Jump to content

Google search results redirected


Recommended Posts

I am using Windows XP SP2 and Mozilla Firefox 3.6

I seemed to have caught that malware that redirects Google search results to some random sites. However I have not experienced this with other search engines like Bing. Also, once in a while a new tab will open and load to another random site. Internet Explorer is not experiencing any of these problems.

Full scans using up-to-date MBAM, Norton Internet Security and Super Anti-Spyware return clean (except for some tracking cookies which MBAM does not flag at all).

Here is my MBAM quick scan log:

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4251

Windows 5.1.2600 Service Pack 2

Internet Explorer 8.0.6001.18702

6/28/2010 8:25:29 PM

mbam-log-2010-06-28 (20-25-29).txt

Scan type: Quick scan

Objects scanned: 136900

Time elapsed: 9 minute(s), 27 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

And here is my HijackThis log:

Logfile of HijackThis v1.99.1

Scan saved at 8:26:41 PM, on 6/28/2010

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Drivers\Java\bin\jqs.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\ehome\ehtray.exe

C:\Players\iTunes\iTunesHelper.exe

C:\Drivers\Java\bin\jusched.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\WINDOWS\stsystra.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\AIM\aim.exe

C:\Drivers\Netgear\WG111v3.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\notepad.exe

F:\Program Installers\Hijack This (Executable).exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555

O2 - BHO: (no name) - {0bb2781e-33cc-46e4-af8e-44b10ca5cff4} - vakemuna.dll (file missing)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\IPSBHO.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Drivers\Java\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Drivers\Java\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\coIEPlg.dll

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Players\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Drivers\Java\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Aim] "C:\Program Files\AIM\aim.exe" /d locale=en-US

O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Drivers\Netgear\WG111v3.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Programs\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programs\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Internet Utilities\BitComet\tools\BitCometBHO_1.3.3.2.dll/206 (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O20 - AppInit_DLLs: nipiduja.dll c:\windows\system32\fivahofi.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Security\Super Anti-Spyware\SASWINLO.DLL

O21 - SSODL: direzowun - {4114d915-c0fd-4c6a-84a8-085e76a7a9c3} - c:\windows\system32\fivahofi.dll (file missing)

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /svc (file missing)

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Drivers\Java\bin\jqs.exe" -service -config "C:\Drivers\Java\lib\deploy\jqs\jqs.conf (file missing)

O23 - Service: Lavasoft Ad-Aware Service - Unknown owner - C:\Security\Ad-Aware\AAWService.exe (file missing)

O23 - Service: Norton Internet Security (NIS) - Unknown owner - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe" /s "NIS" /m "C:\Program Files\Norton Internet Security\Engine\17.7.0.12\diMaster.dll" /prefetch:1 (file missing)

Can someone please help?

Link to post
Share on other sites

Hello RDK! Welcome to Malwarebytes' Anti-Malware Forums!

My name is Borislav and I will be glad to help you solve your problems with malware. Before we begin, please note the following:

  • The process of cleaning your system may take some time, so please be patient.
  • Follow my instructions step by step if there is a problem somewhere, stop and tell me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • If you don't know or can't understand something please ask.
  • Do not install or uninstall any software or hardware, while work on.
  • Keep me informed about any changes.

Step 1

Download DDS and save it to your desktop from here or here or here.

Double click dds.scr to run the tool.

  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt

    [*]Save both reports to your desktop. Post them back to your topic.

Step 2

Please download GMER from one of the following locations and save it to your desktop:

  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.

  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
    gmer_zip.gif
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.

-- If you encounter any problems, try running GMER in Safe Mode.

In your next reply, please include these log(s):

  1. DDS log with Attach.txt
  2. GMER log

Link to post
Share on other sites

DDS Log

DDS (Ver_10-03-17.01) - NTFSx86

Run by Robert at 11:25:48.23 on Tue 06/29/2010

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1534.616 [GMT -4:00]

AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\Ati2evxx.exe

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Drivers\Java\bin\jqs.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\ehome\ehtray.exe

C:\Players\iTunes\iTunesHelper.exe

C:\Drivers\Java\bin\jusched.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\WINDOWS\stsystra.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\AIM\aim.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Drivers\Netgear\WG111v3.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Internet Utilities\Firefox\firefox.exe

C:\Internet Utilities\Firefox\plugin-container.exe

C:\Documents and Settings\Robert\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank

uInternet Settings,ProxyServer = http=127.0.0.1:5555

BHO: {0bb2781e-33cc-46e4-af8e-44b10ca5cff4} - vakemuna.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\17.7.0.12\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\17.7.0.12\IPSBHO.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\drivers\java\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\drivers\java\lib\deploy\jqs\ie\jqs_plugin.dll

TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\17.7.0.12\coIEPlg.dll

TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Aim] "c:\program files\aim\aim.exe" /d locale=en-US

mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC

mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName

mRun: [ehTray] c:\windows\ehome\ehtray.exe

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "c:\players\itunes\iTunesHelper.exe"

mRun: [sunJavaUpdateSched] "c:\drivers\java\bin\jusched.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [sigmatelSysTrayApp] stsystra.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\drivers\netgear\WG111v3.exe

IE: E&xport to Microsoft Excel - c:\programs\micros~1\office11\EXCEL.EXE/3000

IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\internet utilities\bitcomet\tools\BitCometBHO_1.3.3.2.dll/206

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\programs\micros~1\office11\REFIEBAR.DLL

Trusted Zone: brassring.com\sjobs

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Notify: !SASWinLogon - c:\security\super anti-spyware\SASWINLO.DLL

Notify: AtiExtEvent - Ati2evxx.dll

AppInit_DLLs: nipiduja.dll c:\windows\system32\fivahofi.dll

SSODL: direzowun - {4114d915-c0fd-4c6a-84a8-085e76a7a9c3} - c:\windows\system32\fivahofi.dll

STS: gahurihor: {4114d915-c0fd-4c6a-84a8-085e76a7a9c3} - c:\windows\system32\fivahofi.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\security\super anti-spyware\SASSEH.DLL

LSA: Notification Packages = scecli nipiduja.dll

Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\robert\applic~1\mozilla\firefox\profiles\syjt9bbj.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com

FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=

FF - prefs.js: network.proxy.type - 0

FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.6.0.32\coffplgn\components\coFFPlgn.dll

FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.6.0.32\ipsffplgn\components\IPSFFPl.dll

FF - plugin: c:\documents and settings\robert\application data\move networks\plugins\npqmp071505000010.dll

FF - plugin: c:\documents and settings\robert\application data\move networks\plugins\npqmp071505000011.dll

FF - plugin: c:\drivers\java\bin\new_plugin\npdeploytk.dll

FF - plugin: c:\drivers\java\bin\new_plugin\npjp2.dll

FF - plugin: c:\players\itunes\mozilla plugins\npitunes.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll

