TechSpot

Can't turn on windows firewall, firefox searches redirecting, slow boot up

By neilthrun
Oct 1, 2010
  1. I did the 8 steps, My logs are at the end of the post. Here is a brief rundown of my problems.

    I just recently got an internet connection after not having one for a couple of years. While surfing in firefox, I got a notice from Window Security Essentials informing me of a threat. I thought it was somekind of hoax having never heard of Security Essentials, and was equally suspicious when I couldn't fix the problem offline and that I couldn't ctrl+alt+del or access internet browsers.

    I later learned that Secuirty Essentials is a new program by windows, and that it was not a hoax (correct me if I'm wrong about security essentials). I restarted in safe mode, did system restore to the previous night. then ran my ussual AVG, Malware Bytes, Spybot scan. Only spybot encountered a problem, something called Firewall Open Ports, I corrected that problem with spybot.

    My normal fixes didn't work entirely, and I've come to this board for help, I ran your 8 steps at this point. Here are my remaining symptoms.

    Windows Firewall is disabled, and gives an error when I try to activate it.\
    Firefox and IE wont load unless I'm connected to the internet
    Sometimes after a reboot my start bar and desktop wont displaying, requiring another restart.
    Slow computer speeds, slow boot ups and shutdowns.
    Firefox redirects search engine links in google to other trash websites.

    Any help is greatly appreciated, and I will stop attempting my own fixes now.

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4728

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    10/1/2010 4:49:23 PM
    mbam-log-2010-10-01 (16-49-23).txt

    Scan type: Quick scan
    Objects scanned: 148409
    Time elapsed: 5 minute(s), 18 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    GMER 1.0.15.15281 - http://www.gmer.net
    Rootkit scan 2010-10-01 18:19:55
    Windows 5.1.2600 Service Pack 3
    Running: rkuxdn9x.exe; Driver: C:\DOCUME~1\NEILTH~1\LOCALS~1\Temp\kxtdqpod.sys


    ---- System - GMER 1.0.15 ----

    SSDT sppf.sys ZwCreateKey [0xF74E40E0]
    SSDT sppf.sys ZwEnumerateKey [0xF74FCDA4]
    SSDT sppf.sys ZwEnumerateValueKey [0xF74FD132]
    SSDT sppf.sys ZwOpenKey [0xF74E40C0]
    SSDT sppf.sys ZwQueryKey [0xF74FD20A]
    SSDT sppf.sys ZwQueryValueKey [0xF74FD08A]
    SSDT sppf.sys ZwSetValueKey [0xF74FD29C]

    INT 0x62 ? 89C0EBF8
    INT 0x63 ? 89B9FBF8
    INT 0x84 ? 89B9EBF8
    INT 0x94 ? 89B9EBF8
    INT 0xA4 ? 89B9EBF8
    INT 0xB4 ? 89B9EBF8

    ---- Kernel code sections - GMER 1.0.15 ----

    ? sppf.sys The system cannot find the file specified. !
    .text USBPORT.SYS!DllUnload BA5C38AC 5 Bytes JMP 89B9E1D8
    .text a71keirc.SYS BA54F386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
    .text a71keirc.SYS BA54F3AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
    .text a71keirc.SYS BA54F3C4 3 Bytes [00, 80, 02]
    .text a71keirc.SYS BA54F3C9 1 Byte [30]
    .text a71keirc.SYS BA54F3C9 11 Bytes [30, 00, 00, 00, 5E, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESI; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
    .text ...

    ---- Kernel IAT/EAT - GMER 1.0.15 ----

    IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 89C112D8
    IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F750FDDC] sppf.sys
    IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F750FE30] sppf.sys
    IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F74E5042] sppf.sys
    IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F74E513E] sppf.sys
    IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F74E50C0] sppf.sys
    IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F74E5800] sppf.sys
    IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F74E56D6] sppf.sys
    IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 89B9E2D8
    IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!RtlInitUnicodeString] 8800001C
    IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!swprintf] 001CBA86
    IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!KeSetEvent] C61AEB00
    IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!IoCreateSymbolicLink] 001C8986
    IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!IoGetConfigurationInformation] 86C61200
    IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!IoDeleteSymbolicLink] 00001C8B
    IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!MmFreeMappingAddress] 96868801
    IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!IoFreeErrorLogEntry] 8800001C
    IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!IoDisconnectInterrupt] 001CB286
    IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!MmUnmapIoSpace] 88968B00
    IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!ObReferenceObjectByPointer] 8900001C
    IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!IofCompleteRequest] 001CA496
    IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!RtlCompareUnicodeString] C6168B00
    IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!IofCallDriver] 001CC186
    IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!MmAllocateMappingAddress] 428A0A00
    IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!IoAllocateErrorLogEntry] C286880C
    IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!IoConnectInterrupt] 8B00001C
    IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!IoDetachDevice] 24A48DFA
    IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!KeWaitForSingleObject] 00000000
    IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!KeInitializeEvent] 4B8BDF8B
    IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!KeCancelTimer] 8D3F0304
    IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!RtlAnsiStringToUnicodeString] CB033043
    IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!RtlInitAnsiString] 0673C13B
    IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!IoBuildDeviceIoControlRequest] C13B0003
    IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!IoQueueWorkItem] 8366FA72
    IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!MmMapIoSpace] 75000E7B
    IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!IoInvalidateDeviceRelations] 0B7D80E3
    IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!IoReportDetectedDevice] 307B8D00
    IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!IoReportResourceForDetection] 00AA840F
    IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!RtlxAnsiStringToUnicodeSize] 83660000
    IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!NlsMbCodePageTag] 6A000E7A
    IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!PoRequestPowerIrp] C6647400
    IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!KeInsertByKeyDeviceQueue] 001CC386
    IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!PoRegisterDeviceForIdleDetection] 4F8B0200
    IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!sprintf] 968D5140
    IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!MmMapLockedPagesSpecifyCache] 00001C98
    IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!ObfDereferenceObject] 22F6E852
    IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!IoGetAttachedDeviceReference] 478B0000
    IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!IoInvalidateDeviceState] 50016A40
    IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!ZwClose] 1CB48E8D
    IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!ObReferenceObjectByHandle] E8510000
    IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!ZwCreateDirectoryObject] 000022E4
    IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!IoBuildSynchronousFsdRequest] 6A18538B
    IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!PoStartNextPowerIrp] 868D5200
    IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!IoCreateDevice] 00001CA0
    IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!RtlCopyUnicodeString] 22D2E850
    IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!IoAllocateDriverObjectExtension] 4B8B0000
     
