Solved Please help remove a virus

A

arvnranger

Posts: 28   +0
I've downloaded and printed out the 5-step guide. I've downloaded the trial version of Malwarebytes but this has crashed out of the quick scan after about 1 hr 10 mins. I've downloaded GMER per the instructions but when I attempt to run the <randomname>.exe file my machine reboots. Kinda stuck here :-(
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

==================================================================

What about DDS?
 
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by ivan at 16:51:16 on 2012-04-03
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1553 [GMT 12:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\system32\FsUsbExService.Exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\ctfmon.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.nz/
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\win32me.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [AutoStartNPSAgent] c:\program files\samsung\samsung new pc studio\NPSAgent.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [Smapp] c:\program files\analog devices\soundmax\SMTray.exe
mRun: [SetRefresh] c:\program files\compaq\setrefresh\SetRefresh.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {33415AC7-AFFA-4D55-B41C-C64C0D07DFCA} - hxxp://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISWebManager.CAB
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1190169885609
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1190169815312
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: Interfaces\{1B69E7A3-4BFA-42B1-923A-5B2BFB7E218E} : NameServer = 10.0.2.93,210.48.66.2,210.48.65.2
TCP: Interfaces\{CCFBDEE0-6D1B-45C8-AA11-085E4BC40A5D} : NameServer = 210.55.24.8
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-23 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-13 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-12 116608]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2011-2-28 239528]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-10-7 652360]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2011-2-28 36608]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-10-7 20464]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2009-10-20 27632]
S2 avfilter;Pcx1unic;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 axinstsv;Streamloadservice;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 ccevtmgr;QPCapSvc;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S3 genmcmnUSB;USB Scroll Mouse Driver;c:\windows\system32\drivers\gflmouhid.sys [2004-4-19 6656]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2010-7-15 13224]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-4-3 40776]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [2009-10-20 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [2009-10-20 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [2009-10-20 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [2009-10-20 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [2009-10-20 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [2009-10-20 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [2009-10-20 109864]
.
=============== Created Last 30 ================
.
2012-04-03 02:19:22 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-04-02 09:23:03 99328 ----a-w- c:\windows\system32\BO0iKkW.com
2012-04-02 00:23:02 99328 ----a-w- c:\windows\system32\BO0iKkW.com_
2012-03-28 20:59:11 -------- d-----w- c:\documents and settings\ivan\application data\SUPERAntiSpyware.com
2012-03-28 20:58:46 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-03-28 20:58:46 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2012-03-28 05:00:53 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
.
==================== Find3M ====================
.
2012-02-21 00:00:52 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-11 19:06:47 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-09 16:20:25 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
============= FINISH: 16:52:17.78 ===============
 
Sorry - misread the instructions. I'm meant to zip the attach.txt file?
 

Attachments

  • attach.zip
    5.3 KB · Views: 0
Managed to run the Malwarebytes quick scan with the machine disconnected from the internet (posting from a different machine):

Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.04.03.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
ivan :: IVAN2_PC [administrator]

Protection: Disabled

3/04/2012 5:54:28 p.m.
mbam-log-2012-04-03 (17-54-28).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 289746
Time elapsed: 20 minute(s), 6 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 
My apologies - I was following the preamble to the attach file. Separated by a common language, eh? ;-)
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 11/01/2006 7:51:58 a.m.
System Uptime: 3/04/2012 5:48:16 p.m. (-1 hours ago)
.
Motherboard: Hewlett-Packard | | 0968h
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | XU1 PROCESSOR | 2992/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 37 GiB total, 11.052 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Description: PS/2 Compatible Mouse
Device ID: ACPI\PNP0F13\4&1117367&0
Manufacturer: Microsoft
Name: PS/2 Compatible Mouse
PNP Device ID: ACPI\PNP0F13\4&1117367&0
Service: i8042prt
.
Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Device ID: ACPI\PNP0303\4&1117367&0
Manufacturer: (Standard keyboards)
Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&1117367&0
Service: i8042prt
.
==== System Restore Points ===================
.
RP853: 16/01/2012 1:27:10 p.m. - System Checkpoint
RP854: 17/01/2012 3:00:26 a.m. - Software Distribution Service 3.0
RP855: 18/01/2012 8:18:10 a.m. - Software Distribution Service 3.0
RP856: 19/01/2012 12:23:06 p.m. - System Checkpoint
RP857: 23/01/2012 9:46:53 a.m. - Installed AVG 2012
RP858: 23/01/2012 9:47:05 a.m. - Removed AVG 2011
RP859: 23/01/2012 9:47:36 a.m. - Installed AVG 2012
RP860: 23/01/2012 9:51:21 a.m. - Removed AVG 2011
RP861: 24/01/2012 10:48:07 a.m. - System Checkpoint
RP862: 25/01/2012 12:21:33 p.m. - System Checkpoint
RP863: 26/01/2012 2:32:21 p.m. - System Checkpoint
RP864: 1/02/2012 12:38:53 p.m. - System Checkpoint
RP865: 2/02/2012 4:04:04 p.m. - System Checkpoint
RP866: 7/02/2012 2:56:52 p.m. - System Checkpoint
RP867: 9/02/2012 10:40:52 a.m. - System Checkpoint
RP868: 9/02/2012 12:02:18 p.m. - Removed Samsung New PC Studio
RP869: 9/02/2012 12:17:03 p.m. - Installed Samsung New PC Studio
RP870: 13/02/2012 7:26:20 p.m. - System Checkpoint
RP871: 14/02/2012 7:55:56 p.m. - System Checkpoint
RP872: 16/02/2012 12:15:37 p.m. - System Checkpoint
RP873: 20/02/2012 9:04:13 a.m. - System Checkpoint
RP874: 21/02/2012 8:38:32 a.m. - Software Distribution Service 3.0
RP875: 23/02/2012 12:40:14 p.m. - System Checkpoint
RP876: 27/02/2012 12:21:39 p.m. - System Checkpoint
RP877: 28/02/2012 2:58:08 p.m. - System Checkpoint
RP878: 1/03/2012 10:23:28 a.m. - System Checkpoint
RP879: 5/03/2012 12:23:53 p.m. - System Checkpoint
RP880: 6/03/2012 12:56:29 p.m. - System Checkpoint
RP881: 7/03/2012 1:00:39 p.m. - System Checkpoint
RP882: 8/03/2012 8:44:25 a.m. - Software Distribution Service 3.0
RP883: 12/03/2012 9:49:44 a.m. - System Checkpoint
RP884: 13/03/2012 10:58:27 a.m. - System Checkpoint
RP885: 14/03/2012 12:17:58 p.m. - System Checkpoint
RP886: 15/03/2012 8:35:16 a.m. - Software Distribution Service 3.0
RP887: 20/03/2012 12:40:10 p.m. - System Checkpoint
RP888: 21/03/2012 5:30:20 p.m. - System Checkpoint
RP889: 26/03/2012 4:56:26 p.m. - System Checkpoint
RP890: 27/03/2012 6:59:55 p.m. - System Checkpoint
RP891: 29/03/2012 12:49:29 p.m. - System Checkpoint
RP892: 2/04/2012 12:47:27 p.m. - Removed AVG 2012
RP893: 2/04/2012 12:50:03 p.m. - Removed AVG 2012
RP894: 3/04/2012 4:57:09 p.m. - System Checkpoint
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.2)
ArcSoft PhotoStudio 5.5
Broadcom Management Programs
Canon CanoScan Toolbox 5.0
CanoScan LiDE 70
CCleaner
Compatibility Pack for the 2007 Office system
CutePDF Writer 2.5
DeskBank
DivX Setup
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Color LaserJet 3800
HP Help and Support
HP LaserJet P3005
HP LaserJet P3005 Install Notes
HP LaserJet P3005 User Guide
Intel(R) Graphics Media Accelerator Driver
Japanese Fonts Support For Adobe Reader 8
Java 2 Runtime Environment, SE v1.4.2_03
Java Auto Updater
Java(TM) 6 Update 20
Malwarebytes Anti-Malware version 1.60.1.1000
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office File Validation Add-In
Microsoft Office Professional Edition 2003
Microsoft Reader
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mp3tag v2.48
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MusicBrainz Picard
MYOB ODBC Direct v8 NZ
MYOB Premier v12
Nero 7 Ultra Edition
neroxml
OGA Notifier 2.0.0048.0
Ogg Codecs 0.81.15562
PDF OCR 3.0
Presto! PageManager 7.15.13
Samsung New PC Studio
SAMSUNG USB Driver for Mobile Phones
ScanSoft OmniPage SE 4.0
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Software Setup
SoundMAX
SUPERAntiSpyware
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.4053
WebFldrs XP
Winamp
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows XP Service Pack 3
WinRAR archiver
WinZip 15.0
.
==== Event Viewer Messages From Past Week ========
.
30/03/2012 11:42:01 a.m., error: Service Control Manager [7023] - The X10UIF service terminated with the following error: The specified module could not be found.
30/03/2012 11:42:01 a.m., error: Service Control Manager [7023] - The W550mdfl service terminated with the following error: The specified module could not be found.
30/03/2012 11:42:01 a.m., error: Service Control Manager [7023] - The VNUSB service terminated with the following error: The specified module could not be found.
30/03/2012 11:42:01 a.m., error: Service Control Manager [7023] - The Streamloadservice service terminated with the following error: The specified module could not be found.
30/03/2012 11:42:01 a.m., error: Service Control Manager [7023] - The Savrtpel service terminated with the following error: The specified module could not be found.
30/03/2012 11:42:01 a.m., error: Service Control Manager [7023] - The Portio service terminated with the following error: The specified module could not be found.
30/03/2012 11:42:01 a.m., error: Service Control Manager [7023] - The Oracleorahome90agent service terminated with the following error: The specified module could not be found.
30/03/2012 11:42:01 a.m., error: Service Control Manager [7023] - The Mpfirewl service terminated with the following error: The specified module could not be found.
30/03/2012 11:42:01 a.m., error: Service Control Manager [7023] - The LPCFilter service terminated with the following error: The specified module could not be found.
30/03/2012 11:42:01 a.m., error: Service Control Manager [7023] - The Issimon service terminated with the following error: The specified module could not be found.
30/03/2012 11:42:01 a.m., error: Service Control Manager [7023] - The Iomegaaccess service terminated with the following error: The specified module could not be found.
30/03/2012 11:42:01 a.m., error: Service Control Manager [7023] - The Intcazaudaddservice service terminated with the following error: The specified module could not be found.
30/03/2012 11:42:01 a.m., error: Service Control Manager [7023] - The Ha20x2k service terminated with the following error: The specified module could not be found.
30/03/2012 11:42:01 a.m., error: Service Control Manager [7023] - The Fontcache3.0.0.0 service terminated with the following error: The specified module could not be found.
3/04/2012 5:13:39 p.m., error: System Error [1003] - Error code 00000019, parameter1 00000020, parameter2 89da56d0, parameter3 89da5ef8, parameter4 1b05000e.
3/04/2012 4:35:23 p.m., error: System Error [1003] - Error code 00000019, parameter1 00000020, parameter2 89e9d000, parameter3 89e9d828, parameter4 1b050000.
3/04/2012 4:33:26 p.m., error: System Error [1003] - Error code 00000019, parameter1 00000020, parameter2 885fa000, parameter3 885fa828, parameter4 1b050000.
3/04/2012 4:32:38 p.m., error: NETLOGON [5719] - No Domain Controller is available for domain PCRENTALSAUCKLA due to the following: There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
3/04/2012 10:24:58 a.m., error: Service Control Manager [7023] - The Yediex service terminated with the following error: The specified module could not be found.
3/04/2012 10:24:58 a.m., error: Service Control Manager [7023] - The WmXlCore service terminated with the following error: The specified module could not be found.
3/04/2012 10:24:58 a.m., error: Service Control Manager [7023] - The Vrfwsvc service terminated with the following error: The specified module could not be found.
3/04/2012 10:24:58 a.m., error: Service Control Manager [7023] - The SWUMX51 service terminated with the following error: The specified module could not be found.
3/04/2012 10:24:58 a.m., error: Service Control Manager [7023] - The STV680m service terminated with the following error: The specified module could not be found.
3/04/2012 10:24:58 a.m., error: Service Control Manager [7023] - The SE2Cbus service terminated with the following error: The specified module could not be found.
3/04/2012 10:24:58 a.m., error: Service Control Manager [7023] - The Pcx1unic service terminated with the following error: The specified module could not be found.
3/04/2012 10:24:58 a.m., error: Service Control Manager [7023] - The Ntsvcmgr service terminated with the following error: The specified module could not be found.
3/04/2012 10:24:58 a.m., error: Service Control Manager [7023] - The Nnsvc service terminated with the following error: The specified module could not be found.
3/04/2012 10:24:58 a.m., error: Service Control Manager [7023] - The Ltmodem5 service terminated with the following error: The specified module could not be found.
3/04/2012 10:24:58 a.m., error: Service Control Manager [7023] - The LRMINIPORT service terminated with the following error: The specified module could not be found.
3/04/2012 10:24:58 a.m., error: Service Control Manager [7023] - The Ireike service terminated with the following error: The specified module could not be found.
3/04/2012 10:24:58 a.m., error: Service Control Manager [7023] - The Ipssvc service terminated with the following error: The specified module could not be found.
3/04/2012 10:24:58 a.m., error: Service Control Manager [7023] - The Iksysflt service terminated with the following error: The specified module could not be found.
3/04/2012 10:24:58 a.m., error: Service Control Manager [7023] - The Idsvc service terminated with the following error: The specified module could not be found.
3/04/2012 10:24:58 a.m., error: Service Control Manager [7023] - The Camdrl service terminated with the following error: The specified module could not be found.
3/04/2012 10:24:58 a.m., error: Service Control Manager [7023] - The Bgs_sdservice service terminated with the following error: The specified module could not be found.
3/04/2012 10:24:58 a.m., error: Service Control Manager [7023] - The BCMModem service terminated with the following error: The specified module could not be found.
3/04/2012 10:24:58 a.m., error: Service Control Manager [7023] - The Avfilter service terminated with the following error: The specified module could not be found.
3/04/2012 10:24:58 a.m., error: Service Control Manager [7023] - The Alim1541 service terminated with the following error: The specified module could not be found.
3/04/2012 10:24:58 a.m., error: Service Control Manager [7023] - The {95808DC4-FA4A-4c74-92FE-5B863F82066B} service terminated with the following error: The specified module could not be found.
29/03/2012 9:36:33 a.m., error: Service Control Manager [7023] - The Sbcssvc service terminated with the following error: Access is denied.
29/03/2012 9:35:33 a.m., error: Service Control Manager [7023] - The Naiavfilter1 service terminated with the following error: Access is denied.
29/03/2012 9:22:02 a.m., error: Service Control Manager [7023] - The QPCapSvc service terminated with the following error: Access is denied.
29/03/2012 9:21:02 a.m., error: Service Control Manager [7023] - The Tosporte service terminated with the following error: Access is denied.
29/03/2012 9:07:28 a.m., error: Service Control Manager [7023] - The Wsearch service terminated with the following error: Access is denied.
29/03/2012 8:52:27 a.m., error: Service Control Manager [7023] - The Dbmanagerscheduler service terminated with the following error: Access is denied.
29/03/2012 8:37:40 a.m., error: Service Control Manager [7023] - The KMW_USB service terminated with the following error: Access is denied.
29/03/2012 5:05:51 p.m., error: Service Control Manager [7023] - The Pcx1unic service terminated with the following error: Access is denied.
29/03/2012 4:50:51 p.m., error: Service Control Manager [7023] - The Alim1541 service terminated with the following error: Access is denied.
29/03/2012 4:35:51 p.m., error: Service Control Manager [7023] - The Nnsvc service terminated with the following error: Access is denied.
29/03/2012 4:23:00 p.m., error: Schedule [7901] - The At34.job command failed to start due to the following error: %%2147942402
29/03/2012 4:20:51 p.m., error: Service Control Manager [7023] - The Idsvc service terminated with the following error: Access is denied.
29/03/2012 4:05:51 p.m., error: Service Control Manager [7023] - The Ltmodem5 service terminated with the following error: Access is denied.
29/03/2012 3:50:50 p.m., error: Service Control Manager [7023] - The WmXlCore service terminated with the following error: Access is denied.
29/03/2012 3:35:50 p.m., error: Service Control Manager [7023] - The LRMINIPORT service terminated with the following error: Access is denied.
29/03/2012 3:23:00 p.m., error: Schedule [7901] - The At32.job command failed to start due to the following error: %%2147942402
29/03/2012 3:20:50 p.m., error: Service Control Manager [7023] - The Camdrl service terminated with the following error: Access is denied.
29/03/2012 3:05:50 p.m., error: Service Control Manager [7023] - The Avfilter service terminated with the following error: Access is denied.
29/03/2012 2:50:49 p.m., error: Service Control Manager [7023] - The Ntsvcmgr service terminated with the following error: Access is denied.
29/03/2012 2:35:51 p.m., error: Service Control Manager [7023] - The Vrfwsvc service terminated with the following error: Access is denied.
29/03/2012 2:23:00 p.m., error: Schedule [7901] - The At30.job command failed to start due to the following error: %%2147942402
29/03/2012 2:20:51 p.m., error: Service Control Manager [7023] - The SE2Cbus service terminated with the following error: Access is denied.
29/03/2012 2:05:48 p.m., error: Service Control Manager [7023] - The Ireike service terminated with the following error: Access is denied.
29/03/2012 12:50:47 p.m., error: Service Control Manager [7023] - The Bgs_sdservice service terminated with the following error: Access is denied.
29/03/2012 12:35:47 p.m., error: Service Control Manager [7023] - The Ipssvc service terminated with the following error: Access is denied.
29/03/2012 12:23:00 p.m., error: Schedule [7901] - The At25.job command failed to start due to the following error: %%2147942402
29/03/2012 12:20:47 p.m., error: Service Control Manager [7023] - The SWUMX51 service terminated with the following error: Access is denied.
29/03/2012 12:05:47 p.m., error: Service Control Manager [7023] - The Yediex service terminated with the following error: Access is denied.
29/03/2012 11:50:47 a.m., error: Service Control Manager [7023] - The Iomegaaccess service terminated with the following error: Access is denied.
29/03/2012 11:44:48 a.m., error: Service Control Manager [7023] - The Ha20x2k service terminated with the following error: Access is denied.
29/03/2012 11:35:50 a.m., error: Service Control Manager [7023] - The VNUSB service terminated with the following error: Access is denied.
29/03/2012 11:25:33 a.m., error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
29/03/2012 11:20:48 a.m., error: Service Control Manager [7023] - The Issimon service terminated with the following error: Access is denied.
29/03/2012 11:05:44 a.m., error: Service Control Manager [7023] - The Streamloadservice service terminated with the following error: Access is denied.
29/03/2012 11:04:49 a.m., error: Service Control Manager [7023] - The Portio service terminated with the following error: Access is denied.
29/03/2012 10:50:47 a.m., error: Service Control Manager [7023] - The Intcazaudaddservice service terminated with the following error: Access is denied.
29/03/2012 10:35:43 a.m., error: Service Control Manager [7023] - The Mpfirewl service terminated with the following error: Access is denied.
29/03/2012 10:20:41 a.m., error: Service Control Manager [7023] - The Savrtpel service terminated with the following error: Access is denied.
29/03/2012 10:19:40 a.m., error: Service Control Manager [7023] - The X10UIF service terminated with the following error: Access is denied.
29/03/2012 10:13:14 a.m., error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt
29/03/2012 10:13:14 a.m., error: Service Control Manager [7023] - The Wsearch service terminated with the following error: The specified module could not be found.
29/03/2012 10:13:14 a.m., error: Service Control Manager [7023] - The W550mdfl service terminated with the following error: Access is denied.
29/03/2012 10:13:14 a.m., error: Service Control Manager [7023] - The Vmparport service terminated with the following error: The specified module could not be found.
29/03/2012 10:13:14 a.m., error: Service Control Manager [7023] - The Uphclean service terminated with the following error: The specified module could not be found.
29/03/2012 10:13:14 a.m., error: Service Control Manager [7023] - The Tosporte service terminated with the following error: The specified module could not be found.
29/03/2012 10:13:14 a.m., error: Service Control Manager [7023] - The Sbcssvc service terminated with the following error: The specified module could not be found.
29/03/2012 10:13:14 a.m., error: Service Control Manager [7023] - The QPCapSvc service terminated with the following error: The specified module could not be found.
29/03/2012 10:13:14 a.m., error: Service Control Manager [7023] - The Oracleorahome90agent service terminated with the following error: Access is denied.
29/03/2012 10:13:14 a.m., error: Service Control Manager [7023] - The Naiavfilter1 service terminated with the following error: The specified module could not be found.
29/03/2012 10:13:14 a.m., error: Service Control Manager [7023] - The LPCFilter service terminated with the following error: Access is denied.
29/03/2012 10:13:14 a.m., error: Service Control Manager [7023] - The KMW_USB service terminated with the following error: The specified module could not be found.
29/03/2012 10:13:14 a.m., error: Service Control Manager [7023] - The Help and Support service terminated with the following error: The specified module could not be found.
29/03/2012 10:13:14 a.m., error: Service Control Manager [7023] - The Fontcache3.0.0.0 service terminated with the following error: Access is denied.
29/03/2012 10:13:14 a.m., error: Service Control Manager [7023] - The Dbmanagerscheduler service terminated with the following error: The specified module could not be found.
29/03/2012 1:50:49 p.m., error: Service Control Manager [7023] - The STV680m service terminated with the following error: Access is denied.
29/03/2012 1:35:48 p.m., error: Service Control Manager [7023] - The BCMModem service terminated with the following error: Access is denied.
29/03/2012 1:23:00 p.m., error: Schedule [7901] - The At27.job command failed to start due to the following error: %%2147942402
29/03/2012 1:20:48 p.m., error: Service Control Manager [7023] - The {95808DC4-FA4A-4c74-92FE-5B863F82066B} service terminated with the following error: Access is denied.
29/03/2012 1:05:47 p.m., error: Service Control Manager [7023] - The Iksysflt service terminated with the following error: Access is denied.
28/03/2012 8:53:26 a.m., error: NETLOGON [5719] - No Domain Controller is available for domain PCRENTALSAUCKLA due to the following: The RPC server is unavailable. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
28/03/2012 6:23:54 p.m., error: Service Control Manager [7023] - The Uphclean service terminated with the following error: Access is denied.
28/03/2012 6:00:55 p.m., error: Service Control Manager [7023] - The Vmparport service terminated with the following error: Access is denied.
27/03/2012 10:01:07 a.m., error: Print [6161] - The document Seagate Crystal Reports ActiveX owned by ivan failed to print on printer HP LJ P3005n. Data type: NT EMF 1.008. Size of the spool file in bytes: 393216. Number of bytes printed: 0. Total number of pages in the document: 3. Number of pages printed: 0. Client machine: \\IVAN2_PC. Win32 error code returned by the print processor: 259 (0x103).
2/04/2012 12:23:00 p.m., error: Schedule [7901] - The At24.job command failed to start due to the following error: %%2147942402
2/04/2012 11:23:00 a.m., error: Schedule [7901] - The At22.job command failed to start due to the following error: %%2147942402
2/04/2012 10:27:10 a.m., error: Schedule [7901] - The At20.job command failed to start due to the following error: %%2147942402
2/04/2012 10:23:00 p.m., error: Schedule [7901] - The At43.job command failed to start due to the following error: %%2147942402
.
==== End Of File ===========================
 
Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

============================================================

Download Bootkit Remover to your desktop.

  • Unzip downloaded file to your Desktop.
  • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
  • It will show a Black screen with some data on it.
  • Right click on the screen and click Select All.
  • Press CTRL+C
  • Open a Notepad and press CTRL+V
  • Post the output back here.
 
aswMBR didn't seem to indicate the scanning process was finished but after 10 mins of doing nothing I clicked "Save Log"then "Finish". MBR.dat is saved on the desktop and backed up on a USB drive.

===========================================

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-03-29 14:34:01
-----------------------------
14:34:01.602 OS Version: Windows 5.1.2600 Service Pack 3
14:34:01.602 Number of processors: 2 586 0x401
14:34:01.602 ComputerName: IVAN2_PC UserName: ivan
14:34:02.086 Initialize success
14:34:19.992 AVAST engine defs: 12032802
14:34:33.274 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e
14:34:33.274 Disk 0 Vendor: SAMSUNG_SP0411C UU100-05 Size: 38166MB BusType: 3
14:34:33.321 Disk 0 MBR read successfully
14:34:33.321 Disk 0 MBR scan
14:34:33.368 Disk 0 Windows XP default MBR code
14:34:33.368 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 38162 MB offset 63
14:34:33.399 Disk 0 scanning sectors +78156225
14:34:33.555 Disk 0 scanning C:\WINDOWS\system32\drivers
14:34:53.055 Service scanning
14:35:32.400 Modules scanning
14:36:08.009 Disk 0 trace - called modules:
14:36:08.025 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x89e9dfd0]<<
14:36:08.025 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a546ab8]
14:36:08.025 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> [0x89f8c6e0]
14:36:08.041 \Driver\00001396[0x8a47f5c8] -> IRP_MJ_CREATE -> 0x89e9dfd0
14:36:08.494 AVAST engine scan C:\WINDOWS
14:36:22.635 AVAST engine scan C:\WINDOWS\system32
14:39:26.793 AVAST engine scan C:\WINDOWS\system32\drivers
14:39:54.794 AVAST engine scan C:\Documents and Settings\ivan
14:45:43.064 AVAST engine scan C:\Documents and Settings\All Users
14:47:11.580 Scan finished successfully
14:48:24.144 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\ivan\Desktop\MBR.dat"
14:48:24.159 The log file has been saved successfully to "C:\Documents and Settings\ivan\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-04 11:16:08
-----------------------------
11:16:08.354 OS Version: Windows 5.1.2600 Service Pack 3
11:16:08.354 Number of processors: 2 586 0x401
11:16:08.354 ComputerName: IVAN2_PC UserName: ivan
11:16:11.369 Initialize success
11:16:30.808 AVAST engine defs: 12040302
11:16:35.152 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e
11:16:35.152 Disk 0 Vendor: SAMSUNG_SP0411C UU100-05 Size: 38166MB BusType: 3
11:16:35.199 Disk 0 MBR read successfully
11:16:35.199 Disk 0 MBR scan
11:16:35.339 Disk 0 Windows XP default MBR code
11:16:35.355 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 38162 MB offset 63
11:16:35.370 Disk 0 scanning sectors +78156225
11:16:35.542 Disk 0 scanning C:\WINDOWS\system32\drivers
11:17:26.902 Service scanning
11:18:57.339 Modules scanning
11:19:42.230 Disk 0 trace - called modules:
11:19:42.277 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
11:19:42.277 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a587ab8]
11:19:42.277 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\00000065[0x8a5619e8]
11:19:42.293 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-e[0x8a560940]
11:19:43.839 AVAST engine scan C:\WINDOWS
11:20:09.871 AVAST engine scan C:\WINDOWS\system32
11:20:29.355 File: C:\WINDOWS\system32\BO0iKkW.com **INFECTED** Win32:Crypt-MEQ [Trj]
11:20:29.496 File: C:\WINDOWS\system32\BO0iKkW.com_ **INFECTED** Win32:Crypt-MEQ [Trj]
11:28:15.902 AVAST engine scan C:\WINDOWS\system32\drivers
11:29:13.308 AVAST engine scan C:\Documents and Settings\ivan
11:39:38.027 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\ivan\Desktop\MBR.dat"
11:39:38.277 The log file has been saved successfully to "C:\Documents and Settings\ivan\Desktop\aswMBR.txt"

==============================================================

Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
Boot sector MD5 is: 6def5ffcbcdbdb4082f1015625e597bd

Size Device Name MBR Status
--------------------------------------------
37 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


Done;
Press any key to quit...
 
Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe
  • Double-click on the Rkill icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.
Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
I downloaded combofix, closed the anti-malware programs and browser windows, and ran it. It reported a Rootkit.Zeroaccess and advised that if problems persisted to run combofix again. I left it to run through its various processes until it rebooted the machine but I couldn't find c:\combofix.txt. I repeated the original process, Rootkit found again, still couldn't find the combofix.txt file. I ran combofix in safe mode (with networking) - rootkit still there, couldn't find combofix.txt. I went to your option 2 - downloaded rkill.com (the first in your list), deleted combofix then downloaded a fresh combofix saved to the desktop as your_name.exe. Ran rkill (which left a dos window open) then ran ran your_name (having closed anti-malware et al). Still can't find your_name.txt or combofix.txt.

==========================
This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 04/04/2012 at 14:02:41.
Operating System: Microsoft Windows XP


Processes terminated by Rkill or while it was running:

======================================

Shall I start over?
 
Ran rkill and combofix in safe mode. Success? The Rkill log looks identical to that above (the file attributes suggest it wasn't overwritten).

===============================================
ComboFix 12-04-03.02 - ivan 04/04/2012 14:55:57.6.2 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1784 [GMT 12:00]
Running from: c:\documents and settings\ivan\Desktop\your_name.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-- Previous Run --
.
Infected copy of c:\windows\system32\drivers\ntfs.sys was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\ntfs.sys
.
--------
.
.
((((((((((((((((((((((((( Files Created from 2012-03-04 to 2012-04-04 )))))))))))))))))))))))))))))))
.
.
2012-04-03 18:23 . 2012-03-28 23:56 99328 ----a-w- c:\windows\system32\BO0iKkW.com
2012-04-01 23:49 . 2012-04-01 23:49 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2012-04-01 23:49 . 2012-04-01 23:49 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Yahoo!
2012-03-28 20:59 . 2012-03-28 20:59 -------- d-----w- c:\documents and settings\ivan\Application Data\SUPERAntiSpyware.com
2012-03-28 20:58 . 2012-03-28 20:59 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-03-28 20:58 . 2012-03-28 20:58 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-21 00:00 . 2011-05-17 22:51 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-03 09:22 . 2004-08-04 06:17 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-11 19:06 . 2012-02-19 19:47 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-09 16:20 . 2004-08-04 08:01 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2011-02-16 96160]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-03-07 3905920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-07-30 143360]
"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-19 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-19 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-19 114688]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-06-27 07:03 152872 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-09-01 06:39 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-13 17:42 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 03:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
2006-03-21 01:19 69632 ----a-w- c:\program files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2003-09-29 12:14 155648 ----a-r- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2006-01-11 15:37 32881 -c--a-w- c:\program files\Java\j2re1.4.2_03\bin\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\SQLANY70\\dbeng7.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:mad:xpsp2res.dll,-22009
.
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [12/08/2011 11:38 a.m. 116608]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [20/10/2009 8:33 a.m. 27632]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [23/07/2011 4:27 a.m. 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [13/07/2011 9:55 a.m. 67664]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [28/02/2011 2:03 p.m. 239528]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7/10/2010 3:36 p.m. 652360]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [28/02/2011 2:03 p.m. 36608]
S3 genmcmnUSB;USB Scroll Mouse Driver;c:\windows\system32\drivers\gflmouhid.sys [19/04/2004 3:01 p.m. 6656]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [15/07/2010 3:22 p.m. 13224]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7/10/2010 3:36 p.m. 20464]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [20/10/2009 8:32 a.m. 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [20/10/2009 8:32 a.m. 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [20/10/2009 8:32 a.m. 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [20/10/2009 8:32 a.m. 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [20/10/2009 8:32 a.m. 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [20/10/2009 8:32 a.m. 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [20/10/2009 8:32 a.m. 109864]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
qhwscsvc
WNCPKT
artourservice
ccevtmgr
g400
dcfssvc
adminserver
DELTA
mcmispupdmgr
axinstsv
comhost
ntrtscan
atimtag
se45unic
eelsservice
lmab_device
ha20x2k
szserver
blueletaudio
rt73
aswmon2
BCMWLNPF
avfilter
sfcure01
alcaudsl
StkASSrv
pdlndint
usbvideo
netmnt
prepdrvr
nv
ELhid
slabbus
WGX
s7otranx
wmp54gsvc
brmfrmps
dlcq_device
tmlisten
caboagp
Wpsnuio
se26nd5
lxrsge10s
l8042pr2
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-03 c:\windows\Tasks\At1.job
- c:\windows\system32\BO0iKkW.com [2012-04-03 23:56]
.
2012-04-03 c:\windows\Tasks\At10.job
- c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
.
2012-04-03 c:\windows\Tasks\At11.job
- c:\windows\system32\BO0iKkW.com [2012-04-03 23:56]
.
2012-04-03 c:\windows\Tasks\At12.job
- c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
.
2012-04-03 c:\windows\Tasks\At13.job
- c:\windows\system32\BO0iKkW.com [2012-04-03 23:56]
.
2012-04-03 c:\windows\Tasks\At14.job
- c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
.
2012-04-03 c:\windows\Tasks\At15.job
- c:\windows\system32\BO0iKkW.com [2012-04-03 23:56]
.
2012-04-03 c:\windows\Tasks\At16.job
- c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
.
2012-04-03 c:\windows\Tasks\At17.job
- c:\windows\system32\BO0iKkW.com [2012-04-03 23:56]
.
2012-04-03 c:\windows\Tasks\At18.job
- c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
.
2012-04-03 c:\windows\Tasks\At19.job
- c:\windows\system32\BO0iKkW.com [2012-04-03 23:56]
.
2012-04-03 c:\windows\Tasks\At2.job
- c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
.
2012-04-03 c:\windows\Tasks\At20.job
- c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
.
2012-04-03 c:\windows\Tasks\At21.job
- c:\windows\system32\BO0iKkW.com [2012-04-03 23:56]
.
2012-04-03 c:\windows\Tasks\At22.job
- c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
.
2012-04-03 c:\windows\Tasks\At23.job
- c:\windows\system32\BO0iKkW.com [2012-04-03 23:56]
.
2012-04-03 c:\windows\Tasks\At24.job
- c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
.
2012-04-03 c:\windows\Tasks\At25.job
- c:\windows\system32\BO0iKkW.com [2012-04-03 23:56]
.
2012-04-03 c:\windows\Tasks\At26.job
- c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
.
2012-04-03 c:\windows\Tasks\At27.job
- c:\windows\system32\BO0iKkW.com [2012-04-03 23:56]
.
2012-04-03 c:\windows\Tasks\At28.job
- c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
.
2012-04-03 c:\windows\Tasks\At29.job
- c:\windows\system32\BO0iKkW.com [2012-04-03 23:56]
.
2012-04-03 c:\windows\Tasks\At3.job
- c:\windows\system32\BO0iKkW.com [2012-04-03 23:56]
.
2012-04-03 c:\windows\Tasks\At30.job
- c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
.
2012-04-03 c:\windows\Tasks\At31.job
- c:\windows\system32\BO0iKkW.com [2012-04-03 23:56]
.
2012-04-03 c:\windows\Tasks\At32.job
- c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
.
2012-04-03 c:\windows\Tasks\At33.job
- c:\windows\system32\BO0iKkW.com [2012-04-03 23:56]
.
2012-04-03 c:\windows\Tasks\At34.job
- c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
.
2012-04-02 c:\windows\Tasks\At35.job
- c:\windows\system32\BO0iKkW.com [2012-04-03 23:56]
.
2012-04-02 c:\windows\Tasks\At36.job
- c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
.
2012-04-03 c:\windows\Tasks\At37.job
- c:\windows\system32\BO0iKkW.com [2012-04-03 23:56]
.
2012-04-03 c:\windows\Tasks\At38.job
- c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
.
2012-04-03 c:\windows\Tasks\At39.job
- c:\windows\system32\BO0iKkW.com [2012-04-03 23:56]
.
2012-04-03 c:\windows\Tasks\At4.job
- c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
.
2012-04-03 c:\windows\Tasks\At40.job
- c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
.
2012-04-03 c:\windows\Tasks\At41.job
- c:\windows\system32\BO0iKkW.com [2012-04-03 23:56]
.
2012-04-03 c:\windows\Tasks\At42.job
- c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
.
2012-04-03 c:\windows\Tasks\At43.job
- c:\windows\system32\BO0iKkW.com [2012-04-03 23:56]
.
2012-04-03 c:\windows\Tasks\At44.job
- c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
.
2012-04-03 c:\windows\Tasks\At45.job
- c:\windows\system32\BO0iKkW.com [2012-04-03 23:56]
.
2012-04-03 c:\windows\Tasks\At46.job
- c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
.
2012-04-03 c:\windows\Tasks\At47.job
- c:\windows\system32\BO0iKkW.com [2012-04-03 23:56]
.
2012-04-03 c:\windows\Tasks\At48.job
- c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
.
2012-04-03 c:\windows\Tasks\At5.job
- c:\windows\system32\BO0iKkW.com [2012-04-03 23:56]
.
2012-04-03 c:\windows\Tasks\At6.job
- c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
.
2012-04-03 c:\windows\Tasks\At7.job
- c:\windows\system32\BO0iKkW.com [2012-04-03 23:56]
.
2012-04-03 c:\windows\Tasks\At8.job
- c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
.
2012-04-03 c:\windows\Tasks\At9.job
- c:\windows\system32\BO0iKkW.com [2012-04-03 23:56]
.
2012-04-03 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 39bb3ef2-2fdc-4521-889b-4651ad3e4c28.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2012-04-03 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 3d3b28ec-3f26-4d34-a2f8-810af41dc5ac.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.nz/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
TCP: Interfaces\{1B69E7A3-4BFA-42B1-923A-5B2BFB7E218E}: NameServer = 10.0.2.93,210.48.66.2,210.48.65.2
TCP: Interfaces\{CCFBDEE0-6D1B-45C8-AA11-085E4BC40A5D}: NameServer = 210.55.24.8
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-AVG_TRAY - c:\program files\AVG\AVG2012\avgtray.exe
MSConfigStartUp-Sony Ericsson PC Suite - c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-04 15:07
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bb,f5,0e,71,1f,6a,17,45,bc,9a,d4,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bb,f5,0e,71,1f,6a,17,45,bc,9a,d4,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(624)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(268)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2012-04-04 15:09:17
ComboFix-quarantined-files.txt 2012-04-04 03:09
.
Pre-Run: 14,150,803,456 bytes free
Post-Run: 14,235,090,944 bytes free
.
- - End Of File - - 0F2894390F2B1D6139E00D1464188F03
 
A dialog box keeps opening: "Internet Explorer is not currently your default browser ..."

It *looks* legit but I dare not mouseclick it for fear of reinfecting the PC.
 
If it was your default browser you can approve that message.

1. Please open Notepad (Start>All Programs>Accessories>Notepad).

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code: 
AtJob::

ClearJavaCache::


3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif



6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
 
Combofix still reports the presence of a rootkit and open 3 dialog boxes which I close with an "OK" button in succession. I find I have to run Combofix in safe mode to reach the end of the process normally.