---- FIREFOX POLICIES ----

FF - user.js: network.protocol-handler.warn-external.dnupdate - falsec:\internet utilities\firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\internet utilities\firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\internet utilities\firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\internet utilities\firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\internet utilities\firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\internet utilities\firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\internet utilities\firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\internet utilities\firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\internet utilities\firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\internet utilities\firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\internet utilities\firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\internet utilities\firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\internet utilities\firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\internet utilities\firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\internet utilities\firefox\greprefs\all.js - pref("network.proxy.type", 5);

c:\internet utilities\firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\internet utilities\firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\internet utilities\firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\internet utilities\firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\internet utilities\firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\internet utilities\firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\internet utilities\firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\internet utilities\firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\internet utilities\firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\internet utilities\firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\internet utilities\firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\internet utilities\firefox\greprefs\all.js - pref("html5.enable", false);

c:\internet utilities\firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\internet utilities\firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\internet utilities\firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\internet utilities\firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\internet utilities\firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\internet utilities\firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\internet utilities\firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\internet utilities\firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\internet utilities\firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\internet utilities\firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\internet utilities\firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\internet utilities\firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\internet utilities\firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\internet utilities\firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\internet utilities\firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\internet utilities\firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\internet utilities\firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\internet utilities\firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\internet utilities\firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\internet utilities\firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\internet utilities\firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\internet utilities\firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

c:\internet utilities\firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\internet utilities\firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\internet utilities\firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1107000.00c\symds.sys [2010-6-28 328752]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1107000.00c\symefa.sys [2010-6-28 173104]

R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.6.0.32\definitions\bashdefs\20100619.001\BHDrvx86.sys [2010-6-19 691248]

R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1107000.00c\cchpx86.sys [2010-6-28 501888]

R1 SASDIFSV;SASDIFSV;c:\security\super anti-spyware\sasdifsv.sys [2010-2-17 12872]

R1 SASKUTIL;SASKUTIL;c:\security\super anti-spyware\SASKUTIL.SYS [2010-5-10 67656]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1107000.00c\ironx86.sys [2010-6-28 116784]

R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2007-10-9 38144]

R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\17.7.0.12\ccsvchst.exe [2010-6-28 126392]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-6-27 102448]

R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.6.0.32\definitions\ipsdefs\20100625.001\IDSXpx86.sys [2010-6-27 331640]

R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.6.0.32\definitions\virusdefs\20100628.040\NAVENG.SYS [2010-6-29 85552]

R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.6.0.32\definitions\virusdefs\20100628.040\NAVEX15.SYS [2010-6-29 1347504]

R3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [2009-7-31 341504]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-22 136176]

S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\security\ad-aware\aawservice.exe" --> c:\security\ad-aware\AAWService.exe [?]

S2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]

S3 DMSKSSRh;DMSKSSRh;\??\c:\docume~1\robert\locals~1\temp\dmskssrh.sys --> c:\docume~1\robert\locals~1\temp\DMSKSSRh.sys [?]

=============== Created Last 30 ================

2010-06-29 15:10:28 0 d-----w- c:\docume~1\robert\applic~1\Tific

2010-06-28 16:17:36 0 d-----w- c:\docume~1\robert\applic~1\SUPERAntiSpyware.com

2010-06-28 16:17:36 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com

2010-06-28 03:50:50 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF

2010-06-28 03:50:50 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT

2010-06-28 03:50:50 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL

2010-06-28 03:50:50 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2010-06-28 03:50:49 0 d-----w- c:\program files\Symantec

2010-06-28 03:50:49 0 d-----w- c:\program files\common files\Symantec Shared

2010-06-28 03:50:00 0 d-----w- c:\windows\system32\drivers\NIS

2010-06-28 03:49:56 0 d-----w- c:\program files\Norton Internet Security

2010-06-28 03:49:46 0 d-----w- c:\program files\NortonInstaller

2010-06-27 03:14:36 0 d-----w- c:\docume~1\robert\applic~1\UFOAI

2010-06-26 00:47:37 0 d-----w- c:\windows\system32\vmm32

2010-06-26 00:37:27 0 d-----w- c:\docume~1\robert\applic~1\LucasArts

2010-06-25 21:51:01 376832 ----a-w- c:\windows\system32\AegisI5Installer.exe

2010-06-25 19:49:34 21361 ----a-w- c:\windows\system32\drivers\AegisP.sys

2010-06-25 19:47:35 0 d-----w- c:\windows\Downloaded Installations

2010-06-23 00:25:12 0 d-----w- c:\docume~1\alluse~1\applic~1\NortonInstaller

2010-06-23 00:20:41 0 d-----w- c:\docume~1\alluse~1\applic~1\Norton

2010-06-22 21:15:33 820 ----a-w- c:\documents and settings\robert\.recently-used.xbel

2010-06-18 23:18:47 529 ----a-w- c:\windows\eReg.dat

==================== Find3M ====================

2010-06-18 23:31:20 12400 ----a-w- c:\windows\system32\drivers\secdrv.sys

2010-05-27 07:18:15 107888 ----a-w- c:\windows\system32\CmdLineExt.dll

2009-09-23 05:06:40 686 ----a-w- c:\program files\INSTALL.LOG

2009-08-14 01:19:56 73728 ----a-w- c:\windows\inf\wg111v3\win7x64\SetVistaDrv64.exe

2009-07-31 19:12:18 341504 ----a-w- c:\windows\inf\wg111v3\wg111v3.sys

2009-07-20 22:20:04 65536 ----a-w- c:\windows\inf\wg111v3\win7x86\SetVistaDrv.exe

2009-06-03 14:36:22 74752 ----a-w- c:\windows\inf\wg111v3\SetDrv64.exe

2009-06-03 14:30:26 49152 ----a-w- c:\windows\inf\wg111v3\SetDrv.exe

2009-04-01 13:49:14 57344 ----a-w- c:\windows\inf\wg111v3\SetVistaDrv.exe

2008-12-12 22:13:32 512000 ----a-w- c:\windows\inf\wg111v3\win7x64\DIFxAPI.dll

2008-12-12 21:57:46 313856 ----a-w- c:\windows\inf\wg111v3\win7x86\DIFxAPI.dll

2006-12-15 15:30:36 98304 ----a-w- c:\windows\inf\wg111v3\UScanM.exe

2006-12-15 15:30:36 315392 ----a-w- c:\windows\inf\wg111v3\InstallDriver.exe

2006-12-15 15:30:36 212992 ----a-w- c:\windows\inf\wg111v3\CopyWHQLDriver.exe

2006-12-15 15:30:36 20480 ----a-w- c:\windows\inf\wg111v3\RTWUPath.exe

2006-12-15 15:30:36 19968 ----a-w- c:\windows\inf\wg111v3\RTWREFU.EXE

2006-03-16 12:24:24 49664 ----a-w- c:\windows\inf\wg111v3\devcon.exe

2003-12-18 15:33:46 20102 ----a-w- c:\program files\Readme.txt

2003-09-03 11:46:54 10960 ----a-w- c:\program files\EULA.txt

============= FINISH: 11:27:46.14 ===============

Link to post
Share on other sites

Attach Log

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume2

Install Date: 3/12/2010 4:28:58 PM

System Uptime: 6/29/2010 10:32:26 AM (1 hours ago)

Motherboard: Dell Inc. | | 0KF623

Processor: Intel® Pentium® 4 CPU 3.00GHz | Microprocessor | 2992/800mhz

Processor: Intel® Pentium® 4 CPU 3.00GHz | Microprocessor | 2992/800mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 70 GiB total, 16.837 GiB free.

D: is CDROM ()

E: is CDROM ()

F: is FIXED (FAT32) - 112 GiB total, 5.778 GiB free.

G: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: Intel® PRO/100 VE Network Connection

Device ID: PCI\VEN_8086&DEV_27DC&SUBSYS_01AB1028&REV_01\4&5855BE9&0&40F0

Manufacturer: Intel

Name: Intel® PRO/100 VE Network Connection

PNP Device ID: PCI\VEN_8086&DEV_27DC&SUBSYS_01AB1028&REV_01\4&5855BE9&0&40F0

Service: E100B

==== System Restore Points ===================

RP1: 6/24/2010 3:51:00 PM - System Checkpoint

RP2: 6/24/2010 3:56:22 PM - Avg Update

RP3: 6/24/2010 4:01:19 PM - Installed Windows Internet Explorer 8.