  2. neilthrun

    neilthrun TS Rookie Topic Starter

    IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!RtlQueryRegistryValues] 51016A18
    IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!ZwOpenKey] 1CBC968D
    IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!RtlFreeUnicodeString] E8520000
    IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!IoStartTimer] 000022C0
    IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!KeInitializeTimer] 8A05478A
    IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!IoInitializeTimer] 001CC38E
    IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!KeInitializeDpc] 30C48300
    IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!KeInitializeSpinLock] 1CC58688
    IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!IoInitializeIrp] 80E90000
    IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!ZwCreateKey] C6000000
    IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!RtlAppendUnicodeStringToString] 001CC386
    IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!RtlIntegerToUnicodeString] 438B0100
    IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!ZwSetValueKey] 8E8D5018
    IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!KeInsertQueueDpc] 00001C98
    IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!KefAcquireSpinLockAtDpcLevel] 2292E851
    IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!IoStartPacket] 538B0000
    IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!KefReleaseSpinLockFromDpcLevel] 52016A18
    IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!IoBuildAsynchronousFsdRequest] 1CB4868D
    IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!IoFreeMdl] E8500000
    IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!MmUnlockPages] 00002280
    IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!IoWriteErrorLogEntry] 8A05478A
    IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!KeRemoveByKeyDeviceQueue] 001CC38E
    IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!MmMapLockedPagesWithReservedMapping] 18C48300
    IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!MmUnmapReservedMapping] 1CC58688
    IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!KeSynchronizeExecution] 43EB0000
    IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!IoStartNextPacket] 320C538A
    IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!KeBugCheckEx] 88F93BC0
    IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!KeRemoveDeviceQueue] 001CC396
    IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!KeSetTimer] F6317300
    IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!_allmul] 74070647
    IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!MmProbeAndLockPages] 75C0841A
    IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!_except_handler3] 05578A0B
    IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!PoSetPowerState] 968801B0
    IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!IoOpenDeviceRegistryKey] 00001CC5
    IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!RtlWriteRegistryValue] 57B60F66
    IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!RtlDeleteRegistryValue] 533B6604
    IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!_aulldiv] 03087408
    IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!strstr] 72F93B3F
    IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!_strupr] 8A09EBDA
    IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!KeQuerySystemTime] 86880547
    IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!IoWMIRegistrationControl] 00001CC5
    IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!KeTickCount] 88084B8A
    IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!IoAttachDeviceToDeviceStack] 001CC68E
    IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!IoDeleteDevice] 40578B00
    IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!ExAllocatePoolWithTag] 8D52006A
    IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!IoAllocateWorkItem] 001CC886
    IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!IoAllocateIrp] 11E85000
    IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!IoAllocateMdl] 8B000022
    IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!MmBuildMdlForNonPagedPool] 001CC08E
    IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!MmLockPagableDataSection] C4968B00
    IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!IoGetDriverObjectExtension] 8900001C
    IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!MmUnlockPagableImageSection] 001CCC8E
    IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!ExFreePoolWithTag] D0968900
    IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!IoFreeIrp] 8B00001C
    IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!IoFreeWorkItem] 016A4047
    IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!InitSafeBootMode] D4C68150
    IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!RtlCompareMemory] 5600001C
    IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!PoCallDriver] 0021E7E8
    IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!memmove] 18C48300
    IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!MmHighestUserAddress] 5D5B5E5F
    IAT \SystemRoot\System32\Drivers\a71keirc.SYS[HAL.dll!KfAcquireSpinLock] 18C4830E
    IAT \SystemRoot\System32\Drivers\a71keirc.SYS[HAL.dll!READ_PORT_UCHAR] 1C959E88
    IAT \SystemRoot\System32\Drivers\a71keirc.SYS[HAL.dll!KeGetCurrentIrql] 9E880000
    IAT \SystemRoot\System32\Drivers\a71keirc.SYS[HAL.dll!KfRaiseIrql] 00001CB1
    IAT \SystemRoot\System32\Drivers\a71keirc.SYS[HAL.dll!KfLowerIrql] 0E798366
    IAT \SystemRoot\System32\Drivers\a71keirc.SYS[HAL.dll!HalGetInterruptVector] 74AAB000
    IAT \SystemRoot\System32\Drivers\a71keirc.SYS[HAL.dll!HalTranslateBusAddress] 8986C636
    IAT \SystemRoot\System32\Drivers\a71keirc.SYS[HAL.dll!KeStallExecutionProcessor] 1A00001C
    IAT \SystemRoot\System32\Drivers\a71keirc.SYS[HAL.dll!KfReleaseSpinLock] 1C8B86C6
    IAT \SystemRoot\System32\Drivers\a71keirc.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] C6020000
    IAT \SystemRoot\System32\Drivers\a71keirc.SYS[HAL.dll!READ_PORT_USHORT] 001C9686
    IAT \SystemRoot\System32\Drivers\a71keirc.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 86C60200
    IAT \SystemRoot\System32\Drivers\a71keirc.SYS[HAL.dll!WRITE_PORT_UCHAR] 00001CB2
    IAT \SystemRoot\System32\Drivers\a71keirc.SYS[WMILIB.SYS!WmiSystemControl] 8800001C
    IAT \SystemRoot\System32\Drivers\a71keirc.SYS[WMILIB.SYS!WmiCompleteRequest] 001CB99E

