Please help remove a virus

Solved
By arvnranger
Apr 2, 2012
  1. I've downloaded and printed out the 5-step guide. I've downloaded the trial version of Malwarebytes but this has crashed out of the quick scan after about 1 hr 10 mins. I've downloaded GMER per the instructions but when I attempt to run the <randomname>.exe file my machine reboots. Kinda stuck here :-(
  2. Broni

    Broni Malware Annihilator Posts: 46,425   +252

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ==================================================================

    What about DDS?
  3. arvnranger

    arvnranger Newcomer, in training Topic Starter Posts: 28

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702
    Run by ivan at 16:51:16 on 2012-04-03
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1553 [GMT 12:00]
    .
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\WINDOWS\system32\FsUsbExService.Exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\system32\ctfmon.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.co.nz/
    mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\win32me.exe
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [AutoStartNPSAgent] c:\program files\samsung\samsung new pc studio\NPSAgent.exe
    uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
    mRun: [Smapp] c:\program files\analog devices\soundmax\SMTray.exe
    mRun: [SetRefresh] c:\program files\compaq\setrefresh\SetRefresh.exe
    mRun: [igfxtray] c:\windows\system32\igfxtray.exe
    mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
    mRun: [igfxpers] c:\windows\system32\igfxpers.exe
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    LSP: mswsock.dll
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
    DPF: {33415AC7-AFFA-4D55-B41C-C64C0D07DFCA} - hxxp://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISWebManager.CAB
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1190169885609
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1190169815312
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2_03-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: Interfaces\{1B69E7A3-4BFA-42B1-923A-5B2BFB7E218E} : NameServer = 10.0.2.93,210.48.66.2,210.48.65.2
    TCP: Interfaces\{CCFBDEE0-6D1B-45C8-AA11-085E4BC40A5D} : NameServer = 210.55.24.8
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
    Notify: igfxcui - igfxdev.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-23 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-13 67664]
    R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-12 116608]
    R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2011-2-28 239528]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-10-7 652360]
    R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2011-2-28 36608]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-10-7 20464]
    R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2009-10-20 27632]
    S2 avfilter;Pcx1unic;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
    S2 axinstsv;Streamloadservice;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
    S2 ccevtmgr;QPCapSvc;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
    S3 genmcmnUSB;USB Scroll Mouse Driver;c:\windows\system32\drivers\gflmouhid.sys [2004-4-19 6656]
    S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2010-7-15 13224]
    S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-4-3 40776]
    S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [2009-10-20 86824]
    S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [2009-10-20 15016]
    S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [2009-10-20 114728]
    S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [2009-10-20 106208]
    S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [2009-10-20 26024]
    S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [2009-10-20 104744]
    S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [2009-10-20 109864]
    .
    =============== Created Last 30 ================
    .
    2012-04-03 02:19:22 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2012-04-02 09:23:03 99328 ----a-w- c:\windows\system32\BO0iKkW.com
    2012-04-02 00:23:02 99328 ----a-w- c:\windows\system32\BO0iKkW.com_
    2012-03-28 20:59:11 -------- d-----w- c:\documents and settings\ivan\application data\SUPERAntiSpyware.com
    2012-03-28 20:58:46 -------- d-----w- c:\program files\SUPERAntiSpyware
    2012-03-28 20:58:46 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
    2012-03-28 05:00:53 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
    .
    ==================== Find3M ====================
    .
    2012-02-21 00:00:52 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys
    2012-01-11 19:06:47 3072 ------w- c:\windows\system32\iacenc.dll
    2012-01-09 16:20:25 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    .
    ============= FINISH: 16:52:17.78 ===============
  4. Broni

    Broni Malware Annihilator Posts: 46,425   +252

    I still need Attach.txt part of DDS.
  5. arvnranger

    arvnranger Newcomer, in training Topic Starter Posts: 28

    Sorry - misread the instructions. I'm meant to zip the attach.txt file?

    Attached Files:

  6. arvnranger

    arvnranger Newcomer, in training Topic Starter Posts: 28

    Managed to run the Malwarebytes quick scan with the machine disconnected from the internet (posting from a different machine):

    Malwarebytes Anti-Malware (Trial) 1.60.1.1000
    www.malwarebytes.org

    Database version: v2012.04.03.03

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    ivan :: IVAN2_PC [administrator]

    Protection: Disabled

    3/04/2012 5:54:28 p.m.
    mbam-log-2012-04-03 (17-54-28).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 289746
    Time elapsed: 20 minute(s), 6 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
  7. Broni

    Broni Malware Annihilator Posts: 46,425   +252

    Please observe forum rules.
    All logs have to be pasted not attached.

