TechSpot

Another Google redirect thread

Solved
By sskkc
Jun 13, 2010
  1. Hello and thank you in advance.

    I've printed out and followed the "8 STEPS" sticky. I read some of the other threads with this problem and gone back, added Avira and removed McAfee, then reran it all. I'm attempting to use the "paperclip" above to attach the 4 files, though I'm not sure I'm doing that correctly.

    View attachment mbam-log-2010-06-13 (10-36-25).txt

    View attachment gmer2.log

    View attachment DDS.txt

    View attachment attach.zip

    Any help you give would be very appreciated. This seems to be getting worse and worse.

    Thanks
    Sandy
     
  2. Broni

    Broni Malware Annihilator Posts: 48,020   +271

    Download TDSSKiller and save it to your Desktop.
    Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
    Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v

    If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
    When it is done, a log file should be created on your C: drive called TDSSKiller.txt please copy and paste the contents of that file here.
     
  3. sskkc

    sskkc TS Rookie Topic Starter

    12:02:06:707 3632 TDSS rootkit removing tool 2.3.2.0 May 31 2010 10:39:48
    12:02:06:707 3632 ================================================================================
    12:02:06:722 3632 SystemInfo:

    12:02:06:722 3632 OS Version: 6.0.6002 ServicePack: 2.0
    12:02:06:722 3632 Product type: Workstation
    12:02:06:722 3632 ComputerName: SANDYS_COMPUTER
    12:02:06:722 3632 UserName: Sandy
    12:02:06:722 3632 Windows directory: C:\Windows
    12:02:06:722 3632 Processor architecture: Intel x86
     
  4. sskkc

    sskkc TS Rookie Topic Starter

    12:02:06:722 3632 Number of processors: 2
    12:02:06:722 3632 Page size: 0x1000
    12:02:06:722 3632 Boot type: Normal boot
    12:02:06:722 3632 ================================================================================
    12:02:07:065 3632 Initialize success
    12:02:07:065 3632
    12:02:07:065 3632 Scanning Services ...
    12:02:07:845 3632 Raw services enum returned 416 services
    12:02:07:861 3632
    12:02:07:861 3632 Scanning Drivers ...
    12:02:08:750 3632 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
    12:02:08:797 3632 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
    12:02:08:813 3632 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
    12:02:08:828 3632 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
    12:02:08:844 3632 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
    12:02:08:891 3632 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
    12:02:08:937 3632 agp440 (8b10ce1c1f9f1d47e4deb1a547a00cd4) C:\Windows\system32\drivers\agp440.sys
    12:02:08:953 3632 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
    12:02:08:969 3632 aliide (dc67a153fdb8105b25d05334b5e1d8e2) C:\Windows\system32\drivers\aliide.sys
    12:02:09:000 3632 amdagp (848f27e5b27c1c253f6cefdc1a5d8f21) C:\Windows\system32\drivers\amdagp.sys
    12:02:09:015 3632 amdide (835c4c3355088298a5ebd818fa31430f) C:\Windows\system32\drivers\amdide.sys
    12:02:09:031 3632 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
    12:02:09:062 3632 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
    12:02:09:093 3632 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
    12:02:09:125 3632 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
    12:02:09:171 3632 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
    12:02:09:203 3632 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
    12:02:09:234 3632 avgntflt (a88d29d928ad2b830e87b53e3f9bc182) C:\Windows\system32\DRIVERS\avgntflt.sys
    12:02:09:281 3632 avipbb (1289e9a5d9118a25a13c0009519088e3) C:\Windows\system32\DRIVERS\avipbb.sys
    12:02:09:327 3632 BCM43XV (cf6a67c90951e3e763d2135dede44b85) C:\Windows\system32\DRIVERS\bcmwl6.sys
    12:02:09:374 3632 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
    12:02:09:437 3632 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
    12:02:09:468 3632 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
    12:02:09:499 3632 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
    12:02:09:515 3632 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
    12:02:09:546 3632 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
    12:02:09:593 3632 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
    12:02:09:608 3632 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
    12:02:09:639 3632 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
    12:02:09:671 3632 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
    12:02:09:702 3632 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
    12:02:09:749 3632 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
    12:02:09:795 3632 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
    12:02:09:842 3632 cmdide (e79cbb2195e965f6e3256e2c1b23fd1c) C:\Windows\system32\drivers\cmdide.sys
    12:02:09:873 3632 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
    12:02:09:889 3632 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
    12:02:09:920 3632 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
    12:02:09:951 3632 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
    12:02:09:983 3632 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
    12:02:10:029 3632 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
    12:02:10:076 3632 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
    12:02:10:092 3632 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
    12:02:10:123 3632 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
    12:02:10:170 3632 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
    12:02:10:217 3632 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\Windows\system32\DRIVERS\dsunidrv.sys
    12:02:10:263 3632 DXGKrnl (fb85f7f69e9b109820409243f578cc4d) C:\Windows\System32\drivers\dxgkrnl.sys
    12:02:10:575 3632 e1express (7505290504c8e2d172fa378cc0497bcc) C:\Windows\system32\DRIVERS\e1e6032.sys
    12:02:10:638 3632 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
    12:02:10:685 3632 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
    12:02:10:716 3632 elagopro (7ec42ec12a4bac14bcca99fb06f2d125) C:\Windows\system32\DRIVERS\elagopro.sys
    12:02:10:731 3632 elaunidr (dfeabb7cfffadea4a912ab95bdc3177a) C:\Windows\system32\DRIVERS\elaunidr.sys
    12:02:10:794 3632 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
    12:02:10:903 3632 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
    12:02:10:934 3632 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
    12:02:10:997 3632 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
    12:02:11:028 3632 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
    12:02:11:059 3632 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
    12:02:11:106 3632 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
    12:02:11:153 3632 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
    12:02:11:215 3632 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
    12:02:11:262 3632 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
    12:02:11:293 3632 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
    12:02:11:340 3632 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
    12:02:11:402 3632 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
    12:02:11:433 3632 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
    12:02:11:480 3632 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
    12:02:11:511 3632 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
    12:02:11:574 3632 HTTP (0eeeca26c8d4bde2a4664db058a81937) C:\Windows\system32\drivers\HTTP.sys
    12:02:11:636 3632 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
    12:02:11:683 3632 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
    12:02:11:730 3632 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
    12:02:11:761 3632 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
     