==========================

ComboFix 12-04-03.02 - ivan 04/04/2012 16:14:09.8.2 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1784 [GMT 12:00]
Running from: c:\documents and settings\ivan\Desktop\your_name.exe
Command switches used :: c:\documents and settings\ivan\Desktop\CFScript.txt
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\J3d8QFa3.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-03-04 to 2012-04-04 )))))))))))))))))))))))))))))))
.
.
2012-04-03 18:23 . 2012-03-28 23:56 99328 ----a-w- c:\windows\system32\BO0iKkW.com
2012-04-01 23:49 . 2012-04-01 23:49 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2012-04-01 23:49 . 2012-04-01 23:49 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Yahoo!
2012-03-28 20:59 . 2012-03-28 20:59 -------- d-----w- c:\documents and settings\ivan\Application Data\SUPERAntiSpyware.com
2012-03-28 20:58 . 2012-03-28 20:59 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-03-28 20:58 . 2012-03-28 20:58 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-21 00:00 . 2011-05-17 22:51 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-03 09:22 . 2004-08-04 06:17 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-11 19:06 . 2012-02-19 19:47 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-09 16:20 . 2004-08-04 08:01 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-04_03.07.02 )))))))))))))))))))))))))))))))))))))))))
.
- 2004-08-09 20:44 . 2012-04-04 02:58 53608 c:\windows\system32\perfc009.dat
+ 2004-08-09 20:44 . 2012-04-04 04:17 53608 c:\windows\system32\perfc009.dat
+ 2004-08-09 20:44 . 2012-04-04 04:17 383254 c:\windows\system32\perfh009.dat
- 2004-08-09 20:44 . 2012-04-04 02:58 383254 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2011-02-16 96160]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-03-07 3905920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-07-30 143360]
"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-19 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-19 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-19 114688]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-06-27 07:03 152872 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-09-01 06:39 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-13 17:42 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 03:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
2006-03-21 01:19 69632 ----a-w- c:\program files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2003-09-29 12:14 155648 ----a-r- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2006-01-11 15:37 32881 -c--a-w- c:\program files\Java\j2re1.4.2_03\bin\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\SQLANY70\\dbeng7.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:mad:xpsp2res.dll,-22009
.
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [12/08/2011 11:38 a.m. 116608]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [20/10/2009 8:33 a.m. 27632]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [23/07/2011 4:27 a.m. 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [13/07/2011 9:55 a.m. 67664]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [28/02/2011 2:03 p.m. 239528]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7/10/2010 3:36 p.m. 652360]
S3 genmcmnUSB;USB Scroll Mouse Driver;c:\windows\system32\drivers\gflmouhid.sys [19/04/2004 3:01 p.m. 6656]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [15/07/2010 3:22 p.m. 13224]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7/10/2010 3:36 p.m. 20464]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [20/10/2009 8:32 a.m. 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [20/10/2009 8:32 a.m. 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [20/10/2009 8:32 a.m. 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [20/10/2009 8:32 a.m. 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [20/10/2009 8:32 a.m. 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [20/10/2009 8:32 a.m. 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [20/10/2009 8:32 a.m. 109864]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
qhwscsvc
WNCPKT
artourservice
ccevtmgr
g400
dcfssvc
adminserver
DELTA
mcmispupdmgr
axinstsv
comhost
ntrtscan
atimtag
se45unic
eelsservice
lmab_device
ha20x2k
szserver
blueletaudio
rt73
aswmon2
BCMWLNPF
avfilter
sfcure01
alcaudsl
StkASSrv
pdlndint
usbvideo
netmnt
prepdrvr
nv
ELhid
slabbus
WGX
s7otranx
wmp54gsvc
brmfrmps
dlcq_device
tmlisten
caboagp
Wpsnuio
se26nd5
lxrsge10s
l8042pr2
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-03 c:\windows\Tasks\At1.job
- c:\windows\system32\BO0iKkW.com [2012-04-03 23:56]
.
2012-04-03 c:\windows\Tasks\At10.job
- c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
.
2012-04-03 c:\windows\Tasks\At11.job
- c:\windows\system32\BO0iKkW.com [2012-04-03 23:56]
.
2012-04-03 c:\windows\Tasks\At12.job
- c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
.
2012-04-03 c:\windows\Tasks\At13.job
- c:\windows\system32\BO0iKkW.com [2012-04-03 23:56]
.
2012-04-03 c:\windows\Tasks\At14.job
- c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
.
2012-04-03 c:\windows\Tasks\At15.job
- c:\windows\system32\BO0iKkW.com [2012-04-03 23:56]
.
2012-04-03 c:\windows\Tasks\At16.job
- c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
.
2012-04-03 c:\windows\Tasks\At17.job
- c:\windows\system32\BO0iKkW.com [2012-04-03 23:56]
.
2012-04-03 c:\windows\Tasks\At18.job
- c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
.
2012-04-03 c:\windows\Tasks\At19.job
- c:\windows\system32\BO0iKkW.com [2012-04-03 23:56]
.
2012-04-03 c:\windows\Tasks\At2.job
- c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
.
2012-04-03 c:\windows\Tasks\At20.job
- c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
.
2012-04-03 c:\windows\Tasks\At21.job
- c:\windows\system32\BO0iKkW.com [2012-04-03 23:56]
.
2012-04-03 c:\windows\Tasks\At22.job
- c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
.
2012-04-03 c:\windows\Tasks\At23.job
- c:\windows\system32\BO0iKkW.com [2012-04-03 23:56]
.
2012-04-03 c:\windows\Tasks\At24.job
- c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
.
2012-04-03 c:\windows\Tasks\At25.job
- c:\windows\system32\BO0iKkW.com [2012-04-03 23:56]
.
2012-04-03 c:\windows\Tasks\At26.job
- c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
.
2012-04-03 c:\windows\Tasks\At27.job
- c:\windows\system32\BO0iKkW.com [2012-04-03 23:56]
.
2012-04-03 c:\windows\Tasks\At28.job
- c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
.
2012-04-03 c:\windows\Tasks\At29.job
- c:\windows\system32\BO0iKkW.com [2012-04-03 23:56]
.
2012-04-03 c:\windows\Tasks\At3.job
- c:\windows\system32\BO0iKkW.com [2012-04-03 23:56]
.
2012-04-03 c:\windows\Tasks\At30.job
- c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
.
2012-04-04 c:\windows\Tasks\At31.job
- c:\windows\system32\BO0iKkW.com [2012-04-03 23:56]
.
2012-04-04 c:\windows\Tasks\At32.job
- c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
.
2012-04-03 c:\windows\Tasks\At33.job
- c:\windows\system32\BO0iKkW.com [2012-04-03 23:56]
.
2012-04-03 c:\windows\Tasks\At34.job
- c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
.
2012-04-02 c:\windows\Tasks\At35.job
- c:\windows\system32\BO0iKkW.com [2012-04-03 23:56]
.
2012-04-02 c:\windows\Tasks\At36.job
- c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
.
2012-04-03 c:\windows\Tasks\At37.job
- c:\windows\system32\BO0iKkW.com [2012-04-03 23:56]
.
2012-04-03 c:\windows\Tasks\At38.job
- c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
.
2012-04-03 c:\windows\Tasks\At39.job
- c:\windows\system32\BO0iKkW.com [2012-04-03 23:56]
.
2012-04-03 c:\windows\Tasks\At4.job
- c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
.
2012-04-03 c:\windows\Tasks\At40.job
- c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
.
2012-04-03 c:\windows\Tasks\At41.job
- c:\windows\system32\BO0iKkW.com [2012-04-03 23:56]
.
2012-04-03 c:\windows\Tasks\At42.job
- c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
.
2012-04-03 c:\windows\Tasks\At43.job
- c:\windows\system32\BO0iKkW.com [2012-04-03 23:56]
.
2012-04-03 c:\windows\Tasks\At44.job
- c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
.
2012-04-03 c:\windows\Tasks\At45.job
- c:\windows\system32\BO0iKkW.com [2012-04-03 23:56]
.
2012-04-03 c:\windows\Tasks\At46.job
- c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
.
2012-04-03 c:\windows\Tasks\At47.job
- c:\windows\system32\BO0iKkW.com [2012-04-03 23:56]
.
2012-04-03 c:\windows\Tasks\At48.job
- c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
.
2012-04-03 c:\windows\Tasks\At5.job
- c:\windows\system32\BO0iKkW.com [2012-04-03 23:56]
.
2012-04-03 c:\windows\Tasks\At6.job
- c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
.
2012-04-03 c:\windows\Tasks\At7.job
- c:\windows\system32\BO0iKkW.com [2012-04-03 23:56]
.
2012-04-03 c:\windows\Tasks\At8.job
- c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
.
2012-04-03 c:\windows\Tasks\At9.job
- c:\windows\system32\BO0iKkW.com [2012-04-03 23:56]
.
2012-04-03 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 39bb3ef2-2fdc-4521-889b-4651ad3e4c28.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2012-04-03 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 3d3b28ec-3f26-4d34-a2f8-810af41dc5ac.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.nz/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
TCP: Interfaces\{1B69E7A3-4BFA-42B1-923A-5B2BFB7E218E}: NameServer = 10.0.2.93,210.48.66.2,210.48.65.2
TCP: Interfaces\{CCFBDEE0-6D1B-45C8-AA11-085E4BC40A5D}: NameServer = 210.55.24.8
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-04 16:25
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bb,f5,0e,71,1f,6a,17,45,bc,9a,d4,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bb,f5,0e,71,1f,6a,17,45,bc,9a,d4,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(624)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
Completion time: 2012-04-04 16:27:08
ComboFix-quarantined-files.txt 2012-04-04 04:27
ComboFix2.txt 2012-04-04 03:09
.
Pre-Run: 14,140,354,560 bytes free
Post-Run: 14,211,461,120 bytes free
.
- - End Of File - - 5A01F0BD7BFEABF1991331872A9B52B9
 
1. Please open Notepad (Start>All Programs>Accessories>Notepad).

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code: 
File::
c:\windows\system32\BO0iKkW.com

Rootkit::
c:\windows\system32\BO0iKkW.com

AtJob::

ClearJavaCache::


3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif



6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
 
Sorry this is taking so long - I seem to have to do everything twice (doing it over in safe mode) - thanks for your patience.

===============================================
ComboFix 12-04-03.02 - ivan 04/04/2012 17:46:05.10.2 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1784 [GMT 12:00]
Running from: c:\documents and settings\ivan\Desktop\your_name.exe
Command switches used :: c:\documents and settings\ivan\Desktop\CFScript.txt
.
FILE ::
"c:\windows\system32\BO0iKkW.com"
.
.
((((((((((((((((((((((((( Files Created from 2012-03-04 to 2012-04-04 )))))))))))))))))))))))))))))))
.
.
2012-04-02 00:23 . 2012-03-28 23:56 99328 ----a-w- c:\windows\system32\BO0iKkW.com_
2012-04-01 23:49 . 2012-04-01 23:49 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2012-04-01 23:49 . 2012-04-01 23:49 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Yahoo!
2012-03-28 20:59 . 2012-03-28 20:59 -------- d-----w- c:\documents and settings\ivan\Application Data\SUPERAntiSpyware.com
2012-03-28 20:58 . 2012-03-28 20:59 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-03-28 20:58 . 2012-03-28 20:58 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-21 00:00 . 2011-05-17 22:51 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-03 09:22 . 2004-08-04 06:17 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-11 19:06 . 2012-02-19 19:47 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-09 16:20 . 2004-08-04 08:01 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2011-02-16 96160]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-03-07 3905920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-07-30 143360]
"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-19 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-19 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-19 114688]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-06-27 07:03 152872 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-09-01 06:39 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-13 17:42 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 03:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
2006-03-21 01:19 69632 ----a-w- c:\program files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2003-09-29 12:14 155648 ----a-r- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2006-01-11 15:37 32881 -c--a-w- c:\program files\Java\j2re1.4.2_03\bin\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\SQLANY70\\dbeng7.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:mad:xpsp2res.dll,-22009
.
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [12/08/2011 11:38 a.m. 116608]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [20/10/2009 8:33 a.m. 27632]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [23/07/2011 4:27 a.m. 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [13/07/2011 9:55 a.m. 67664]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [28/02/2011 2:03 p.m. 239528]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7/10/2010 3:36 p.m. 652360]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [28/02/2011 2:03 p.m. 36608]
S3 genmcmnUSB;USB Scroll Mouse Driver;c:\windows\system32\drivers\gflmouhid.sys [19/04/2004 3:01 p.m. 6656]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [15/07/2010 3:22 p.m. 13224]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7/10/2010 3:36 p.m. 20464]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [20/10/2009 8:32 a.m. 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [20/10/2009 8:32 a.m. 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [20/10/2009 8:32 a.m. 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [20/10/2009 8:32 a.m. 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [20/10/2009 8:32 a.m. 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [20/10/2009 8:32 a.m. 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [20/10/2009 8:32 a.m. 109864]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
qhwscsvc
WNCPKT
artourservice
ccevtmgr
g400
dcfssvc
adminserver
DELTA
mcmispupdmgr
axinstsv
comhost
ntrtscan
atimtag
se45unic
eelsservice
lmab_device
ha20x2k
szserver
blueletaudio
rt73
aswmon2
BCMWLNPF
avfilter
sfcure01
alcaudsl
StkASSrv
pdlndint
usbvideo
netmnt
prepdrvr
nv
ELhid
slabbus
WGX
s7otranx
wmp54gsvc
brmfrmps
dlcq_device
tmlisten
caboagp
Wpsnuio
se26nd5
lxrsge10s
l8042pr2
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-03 c:\windows\Tasks\At10.job
- c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
.
2012-04-03 c:\windows\Tasks\At12.job
- c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
.
2012-04-03 c:\windows\Tasks\At14.job
- c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
.
2012-04-03 c:\windows\Tasks\At16.job
- c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
.
2012-04-03 c:\windows\Tasks\At18.job
- c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
.
2012-04-03 c:\windows\Tasks\At2.job
- c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
.
2012-04-03 c:\windows\Tasks\At20.job
- c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
.
2012-04-03 c:\windows\Tasks\At22.job
- c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
.
2012-04-03 c:\windows\Tasks\At24.job
- c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
.
2012-04-03 c:\windows\Tasks\At26.job
- c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
.
2012-04-03 c:\windows\Tasks\At28.job
- c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
.
2012-04-03 c:\windows\Tasks\At30.job
- c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
.
2012-04-04 c:\windows\Tasks\At32.job
- c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
.
2012-04-03 c:\windows\Tasks\At34.job
- c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
.
2012-04-02 c:\windows\Tasks\At36.job
- c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
.
2012-04-03 c:\windows\Tasks\At38.job
- c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
.
2012-04-03 c:\windows\Tasks\At4.job
- c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
.
2012-04-03 c:\windows\Tasks\At40.job
- c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
.
2012-04-03 c:\windows\Tasks\At42.job
- c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
.
2012-04-03 c:\windows\Tasks\At44.job
- c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
.
2012-04-03 c:\windows\Tasks\At46.job
- c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
.
2012-04-03 c:\windows\Tasks\At48.job
- c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
.
2012-04-03 c:\windows\Tasks\At6.job
- c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
.
2012-04-03 c:\windows\Tasks\At8.job
- c:\windows\system32\BO0iKkW.com_ [2012-04-02 23:56]
.
2012-04-03 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 39bb3ef2-2fdc-4521-889b-4651ad3e4c28.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2012-04-03 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 3d3b28ec-3f26-4d34-a2f8-810af41dc5ac.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.nz/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
TCP: Interfaces\{1B69E7A3-4BFA-42B1-923A-5B2BFB7E218E}: NameServer = 10.0.2.93,210.48.66.2,210.48.65.2
TCP: Interfaces\{CCFBDEE0-6D1B-45C8-AA11-085E4BC40A5D}: NameServer = 210.55.24.8
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-04 17:57
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bb,f5,0e,71,1f,6a,17,45,bc,9a,d4,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bb,f5,0e,71,1f,6a,17,45,bc,9a,d4,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(640)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(1536)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2012-04-04 18:03:34 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-04 06:03
ComboFix2.txt 2012-04-04 04:27
ComboFix3.txt 2012-04-04 03:09
.
Pre-Run: 14,189,686,784 bytes free
Post-Run: 14,194,737,152 bytes free
.
- - End Of File - - 22CFE598547472554BC59BFFD7A01B9E
 
1. Please open Notepad (Start>All Programs>Accessories>Notepad).

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code: 
File::
c:\windows\system32\BO0iKkW.com_

Rootkit::
c:\windows\system32\BO0iKkW.com_

AtJob::

ClearJavaCache::


3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif



6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
 
Sorry again for the delay - I'm posting from GMT +12:00, I guess 4 hrs behind and a day ahead of Cali.