RP4: 6/25/2010 3:47:58 PM - Installed NETGEAR WG111v3 wireless USB 2.0 adapter

RP5: 6/25/2010 5:14:15 PM - Installed Linksys Wireless-G USB Network Adapter

RP6: 6/25/2010 5:32:00 PM - Removed Linksys Wireless-G USB Network Adapter

RP7: 6/25/2010 5:43:33 PM - Configured NETGEAR WG111v3 wireless USB 2.0 adapter

RP8: 6/25/2010 5:48:32 PM - Installed NETGEAR WG111v3 wireless USB 2.0 adapter

RP9: 6/25/2010 5:52:40 PM - Configured NETGEAR WG111v3 wireless USB 2.0 adapter

RP10: 6/25/2010 5:53:53 PM - Installed NETGEAR WG111v3 wireless USB 2.0 adapter

RP11: 6/28/2010 8:10:52 PM - Removed AVG Free 9.0

RP12: 6/28/2010 8:11:51 PM - Installed AVG Free 9.0

==== Installed Programs ======================

AAC Decoder

AC3Filter 1.63b

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 9.3.2

AIM 7

Apple Mobile Device Support

Apple Software Update

ArcSoft PhotoStudio 5

ATI Display Driver

AutoUpdate

BitComet 1.13

Bonjour

Chessmaster Grandmaster Edition

CutePDF Writer 2.8

Dawn of War - Dark Crusade

Dell Resource CD

DivX Codec

DivX Plus DirectShow Filters

DivX Version Checker

Easy Uninstaller

GIMP 2.6.8

Glary Utilities 2.5.2

GOM Player

Google Earth Plug-in

Google Update Helper

H.264 Decoder

HijackThis 1.99.1

Imperialism

Imperialism II

Impulse

Intel® 537EP V9x DF PCI Modem

Intel® PRO Network Connections Drivers

iTunes

Java 6 Update 17

Java 6 Update 4

LimeWire PRO 4.17.0

Malwarebytes' Anti-Malware

MATLAB Student 7.1

Microsoft .NET Framework 1.1

Microsoft .NET Framework 2.0 Service Pack 1

Microsoft .NET Framework 3.0 Service Pack 1

Microsoft .NET Framework 3.5

Microsoft Office Professional Edition 2003

Microsoft VC9 runtime libraries

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

MKV Splitter

Move Media Player

Mozilla Firefox (3.6.6)

MPEG2 Codec(libmpeg2/mad)

MSXML 6.0 Parser (KB933579)

MSXML4 Parser

NETGEAR WG111v3 wireless USB 2.0 adapter

Norton Internet Security

OpenAL

QuickTime

SigmaTel Audio

Sonic Encoders

Spybot - Search & Destroy

Steam

SUPERAntiSpyware

The Dig

The New Kosciuszko Foundation Dictionary

UFO:AI 2.3

Update for Windows XP (KB932823-v3)

Update Rollup 2 for Windows XP Media Center Edition 2005

VC80CRTRedist - 8.0.50727.762

Visual C++ 2008 x86 Runtime - (v9.0.30729)

Visual C++ 2008 x86 Runtime - v9.0.30729.01

WebFldrs XP

Winamp

Windows Internet Explorer 8

Windows Media Format Runtime

WinRAR archiver

X-COM: Terror from the Deep

XML Paper Specification Shared Components Pack 1.0

==== End Of File ===========================

Link to post
Share on other sites

GMER Log

GMER 1.0.15.15281 - http://www.gmer.net

Rootkit scan 2010-06-29 13:03:40

Windows 5.1.2600 Service Pack 2

Running: 6nsu6n7q.exe; Driver: C:\DOCUME~1\Robert\LOCALS~1\Temp\pxtdrpob.sys

---- System - GMER 1.0.15 ----

SSDT 895E8050 ZwAlertResumeThread

SSDT 8980F1B0 ZwAlertThread

SSDT 89215BD8 ZwAllocateVirtualMemory

SSDT 89336050 ZwAssignProcessToJobObject

SSDT 896066F0 ZwConnectPort

SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xB6ADA210]

SSDT 895E83A0 ZwCreateMutant

SSDT 89228530 ZwCreateSymbolicLinkObject

SSDT 892DA708 ZwCreateThread

SSDT 89343108 ZwDebugActiveProcess

SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xB6ADA490]

SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xB6ADA9F0]

SSDT 89215E70 ZwDuplicateObject

SSDT spzy.sys ZwEnumerateKey [0xB9EC9E4C]

SSDT spzy.sys ZwEnumerateValueKey [0xB9ECA1DA]

SSDT 895DEF00 ZwFreeVirtualMemory

SSDT 892CC050 ZwImpersonateAnonymousToken

SSDT 89296050 ZwImpersonateThread

SSDT 895E0178 ZwLoadDriver

SSDT 895DEDA0 ZwMapViewOfSection

SSDT 892CA050 ZwOpenEvent

SSDT spzy.sys ZwOpenKey [0xB9EAF0C0]

SSDT 8920E630 ZwOpenProcess

SSDT 89603740 ZwOpenProcessToken

SSDT 89315050 ZwOpenSection

SSDT 89215FC0 ZwOpenThread

SSDT 89228B40 ZwProtectVirtualMemory

SSDT spzy.sys ZwQueryKey [0xB9ECA2B2]

SSDT spzy.sys ZwQueryValueKey [0xB9ECA132]

SSDT 892C9050 ZwResumeThread

SSDT 89357108 ZwSetContextThread

SSDT 895DEAC8 ZwSetInformationProcess

SSDT 8931A050 ZwSetSystemInformation

SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xB6ADAC40]

SSDT 8930A050 ZwSuspendProcess

SSDT 89853968 ZwSuspendThread

SSDT 898DB520 ZwTerminateProcess

SSDT 897FF630 ZwTerminateThread

SSDT 892FC050 ZwUnmapViewOfSection

SSDT 89215808 ZwWriteVirtualMemory

INT 0x62 ? 89A62C88

INT 0x73 ? 89A62C88

INT 0x84 ? 89AD3C88

INT 0x94 ? 89AD3C88

INT 0xA4 ? 89AD3C88

INT 0xB4 ? 89AD3C88

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2EC4 80503AC4 4 Bytes JMP A914895D

? spzy.sys The system cannot find the file specified. !

? SYMDS.SYS The system cannot find the file specified. !

? SYMEFA.SYS The system cannot find the file specified. !

.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB90B8000, 0x1894F8, 0xE8000020]

.text USBPORT.SYS!DllUnload B907262C 5 Bytes JMP 89AD31D8

init C:\WINDOWS\system32\DRIVERS\mohfilt.sys entry point in "init" section [0xBA463760]

.text ajvtst3s.SYS B8E42306 50 Bytes [00, 00, 00, 48, 03, 00, F0, ...]

.text ajvtst3s.SYS B8E42339 23 Bytes [00, 00, 00, 00, 00, 00, 00, ...]

.text ajvtst3s.SYS B8E42351 87 Bytes [00, 00, 00, 00, 00, 00, 00, ...]

.text ajvtst3s.SYS B8E423A9 10 Bytes [00, 00, 00, 00, 00, 00, 00, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL}

.text ajvtst3s.SYS B8E423B4 12 Bytes [40, 00, 00, C8, 50, 41, 47, ...] {INC EAX; ADD [EAX], AL; ENTER 0x4150, 0x47; INC EBP; ADD [EAX], AL; ADD [EAX], AL}

.text ...