  5. sskkc

    sskkc TS Rookie Topic Starter

    12:02:11:870 3632 IntcAzAudAddService (4a705bf2a6f7972f2f2ad8a0d8079f95) C:\Windows\system32\drivers\RTKVHDA.sys
    12:02:11:995 3632 intelide (0084046c084d68e494f8cf36bcf08186) C:\Windows\system32\drivers\intelide.sys
    12:02:12:011 3632 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
    12:02:12:057 3632 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    12:02:12:104 3632 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
    12:02:12:135 3632 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
    12:02:12:182 3632 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
    12:02:12:229 3632 isapnp (2f8ece2699e7e2070545e9b0960a8ed2) C:\Windows\system32\drivers\isapnp.sys
    12:02:12:307 3632 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
    12:02:12:354 3632 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
    12:02:12:385 3632 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
    12:02:12:432 3632 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
    12:02:12:463 3632 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
    12:02:12:510 3632 klmd23 (67e1faa88fb397b3d56909d7e04f4dd3) C:\Windows\system32\drivers\klmd.sys
    12:02:12:572 3632 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
    12:02:12:619 3632 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
    12:02:12:666 3632 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
    12:02:12:697 3632 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
    12:02:12:744 3632 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
    12:02:12:791 3632 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
    12:02:12:837 3632 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
    12:02:12:869 3632 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
    12:02:12:900 3632 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
    12:02:12:931 3632 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
    12:02:12:962 3632 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
    12:02:13:009 3632 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
    12:02:13:056 3632 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
    12:02:13:103 3632 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
    12:02:13:149 3632 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
    12:02:13:212 3632 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
    12:02:13:259 3632 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
    12:02:13:305 3632 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    12:02:13:337 3632 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    12:02:13:383 3632 msahci (d420bc42a637ac3cc4f411220549c0dc) C:\Windows\system32\drivers\msahci.sys
    12:02:13:430 3632 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
    12:02:13:477 3632 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
    12:02:13:539 3632 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
    12:02:13:571 3632 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
    12:02:13:602 3632 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
    12:02:13:617 3632 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
    12:02:13:664 3632 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
    12:02:13:711 3632 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
    12:02:13:742 3632 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
    12:02:13:789 3632 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
    12:02:13:820 3632 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
    12:02:13:851 3632 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
    12:02:13:929 3632 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
    12:02:13:976 3632 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
    12:02:14:039 3632 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
    12:02:14:085 3632 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
    12:02:14:163 3632 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
    12:02:14:210 3632 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
    12:02:14:257 3632 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
    12:02:14:304 3632 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
    12:02:14:366 3632 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
    12:02:14:444 3632 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
    12:02:14:522 3632 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
    12:02:14:553 3632 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
    12:02:14:616 3632 NVENETFD (a1108084b0d2fc43dcc401735770e2a3) C:\Windows\system32\DRIVERS\nvmfdx32.sys
    12:02:14:943 3632 nvlddmkm (e572ebf0a86a76e7cfcaab00648f0f83) C:\Windows\system32\DRIVERS\nvlddmkm.sys
    12:02:15:224 3632 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
    12:02:15:255 3632 nvstor (4a5fcab82d9bf6af8a023a66802fe9e9) C:\Windows\system32\drivers\nvstor.sys
    12:02:15:302 3632 nv_agp (055081fd5076401c1ee1bcab08d81911) C:\Windows\system32\drivers\nv_agp.sys
    12:02:15:458 3632 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
    12:02:15:505 3632 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
    12:02:15:536 3632 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
    12:02:15:614 3632 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
    12:02:15:833 3632 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
    12:02:15:864 3632 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
    12:02:15:911 3632 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
    12:02:15:942 3632 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys
    12:02:16:020 3632 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
    12:02:16:082 3632 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
    12:02:16:113 3632 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
    12:02:16:145 3632 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
    12:02:16:176 3632 PxHelp20 (324c27635e516184c811339a75cefd4a) C:\Windows\system32\Drivers\PxHelp20.sys
    12:02:16:254 3632 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
    12:02:16:316 3632 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
    12:02:16:363 3632 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
    12:02:16:503 3632 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
    12:02:16:628 3632 RasAcd (e12bf3088b0b3cfb612d5833458f85e3) C:\Windows\system32\DRIVERS\rasacd.sys
    12:02:16:628 3632 Suspicious file (Forged): C:\Windows\system32\DRIVERS\rasacd.sys. Real md5: e12bf3088b0b3cfb612d5833458f85e3, Fake md5: 147d7f9c556d259924351feb0de606c3
    12:02:16:628 3632 File "C:\Windows\system32\DRIVERS\rasacd.sys" infected by TDSS rootkit ... 12:02:16:847 3632 Backup copy found, using it..
    12:02:16:847 3632 will be cured on next reboot
    12:02:16:893 3632 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
    12:02:16:925 3632 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
    12:02:16:940 3632 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
    12:02:16:987 3632 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
    12:02:17:018 3632 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
    12:02:17:081 3632 rdpdr (0245418224cfa77bf4b41c2fe0622258) C:\Windows\system32\drivers\rdpdr.sys
    12:02:17:112 3632 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
    12:02:17:159 3632 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
    12:02:17:205 3632 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
    12:02:17:237 3632 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
    12:02:17:252 3632 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    12:02:17:268 3632 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
    12:02:17:315 3632 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
    12:02:17:361 3632 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
    12:02:17:377 3632 sffdisk (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\drivers\sffdisk.sys
    12:02:17:408 3632 sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys
    12:02:17:439 3632 sffp_sd (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\drivers\sffp_sd.sys
    12:02:17:471 3632 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
    12:02:17:517 3632 sisagp (08072b2fb92477fc813271a84b3a8698) C:\Windows\system32\drivers\sisagp.sys
    12:02:17:533 3632 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
    12:02:17:564 3632 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
    12:02:17:611 3632 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
    12:02:17:642 3632 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
    12:02:17:673 3632 srv (0debafcc0e3591fca34f077cab62f7f7) C:\Windows\system32\DRIVERS\srv.sys
    12:02:17:705 3632 srv2 (6b6f3658e0a58c6c50c5f7fbdf3df633) C:\Windows\system32\DRIVERS\srv2.sys
    12:02:17:751 3632 srvnet (0c5ab1892ae0fa504218db094bf6d041) C:\Windows\system32\DRIVERS\srvnet.sys
    12:02:17:783 3632 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
    12:02:17:814 3632 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
    12:02:17:845 3632 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
    12:02:17:876 3632 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
    12:02:17:923 3632 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
    12:02:17:954 3632 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
    12:02:18:032 3632 Tcpip (48cbe6d53632d0067c2d6b20f90d84ca) C:\Windows\system32\drivers\tcpip.sys
    12:02:18:157 3632 Tcpip6 (48cbe6d53632d0067c2d6b20f90d84ca) C:\Windows\system32\DRIVERS\tcpip.sys
    12:02:18:235 3632 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
    12:02:18:266 3632 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
    12:02:18:297 3632 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
    12:02:18:344 3632 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
    12:02:18:391 3632 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
    12:02:18:453 3632 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
    12:02:18:500 3632 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
    12:02:18:547 3632 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
    12:02:18:594 3632 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
    12:02:18:641 3632 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
    12:02:18:687 3632 uliagpkx (6d72ef05921abdf59fc45c7ebfe7e8dd) C:\Windows\system32\drivers\uliagpkx.sys
    12:02:18:734 3632 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
    12:02:18:812 3632 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
    12:02:18:890 3632 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
    12:02:18:968 3632 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
    12:02:19:015 3632 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
    12:02:19:046 3632 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
    12:02:19:077 3632 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
    12:02:19:140 3632 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
    12:02:19:218 3632 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
    12:02:19:265 3632 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
    12:02:19:327 3632 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
    12:02:19:374 3632 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    12:02:19:421 3632 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
    12:02:19:452 3632 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
    12:02:19:499 3632 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
    12:02:19:545 3632 viaagp (d5929a28bdff4367a12caf06af901971) C:\Windows\system32\drivers\viaagp.sys
    12:02:19:592 3632 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
    12:02:19:639 3632 viaide (f3b4762eb85a2aff4999401f14c3262b) C:\Windows\system32\drivers\viaide.sys
    12:02:19:686 3632 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
    12:02:19:764 3632 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
    12:02:19:842 3632 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
    12:02:19:889 3632 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
    12:02:19:951 3632 W55U01 (a51f4dabce9b424451ba2ed1271d1c1c) C:\Windows\system32\Drivers\W55U01.sys
    12:02:19:967 3632 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
    12:02:20:013 3632 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    12:02:20:013 3632 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    12:02:20:060 3632 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
    12:02:20:123 3632 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
    12:02:20:216 3632 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
    12:02:20:263 3632 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
    12:02:20:325 3632 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
    12:02:20:357 3632 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
    12:02:20:372 3632 Reboot required for cure complete..
    12:02:20:466 3632 Cure on reboot scheduled successfully
    12:02:20:466 3632
    12:02:20:466 3632 Completed
    12:02:20:466 3632
    12:02:20:466 3632 Results:
    12:02:20:466 3632 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
    12:02:20:466 3632 File objects infected / cured / cured on reboot: 1 / 0 / 1
    12:02:20:466 3632
    12:02:20:466 3632 KLMD(ARK) unloaded successfully
     