=========================================================

ComboFix 12-04-03.02 - ivan 05/04/2012 8:48.11.2 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1783 [GMT 12:00]
Running from: c:\documents and settings\ivan\Desktop\your_name.exe
Command switches used :: c:\documents and settings\ivan\Desktop\CFScript.txt
.
FILE ::
"c:\windows\system32\BO0iKkW.com"
.
.
((((((((((((((((((((((((( Files Created from 2012-03-04 to 2012-04-04 )))))))))))))))))))))))))))))))
.
.
2012-04-02 00:23 . 2012-03-28 23:56 99328 ----a-w- c:\windows\system32\BO0iKkW.com__
2012-04-01 23:49 . 2012-04-01 23:49 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2012-04-01 23:49 . 2012-04-01 23:49 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Yahoo!
2012-03-28 20:59 . 2012-03-28 20:59 -------- d-----w- c:\documents and settings\ivan\Application Data\SUPERAntiSpyware.com
2012-03-28 20:58 . 2012-03-28 20:59 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-03-28 20:58 . 2012-03-28 20:58 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-21 00:00 . 2011-05-17 22:51 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-03 09:22 . 2004-08-04 06:17 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-11 19:06 . 2012-02-19 19:47 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-09 16:20 . 2004-08-04 08:01 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2011-02-16 96160]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-03-07 3905920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-07-30 143360]
"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-19 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-19 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-19 114688]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil11f_ActiveX.exe" [2012-02-21 250016]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-06-27 07:03 152872 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-09-01 06:39 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-13 17:42 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 03:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
2006-03-21 01:19 69632 ----a-w- c:\program files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2003-09-29 12:14 155648 ----a-r- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2006-01-11 15:37 32881 -c--a-w- c:\program files\Java\j2re1.4.2_03\bin\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\SQLANY70\\dbeng7.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:mad:xpsp2res.dll,-22009
.
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [12/08/2011 11:38 a.m. 116608]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [20/10/2009 8:33 a.m. 27632]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [23/07/2011 4:27 a.m. 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [13/07/2011 9:55 a.m. 67664]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [28/02/2011 2:03 p.m. 239528]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7/10/2010 3:36 p.m. 652360]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [28/02/2011 2:03 p.m. 36608]
S3 genmcmnUSB;USB Scroll Mouse Driver;c:\windows\system32\drivers\gflmouhid.sys [19/04/2004 3:01 p.m. 6656]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [15/07/2010 3:22 p.m. 13224]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7/10/2010 3:36 p.m. 20464]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [20/10/2009 8:32 a.m. 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [20/10/2009 8:32 a.m. 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [20/10/2009 8:32 a.m. 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [20/10/2009 8:32 a.m. 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [20/10/2009 8:32 a.m. 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [20/10/2009 8:32 a.m. 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [20/10/2009 8:32 a.m. 109864]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
qhwscsvc
WNCPKT
artourservice
ccevtmgr
g400
dcfssvc
adminserver
DELTA
mcmispupdmgr
axinstsv
comhost
ntrtscan
atimtag
se45unic
eelsservice
lmab_device
ha20x2k
szserver
blueletaudio
rt73
aswmon2
BCMWLNPF
avfilter
sfcure01
alcaudsl
StkASSrv
pdlndint
usbvideo
netmnt
prepdrvr
nv
ELhid
slabbus
WGX
s7otranx
wmp54gsvc
brmfrmps
dlcq_device
tmlisten
caboagp
Wpsnuio
se26nd5
lxrsge10s
l8042pr2
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-03 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 39bb3ef2-2fdc-4521-889b-4651ad3e4c28.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2012-04-03 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 3d3b28ec-3f26-4d34-a2f8-810af41dc5ac.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.nz/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
TCP: Interfaces\{1B69E7A3-4BFA-42B1-923A-5B2BFB7E218E}: NameServer = 10.0.2.93,210.48.66.2,210.48.65.2
TCP: Interfaces\{CCFBDEE0-6D1B-45C8-AA11-085E4BC40A5D}: NameServer = 210.55.24.8
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-05 09:02
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bb,f5,0e,71,1f,6a,17,45,bc,9a,d4,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bb,f5,0e,71,1f,6a,17,45,bc,9a,d4,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(624)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(112)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2012-04-05 09:07:30 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-04 21:07
ComboFix2.txt 2012-04-04 06:03
ComboFix3.txt 2012-04-04 04:27
ComboFix4.txt 2012-04-04 03:09
.
Pre-Run: 14,157,746,176 bytes free
Post-Run: 14,162,784,256 bytes free
.
- - End Of File - - A0499467F1BE36F94722798F32562AF2
 
That looks better :)

1. Please open Notepad (Start>All Programs>Accessories>Notepad).

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code: 
File::
c:\windows\system32\BO0iKkW.com__

Rootkit::
c:\windows\system32\BO0iKkW.com__

ClearJavaCache::


3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif



6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
 
ComboFix 12-04-03.02 - ivan 05/04/2012 9:52.12.2 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1784 [GMT 12:00]
Running from: c:\documents and settings\ivan\Desktop\your_name.exe
Command switches used :: c:\documents and settings\ivan\Desktop\CFScript.txt
.
FILE ::
"c:\windows\system32\BO0iKkW.com__"
.
.
((((((((((((((((((((((((( Files Created from 2012-03-04 to 2012-04-04 )))))))))))))))))))))))))))))))
.
.
2012-04-01 23:49 . 2012-04-01 23:49 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2012-04-01 23:49 . 2012-04-01 23:49 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Yahoo!
2012-03-28 20:59 . 2012-03-28 20:59 -------- d-----w- c:\documents and settings\ivan\Application Data\SUPERAntiSpyware.com
2012-03-28 20:58 . 2012-03-28 20:59 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-03-28 20:58 . 2012-03-28 20:58 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-21 00:00 . 2011-05-17 22:51 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-03 09:22 . 2004-08-04 06:17 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-11 19:06 . 2012-02-19 19:47 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-09 16:20 . 2004-08-04 08:01 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2011-02-16 96160]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-03-07 3905920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-07-30 143360]
"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-19 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-19 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-19 114688]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil11f_ActiveX.exe" [2012-02-21 250016]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-06-27 07:03 152872 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-09-01 06:39 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-13 17:42 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 03:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
2006-03-21 01:19 69632 ----a-w- c:\program files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2003-09-29 12:14 155648 ----a-r- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2006-01-11 15:37 32881 -c--a-w- c:\program files\Java\j2re1.4.2_03\bin\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\SQLANY70\\dbeng7.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:mad:xpsp2res.dll,-22009
.
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [12/08/2011 11:38 a.m. 116608]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [20/10/2009 8:33 a.m. 27632]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [23/07/2011 4:27 a.m. 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [13/07/2011 9:55 a.m. 67664]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [28/02/2011 2:03 p.m. 239528]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7/10/2010 3:36 p.m. 652360]
S3 genmcmnUSB;USB Scroll Mouse Driver;c:\windows\system32\drivers\gflmouhid.sys [19/04/2004 3:01 p.m. 6656]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [15/07/2010 3:22 p.m. 13224]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7/10/2010 3:36 p.m. 20464]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [20/10/2009 8:32 a.m. 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [20/10/2009 8:32 a.m. 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [20/10/2009 8:32 a.m. 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [20/10/2009 8:32 a.m. 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [20/10/2009 8:32 a.m. 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [20/10/2009 8:32 a.m. 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [20/10/2009 8:32 a.m. 109864]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
qhwscsvc
WNCPKT
artourservice
ccevtmgr
g400
dcfssvc
adminserver
DELTA
mcmispupdmgr
axinstsv
comhost
ntrtscan
atimtag
se45unic
eelsservice
lmab_device
ha20x2k
szserver
blueletaudio
rt73
aswmon2
BCMWLNPF
avfilter
sfcure01
alcaudsl
StkASSrv
pdlndint
usbvideo
netmnt
prepdrvr
nv
ELhid
slabbus
WGX
s7otranx
wmp54gsvc
brmfrmps
dlcq_device
tmlisten
caboagp
Wpsnuio
se26nd5
lxrsge10s
l8042pr2
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-03 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 39bb3ef2-2fdc-4521-889b-4651ad3e4c28.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2012-04-03 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 3d3b28ec-3f26-4d34-a2f8-810af41dc5ac.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.nz/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
TCP: Interfaces\{1B69E7A3-4BFA-42B1-923A-5B2BFB7E218E}: NameServer = 10.0.2.93,210.48.66.2,210.48.65.2
TCP: Interfaces\{CCFBDEE0-6D1B-45C8-AA11-085E4BC40A5D}: NameServer = 210.55.24.8
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-05 10:04
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bb,f5,0e,71,1f,6a,17,45,bc,9a,d4,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bb,f5,0e,71,1f,6a,17,45,bc,9a,d4,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(632)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(1636)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2012-04-05 10:10:14 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-04 22:10
ComboFix2.txt 2012-04-04 21:07
ComboFix3.txt 2012-04-04 06:03
ComboFix4.txt 2012-04-04 04:27
ComboFix5.txt 2012-04-04 21:42
.
Pre-Run: 14,149,033,984 bytes free
Post-Run: 14,152,630,272 bytes free
.
- - End Of File - - 8B36B9A07477FF58658156A05B3AE406
 
Finally looks good :)

How is computer doing?

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\tasks\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
Computer seems ok (thanks to your tender ministrations) but TBF I have been doing most of the posting from another machine, leaving the infected one well alone and running XP in safe mode.

OTL.txt (Part 1 of 2 - original post exceeded 50k char limit)
==================================================
OTL logfile created on: 5/04/2012 10:50:11 a.m. - Run 2
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\ivan\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001409 | Country: New Zealand | Language: ENZ | Date Format: d/MM/yyyy

1.99 Gb Total Physical Memory | 1.48 Gb Available Physical Memory | 74.11% Memory free
2.58 Gb Paging File | 2.06 Gb Available in Paging File | 79.90% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.27 Gb Total Space | 11.21 Gb Free Space | 30.09% Space Free | Partition Type: NTFS
Drive H: | 67.83 Gb Total Space | 29.41 Gb Free Space | 43.37% Space Free | Partition Type: NTFS
Drive O: | 67.83 Gb Total Space | 29.41 Gb Free Space | 43.37% Space Free | Partition Type: NTFS
Drive P: | 67.83 Gb Total Space | 29.41 Gb Free Space | 43.37% Space Free | Partition Type: NTFS
Drive X: | 67.83 Gb Total Space | 29.41 Gb Free Space | 43.37% Space Free | Partition Type: NTFS
Drive Z: | 67.83 Gb Total Space | 29.41 Gb Free Space | 43.37% Space Free | Partition Type: NTFS

Computer Name: IVAN2_PC | User Name: ivan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/05 10:37:54 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ivan\Desktop\OTL.exe
PRC - [2012/03/08 09:27:25 | 003,905,920 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2012/01/13 13:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/01/13 13:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/12 11:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/02/17 10:59:38 | 000,096,160 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
PRC - [2011/02/17 10:58:10 | 000,239,528 | ---- | M] (Teruten) -- C:\WINDOWS\system32\FsUsbExService.Exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003/07/31 05:08:58 | 000,143,360 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
PRC - [2002/09/21 11:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