    [​IMG]
  8. arvnranger

    arvnranger Newcomer, in training Topic Starter Posts: 28

    My apologies - I was following the preamble to the attach file. Separated by a common language, eh? ;-)
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 11/01/2006 7:51:58 a.m.
    System Uptime: 3/04/2012 5:48:16 p.m. (-1 hours ago)
    .
    Motherboard: Hewlett-Packard | | 0968h
    Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | XU1 PROCESSOR | 2992/800mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 37 GiB total, 11.052 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}
    Description: PS/2 Compatible Mouse
    Device ID: ACPI\PNP0F13\4&1117367&0
    Manufacturer: Microsoft
    Name: PS/2 Compatible Mouse
    PNP Device ID: ACPI\PNP0F13\4&1117367&0
    Service: i8042prt
    .
    Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
    Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
    Device ID: ACPI\PNP0303\4&1117367&0
    Manufacturer: (Standard keyboards)
    Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
    PNP Device ID: ACPI\PNP0303\4&1117367&0
    Service: i8042prt
    .
    ==== System Restore Points ===================
    .
    RP853: 16/01/2012 1:27:10 p.m. - System Checkpoint
    RP854: 17/01/2012 3:00:26 a.m. - Software Distribution Service 3.0
    RP855: 18/01/2012 8:18:10 a.m. - Software Distribution Service 3.0
    RP856: 19/01/2012 12:23:06 p.m. - System Checkpoint
    RP857: 23/01/2012 9:46:53 a.m. - Installed AVG 2012
    RP858: 23/01/2012 9:47:05 a.m. - Removed AVG 2011
    RP859: 23/01/2012 9:47:36 a.m. - Installed AVG 2012
    RP860: 23/01/2012 9:51:21 a.m. - Removed AVG 2011
    RP861: 24/01/2012 10:48:07 a.m. - System Checkpoint
    RP862: 25/01/2012 12:21:33 p.m. - System Checkpoint
    RP863: 26/01/2012 2:32:21 p.m. - System Checkpoint
    RP864: 1/02/2012 12:38:53 p.m. - System Checkpoint
    RP865: 2/02/2012 4:04:04 p.m. - System Checkpoint
    RP866: 7/02/2012 2:56:52 p.m. - System Checkpoint
    RP867: 9/02/2012 10:40:52 a.m. - System Checkpoint
    RP868: 9/02/2012 12:02:18 p.m. - Removed Samsung New PC Studio
    RP869: 9/02/2012 12:17:03 p.m. - Installed Samsung New PC Studio
    RP870: 13/02/2012 7:26:20 p.m. - System Checkpoint
    RP871: 14/02/2012 7:55:56 p.m. - System Checkpoint
    RP872: 16/02/2012 12:15:37 p.m. - System Checkpoint
    RP873: 20/02/2012 9:04:13 a.m. - System Checkpoint
    RP874: 21/02/2012 8:38:32 a.m. - Software Distribution Service 3.0
    RP875: 23/02/2012 12:40:14 p.m. - System Checkpoint
    RP876: 27/02/2012 12:21:39 p.m. - System Checkpoint
    RP877: 28/02/2012 2:58:08 p.m. - System Checkpoint
    RP878: 1/03/2012 10:23:28 a.m. - System Checkpoint
    RP879: 5/03/2012 12:23:53 p.m. - System Checkpoint
    RP880: 6/03/2012 12:56:29 p.m. - System Checkpoint
    RP881: 7/03/2012 1:00:39 p.m. - System Checkpoint
    RP882: 8/03/2012 8:44:25 a.m. - Software Distribution Service 3.0
    RP883: 12/03/2012 9:49:44 a.m. - System Checkpoint
    RP884: 13/03/2012 10:58:27 a.m. - System Checkpoint
    RP885: 14/03/2012 12:17:58 p.m. - System Checkpoint
    RP886: 15/03/2012 8:35:16 a.m. - Software Distribution Service 3.0
    RP887: 20/03/2012 12:40:10 p.m. - System Checkpoint
    RP888: 21/03/2012 5:30:20 p.m. - System Checkpoint
    RP889: 26/03/2012 4:56:26 p.m. - System Checkpoint
    RP890: 27/03/2012 6:59:55 p.m. - System Checkpoint
    RP891: 29/03/2012 12:49:29 p.m. - System Checkpoint
    RP892: 2/04/2012 12:47:27 p.m. - Removed AVG 2012
    RP893: 2/04/2012 12:50:03 p.m. - Removed AVG 2012
    RP894: 3/04/2012 4:57:09 p.m. - System Checkpoint
    .
    ==== Installed Programs ======================
    .
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Reader X (10.1.2)
    ArcSoft PhotoStudio 5.5
    Broadcom Management Programs
    Canon CanoScan Toolbox 5.0
    CanoScan LiDE 70
    CCleaner
    Compatibility Pack for the 2007 Office system
    CutePDF Writer 2.5
    DeskBank
    DivX Setup
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB2570791)
    Hotfix for Windows XP (KB2633952)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    HP Color LaserJet 3800
    HP Help and Support
    HP LaserJet P3005
    HP LaserJet P3005 Install Notes
    HP LaserJet P3005 User Guide
    Intel(R) Graphics Media Accelerator Driver
    Japanese Fonts Support For Adobe Reader 8
    Java 2 Runtime Environment, SE v1.4.2_03
    Java Auto Updater
    Java(TM) 6 Update 20
    Malwarebytes Anti-Malware version 1.60.1.1000
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2656353)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
    Microsoft National Language Support Downlevel APIs
    Microsoft Office File Validation Add-In
    Microsoft Office Professional Edition 2003
    Microsoft Reader
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Mp3tag v2.48
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MusicBrainz Picard
    MYOB ODBC Direct v8 NZ
    MYOB Premier v12
    Nero 7 Ultra Edition
    neroxml
    OGA Notifier 2.0.0048.0
    Ogg Codecs 0.81.15562
    PDF OCR 3.0
    Presto! PageManager 7.15.13
    Samsung New PC Studio
    SAMSUNG USB Driver for Mobile Phones
    ScanSoft OmniPage SE 4.0
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Windows Internet Explorer 7 (KB937143)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB2482017)
    Security Update for Windows Internet Explorer 8 (KB2497640)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2530548)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2559049)
    Security Update for Windows Internet Explorer 8 (KB2586448)
    Security Update for Windows Internet Explorer 8 (KB2618444)
    Security Update for Windows Internet Explorer 8 (KB2647516)
    Security Update for Windows Internet Explorer 8 (KB969897)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB972260)
    Security Update for Windows Internet Explorer 8 (KB974455)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player (KB979402)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows Media Player 9 (KB936782)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544893-v2)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2555917)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567053)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2584146)
    Security Update for Windows XP (KB2585542)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB2598479)
    Security Update for Windows XP (KB2603381)
    Security Update for Windows XP (KB2618451)
    Security Update for Windows XP (KB2619339)
    Security Update for Windows XP (KB2620712)
    Security Update for Windows XP (KB2621440)
    Security Update for Windows XP (KB2624667)
    Security Update for Windows XP (KB2631813)
    Security Update for Windows XP (KB2633171)
    Security Update for Windows XP (KB2639417)
    Security Update for Windows XP (KB2641653)
    Security Update for Windows XP (KB2646524)
    Security Update for Windows XP (KB2647518)
    Security Update for Windows XP (KB2660465)
    Security Update for Windows XP (KB2661637)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Software Setup
    SoundMAX
    SUPERAntiSpyware
    Update for Windows Internet Explorer 8 (KB971180)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB976749)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB2607712)
    Update for Windows XP (KB2616676)
    Update for Windows XP (KB2641690)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    VC80CRTRedist - 8.0.50727.4053
    WebFldrs XP
    Winamp
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Media Format 11 runtime
    Windows XP Service Pack 3
    WinRAR archiver
    WinZip 15.0
    .
    ==== Event Viewer Messages From Past Week ========
    .
    30/03/2012 11:42:01 a.m., error: Service Control Manager [7023] - The X10UIF service terminated with the following error: The specified module could not be found.
    30/03/2012 11:42:01 a.m., error: Service Control Manager [7023] - The W550mdfl service terminated with the following error: The specified module could not be found.
    30/03/2012 11:42:01 a.m., error: Service Control Manager [7023] - The VNUSB service terminated with the following error: The specified module could not be found.
    30/03/2012 11:42:01 a.m., error: Service Control Manager [7023] - The Streamloadservice service terminated with the following error: The specified module could not be found.
    30/03/2012 11:42:01 a.m., error: Service Control Manager [7023] - The Savrtpel service terminated with the following error: The specified module could not be found.
    30/03/2012 11:42:01 a.m., error: Service Control Manager [7023] - The Portio service terminated with the following error: The specified module could not be found.
    30/03/2012 11:42:01 a.m., error: Service Control Manager [7023] - The Oracleorahome90agent service terminated with the following error: The specified module could not be found.
    30/03/2012 11:42:01 a.m., error: Service Control Manager [7023] - The Mpfirewl service terminated with the following error: The specified module could not be found.
    30/03/2012 11:42:01 a.m., error: Service Control Manager [7023] - The LPCFilter service terminated with the following error: The specified module could not be found.
    30/03/2012 11:42:01 a.m., error: Service Control Manager [7023] - The Issimon service terminated with the following error: The specified module could not be found.
    30/03/2012 11:42:01 a.m., error: Service Control Manager [7023] - The Iomegaaccess service terminated with the following error: The specified module could not be found.
    30/03/2012 11:42:01 a.m., error: Service Control Manager [7023] - The Intcazaudaddservice service terminated with the following error: The specified module could not be found.
    30/03/2012 11:42:01 a.m., error: Service Control Manager [7023] - The Ha20x2k service terminated with the following error: The specified module could not be found.
    30/03/2012 11:42:01 a.m., error: Service Control Manager [7023] - The Fontcache3.0.0.0 service terminated with the following error: The specified module could not be found.
    3/04/2012 5:13:39 p.m., error: System Error [1003] - Error code 00000019, parameter1 00000020, parameter2 89da56d0, parameter3 89da5ef8, parameter4 1b05000e.
    3/04/2012 4:35:23 p.m., error: System Error [1003] - Error code 00000019, parameter1 00000020, parameter2 89e9d000, parameter3 89e9d828, parameter4 1b050000.
    3/04/2012 4:33:26 p.m., error: System Error [1003] - Error code 00000019, parameter1 00000020, parameter2 885fa000, parameter3 885fa828, parameter4 1b050000.
    3/04/2012 4:32:38 p.m., error: NETLOGON [5719] - No Domain Controller is available for domain PCRENTALSAUCKLA due to the following: There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
    3/04/2012 10:24:58 a.m., error: Service Control Manager [7023] - The Yediex service terminated with the following error: The specified module could not be found.
    3/04/2012 10:24:58 a.m., error: Service Control Manager [7023] - The WmXlCore service terminated with the following error: The specified module could not be found.
    3/04/2012 10:24:58 a.m., error: Service Control Manager [7023] - The Vrfwsvc service terminated with the following error: The specified module could not be found.
    3/04/2012 10:24:58 a.m., error: Service Control Manager [7023] - The SWUMX51 service terminated with the following error: The specified module could not be found.
    3/04/2012 10:24:58 a.m., error: Service Control Manager [7023] - The STV680m service terminated with the following error: The specified module could not be found.
    3/04/2012 10:24:58 a.m., error: Service Control Manager [7023] - The SE2Cbus service terminated with the following error: The specified module could not be found.
    3/04/2012 10:24:58 a.m., error: Service Control Manager [7023] - The Pcx1unic service terminated with the following error: The specified module could not be found.
    3/04/2012 10:24:58 a.m., error: Service Control Manager [7023] - The Ntsvcmgr service terminated with the following error: The specified module could not be found.
    3/04/2012 10:24:58 a.m., error: Service Control Manager [7023] - The Nnsvc service terminated with the following error: The specified module could not be found.
    3/04/2012 10:24:58 a.m., error: Service Control Manager [7023] - The Ltmodem5 service terminated with the following error: The specified module could not be found.
    3/04/2012 10:24:58 a.m., error: Service Control Manager [7023] - The LRMINIPORT service terminated with the following error: The specified module could not be found.
    3/04/2012 10:24:58 a.m., error: Service Control Manager [7023] - The Ireike service terminated with the following error: The specified module could not be found.
    3/04/2012 10:24:58 a.m., error: Service Control Manager [7023] - The Ipssvc service terminated with the following error: The specified module could not be found.
    3/04/2012 10:24:58 a.m., error: Service Control Manager [7023] - The Iksysflt service terminated with the following error: The specified module could not be found.
    3/04/2012 10:24:58 a.m., error: Service Control Manager [7023] - The Idsvc service terminated with the following error: The specified module could not be found.
    3/04/2012 10:24:58 a.m., error: Service Control Manager [7023] - The Camdrl service terminated with the following error: The specified module could not be found.
    3/04/2012 10:24:58 a.m., error: Service Control Manager [7023] - The Bgs_sdservice service terminated with the following error: The specified module could not be found.
    3/04/2012 10:24:58 a.m., error: Service Control Manager [7023] - The BCMModem service terminated with the following error: The specified module could not be found.
    3/04/2012 10:24:58 a.m., error: Service Control Manager [7023] - The Avfilter service terminated with the following error: The specified module could not be found.
    3/04/2012 10:24:58 a.m., error: Service Control Manager [7023] - The Alim1541 service terminated with the following error: The specified module could not be found.
    3/04/2012 10:24:58 a.m., error: Service Control Manager [7023] - The {95808DC4-FA4A-4c74-92FE-5B863F82066B} service terminated with the following error: The specified module could not be found.
    29/03/2012 9:36:33 a.m., error: Service Control Manager [7023] - The Sbcssvc service terminated with the following error: Access is denied.
    29/03/2012 9:35:33 a.m., error: Service Control Manager [7023] - The Naiavfilter1 service terminated with the following error: Access is denied.
    29/03/2012 9:22:02 a.m., error: Service Control Manager [7023] - The QPCapSvc service terminated with the following error: Access is denied.
    29/03/2012 9:21:02 a.m., error: Service Control Manager [7023] - The Tosporte service terminated with the following error: Access is denied.
    29/03/2012 9:07:28 a.m., error: Service Control Manager [7023] - The Wsearch service terminated with the following error: Access is denied.
    29/03/2012 8:52:27 a.m., error: Service Control Manager [7023] - The Dbmanagerscheduler service terminated with the following error: Access is denied.
    29/03/2012 8:37:40 a.m., error: Service Control Manager [7023] - The KMW_USB service terminated with the following error: Access is denied.
    29/03/2012 5:05:51 p.m., error: Service Control Manager [7023] - The Pcx1unic service terminated with the following error: Access is denied.
    29/03/2012 4:50:51 p.m., error: Service Control Manager [7023] - The Alim1541 service terminated with the following error: Access is denied.
    29/03/2012 4:35:51 p.m., error: Service Control Manager [7023] - The Nnsvc service terminated with the following error: Access is denied.
    29/03/2012 4:23:00 p.m., error: Schedule [7901] - The At34.job command failed to start due to the following error: %%2147942402
    29/03/2012 4:20:51 p.m., error: Service Control Manager [7023] - The Idsvc service terminated with the following error: Access is denied.
    29/03/2012 4:05:51 p.m., error: Service Control Manager [7023] - The Ltmodem5 service terminated with the following error: Access is denied.
    29/03/2012 3:50:50 p.m., error: Service Control Manager [7023] - The WmXlCore service terminated with the following error: Access is denied.
    29/03/2012 3:35:50 p.m., error: Service Control Manager [7023] - The LRMINIPORT service terminated with the following error: Access is denied.
    29/03/2012 3:23:00 p.m., error: Schedule [7901] - The At32.job command failed to start due to the following error: %%2147942402
    29/03/2012 3:20:50 p.m., error: Service Control Manager [7023] - The Camdrl service terminated with the following error: Access is denied.
    29/03/2012 3:05:50 p.m., error: Service Control Manager [7023] - The Avfilter service terminated with the following error: Access is denied.
    29/03/2012 2:50:49 p.m., error: Service Control Manager [7023] - The Ntsvcmgr service terminated with the following error: Access is denied.
    29/03/2012 2:35:51 p.m., error: Service Control Manager [7023] - The Vrfwsvc service terminated with the following error: Access is denied.
    29/03/2012 2:23:00 p.m., error: Schedule [7901] - The At30.job command failed to start due to the following error: %%2147942402
    29/03/2012 2:20:51 p.m., error: Service Control Manager [7023] - The SE2Cbus service terminated with the following error: Access is denied.
    29/03/2012 2:05:48 p.m., error: Service Control Manager [7023] - The Ireike service terminated with the following error: Access is denied.
    29/03/2012 12:50:47 p.m., error: Service Control Manager [7023] - The Bgs_sdservice service terminated with the following error: Access is denied.
    29/03/2012 12:35:47 p.m., error: Service Control Manager [7023] - The Ipssvc service terminated with the following error: Access is denied.
    29/03/2012 12:23:00 p.m., error: Schedule [7901] - The At25.job command failed to start due to the following error: %%2147942402
    29/03/2012 12:20:47 p.m., error: Service Control Manager [7023] - The SWUMX51 service terminated with the following error: Access is denied.
    29/03/2012 12:05:47 p.m., error: Service Control Manager [7023] - The Yediex service terminated with the following error: Access is denied.
    29/03/2012 11:50:47 a.m., error: Service Control Manager [7023] - The Iomegaaccess service terminated with the following error: Access is denied.
    29/03/2012 11:44:48 a.m., error: Service Control Manager [7023] - The Ha20x2k service terminated with the following error: Access is denied.
    29/03/2012 11:35:50 a.m., error: Service Control Manager [7023] - The VNUSB service terminated with the following error: Access is denied.
    29/03/2012 11:25:33 a.m., error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
    29/03/2012 11:20:48 a.m., error: Service Control Manager [7023] - The Issimon service terminated with the following error: Access is denied.
    29/03/2012 11:05:44 a.m., error: Service Control Manager [7023] - The Streamloadservice service terminated with the following error: Access is denied.
    29/03/2012 11:04:49 a.m., error: Service Control Manager [7023] - The Portio service terminated with the following error: Access is denied.
    29/03/2012 10:50:47 a.m., error: Service Control Manager [7023] - The Intcazaudaddservice service terminated with the following error: Access is denied.
    29/03/2012 10:35:43 a.m., error: Service Control Manager [7023] - The Mpfirewl service terminated with the following error: Access is denied.
    29/03/2012 10:20:41 a.m., error: Service Control Manager [7023] - The Savrtpel service terminated with the following error: Access is denied.
    29/03/2012 10:19:40 a.m., error: Service Control Manager [7023] - The X10UIF service terminated with the following error: Access is denied.
    29/03/2012 10:13:14 a.m., error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt
    29/03/2012 10:13:14 a.m., error: Service Control Manager [7023] - The Wsearch service terminated with the following error: The specified module could not be found.
    29/03/2012 10:13:14 a.m., error: Service Control Manager [7023] - The W550mdfl service terminated with the following error: Access is denied.
    29/03/2012 10:13:14 a.m., error: Service Control Manager [7023] - The Vmparport service terminated with the following error: The specified module could not be found.
    29/03/2012 10:13:14 a.m., error: Service Control Manager [7023] - The Uphclean service terminated with the following error: The specified module could not be found.
    29/03/2012 10:13:14 a.m., error: Service Control Manager [7023] - The Tosporte service terminated with the following error: The specified module could not be found.
    29/03/2012 10:13:14 a.m., error: Service Control Manager [7023] - The Sbcssvc service terminated with the following error: The specified module could not be found.
    29/03/2012 10:13:14 a.m., error: Service Control Manager [7023] - The QPCapSvc service terminated with the following error: The specified module could not be found.
    29/03/2012 10:13:14 a.m., error: Service Control Manager [7023] - The Oracleorahome90agent service terminated with the following error: Access is denied.
    29/03/2012 10:13:14 a.m., error: Service Control Manager [7023] - The Naiavfilter1 service terminated with the following error: The specified module could not be found.
    29/03/2012 10:13:14 a.m., error: Service Control Manager [7023] - The LPCFilter service terminated with the following error: Access is denied.
    29/03/2012 10:13:14 a.m., error: Service Control Manager [7023] - The KMW_USB service terminated with the following error: The specified module could not be found.
    29/03/2012 10:13:14 a.m., error: Service Control Manager [7023] - The Help and Support service terminated with the following error: The specified module could not be found.
    29/03/2012 10:13:14 a.m., error: Service Control Manager [7023] - The Fontcache3.0.0.0 service terminated with the following error: Access is denied.
    29/03/2012 10:13:14 a.m., error: Service Control Manager [7023] - The Dbmanagerscheduler service terminated with the following error: The specified module could not be found.
    29/03/2012 1:50:49 p.m., error: Service Control Manager [7023] - The STV680m service terminated with the following error: Access is denied.
    29/03/2012 1:35:48 p.m., error: Service Control Manager [7023] - The BCMModem service terminated with the following error: Access is denied.
    29/03/2012 1:23:00 p.m., error: Schedule [7901] - The At27.job command failed to start due to the following error: %%2147942402
    29/03/2012 1:20:48 p.m., error: Service Control Manager [7023] - The {95808DC4-FA4A-4c74-92FE-5B863F82066B} service terminated with the following error: Access is denied.
    29/03/2012 1:05:47 p.m., error: Service Control Manager [7023] - The Iksysflt service terminated with the following error: Access is denied.
    28/03/2012 8:53:26 a.m., error: NETLOGON [5719] - No Domain Controller is available for domain PCRENTALSAUCKLA due to the following: The RPC server is unavailable. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
    28/03/2012 6:23:54 p.m., error: Service Control Manager [7023] - The Uphclean service terminated with the following error: Access is denied.
    28/03/2012 6:00:55 p.m., error: Service Control Manager [7023] - The Vmparport service terminated with the following error: Access is denied.
    27/03/2012 10:01:07 a.m., error: Print [6161] - The document Seagate Crystal Reports ActiveX owned by ivan failed to print on printer HP LJ P3005n. Data type: NT EMF 1.008. Size of the spool file in bytes: 393216. Number of bytes printed: 0. Total number of pages in the document: 3. Number of pages printed: 0. Client machine: \\IVAN2_PC. Win32 error code returned by the print processor: 259 (0x103).
    2/04/2012 12:23:00 p.m., error: Schedule [7901] - The At24.job command failed to start due to the following error: %%2147942402
    2/04/2012 11:23:00 a.m., error: Schedule [7901] - The At22.job command failed to start due to the following error: %%2147942402
    2/04/2012 10:27:10 a.m., error: Schedule [7901] - The At20.job command failed to start due to the following error: %%2147942402
    2/04/2012 10:23:00 p.m., error: Schedule [7901] - The At43.job command failed to start due to the following error: %%2147942402
    .
    ==== End Of File ===========================
  9. Broni

    Broni Malware Annihilator Posts: 46,425   +252

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    ============================================================

    Download Bootkit Remover to your desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.
  10. arvnranger

    arvnranger Newcomer, in training Topic Starter Posts: 28

    aswMBR didn't seem to indicate the scanning process was finished but after 10 mins of doing nothing I clicked "Save Log"then "Finish". MBR.dat is saved on the desktop and backed up on a USB drive.

    ===========================================

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-03-29 14:34:01
    -----------------------------
    14:34:01.602 OS Version: Windows 5.1.2600 Service Pack 3
    14:34:01.602 Number of processors: 2 586 0x401
    14:34:01.602 ComputerName: IVAN2_PC UserName: ivan
    14:34:02.086 Initialize success
    14:34:19.992 AVAST engine defs: 12032802
    14:34:33.274 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e
    14:34:33.274 Disk 0 Vendor: SAMSUNG_SP0411C UU100-05 Size: 38166MB BusType: 3
    14:34:33.321 Disk 0 MBR read successfully
    14:34:33.321 Disk 0 MBR scan
    14:34:33.368 Disk 0 Windows XP default MBR code
    14:34:33.368 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 38162 MB offset 63
    14:34:33.399 Disk 0 scanning sectors +78156225
    14:34:33.555 Disk 0 scanning C:\WINDOWS\system32\drivers
    14:34:53.055 Service scanning
    14:35:32.400 Modules scanning
    14:36:08.009 Disk 0 trace - called modules:
    14:36:08.025 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x89e9dfd0]<<
    14:36:08.025 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a546ab8]
    14:36:08.025 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> [0x89f8c6e0]
    14:36:08.041 \Driver\00001396[0x8a47f5c8] -> IRP_MJ_CREATE -> 0x89e9dfd0
    14:36:08.494 AVAST engine scan C:\WINDOWS
    14:36:22.635 AVAST engine scan C:\WINDOWS\system32
    14:39:26.793 AVAST engine scan C:\WINDOWS\system32\drivers
    14:39:54.794 AVAST engine scan C:\Documents and Settings\ivan
    14:45:43.064 AVAST engine scan C:\Documents and Settings\All Users
    14:47:11.580 Scan finished successfully
    14:48:24.144 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\ivan\Desktop\MBR.dat"
    14:48:24.159 The log file has been saved successfully to "C:\Documents and Settings\ivan\Desktop\aswMBR.txt"