  6. sskkc

    sskkc TS Rookie Topic Starter

    The file was too big for a reply. It required me to cut it twice and I got a "moderator must review" message for number 1 & 2
     
  7. Broni

    Broni Malware Annihilator Posts: 48,020   +271

    I got it. Thank you :)

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  8. sskkc

    sskkc TS Rookie Topic Starter

    ComboFix 10-06-12.04 - Sandy 06/13/2010 12:16:54.1.2 - x86
    Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.3006.1984 [GMT -5:00]
    Running from: c:\users\Sandy\Desktop\ComboFix.exe
    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    * Created a new restore point
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\users\Sandy\AppData\Local\Windows Server
    c:\users\Sandy\AppData\Roaming\inst.exe
    c:\users\Sandy\g2mdlhlpx.exe
    c:\users\Sandy\GoToAssistDownloadHelper.exe
    c:\windows\Imgtask.exe

    .
    ((((((((((((((((((((((((( Files Created from 2010-05-13 to 2010-06-13 )))))))))))))))))))))))))))))))
    .

    2010-06-13 17:23 . 2010-06-13 17:23 -------- d-----w- c:\users\Sandy\AppData\Local\temp
    2010-06-13 16:14 . 2010-06-13 16:14 -------- d-----w- c:\programdata\WinZip
    2010-06-13 15:06 . 2010-03-01 15:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2010-06-13 15:06 . 2010-02-16 19:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2010-06-13 15:06 . 2009-05-11 17:49 51992 ----a-w- c:\windows\system32\drivers\avgntdd.sys
    2010-06-13 15:06 . 2009-05-11 17:49 17016 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
    2010-06-13 15:06 . 2010-06-13 15:06 -------- d-----w- c:\programdata\Avira
    2010-06-13 15:06 . 2010-06-13 15:06 -------- d-----w- c:\program files\Avira
    2010-05-25 02:16 . 2010-05-25 02:16 401408 ----a-w- c:\programdata\WorldWinner\swapit\swapit.dll
    2010-05-24 21:01 . 2010-05-24 21:01 501872 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbF2F8.tmp.exe

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-06-13 17:12 . 2009-06-23 13:47 -------- d-----w- c:\programdata\Dl_cats
    2010-06-13 17:03 . 2008-06-02 22:55 11776 ----a-w- c:\windows\system32\drivers\rasacd.sys
    2010-06-13 15:19 . 2008-06-26 23:12 -------- d-----w- c:\users\Sandy\AppData\Roaming\Wouqa
    2010-06-13 15:10 . 2010-01-23 13:08 -------- d-----w- c:\users\Sandy\AppData\Roaming\Ahdyf
    2010-06-13 12:47 . 2008-04-06 20:54 680 ----a-w- c:\users\Sandy\AppData\Local\d3d9caps.dat
    2010-05-26 05:23 . 2008-04-14 14:38 -------- d-----w- c:\program files\mypoints
    2010-05-26 05:04 . 2008-04-06 20:53 -------- d-----w- c:\program files\Citrix
    2010-05-25 02:16 . 2010-01-14 05:44 -------- d-----w- c:\programdata\WorldWinner
    2010-05-20 15:03 . 2007-11-19 18:37 -------- d-----w- c:\users\Sandy\AppData\Roaming\U3
    2010-05-14 17:04 . 2010-05-14 17:04 -------- d-----w- c:\program files\Microsoft Silverlight
    2010-05-14 16:01 . 2007-11-20 05:06 -------- d-----w- c:\users\Sandy\AppData\Roaming\Canon
    2010-05-14 14:11 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Calendar
    2010-05-14 14:11 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
    2010-05-14 14:11 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Sidebar
    2010-05-14 14:11 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Collaboration
    2010-05-14 14:11 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Photo Gallery
    2010-05-14 14:11 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Defender
    2010-05-14 14:10 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
    2010-05-14 12:12 . 2007-11-13 14:43 -------- d-----w- c:\program files\Google
    2010-05-14 12:02 . 2010-03-17 21:59 -------- d-----w- c:\program files\Nick Arcade
    2010-05-12 20:00 . 2010-05-12 20:00 -------- d-----w- c:\programdata\WindowsSearch
    2010-05-12 16:06 . 2010-05-12 16:06 -------- d-----w- c:\users\Sandy\AppData\Roaming\Malwarebytes
    2010-05-12 16:06 . 2010-05-12 16:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-05-12 16:06 . 2010-05-12 16:06 -------- d-----w- c:\programdata\Malwarebytes
    2010-05-12 15:00 . 2010-05-12 15:00 -------- d-----w- c:\programdata\Office Genuine Advantage
    2010-05-06 15:36 . 2009-10-03 12:54 221568 ------w- c:\windows\system32\MpSigStub.exe
    2010-04-29 20:39 . 2010-05-12 16:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-04-29 20:39 . 2010-05-12 16:06 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-04-27 13:36 . 2010-04-27 13:36 540672 ----a-w- c:\programdata\WorldWinner\scrabblecubes\scrabblecubes.dll
    2010-04-20 05:59 . 2010-03-17 12:09 532480 ----a-w- c:\programdata\WorldWinner\bejeweled\bejeweled.dll
    2010-04-12 14:28 . 2010-04-12 14:28 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe
    2010-04-01 08:28 . 2010-04-01 08:28 92728 ----a-w- c:\programdata\WorldWinner\dynomite\bass.dll
    2010-04-01 08:28 . 2010-04-01 08:28 972288 ----a-w- c:\programdata\WorldWinner\dynomite\dynomite.dll
    2007-11-13 22:14 . 2007-11-13 22:06 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-09-26 2356088]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-05-14 39408]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
    "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2006-10-03 221184]
    "RtHDVCpl"="RtHDVCpl.exe" [2007-03-15 4390912]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
    "WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
    "dldtmon.exe"="c:\program files\Dell V305\dldtmon.exe" [2008-06-24 668912]
    "dldtamon"="c:\program files\Dell V305\dldtamon.exe" [2008-06-24 16624]
    "MSN Toolbar"="c:\program files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe" [2009-12-09 240992]
    "Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
    "VistaSp2"=hex(b):a2,4b,4a,31,70,f3,ca,01

    R2 dldtCATSCustConnectService;dldtCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\dldtserv.exe [2008-02-25 99568]
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 135664]
    S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
    S2 dldt_device;dldt_device;c:\windows\system32\dldtcoms.exe [2008-02-25 595184]


    --- Other Services/Drivers In Memory ---

    *NewlyCreated* - KLMDB
    *Deregistered* - klmdb

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
    .
    Contents of the 'Scheduled Tasks' folder

    2010-06-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 07:57]

    2010-06-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 07:57]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://mail.live.com/default.aspx?wa=wsignin1.0
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
    LSP: c:\windows\system32\wpclsp.dll
    .
    - - - - ORPHANS REMOVED - - - -

    WebBrowser-{A057A204-BACC-4D26-CEC4-75A487FD6484} - (no file)
    HKCU-Run-{9DBEB3B4-EE5E-5D12-5CBA-34585533D82D} - c:\users\Sandy\AppData\Roaming\Ahdyf\lyzus.exe
    HKU-Default-RunOnce-DelayShred - c:\progra~1\mcafee\mshr\ShrCL.EXE
    SafeBoot-klmdb.sys
    SafeBoot-MCODS



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-06-13 12:23
    Windows 6.0.6002 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.spx\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"
    .
    Completion time: 2010-06-13 12:26:48
    ComboFix-quarantined-files.txt 2010-06-13 17:26

    Pre-Run: 189,303,701,504 bytes free
    Post-Run: 189,264,465,920 bytes free

    - - End Of File - - E3612B7D93C74443B32B9CDFC8264BA8
     
  9. Broni

    Broni Malware Annihilator Posts: 48,020   +271

    How is redirection?