.text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xB3FE4300, 0x3ACC8, 0xE8000020]

.text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xBA3E0300, 0x1B7E, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\svchost.exe[1044] ntdll.dll!NtProtectVirtualMemory 7C90DEB6 5 Bytes JMP 00A9000A

.text C:\WINDOWS\System32\svchost.exe[1044] ntdll.dll!NtWriteVirtualMemory 7C90EA32 5 Bytes JMP 00AA000A

.text C:\WINDOWS\System32\svchost.exe[1044] ntdll.dll!KiUserExceptionDispatcher 7C90EAEC 5 Bytes JMP 00A8000C

.text C:\WINDOWS\System32\svchost.exe[1044] ole32.dll!CoCreateInstance 77526009 5 Bytes JMP 00C5000A

.text C:\WINDOWS\Explorer.EXE[2564] ntdll.dll!NtProtectVirtualMemory 7C90DEB6 5 Bytes JMP 00C3000A

.text C:\WINDOWS\Explorer.EXE[2564] ntdll.dll!NtWriteVirtualMemory 7C90EA32 5 Bytes JMP 00C4000A

.text C:\WINDOWS\Explorer.EXE[2564] ntdll.dll!KiUserExceptionDispatcher 7C90EAEC 5 Bytes JMP 00C2000C

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \WINDOWS\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!WRITE_PORT_ULONG] [b9EB03E6] spzy.sys

IAT \WINDOWS\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!READ_PORT_UCHAR] [b9EB090E] spzy.sys

IAT \WINDOWS\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!WRITE_PORT_UCHAR] [b9EB0F9C] spzy.sys

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [b9EB090E] spzy.sys

IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [b9EB01D4] spzy.sys

IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [b9EB0116] spzy.sys

IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [b9EB1178] spzy.sys

IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [b9EB0F9C] spzy.sys

IAT \SystemRoot\System32\Drivers\ajvtst3s.SYS[HAL.dll!KeGetCurrentIrql] 5E0001F4

IAT \SystemRoot\System32\Drivers\ajvtst3s.SYS[HAL.dll!KfAcquireSpinLock] C2C95B5F

IAT \SystemRoot\System32\Drivers\ajvtst3s.SYS[HAL.dll!KfReleaseSpinLock] 5F380008

IAT \SystemRoot\System32\Drivers\ajvtst3s.SYS[HAL.dll!KfRaiseIrql] 56227411

IAT \SystemRoot\System32\Drivers\ajvtst3s.SYS[HAL.dll!KfLowerIrql] E4463A68

IAT \SystemRoot\System32\Drivers\ajvtst3s.SYS[uSBD.SYS!USBD_CreateConfigurationRequestEx] F7C31352

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\AIM\aim.exe[3280] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM\aim.exe[3280] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM\aim.exe[3280] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM\aim.exe[3280] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM\aim.exe[3280] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM\aim.exe[3280] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM\aim.exe[3280] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM\aim.exe[3280] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM\aim.exe[3280] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM\aim.exe[3280] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM\aim.exe[3280] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM\aim.exe[3280] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM\aim.exe[3280] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM\aim.exe[3280] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM\aim.exe[3280] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM\aim.exe[3280] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM\aim.exe[3280] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM\aim.exe[3280] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM\aim.exe[3280] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9DEB] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM\aim.exe[3280] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM\aim.exe[3280] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM\aim.exe[3280] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM\aim.exe[3280] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM\aim.exe[3280] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM\aim.exe[3280] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM\aim.exe[3280] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM\aim.exe[3280] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM\aim.exe[3280] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9DEB] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM\aim.exe[3280] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM\aim.exe[3280] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM\aim.exe[3280] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM\aim.exe[3280] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegOpenKeyExW] [005DD6FD] C:\Program Files\AIM\aim.exe (AOL Instant Messenger/AOL LLC)

IAT C:\Program Files\AIM\aim.exe[3280] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegQueryValueExA] [005DD68F] C:\Program Files\AIM\aim.exe (AOL Instant Messenger/AOL LLC)

IAT C:\Program Files\AIM\aim.exe[3280] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM\aim.exe[3280] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM\aim.exe[3280] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM\aim.exe[3280] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM\aim.exe[3280] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM\aim.exe[3280] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM\aim.exe[3280] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM\aim.exe[3280] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM\aim.exe[3280] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9DEB] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM\aim.exe[3280] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM\aim.exe[3280] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM\aim.exe[3280] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 89AD21F8

Device \FileSystem\Fastfat \FatCdrom 892EF470

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\usbuhci \Device\USBPDO-0 897C31F8

Device \Driver\dmio \Device\DmControl\DmIoDaemon 89AD41F8

Device \Driver\dmio \Device\DmControl\DmConfig 89AD41F8

Device \Driver\dmio \Device\DmControl\DmPnP 89AD41F8

Device \Driver\dmio \Device\DmControl\DmInfo 89AD41F8

Device \Driver\usbehci \Device\USBPDO-1 896FA470

Device \Driver\usbuhci \Device\USBPDO-2 897C31F8

Device \Driver\PCI_PNP5392 \Device\00000053 spzy.sys

Device \Driver\usbuhci \Device\USBPDO-3 897C31F8

Device \Driver\usbuhci \Device\USBPDO-4 897C31F8

AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\USBSTOR \Device\00000070 898E51F8

Device \Driver\Ftdisk \Device\HarddiskVolume1 89A631F8

Device \Driver\Ftdisk \Device\HarddiskVolume2 89A631F8

Device \Driver\Cdrom \Device\CdRom0 897441F8

Device \Driver\Cdrom \Device\CdRom1 897441F8

Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 89A621F8

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 89A621F8

Device \Driver\atapi \Device\Ide\IdePort0 89A621F8

Device \Driver\atapi \Device\Ide\IdePort1 89A621F8

Device \Driver\atapi \Device\Ide\IdePort2 89A621F8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x14 0x4A 0xF9 0x31 ...

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Utilities\DAEMON Tools Lite\

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xE0 0x73 0xAE 0x1F ...

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xB6 0x5E 0x09 0x7E ...

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xFE 0x7B 0x6B 0x3A ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Programs\DAEMON Tools Lite\

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xA1 0xF8 0xEC 0x34 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xE0 0x73 0xAE 0x1F ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xF3 0xDA 0x0B 0x3E ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x14 0x4A 0xF9 0x31 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Utilities\DAEMON Tools Lite\

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xE0 0x73 0xAE 0x1F ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xB6 0x5E 0x09 0x7E ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xFE 0x7B 0x6B 0x3A ...

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Programs\DAEMON Tools Lite\

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xA1 0xF8 0xEC 0x34 ...

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xE0 0x73 0xAE 0x1F ...

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xF3 0xDA 0x0B 0x3E ...