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xDB 0x80 0x36 0xEF ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x55 0x7F 0x2D 0x38 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x19 0xB7 0x86 0xDA ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xDB 0x80 0x36 0xEF ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x55 0x7F 0x2D 0x38 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x19 0xB7 0x86 0xDA ...

    ---- EOF - GMER 1.0.15 ----



    ================
    DDS (Ver_10-03-17.01) - NTFSx86 MINIMAL
    Run by Neil thrun at 18:20:00.95 on Fri 10/01/2010
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1762 [GMT -5:00]

    AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\system32\svchost.exe -k netsvcs
    C:\Program Files\AVG\AVG9\avgchsvx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Documents and Settings\Neil thrun\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
    BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
    BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
    uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [wltray.exe] c:\windows\system32\wltray.exe
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
    mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    StartupFolder: c:\documents and settings\neil thrun\start menu\programs\startup\PdaNet Desktop.lnk.disabled
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
    Notify: avgrsstarter - avgrsstx.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
     
  3. neilthrun

    neilthrun TS Rookie Topic Starter

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\neilth~1\applic~1\mozilla\firefox\profiles\aixldo05.default\
    FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
    FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
    FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
    FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
    FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
    FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
    FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
    FF - plugin: c:\program files\nos\bin\np_gp.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
    c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
    c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

    ============= SERVICES / DRIVERS ===============

    S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-2-27 333192]
    S1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-2-27 28424]
    S1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-2-27 360584]
    S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
    S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
    S2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-2-27 285392]
    S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2004-8-4 14336]
    S3 pnetmdm;PdaNet Modem;c:\windows\system32\drivers\pnetmdm.sys [2010-7-17 9472]

    =============== Created Last 30 ================

    2010-10-01 22:43:49 552 ----a-w- c:\windows\system32\d3d8caps.dat
    2010-10-01 21:15:12 0 d-----w- c:\program files\CCleaner
    2010-10-01 19:57:54 0 d-----w- c:\program files\Spybot - Search & Destroy
    2010-10-01 19:57:54 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
    2010-10-01 19:31:14 0 d-----w- c:\docume~1\neilth~1\applic~1\SUPERAntiSpyware.com
    2010-10-01 19:31:14 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
    2010-10-01 19:31:05 0 d-----w- c:\program files\SUPERAntiSpyware
    2010-10-01 19:24:31 0 d-----w- c:\docume~1\neilth~1\applic~1\Malwarebytes
    2010-10-01 19:24:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-10-01 19:24:24 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
    2010-10-01 19:24:23 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-10-01 19:24:23 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-10-01 19:08:23 0 d-----w- c:\windows\system32\MpEngineStore
    2010-10-01 19:07:48 0 d-----w- C:\54b37bc515ef938b8aecdf1406
    2010-10-01 19:01:36 0 d-----w- c:\windows\system32\wbem\Repository
    2010-10-01 01:49:31 56 ---ha-w- c:\windows\system32\ezsidmv.dat
    2010-10-01 01:48:37 0 d-----r- c:\program files\Skype
    2010-10-01 01:45:45 803 ----a-w- C:\logging-macros.xml
    2010-10-01 01:45:45 61 ----a-w- C:\mt-win.cfg
    2010-10-01 01:45:45 4637222 ----a-w- C:\maptool-1.3.b63.jar
    2010-10-01 01:45:44 4712 ----a-w- C:\README
    2010-10-01 01:45:44 47 ----a-w- C:\Launch MapTool-1G-Memory.bat
    2010-10-01 01:45:44 46 ----a-w- C:\Launch MapTool.bat
    2010-10-01 01:45:44 46 ----a-w- C:\Launch MapTool-512M-Memory.bat
    2010-10-01 01:45:44 3761 ----a-w- C:\Launch MapTool.sh
    2010-10-01 01:45:44 3761 ----a-w- C:\Launch MapTool.command
    2010-10-01 01:45:44 323584 ----a-w- C:\MapToolLauncher.exe
    2010-10-01 01:45:44 196220 ----a-w- C:\Launch MapTool-Win-README.pdf
    2010-10-01 01:45:44 0 d-----w- C:\lib
    2010-09-30 08:11:14 221184 ----a-w- c:\windows\system32\wmpns.dll
    2010-09-30 05:47:25 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
    2010-09-30 05:46:21 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
    2010-09-30 05:45:27 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
    2010-09-30 01:14:08 0 d-----w- c:\program files\Yahoo!
    2010-09-30 00:56:35 0 d-sh--w- c:\documents and settings\neil thrun\IECompatCache
    2010-09-23 20:42:04 0 d-----w- c:\windows\system32\unknown
    2010-09-05 07:17:19 0 d-----w- c:\docume~1\neilth~1\applic~1\Philipp Winterberg
    2010-09-05 07:17:13 0 d-----w- c:\program files\Free RAR Extract Frog