    1. Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box.

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    Folder::
    c:\users\Sandy\AppData\Roaming\Wouqa
    c:\users\Sandy\AppData\Roaming\Ahdyf
    

    3. Save the above as CFScript.txt

    4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
     
  10. sskkc

    sskkc TS Rookie Topic Starter

    ComboFix 10-06-12.04 - Sandy 06/13/2010 12:47:33.2.2 - x86
    Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.3006.1889 [GMT -5:00]
    Running from: c:\users\Sandy\Desktop\ComboFix.exe
    Command switches used :: c:\users\Sandy\Desktop\CFScript.txt
    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\users\Sandy\AppData\Roaming\Ahdyf
    c:\users\Sandy\AppData\Roaming\Wouqa

    .
    ((((((((((((((((((((((((( Files Created from 2010-05-13 to 2010-06-13 )))))))))))))))))))))))))))))))
    .

    2010-06-13 17:51 . 2010-06-13 17:51 -------- d-----w- c:\users\Sandy\AppData\Local\temp
    2010-06-13 17:51 . 2010-06-13 17:51 -------- d-----w- c:\users\Scott\AppData\Local\temp
    2010-06-13 17:51 . 2010-06-13 17:51 -------- d-----w- c:\users\Public\AppData\Local\temp
    2010-06-13 17:51 . 2010-06-13 17:51 -------- d-----w- c:\users\kids\AppData\Local\temp
    2010-06-13 17:51 . 2010-06-13 17:51 -------- d-----w- c:\users\Default\AppData\Local\temp
    2010-06-13 16:14 . 2010-06-13 16:14 -------- d-----w- c:\programdata\WinZip
    2010-06-13 15:06 . 2010-03-01 15:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2010-06-13 15:06 . 2010-02-16 19:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2010-06-13 15:06 . 2009-05-11 17:49 51992 ----a-w- c:\windows\system32\drivers\avgntdd.sys
    2010-06-13 15:06 . 2009-05-11 17:49 17016 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
    2010-06-13 15:06 . 2010-06-13 15:06 -------- d-----w- c:\programdata\Avira
    2010-06-13 15:06 . 2010-06-13 15:06 -------- d-----w- c:\program files\Avira
    2010-05-25 02:16 . 2010-05-25 02:16 401408 ----a-w- c:\programdata\WorldWinner\swapit\swapit.dll
    2010-05-24 21:01 . 2010-05-24 21:01 501872 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbF2F8.tmp.exe

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-06-13 17:12 . 2009-06-23 13:47 -------- d-----w- c:\programdata\Dl_cats
    2010-06-13 17:03 . 2008-06-02 22:55 11776 ----a-w- c:\windows\system32\drivers\rasacd.sys
    2010-06-13 12:47 . 2008-04-06 20:54 680 ----a-w- c:\users\Sandy\AppData\Local\d3d9caps.dat
    2010-05-26 05:23 . 2008-04-14 14:38 -------- d-----w- c:\program files\mypoints
    2010-05-26 05:04 . 2008-04-06 20:53 -------- d-----w- c:\program files\Citrix
    2010-05-25 02:16 . 2010-01-14 05:44 -------- d-----w- c:\programdata\WorldWinner
    2010-05-20 15:03 . 2007-11-19 18:37 -------- d-----w- c:\users\Sandy\AppData\Roaming\U3
    2010-05-14 17:04 . 2010-05-14 17:04 -------- d-----w- c:\program files\Microsoft Silverlight
    2010-05-14 16:01 . 2007-11-20 05:06 -------- d-----w- c:\users\Sandy\AppData\Roaming\Canon
    2010-05-14 14:11 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Calendar
    2010-05-14 14:11 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
    2010-05-14 14:11 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Sidebar
    2010-05-14 14:11 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Collaboration
    2010-05-14 14:11 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Photo Gallery
    2010-05-14 14:11 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Defender
    2010-05-14 14:10 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
    2010-05-14 12:12 . 2007-11-13 14:43 -------- d-----w- c:\program files\Google
    2010-05-14 12:02 . 2010-03-17 21:59 -------- d-----w- c:\program files\Nick Arcade
    2010-05-12 20:00 . 2010-05-12 20:00 -------- d-----w- c:\programdata\WindowsSearch
    2010-05-12 16:06 . 2010-05-12 16:06 -------- d-----w- c:\users\Sandy\AppData\Roaming\Malwarebytes
    2010-05-12 16:06 . 2010-05-12 16:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-05-12 16:06 . 2010-05-12 16:06 -------- d-----w- c:\programdata\Malwarebytes
    2010-05-12 15:00 . 2010-05-12 15:00 -------- d-----w- c:\programdata\Office Genuine Advantage
    2010-05-06 15:36 . 2009-10-03 12:54 221568 ------w- c:\windows\system32\MpSigStub.exe
    2010-04-29 20:39 . 2010-05-12 16:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-04-29 20:39 . 2010-05-12 16:06 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-04-27 13:36 . 2010-04-27 13:36 540672 ----a-w- c:\programdata\WorldWinner\scrabblecubes\scrabblecubes.dll
    2010-04-20 05:59 . 2010-03-17 12:09 532480 ----a-w- c:\programdata\WorldWinner\bejeweled\bejeweled.dll
    2010-04-12 14:28 . 2010-04-12 14:28 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe
    2010-04-01 08:28 . 2010-04-01 08:28 92728 ----a-w- c:\programdata\WorldWinner\dynomite\bass.dll
    2010-04-01 08:28 . 2010-04-01 08:28 972288 ----a-w- c:\programdata\WorldWinner\dynomite\dynomite.dll
    2007-11-13 22:14 . 2007-11-13 22:06 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-09-26 2356088]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-05-14 39408]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
    "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2006-10-03 221184]
    "RtHDVCpl"="RtHDVCpl.exe" [2007-03-15 4390912]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
    "WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
    "dldtmon.exe"="c:\program files\Dell V305\dldtmon.exe" [2008-06-24 668912]
    "dldtamon"="c:\program files\Dell V305\dldtamon.exe" [2008-06-24 16624]
    "MSN Toolbar"="c:\program files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe" [2009-12-09 240992]
    "Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
    "VistaSp2"=hex(b):a2,4b,4a,31,70,f3,ca,01

    R2 dldtCATSCustConnectService;dldtCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\dldtserv.exe [2008-02-25 99568]
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 135664]
    S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
    S2 dldt_device;dldt_device;c:\windows\system32\dldtcoms.exe [2008-02-25 595184]


    --- Other Services/Drivers In Memory ---

    *NewlyCreated* - KLMDB
    *Deregistered* - klmdb

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
    .
    Contents of the 'Scheduled Tasks' folder

    2010-06-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 07:57]

    2010-06-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 07:57]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://mail.live.com/default.aspx?wa=wsignin1.0
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
    LSP: c:\windows\system32\wpclsp.dll
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-06-13 12:51
    Windows 6.0.6002 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.spx\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"
    .
    Completion time: 2010-06-13 12:54:18
    ComboFix-quarantined-files.txt 2010-06-13 17:54
    ComboFix2.txt 2010-06-13 17:26

    Pre-Run: 189,291,802,624 bytes free
    Post-Run: 189,259,792,384 bytes free

    - - End Of File - - 0C6F1E14C7A742E4E90CC88E68FDC23C
     
  11. sskkc

    sskkc TS Rookie Topic Starter

    I also went ahead and "tested" Google, but was not redirected! Yeah! Does this mean I'm "clean"?
     