    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-04-04 11:16:08
    -----------------------------
    11:16:08.354 OS Version: Windows 5.1.2600 Service Pack 3
    11:16:08.354 Number of processors: 2 586 0x401
    11:16:08.354 ComputerName: IVAN2_PC UserName: ivan
    11:16:11.369 Initialize success
    11:16:30.808 AVAST engine defs: 12040302
    11:16:35.152 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e
    11:16:35.152 Disk 0 Vendor: SAMSUNG_SP0411C UU100-05 Size: 38166MB BusType: 3
    11:16:35.199 Disk 0 MBR read successfully
    11:16:35.199 Disk 0 MBR scan
    11:16:35.339 Disk 0 Windows XP default MBR code
    11:16:35.355 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 38162 MB offset 63
    11:16:35.370 Disk 0 scanning sectors +78156225
    11:16:35.542 Disk 0 scanning C:\WINDOWS\system32\drivers
    11:17:26.902 Service scanning
    11:18:57.339 Modules scanning
    11:19:42.230 Disk 0 trace - called modules:
    11:19:42.277 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
    11:19:42.277 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a587ab8]
    11:19:42.277 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\00000065[0x8a5619e8]
    11:19:42.293 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-e[0x8a560940]
    11:19:43.839 AVAST engine scan C:\WINDOWS
    11:20:09.871 AVAST engine scan C:\WINDOWS\system32
    11:20:29.355 File: C:\WINDOWS\system32\BO0iKkW.com **INFECTED** Win32:Crypt-MEQ [Trj]
    11:20:29.496 File: C:\WINDOWS\system32\BO0iKkW.com_ **INFECTED** Win32:Crypt-MEQ [Trj]
    11:28:15.902 AVAST engine scan C:\WINDOWS\system32\drivers
    11:29:13.308 AVAST engine scan C:\Documents and Settings\ivan
    11:39:38.027 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\ivan\Desktop\MBR.dat"
    11:39:38.277 The log file has been saved successfully to "C:\Documents and Settings\ivan\Desktop\aswMBR.txt"

    ==============================================================

    Bootkit Remover
    (c) 2009 Esage Lab
    www.esagelab.com

    Program version: 1.2.0.1
    OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
    Boot sector MD5 is: 6def5ffcbcdbdb4082f1015625e597bd

    Size Device Name MBR Status
    --------------------------------------------
    37 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


    Done;
    Press any key to quit...
  11. Broni

    Broni Malware Annihilator Posts: 46,425   +252

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  12. arvnranger

    arvnranger Newcomer, in training Topic Starter Posts: 28

    I downloaded combofix, closed the anti-malware programs and browser windows, and ran it. It reported a Rootkit.Zeroaccess and advised that if problems persisted to run combofix again. I left it to run through its various processes until it rebooted the machine but I couldn't find c:\combofix.txt. I repeated the original process, Rootkit found again, still couldn't find the combofix.txt file. I ran combofix in safe mode (with networking) - rootkit still there, couldn't find combofix.txt. I went to your option 2 - downloaded rkill.com (the first in your list), deleted combofix then downloaded a fresh combofix saved to the desktop as your_name.exe. Ran rkill (which left a dos window open) then ran ran your_name (having closed anti-malware et al). Still can't find your_name.txt or combofix.txt.

    ==========================
    This log file is located at C:\rkill.log.
    Please post this only if requested to by the person helping you.
    Otherwise you can close this log when you wish.

    Rkill was run on 04/04/2012 at 14:02:41.
    Operating System: Microsoft Windows XP


    Processes terminated by Rkill or while it was running:

    ======================================

    Shall I start over?
  13. arvnranger

    arvnranger Newcomer, in training Topic Starter Posts: 28

    Ran rkill and combofix in safe mode. Success? The Rkill log looks identical to that above (the file attributes suggest it wasn't overwritten).

    ===============================================
    ComboFix 12-04-03.02 - ivan 04/04/2012 14:55:57.6.2 - x86 NETWORK
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1784 [GMT 12:00]
    Running from: c:\documents and settings\ivan\Desktop\your_name.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -- Previous Run --
    .
    Infected copy of c:\windows\system32\drivers\ntfs.sys was found and disinfected
    Restored copy from - c:\windows\ServicePackFiles\i386\ntfs.sys
    .
    --------
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-03-04 to 2012-04-04 )))))))))))))))))))))))))))))))
    .
    .
    2012-04-03 18:23 . 2012-03-28 23:56 99328 ----a-w- c:\windows\system32\BO0iKkW.com
    2012-04-01 23:49 . 2012-04-01 23:49 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
    2012-04-01 23:49 . 2012-04-01 23:49 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Yahoo!
    2012-03-28 20:59 . 2012-03-28 20:59 -------- d-----w- c:\documents and settings\ivan\Application Data\SUPERAntiSpyware.com
    2012-03-28 20:58 . 2012-03-28 20:59 -------- d-----w- c:\program files\SUPERAntiSpyware
    2012-03-28 20:58 . 2012-03-28 20:58 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-02-21 00:00 . 2011-05-17 22:51 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-02-03 09:22 . 2004-08-04 06:17 1860096 ----a-w- c:\windows\system32\win32k.sys
    2012-01-11 19:06 . 2012-02-19 19:47 3072 ------w- c:\windows\system32\iacenc.dll
    2012-01-09 16:20 . 2004-08-04 08:01 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2011-02-16 96160]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-03-07 3905920]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-07-30 143360]
    "SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824]
    "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-19 94208]
    "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-19 77824]
    "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-19 114688]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
    2007-06-27 07:03 152872 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
    2010-09-01 06:39 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2008-04-13 17:42 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    2007-03-01 03:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
    2006-03-21 01:19 69632 ----a-w- c:\program files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
    2003-09-29 12:14 155648 ----a-r- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2006-01-11 15:37 32881 -c--a-w- c:\program files\Java\j2re1.4.2_03\bin\jusched.exe
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\SQLANY70\\dbeng7.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:mad:xpsp2res.dll,-22009
    .
    R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [12/08/2011 11:38 a.m. 116608]
    R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [20/10/2009 8:33 a.m. 27632]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [23/07/2011 4:27 a.m. 12880]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [13/07/2011 9:55 a.m. 67664]
    S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [28/02/2011 2:03 p.m. 239528]
    S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7/10/2010 3:36 p.m. 652360]
    S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [28/02/2011 2:03 p.m. 36608]
    S3 genmcmnUSB;USB Scroll Mouse Driver;c:\windows\system32\drivers\gflmouhid.sys [19/04/2004 3:01 p.m. 6656]
    S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [15/07/2010 3:22 p.m. 13224]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7/10/2010 3:36 p.m. 20464]
    S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [20/10/2009 8:32 a.m. 86824]
    S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [20/10/2009 8:32 a.m. 15016]
    S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [20/10/2009 8:32 a.m. 114728]
    S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [20/10/2009 8:32 a.m. 106208]
    S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [20/10/2009 8:32 a.m. 26024]
    S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [20/10/2009 8:32 a.m. 104744]
    S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [20/10/2009 8:32 a.m. 109864]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    qhwscsvc
    WNCPKT
    artourservice
    ccevtmgr
    g400
    dcfssvc
    adminserver
    DELTA
    mcmispupdmgr
    axinstsv
    comhost
    ntrtscan
    atimtag
    se45unic
    eelsservice
    lmab_device
    ha20x2k
    szserver
    blueletaudio
    rt73
    aswmon2
    BCMWLNPF
    avfilter
    sfcure01
    alcaudsl
    StkASSrv
    pdlndint
    usbvideo
    netmnt
    prepdrvr
    nv
    ELhid
    slabbus
    WGX
    s7otranx
    wmp54gsvc
    brmfrmps
    dlcq_device
    tmlisten
    caboagp
    Wpsnuio
    se26nd5
    lxrsge10s
    l8042pr2
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-04-03 c:\windows\Tasks\At1.job
    - c:\windows\system32\BO0iKkW.com [2012-04-03 23:56]
    .
    2012-04-03 c:\windows\Tasks\At10.job
    - c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
    .
    2012-04-03 c:\windows\Tasks\At11.job
    - c:\windows\system32\BO0iKkW.com [2012-04-03 23:56]
    .
    2012-04-03 c:\windows\Tasks\At12.job
    - c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
    .
    2012-04-03 c:\windows\Tasks\At13.job
    - c:\windows\system32\BO0iKkW.com [2012-04-03 23:56]
    .
    2012-04-03 c:\windows\Tasks\At14.job
    - c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
    .
    2012-04-03 c:\windows\Tasks\At15.job
    - c:\windows\system32\BO0iKkW.com [2012-04-03 23:56]
    .
    2012-04-03 c:\windows\Tasks\At16.job
    - c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
    .
    2012-04-03 c:\windows\Tasks\At17.job
    - c:\windows\system32\BO0iKkW.com [2012-04-03 23:56]
    .
    2012-04-03 c:\windows\Tasks\At18.job
    - c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
    .
    2012-04-03 c:\windows\Tasks\At19.job
    - c:\windows\system32\BO0iKkW.com [2012-04-03 23:56]
    .
    2012-04-03 c:\windows\Tasks\At2.job
    - c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
    .
    2012-04-03 c:\windows\Tasks\At20.job
    - c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
    .
    2012-04-03 c:\windows\Tasks\At21.job
    - c:\windows\system32\BO0iKkW.com [2012-04-03 23:56]
    .
    2012-04-03 c:\windows\Tasks\At22.job
    - c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
    .
    2012-04-03 c:\windows\Tasks\At23.job
    - c:\windows\system32\BO0iKkW.com [2012-04-03 23:56]
    .
    2012-04-03 c:\windows\Tasks\At24.job
    - c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
    .
    2012-04-03 c:\windows\Tasks\At25.job
    - c:\windows\system32\BO0iKkW.com [2012-04-03 23:56]
    .
    2012-04-03 c:\windows\Tasks\At26.job
    - c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
    .
    2012-04-03 c:\windows\Tasks\At27.job
    - c:\windows\system32\BO0iKkW.com [2012-04-03 23:56]
    .
    2012-04-03 c:\windows\Tasks\At28.job
    - c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
    .
    2012-04-03 c:\windows\Tasks\At29.job
    - c:\windows\system32\BO0iKkW.com [2012-04-03 23:56]
    .
    2012-04-03 c:\windows\Tasks\At3.job
    - c:\windows\system32\BO0iKkW.com [2012-04-03 23:56]
    .
    2012-04-03 c:\windows\Tasks\At30.job
    - c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
    .
    2012-04-03 c:\windows\Tasks\At31.job
    - c:\windows\system32\BO0iKkW.com [2012-04-03 23:56]
    .
    2012-04-03 c:\windows\Tasks\At32.job
    - c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
    .
    2012-04-03 c:\windows\Tasks\At33.job
    - c:\windows\system32\BO0iKkW.com [2012-04-03 23:56]
    .
    2012-04-03 c:\windows\Tasks\At34.job
    - c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
    .
    2012-04-02 c:\windows\Tasks\At35.job
    - c:\windows\system32\BO0iKkW.com [2012-04-03 23:56]
    .
    2012-04-02 c:\windows\Tasks\At36.job
    - c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
    .
    2012-04-03 c:\windows\Tasks\At37.job
    - c:\windows\system32\BO0iKkW.com [2012-04-03 23:56]
    .
    2012-04-03 c:\windows\Tasks\At38.job
    - c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
    .
    2012-04-03 c:\windows\Tasks\At39.job
    - c:\windows\system32\BO0iKkW.com [2012-04-03 23:56]
    .
    2012-04-03 c:\windows\Tasks\At4.job
    - c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
    .
    2012-04-03 c:\windows\Tasks\At40.job
    - c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
    .
    2012-04-03 c:\windows\Tasks\At41.job
    - c:\windows\system32\BO0iKkW.com [2012-04-03 23:56]
    .
    2012-04-03 c:\windows\Tasks\At42.job
    - c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
    .
    2012-04-03 c:\windows\Tasks\At43.job
    - c:\windows\system32\BO0iKkW.com [2012-04-03 23:56]
    .
    2012-04-03 c:\windows\Tasks\At44.job
    - c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
    .
    2012-04-03 c:\windows\Tasks\At45.job
    - c:\windows\system32\BO0iKkW.com [2012-04-03 23:56]
    .
    2012-04-03 c:\windows\Tasks\At46.job
    - c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
    .
    2012-04-03 c:\windows\Tasks\At47.job
    - c:\windows\system32\BO0iKkW.com [2012-04-03 23:56]
    .
    2012-04-03 c:\windows\Tasks\At48.job
    - c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
    .
    2012-04-03 c:\windows\Tasks\At5.job
    - c:\windows\system32\BO0iKkW.com [2012-04-03 23:56]
    .
    2012-04-03 c:\windows\Tasks\At6.job
    - c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
    .
    2012-04-03 c:\windows\Tasks\At7.job
    - c:\windows\system32\BO0iKkW.com [2012-04-03 23:56]
    .
    2012-04-03 c:\windows\Tasks\At8.job
    - c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
    .
    2012-04-03 c:\windows\Tasks\At9.job
    - c:\windows\system32\BO0iKkW.com [2012-04-03 23:56]
    .
    2012-04-03 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 39bb3ef2-2fdc-4521-889b-4651ad3e4c28.job
    - c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
    .
    2012-04-03 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 3d3b28ec-3f26-4d34-a2f8-810af41dc5ac.job
    - c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.co.nz/
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
    TCP: Interfaces\{1B69E7A3-4BFA-42B1-923A-5B2BFB7E218E}: NameServer = 10.0.2.93,210.48.66.2,210.48.65.2
    TCP: Interfaces\{CCFBDEE0-6D1B-45C8-AA11-085E4BC40A5D}: NameServer = 210.55.24.8
    .
    - - - - ORPHANS REMOVED - - - -
    .
    MSConfigStartUp-AVG_TRAY - c:\program files\AVG\AVG2012\avgtray.exe
    MSConfigStartUp-Sony Ericsson PC Suite - c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
    AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
    AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
    AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
    AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
    AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
    AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
    AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
    AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
    AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
    AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
    AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
    AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
    AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
    AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
    AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
    AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
    AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-04-04 15:07
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bb,f5,0e,71,1f,6a,17,45,bc,9a,d4,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bb,f5,0e,71,1f,6a,17,45,bc,9a,d4,\
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(624)
    c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    c:\windows\system32\WININET.dll
    .
    - - - - - - - > 'explorer.exe'(268)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    .
    Completion time: 2012-04-04 15:09:17
    ComboFix-quarantined-files.txt 2012-04-04 03:09
    .
    Pre-Run: 14,150,803,456 bytes free
    Post-Run: 14,235,090,944 bytes free
    .
    - - End Of File - - 0F2894390F2B1D6139E00D1464188F03
  14. arvnranger

    arvnranger Newcomer, in training Topic Starter Posts: 28

    A dialog box keeps opening: "Internet Explorer is not currently your default browser ..."

    It *looks* legit but I dare not mouseclick it for fear of reinfecting the PC.
  15. Broni

    Broni Malware Annihilator Posts: 46,425   +252

    If it was your default browser you can approve that message.

    1. Please open Notepad (Start>All Programs>Accessories>Notepad).

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    AtJob::
    
    ClearJavaCache::
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
  16. arvnranger

    arvnranger Newcomer, in training Topic Starter Posts: 28

    Combofix still reports the presence of a rootkit and open 3 dialog boxes which I close with an "OK" button in succession. I find I have to run Combofix in safe mode to reach the end of the process normally.

