.org

Database version: 6991

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

7/1/2011 9:37:13 AM
mbam-log-2011-07-01 (09-37-12).txt

Scan type: Full scan (C:\|)
Objects scanned: 267414
Time elapsed: 1 hour(s), 49 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
Everything is working like it use to. I do have two questions. Why did malwarebytes take almost three times more to scan? Will I mess with the hidden files option that we checked and unchecked? or leave it like it is? I will continue with moving the OTL and the rest of the programs.

Edit I enabled the emulators but it did not ask me to reboot. I will do so anyways heres the log it gave me.
defogger_enable by jpshortstuff (23.02.10.1)
Log created at 09:53 on 01/07/2011 (Axel)

Parsing file...


-=E.O.F=-
Im so sorry but i have another question for the Java update do I download the windows x64 one?

Edited by track4444, 01 July 2011 - 10:16 AM.


#15 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:04:01 PM

Posted 01 July 2011 - 12:47 PM

You want the 32 bit version.
Shannon




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users