     
  12. Broni

    Broni Malware Annihilator Posts: 48,020   +271

    Almost :)
    We still need to double check for other "bad guys".

    Uninstall Combofix:
    Go Start > Run [Vista users, go Start>"Start search"]
    Type in:
    Combofix /Uninstall
    Note the space between the "Combofix" and the "/Uninstall"
    Click OK (Vista users - press Enter).
    Restart computer.

    =================================================================

    Download OTL to your Desktop.

    * Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    * Under the Custom Scan box paste this in:



    netsvcs
    %SYSTEMDRIVE%\*.exe
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    CREATERESTOREPOINT



    * Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  13. sskkc

    sskkc TS Rookie Topic Starter

  14. Broni

    Broni Malware Annihilator Posts: 48,020   +271

    Update your Java here: http://www.java.com/en/download/installed.jsp
    Uninstall all previous Java versions, through Add\Remove (Programs & Features in Vista/7).

    =======================================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O16 - DPF: {5E92F538-B50B-46C5-9C5F-C6EECED3F6C6} http://www.infospace.com/mypoints.main/tbar/mypointsSetup.exe (Reg Error: Key error.)
      O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
      O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
      [2010/05/14 11:53:02 | 000,000,000 | ---D | C] -- C:\Users\Sandy\AppData\Local\goauekqdw
      [2010/05/11 10:39:45 | 000,000,000 | ---D | C] -- C:\Users\Sandy\AppData\Local\prxpvbibg
      @Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:512B5648
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [resethosts]
      [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.
    • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
     
  15. sskkc

    sskkc TS Rookie Topic Starter

    All processes killed
    ========== OTL ==========
    Starting removal of ActiveX control {5E92F538-B50B-46C5-9C5F-C6EECED3F6C6}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{5E92F538-B50B-46C5-9C5F-C6EECED3F6C6}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5E92F538-B50B-46C5-9C5F-C6EECED3F6C6}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5E92F538-B50B-46C5-9C5F-C6EECED3F6C6}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5E92F538-B50B-46C5-9C5F-C6EECED3F6C6}\ not found.
    Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
    Folder C:\Users\Sandy\AppData\Local\goauekqdw\ not found.
    Folder C:\Users\Sandy\AppData\Local\prxpvbibg\ not found.
    Unable to delete ADS C:\ProgramData\TEMP:512B5648 .
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: kids
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: Sandy
    ->Temp folder emptied: 31832 bytes
    ->Temporary Internet Files folder emptied: 31581100 bytes
    ->Java cache emptied: 1913 bytes
    ->Apple Safari cache emptied: 0 bytes
    ->Flash cache emptied: 4703 bytes

    User: Scott
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 0 bytes
    RecycleBin emptied: 525824 bytes

    Total Files Cleaned = 31.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default

    User: Default User

    User: kids

    User: Public

    User: Sandy
    ->Flash cache emptied: 0 bytes

    User: Scott

    Total Flash Files Cleaned = 0.00 mb

    C:\Windows\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully

    OTL by OldTimer - Version 3.2.6.0 log created on 06132010_164225

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...
     
  16. Broni

    Broni Malware Annihilator Posts: 48,020   +271

    ...........
     
  17. sskkc

    sskkc TS Rookie Topic Starter

    Part one (says too long to post entire)

    OTL logfile created on: 6/13/2010 4:45:06 PM - Run 2
    OTL by OldTimer - Version 3.2.6.0 Folder = C:\Users\Sandy\Desktop
    Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18904)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 70.00% Memory free
    9.00 Gb Paging File | 8.00 Gb Available in Paging File | 91.00% Paging File free
    Paging file location(s): c:\pagefile.sys 0 0d:\pagefile.sys 3000 3500 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 222.79 Gb Total Space | 175.90 Gb Free Space | 78.95% Space Free | Partition Type: NTFS
    Drive D: | 10.00 Gb Total Space | 3.56 Gb Free Space | 35.55% Space Free | Partition Type: NTFS
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: SANDYS_COMPUTER
    Current User Name: Sandy
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 90 Days
    Output = Standard
    Quick Scan

    ========== Processes (SafeList) ==========

    PRC - [2010/06/13 13:13:13 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Users\Sandy\Desktop\OTL.exe
    PRC - [2010/05/14 07:12:15 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    PRC - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    PRC - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    PRC - [2010/03/02 11:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    PRC - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
    PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    PRC - [2009/12/08 21:29:44 | 000,240,992 | ---- | M] (Microsoft Corp.) -- C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
    PRC - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
    PRC - [2009/08/18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
    PRC - [2009/08/07 17:15:06 | 000,242,048 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2008/10/15 03:04:34 | 000,039,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    PRC - [2008/06/24 01:27:40 | 000,025,840 | ---- | M] () -- C:\Program Files\Dell V305\dldtmsdmon.exe
    PRC - [2008/06/24 01:26:16 | 000,668,912 | ---- | M] () -- C:\Program Files\Dell V305\dldtmon.exe
    PRC - [2008/02/25 11:38:12 | 000,595,184 | ---- | M] ( ) -- C:\Windows\System32\dldtcoms.exe
    PRC - [2008/01/19 02:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
    PRC - [2007/03/15 08:32:14 | 004,390,912 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
    PRC - [2006/11/02 07:34:44 | 000,176,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpcumi.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/06/13 13:13:13 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Users\Sandy\Desktop\OTL.exe
    MOD - [2009/04/11 01:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
    MOD - [2008/01/19 02:33:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx


    ========== Win32 Services (SafeList) ==========

    SRV - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
    SRV - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
    SRV - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
    SRV - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
    SRV - [2009/08/07 17:15:06 | 000,242,048 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
    SRV - [2008/02/25 11:38:16 | 000,099,568 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\dldtserv.exe -- (dldtCATSCustConnectService)
    SRV - [2008/02/25 11:38:12 | 000,595,184 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\dldtcoms.exe -- (dldt_device)
    SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2007/03/19 13:44:44 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)