    ==========================

    ComboFix 12-04-03.02 - ivan 04/04/2012 16:14:09.8.2 - x86 NETWORK
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1784 [GMT 12:00]
    Running from: c:\documents and settings\ivan\Desktop\your_name.exe
    Command switches used :: c:\documents and settings\ivan\Desktop\CFScript.txt
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\Application Data\J3d8QFa3.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-03-04 to 2012-04-04 )))))))))))))))))))))))))))))))
    .
    .
    2012-04-03 18:23 . 2012-03-28 23:56 99328 ----a-w- c:\windows\system32\BO0iKkW.com
    2012-04-01 23:49 . 2012-04-01 23:49 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
    2012-04-01 23:49 . 2012-04-01 23:49 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Yahoo!
    2012-03-28 20:59 . 2012-03-28 20:59 -------- d-----w- c:\documents and settings\ivan\Application Data\SUPERAntiSpyware.com
    2012-03-28 20:58 . 2012-03-28 20:59 -------- d-----w- c:\program files\SUPERAntiSpyware
    2012-03-28 20:58 . 2012-03-28 20:58 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-02-21 00:00 . 2011-05-17 22:51 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-02-03 09:22 . 2004-08-04 06:17 1860096 ----a-w- c:\windows\system32\win32k.sys
    2012-01-11 19:06 . 2012-02-19 19:47 3072 ------w- c:\windows\system32\iacenc.dll
    2012-01-09 16:20 . 2004-08-04 08:01 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-04-04_03.07.02 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2004-08-09 20:44 . 2012-04-04 02:58 53608 c:\windows\system32\perfc009.dat
    + 2004-08-09 20:44 . 2012-04-04 04:17 53608 c:\windows\system32\perfc009.dat
    + 2004-08-09 20:44 . 2012-04-04 04:17 383254 c:\windows\system32\perfh009.dat
    - 2004-08-09 20:44 . 2012-04-04 02:58 383254 c:\windows\system32\perfh009.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2011-02-16 96160]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-03-07 3905920]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-07-30 143360]
    "SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824]
    "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-19 94208]
    "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-19 77824]
    "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-19 114688]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
    2007-06-27 07:03 152872 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
    2010-09-01 06:39 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2008-04-13 17:42 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    2007-03-01 03:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
    2006-03-21 01:19 69632 ----a-w- c:\program files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
    2003-09-29 12:14 155648 ----a-r- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2006-01-11 15:37 32881 -c--a-w- c:\program files\Java\j2re1.4.2_03\bin\jusched.exe
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\SQLANY70\\dbeng7.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:mad:xpsp2res.dll,-22009
    .
    R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [12/08/2011 11:38 a.m. 116608]
    R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [20/10/2009 8:33 a.m. 27632]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [23/07/2011 4:27 a.m. 12880]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [13/07/2011 9:55 a.m. 67664]
    S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [28/02/2011 2:03 p.m. 239528]
    S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7/10/2010 3:36 p.m. 652360]
    S3 genmcmnUSB;USB Scroll Mouse Driver;c:\windows\system32\drivers\gflmouhid.sys [19/04/2004 3:01 p.m. 6656]
    S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [15/07/2010 3:22 p.m. 13224]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7/10/2010 3:36 p.m. 20464]
    S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [20/10/2009 8:32 a.m. 86824]
    S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [20/10/2009 8:32 a.m. 15016]
    S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [20/10/2009 8:32 a.m. 114728]
    S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [20/10/2009 8:32 a.m. 106208]
    S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [20/10/2009 8:32 a.m. 26024]
    S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [20/10/2009 8:32 a.m. 104744]
    S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [20/10/2009 8:32 a.m. 109864]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    qhwscsvc
    WNCPKT
    artourservice
    ccevtmgr
    g400
    dcfssvc
    adminserver
    DELTA
    mcmispupdmgr
    axinstsv
    comhost
    ntrtscan
    atimtag
    se45unic
    eelsservice
    lmab_device
    ha20x2k
    szserver
    blueletaudio
    rt73
    aswmon2
    BCMWLNPF
    avfilter
    sfcure01
    alcaudsl
    StkASSrv
    pdlndint
    usbvideo
    netmnt
    prepdrvr
    nv
    ELhid
    slabbus
    WGX
    s7otranx
    wmp54gsvc
    brmfrmps
    dlcq_device
    tmlisten
    caboagp
    Wpsnuio
    se26nd5
    lxrsge10s
    l8042pr2
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-04-03 c:\windows\Tasks\At1.job
    - c:\windows\system32\BO0iKkW.com [2012-04-03 23:56]
    .
    2012-04-03 c:\windows\Tasks\At10.job
    - c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
    .
    2012-04-03 c:\windows\Tasks\At11.job
    - c:\windows\system32\BO0iKkW.com [2012-04-03 23:56]
    .
    2012-04-03 c:\windows\Tasks\At12.job
    - c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
    .
    2012-04-03 c:\windows\Tasks\At13.job
    - c:\windows\system32\BO0iKkW.com [2012-04-03 23:56]
    .
    2012-04-03 c:\windows\Tasks\At14.job
    - c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
    .
    2012-04-03 c:\windows\Tasks\At15.job
    - c:\windows\system32\BO0iKkW.com [2012-04-03 23:56]
    .
    2012-04-03 c:\windows\Tasks\At16.job
    - c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
    .
    2012-04-03 c:\windows\Tasks\At17.job
    - c:\windows\system32\BO0iKkW.com [2012-04-03 23:56]
    .
    2012-04-03 c:\windows\Tasks\At18.job
    - c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
    .
    2012-04-03 c:\windows\Tasks\At19.job
    - c:\windows\system32\BO0iKkW.com [2012-04-03 23:56]
    .
    2012-04-03 c:\windows\Tasks\At2.job
    - c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
    .
    2012-04-03 c:\windows\Tasks\At20.job
    - c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
    .
    2012-04-03 c:\windows\Tasks\At21.job
    - c:\windows\system32\BO0iKkW.com [2012-04-03 23:56]
    .
    2012-04-03 c:\windows\Tasks\At22.job
    - c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
    .
    2012-04-03 c:\windows\Tasks\At23.job
    - c:\windows\system32\BO0iKkW.com [2012-04-03 23:56]
    .
    2012-04-03 c:\windows\Tasks\At24.job
    - c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
    .
    2012-04-03 c:\windows\Tasks\At25.job
    - c:\windows\system32\BO0iKkW.com [2012-04-03 23:56]
    .
    2012-04-03 c:\windows\Tasks\At26.job
    - c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
    .
    2012-04-03 c:\windows\Tasks\At27.job
    - c:\windows\system32\BO0iKkW.com [2012-04-03 23:56]
    .
    2012-04-03 c:\windows\Tasks\At28.job
    - c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
    .
    2012-04-03 c:\windows\Tasks\At29.job
    - c:\windows\system32\BO0iKkW.com [2012-04-03 23:56]
    .
    2012-04-03 c:\windows\Tasks\At3.job
    - c:\windows\system32\BO0iKkW.com [2012-04-03 23:56]
    .
    2012-04-03 c:\windows\Tasks\At30.job
    - c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
    .
    2012-04-04 c:\windows\Tasks\At31.job
    - c:\windows\system32\BO0iKkW.com [2012-04-03 23:56]
    .
    2012-04-04 c:\windows\Tasks\At32.job
    - c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
    .
    2012-04-03 c:\windows\Tasks\At33.job
    - c:\windows\system32\BO0iKkW.com [2012-04-03 23:56]
    .
    2012-04-03 c:\windows\Tasks\At34.job
    - c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
    .
    2012-04-02 c:\windows\Tasks\At35.job
    - c:\windows\system32\BO0iKkW.com [2012-04-03 23:56]
    .
    2012-04-02 c:\windows\Tasks\At36.job
    - c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
    .
    2012-04-03 c:\windows\Tasks\At37.job
    - c:\windows\system32\BO0iKkW.com [2012-04-03 23:56]
    .
    2012-04-03 c:\windows\Tasks\At38.job
    - c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
    .
    2012-04-03 c:\windows\Tasks\At39.job
    - c:\windows\system32\BO0iKkW.com [2012-04-03 23:56]
    .
    2012-04-03 c:\windows\Tasks\At4.job
    - c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
    .
    2012-04-03 c:\windows\Tasks\At40.job
    - c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
    .
    2012-04-03 c:\windows\Tasks\At41.job
    - c:\windows\system32\BO0iKkW.com [2012-04-03 23:56]
    .
    2012-04-03 c:\windows\Tasks\At42.job
    - c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
    .
    2012-04-03 c:\windows\Tasks\At43.job
    - c:\windows\system32\BO0iKkW.com [2012-04-03 23:56]
    .
    2012-04-03 c:\windows\Tasks\At44.job
    - c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
    .
    2012-04-03 c:\windows\Tasks\At45.job
    - c:\windows\system32\BO0iKkW.com [2012-04-03 23:56]
    .
    2012-04-03 c:\windows\Tasks\At46.job
    - c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
    .
    2012-04-03 c:\windows\Tasks\At47.job
    - c:\windows\system32\BO0iKkW.com [2012-04-03 23:56]
    .
    2012-04-03 c:\windows\Tasks\At48.job
    - c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
    .
    2012-04-03 c:\windows\Tasks\At5.job
    - c:\windows\system32\BO0iKkW.com [2012-04-03 23:56]
    .
    2012-04-03 c:\windows\Tasks\At6.job
    - c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
    .
    2012-04-03 c:\windows\Tasks\At7.job
    - c:\windows\system32\BO0iKkW.com [2012-04-03 23:56]
    .
    2012-04-03 c:\windows\Tasks\At8.job
    - c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
    .
    2012-04-03 c:\windows\Tasks\At9.job
    - c:\windows\system32\BO0iKkW.com [2012-04-03 23:56]
    .
    2012-04-03 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 39bb3ef2-2fdc-4521-889b-4651ad3e4c28.job
    - c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
    .
    2012-04-03 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 3d3b28ec-3f26-4d34-a2f8-810af41dc5ac.job
    - c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.co.nz/
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
    TCP: Interfaces\{1B69E7A3-4BFA-42B1-923A-5B2BFB7E218E}: NameServer = 10.0.2.93,210.48.66.2,210.48.65.2
    TCP: Interfaces\{CCFBDEE0-6D1B-45C8-AA11-085E4BC40A5D}: NameServer = 210.55.24.8
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-04-04 16:25
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bb,f5,0e,71,1f,6a,17,45,bc,9a,d4,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bb,f5,0e,71,1f,6a,17,45,bc,9a,d4,\
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(624)
    c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    c:\windows\system32\WININET.dll
    .
    Completion time: 2012-04-04 16:27:08
    ComboFix-quarantined-files.txt 2012-04-04 04:27
    ComboFix2.txt 2012-04-04 03:09
    .
    Pre-Run: 14,140,354,560 bytes free
    Post-Run: 14,211,461,120 bytes free
    .
    - - End Of File - - 5A01F0BD7BFEABF1991331872A9B52B9
  17. Broni

    Broni Malware Annihilator Posts: 46,425   +252

    1. Please open Notepad (Start>All Programs>Accessories>Notepad).

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    File::
    c:\windows\system32\BO0iKkW.com
    
    Rootkit::
    c:\windows\system32\BO0iKkW.com
    
    AtJob::
    
    ClearJavaCache::
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
  18. arvnranger

    arvnranger Newcomer, in training Topic Starter Posts: 28

    Sorry this is taking so long - I seem to have to do everything twice (doing it over in safe mode) - thanks for your patience.

    ===============================================
    ComboFix 12-04-03.02 - ivan 04/04/2012 17:46:05.10.2 - x86 NETWORK
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1784 [GMT 12:00]
    Running from: c:\documents and settings\ivan\Desktop\your_name.exe
    Command switches used :: c:\documents and settings\ivan\Desktop\CFScript.txt
    .
    FILE ::
    "c:\windows\system32\BO0iKkW.com"
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-03-04 to 2012-04-04 )))))))))))))))))))))))))))))))
    .
    .
    2012-04-02 00:23 . 2012-03-28 23:56 99328 ----a-w- c:\windows\system32\BO0iKkW.com_
    2012-04-01 23:49 . 2012-04-01 23:49 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
    2012-04-01 23:49 . 2012-04-01 23:49 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Yahoo!
    2012-03-28 20:59 . 2012-03-28 20:59 -------- d-----w- c:\documents and settings\ivan\Application Data\SUPERAntiSpyware.com
    2012-03-28 20:58 . 2012-03-28 20:59 -------- d-----w- c:\program files\SUPERAntiSpyware
    2012-03-28 20:58 . 2012-03-28 20:58 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-02-21 00:00 . 2011-05-17 22:51 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-02-03 09:22 . 2004-08-04 06:17 1860096 ----a-w- c:\windows\system32\win32k.sys
    2012-01-11 19:06 . 2012-02-19 19:47 3072 ------w- c:\windows\system32\iacenc.dll
    2012-01-09 16:20 . 2004-08-04 08:01 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2011-02-16 96160]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-03-07 3905920]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-07-30 143360]
    "SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824]
    "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-19 94208]
    "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-19 77824]
    "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-19 114688]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
    2007-06-27 07:03 152872 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
    2010-09-01 06:39 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2008-04-13 17:42 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    2007-03-01 03:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
    2006-03-21 01:19 69632 ----a-w- c:\program files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
    2003-09-29 12:14 155648 ----a-r- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2006-01-11 15:37 32881 -c--a-w- c:\program files\Java\j2re1.4.2_03\bin\jusched.exe
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\SQLANY70\\dbeng7.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:mad:xpsp2res.dll,-22009
    .
    R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [12/08/2011 11:38 a.m. 116608]
    R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [20/10/2009 8:33 a.m. 27632]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [23/07/2011 4:27 a.m. 12880]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [13/07/2011 9:55 a.m. 67664]
    S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [28/02/2011 2:03 p.m. 239528]
    S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7/10/2010 3:36 p.m. 652360]
    S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [28/02/2011 2:03 p.m. 36608]
    S3 genmcmnUSB;USB Scroll Mouse Driver;c:\windows\system32\drivers\gflmouhid.sys [19/04/2004 3:01 p.m. 6656]
    S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [15/07/2010 3:22 p.m. 13224]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7/10/2010 3:36 p.m. 20464]
    S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [20/10/2009 8:32 a.m. 86824]
    S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [20/10/2009 8:32 a.m. 15016]
    S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [20/10/2009 8:32 a.m. 114728]
    S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [20/10/2009 8:32 a.m. 106208]
    S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [20/10/2009 8:32 a.m. 26024]
    S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [20/10/2009 8:32 a.m. 104744]
    S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [20/10/2009 8:32 a.m. 109864]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    qhwscsvc
    WNCPKT
    artourservice
    ccevtmgr
    g400
    dcfssvc
    adminserver
    DELTA
    mcmispupdmgr
    axinstsv
    comhost
    ntrtscan
    atimtag
    se45unic
    eelsservice
    lmab_device
    ha20x2k
    szserver
    blueletaudio
    rt73
    aswmon2
    BCMWLNPF
    avfilter
    sfcure01
    alcaudsl
    StkASSrv
    pdlndint
    usbvideo
    netmnt
    prepdrvr
    nv
    ELhid
    slabbus
    WGX
    s7otranx
    wmp54gsvc
    brmfrmps
    dlcq_device
    tmlisten
    caboagp
    Wpsnuio
    se26nd5
    lxrsge10s
    l8042pr2
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-04-03 c:\windows\Tasks\At10.job
    - c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
    .
    2012-04-03 c:\windows\Tasks\At12.job
    - c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
    .
    2012-04-03 c:\windows\Tasks\At14.job
    - c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
    .
    2012-04-03 c:\windows\Tasks\At16.job
    - c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
    .
    2012-04-03 c:\windows\Tasks\At18.job
    - c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
    .
    2012-04-03 c:\windows\Tasks\At2.job
    - c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
    .
    2012-04-03 c:\windows\Tasks\At20.job
    - c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
    .
    2012-04-03 c:\windows\Tasks\At22.job
    - c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
    .
    2012-04-03 c:\windows\Tasks\At24.job
    - c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
    .
    2012-04-03 c:\windows\Tasks\At26.job
    - c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
    .
    2012-04-03 c:\windows\Tasks\At28.job
    - c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
    .
    2012-04-03 c:\windows\Tasks\At30.job
    - c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
    .
    2012-04-04 c:\windows\Tasks\At32.job
    - c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
    .
    2012-04-03 c:\windows\Tasks\At34.job
    - c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
    .
    2012-04-02 c:\windows\Tasks\At36.job
    - c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
    .
    2012-04-03 c:\windows\Tasks\At38.job
    - c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
    .
    2012-04-03 c:\windows\Tasks\At4.job
    - c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
    .
    2012-04-03 c:\windows\Tasks\At40.job
    - c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
    .
    2012-04-03 c:\windows\Tasks\At42.job
    - c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
    .
    2012-04-03 c:\windows\Tasks\At44.job
    - c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
    .
    2012-04-03 c:\windows\Tasks\At46.job
    - c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
    .
    2012-04-03 c:\windows\Tasks\At48.job
    - c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
    .
    2012-04-03 c:\windows\Tasks\At6.job
    - c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
    .
    2012-04-03 c:\windows\Tasks\At8.job
    - c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
    .
    2012-04-03 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 39bb3ef2-2fdc-4521-889b-4651ad3e4c28.job
    - c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
    .
    2012-04-03 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 3d3b28ec-3f26-4d34-a2f8-810af41dc5ac.job
    - c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.co.nz/
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
    TCP: Interfaces\{1B69E7A3-4BFA-42B1-923A-5B2BFB7E218E}: NameServer = 10.0.2.93,210.48.66.2,210.48.65.2
    TCP: Interfaces\{CCFBDEE0-6D1B-45C8-AA11-085E4BC40A5D}: NameServer = 210.55.24.8
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-04-04 17:57
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bb,f5,0e,71,1f,6a,17,45,bc,9a,d4,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bb,f5,0e,71,1f,6a,17,45,bc,9a,d4,\
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(640)
    c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    c:\windows\system32\WININET.dll
    .
    - - - - - - - > 'explorer.exe'(1536)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    .
    Completion time: 2012-04-04 18:03:34 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-04-04 06:03
    ComboFix2.txt 2012-04-04 04:27
    ComboFix3.txt 2012-04-04 03:09
    .
    Pre-Run: 14,189,686,784 bytes free
    Post-Run: 14,194,737,152 bytes free
    .
    - - End Of File - - 22CFE598547472554BC59BFFD7A01B9E
  19. Broni