    ==================== Find3M ====================

    2010-09-03 22:07:01 77380 ----a-w- c:\windows\War3Unin.dat
    2010-08-30 15:52:10 2829 ----a-w- c:\windows\War3Unin.pif
    2010-08-30 15:52:10 139264 ----a-w- c:\windows\War3Unin.exe
    2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
    2010-07-22 15:49:15 590848 ----a-w- c:\windows\system32\rpcrt4.dll
    2010-07-22 05:57:20 5120 ----a-w- c:\windows\system32\xpsp4res.dll

    ============= FINISH: 18:20:10.34 ===============


    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-03-17.01)

    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume1
    Install Date: 2/17/2010 10:52:52 PM
    System Uptime: 10/1/2010 5:14:14 PM (1 hours ago)

    Motherboard: Dell Inc. | | 0GC068
    Processor: Intel(R) Pentium(R) D CPU 3.00GHz | Microprocessor | 2999/800mhz

    ==== Disk Partitions =========================

    A: is Removable
    C: is FIXED (NTFS) - 149 GiB total, 87.948 GiB free.
    D: is CDROM (CDFS)
    E: is CDROM ()
    F: is CDROM ()

    ==== Disabled Device Manager Items =============

    ==== Installed Programs ======================

    Adobe AIR
    Adobe Download Manager
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.3.4
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    AVG Free 9.0
    Baldur's Gate(TM) II - Shadows of Amn(TM) Bonus CD
    Baldur's Gate(TM) II - Throne of Bhaal (TM)
    Belkin Wireless Utility
    Bonjour
    Brainpipe Demo v1.0.1
    Caesar 3
    CCleaner
    Creative MediaSource
    Dell Resource CD
    Diablo II
    Dominions 3 (remove only)
    Free RAR Extract Frog
    FreeZip
    GIMP 2.6.10
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB942288-v3)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    How to Draw the Marvel Way
    IsoBuster 2.8
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 18
    Malwarebytes' Anti-Malware
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Software Update for Web Folders (English) 12
    Microsoft Visual C++ 2005 Redistributable
    Microsoft WinUsb 1.0
    Mozilla Firefox (3.6.10)
    NVIDIA Drivers
    ooVoo
    PdaNet for Android 2.42
    PharaohDemo
    PowerDVD 5.1
    QuickTime
    RGSS-RTP Standard
    RPGXP
    Security Update for Windows Internet Explorer 7 (KB938127-v2)
    Security Update for Windows Internet Explorer 7 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player (KB979402)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Sid Meier's Civilization 4
    Skype Toolbars
    Skype™ 5.0
    Sound Blaster Audigy 2 ZS
    Spybot - Search & Destroy
    SUPERAntiSpyware
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Warcraft III: All Products
    WebFldrs XP
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows XP Service Pack 3
    WinZip 14.5
    Yahoo! Install Manager

    ==== End Of File ===========
     
  4. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Welcome aboard [​IMG]

    Window Security Essentials is NOT a legit program.
    Microsoft Security Essentials IS a legit, free antivirus program, but it doesn't install by itself and it's not included in Windows.

    Now....

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.

    =====================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  5. neilthrun

    neilthrun TS Rookie Topic Starter

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows XP Home Edition
    Windows Information: Service Pack 3 (build 2600)
    Logical Drives Mask: 0x0000003d