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 01: copy of MBR

Disk \Device\Harddisk0\DR0 sector 02: copy of MBR

Disk \Device\Harddisk0\DR0 sector 03: copy of MBR

Disk \Device\Harddisk0\DR0 sector 04: copy of MBR

Disk \Device\Harddisk0\DR0 sector 05: copy of MBR

Disk \Device\Harddisk0\DR0 sector 06: copy of MBR

Disk \Device\Harddisk0\DR0 sector 07: copy of MBR

Disk \Device\Harddisk0\DR0 sector 08: copy of MBR

Disk \Device\Harddisk0\DR0 sector 09: copy of MBR

Disk \Device\Harddisk0\DR0 sector 10: rootkit-like behavior; copy of MBR

Disk \Device\Harddisk0\DR0 sector 11: copy of MBR

Disk \Device\Harddisk0\DR0 sector 12: copy of MBR

Disk \Device\Harddisk0\DR0 sector 13: copy of MBR

Disk \Device\Harddisk0\DR0 sector 14: copy of MBR

Disk \Device\Harddisk0\DR0 sector 15: copy of MBR

Disk \Device\Harddisk0\DR0 sector 16: copy of MBR

Disk \Device\Harddisk0\DR0 sector 17: copy of MBR

Disk \Device\Harddisk0\DR0 sector 18: copy of MBR

Disk \Device\Harddisk0\DR0 sector 19: copy of MBR

Disk \Device\Harddisk0\DR0 sector 20: copy of MBR

Disk \Device\Harddisk0\DR0 sector 21: copy of MBR

Disk \Device\Harddisk0\DR0 sector 22: copy of MBR

Disk \Device\Harddisk0\DR0 sector 23: copy of MBR

Disk \Device\Harddisk0\DR0 sector 24: copy of MBR

Disk \Device\Harddisk0\DR0 sector 25: copy of MBR

Disk \Device\Harddisk0\DR0 sector 26: copy of MBR

Disk \Device\Harddisk0\DR0 sector 27: copy of MBR

Disk \Device\Harddisk0\DR0 sector 28: copy of MBR

Disk \Device\Harddisk0\DR0 sector 29: copy of MBR

Disk \Device\Harddisk0\DR0 sector 30: copy of MBR

Disk \Device\Harddisk0\DR0 sector 31: copy of MBR

Disk \Device\Harddisk0\DR0 sector 32: rootkit-like behavior; copy of MBR

Disk \Device\Harddisk0\DR0 sector 33: copy of MBR

Disk \Device\Harddisk0\DR0 sector 34: copy of MBR

Disk \Device\Harddisk0\DR0 sector 35: copy of MBR

Disk \Device\Harddisk0\DR0 sector 36: copy of MBR

Disk \Device\Harddisk0\DR0 sector 37: copy of MBR

Disk \Device\Harddisk0\DR0 sector 38: copy of MBR

Disk \Device\Harddisk0\DR0 sector 39: copy of MBR

Disk \Device\Harddisk0\DR0 sector 40: copy of MBR

Disk \Device\Harddisk0\DR0 sector 41: copy of MBR

Disk \Device\Harddisk0\DR0 sector 42: copy of MBR

Disk \Device\Harddisk0\DR0 sector 43: copy of MBR

Disk \Device\Harddisk0\DR0 sector 44: copy of MBR

Disk \Device\Harddisk0\DR0 sector 45: copy of MBR

Disk \Device\Harddisk0\DR0 sector 46: copy of MBR

Disk \Device\Harddisk0\DR0 sector 47: copy of MBR

Disk \Device\Harddisk0\DR0 sector 48: copy of MBR

Disk \Device\Harddisk0\DR0 sector 49: copy of MBR

Disk \Device\Harddisk0\DR0 sector 50: copy of MBR

Disk \Device\Harddisk0\DR0 sector 51: copy of MBR

Disk \Device\Harddisk0\DR0 sector 52: copy of MBR

Disk \Device\Harddisk0\DR0 sector 53: copy of MBR

Disk \Device\Harddisk0\DR0 sector 54: copy of MBR

Disk \Device\Harddisk0\DR0 sector 55: copy of MBR

Disk \Device\Harddisk0\DR0 sector 56: copy of MBR

Disk \Device\Harddisk0\DR0 sector 57: rootkit-like behavior; copy of MBR

Disk \Device\Harddisk0\DR0 sector 58: copy of MBR

Disk \Device\Harddisk0\DR0 sector 59: copy of MBR

Disk \Device\Harddisk0\DR0 sector 60: copy of MBR

Disk \Device\Harddisk0\DR0 sector 61: copy of MBR

Disk \Device\Harddisk0\DR0 sector 62: copy of MBR

Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior; copy of MBR

---- EOF - GMER 1.0.15 ----

Link to post
Share on other sites

Okay, we have a lot of work here. Let's get started:

Step 1

Please, uninstall the following applications:

  1. BitComet 1.13
  2. LimeWire PRO 4.17.0

You can read, how to this here:

Step 2

Please go into the Control Panel, Add/Remove and for now remove ALL versions of JAVA

Then run this tool to help cleanup any left over Java

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please download JavaRa and unzip it to your desktop.

***Please close any instances of Internet Explorer (or other web browser) before continuing!***

  • Double-click on JavaRa.exe to start the program.
  • From the drop-down menu, choose English and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location and post it back when you reply
    Then look for the following Java folders and if found delete them.
    C:\Program Files\Java
    C:\Program Files\Common Files\Java
    C:\Windows\Sun
    C:\Documents and Settings\All Users\Application Data\Java
    C:\Documents and Settings\All Users\Application Data\Sun\Java
    C:\Documents and Settings\username\Application Data\Java
    C:\Documents and Settings\username\Application Data\Sun\Java

Step 3

1. Please download ComboFix from: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

2. Save it on your desktop.

Step 4

Open Notepad and copy and paste the text in the code box below into it:

http://forums.malwarebytes.org/index.php?showtopic=55780

KillAll::

Collect::[8]
c:\windows\system32\fivahofi.dll
c:\windows\system32\nipiduja.dll

Driver::
Lavasoft Ad-Aware Service

Folder::
c:\security\ad-aware

DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:5555
BHO: {0bb2781e-33cc-46e4-af8e-44b10ca5cff4} - vakemuna.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
AppInit_DLLs: nipiduja.dll c:\windows\system32\fivahofi.dll
SSODL: direzowun - {4114d915-c0fd-4c6a-84a8-085e76a7a9c3} - c:\windows\system32\fivahofi.dll
STS: gahurihor: {4114d915-c0fd-4c6a-84a8-085e76a7a9c3} - c:\windows\system32\fivahofi.dll
LSA: Notification Packages = scecli nipiduja.dll

MBR::

Save the file to your desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.

CFScriptB-4.gif

This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.

Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.

In your next reply, please include these log(s):

  1. JavaRa log
  2. ComboFix log

Link to post
Share on other sites

ComboFix Log

ComboFix 10-06-29.02 - Robert 06/29/2010 17:34:48.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1534.1054 [GMT -4:00]

Running from: C:\Documents and Settings\Robert\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\Robert\Desktop\CFScript.txt

AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Documents and Settings\Robert\Local Settings\Application Data\Windows Server

C:\Documents and Settings\Robert\Local Settings\Application Data\Windows Server\flags.ini

C:\Documents and Settings\Robert\Local Settings\Application Data\Windows Server\uses32.dat

C:\Program Files\INSTALL.LOG

c:\security\ad-aware

c:\security\ad-aware\AAWService.exe.aawbak

c:\security\ad-aware\Ad-AwareAdmin.exe.aawbak

c:\security\ad-aware\AutoLaunch.exe

c:\security\ad-aware\CEAPI.dll.aawbak

c:\security\ad-aware\Drivers\64\AAWDriverTool.exe

c:\security\ad-aware\Drivers\64\DIFxAPI.dll

c:\security\ad-aware\Drivers\64\lbd.cat

c:\security\ad-aware\Drivers\64\lbd.inf

c:\security\ad-aware\Drivers\64\lbd.sys

c:\security\ad-aware\lavalicense.dll.aawbak

c:\security\ad-aware\lavamessage.dll.aawbak

c:\security\ad-aware\Resources.dll.aawbak

c:\security\ad-aware\RPAPI.dll.aawbak

c:\security\ad-aware\ShellExt.dll.aawbak

c:\security\ad-aware\UpdateManager.dll.aawbak

c:\security\ad-aware\WSCUpdate.dll

Infected copy of C:\WINDOWS\system32\drivers\termdd.sys was found and disinfected

Restored copy from - Kitty had a snack :D

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_LAVASOFT_AD-AWARE_SERVICE

-------\Service_Lavasoft Ad-Aware Service

((((((((((((((((((((((((( Files Created from 2010-05-28 to 2010-06-29 )))))))))))))))))))))))))))))))

.