    Broni Malware Annihilator Posts: 46,425   +252

    1. Please open Notepad (Start>All Programs>Accessories>Notepad).

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    File::
    c:\windows\system32\BO0iKkW.com_
    
    Rootkit::
    c:\windows\system32\BO0iKkW.com_
    
    AtJob::
    
    ClearJavaCache::
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
  20. arvnranger

    arvnranger Newcomer, in training Topic Starter Posts: 28

    Sorry again for the delay - I'm posting from GMT +12:00, I guess 4 hrs behind and a day ahead of Cali.

    =========================================================

    ComboFix 12-04-03.02 - ivan 05/04/2012 8:48.11.2 - x86 NETWORK
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1783 [GMT 12:00]
    Running from: c:\documents and settings\ivan\Desktop\your_name.exe
    Command switches used :: c:\documents and settings\ivan\Desktop\CFScript.txt
    .
    FILE ::
    "c:\windows\system32\BO0iKkW.com"
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-03-04 to 2012-04-04 )))))))))))))))))))))))))))))))
    .
    .
    2012-04-02 00:23 . 2012-03-28 23:56 99328 ----a-w- c:\windows\system32\BO0iKkW.com__
    2012-04-01 23:49 . 2012-04-01 23:49 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
    2012-04-01 23:49 . 2012-04-01 23:49 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Yahoo!
    2012-03-28 20:59 . 2012-03-28 20:59 -------- d-----w- c:\documents and settings\ivan\Application Data\SUPERAntiSpyware.com
    2012-03-28 20:58 . 2012-03-28 20:59 -------- d-----w- c:\program files\SUPERAntiSpyware
    2012-03-28 20:58 . 2012-03-28 20:58 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-02-21 00:00 . 2011-05-17 22:51 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-02-03 09:22 . 2004-08-04 06:17 1860096 ----a-w- c:\windows\system32\win32k.sys
    2012-01-11 19:06 . 2012-02-19 19:47 3072 ------w- c:\windows\system32\iacenc.dll
    2012-01-09 16:20 . 2004-08-04 08:01 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2011-02-16 96160]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-03-07 3905920]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-07-30 143360]
    "SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824]
    "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-19 94208]
    "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-19 77824]
    "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-19 114688]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil11f_ActiveX.exe" [2012-02-21 250016]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
    2007-06-27 07:03 152872 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
    2010-09-01 06:39 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2008-04-13 17:42 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    2007-03-01 03:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
    2006-03-21 01:19 69632 ----a-w- c:\program files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
    2003-09-29 12:14 155648 ----a-r- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2006-01-11 15:37 32881 -c--a-w- c:\program files\Java\j2re1.4.2_03\bin\jusched.exe
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\SQLANY70\\dbeng7.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:mad:xpsp2res.dll,-22009
    .
    R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [12/08/2011 11:38 a.m. 116608]
    R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [20/10/2009 8:33 a.m. 27632]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [23/07/2011 4:27 a.m. 12880]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [13/07/2011 9:55 a.m. 67664]
    S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [28/02/2011 2:03 p.m. 239528]
    S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7/10/2010 3:36 p.m. 652360]
    S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [28/02/2011 2:03 p.m. 36608]
    S3 genmcmnUSB;USB Scroll Mouse Driver;c:\windows\system32\drivers\gflmouhid.sys [19/04/2004 3:01 p.m. 6656]
    S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [15/07/2010 3:22 p.m. 13224]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7/10/2010 3:36 p.m. 20464]
    S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [20/10/2009 8:32 a.m. 86824]
    S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [20/10/2009 8:32 a.m. 15016]
    S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [20/10/2009 8:32 a.m. 114728]
    S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [20/10/2009 8:32 a.m. 106208]
    S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [20/10/2009 8:32 a.m. 26024]
    S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [20/10/2009 8:32 a.m. 104744]
    S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [20/10/2009 8:32 a.m. 109864]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    qhwscsvc
    WNCPKT
    artourservice
    ccevtmgr
    g400
    dcfssvc
    adminserver
    DELTA
    mcmispupdmgr
    axinstsv
    comhost
    ntrtscan
    atimtag
    se45unic
    eelsservice
    lmab_device
    ha20x2k
    szserver
    blueletaudio
    rt73
    aswmon2
    BCMWLNPF
    avfilter
    sfcure01
    alcaudsl
    StkASSrv
    pdlndint
    usbvideo
    netmnt
    prepdrvr
    nv
    ELhid
    slabbus
    WGX
    s7otranx
    wmp54gsvc
    brmfrmps
    dlcq_device
    tmlisten
    caboagp
    Wpsnuio
    se26nd5
    lxrsge10s
    l8042pr2
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-04-03 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 39bb3ef2-2fdc-4521-889b-4651ad3e4c28.job
    - c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
    .
    2012-04-03 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 3d3b28ec-3f26-4d34-a2f8-810af41dc5ac.job
    - c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.co.nz/
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
    TCP: Interfaces\{1B69E7A3-4BFA-42B1-923A-5B2BFB7E218E}: NameServer = 10.0.2.93,210.48.66.2,210.48.65.2
    TCP: Interfaces\{CCFBDEE0-6D1B-45C8-AA11-085E4BC40A5D}: NameServer = 210.55.24.8
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-04-05 09:02
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bb,f5,0e,71,1f,6a,17,45,bc,9a,d4,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bb,f5,0e,71,1f,6a,17,45,bc,9a,d4,\
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(624)
    c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    c:\windows\system32\WININET.dll
    .
    - - - - - - - > 'explorer.exe'(112)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    .
    Completion time: 2012-04-05 09:07:30 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-04-04 21:07
    ComboFix2.txt 2012-04-04 06:03
    ComboFix3.txt 2012-04-04 04:27
    ComboFix4.txt 2012-04-04 03:09
    .
    Pre-Run: 14,157,746,176 bytes free
    Post-Run: 14,162,784,256 bytes free
    .
    - - End Of File - - A0499467F1BE36F94722798F32562AF2
  21. Broni

    Broni Malware Annihilator Posts: 46,425   +252

    That looks better :)

    1. Please open Notepad (Start>All Programs>Accessories>Notepad).

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    File::
    c:\windows\system32\BO0iKkW.com__
    
    Rootkit::
    c:\windows\system32\BO0iKkW.com__
    
    ClearJavaCache::
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
  22. arvnranger

    arvnranger Newcomer, in training Topic Starter Posts: 28

    ComboFix 12-04-03.02 - ivan 05/04/2012 9:52.12.2 - x86 NETWORK
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1784 [GMT 12:00]
    Running from: c:\documents and settings\ivan\Desktop\your_name.exe
    Command switches used :: c:\documents and settings\ivan\Desktop\CFScript.txt
    .
    FILE ::
    "c:\windows\system32\BO0iKkW.com__"
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-03-04 to 2012-04-04 )))))))))))))))))))))))))))))))
    .
    .
    2012-04-01 23:49 . 2012-04-01 23:49 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
    2012-04-01 23:49 . 2012-04-01 23:49 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Yahoo!
    2012-03-28 20:59 . 2012-03-28 20:59 -------- d-----w- c:\documents and settings\ivan\Application Data\SUPERAntiSpyware.com
    2012-03-28 20:58 . 2012-03-28 20:59 -------- d-----w- c:\program files\SUPERAntiSpyware
    2012-03-28 20:58 . 2012-03-28 20:58 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-02-21 00:00 . 2011-05-17 22:51 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-02-03 09:22 . 2004-08-04 06:17 1860096 ----a-w- c:\windows\system32\win32k.sys
    2012-01-11 19:06 . 2012-02-19 19:47 3072 ------w- c:\windows\system32\iacenc.dll
    2012-01-09 16:20 . 2004-08-04 08:01 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2011-02-16 96160]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-03-07 3905920]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-07-30 143360]
    "SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824]
    "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-19 94208]
    "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-19 77824]
    "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-19 114688]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil11f_ActiveX.exe" [2012-02-21 250016]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
    2007-06-27 07:03 152872 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
    2010-09-01 06:39 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2008-04-13 17:42 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    2007-03-01 03:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
    2006-03-21 01:19 69632 ----a-w- c:\program files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
    2003-09-29 12:14 155648 ----a-r- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2006-01-11 15:37 32881 -c--a-w- c:\program files\Java\j2re1.4.2_03\bin\jusched.exe
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\SQLANY70\\dbeng7.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:mad:xpsp2res.dll,-22009
    .
    R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [12/08/2011 11:38 a.m. 116608]
    R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [20/10/2009 8:33 a.m. 27632]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [23/07/2011 4:27 a.m. 12880]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [13/07/2011 9:55 a.m. 67664]
    S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [28/02/2011 2:03 p.m. 239528]
    S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7/10/2010 3:36 p.m. 652360]
    S3 genmcmnUSB;USB Scroll Mouse Driver;c:\windows\system32\drivers\gflmouhid.sys [19/04/2004 3:01 p.m. 6656]
    S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [15/07/2010 3:22 p.m. 13224]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7/10/2010 3:36 p.m. 20464]
    S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [20/10/2009 8:32 a.m. 86824]
    S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [20/10/2009 8:32 a.m. 15016]
    S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [20/10/2009 8:32 a.m. 114728]
    S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [20/10/2009 8:32 a.m. 106208]
    S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [20/10/2009 8:32 a.m. 26024]
    S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [20/10/2009 8:32 a.m. 104744]
    S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [20/10/2009 8:32 a.m. 109864]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    qhwscsvc
    WNCPKT
    artourservice
    ccevtmgr
    g400
    dcfssvc
    adminserver
    DELTA
    mcmispupdmgr
    axinstsv
    comhost
    ntrtscan
    atimtag
    se45unic
    eelsservice
    lmab_device
    ha20x2k
    szserver
    blueletaudio
    rt73
    aswmon2
    BCMWLNPF
    avfilter
    sfcure01
    alcaudsl
    StkASSrv
    pdlndint
    usbvideo
    netmnt
    prepdrvr
    nv
    ELhid
    slabbus
    WGX
    s7otranx
    wmp54gsvc
    brmfrmps
    dlcq_device
    tmlisten
    caboagp
    Wpsnuio
    se26nd5
    lxrsge10s
    l8042pr2
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-04-03 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 39bb3ef2-2fdc-4521-889b-4651ad3e4c28.job
    - c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
    .
    2012-04-03 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 3d3b28ec-3f26-4d34-a2f8-810af41dc5ac.job
    - c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.co.nz/
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
    TCP: Interfaces\{1B69E7A3-4BFA-42B1-923A-5B2BFB7E218E}: NameServer = 10.0.2.93,210.48.66.2,210.48.65.2
    TCP: Interfaces\{CCFBDEE0-6D1B-45C8-AA11-085E4BC40A5D}: NameServer = 210.55.24.8
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-04-05 10:04
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bb,f5,0e,71,1f,6a,17,45,bc,9a,d4,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bb,f5,0e,71,1f,6a,17,45,bc,9a,d4,\
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(632)
    c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    c:\windows\system32\WININET.dll
    .
    - - - - - - - > 'explorer.exe'(1636)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    .
    Completion time: 2012-04-05 10:10:14 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-04-04 22:10
    ComboFix2.txt 2012-04-04 21:07
    ComboFix3.txt 2012-04-04 06:03
    ComboFix4.txt 2012-04-04 04:27
    ComboFix5.txt 2012-04-04 21:42
    .
    Pre-Run: 14,149,033,984 bytes free
    Post-Run: 14,152,630,272 bytes free
    .
    - - End Of File - - 8B36B9A07477FF58658156A05B3AE406
  23. Broni

    Broni Malware Annihilator Posts: 46,425   +252

    Finally looks good :)

    How is computer doing?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\tasks\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  24. arvnranger

    arvnranger Newcomer, in training Topic Starter Posts: 28

    Computer seems ok (thanks to your tender ministrations) but TBF I have been doing most of the posting from another machine, leaving the infected one well alone and running XP in safe mode.