    Kernel Drivers (total 130):
    0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
    0x806E4000 \WINDOWS\system32\hal.dll
    0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
    0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
    0xB9EB4000 spkj.sys
    0xBA5AA000 \WINDOWS\System32\Drivers\WMILIB.SYS
    0xB9E9C000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
    0xB9E6E000 ACPI.sys
    0xB9E5D000 pci.sys
    0xBA0A8000 ohci1394.sys
    0xBA0B8000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
    0xBA0C8000 isapnp.sys
    0xBA670000 pciide.sys
    0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    0xBA0D8000 MountMgr.sys
    0xB9E3E000 ftdisk.sys
    0xBA330000 PartMgr.sys
    0xBA0E8000 VolSnap.sys
    0xB9D69000 iaStor.sys
    0xB9D51000 atapi.sys
    0xBA338000 cercsr6.sys
    0xBA0F8000 disk.sys
    0xBA108000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    0xB9D31000 fltmgr.sys
    0xB9D1F000 sr.sys
    0xB9D08000 KSecDD.sys
    0xB9C7B000 Ntfs.sys
    0xB9C4E000 NDIS.sys
    0xB9C34000 Mup.sys
    0xBA128000 \SystemRoot\system32\DRIVERS\nic1394.sys
    0xBA268000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0xB9572000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
    0xB955E000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    0xB9528000 \SystemRoot\system32\DRIVERS\b57xp32.sys
    0xBA4B0000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0xB9504000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0xBA390000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0xB94AA000 \SystemRoot\system32\drivers\ctaud2k.sys
    0xB9486000 \SystemRoot\system32\drivers\portcls.sys
    0xBA2C8000 \SystemRoot\system32\drivers\drmk.sys
    0xB9463000 \SystemRoot\system32\drivers\ks.sys
    0xB9437000 \SystemRoot\system32\drivers\ctoss2k.sys
    0xBA5E0000 \SystemRoot\system32\drivers\ctprxy2k.sys
    0xB9BF7000 \SystemRoot\system32\DRIVERS\gameenum.sys
    0xB93DC000 \SystemRoot\system32\DRIVERS\bcmwl5.sys
    0xBA350000 \SystemRoot\system32\DRIVERS\fdc.sys
    0xBA2D8000 \SystemRoot\system32\DRIVERS\serial.sys
    0xB9BEB000 \SystemRoot\system32\DRIVERS\serenum.sys
    0xBA2E8000 \SystemRoot\system32\DRIVERS\imapi.sys
    0xBA2F8000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0xBA308000 \SystemRoot\system32\DRIVERS\redbook.sys
    0xBA388000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    0xB8578000 \SystemRoot\System32\Drivers\avcx6l36.SYS
    0xBA724000 \SystemRoot\system32\DRIVERS\audstub.sys
    0xB9BFF000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0xB8561000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0xBA2B8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0xB8C2B000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0xBA490000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0xB8550000 \SystemRoot\system32\DRIVERS\psched.sys
    0xB8C1B000 \SystemRoot\system32\DRIVERS\msgpc.sys
    0xBA498000 \SystemRoot\system32\DRIVERS\ptilink.sys
    0xBA4A0000 \SystemRoot\system32\DRIVERS\raspti.sys
    0xB9BEF000 \SystemRoot\system32\DRIVERS\pnetmdm.sys
    0xBA4A8000 \SystemRoot\System32\Drivers\Modem.SYS
    0xB8C0B000 \SystemRoot\system32\DRIVERS\termdd.sys
    0xBA348000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0xBA368000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0xBA5F8000 \SystemRoot\system32\DRIVERS\swenum.sys
    0xB84F2000 \SystemRoot\system32\DRIVERS\update.sys
    0xB9BDB000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0xB8BFB000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0xB3229000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0xBA65C000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0xB0BC5000 \SystemRoot\system32\drivers\hap16v2k.sys
    0xB0AE8000 \SystemRoot\system32\drivers\ha10kx2k.sys
    0xB0AC6000 \SystemRoot\system32\drivers\emupia2k.sys
    0xB0AA6000 \SystemRoot\system32\drivers\ctsfm2k.sys
    0xB0A08000 \SystemRoot\system32\drivers\ctac32k.sys
    0xB237D000 \SystemRoot\system32\DRIVERS\flpydisk.sys
    0xB2358000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0xB162F000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0xB1B4A000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0xB18BD000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0xB17C2000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0xB18B9000 \SystemRoot\system32\DRIVERS\kbdhid.sys
    0xBA5C2000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0xBA7F2000 \SystemRoot\System32\Drivers\Null.SYS
    0xBA5C4000 \SystemRoot\System32\Drivers\Beep.SYS
    0xB17A2000 \SystemRoot\System32\drivers\vga.sys
    0xBA5C6000 \SystemRoot\System32\Drivers\mnmdd.SYS
    0xBA5C8000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0xB1792000 \SystemRoot\System32\Drivers\Msfs.SYS
    0xB178A000 \SystemRoot\System32\Drivers\Npfs.SYS
    0xB18B1000 \SystemRoot\system32\DRIVERS\rasacd.sys
    0xADF3C000 \SystemRoot\system32\DRIVERS\ipsec.sys
    0xADEE3000 \SystemRoot\system32\DRIVERS\tcpip.sys
    0xADEBD000 \SystemRoot\system32\DRIVERS\ipnat.sys
    0xB032A000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0xB031A000 \SystemRoot\system32\DRIVERS\arp1394.sys
    0xADCE0000 \SystemRoot\System32\Drivers\avgtdix.sys
    0xA990F000 \SystemRoot\system32\DRIVERS\netbt.sys
    0xA98ED000 \SystemRoot\System32\drivers\afd.sys
    0xAA560000 \SystemRoot\system32\DRIVERS\netbios.sys
    0xA98CB000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
    0xB2385000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
    0xA98A0000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0xA9830000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0xAA550000 \SystemRoot\System32\Drivers\Fips.SYS
    0xBA488000 \SystemRoot\System32\Drivers\avgmfx86.sys
    0xA97E0000 \SystemRoot\System32\Drivers\avgldx86.sys
    0xBA1A8000 \SystemRoot\System32\Drivers\Cdfs.SYS
    0xA970B000 \SystemRoot\System32\Drivers\dump_iastor.sys
    0xBF800000 \SystemRoot\System32\win32k.sys
    0xA9947000 \SystemRoot\System32\drivers\Dxapi.sys
    0xBA3B0000 \SystemRoot\System32\watchdog.sys
    0xBF000000 \SystemRoot\System32\drivers\dxg.sys
    0xBA6E5000 \SystemRoot\System32\drivers\dxgthk.sys
    0xBF012000 \SystemRoot\System32\nv4_disp.dll
    0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
    0xAC1FF000 \SystemRoot\system32\DRIVERS\AegisP.sys
    0xAC1FB000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0xA93C6000 \SystemRoot\system32\DRIVERS\mrxdav.sys
    0xA92A7000 \SystemRoot\system32\DRIVERS\srv.sys
    0xA9218000 \??\C:\WINDOWS\system32\drivers\PfModNT.sys
    0xA90C3000 \SystemRoot\system32\drivers\wdmaud.sys
    0xA9190000 \SystemRoot\system32\drivers\sysaudio.sys
    0xA8DAC000 \SystemRoot\System32\Drivers\HTTP.sys
    0x7C900000 \WINDOWS\system32\ntdll.dll
    0x10000000 \Program Files\DAEMON Tools Lite\Engine.dll