2010-06-29 15:10:28 . 2010-06-29 15:10:28 -------- d-----w- C:\Documents and Settings\Robert\Application Data\Tific

2010-06-28 16:17:36 . 2010-06-28 16:17:36 -------- d-----w- C:\Documents and Settings\Robert\Application Data\SUPERAntiSpyware.com

2010-06-28 16:17:36 . 2010-06-28 16:17:36 -------- d-----w- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

2010-06-28 14:45:00 . 2010-05-06 04:01:59 361904 ----a-w- C:\WINDOWS\system32\drivers\symtdi.sys

2010-06-28 14:45:00 . 2010-04-22 03:02:20 173104 ----a-w- C:\WINDOWS\system32\drivers\symefa.sys

2010-06-28 14:45:00 . 2010-04-22 02:29:50 43696 ----a-w- C:\WINDOWS\system32\drivers\srtspx.sys

2010-06-28 14:45:00 . 2010-02-04 01:40:47 328752 ----a-r- C:\WINDOWS\system32\drivers\symds.sys

2010-06-28 14:44:59 . 2010-04-29 05:03:51 116784 ----a-w- C:\WINDOWS\system32\drivers\ironx86.sys

2010-06-28 14:44:59 . 2010-02-26 00:22:57 501888 ----a-w- C:\WINDOWS\system32\drivers\cchpx86.sys

2010-06-28 03:50:50 . 2010-06-28 03:50:49 60808 ----a-w- C:\WINDOWS\system32\S32EVNT1.DLL

2010-06-28 03:50:50 . 2010-06-28 03:50:49 124976 ----a-w- C:\WINDOWS\system32\drivers\SYMEVENT.SYS

2010-06-28 03:50:49 . 2010-06-28 03:54:35 -------- d-----w- C:\Program Files\Common Files\Symantec Shared

2010-06-28 03:50:49 . 2010-06-28 03:50:50 -------- d-----w- C:\Program Files\Symantec

2010-06-28 03:50:00 . 2010-06-28 15:07:32 -------- d-----w- C:\WINDOWS\system32\drivers\NIS

2010-06-28 03:49:56 . 2010-06-28 03:50:00 -------- d-----w- C:\Program Files\Norton Internet Security

2010-06-28 03:49:46 . 2010-06-28 03:49:46 -------- d-----w- C:\Program Files\NortonInstaller

2010-06-27 03:14:36 . 2010-06-27 03:14:36 -------- d-----w- C:\Documents and Settings\Robert\Application Data\UFOAI

2010-06-26 00:47:37 . 2010-06-26 00:47:37 -------- d-----w- C:\WINDOWS\system32\vmm32

2010-06-26 00:37:27 . 2010-06-26 00:37:27 -------- d-----w- C:\Documents and Settings\Robert\Application Data\LucasArts

2010-06-26 00:00:59 . 2010-06-26 00:00:59 -------- d-sh--w- C:\Documents and Settings\LocalService\UserData

2010-06-25 21:51:01 . 2010-06-25 21:51:08 376832 ----a-w- C:\WINDOWS\system32\AegisI5Installer.exe

2010-06-25 21:14:52 . 2010-06-25 21:14:52 -------- d-sh--w- C:\Documents and Settings\LocalService\IETldCache

2010-06-25 19:49:34 . 2010-06-25 21:51:09 21361 ----a-w- C:\WINDOWS\system32\drivers\AegisP.sys

2010-06-25 19:47:35 . 2010-06-25 19:47:35 -------- d-----w- C:\WINDOWS\Downloaded Installations

2010-06-23 11:16:31 . 2010-06-23 11:16:31 -------- d-sh--w- C:\Documents and Settings\NetworkService\UserData

2010-06-23 00:25:28 . 2010-06-23 00:25:28 -------- d-----w- C:\Program Files\Windows Sidebar

2010-06-23 00:25:12 . 2010-06-25 20:20:58 -------- d-----w- C:\Documents and Settings\All Users\Application Data\NortonInstaller

2010-06-23 00:20:41 . 2010-06-28 03:51:17 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Norton

2010-06-22 17:54:13 . 2010-06-22 17:54:13 -------- d-----w- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla

2010-06-22 16:12:29 . 2010-06-22 16:12:29 -------- d-----w- C:\Documents and Settings\Administrator\Application Data\Malwarebytes

2010-06-22 09:02:45 . 2010-06-22 18:39:28 -------- d-----w- C:\Documents and Settings\Robert\Local Settings\Application Data\ioxqqwrgx

2010-06-18 23:18:47 . 2010-06-18 23:18:47 529 ----a-w- C:\WINDOWS\eReg.dat

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-06-28 23:53:45 . 2010-03-15 03:41:29 0 ----a-w- C:\Documents and Settings\Robert\Local Settings\Application Data\prvlcl.dat

2010-06-28 16:18:40 . 2010-06-28 16:18:40 63488 ----a-w- C:\Documents and Settings\Robert\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll

2010-06-28 16:18:38 . 2010-06-28 16:18:38 52224 ----a-w- C:\Documents and Settings\Robert\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll

2010-06-28 16:18:36 . 2010-06-28 16:18:36 117760 ----a-w- C:\Documents and Settings\Robert\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

2010-06-28 16:08:19 . 2009-08-14 17:27:42 -------- d---a-w- C:\Documents and Settings\All Users\Application Data\TEMP

2010-06-28 03:50:49 . 2010-06-28 03:50:50 805 ----a-w- C:\WINDOWS\system32\drivers\SYMEVENT.INF

2010-06-28 03:50:49 . 2010-06-28 03:50:50 7443 ----a-w- C:\WINDOWS\system32\drivers\SYMEVENT.CAT

2010-06-25 21:54:54 . 2009-07-21 12:47:01 -------- d--h--w- C:\Program Files\InstallShield Installation Information

2010-06-21 08:42:58 . 2009-08-05 01:05:45 -------- d-----w- C:\Documents and Settings\Robert\Application Data\LimeWire

2010-06-18 23:31:20 . 2004-08-10 11:00:00 12400 ----a-w- C:\WINDOWS\system32\drivers\secdrv.sys

2010-06-14 22:56:23 . 2010-04-28 19:42:00 -------- d-----w- C:\Program Files\THQ

2010-06-08 18:09:47 . 2009-07-21 22:50:39 65624 ----a-w- C:\Documents and Settings\Robert\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-05-27 07:18:15 . 2010-01-30 22:14:10 107888 ----a-w- C:\WINDOWS\system32\CmdLineExt.dll

2010-05-24 06:54:08 . 2010-05-24 06:54:08 503808 ----a-w- C:\Documents and Settings\Robert\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-71b1522b-n\msvcp71.dll

2010-05-24 06:54:08 . 2010-05-24 06:54:08 499712 ----a-w- C:\Documents and Settings\Robert\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-71b1522b-n\jmc.dll

2010-05-24 06:54:08 . 2010-05-24 06:54:08 348160 ----a-w- C:\Documents and Settings\Robert\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-71b1522b-n\msvcr71.dll

2010-05-22 08:55:49 . 2010-05-22 08:54:46 -------- d-----w- C:\Program Files\Google

2010-04-29 19:39:38 . 2010-03-12 22:41:35 38224 ----a-w- C:\WINDOWS\system32\drivers\mbamswissarmy.sys