    OTL.txt (Part 1 of 2 - original post exceeded 50k char limit)
    ==================================================
    OTL logfile created on: 5/04/2012 10:50:11 a.m. - Run 2
    OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\ivan\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00001409 | Country: New Zealand | Language: ENZ | Date Format: d/MM/yyyy

    1.99 Gb Total Physical Memory | 1.48 Gb Available Physical Memory | 74.11% Memory free
    2.58 Gb Paging File | 2.06 Gb Available in Paging File | 79.90% Paging File free
    Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 37.27 Gb Total Space | 11.21 Gb Free Space | 30.09% Space Free | Partition Type: NTFS
    Drive H: | 67.83 Gb Total Space | 29.41 Gb Free Space | 43.37% Space Free | Partition Type: NTFS
    Drive O: | 67.83 Gb Total Space | 29.41 Gb Free Space | 43.37% Space Free | Partition Type: NTFS
    Drive P: | 67.83 Gb Total Space | 29.41 Gb Free Space | 43.37% Space Free | Partition Type: NTFS
    Drive X: | 67.83 Gb Total Space | 29.41 Gb Free Space | 43.37% Space Free | Partition Type: NTFS
    Drive Z: | 67.83 Gb Total Space | 29.41 Gb Free Space | 43.37% Space Free | Partition Type: NTFS

    Computer Name: IVAN2_PC | User Name: ivan | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/04/05 10:37:54 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ivan\Desktop\OTL.exe
    PRC - [2012/03/08 09:27:25 | 003,905,920 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    PRC - [2012/01/13 13:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2012/01/13 13:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2011/08/12 11:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
    PRC - [2011/02/17 10:59:38 | 000,096,160 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
    PRC - [2011/02/17 10:58:10 | 000,239,528 | ---- | M] (Teruten) -- C:\WINDOWS\system32\FsUsbExService.Exe
    PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2003/07/31 05:08:58 | 000,143,360 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    PRC - [2002/09/21 11:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/04/05 10:36:18 | 000,065,024 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
    MOD - [2012/04/05 10:36:18 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
    MOD - [2012/03/29 08:59:32 | 000,117,760 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
    MOD - [2012/03/29 08:59:32 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
    MOD - [2005/10/30 15:24:08 | 000,081,920 | ---- | M] () -- C:\WINDOWS\system32\cpwmon2k.dll
    MOD - [2003/02/07 17:24:20 | 000,094,274 | ---- | M] () -- C:\WINDOWS\system32\HPBHEALR.DLL


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\rupsmon.dll -- (Wpsnuio)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\DVDVRRdr_xp.dll -- (WNCPKT)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pnrouter.dll -- (wmp54gsvc)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pcdrndisuio.dll -- (WGX)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\VX3000.dll -- (usbvideo)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\vsmon.dll -- (tmlisten)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\regspy.dll -- (szserver)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\btwusb.dll -- (StkASSrv)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\HpqRemHid.dll -- (slabbus)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\3dkeybd.dll -- (sfcure01)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\LMIRfsDriver.dll -- (se45unic)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SE27mdm.dll -- (se26nd5)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\TVALG.dll -- (s7otranx)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\WmHidLo.dll -- (rt73)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\MA_CMIDI.dll -- (qhwscsvc)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\FireHook.dll -- (prepdrvr)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SPFDRV.dll -- (pdlndint)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\wceusbsh.dll -- (nv)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\flutilssvc.dll -- (ntrtscan)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\VRFIL.dll -- (netmnt)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\apache.dll -- (mcmispupdmgr)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\avpnnic.dll -- (lxrsge10s)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\FileDisk.dll -- (lmab_device)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\lvprcsrv.dll -- (l8042pr2)
    SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
    SRV - File not found [Auto | Stopped] -- %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dlles\pchsvc.dll -- (helpsvc)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\fsaua.dll -- (ha20x2k)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\a016mgmt.dll -- (g400)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\PQNTDrv.dll -- (ELhid)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\buslogic.dll -- (eelsservice)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\websensecamserver.dll -- (dlcq_device)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\usbaudio.dll -- (DELTA)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\symantecantibotagent.dll -- (dcfssvc)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SABProcEnum.dll -- (comhost)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\asc3350p.dll -- (ccevtmgr)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\lxcd_device.dll -- (caboagp)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\n558.dll -- (brmfrmps)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\navex15.dll -- (blueletaudio)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\sleepy.dll -- (BCMWLNPF)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\lvhidsvc.dll -- (axinstsv)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\s117unic.dll -- (avfilter)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\DCamUSBGrandTek.dll -- (atimtag)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\stylexphelper.dll -- (aswmon2)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\MRESP50.dll -- (artourservice)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\perc2.dll -- (alcaudsl)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SerTVOutCtlr.dll -- (adminserver)
    SRV - [2012/01/13 13:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2011/08/12 11:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
    SRV - [2011/02/17 10:58:10 | 000,239,528 | ---- | M] (Teruten) [Auto | Running] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService)
    SRV - [2002/09/21 11:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
    DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
    DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
    DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\your_name\catchme.sys -- (catchme)
    DRV - [2011/12/10 14:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
    DRV - [2011/07/23 04:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
    DRV - [2011/07/13 09:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2010/12/21 17:55:02 | 000,132,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
    DRV - [2010/12/21 17:55:02 | 000,104,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
    DRV - [2010/12/21 17:55:02 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
    DRV - [2010/10/04 08:40:18 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
    DRV - [2009/04/06 09:13:52 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggsemc.sys -- (ggsemc)
    DRV - [2009/04/06 09:13:52 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggflt.sys -- (ggflt)
    DRV - [2009/03/25 16:48:00 | 000,114,728 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018mdm.sys -- (s1018mdm)
    DRV - [2009/03/25 16:48:00 | 000,109,864 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018unic.sys -- (s1018unic) Sony Ericsson Device 1018 USB Ethernet Emulation (WDM)
    DRV - [2009/03/25 16:48:00 | 000,106,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018mgmt.sys -- (s1018mgmt) Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM)
    DRV - [2009/03/25 16:48:00 | 000,104,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018obex.sys -- (s1018obex)
    DRV - [2009/03/25 16:48:00 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018bus.sys -- (s1018bus) Sony Ericsson Device 1018 driver (WDM)
    DRV - [2009/03/25 16:48:00 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018nd5.sys -- (s1018nd5) Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS)
    DRV - [2009/03/25 16:48:00 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018mdfl.sys -- (s1018mdfl)
    DRV - [2008/01/09 10:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\seehcri.sys -- (seehcri)
    DRV - [2004/08/04 12:29:50 | 000,019,455 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wVchNTxx.sys -- (iAimFP4)
    DRV - [2004/08/04 12:29:48 | 000,012,063 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wSiINTxx.sys -- (iAimFP3)
    DRV - [2004/08/04 12:29:46 | 000,025,471 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV10nt.sys -- (iAimTV5)
    DRV - [2004/08/04 12:29:46 | 000,023,615 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys -- (iAimTV4)
    DRV - [2004/08/04 12:29:46 | 000,022,271 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV06nt.sys -- (iAimTV6)
    DRV - [2004/08/04 12:29:44 | 000,033,599 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV04nt.sys -- (iAimTV3)
    DRV - [2004/08/04 12:29:44 | 000,019,551 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV02NT.sys -- (iAimTV1)
    DRV - [2004/08/04 12:29:42 | 000,029,311 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV01nt.sys -- (iAimTV0)
    DRV - [2004/08/04 12:29:42 | 000,011,871 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV09NT.sys -- (iAimFP7)
    DRV - [2004/08/04 12:29:40 | 000,011,807 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV07nt.sys -- (iAimFP5)
    DRV - [2004/08/04 12:29:40 | 000,011,295 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV08NT.sys -- (iAimFP6)
    DRV - [2004/08/04 12:29:38 | 000,161,020 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x)
    DRV - [2004/08/04 12:29:38 | 000,012,415 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV01nt.sys -- (iAimFP0)
    DRV - [2004/08/04 12:29:38 | 000,012,127 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV02NT.sys -- (iAimFP1)
    DRV - [2004/08/04 12:29:38 | 000,011,775 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV05NT.sys -- (iAimFP2)
    DRV - [2004/05/05 05:31:18 | 000,186,112 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
    DRV - [2004/04/19 15:01:00 | 000,006,656 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gflmouhid.sys -- (genmcmnUSB)
    DRV - [2004/02/05 07:34:16 | 000,051,584 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\baspxp32.sys -- (Blfp)
    DRV - [2002/04/04 18:32:06 | 000,028,416 | R--- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\symmpi.sys -- (Symmpi)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com

    IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com

    IE - HKU\S-1-5-21-217054336-590899114-1854122260-1119\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/
    IE - HKU\S-1-5-21-217054336-590899114-1854122260-1119\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKU\S-1-5-21-217054336-590899114-1854122260-1119\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
    IE - HKU\S-1-5-21-217054336-590899114-1854122260-1119\..\SearchScopes\{FE9A569F-029E-4F47-9194-72F4C3C6FB8C}: "URL" = http://search.avg.com/?d=4d6ab8d6&i=23&tp=chrome&q={searchTerms}&lng={language}&nt=1
    IE - HKU\S-1-5-21-217054336-590899114-1854122260-1119\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    ========== FireFox ==========

    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



    ========== Chrome ==========


    O1 HOSTS File: ([2012/04/05 10:04:29 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe (Hewlett-Packard Company)
    O4 - HKLM..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe (Analog Devices, Inc.)
    O4 - HKU\S-1-5-21-217054336-590899114-1854122260-1119..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
    O4 - HKU\S-1-5-21-217054336-590899114-1854122260-1119..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
    O4 - HKU\.DEFAULT..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil11f_ActiveX.exe (Adobe Systems, Inc.)
    O4 - HKU\S-1-5-18..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil11f_ActiveX.exe (Adobe Systems, Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-217054336-590899114-1854122260-1119\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-217054336-590899114-1854122260-1119\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-21-217054336-590899114-1854122260-1119\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-21-217054336-590899114-1854122260-1119\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {33415AC7-AFFA-4D55-B41C-C64C0D07DFCA} http://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISWebManager.CAB (Hewlett-Packard Printer Diagnostics)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/mic...ls/en/x86/client/wuweb_site.cab?1190169885609 (WUWebControl Class)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1190169815312 (MUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.4.2/jinstall-1_4_2_03-windows-i586.cab (Java Plug-in 1.4.2_03)
    O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = PCRentalsAuckland.local
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1B69E7A3-4BFA-42B1-923A-5B2BFB7E218E}: NameServer = 10.0.2.93,210.48.66.2,210.48.65.2
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CCFBDEE0-6D1B-45C8-AA11-085E4BC40A5D}: NameServer = 210.55.24.8
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
    O24 - Desktop WallPaper: C:\Documents and Settings\ivan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\ivan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2008/08/20 15:06:55 | 000,000,024 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: qhwscsvc - %systemroot%\system32\MA_CMIDI.dll File not found
    NetSvcs: WNCPKT - %systemroot%\system32\DVDVRRdr_xp.dll File not found
    NetSvcs: artourservice - %systemroot%\system32\MRESP50.dll File not found
    NetSvcs: ccevtmgr - %systemroot%\system32\asc3350p.dll File not found
    NetSvcs: g400 - %systemroot%\system32\a016mgmt.dll File not found
    NetSvcs: dcfssvc - %systemroot%\system32\symantecantibotagent.dll File not found
    NetSvcs: adminserver - %systemroot%\system32\SerTVOutCtlr.dll File not found
    NetSvcs: DELTA - %systemroot%\system32\usbaudio.dll File not found
    NetSvcs: mcmispupdmgr - %systemroot%\system32\apache.dll File not found
    NetSvcs: axinstsv - %systemroot%\system32\lvhidsvc.dll File not found
    NetSvcs: comhost - %systemroot%\system32\SABProcEnum.dll File not found
    NetSvcs: ntrtscan - %systemroot%\system32\flutilssvc.dll File not found
    NetSvcs: atimtag - %systemroot%\system32\DCamUSBGrandTek.dll File not found
    NetSvcs: se45unic - %systemroot%\system32\LMIRfsDriver.dll File not found
    NetSvcs: eelsservice - %systemroot%\system32\buslogic.dll File not found
    NetSvcs: lmab_device - %systemroot%\system32\FileDisk.dll File not found
    NetSvcs: ha20x2k - %systemroot%\system32\fsaua.dll File not found
    NetSvcs: szserver - %systemroot%\system32\regspy.dll File not found
    NetSvcs: blueletaudio - %systemroot%\system32\navex15.dll File not found
    NetSvcs: rt73 - %systemroot%\system32\WmHidLo.dll File not found
    NetSvcs: aswmon2 - %systemroot%\system32\stylexphelper.dll File not found
    NetSvcs: BCMWLNPF - %systemroot%\system32\sleepy.dll File not found
    NetSvcs: avfilter - %systemroot%\system32\s117unic.dll File not found
    NetSvcs: sfcure01 - %systemroot%\system32\3dkeybd.dll File not found
    NetSvcs: alcaudsl - %systemroot%\system32\perc2.dll File not found
    NetSvcs: StkASSrv - %systemroot%\system32\btwusb.dll File not found
    NetSvcs: pdlndint - %systemroot%\system32\SPFDRV.dll File not found
    NetSvcs: usbvideo - %systemroot%\system32\VX3000.dll File not found
    NetSvcs: netmnt - %systemroot%\system32\VRFIL.dll File not found
    NetSvcs: prepdrvr - %systemroot%\system32\FireHook.dll File not found
    NetSvcs: nv - %systemroot%\system32\wceusbsh.dll File not found
    NetSvcs: ELhid - %systemroot%\system32\PQNTDrv.dll File not found
    NetSvcs: slabbus - %systemroot%\system32\HpqRemHid.dll File not found
    NetSvcs: WGX - %systemroot%\system32\pcdrndisuio.dll File not found
    NetSvcs: s7otranx - %systemroot%\system32\TVALG.dll File not found
    NetSvcs: wmp54gsvc - %systemroot%\system32\pnrouter.dll File not found
    NetSvcs: brmfrmps - %systemroot%\system32\n558.dll File not found
    NetSvcs: dlcq_device - %systemroot%\system32\websensecamserver.dll File not found
    NetSvcs: tmlisten - %systemroot%\system32\vsmon.dll File not found
    NetSvcs: caboagp - %systemroot%\system32\lxcd_device.dll File not found
    NetSvcs: Wpsnuio - %systemroot%\system32\rupsmon.dll File not found
    NetSvcs: se26nd5 - %systemroot%\system32\SE27mdm.dll File not found
    NetSvcs: lxrsge10s - %systemroot%\system32\avpnnic.dll File not found
    NetSvcs: l8042pr2 - %systemroot%\system32\lvprcsrv.dll File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: helpsvc - %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dlles\pchsvc.dll File not found