    Processes (total 35):
    0 System Idle Process
    4 System
    804 C:\WINDOWS\system32\smss.exe
    868 csrss.exe
    892 C:\WINDOWS\system32\winlogon.exe
    940 C:\WINDOWS\system32\services.exe
    952 C:\WINDOWS\system32\lsass.exe
    1116 C:\WINDOWS\system32\svchost.exe
    1196 svchost.exe
    1512 svchost.exe
    1588 svchost.exe
    1764 C:\WINDOWS\system32\wltrysvc.exe
    1792 C:\Program Files\AVG\AVG9\avgchsvx.exe
    1800 C:\Program Files\AVG\AVG9\avgrsx.exe
    1856 C:\WINDOWS\system32\bcmwltry.exe
    1928 C:\WINDOWS\system32\spoolsv.exe
    1996 C:\Program Files\AVG\AVG9\avgcsrvx.exe
    572 svchost.exe
    608 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    628 C:\Program Files\AVG\AVG9\avgwdsvc.exe
    704 C:\Program Files\Bonjour\mDNSResponder.exe
    836 C:\WINDOWS\system32\CTSVCCDA.EXE
    1384 C:\Program Files\Java\jre6\bin\jqs.exe
    1508 C:\WINDOWS\system32\nvsvc32.exe
    1396 C:\Program Files\AVG\AVG9\avgnsx.exe
    416 C:\WINDOWS\system32\svchost.exe
    2196 C:\WINDOWS\explorer.exe
    2612 C:\WINDOWS\system32\wltray.exe
    2664 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    2688 C:\PROGRA~1\AVG\AVG9\avgtray.exe
    2756 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    2780 C:\WINDOWS\system32\ctfmon.exe
    432 C:\WINDOWS\system32\wscntfy.exe
    2932 C:\WINDOWS\system32\svchost.exe
    2236 C:\Documents and Settings\Neil thrun\Desktop\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

    PhysicalDrive0 Model Number: ST3160023AS, Rev: 8.12

    Size Device Name MBR Status
    --------------------------------------------
    149 GB \\.\PhysicalDrive0 Windows XP MBR code detected
    SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


    Done!
     
  6. neilthrun

    neilthrun TS Rookie Topic Starter

    ComboFix 10-10-01.01 - Neil thrun 10/01/2010 22:52:00.1.2 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1602 [GMT -5:00]
    Running from: c:\documents and settings\Neil thrun\Desktop\ComboFix.exe
    AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\desktop
    c:\windows\desktop\How to Draw the Marvel Way.lnk
    c:\windows\system32\Thumbs.db

    Infected copy of c:\windows\system32\drivers\tcpip.sys was found and disinfected
    Restored copy from - Kitty had a snack :p
    .
    ((((((((((((((((((((((((( Files Created from 2010-09-02 to 2010-10-02 )))))))))))))))))))))))))))))))
    .