    ========== Driver Services (SafeList) ==========

    DRV - [2010/03/01 10:05:24 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
    DRV - [2010/02/16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
    DRV - [2009/07/14 18:54:00 | 009,557,216 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
    DRV - [2009/05/11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
    DRV - [2007/11/13 17:14:32 | 000,020,152 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
    DRV - [2007/11/13 17:14:32 | 000,019,128 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
    DRV - [2007/11/13 17:14:32 | 000,017,592 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
    DRV - [2007/03/22 14:57:14 | 000,028,672 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\elagopro.sys -- (elagopro)
    DRV - [2007/03/22 14:57:14 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\elaunidr.sys -- (elaunidr)
    DRV - [2007/03/15 08:57:30 | 001,059,112 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
    DRV - [2007/03/15 08:32:14 | 001,744,928 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
    DRV - [2007/02/25 13:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\dsunidrv.sys -- (dsunidrv)
    DRV - [2007/01/05 23:59:42 | 000,035,920 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
    DRV - [2006/11/02 04:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
    DRV - [2006/11/02 04:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
    DRV - [2006/11/02 04:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
    DRV - [2006/11/02 04:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
    DRV - [2006/11/02 04:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
    DRV - [2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
    DRV - [2006/11/02 04:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
    DRV - [2006/11/02 04:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
    DRV - [2006/11/02 04:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
    DRV - [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
    DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
    DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
    DRV - [2006/11/02 04:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
    DRV - [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
    DRV - [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
    DRV - [2006/11/02 04:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
    DRV - [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
    DRV - [2006/11/02 04:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
    DRV - [2006/11/02 04:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
    DRV - [2006/11/02 04:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
    DRV - [2006/11/02 04:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
    DRV - [2006/11/02 04:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
    DRV - [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
    DRV - [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
    DRV - [2006/11/02 04:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
    DRV - [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
    DRV - [2006/11/02 04:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
    DRV - [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
    DRV - [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
    DRV - [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
    DRV - [2006/11/02 04:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
    DRV - [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
    DRV - [2006/11/02 03:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
    DRV - [2006/11/02 03:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
    DRV - [2006/11/02 03:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
    DRV - [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
    DRV - [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
    DRV - [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
    DRV - [2006/11/02 02:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
    DRV - [2006/11/02 02:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
    DRV - [2006/11/02 02:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1g60i32.sys -- (E1G60) Intel(R)
    DRV - [2006/11/02 02:30:53 | 000,464,384 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XV)
    DRV - [2006/10/05 18:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\dsproct.sys -- (DSproct)
    DRV - [2005/08/12 08:58:08 | 000,015,232 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\w55u01.sys -- (W55U01)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========


    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mail.live.com/default.aspx?wa=wsignin1.0
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    FF - HKLM\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\Firefox [2010/03/17 17:00:04 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/03/17 17:00:07 | 000,000,000 | ---D | M]
     
  18. sskkc

    sskkc TS Rookie Topic Starter

    Part two:

    O1 HOSTS File: ([2010/06/13 16:42:52 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
    O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
    O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
    O2 - BHO: (MSN Toolbar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation)
    O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (MSN Toolbar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation)
    O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
    O4 - HKLM..\Run: [dldtamon] C:\Program Files\Dell V305\dldtamon.exe ()
    O4 - HKLM..\Run: [dldtmon.exe] C:\Program Files\Dell V305\dldtmon.exe ()
    O4 - HKLM..\Run: [ISUSPM Startup] c:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
    O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [MSN Toolbar] C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe (Microsoft Corp.)
    O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
    O4 - HKCU..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe (Adobe Systems Incorporated)
    O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
    O4 - HKCU..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103470 -Mozilla\4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident\4.0; GTB6.4; Mozilla\4.0 ( File not found
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
    O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll (Google Inc.)
    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} http://www.worldwinner.com/games/v47/scrabblecubes/scrabblecubes.cab (ScrabbleCubes Control)
    O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} http://www.worldwinner.com/games/v50/pool/pool.cab (Pool Control)
    O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} http://www.worldwinner.com/games/v63/bjattack/bja.cab (BJA Control)
    O16 - DPF: {61900274-3323-4446-BDCD-91548D32AF1B} http://www.worldwinner.com/games/v56/spidersolitaire/spidersolitaire.cab (SpiderSolitaire Control)
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab (Wwlaunch Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} http://www.worldwinner.com/games/launcher/ie/v2.22.01.0/iewwload.cab (WorldWinner ActiveX Launcher Control)
    O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} http://www.worldwinner.com/games/v46/wordmojo/wordmojo.cab (WordMojo Control)
    O16 - DPF: {95A311CD-EC8E-452A-BCEC-B844EB616D03} http://www.worldwinner.com/games/v51/bejeweledtwist/bejeweledtwist.cab (BejeweledTwist Control)
    O16 - DPF: {BA35B9B8-DE9E-47C9-AFA7-3C77E3DDFD39} http://www.worldwinner.com/games/v46/monopoly/monopoly.cab (Monopoly Control)
    O16 - DPF: {C5326A4D-E9AA-40AD-A09A-E74304D86B47} http://www.worldwinner.com/games/v52/dinerdash/dinerdash.cab (DinerDash Control)
    O16 - DPF: {C82BB209-F528-46F9-96D5-69DEF7260916} http://www.worldwinner.com/games/v45/mysterypi/mysterypi.cab (MysteryPI Control)
    O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-us.cab (Windows Live Hotmail Photo Upload Tool)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
    O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Forest Flowers.jpg
    O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Forest Flowers.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 90 Days ==========

    [2010/06/13 16:38:03 | 000,000,000 | ---D | C] -- C:\_OTL
    [2010/06/13 16:34:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
    [2010/06/13 13:13:13 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Users\Sandy\Desktop\OTL.exe
    [2010/06/13 12:54:20 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2010/06/13 12:54:20 | 000,000,000 | ---D | C] -- C:\Users\Sandy\AppData\Local\temp
    [2010/06/13 12:53:36 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2010/06/13 12:15:16 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2010/06/13 12:15:12 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2010/06/13 11:14:26 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip
    [2010/06/13 11:14:24 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
    [2010/06/13 10:07:04 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
    [2010/06/13 10:06:59 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
    [2010/06/13 10:06:58 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
    [2010/06/13 10:06:58 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys
    [2010/06/13 10:06:58 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys
    [2010/06/13 10:06:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
    [2010/06/13 10:06:56 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
    [2010/05/31 10:41:12 | 000,998,736 | ---- | C] (Kaspersky Lab) -- C:\Users\Sandy\Desktop\TDSSKiller.exe
    [2010/05/14 12:04:31 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
    [2010/05/14 09:10:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
    [2010/05/14 09:10:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
    [2010/05/14 09:10:33 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
    [2010/05/12 15:00:02 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
    [2010/05/12 12:43:25 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
    [2010/05/12 11:06:46 | 000,000,000 | ---D | C] -- C:\Users\Sandy\AppData\Roaming\Malwarebytes
    [2010/05/12 11:06:35 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
    [2010/05/12 11:06:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2010/05/12 11:06:33 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2010/05/12 11:06:33 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2010/05/12 10:23:11 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Sandy\Desktop\mbam-setup.exe
    [2010/05/12 10:19:23 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Users\Sandy\Desktop\TFC.exe
    [2010/05/12 10:00:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
    [2010/05/12 10:00:14 | 000,000,000 | ---D | C] -- C:\Users\Sandy\Office Genuine Advantage
    [2010/04/12 09:37:00 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2010/04/12 09:36:57 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2010/04/12 09:33:52 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
    [2010/03/18 14:35:52 | 000,987,136 | ---- | C] (Creative Development LTD) -- C:\Windows\System32\CRDE2000.dll
    [2010/03/18 14:35:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Cosmi
    [2010/03/18 14:35:12 | 000,000,000 | ---D | C] -- C:\Program Files\Cosmi
    [2010/03/18 14:34:51 | 000,299,520 | ---- | C] (InstallShield Corporation, Inc.) -- C:\Windows\uninst.exe
    [2010/03/17 17:14:58 | 000,000,000 | ---D | C] -- C:\Users\Sandy\Desktop\Documents\My Games
    [2010/03/17 17:14:46 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
    [2010/03/17 17:00:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
    [2010/03/17 17:00:04 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Toolbar
    [2010/03/17 16:59:18 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Toolbar Installer
    [2010/03/17 16:59:04 | 000,000,000 | ---D | C] -- C:\Program Files\Nick Arcade
    [2009/06/23 08:28:49 | 000,438,272 | ---- | C] ( ) -- C:\Windows\System32\DLDThcp.dll
    [2009/06/23 08:28:48 | 000,843,776 | ---- | C] ( ) -- C:\Windows\System32\dldtusb1.dll
    [2009/06/23 08:28:48 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\dldtinpa.dll
    [2009/06/23 08:28:48 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\dldtiesc.dll
    [2009/06/23 08:28:47 | 001,105,920 | ---- | C] ( ) -- C:\Windows\System32\dldtserv.dll
    [2009/06/23 08:28:47 | 000,647,168 | ---- | C] ( ) -- C:\Windows\System32\dldtpmui.dll
    [2009/06/23 08:28:47 | 000,569,344 | ---- | C] ( ) -- C:\Windows\System32\dldtlmpm.dll
    [2009/06/23 08:28:47 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\dldtprox.dll
    [2009/06/23 08:28:45 | 000,663,552 | ---- | C] ( ) -- C:\Windows\System32\dldthbn3.dll
    [2009/06/23 08:28:43 | 000,851,968 | ---- | C] ( ) -- C:\Windows\System32\dldtcomc.dll
    [2009/06/23 08:28:43 | 000,376,832 | ---- | C] ( ) -- C:\Windows\System32\dldtcomm.dll
    [10 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
    [10 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