========== Modules (No Company Name) ==========

MOD - [2012/04/05 10:36:18 | 000,065,024 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2012/04/05 10:36:18 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2012/03/29 08:59:32 | 000,117,760 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2012/03/29 08:59:32 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2005/10/30 15:24:08 | 000,081,920 | ---- | M] () -- C:\WINDOWS\system32\cpwmon2k.dll
MOD - [2003/02/07 17:24:20 | 000,094,274 | ---- | M] () -- C:\WINDOWS\system32\HPBHEALR.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\rupsmon.dll -- (Wpsnuio)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\DVDVRRdr_xp.dll -- (WNCPKT)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pnrouter.dll -- (wmp54gsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pcdrndisuio.dll -- (WGX)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\VX3000.dll -- (usbvideo)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\vsmon.dll -- (tmlisten)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\regspy.dll -- (szserver)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\btwusb.dll -- (StkASSrv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\HpqRemHid.dll -- (slabbus)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\3dkeybd.dll -- (sfcure01)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\LMIRfsDriver.dll -- (se45unic)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SE27mdm.dll -- (se26nd5)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\TVALG.dll -- (s7otranx)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\WmHidLo.dll -- (rt73)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\MA_CMIDI.dll -- (qhwscsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\FireHook.dll -- (prepdrvr)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SPFDRV.dll -- (pdlndint)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\wceusbsh.dll -- (nv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\flutilssvc.dll -- (ntrtscan)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\VRFIL.dll -- (netmnt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\apache.dll -- (mcmispupdmgr)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\avpnnic.dll -- (lxrsge10s)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\FileDisk.dll -- (lmab_device)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\lvprcsrv.dll -- (l8042pr2)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [Auto | Stopped] -- %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dlles\pchsvc.dll -- (helpsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\fsaua.dll -- (ha20x2k)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\a016mgmt.dll -- (g400)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\PQNTDrv.dll -- (ELhid)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\buslogic.dll -- (eelsservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\websensecamserver.dll -- (dlcq_device)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\usbaudio.dll -- (DELTA)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\symantecantibotagent.dll -- (dcfssvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SABProcEnum.dll -- (comhost)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\asc3350p.dll -- (ccevtmgr)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\lxcd_device.dll -- (caboagp)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\n558.dll -- (brmfrmps)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\navex15.dll -- (blueletaudio)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\sleepy.dll -- (BCMWLNPF)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\lvhidsvc.dll -- (axinstsv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\s117unic.dll -- (avfilter)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\DCamUSBGrandTek.dll -- (atimtag)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\stylexphelper.dll -- (aswmon2)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\MRESP50.dll -- (artourservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\perc2.dll -- (alcaudsl)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SerTVOutCtlr.dll -- (adminserver)
SRV - [2012/01/13 13:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/08/12 11:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2011/02/17 10:58:10 | 000,239,528 | ---- | M] (Teruten) [Auto | Running] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2002/09/21 11:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\your_name\catchme.sys -- (catchme)
DRV - [2011/12/10 14:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/07/23 04:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/13 09:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/12/21 17:55:02 | 000,132,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2010/12/21 17:55:02 | 000,104,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2010/12/21 17:55:02 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2010/10/04 08:40:18 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009/04/06 09:13:52 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2009/04/06 09:13:52 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggflt.sys -- (ggflt)
DRV - [2009/03/25 16:48:00 | 000,114,728 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018mdm.sys -- (s1018mdm)
DRV - [2009/03/25 16:48:00 | 000,109,864 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018unic.sys -- (s1018unic) Sony Ericsson Device 1018 USB Ethernet Emulation (WDM)
DRV - [2009/03/25 16:48:00 | 000,106,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018mgmt.sys -- (s1018mgmt) Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM)
DRV - [2009/03/25 16:48:00 | 000,104,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018obex.sys -- (s1018obex)
DRV - [2009/03/25 16:48:00 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018bus.sys -- (s1018bus) Sony Ericsson Device 1018 driver (WDM)
DRV - [2009/03/25 16:48:00 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018nd5.sys -- (s1018nd5) Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS)
DRV - [2009/03/25 16:48:00 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018mdfl.sys -- (s1018mdfl)
DRV - [2008/01/09 10:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\seehcri.sys -- (seehcri)
DRV - [2004/08/04 12:29:50 | 000,019,455 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wVchNTxx.sys -- (iAimFP4)
DRV - [2004/08/04 12:29:48 | 000,012,063 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wSiINTxx.sys -- (iAimFP3)
DRV - [2004/08/04 12:29:46 | 000,025,471 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV10nt.sys -- (iAimTV5)
DRV - [2004/08/04 12:29:46 | 000,023,615 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys -- (iAimTV4)
DRV - [2004/08/04 12:29:46 | 000,022,271 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV06nt.sys -- (iAimTV6)
DRV - [2004/08/04 12:29:44 | 000,033,599 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV04nt.sys -- (iAimTV3)
DRV - [2004/08/04 12:29:44 | 000,019,551 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV02NT.sys -- (iAimTV1)
DRV - [2004/08/04 12:29:42 | 000,029,311 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV01nt.sys -- (iAimTV0)
DRV - [2004/08/04 12:29:42 | 000,011,871 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV09NT.sys -- (iAimFP7)
DRV - [2004/08/04 12:29:40 | 000,011,807 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV07nt.sys -- (iAimFP5)
DRV - [2004/08/04 12:29:40 | 000,011,295 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV08NT.sys -- (iAimFP6)
DRV - [2004/08/04 12:29:38 | 000,161,020 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x)
DRV - [2004/08/04 12:29:38 | 000,012,415 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV01nt.sys -- (iAimFP0)
DRV - [2004/08/04 12:29:38 | 000,012,127 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV02NT.sys -- (iAimFP1)
DRV - [2004/08/04 12:29:38 | 000,011,775 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV05NT.sys -- (iAimFP2)
DRV - [2004/05/05 05:31:18 | 000,186,112 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004/04/19 15:01:00 | 000,006,656 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gflmouhid.sys -- (genmcmnUSB)
DRV - [2004/02/05 07:34:16 | 000,051,584 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\baspxp32.sys -- (Blfp)
DRV - [2002/04/04 18:32:06 | 000,028,416 | R--- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\symmpi.sys -- (Symmpi)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com

IE - HKU\S-1-5-21-217054336-590899114-1854122260-1119\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/
IE - HKU\S-1-5-21-217054336-590899114-1854122260-1119\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-217054336-590899114-1854122260-1119\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-217054336-590899114-1854122260-1119\..\SearchScopes\{FE9A569F-029E-4F47-9194-72F4C3C6FB8C}: "URL" = http://search.avg.com/?d=4d6ab8d6&i=23&tp=chrome&q={searchTerms}&lng={language}&nt=1
IE - HKU\S-1-5-21-217054336-590899114-1854122260-1119\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



========== Chrome ==========


O1 HOSTS File: ([2012/04/05 10:04:29 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe (Analog Devices, Inc.)
O4 - HKU\S-1-5-21-217054336-590899114-1854122260-1119..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKU\S-1-5-21-217054336-590899114-1854122260-1119..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\.DEFAULT..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil11f_ActiveX.exe (Adobe Systems, Inc.)
O4 - HKU\S-1-5-18..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil11f_ActiveX.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-217054336-590899114-1854122260-1119\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-217054336-590899114-1854122260-1119\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-217054336-590899114-1854122260-1119\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-217054336-590899114-1854122260-1119\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {33415AC7-AFFA-4D55-B41C-C64C0D07DFCA} http://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISWebManager.CAB (Hewlett-Packard Printer Diagnostics)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/mic...ls/en/x86/client/wuweb_site.cab?1190169885609 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1190169815312 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.4.2/jinstall-1_4_2_03-windows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = PCRentalsAuckland.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1B69E7A3-4BFA-42B1-923A-5B2BFB7E218E}: NameServer = 10.0.2.93,210.48.66.2,210.48.65.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CCFBDEE0-6D1B-45C8-AA11-085E4BC40A5D}: NameServer = 210.55.24.8
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\ivan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\ivan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/20 15:06:55 | 000,000,024 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: qhwscsvc - %systemroot%\system32\MA_CMIDI.dll File not found
NetSvcs: WNCPKT - %systemroot%\system32\DVDVRRdr_xp.dll File not found
NetSvcs: artourservice - %systemroot%\system32\MRESP50.dll File not found
NetSvcs: ccevtmgr - %systemroot%\system32\asc3350p.dll File not found
NetSvcs: g400 - %systemroot%\system32\a016mgmt.dll File not found
NetSvcs: dcfssvc - %systemroot%\system32\symantecantibotagent.dll File not found
NetSvcs: adminserver - %systemroot%\system32\SerTVOutCtlr.dll File not found
NetSvcs: DELTA - %systemroot%\system32\usbaudio.dll File not found
NetSvcs: mcmispupdmgr - %systemroot%\system32\apache.dll File not found
NetSvcs: axinstsv - %systemroot%\system32\lvhidsvc.dll File not found
NetSvcs: comhost - %systemroot%\system32\SABProcEnum.dll File not found
NetSvcs: ntrtscan - %systemroot%\system32\flutilssvc.dll File not found
NetSvcs: atimtag - %systemroot%\system32\DCamUSBGrandTek.dll File not found
NetSvcs: se45unic - %systemroot%\system32\LMIRfsDriver.dll File not found
NetSvcs: eelsservice - %systemroot%\system32\buslogic.dll File not found
NetSvcs: lmab_device - %systemroot%\system32\FileDisk.dll File not found
NetSvcs: ha20x2k - %systemroot%\system32\fsaua.dll File not found
NetSvcs: szserver - %systemroot%\system32\regspy.dll File not found
NetSvcs: blueletaudio - %systemroot%\system32\navex15.dll File not found
NetSvcs: rt73 - %systemroot%\system32\WmHidLo.dll File not found
NetSvcs: aswmon2 - %systemroot%\system32\stylexphelper.dll File not found
NetSvcs: BCMWLNPF - %systemroot%\system32\sleepy.dll File not found
NetSvcs: avfilter - %systemroot%\system32\s117unic.dll File not found
NetSvcs: sfcure01 - %systemroot%\system32\3dkeybd.dll File not found
NetSvcs: alcaudsl - %systemroot%\system32\perc2.dll File not found
NetSvcs: StkASSrv - %systemroot%\system32\btwusb.dll File not found
NetSvcs: pdlndint - %systemroot%\system32\SPFDRV.dll File not found
NetSvcs: usbvideo - %systemroot%\system32\VX3000.dll File not found
NetSvcs: netmnt - %systemroot%\system32\VRFIL.dll File not found
NetSvcs: prepdrvr - %systemroot%\system32\FireHook.dll File not found
NetSvcs: nv - %systemroot%\system32\wceusbsh.dll File not found
NetSvcs: ELhid - %systemroot%\system32\PQNTDrv.dll File not found
NetSvcs: slabbus - %systemroot%\system32\HpqRemHid.dll File not found
NetSvcs: WGX - %systemroot%\system32\pcdrndisuio.dll File not found
NetSvcs: s7otranx - %systemroot%\system32\TVALG.dll File not found
NetSvcs: wmp54gsvc - %systemroot%\system32\pnrouter.dll File not found
NetSvcs: brmfrmps - %systemroot%\system32\n558.dll File not found
NetSvcs: dlcq_device - %systemroot%\system32\websensecamserver.dll File not found
NetSvcs: tmlisten - %systemroot%\system32\vsmon.dll File not found
NetSvcs: caboagp - %systemroot%\system32\lxcd_device.dll File not found
NetSvcs: Wpsnuio - %systemroot%\system32\rupsmon.dll File not found
NetSvcs: se26nd5 - %systemroot%\system32\SE27mdm.dll File not found
NetSvcs: lxrsge10s - %systemroot%\system32\avpnnic.dll File not found
NetSvcs: l8042pr2 - %systemroot%\system32\lvprcsrv.dll File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: helpsvc - %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dlles\pchsvc.dll File not found