    Drivers32: MIDI1 - C:\WINDOWS\System32\Syncor11.dll (SoundMAX)
    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
    Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/04/05 10:37:51 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\ivan\Desktop\OTL.exe
    [2012/04/05 10:10:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
    [2012/04/04 14:01:23 | 004,455,431 | R--- | C] (Swearware) -- C:\Documents and Settings\ivan\Desktop\your_name.exe
    [2012/04/04 12:13:05 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2012/04/04 12:10:49 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2012/04/04 12:10:49 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2012/04/04 12:10:49 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2012/04/04 12:10:49 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2012/04/04 12:10:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2012/04/04 12:10:29 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/04/04 11:43:07 | 000,083,968 | ---- | C] (Esage Lab) -- C:\Documents and Settings\ivan\Desktop\boot_cleaner.exe
    [2012/04/04 10:52:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ivan\Desktop\bootkit_remover
    [2012/04/03 16:40:25 | 000,000,000 | R--D | C] -- C:\Documents and Settings\ivan\Start Menu\Programs\Administrative Tools
    [2012/04/03 13:55:11 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\ivan\Desktop\dds.scr
    [2012/04/02 11:49:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Yahoo!
    [2012/04/02 11:47:55 | 000,000,000 | ---D | C] -- C:\Config.Msi
    [2012/03/29 10:53:24 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\ivan\Desktop\aswMBR.exe
    [2012/03/29 08:59:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ivan\Application Data\SUPERAntiSpyware.com
    [2012/03/29 08:58:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
    [2012/03/29 08:58:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    [2012/03/29 08:58:46 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2012/03/28 17:30:07 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\ivan\Recent
    [2012/03/28 17:23:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
    [2012/03/28 17:23:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/04/05 10:40:03 | 000,383,254 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2012/04/05 10:40:03 | 000,053,608 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2012/04/05 10:37:54 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ivan\Desktop\OTL.exe
    [2012/04/05 10:36:03 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2012/04/05 10:35:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2012/04/05 10:35:49 | 2138,574,848 | -HS- | M] () -- C:\hiberfil.sys
    [2012/04/05 10:04:29 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2012/04/04 14:01:23 | 004,455,431 | R--- | M] (Swearware) -- C:\Documents and Settings\ivan\Desktop\your_name.exe
    [2012/04/04 13:59:07 | 001,008,141 | ---- | M] () -- C:\Documents and Settings\ivan\Desktop\rkill.com
    [2012/04/04 12:13:12 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2012/04/04 11:39:38 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\ivan\Desktop\MBR.dat
    [2012/04/04 10:46:44 | 000,044,607 | ---- | M] () -- C:\Documents and Settings\ivan\Desktop\bootkit_remover.zip
    [2012/04/04 09:59:02 | 000,000,508 | ---- | M] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 3d3b28ec-3f26-4d34-a2f8-810af41dc5ac.job
    [2012/04/04 02:00:00 | 000,000,508 | ---- | M] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 39bb3ef2-2fdc-4521-889b-4651ad3e4c28.job
    [2012/04/03 13:57:46 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\ivan\Desktop\8kzz5ksr.exe
    [2012/04/03 13:55:15 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\ivan\Desktop\dds.scr
    [2012/04/02 14:49:01 | 000,000,267 | ---- | M] () -- C:\WINDOWS\MYOBP.INI
    [2012/04/02 14:48:56 | 000,000,044 | ---- | M] () -- C:\WINDOWS\MYOB.INI
    [2012/03/29 16:09:46 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\6gg8V7.dat
    [2012/03/29 11:10:48 | 000,010,593 | ---- | M] () -- C:\WINDOWS\CSTBox.INI
    [2012/03/29 10:53:24 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\ivan\Desktop\aswMBR.exe
    [2012/03/29 08:58:53 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Professional.lnk
    [2012/03/29 08:40:22 | 000,000,211 | ---- | M] () -- C:\Boot.bak
    [2012/03/29 07:49:28 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2012/03/29 07:40:57 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/03/28 16:26:18 | 000,225,280 | ---- | M] () -- C:\Documents and Settings\ivan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/03/15 09:19:56 | 000,226,408 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2012/03/15 08:40:46 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\ivan\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
    [2012/03/14 17:01:48 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
    [2012/03/07 15:12:14 | 000,041,849 | ---- | M] () -- C:\Documents and Settings\ivan\My Documents\Cricket - Fun photo.JPG
    [2012/03/07 15:10:42 | 000,557,390 | ---- | M] () -- C:\Documents and Settings\ivan\My Documents\Cricket - Fun photo.tif
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/04/05 10:35:49 | 2138,574,848 | -HS- | C] () -- C:\hiberfil.sys
    [2012/04/04 13:59:03 | 001,008,141 | ---- | C] () -- C:\Documents and Settings\ivan\Desktop\rkill.com
    [2012/04/04 12:13:12 | 000,000,211 | ---- | C] () -- C:\Boot.bak
    [2012/04/04 12:13:06 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2012/04/04 12:10:49 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2012/04/04 12:10:49 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2012/04/04 12:10:49 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2012/04/04 12:10:49 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2012/04/04 12:10:49 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2012/04/04 10:46:37 | 000,044,607 | ---- | C] () -- C:\Documents and Settings\ivan\Desktop\bootkit_remover.zip
    [2012/04/03 13:57:42 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\ivan\Desktop\8kzz5ksr.exe
    [2012/03/29 13:48:24 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\ivan\Desktop\MBR.dat
    [2012/03/29 10:54:30 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\6gg8V7.dat
    [2012/03/29 08:59:15 | 000,000,508 | ---- | C] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 3d3b28ec-3f26-4d34-a2f8-810af41dc5ac.job
    [2012/03/29 08:59:14 | 000,000,508 | ---- | C] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 39bb3ef2-2fdc-4521-889b-4651ad3e4c28.job
    [2012/03/29 08:58:53 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Professional.lnk
    [2012/03/29 07:40:57 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/03/28 17:24:44 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2012/03/07 15:12:14 | 000,041,849 | ---- | C] () -- C:\Documents and Settings\ivan\My Documents\Cricket - Fun photo.JPG
    [2012/03/07 15:10:38 | 000,557,390 | ---- | C] () -- C:\Documents and Settings\ivan\My Documents\Cricket - Fun photo.tif
    [2012/02/20 07:47:34 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
    [2011/02/28 14:03:40 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
    [2011/02/28 14:03:40 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
    [2011/02/28 14:03:16 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\ivan\Application Data\$_hpcst$.hpc
    [2010/04/29 10:51:21 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

    ========== LOP Check ==========

    [2012/01/23 08:50:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
    [2012/04/03 09:23:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
    [2011/02/28 08:34:20 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
    [2012/04/02 11:55:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
    [2012/02/09 11:13:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
    [2008/08/20 15:33:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
    [2011/04/20 15:40:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
    [2008/08/21 10:00:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ivan\Application Data\Canon
    [2009/04/23 10:31:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ivan\Application Data\gtk-2.0
    [2011/04/12 17:35:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ivan\Application Data\Inkscape
    [2011/09/06 15:23:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ivan\Application Data\ML
    [2011/04/18 15:02:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ivan\Application Data\Mp3tag
    [2008/08/21 10:03:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ivan\Application Data\NewSoft
    [2012/02/09 11:18:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ivan\Application Data\Samsung
    [2008/08/20 15:33:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ivan\Application Data\ScanSoft
    [2010/08/25 11:15:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ivan\Application Data\YCanPDF
    [2012/04/04 02:00:00 | 000,000,508 | ---- | M] () -- C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 39bb3ef2-2fdc-4521-889b-4651ad3e4c28.job
    [2012/04/04 09:59:02 | 000,000,508 | ---- | M] () -- C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 3d3b28ec-3f26-4d34-a2f8-810af41dc5ac.job

    ========== Purity Check ==========
  25. arvnranger

    arvnranger Newcomer, in training Topic Starter Posts: 28

    OTL.txt (Part 2 of 2)
    ==================================================


    ========== Custom Scans ==========

    < %SYSTEMDRIVE%\*.* >
    [2008/08/20 15:06:55 | 000,000,024 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2012/03/29 08:40:22 | 000,000,211 | ---- | M] () -- C:\Boot.bak
    [2012/04/04 12:13:12 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
    [2012/04/05 10:10:15 | 000,010,349 | ---- | M] () -- C:\ComboFix.txt
    [2012/04/05 10:35:49 | 2138,574,848 | -HS- | M] () -- C:\hiberfil.sys
    [2006/01/12 03:39:45 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2006/01/12 03:39:45 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2004/08/04 20:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2008/05/28 09:50:01 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2012/04/05 10:35:47 | 792,723,456 | -HS- | M] () -- C:\pagefile.sys
    [2010/06/04 10:07:55 | 000,000,764 | ---- | M] () -- C:\Rescued document 1.txt
    [2011/09/22 09:42:29 | 000,000,602 | ---- | M] () -- C:\Rescued document 2.txt
    [2011/09/22 10:05:06 | 000,000,562 | ---- | M] () -- C:\Rescued document 3.txt
    [2010/06/04 10:04:40 | 000,000,820 | ---- | M] () -- C:\Rescued document.txt
    [2012/04/04 14:02:45 | 000,000,310 | ---- | M] () -- C:\rkill.log
    [2004/08/05 03:00:00 | 000,047,564 | -HS- | M] () -- C:\__0X02BF
    [2004/08/05 03:00:00 | 000,250,032 | -HS- | M] () -- C:\__0x02c0

    < %systemroot%\Fonts\*.com >

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2004/08/10 01:32:58 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2005/06/10 22:55:08 | 000,067,072 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp052.DLL
    [2006/04/25 05:07:24 | 000,069,120 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp43e.DLL
    [2007/02/13 19:22:00 | 000,286,208 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp4wm.DLL
    [2007/04/09 12:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2004/08/10 01:20:10 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
    [2004/08/10 01:20:10 | 000,659,456 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
    [2004/08/10 01:20:10 | 000,864,256 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
    [2008/05/28 09:55:35 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

    < %systemroot%\system32\config\systemprofile\*.dat /x >
    [2004/08/10 08:59:58 | 000,524,288 | -H-- | M] () -- C:\WINDOWS\system32\config\systemprofile\__0X0042
    [2004/08/10 06:59:58 | 000,001,024 | -H-- | M] () -- C:\WINDOWS\system32\config\systemprofile\__0X0043
    [2004/08/10 06:59:58 | 000,000,178 | -H-- | M] () -- C:\WINDOWS\system32\config\systemprofile\__0x0044

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2008/08/12 12:03:52 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\ivan\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
    [2004/08/10 06:42:00 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\ivan\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

    < %USERPROFILE%\Desktop\*.exe >
    [2012/04/03 13:57:46 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\ivan\Desktop\8kzz5ksr.exe
    [2012/03/29 10:53:24 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\ivan\Desktop\aswMBR.exe
    [2010/05/17 11:25:43 | 002,131,808 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\ivan\Desktop\avg_free_stb_all_9_114_cnet.exe
    [2011/09/20 03:02:40 | 000,083,968 | ---- | M] (Esage Lab) -- C:\Documents and Settings\ivan\Desktop\boot_cleaner.exe
    [2010/05/05 09:28:13 | 003,382,520 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\ivan\Desktop\ccsetup231.exe
    [2008/09/19 10:13:49 | 028,868,320 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\ivan\Desktop\FileFormatConverters.exe
    [2009/03/25 12:54:09 | 003,879,797 | ---- | M] () -- C:\Documents and Settings\ivan\Desktop\FileZilla_3.2.3_win32-setup.exe
    [2011/01/27 13:29:23 | 312,528,557 | ---- | M] (Arobas Music ) -- C:\Documents and Settings\ivan\Desktop\GuitarPro6Demo-rev9067.exe
    [2009/04/23 10:07:53 | 035,074,836 | ---- | M] () -- C:\Documents and Settings\ivan\Desktop\Inkscape-0.46.win32.exe
    [2011/03/31 09:35:13 | 003,135,064 | ---- | M] () -- C:\Documents and Settings\ivan\Desktop\lide70osmwin200us.exe
    [2011/03/17 12:36:46 | 014,203,112 | ---- | M] () -- C:\Documents and Settings\ivan\Desktop\ljp3005pcl6win2kxp2003vista2008.exe
    [2009/03/25 10:16:25 | 001,091,264 | ---- | M] (Xiph.Org) -- C:\Documents and Settings\ivan\Desktop\oggcodecs_0.81.15562-win32.exe
    [2012/04/05 10:37:54 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ivan\Desktop\OTL.exe
    [2010/08/25 10:45:25 | 014,499,958 | ---- | M] (PDF OCR ) -- C:\Documents and Settings\ivan\Desktop\pdfocr.exe
    [2010/07/22 13:08:36 | 015,291,693 | ---- | M] (EffectMatrix Inc. ) -- C:\Documents and Settings\ivan\Desktop\tvc.exe
    [2011/04/20 15:36:42 | 020,153,672 | ---- | M] () -- C:\Documents and Settings\ivan\Desktop\winzip150.exe
    [2008/09/03 17:29:11 | 001,206,366 | ---- | M] () -- C:\Documents and Settings\ivan\Desktop\wrar371.exe
    [2012/04/04 14:01:23 | 004,455,431 | R--- | M] (Swearware) -- C:\Documents and Settings\ivan\Desktop\your_name.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\tasks\*.* >
    [2004/08/04 20:00:00 | 000,000,065 | RH-- | M] () -- C:\WINDOWS\tasks\desktop.ini
    [2012/04/05 10:35:52 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
    [2012/04/04 02:00:00 | 000,000,508 | ---- | M] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 39bb3ef2-2fdc-4521-889b-4651ad3e4c28.job
    [2012/04/04 09:59:02 | 000,000,508 | ---- | M] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 3d3b28ec-3f26-4d34-a2f8-810af41dc5ac.job

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >
    [2011/04/14 11:23:04 | 000,288,040 | ---- | M] () -- C:\Documents and Settings\ivan\My Documents\SoftonicDownloader_for_cricket-scorer.exe
    [2006/12/15 09:53:46 | 001,035,271 | ---- | M] () -- C:\Documents and Settings\ivan\My Documents\wrar362.exe