    2010-10-02 00:14 . 2010-10-02 00:14 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
    2010-10-01 22:43 . 2010-10-01 22:43 552 ----a-w- c:\windows\system32\d3d8caps.dat
    2010-10-01 21:15 . 2010-10-01 21:15 -------- d-----w- c:\program files\CCleaner
    2010-10-01 19:57 . 2010-10-01 21:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2010-10-01 19:57 . 2010-10-01 20:01 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2010-10-01 19:31 . 2010-10-01 19:31 63488 ----a-w- c:\documents and settings\Neil thrun\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
    2010-10-01 19:31 . 2010-10-01 19:31 52224 ----a-w- c:\documents and settings\Neil thrun\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
    2010-10-01 19:31 . 2010-10-01 19:31 117760 ----a-w- c:\documents and settings\Neil thrun\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
    2010-10-01 19:31 . 2010-10-01 19:31 -------- d-----w- c:\documents and settings\Neil thrun\Application Data\SUPERAntiSpyware.com
    2010-10-01 19:31 . 2010-10-01 19:31 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
    2010-10-01 19:31 . 2010-10-01 19:31 -------- d-----w- c:\program files\SUPERAntiSpyware
    2010-10-01 19:24 . 2010-10-01 19:24 -------- d-----w- c:\documents and settings\Neil thrun\Application Data\Malwarebytes
    2010-10-01 19:24 . 2010-10-01 19:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-10-01 19:24 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-10-01 19:24 . 2010-10-01 19:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-10-01 19:24 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-10-01 19:08 . 2010-10-01 19:53 -------- d-----w- c:\windows\system32\MpEngineStore
    2010-10-01 19:07 . 2010-10-01 19:09 -------- d-----w- C:\54b37bc515ef938b8aecdf1406
    2010-10-01 19:01 . 2010-10-01 19:01 -------- d-----w- c:\windows\system32\wbem\Repository
    2010-10-01 19:01 . 2010-10-01 19:01 -------- d-----w- c:\program files\NOS
    2010-10-01 19:01 . 2010-10-01 19:01 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
    2010-10-01 19:00 . 2010-10-01 19:00 -------- d-----w- c:\documents and settings\Administrator\IETldCache
    2010-10-01 19:00 . 2010-10-01 19:01 -------- d-s---w- c:\documents and settings\Administrator
    2010-10-01 19:00 . 2010-10-01 19:01 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Microsoft
    2010-10-01 01:49 . 2010-10-01 01:49 56 ---ha-w- c:\windows\system32\ezsidmv.dat
    2010-10-01 01:49 . 2010-10-01 01:49 -------- d-----w- c:\documents and settings\Neil thrun\Application Data\skypePM
    2010-10-01 01:48 . 2010-10-01 01:48 -------- d-----w- c:\program files\Common Files\Skype
    2010-10-01 01:48 . 2010-10-01 01:48 -------- d-----r- c:\program files\Skype
    2010-10-01 01:48 . 2010-10-01 20:28 -------- d-----w- c:\documents and settings\Neil thrun\Application Data\Skype
    2010-10-01 01:48 . 2010-10-01 01:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
    2010-10-01 01:45 . 2010-10-01 01:45 -------- d-----w- C:\lib
    2010-10-01 01:45 . 2009-12-17 06:47 47 ----a-w- C:\Launch MapTool-1G-Memory.bat
    2010-10-01 01:45 . 2009-12-17 06:47 46 ----a-w- C:\Launch MapTool.bat
    2010-10-01 01:45 . 2009-12-17 06:47 46 ----a-w- C:\Launch MapTool-512M-Memory.bat
    2010-10-01 01:45 . 2009-12-17 06:47 323584 ----a-w- C:\MapToolLauncher.exe
    2010-10-01 00:52 . 2010-10-01 00:52 -------- d-----w- c:\program files\Common Files\Adobe AIR
    2010-10-01 00:51 . 2010-10-01 00:51 12575488 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\AdobeAIRInstaller.exe
    2010-10-01 00:51 . 2010-10-01 00:51 77184 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
    2010-09-30 08:11 . 2008-04-14 11:42 221184 ----a-w- c:\windows\system32\wmpns.dll
    2010-09-30 05:47 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
    2010-09-30 05:46 . 2010-06-24 12:21 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
    2010-09-30 05:45 . 2010-06-18 13:36 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
    2010-09-30 01:14 . 2010-09-30 01:14 -------- d-----w- c:\program files\Yahoo!
    2010-09-30 00:56 . 2010-09-30 00:56 -------- d-sh--w- c:\documents and settings\Neil thrun\IECompatCache
    2010-09-30 00:37 . 2009-11-25 19:01 1230080 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
    2010-09-23 20:42 . 2010-09-23 20:42 -------- d-----w- c:\windows\system32\unknown
    2010-09-05 07:17 . 2010-09-05 07:17 -------- d-----w- c:\documents and settings\Neil thrun\Application Data\Philipp Winterberg
    2010-09-05 07:17 . 2010-09-05 07:17 -------- d-----w- c:\program files\Free RAR Extract Frog