Drivers32: MIDI1 - C:\WINDOWS\System32\Syncor11.dll (SoundMAX)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/04/05 10:37:51 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\ivan\Desktop\OTL.exe
[2012/04/05 10:10:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012/04/04 14:01:23 | 004,455,431 | R--- | C] (Swearware) -- C:\Documents and Settings\ivan\Desktop\your_name.exe
[2012/04/04 12:13:05 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/04/04 12:10:49 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/04/04 12:10:49 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/04/04 12:10:49 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/04/04 12:10:49 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/04/04 12:10:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/04/04 12:10:29 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/04/04 11:43:07 | 000,083,968 | ---- | C] (Esage Lab) -- C:\Documents and Settings\ivan\Desktop\boot_cleaner.exe
[2012/04/04 10:52:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ivan\Desktop\bootkit_remover
[2012/04/03 16:40:25 | 000,000,000 | R--D | C] -- C:\Documents and Settings\ivan\Start Menu\Programs\Administrative Tools
[2012/04/03 13:55:11 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\ivan\Desktop\dds.scr
[2012/04/02 11:49:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Yahoo!
[2012/04/02 11:47:55 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/03/29 10:53:24 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\ivan\Desktop\aswMBR.exe
[2012/03/29 08:59:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ivan\Application Data\SUPERAntiSpyware.com
[2012/03/29 08:58:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2012/03/29 08:58:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2012/03/29 08:58:46 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/03/28 17:30:07 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\ivan\Recent
[2012/03/28 17:23:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2012/03/28 17:23:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/05 10:40:03 | 000,383,254 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/04/05 10:40:03 | 000,053,608 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/04/05 10:37:54 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ivan\Desktop\OTL.exe
[2012/04/05 10:36:03 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/04/05 10:35:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/05 10:35:49 | 2138,574,848 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/05 10:04:29 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/04/04 14:01:23 | 004,455,431 | R--- | M] (Swearware) -- C:\Documents and Settings\ivan\Desktop\your_name.exe
[2012/04/04 13:59:07 | 001,008,141 | ---- | M] () -- C:\Documents and Settings\ivan\Desktop\rkill.com
[2012/04/04 12:13:12 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/04/04 11:39:38 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\ivan\Desktop\MBR.dat
[2012/04/04 10:46:44 | 000,044,607 | ---- | M] () -- C:\Documents and Settings\ivan\Desktop\bootkit_remover.zip
[2012/04/04 09:59:02 | 000,000,508 | ---- | M] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 3d3b28ec-3f26-4d34-a2f8-810af41dc5ac.job
[2012/04/04 02:00:00 | 000,000,508 | ---- | M] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 39bb3ef2-2fdc-4521-889b-4651ad3e4c28.job
[2012/04/03 13:57:46 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\ivan\Desktop\8kzz5ksr.exe
[2012/04/03 13:55:15 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\ivan\Desktop\dds.scr
[2012/04/02 14:49:01 | 000,000,267 | ---- | M] () -- C:\WINDOWS\MYOBP.INI
[2012/04/02 14:48:56 | 000,000,044 | ---- | M] () -- C:\WINDOWS\MYOB.INI
[2012/03/29 16:09:46 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\6gg8V7.dat
[2012/03/29 11:10:48 | 000,010,593 | ---- | M] () -- C:\WINDOWS\CSTBox.INI
[2012/03/29 10:53:24 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\ivan\Desktop\aswMBR.exe
[2012/03/29 08:58:53 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Professional.lnk
[2012/03/29 08:40:22 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2012/03/29 07:49:28 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/03/29 07:40:57 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/28 16:26:18 | 000,225,280 | ---- | M] () -- C:\Documents and Settings\ivan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/15 09:19:56 | 000,226,408 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/03/15 08:40:46 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\ivan\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2012/03/14 17:01:48 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/03/07 15:12:14 | 000,041,849 | ---- | M] () -- C:\Documents and Settings\ivan\My Documents\Cricket - Fun photo.JPG
[2012/03/07 15:10:42 | 000,557,390 | ---- | M] () -- C:\Documents and Settings\ivan\My Documents\Cricket - Fun photo.tif
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/05 10:35:49 | 2138,574,848 | -HS- | C] () -- C:\hiberfil.sys
[2012/04/04 13:59:03 | 001,008,141 | ---- | C] () -- C:\Documents and Settings\ivan\Desktop\rkill.com
[2012/04/04 12:13:12 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/04/04 12:13:06 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/04/04 12:10:49 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/04/04 12:10:49 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/04/04 12:10:49 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/04/04 12:10:49 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/04/04 12:10:49 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/04/04 10:46:37 | 000,044,607 | ---- | C] () -- C:\Documents and Settings\ivan\Desktop\bootkit_remover.zip
[2012/04/03 13:57:42 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\ivan\Desktop\8kzz5ksr.exe
[2012/03/29 13:48:24 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\ivan\Desktop\MBR.dat
[2012/03/29 10:54:30 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\6gg8V7.dat
[2012/03/29 08:59:15 | 000,000,508 | ---- | C] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 3d3b28ec-3f26-4d34-a2f8-810af41dc5ac.job
[2012/03/29 08:59:14 | 000,000,508 | ---- | C] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 39bb3ef2-2fdc-4521-889b-4651ad3e4c28.job
[2012/03/29 08:58:53 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Professional.lnk
[2012/03/29 07:40:57 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/28 17:24:44 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/03/07 15:12:14 | 000,041,849 | ---- | C] () -- C:\Documents and Settings\ivan\My Documents\Cricket - Fun photo.JPG
[2012/03/07 15:10:38 | 000,557,390 | ---- | C] () -- C:\Documents and Settings\ivan\My Documents\Cricket - Fun photo.tif
[2012/02/20 07:47:34 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/02/28 14:03:40 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2011/02/28 14:03:40 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2011/02/28 14:03:16 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\ivan\Application Data\$_hpcst$.hpc
[2010/04/29 10:51:21 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

========== LOP Check ==========

[2012/01/23 08:50:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2012/04/03 09:23:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2011/02/28 08:34:20 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/04/02 11:55:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2012/02/09 11:13:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2008/08/20 15:33:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2011/04/20 15:40:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2008/08/21 10:00:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ivan\Application Data\Canon
[2009/04/23 10:31:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ivan\Application Data\gtk-2.0
[2011/04/12 17:35:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ivan\Application Data\Inkscape
[2011/09/06 15:23:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ivan\Application Data\ML
[2011/04/18 15:02:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ivan\Application Data\Mp3tag
[2008/08/21 10:03:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ivan\Application Data\NewSoft
[2012/02/09 11:18:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ivan\Application Data\Samsung
[2008/08/20 15:33:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ivan\Application Data\ScanSoft
[2010/08/25 11:15:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ivan\Application Data\YCanPDF
[2012/04/04 02:00:00 | 000,000,508 | ---- | M] () -- C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 39bb3ef2-2fdc-4521-889b-4651ad3e4c28.job
[2012/04/04 09:59:02 | 000,000,508 | ---- | M] () -- C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 3d3b28ec-3f26-4d34-a2f8-810af41dc5ac.job

========== Purity Check ==========
 
OTL.txt (Part 2 of 2)
==================================================


========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2008/08/20 15:06:55 | 000,000,024 | ---- | M] () -- C:\AUTOEXEC.BAT
[2012/03/29 08:40:22 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2012/04/04 12:13:12 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2012/04/05 10:10:15 | 000,010,349 | ---- | M] () -- C:\ComboFix.txt
[2012/04/05 10:35:49 | 2138,574,848 | -HS- | M] () -- C:\hiberfil.sys
[2006/01/12 03:39:45 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2006/01/12 03:39:45 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 20:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/05/28 09:50:01 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2012/04/05 10:35:47 | 792,723,456 | -HS- | M] () -- C:\pagefile.sys
[2010/06/04 10:07:55 | 000,000,764 | ---- | M] () -- C:\Rescued document 1.txt
[2011/09/22 09:42:29 | 000,000,602 | ---- | M] () -- C:\Rescued document 2.txt
[2011/09/22 10:05:06 | 000,000,562 | ---- | M] () -- C:\Rescued document 3.txt
[2010/06/04 10:04:40 | 000,000,820 | ---- | M] () -- C:\Rescued document.txt
[2012/04/04 14:02:45 | 000,000,310 | ---- | M] () -- C:\rkill.log
[2004/08/05 03:00:00 | 000,047,564 | -HS- | M] () -- C:\__0X02BF
[2004/08/05 03:00:00 | 000,250,032 | -HS- | M] () -- C:\__0x02c0

< %systemroot%\Fonts\*.com >

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2004/08/10 01:32:58 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2005/06/10 22:55:08 | 000,067,072 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp052.DLL
[2006/04/25 05:07:24 | 000,069,120 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp43e.DLL
[2007/02/13 19:22:00 | 000,286,208 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp4wm.DLL
[2007/04/09 12:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2004/08/10 01:20:10 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2004/08/10 01:20:10 | 000,659,456 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2004/08/10 01:20:10 | 000,864,256 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2008/05/28 09:55:35 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >
[2004/08/10 08:59:58 | 000,524,288 | -H-- | M] () -- C:\WINDOWS\system32\config\systemprofile\__0X0042
[2004/08/10 06:59:58 | 000,001,024 | -H-- | M] () -- C:\WINDOWS\system32\config\systemprofile\__0X0043
[2004/08/10 06:59:58 | 000,000,178 | -H-- | M] () -- C:\WINDOWS\system32\config\systemprofile\__0x0044

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2008/08/12 12:03:52 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\ivan\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2004/08/10 06:42:00 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\ivan\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2012/04/03 13:57:46 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\ivan\Desktop\8kzz5ksr.exe
[2012/03/29 10:53:24 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\ivan\Desktop\aswMBR.exe
[2010/05/17 11:25:43 | 002,131,808 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\ivan\Desktop\avg_free_stb_all_9_114_cnet.exe
[2011/09/20 03:02:40 | 000,083,968 | ---- | M] (Esage Lab) -- C:\Documents and Settings\ivan\Desktop\boot_cleaner.exe
[2010/05/05 09:28:13 | 003,382,520 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\ivan\Desktop\ccsetup231.exe
[2008/09/19 10:13:49 | 028,868,320 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\ivan\Desktop\FileFormatConverters.exe
[2009/03/25 12:54:09 | 003,879,797 | ---- | M] () -- C:\Documents and Settings\ivan\Desktop\FileZilla_3.2.3_win32-setup.exe
[2011/01/27 13:29:23 | 312,528,557 | ---- | M] (Arobas Music ) -- C:\Documents and Settings\ivan\Desktop\GuitarPro6Demo-rev9067.exe
[2009/04/23 10:07:53 | 035,074,836 | ---- | M] () -- C:\Documents and Settings\ivan\Desktop\Inkscape-0.46.win32.exe
[2011/03/31 09:35:13 | 003,135,064 | ---- | M] () -- C:\Documents and Settings\ivan\Desktop\lide70osmwin200us.exe
[2011/03/17 12:36:46 | 014,203,112 | ---- | M] () -- C:\Documents and Settings\ivan\Desktop\ljp3005pcl6win2kxp2003vista2008.exe
[2009/03/25 10:16:25 | 001,091,264 | ---- | M] (Xiph.Org) -- C:\Documents and Settings\ivan\Desktop\oggcodecs_0.81.15562-win32.exe
[2012/04/05 10:37:54 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ivan\Desktop\OTL.exe
[2010/08/25 10:45:25 | 014,499,958 | ---- | M] (PDF OCR ) -- C:\Documents and Settings\ivan\Desktop\pdfocr.exe
[2010/07/22 13:08:36 | 015,291,693 | ---- | M] (EffectMatrix Inc. ) -- C:\Documents and Settings\ivan\Desktop\tvc.exe
[2011/04/20 15:36:42 | 020,153,672 | ---- | M] () -- C:\Documents and Settings\ivan\Desktop\winzip150.exe
[2008/09/03 17:29:11 | 001,206,366 | ---- | M] () -- C:\Documents and Settings\ivan\Desktop\wrar371.exe
[2012/04/04 14:01:23 | 004,455,431 | R--- | M] (Swearware) -- C:\Documents and Settings\ivan\Desktop\your_name.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\tasks\*.* >
[2004/08/04 20:00:00 | 000,000,065 | RH-- | M] () -- C:\WINDOWS\tasks\desktop.ini
[2012/04/05 10:35:52 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2012/04/04 02:00:00 | 000,000,508 | ---- | M] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 39bb3ef2-2fdc-4521-889b-4651ad3e4c28.job
[2012/04/04 09:59:02 | 000,000,508 | ---- | M] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 3d3b28ec-3f26-4d34-a2f8-810af41dc5ac.job

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >
[2011/04/14 11:23:04 | 000,288,040 | ---- | M] () -- C:\Documents and Settings\ivan\My Documents\SoftonicDownloader_for_cricket-scorer.exe
[2006/12/15 09:53:46 | 001,035,271 | ---- | M] () -- C:\Documents and Settings\ivan\My Documents\wrar362.exe