    ========== Files - Modified Within 90 Days ==========

    [2010/06/13 16:45:42 | 005,505,024 | -HS- | M] () -- C:\Users\Sandy\NTUSER.DAT
    [2010/06/13 16:44:02 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2010/06/13 16:43:58 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2010/06/13 16:43:58 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2010/06/13 16:43:55 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
    [2010/06/13 16:43:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2010/06/13 16:43:05 | 000,524,288 | -HS- | M] () -- C:\Users\Sandy\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000001.regtrans-ms
    [2010/06/13 16:43:05 | 000,065,536 | -HS- | M] () -- C:\Users\Sandy\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TM.blf
    [2010/06/13 16:42:52 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
    [2010/06/13 16:13:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2010/06/13 13:23:16 | 000,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
    [2010/06/13 13:23:16 | 000,595,446 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2010/06/13 13:23:16 | 000,101,144 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2010/06/13 13:14:54 | 001,690,291 | -H-- | M] () -- C:\Users\Sandy\AppData\Local\IconCache.db
    [2010/06/13 13:13:13 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Users\Sandy\Desktop\OTL.exe
    [2010/06/13 12:51:52 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
    [2010/06/13 12:01:18 | 000,966,213 | ---- | M] () -- C:\Users\Sandy\Desktop\tdsskiller.zip
    [2010/06/13 11:17:14 | 000,003,792 | ---- | M] () -- C:\Users\Sandy\Desktop\Documents\attach.zip
    [2010/06/13 11:14:35 | 000,001,816 | ---- | M] () -- C:\Users\Public\Desktop\WinZip.lnk
    [2010/06/13 11:13:07 | 014,501,192 | ---- | M] () -- C:\Users\Sandy\Desktop\Documents\winzip145.exe
    [2010/06/13 10:24:23 | 001,374,664 | ---- | M] () -- C:\Users\Sandy\Desktop\Documents\MCPR.exe
    [2010/06/13 10:07:16 | 000,001,809 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
    [2010/06/13 07:47:43 | 000,000,680 | ---- | M] () -- C:\Users\Sandy\AppData\Local\d3d9caps.dat
    [2010/06/13 07:10:52 | 216,767,264 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2010/05/31 10:41:12 | 000,998,736 | ---- | M] (Kaspersky Lab) -- C:\Users\Sandy\Desktop\TDSSKiller.exe
    [2010/05/25 15:22:14 | 000,104,448 | ---- | M] () -- C:\Users\Sandy\Desktop\Documents\Budget 2010.xls
    [2010/05/19 01:32:31 | 000,012,455 | ---- | M] () -- C:\Users\Sandy\Desktop\TO DO for new house.docx
    [2010/05/19 01:16:46 | 000,293,376 | ---- | M] () -- C:\Users\Sandy\Desktop\q2uropj4.exe
    [2010/05/14 09:14:42 | 000,345,400 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2010/05/12 11:06:37 | 000,000,820 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/05/12 10:23:14 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Sandy\Desktop\mbam-setup.exe
    [2010/05/12 10:19:07 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Users\Sandy\Desktop\TFC.exe
    [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
    [2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2010/04/24 06:11:41 | 000,002,627 | ---- | M] () -- C:\Users\Sandy\Desktop\Word.lnk
    [2010/04/23 06:59:20 | 000,012,748 | ---- | M] () -- C:\Users\Sandy\Desktop\Documents\camp list.docx
    [2010/04/13 20:01:03 | 000,649,245 | ---- | M] () -- C:\Users\Sandy\Desktop\Documents\2010_Parent_Packet.docx
    [2010/04/12 09:38:01 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2010/04/12 09:34:29 | 000,001,728 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
    [2010/03/29 07:56:19 | 000,060,928 | ---- | M] () -- C:\Users\Sandy\Desktop\Documents\address label list.DOC
    [2010/03/25 14:22:53 | 000,042,066 | ---- | M] () -- C:\Users\Sandy\Desktop\Documents\ScoutRegForm-Zoo.pdf
    [2010/03/23 19:32:50 | 000,040,258 | ---- | M] () -- C:\Users\Sandy\Desktop\Documents\yoda.docx
    [2010/03/16 00:34:48 | 000,020,992 | ---- | M] () -- C:\Users\Sandy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/03/15 23:50:35 | 000,076,191 | ---- | M] () -- C:\Windows\System32\LexFiles.ulf
    [2010/03/15 23:49:10 | 082,457,840 | ---- | M] () -- C:\Users\Sandy\Desktop\Documents\R190176.exe
    [10 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
    [10 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
     
  19. sskkc

    sskkc TS Rookie Topic Starter

    And third time's the charm!