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >
    [2005/02/05 10:50:56 | 000,031,736 | ---- | M] () -- C:\WINDOWS\Driver Cache\CUTEPDFW.PPD
    [2006/06/01 19:41:18 | 001,441,792 | ---- | M] () -- C:\WINDOWS\Driver Cache\hpbcfgre.DLL
    [2007/08/07 13:22:18 | 000,344,064 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\Driver Cache\hpbicoin.dll
    [2005/06/20 13:33:42 | 000,081,920 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\Driver Cache\HPBMIAPI.DLL
    [2006/01/24 16:07:28 | 000,241,721 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\Driver Cache\HPBMINI.DLL
    [2005/06/20 13:33:06 | 000,049,152 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\Driver Cache\HPBNRAC2.DLL
    [2006/11/16 18:15:52 | 000,025,600 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\Driver Cache\HPBOID.DLL
    [2004/10/16 04:31:06 | 000,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\Driver Cache\HPBOID.EXE
    [2005/06/20 13:33:44 | 000,057,344 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\Driver Cache\HPBOIDPS.DLL
    [2006/11/16 18:16:06 | 000,038,912 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\Driver Cache\HPBPRO.DLL
    [2005/05/20 09:37:12 | 000,081,920 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\Driver Cache\HPBPRO.EXE
    [2005/06/20 13:33:46 | 000,057,344 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\Driver Cache\HPBPROPS.DLL
    [2006/06/29 17:53:02 | 000,012,218 | ---- | M] () -- C:\WINDOWS\Driver Cache\hpc30056.GPD
    [2006/06/29 17:55:06 | 000,014,077 | ---- | M] () -- C:\WINDOWS\Driver Cache\hpc30x56.XML
    [2006/07/04 10:11:14 | 000,108,700 | ---- | M] () -- C:\WINDOWS\Driver Cache\hpc30xx6.GPD
    [2006/07/04 23:42:49 | 004,605,305 | ---- | M] () -- C:\WINDOWS\Driver Cache\hpc30xxc.cab
    [2005/12/22 12:21:46 | 000,000,164 | ---- | M] () -- C:\WINDOWS\Driver Cache\hpc30xxc.INI
    [2005/05/26 20:02:52 | 000,021,560 | ---- | M] () -- C:\WINDOWS\Driver Cache\HPC38006.GPD
    [2005/06/10 20:23:12 | 000,012,426 | ---- | M] () -- C:\WINDOWS\Driver Cache\HPC38006.XML
    [2005/06/14 05:51:30 | 004,138,348 | ---- | M] () -- C:\WINDOWS\Driver Cache\hpc3800c.cab
    [2004/11/22 18:57:46 | 000,000,164 | ---- | M] () -- C:\WINDOWS\Driver Cache\hpc3800c.INI
    [2005/06/08 16:58:38 | 000,099,067 | ---- | M] () -- C:\WINDOWS\Driver Cache\hpc380x6.GPD
    [2006/04/28 12:10:36 | 000,663,624 | ---- | M] (HP) -- C:\WINDOWS\Driver Cache\hpcdmc32.dll
    [2005/06/29 14:52:46 | 000,018,901 | ---- | M] () -- C:\WINDOWS\Driver Cache\HPCEAC05.HPI
    [2006/11/02 18:32:06 | 000,018,747 | ---- | M] () -- C:\WINDOWS\Driver Cache\hpceac06.hpi
    [2006/06/07 04:43:32 | 000,173,039 | ---- | M] () -- C:\WINDOWS\Driver Cache\hpcp3005.CFG
    [2006/06/07 04:43:32 | 000,031,067 | ---- | M] () -- C:\WINDOWS\Driver Cache\hpcp3005.cf_
    [2005/05/06 06:12:26 | 000,134,260 | ---- | M] () -- C:\WINDOWS\Driver Cache\hpcp3800.CFG
    [2005/05/06 06:12:26 | 000,025,086 | ---- | M] () -- C:\WINDOWS\Driver Cache\hpcp3800.cf_
    [2005/03/22 10:22:40 | 000,225,792 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\Driver Cache\HPFIE052.DLL
    [2005/06/20 13:33:48 | 000,163,840 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\Driver Cache\HPJCMN2U.DLL
    [2005/06/20 13:33:52 | 000,094,208 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\Driver Cache\HPJIPX1U.DLL
    [2004/10/16 04:31:22 | 000,061,440 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\Driver Cache\HPNRA.EXE
    [2005/06/20 13:51:30 | 000,213,063 | ---- | M] (HP) -- C:\WINDOWS\Driver Cache\HPPAPML0.DLL
    [2005/06/20 13:51:28 | 000,225,351 | ---- | M] (HP) -- C:\WINDOWS\Driver Cache\HPPAPTS0.DLL
    [2005/06/20 13:51:18 | 000,208,969 | ---- | M] (HP) -- C:\WINDOWS\Driver Cache\HPPASNM0.DLL
    [2007/02/13 17:47:54 | 000,977,920 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\Driver Cache\hpz3c4wm.dll
    [2005/06/07 00:10:20 | 000,011,649 | ---- | M] () -- C:\WINDOWS\Driver Cache\hpz6m052.GPD
    [2006/05/05 16:12:30 | 000,011,745 | ---- | M] () -- C:\WINDOWS\Driver Cache\hpz6m43e.GPD
    [2007/02/15 14:10:36 | 000,012,038 | ---- | M] () -- C:\WINDOWS\Driver Cache\hpz6m4wm.GPD
    [2005/06/10 22:55:42 | 001,189,376 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\Driver Cache\hpz6r052.DLL
    [2006/04/25 05:08:08 | 001,336,320 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\Driver Cache\hpz6r43e.DLL
    [2007/02/13 19:23:12 | 001,468,928 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\Driver Cache\hpz6r4wm.DLL
    [2005/06/10 22:55:16 | 000,548,352 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\Driver Cache\hpzev052.DLL
    [2006/04/25 05:07:30 | 000,408,576 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\Driver Cache\hpzev43e.DLL
    [2007/02/13 19:22:18 | 000,435,712 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\Driver Cache\hpzev4wm.DLL
    [2005/06/10 20:38:18 | 000,923,676 | ---- | M] () -- C:\WINDOWS\Driver Cache\HPZHL052.CAB
    [2006/04/25 01:28:48 | 001,134,874 | ---- | M] () -- C:\WINDOWS\Driver Cache\HPZHL43e.CAB
    [2007/02/14 08:36:44 | 002,337,433 | ---- | M] () -- C:\WINDOWS\Driver Cache\HPZHL4wm.CAB
    [2005/06/20 13:51:22 | 000,278,584 | ---- | M] (HP) -- C:\WINDOWS\Driver Cache\HPZIDR12.DLL
    [2006/05/11 17:15:42 | 000,043,520 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\Driver Cache\HPZINW12.DLL
    [2005/04/29 16:43:44 | 000,065,536 | ---- | M] (HP) -- C:\WINDOWS\Driver Cache\HPZINW12.EXE
    [2006/05/11 17:15:50 | 000,052,736 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\Driver Cache\HPZIPM12.DLL
    [2005/04/29 16:44:06 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\Driver Cache\HPZIPM12.EXE
    [2005/06/20 13:51:32 | 000,204,800 | ---- | M] (HP) -- C:\WINDOWS\Driver Cache\HPZIPR12.DLL
    [2005/06/20 13:51:34 | 000,094,208 | ---- | M] (HP) -- C:\WINDOWS\Driver Cache\HPZIPT12.DLL
    [2005/06/20 13:51:26 | 000,057,344 | ---- | M] (HP) -- C:\WINDOWS\Driver Cache\HPZISN12.DLL
    [2005/06/10 22:55:22 | 001,234,432 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\Driver Cache\hpzls052.DLL
    [2006/04/25 05:07:52 | 001,390,592 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\Driver Cache\hpzls43e.DLL
    [2007/02/13 19:22:38 | 001,588,224 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\Driver Cache\hpzls4wm.DLL
    [2007/02/13 19:22:20 | 000,179,200 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\Driver Cache\hpzpe4wm.DLL
    [2007/02/13 19:23:18 | 000,117,248 | ---- | M] () -- C:\WINDOWS\Driver Cache\hpzpi4wm.DLL
    [2007/02/13 19:23:26 | 000,103,424 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\Driver Cache\hpzpnp.dll
    [2005/06/10 22:55:08 | 000,067,072 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\Driver Cache\hpzpp052.DLL
    [2006/04/25 05:07:24 | 000,069,120 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\Driver Cache\hpzpp43e.DLL
    [2007/02/13 19:22:00 | 000,286,208 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\Driver Cache\hpzpp4wm.DLL
    [2005/03/22 10:19:28 | 000,004,701 | ---- | M] () -- C:\WINDOWS\Driver Cache\hpzsc052.DTD
    [2005/05/30 21:17:18 | 000,004,694 | ---- | M] () -- C:\WINDOWS\Driver Cache\hpzsc43e.DTD
    [2006/07/04 22:36:14 | 000,008,294 | ---- | M] () -- C:\WINDOWS\Driver Cache\hpzsc4wm.DTD
    [2005/06/10 20:38:18 | 000,088,093 | ---- | M] () -- C:\WINDOWS\Driver Cache\hpzsm052.GPD
    [2006/06/08 15:07:02 | 000,095,047 | ---- | M] () -- C:\WINDOWS\Driver Cache\hpzsm43e.GPD
    [2007/02/14 08:30:54 | 000,144,720 | ---- | M] () -- C:\WINDOWS\Driver Cache\hpzsm4wm.GPD
    [2005/06/10 21:54:54 | 000,562,688 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\Driver Cache\hpzss052.DLL
    [2006/04/25 02:39:54 | 000,562,688 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\Driver Cache\hpzss43e.DLL
    [2007/02/13 18:53:18 | 000,670,208 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\Driver Cache\hpzss4wm.DLL
    [2005/06/10 20:41:28 | 003,088,384 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\Driver Cache\hpzst052.DLL
    [2006/04/25 01:31:38 | 003,950,592 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\Driver Cache\hpzst43e.DLL
    [2007/02/13 17:42:42 | 005,580,288 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\Driver Cache\hpzst4wm.DLL
    [2005/06/10 22:55:14 | 002,033,664 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\Driver Cache\hpzui052.DLL
    [2006/04/25 05:07:40 | 002,461,696 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\Driver Cache\hpzui43e.DLL
    [2007/02/13 19:22:14 | 003,269,120 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\Driver Cache\hpzui4wm.DLL
    [2007/02/13 17:47:12 | 003,459,072 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\Driver Cache\hpzur4wm.dll
    [2007/04/09 12:24:04 | 000,758,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Driver Cache\mdigraph.dll
    [2007/04/09 12:23:58 | 000,046,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Driver Cache\mdiui.dll
    [2006/07/04 23:43:14 | 000,302,967 | ---- | M] () -- C:\WINDOWS\Driver Cache\p6i2arww.cab
    [2006/07/04 23:43:15 | 000,302,845 | ---- | M] () -- C:\WINDOWS\Driver Cache\p6i2caww.cab
    [2006/07/04 23:43:16 | 000,303,849 | ---- | M] () -- C:\WINDOWS\Driver Cache\p6i2csww.cab
    [2006/07/04 23:43:18 | 000,302,695 | ---- | M] () -- C:\WINDOWS\Driver Cache\p6i2daww.cab
    [2006/07/04 23:43:19 | 000,303,569 | ---- | M] () -- C:\WINDOWS\Driver Cache\p6i2deww.cab
    [2006/07/04 23:43:22 | 000,303,541 | ---- | M] () -- C:\WINDOWS\Driver Cache\p6i2elww.cab
    [2006/07/04 23:43:20 | 000,303,435 | ---- | M] () -- C:\WINDOWS\Driver Cache\p6i2enww.cab
    [2006/07/04 23:43:20 | 000,302,845 | ---- | M] () -- C:\WINDOWS\Driver Cache\p6i2esww.cab
    [2006/07/04 23:43:31 | 000,302,867 | ---- | M] () -- C:\WINDOWS\Driver Cache\p6i2fiww.cab
    [2006/07/04 23:43:21 | 000,304,585 | ---- | M] () -- C:\WINDOWS\Driver Cache\p6i2frww.cab
    [2006/07/04 23:43:23 | 000,302,621 | ---- | M] () -- C:\WINDOWS\Driver Cache\p6i2heww.cab
    [2006/07/04 23:43:26 | 000,303,953 | ---- | M] () -- C:\WINDOWS\Driver Cache\p6i2huww.cab
    [2006/07/04 23:43:23 | 000,304,303 | ---- | M] () -- C:\WINDOWS\Driver Cache\p6i2itww.cab
    [2006/07/04 23:43:24 | 000,302,781 | ---- | M] () -- C:\WINDOWS\Driver Cache\p6i2jaww.cab
    [2006/07/04 23:43:25 | 000,301,793 | ---- | M] () -- C:\WINDOWS\Driver Cache\p6i2koww.cab
    [2006/07/04 23:43:27 | 000,303,635 | ---- | M] () -- C:\WINDOWS\Driver Cache\p6i2nlww.cab
    [2006/07/04 23:43:27 | 000,302,909 | ---- | M] () -- C:\WINDOWS\Driver Cache\p6i2noww.cab
    [2006/07/04 23:43:28 | 000,304,057 | ---- | M] () -- C:\WINDOWS\Driver Cache\p6i2plww.cab
    [2006/07/04 23:43:29 | 000,304,097 | ---- | M] () -- C:\WINDOWS\Driver Cache\p6i2ptww.cab
    [2006/07/04 23:43:30 | 000,303,187 | ---- | M] () -- C:\WINDOWS\Driver Cache\p6i2ruww.cab
    [2006/07/04 23:43:30 | 000,303,435 | ---- | M] () -- C:\WINDOWS\Driver Cache\p6i2skww.cab
    [2006/07/04 23:43:32 | 000,302,733 | ---- | M] () -- C:\WINDOWS\Driver Cache\p6i2svww.cab
    [2006/07/04 23:43:33 | 000,303,435 | ---- | M] () -- C:\WINDOWS\Driver Cache\p6i2thww.cab
    [2006/07/04 23:43:33 | 000,303,549 | ---- | M] () -- C:\WINDOWS\Driver Cache\p6i2trww.cab
    [2006/07/04 23:43:16 | 000,302,159 | ---- | M] () -- C:\WINDOWS\Driver Cache\p6i2zhcn.cab
    [2006/07/04 23:43:17 | 000,300,553 | ---- | M] () -- C:\WINDOWS\Driver Cache\p6i2zhtw.cab
    [2004/07/10 02:56:00 | 000,169,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Driver Cache\pclxl.DLL
    [2002/05/23 09:21:46 | 000,010,375 | ---- | M] () -- C:\WINDOWS\Driver Cache\pclxl.GPD
    [2002/05/23 09:21:50 | 000,001,156 | ---- | M] () -- C:\WINDOWS\Driver Cache\pjl.GPD
    [2002/07/22 12:05:04 | 000,129,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Driver Cache\PS5UI.DLL
    [2002/07/22 12:05:04 | 000,026,038 | ---- | M] () -- C:\WINDOWS\Driver Cache\PSCRIPT.HLP
    [2003/05/03 10:37:36 | 000,790,300 | ---- | M] () -- C:\WINDOWS\Driver Cache\PSCRIPT.NTF
    [2002/07/22 12:05:04 | 000,455,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Driver Cache\PSCRIPT5.DLL
    [2002/05/23 09:22:06 | 000,014,362 | ---- | M] () -- C:\WINDOWS\Driver Cache\STDNAMES.GPD
    [2004/08/04 11:26:48 | 000,264,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Driver Cache\UNIDRV.DLL
    [2003/03/28 03:07:08 | 000,021,225 | ---- | M] () -- C:\WINDOWS\Driver Cache\UNIDRV.HLP
    [2004/08/04 11:26:48 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Driver Cache\UNIDRVUI.DLL
    [2004/08/04 11:26:36 | 000,619,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Driver Cache\UNIRES.DLL

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2007/05/09 10:14:13 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\ivan\Favorites\Desktop.ini
    [1996/10/11 14:56:50 | 000,000,257 | ---- | M] () -- C:\Documents and Settings\ivan\Favorites\My Documents.lnk

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2008/08/12 11:54:24 | 000,002,412 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >
    [2009/04/20 18:58:37 | 000,000,067 | -HS- | M] () -- C:\Documents and Settings\ivan\Cookies\desktop.ini
    [2012/04/05 10:49:59 | 000,147,456 | -HS- | M] () -- C:\Documents and Settings\ivan\Cookies\index.dat

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >
    [2008/04/14 05:42:40 | 000,208,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >
    [2008/04/14 05:41:52 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
    [2004/08/04 20:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
    [2004/08/04 22:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
    [2008/05/03 02:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
    [2008/04/13 23:00:30 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
    [2008/04/14 05:42:30 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
    [2004/08/04 22:06:36 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
    [2004/08/04 22:06:36 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
    [2004/08/04 20:06:36 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
    [2004/08/04 22:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
    [2004/08/04 22:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

    < >

    < End of report >


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.