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >
[2005/02/05 10:50:56 | 000,031,736 | ---- | M] () -- C:\WINDOWS\Driver Cache\CUTEPDFW.PPD
[2006/06/01 19:41:18 | 001,441,792 | ---- | M] () -- C:\WINDOWS\Driver Cache\hpbcfgre.DLL
[2007/08/07 13:22:18 | 000,344,064 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\Driver Cache\hpbicoin.dll
[2005/06/20 13:33:42 | 000,081,920 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\Driver Cache\HPBMIAPI.DLL
[2006/01/24 16:07:28 | 000,241,721 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\Driver Cache\HPBMINI.DLL
[2005/06/20 13:33:06 | 000,049,152 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\Driver Cache\HPBNRAC2.DLL
[2006/11/16 18:15:52 | 000,025,600 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\Driver Cache\HPBOID.DLL
[2004/10/16 04:31:06 | 000,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\Driver Cache\HPBOID.EXE
[2005/06/20 13:33:44 | 000,057,344 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\Driver Cache\HPBOIDPS.DLL
[2006/11/16 18:16:06 | 000,038,912 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\Driver Cache\HPBPRO.DLL
[2005/05/20 09:37:12 | 000,081,920 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\Driver Cache\HPBPRO.EXE
[2005/06/20 13:33:46 | 000,057,344 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\Driver Cache\HPBPROPS.DLL
[2006/06/29 17:53:02 | 000,012,218 | ---- | M] () -- C:\WINDOWS\Driver Cache\hpc30056.GPD
[2006/06/29 17:55:06 | 000,014,077 | ---- | M] () -- C:\WINDOWS\Driver Cache\hpc30x56.XML
[2006/07/04 10:11:14 | 000,108,700 | ---- | M] () -- C:\WINDOWS\Driver Cache\hpc30xx6.GPD
[2006/07/04 23:42:49 | 004,605,305 | ---- | M] () -- C:\WINDOWS\Driver Cache\hpc30xxc.cab
[2005/12/22 12:21:46 | 000,000,164 | ---- | M] () -- C:\WINDOWS\Driver Cache\hpc30xxc.INI
[2005/05/26 20:02:52 | 000,021,560 | ---- | M] () -- C:\WINDOWS\Driver Cache\HPC38006.GPD
[2005/06/10 20:23:12 | 000,012,426 | ---- | M] () -- C:\WINDOWS\Driver Cache\HPC38006.XML
[2005/06/14 05:51:30 | 004,138,348 | ---- | M] () -- C:\WINDOWS\Driver Cache\hpc3800c.cab
[2004/11/22 18:57:46 | 000,000,164 | ---- | M] () -- C:\WINDOWS\Driver Cache\hpc3800c.INI
[2005/06/08 16:58:38 | 000,099,067 | ---- | M] () -- C:\WINDOWS\Driver Cache\hpc380x6.GPD
[2006/04/28 12:10:36 | 000,663,624 | ---- | M] (HP) -- C:\WINDOWS\Driver Cache\hpcdmc32.dll
[2005/06/29 14:52:46 | 000,018,901 | ---- | M] () -- C:\WINDOWS\Driver Cache\HPCEAC05.HPI
[2006/11/02 18:32:06 | 000,018,747 | ---- | M] () -- C:\WINDOWS\Driver Cache\hpceac06.hpi
[2006/06/07 04:43:32 | 000,173,039 | ---- | M] () -- C:\WINDOWS\Driver Cache\hpcp3005.CFG
[2006/06/07 04:43:32 | 000,031,067 | ---- | M] () -- C:\WINDOWS\Driver Cache\hpcp3005.cf_
[2005/05/06 06:12:26 | 000,134,260 | ---- | M] () -- C:\WINDOWS\Driver Cache\hpcp3800.CFG
[2005/05/06 06:12:26 | 000,025,086 | ---- | M] () -- C:\WINDOWS\Driver Cache\hpcp3800.cf_
[2005/03/22 10:22:40 | 000,225,792 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\Driver Cache\HPFIE052.DLL
[2005/06/20 13:33:48 | 000,163,840 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\Driver Cache\HPJCMN2U.DLL
[2005/06/20 13:33:52 | 000,094,208 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\Driver Cache\HPJIPX1U.DLL
[2004/10/16 04:31:22 | 000,061,440 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\Driver Cache\HPNRA.EXE
[2005/06/20 13:51:30 | 000,213,063 | ---- | M] (HP) -- C:\WINDOWS\Driver Cache\HPPAPML0.DLL
[2005/06/20 13:51:28 | 000,225,351 | ---- | M] (HP) -- C:\WINDOWS\Driver Cache\HPPAPTS0.DLL
[2005/06/20 13:51:18 | 000,208,969 | ---- | M] (HP) -- C:\WINDOWS\Driver Cache\HPPASNM0.DLL
[2007/02/13 17:47:54 | 000,977,920 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\Driver Cache\hpz3c4wm.dll
[2005/06/07 00:10:20 | 000,011,649 | ---- | M] () -- C:\WINDOWS\Driver Cache\hpz6m052.GPD
[2006/05/05 16:12:30 | 000,011,745 | ---- | M] () -- C:\WINDOWS\Driver Cache\hpz6m43e.GPD
[2007/02/15 14:10:36 | 000,012,038 | ---- | M] () -- C:\WINDOWS\Driver Cache\hpz6m4wm.GPD
[2005/06/10 22:55:42 | 001,189,376 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\Driver Cache\hpz6r052.DLL
[2006/04/25 05:08:08 | 001,336,320 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\Driver Cache\hpz6r43e.DLL
[2007/02/13 19:23:12 | 001,468,928 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\Driver Cache\hpz6r4wm.DLL
[2005/06/10 22:55:16 | 000,548,352 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\Driver Cache\hpzev052.DLL
[2006/04/25 05:07:30 | 000,408,576 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\Driver Cache\hpzev43e.DLL
[2007/02/13 19:22:18 | 000,435,712 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\Driver Cache\hpzev4wm.DLL
[2005/06/10 20:38:18 | 000,923,676 | ---- | M] () -- C:\WINDOWS\Driver Cache\HPZHL052.CAB
[2006/04/25 01:28:48 | 001,134,874 | ---- | M] () -- C:\WINDOWS\Driver Cache\HPZHL43e.CAB
[2007/02/14 08:36:44 | 002,337,433 | ---- | M] () -- C:\WINDOWS\Driver Cache\HPZHL4wm.CAB
[2005/06/20 13:51:22 | 000,278,584 | ---- | M] (HP) -- C:\WINDOWS\Driver Cache\HPZIDR12.DLL
[2006/05/11 17:15:42 | 000,043,520 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\Driver Cache\HPZINW12.DLL
[2005/04/29 16:43:44 | 000,065,536 | ---- | M] (HP) -- C:\WINDOWS\Driver Cache\HPZINW12.EXE
[2006/05/11 17:15:50 | 000,052,736 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\Driver Cache\HPZIPM12.DLL
[2005/04/29 16:44:06 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\Driver Cache\HPZIPM12.EXE
[2005/06/20 13:51:32 | 000,204,800 | ---- | M] (HP) -- C:\WINDOWS\Driver Cache\HPZIPR12.DLL
[2005/06/20 13:51:34 | 000,094,208 | ---- | M] (HP) -- C:\WINDOWS\Driver Cache\HPZIPT12.DLL
[2005/06/20 13:51:26 | 000,057,344 | ---- | M] (HP) -- C:\WINDOWS\Driver Cache\HPZISN12.DLL
[2005/06/10 22:55:22 | 001,234,432 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\Driver Cache\hpzls052.DLL
[2006/04/25 05:07:52 | 001,390,592 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\Driver Cache\hpzls43e.DLL
[2007/02/13 19:22:38 | 001,588,224 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\Driver Cache\hpzls4wm.DLL
[2007/02/13 19:22:20 | 000,179,200 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\Driver Cache\hpzpe4wm.DLL
[2007/02/13 19:23:18 | 000,117,248 | ---- | M] () -- C:\WINDOWS\Driver Cache\hpzpi4wm.DLL
[2007/02/13 19:23:26 | 000,103,424 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\Driver Cache\hpzpnp.dll
[2005/06/10 22:55:08 | 000,067,072 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\Driver Cache\hpzpp052.DLL
[2006/04/25 05:07:24 | 000,069,120 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\Driver Cache\hpzpp43e.DLL
[2007/02/13 19:22:00 | 000,286,208 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\Driver Cache\hpzpp4wm.DLL
[2005/03/22 10:19:28 | 000,004,701 | ---- | M] () -- C:\WINDOWS\Driver Cache\hpzsc052.DTD
[2005/05/30 21:17:18 | 000,004,694 | ---- | M] () -- C:\WINDOWS\Driver Cache\hpzsc43e.DTD
[2006/07/04 22:36:14 | 000,008,294 | ---- | M] () -- C:\WINDOWS\Driver Cache\hpzsc4wm.DTD
[2005/06/10 20:38:18 | 000,088,093 | ---- | M] () -- C:\WINDOWS\Driver Cache\hpzsm052.GPD
[2006/06/08 15:07:02 | 000,095,047 | ---- | M] () -- C:\WINDOWS\Driver Cache\hpzsm43e.GPD
[2007/02/14 08:30:54 | 000,144,720 | ---- | M] () -- C:\WINDOWS\Driver Cache\hpzsm4wm.GPD
[2005/06/10 21:54:54 | 000,562,688 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\Driver Cache\hpzss052.DLL
[2006/04/25 02:39:54 | 000,562,688 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\Driver Cache\hpzss43e.DLL
[2007/02/13 18:53:18 | 000,670,208 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\Driver Cache\hpzss4wm.DLL
[2005/06/10 20:41:28 | 003,088,384 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\Driver Cache\hpzst052.DLL
[2006/04/25 01:31:38 | 003,950,592 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\Driver Cache\hpzst43e.DLL
[2007/02/13 17:42:42 | 005,580,288 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\Driver Cache\hpzst4wm.DLL
[2005/06/10 22:55:14 | 002,033,664 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\Driver Cache\hpzui052.DLL
[2006/04/25 05:07:40 | 002,461,696 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\Driver Cache\hpzui43e.DLL
[2007/02/13 19:22:14 | 003,269,120 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\Driver Cache\hpzui4wm.DLL
[2007/02/13 17:47:12 | 003,459,072 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\Driver Cache\hpzur4wm.dll
[2007/04/09 12:24:04 | 000,758,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Driver Cache\mdigraph.dll
[2007/04/09 12:23:58 | 000,046,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Driver Cache\mdiui.dll
[2006/07/04 23:43:14 | 000,302,967 | ---- | M] () -- C:\WINDOWS\Driver Cache\p6i2arww.cab
[2006/07/04 23:43:15 | 000,302,845 | ---- | M] () -- C:\WINDOWS\Driver Cache\p6i2caww.cab
[2006/07/04 23:43:16 | 000,303,849 | ---- | M] () -- C:\WINDOWS\Driver Cache\p6i2csww.cab
[2006/07/04 23:43:18 | 000,302,695 | ---- | M] () -- C:\WINDOWS\Driver Cache\p6i2daww.cab
[2006/07/04 23:43:19 | 000,303,569 | ---- | M] () -- C:\WINDOWS\Driver Cache\p6i2deww.cab
[2006/07/04 23:43:22 | 000,303,541 | ---- | M] () -- C:\WINDOWS\Driver Cache\p6i2elww.cab
[2006/07/04 23:43:20 | 000,303,435 | ---- | M] () -- C:\WINDOWS\Driver Cache\p6i2enww.cab
[2006/07/04 23:43:20 | 000,302,845 | ---- | M] () -- C:\WINDOWS\Driver Cache\p6i2esww.cab
[2006/07/04 23:43:31 | 000,302,867 | ---- | M] () -- C:\WINDOWS\Driver Cache\p6i2fiww.cab
[2006/07/04 23:43:21 | 000,304,585 | ---- | M] () -- C:\WINDOWS\Driver Cache\p6i2frww.cab
[2006/07/04 23:43:23 | 000,302,621 | ---- | M] () -- C:\WINDOWS\Driver Cache\p6i2heww.cab
[2006/07/04 23:43:26 | 000,303,953 | ---- | M] () -- C:\WINDOWS\Driver Cache\p6i2huww.cab
[2006/07/04 23:43:23 | 000,304,303 | ---- | M] () -- C:\WINDOWS\Driver Cache\p6i2itww.cab
[2006/07/04 23:43:24 | 000,302,781 | ---- | M] () -- C:\WINDOWS\Driver Cache\p6i2jaww.cab
[2006/07/04 23:43:25 | 000,301,793 | ---- | M] () -- C:\WINDOWS\Driver Cache\p6i2koww.cab
[2006/07/04 23:43:27 | 000,303,635 | ---- | M] () -- C:\WINDOWS\Driver Cache\p6i2nlww.cab
[2006/07/04 23:43:27 | 000,302,909 | ---- | M] () -- C:\WINDOWS\Driver Cache\p6i2noww.cab
[2006/07/04 23:43:28 | 000,304,057 | ---- | M] () -- C:\WINDOWS\Driver Cache\p6i2plww.cab
[2006/07/04 23:43:29 | 000,304,097 | ---- | M] () -- C:\WINDOWS\Driver Cache\p6i2ptww.cab
[2006/07/04 23:43:30 | 000,303,187 | ---- | M] () -- C:\WINDOWS\Driver Cache\p6i2ruww.cab
[2006/07/04 23:43:30 | 000,303,435 | ---- | M] () -- C:\WINDOWS\Driver Cache\p6i2skww.cab
[2006/07/04 23:43:32 | 000,302,733 | ---- | M] () -- C:\WINDOWS\Driver Cache\p6i2svww.cab
[2006/07/04 23:43:33 | 000,303,435 | ---- | M] () -- C:\WINDOWS\Driver Cache\p6i2thww.cab
[2006/07/04 23:43:33 | 000,303,549 | ---- | M] () -- C:\WINDOWS\Driver Cache\p6i2trww.cab
[2006/07/04 23:43:16 | 000,302,159 | ---- | M] () -- C:\WINDOWS\Driver Cache\p6i2zhcn.cab
[2006/07/04 23:43:17 | 000,300,553 | ---- | M] () -- C:\WINDOWS\Driver Cache\p6i2zhtw.cab
[2004/07/10 02:56:00 | 000,169,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Driver Cache\pclxl.DLL
[2002/05/23 09:21:46 | 000,010,375 | ---- | M] () -- C:\WINDOWS\Driver Cache\pclxl.GPD
[2002/05/23 09:21:50 | 000,001,156 | ---- | M] () -- C:\WINDOWS\Driver Cache\pjl.GPD
[2002/07/22 12:05:04 | 000,129,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Driver Cache\PS5UI.DLL
[2002/07/22 12:05:04 | 000,026,038 | ---- | M] () -- C:\WINDOWS\Driver Cache\PSCRIPT.HLP
[2003/05/03 10:37:36 | 000,790,300 | ---- | M] () -- C:\WINDOWS\Driver Cache\PSCRIPT.NTF
[2002/07/22 12:05:04 | 000,455,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Driver Cache\PSCRIPT5.DLL
[2002/05/23 09:22:06 | 000,014,362 | ---- | M] () -- C:\WINDOWS\Driver Cache\STDNAMES.GPD
[2004/08/04 11:26:48 | 000,264,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Driver Cache\UNIDRV.DLL
[2003/03/28 03:07:08 | 000,021,225 | ---- | M] () -- C:\WINDOWS\Driver Cache\UNIDRV.HLP
[2004/08/04 11:26:48 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Driver Cache\UNIDRVUI.DLL
[2004/08/04 11:26:36 | 000,619,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Driver Cache\UNIRES.DLL

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2007/05/09 10:14:13 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\ivan\Favorites\Desktop.ini
[1996/10/11 14:56:50 | 000,000,257 | ---- | M] () -- C:\Documents and Settings\ivan\Favorites\My Documents.lnk

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2008/08/12 11:54:24 | 000,002,412 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2009/04/20 18:58:37 | 000,000,067 | -HS- | M] () -- C:\Documents and Settings\ivan\Cookies\desktop.ini
[2012/04/05 10:49:59 | 000,147,456 | -HS- | M] () -- C:\Documents and Settings\ivan\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2008/04/14 05:42:40 | 000,208,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/14 05:41:52 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2004/08/04 20:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2004/08/04 22:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2008/05/03 02:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/13 23:00:30 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/14 05:42:30 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2004/08/04 22:06:36 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2004/08/04 22:06:36 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2004/08/04 20:06:36 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2004/08/04 22:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/08/04 22:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

< >

< End of report >
 
You must log in or register to reply here.

Similar threads

S
Solved Windows Task Manager crashes after opening
2
Replies
32
Views
10K
Broni
Broni
P
  • Locked
Inactive Backdoor Virus?
Replies
1
Views
1K
Broni
Broni
M
Solved SmartService rootkit. Problem with Searching.com. Can't install/ run most programs.
2
Replies
44
Views
10K
Broni
Broni

Latest posts

Back