    ========== Files Created - No Company Name ==========

    [2010/06/13 12:01:15 | 000,966,213 | ---- | C] () -- C:\Users\Sandy\Desktop\tdsskiller.zip
    [2010/06/13 11:17:14 | 000,003,792 | ---- | C] () -- C:\Users\Sandy\Desktop\Documents\attach.zip
    [2010/06/13 11:14:35 | 000,001,816 | ---- | C] () -- C:\Users\Public\Desktop\WinZip.lnk
    [2010/06/13 11:13:08 | 014,501,192 | ---- | C] () -- C:\Users\Sandy\Desktop\Documents\winzip145.exe
    [2010/06/13 10:24:21 | 001,374,664 | ---- | C] () -- C:\Users\Sandy\Desktop\Documents\MCPR.exe
    [2010/06/13 10:07:16 | 000,001,809 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
    [2010/05/19 01:16:44 | 000,293,376 | ---- | C] () -- C:\Users\Sandy\Desktop\q2uropj4.exe
    [2010/05/12 12:21:23 | 216,767,264 | ---- | C] () -- C:\Windows\MEMORY.DMP
    [2010/05/12 11:06:37 | 000,000,820 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/04/23 06:59:19 | 000,012,748 | ---- | C] () -- C:\Users\Sandy\Desktop\Documents\camp list.docx
    [2010/04/13 20:01:02 | 000,649,245 | ---- | C] () -- C:\Users\Sandy\Desktop\Documents\2010_Parent_Packet.docx
    [2010/04/12 09:38:01 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2010/04/12 09:34:29 | 000,001,728 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
    [2010/04/09 01:15:51 | 000,012,455 | ---- | C] () -- C:\Users\Sandy\Desktop\TO DO for new house.docx
    [2010/03/25 14:22:53 | 000,042,066 | ---- | C] () -- C:\Users\Sandy\Desktop\Documents\ScoutRegForm-Zoo.pdf
    [2010/03/18 14:35:52 | 000,229,376 | ---- | C] () -- C:\Windows\System32\ISP2000.dll
    [2010/03/15 23:47:43 | 082,457,840 | ---- | C] () -- C:\Users\Sandy\Desktop\Documents\R190176.exe
    [2009/09/17 08:32:46 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
    [2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
    [2009/06/23 08:35:33 | 000,360,448 | ---- | C] () -- C:\Windows\System32\dldtcoin.dll
    [2009/06/23 08:29:06 | 000,102,400 | ---- | C] () -- C:\Windows\System32\dldtwupd.dll
    [2009/06/23 08:28:49 | 000,348,160 | ---- | C] () -- C:\Windows\System32\DLDTinst.dll
    [2009/06/23 08:28:48 | 000,520,192 | ---- | C] () -- C:\Windows\System32\dldtutil.dll
    [2009/06/23 08:28:46 | 000,180,224 | ---- | C] () -- C:\Windows\System32\dldtinsb.dll
    [2009/06/23 08:28:46 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dldtins.dll
    [2009/06/23 08:28:46 | 000,143,360 | ---- | C] () -- C:\Windows\System32\dldtjswr.dll
    [2009/06/23 08:28:46 | 000,106,496 | ---- | C] () -- C:\Windows\System32\dldtinsr.dll
    [2009/06/23 08:28:45 | 000,208,896 | ---- | C] () -- C:\Windows\System32\dldtgrd.dll
    [2009/06/23 08:28:44 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dldtcub.dll
    [2009/06/23 08:28:44 | 000,077,824 | ---- | C] () -- C:\Windows\System32\dldtcu.dll
    [2009/06/23 08:28:44 | 000,036,864 | ---- | C] () -- C:\Windows\System32\dldtcur.dll
    [2009/06/23 08:28:42 | 000,077,906 | ---- | C] () -- C:\Windows\System32\DLDTcfg.dll
    [2009/04/05 17:22:01 | 000,000,014 | ---- | C] () -- C:\Windows\System32\systeminfo3.dll
    [2009/01/13 10:51:46 | 000,000,000 | ---- | C] () -- C:\Windows\setup32.INI
    [2008/12/14 18:38:10 | 000,000,021 | ---- | C] () -- C:\Windows\CC_SETUP.ini
    [2008/02/21 15:41:23 | 000,782,336 | ---- | C] () -- C:\Windows\System32\dldtdrs.dll
    [2008/02/19 17:25:56 | 000,081,920 | ---- | C] () -- C:\Windows\System32\dldtcaps.dll
    [2007/11/13 14:13:09 | 000,069,632 | ---- | C] () -- C:\Windows\System32\dldtcnv4.dll
    [2007/04/28 09:41:49 | 000,040,960 | ---- | C] () -- C:\Windows\System32\dldtvs.dll
    [2007/03/19 06:04:58 | 000,003,584 | ---- | C] () -- C:\Windows\System32\namResES.dll
    [2007/03/19 06:04:58 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResIT.dll
    [2007/03/19 06:04:58 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResFR.dll
    [2007/03/19 06:04:58 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResENG.dll
    [2007/03/19 06:04:58 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResDE.dll
    [2007/03/19 06:04:56 | 000,003,584 | ---- | C] () -- C:\Windows\System32\namResPTB.dll
    [2007/03/19 06:04:56 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResZHC.dll
    [2007/03/19 06:04:56 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResKO.dll
    [2007/03/19 06:04:56 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResJA.dll
    [2007/03/19 06:04:54 | 000,022,016 | ---- | C] () -- C:\Windows\System32\nam_page.dll
    [2007/03/19 06:04:54 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResZHT.dll
    [2006/11/07 14:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
    [2006/11/02 05:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
    [2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
    [2006/09/17 00:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
    [2006/09/17 00:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll

    ========== LOP Check ==========

    [2010/05/14 11:01:26 | 000,000,000 | ---D | M] -- C:\Users\Sandy\AppData\Roaming\Canon
    [2010/01/02 10:33:04 | 000,000,000 | ---D | M] -- C:\Users\Sandy\AppData\Roaming\DriverCure
    [2009/01/28 14:16:33 | 000,000,000 | ---D | M] -- C:\Users\Sandy\AppData\Roaming\Elluminate
    [2009/04/05 20:42:42 | 000,000,000 | ---D | M] -- C:\Users\Sandy\AppData\Roaming\ImgBurn
    [2007/11/20 00:02:25 | 000,000,000 | ---D | M] -- C:\Users\Sandy\AppData\Roaming\PeerNetworking
    [2007/12/15 11:19:31 | 000,000,000 | ---D | M] -- C:\Users\Sandy\AppData\Roaming\Snapfish
    [2009/04/05 19:35:33 | 000,000,000 | ---D | M] -- C:\Users\Sandy\AppData\Roaming\Vso
    [2008/07/14 17:56:48 | 000,000,000 | ---D | M] -- C:\Users\Sandy\AppData\Roaming\Wal-Mart Digital Photo Viewer
    [2010/06/13 16:42:58 | 000,032,582 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========


    < End of report >
     
  20. Broni

    Broni Malware Annihilator Posts: 48,020   +271

    Very good :)

    1. Download Temp File Cleaner (TFC)
    Double click on TFC.exe to run the program.
    Click on Start button to begin cleaning process.
    TFC will close all running programs, and it may ask you to restart computer.


    2. Go to Kaspersky website and perform an online antivirus scan.

    1. Disable your active antivirus program.
    2. Read through the requirements and privacy statement and click on Accept button.
    3. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
    4. When the downloads have finished, click on Settings.
    5. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

    • Spyware, Adware, Dialers, and other potentially dangerous programs
      [*] Archives
      [*] Mail databases
    6. Click on My Computer under Scan.
    7. Once the scan is complete, it will display the results. Click on View Scan Report.
    8. You will see a list of infected items there. Click on Save Report As....
    9. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.
     
  21. sskkc

    sskkc TS Rookie Topic Starter

    Two hours, 35 minutes. No threats, infected or suspicious areas. And no report. I clicked the "View Report" and it was blank.

    Just a note: it had to "downgrade" my Java before running a scan - said I needed an earlier version.

    So... was this the final step? This is good news, right? :D
     
  22. Broni

    Broni Malware Annihilator Posts: 48,020   +271

    Update your Java version back to Java 6 Update 20.

    OTL Clean-Up
    Clean up with OTL:

    * Double-click OTL.exe to start the program.
    * Close all other programs apart from OTL as this step will require a reboot
    * On the OTL main screen, press the CLEANUP button
    * Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    =======================================================================

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point.

    Turn off System Restore:

    - Windows XP:
    1. Click Start.
    2. Right-click the My Computer icon, and then click Properties.
    3. Click the System Restore tab.
    4. Check "Turn off System Restore".
    5. Click Apply.
    6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
    7. Click OK.
    - Windows Vista and 7:
    1. Click Start.
    2. Right-click the Computer icon, and then click Properties.
    3. Click on System Protection under the Tasks column on the left side
    4. Click on Continue on the "User Account Control" window that pops up
    5. Under the System Protection tab, find Available Disks
    6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C:")
    7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
    8. Click OK

    2. Restart computer.

    3. Turn System Restore on.

    4. Make sure, Windows Updates are current.

    5. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    7. Run defrag at your convenience.

    8. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    9. Please, let me know, how is your computer doing.
     
  23. sskkc

    sskkc TS Rookie Topic Starter

    Thank you so much! I really appreciate all you did for me!
     
  24. Broni

    Broni Malware Annihilator Posts: 48,020   +271

    Way to go!! [​IMG]
    Good luck and stay safe :)
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.