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-10-02 03:49 . 2010-02-27 20:28 384 ----a-w- c:\windows\system32\DVCStateBkp-{00000005-00000000-00000003-00001102-00000004-20061102}.dat
    2010-10-02 03:49 . 2010-02-27 20:28 384 ----a-w- c:\windows\system32\DVCState-{00000005-00000000-00000003-00001102-00000004-20061102}.dat
    2010-10-02 03:25 . 2010-08-22 20:24 -------- d-----w- c:\program files\Warcraft III
    2010-10-02 02:06 . 2010-03-04 06:50 0 ----a-w- c:\documents and settings\Neil thrun\Local Settings\Application Data\prvlcl.dat
    2010-10-02 00:55 . 2010-02-20 20:58 1324 ----a-w- c:\windows\system32\d3d9caps.dat
    2010-10-02 00:13 . 2010-08-30 15:44 99451 ----a-w- c:\windows\War3Unin.dat
    2010-10-01 19:38 . 2010-02-20 20:49 -------- d-----w- c:\documents and settings\Neil thrun\Application Data\U3
    2010-10-01 00:54 . 2010-02-24 06:01 -------- d-----w- c:\program files\Common Files\Adobe
    2010-09-30 00:37 . 2010-02-28 00:56 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
    2010-09-25 03:39 . 2010-06-16 23:46 -------- d-----w- c:\program files\dominions3
    2010-08-30 15:52 . 2010-08-30 15:44 2829 ----a-w- c:\windows\War3Unin.pif
    2010-08-30 15:52 . 2010-08-30 15:44 139264 ----a-w- c:\windows\War3Unin.exe
    2010-08-22 20:29 . 2010-06-16 07:48 848 --sha-w- c:\windows\system32\KGyGaAvL.sys
    2010-08-21 04:33 . 2010-02-27 20:14 -------- d--h--w- c:\program files\InstallShield Installation Information
    2010-08-20 00:40 . 2010-08-20 00:40 -------- d-----w- c:\program files\Black Isle
    2010-08-17 13:17 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
    2010-08-05 16:06 . 2010-08-05 16:06 -------- d-----w- c:\program files\Sierra On-Line
    2010-07-22 15:49 . 2004-08-04 12:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
    2010-07-22 05:57 . 2010-02-27 19:48 5120 ----a-w- c:\windows\system32\xpsp4res.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

    [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
    2010-04-19 15:25 2117704 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

    [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

    [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-09-28 2424560]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "wltray.exe"="c:\windows\system32\wltray.exe" [2005-06-08 778318]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
    "AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-02-28 2033432]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]

    c:\documents and settings\Neil thrun\Start Menu\Programs\Startup\
    PdaNet Desktop.lnk.disabled [2010-7-17 692]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
    2010-02-28 00:57 12464 ----a-w- c:\windows\system32\avgrsstx.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized
    "ooVoo.exe"=c:\program files\ooVoo\oovoo.exe /minimized
    "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" -autorun
    "ctfmon.exe"=c:\windows\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
    "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe"
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    "CTDVDDET"="c:\program files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
    "CTHelper"=CTHELPER.EXE
    "CTSysVol"=c:\program files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
    "NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    "NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    "nwiz"=nwiz.exe /install
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
    "UpdReg"=c:\windows\UpdReg.EXE

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\ooVoo\\ooVoo.exe"=
    "c:\\WINDOWS\\system32\\javaw.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
    "c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
    "c:\\Program Files\\Diablo II\\Diablo II.exe"=
    "c:\\Program Files\\dominions3\\dom3.exe"=
    "c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
    "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "443:UDP"= 443:UDP:eek:oVoo UDP port 443
    "37674:TCP"= 37674:TCP:eek:oVoo TCP port 37674
    "37674:UDP"= 37674:UDP:eek:oVoo UDP port 37674
    "37675:UDP"= 37675:UDP:eek:oVoo UDP port 37675

    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2/27/2010 7:57 PM 333192]
    R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2/27/2010 7:57 PM 360584]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]
    R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2/27/2010 7:56 PM 285392]
    R3 pnetmdm;PdaNet Modem;c:\windows\system32\drivers\pnetmdm.sys [7/17/2010 11:33 PM 9472]
    S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/4/2004 7:00 AM 14336]
    S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [5/19/2010 7:57 PM 691696]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
    .
    Contents of the 'Scheduled Tasks' folder

    2010-09-30 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]
    .
    .
    ------- Supplementary Scan -------
    .
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    FF - ProfilePath - c:\documents and settings\Neil thrun\Application Data\Mozilla\Firefox\Profiles\aixldo05.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
    FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
    FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
    FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
    FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
    FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
    FF - plugin: c:\program files\NOS\bin\np_gp.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-10-01 22:56
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(892)
    c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    c:\windows\system32\WININET.dll
    .
    Completion time: 2010-10-01 22:57:59
    ComboFix-quarantined-files.txt 2010-10-02 03:57

    Pre-Run: 94,147,186,688 bytes free
    Post-Run: 94,130,012,160 bytes free

    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

    - - End Of File - - 2B7DA251D8EB4503039B25C06441073E
     
  7. neilthrun

    neilthrun TS Rookie Topic Starter

    Alright I ran both, there are the logs. Combofix didn't run the first time, I tried again, it had an error and it restarted my comp, and ran its stuff during the restart. It said it detected rootkit activity (although I bet thats in the report somewhere).
    I turned off AVGs resident shield, but couldn't figure out how to turn it all off. Regardless, it wasn't running durring any of the scans as combo fix loaded before anything else.
     
  8. neilthrun

    neilthrun TS Rookie Topic Starter

    It seems google is no longer redirecting and my windows firewall is active again. The computer is running at its usual speed.
     
  9. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Combofix log looks good now.

    How is Windows firewall issue?

    Download OTL to your Desktop.

    * Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    * Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop



    * Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  10. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    I didn't see this, when I posted:
    Good news :)
     
  11. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Are you still out there?
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...