2010-04-29 19:39:26 . 2010-03-12 22:41:33 20952 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys

2010-04-28 18:42:11 . 2010-02-07 00:28:45 697328 ----a-w- C:\WINDOWS\system32\drivers\sptd.sys

2003-12-18 15:33:46 . 2009-09-23 05:00:26 20102 ----a-w- C:\Program Files\Readme.txt

2003-09-03 11:46:54 . 2009-09-23 05:00:26 10960 ----a-w- C:\Program Files\EULA.txt

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Aim"="C:\Program Files\AIM\aim.exe" [2009-10-01 20:20:57 3634024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 11:00:00 208952]

"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 17:56:34 64512]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2009-05-26 21:18:30 413696]

"iTunesHelper"="C:\Players\iTunes\iTunesHelper.exe" [2009-07-13 18:03:10 292128]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 05:42:51 36272]

"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 18:17:52 952768]

"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 22:20:44 339968]

Link to post
Share on other sites

JavaRa Log

JavaRa 1.15 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Tue Jun 29 17:17:47 2010

Found and removed: C:\Documents and Settings\Robert\Application Data\Sun\Java\jre1.6.0_17

Found and removed: Software\JavaSoft\Java2D\1.5.0

Found and removed: Software\JavaSoft\Java2D\1.5.0_09

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610004

------------------------------------

Finished reporting.

Link to post
Share on other sites

ComboFix 10-06-29.02 - Robert 06/30/2010 9:58.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1534.853 [GMT -4:00]

Running from: c:\documents and settings\Robert\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Robert\Desktop\CFScript.txt

AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system32\_000228_.tmp.dll

.

---- Previous Run -------

.

c:\documents and settings\Robert\Local Settings\Application Data\Windows Server\flags.ini

c:\documents and settings\Robert\Local Settings\Application Data\Windows Server\uses32.dat

c:\program files\INSTALL.LOG

c:\security\ad-aware\AAWService.exe.aawbak

c:\security\ad-aware\Ad-AwareAdmin.exe.aawbak

c:\security\ad-aware\AutoLaunch.exe

c:\security\ad-aware\CEAPI.dll.aawbak

c:\security\ad-aware\Drivers\64\AAWDriverTool.exe

c:\security\ad-aware\Drivers\64\DIFxAPI.dll

c:\security\ad-aware\Drivers\64\lbd.cat

c:\security\ad-aware\Drivers\64\lbd.inf

c:\security\ad-aware\Drivers\64\lbd.sys

c:\security\ad-aware\lavalicense.dll.aawbak

c:\security\ad-aware\lavamessage.dll.aawbak

c:\security\ad-aware\Resources.dll.aawbak

c:\security\ad-aware\RPAPI.dll.aawbak

c:\security\ad-aware\ShellExt.dll.aawbak

c:\security\ad-aware\UpdateManager.dll.aawbak

c:\security\ad-aware\WSCUpdate.dll

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_LAVASOFT_AD-AWARE_SERVICE

-------\Service_Lavasoft Ad-Aware Service

((((((((((((((((((((((((( Files Created from 2010-05-28 to 2010-06-30 )))))))))))))))))))))))))))))))

.

2010-06-30 14:06 . 2010-06-30 14:06 -------- d-----w- c:\windows\LastGood

2010-06-29 15:10 . 2010-06-29 15:10 -------- d-----w- c:\documents and settings\Robert\Application Data\Tific

2010-06-28 16:17 . 2010-06-28 16:17 -------- d-----w- c:\documents and settings\Robert\Application Data\SUPERAntiSpyware.com

2010-06-28 16:17 . 2010-06-28 16:17 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2010-06-28 14:45 . 2010-05-06 04:01 361904 ----a-w- c:\windows\system32\drivers\symtdi.sys

2010-06-28 14:45 . 2010-04-22 03:02 173104 ----a-w- c:\windows\system32\drivers\symefa.sys

2010-06-28 14:45 . 2010-04-22 02:29 43696 ----a-w- c:\windows\system32\drivers\srtspx.sys

2010-06-28 14:45 . 2010-02-04 01:40 328752 ----a-r- c:\windows\system32\drivers\symds.sys

2010-06-28 14:44 . 2010-04-29 05:03 116784 ----a-w- c:\windows\system32\drivers\ironx86.sys

2010-06-28 14:44 . 2010-02-26 00:22 501888 ----a-w- c:\windows\system32\drivers\cchpx86.sys

2010-06-28 03:50 . 2010-06-28 03:50 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL

2010-06-28 03:50 . 2010-06-28 03:50 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2010-06-28 03:50 . 2010-06-28 03:54 -------- d-----w- c:\program files\Common Files\Symantec Shared

2010-06-28 03:50 . 2010-06-28 03:50 -------- d-----w- c:\program files\Symantec

2010-06-28 03:50 . 2010-06-28 15:07 -------- d-----w- c:\windows\system32\drivers\NIS

2010-06-28 03:49 . 2010-06-28 03:50 -------- d-----w- c:\program files\Norton Internet Security

2010-06-28 03:49 . 2010-06-28 03:49 -------- d-----w- c:\program files\NortonInstaller

2010-06-27 03:14 . 2010-06-27 03:14 -------- d-----w- c:\documents and settings\Robert\Application Data\UFOAI

2010-06-26 00:47 . 2010-06-26 00:47 -------- d-----w- c:\windows\system32\vmm32

2010-06-26 00:37 . 2010-06-26 00:37 -------- d-----w- c:\documents and settings\Robert\Application Data\LucasArts

2010-06-26 00:00 . 2010-06-26 00:00 -------- d-sh--w- c:\documents and settings\LocalService\UserData

2010-06-25 21:51 . 2010-06-25 21:51 376832 ----a-w- c:\windows\system32\AegisI5Installer.exe

2010-06-25 21:14 . 2010-06-25 21:14 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2010-06-25 19:49 . 2010-06-25 21:51 21361 ----a-w- c:\windows\system32\drivers\AegisP.sys

2010-06-25 19:47 . 2010-06-25 19:47 -------- d-----w- c:\windows\Downloaded Installations

2010-06-23 11:16 . 2010-06-23 11:16 -------- d-sh--w- c:\documents and settings\NetworkService\UserData

2010-06-23 00:25 . 2010-06-23 00:25 -------- d-----w- c:\program files\Windows Sidebar

2010-06-23 00:25 . 2010-06-25 20:20 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller

2010-06-23 00:20 . 2010-06-28 03:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton

2010-06-22 17:54 . 2010-06-22 17:54 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla

2010-06-22 16:12 . 2010-06-22 16:12 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2010-06-22 09:02 . 2010-06-22 18:39 -------- d-----w- c:\documents and settings\Robert\Local Settings\Application Data\ioxqqwrgx

2010-06-18 23:18 . 2010-06-18 23:18 529 ----a-w- c:\windows\eReg.dat

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-06-28 23:53 . 2010-03-15 03:41 0 ----a-w- c:\documents and settings\Robert\Local Settings\Application Data\prvlcl.dat

2010-06-28 16:18 . 2010-06-28 16:18 63488 ----a-w- c:\documents and settings\Robert\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll

2010-06-28 16:18 . 2010-06-28 16:18 52224 ----a-w- c:\documents and settings\Robert\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll

2010-06-28 16:18 . 2010-06-28 16:18 117760 ----a-w- c:\documents and settings\Robert\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

2010-06-28 16:08 . 2009-08-14 17:27 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2010-06-28 03:50 . 2010-06-28 03:50 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF

2010-06-28 03:50 . 2010-06-28 03:50 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT

2010-06-25 21:54 . 2009-07-21 12:47 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-06-21 08:42 . 2009-08-05 01:05 -------- d-----w- c:\documents and settings\Robert\Application Data\LimeWire

2010-06-18 23:31 . 2004-08-10 11:00 12400 ----a-w- c:\windows\system32\drivers\secdrv.sys

2010-06-14 22:56 . 2010-04-28 19:42 -------- d-----w- c:\program files\THQ

2010-06-09 08:06 . 2010-06-09 08:06 976832 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\2667\AdobeARM.exe

2010-06-09 08:06 . 2010-06-09 08:06 70584 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\2667\AdobeExtractFiles.dll

2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\2667\ReaderUpdater.exe

2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\2667\AcrobatUpdater.exe

2010-06-08 18:09 . 2009-07-21 22:50 65624 ----a-w- c:\documents and settings\Robert\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-05-27 07:18 . 2010-01-30 22:14 107888 ----a-w- c:\windows\system32\CmdLineExt.dll

2010-05-22 08:55 . 2010-05-22 08:54 -------- d-----w- c:\program files\Google

2010-04-29 19:39 . 2010-03-12 22:41 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-04-29 19:39 . 2010-03-12 22:41 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-04-28 18:42 . 2010-02-07 00:28 697328 ----a-w- c:\windows\system32\drivers\sptd.sys

2003-12-18 15:33 . 2009-09-23 05:00 20102 ----a-w- c:\program files\Readme.txt

2003-09-03 11:46 . 2009-09-23 05:00 10960 ----a-w- c:\program files\EULA.txt

.

((((((((((((((((((((((((((((( SnapShot@2010-06-29_21.44.05 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-06-30 14:05 . 2010-06-30 14:05 16384 c:\windows\Temp\Perflib_Perfdata_f0.dat

+ 2009-07-21 12:06 . 2009-08-06 23:24 35552 c:\windows\system32\wups.dll

+ 2009-07-21 12:06 . 2009-08-06 23:24 53472 c:\windows\system32\wuauclt.exe

+ 2004-08-10 11:00 . 2005-05-04 18:45 15360 c:\windows\system32\msisip.dll

+ 2004-08-10 11:00 . 2005-05-04 18:45 78848 c:\windows\system32\msiexec.exe

+ 2009-07-21 12:06 . 2009-08-06 23:24 35552 c:\windows\system32\dllcache\wups.dll

+ 2009-07-21 12:06 . 2009-08-06 23:24 53472 c:\windows\system32\dllcache\wuauclt.exe

+ 2004-08-10 11:00 . 2005-05-04 18:45 15360 c:\windows\system32\dllcache\msisip.dll

+ 2004-08-10 11:00 . 2005-05-04 18:45 78848 c:\windows\system32\dllcache\msiexec.exe

+ 2004-08-10 11:00 . 2009-08-06 23:24 96480 c:\windows\system32\dllcache\cdm.dll

+ 2004-08-10 11:00 . 2009-08-06 23:24 96480 c:\windows\system32\cdm.dll

+ 2009-07-21 12:06 . 2009-08-06 23:24 209632 c:\windows\system32\wuweb.dll

+ 2009-07-21 12:06 . 2009-08-06 23:24 327896 c:\windows\system32\wucltui.dll

+ 2009-07-21 12:06 . 2009-08-06 23:23 575704 c:\windows\system32\wuapi.dll

+ 2004-08-10 11:00 . 2005-05-04 18:45 884736 c:\windows\system32\msimsg.dll

- 2004-08-10 11:00 . 2004-08-10 11:00 884736 c:\windows\system32\msimsg.dll

+ 2004-08-10 11:00 . 2005-05-04 18:45 271360 c:\windows\system32\msihnd.dll

+ 2009-07-21 12:06 . 2009-08-06 23:24 209632 c:\windows\system32\dllcache\wuweb.dll

+ 2009-07-21 12:06 . 2009-08-06 23:24 327896 c:\windows\system32\dllcache\wucltui.dll

+ 2009-07-21 12:06 . 2009-08-06 23:23 575704 c:\windows\system32\dllcache\wuapi.dll

+ 2004-08-10 11:00 . 2005-05-04 18:45 884736 c:\windows\system32\dllcache\msimsg.dll

- 2004-08-10 11:00 . 2004-08-10 11:00 884736 c:\windows\system32\dllcache\msimsg.dll

+ 2004-08-10 11:00 . 2005-05-04 18:45 271360 c:\windows\system32\dllcache\msihnd.dll

+ 2009-07-21 12:06 . 2009-08-06 23:23 1929952 c:\windows\system32\wuaueng.dll

+ 2004-08-10 11:00 . 2005-05-04 18:45 2890240 c:\windows\system32\msi.dll

+ 2009-07-21 12:06 . 2009-08-06 23:23 1929952 c:\windows\system32\dllcache\wuaueng.dll

+ 2004-08-10 11:00 . 2005-05-04 18:45 2890240 c:\windows\system32\dllcache\msi.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Aim"="c:\program files\AIM\aim.exe" [2009-10-01 3634024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [bU]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [bU]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]

"iTunesHelper"="c:\players\iTunes\iTunesHelper.exe" [2009-07-13 292128]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 339968]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

NETGEAR WG111v3 Smart Wizard.lnk - c:\drivers\Netgear\WG111v3.exe [2009-12-23 2330624]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\security\Super Anti-Spyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 22:21 548352 ----a-w- c:\security\Super Anti-Spyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0sprestrt

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Internet Utilities\\Firefox\\firefox.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Players\\iTunes\\iTunes.exe"=

"c:\\WINDOWS\\system32\\dplaysvr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\AIM\\aim.exe"=

"c:\\Internet Utilities\\Steam\\Steam.exe"=

"c:\\Internet Utilities\\Steam\\steamapps\\common\\x-com terror from the deep\\runme.exe"=

"c:\\WINDOWS\\stsystra.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"17439:TCP"= 17439:TCP:BitComet 17439 TCP

"17439:UDP"= 17439:UDP:BitComet 17439 UDP

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1107000.00C\symds.sys [6/28/2010 10:45 AM 328752]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1107000.00C\symefa.sys [6/28/2010 10:45 AM 173104]

R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\BASHDefs\20100619.001\BHDrvx86.sys [6/19/2010 12:46 AM 691248]

R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1107000.00C\cchpx86.sys [6/28/2010 10:44 AM 501888]

R1 SASDIFSV;SASDIFSV;c:\security\Super Anti-Spyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]

R1 SASKUTIL;SASKUTIL;c:\security\Super Anti-Spyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1107000.00C\ironx86.sys [6/28/2010 10:44 AM 116784]

R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [10/9/2007 1:13 PM 38144]

R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\17.7.0.12\ccsvchst.exe [6/28/2010 10:44 AM 126392]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [6/27/2010 11:52 PM 102448]

R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\IPSDefs\20100625.001\IDSXpx86.sys [6/27/2010 11:53 PM 331640]

R3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [7/31/2009 3:12 PM 341504]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/22/2010 4:54 AM 136176]

S3 DMSKSSRh;DMSKSSRh;\??\c:\docume~1\Robert\LOCALS~1\Temp\DMSKSSRh.sys --> c:\docume~1\Robert\LOCALS~1\Temp\DMSKSSRh.sys [?]

S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2/6/2010 8:28 PM 697328]

.

Contents of the 'Scheduled Tasks' folder

2010-06-30 c:\windows\Tasks\GlaryInitialize.job

- c:\security\Glary Utilities\initialize.exe [2010-02-15 18:22]

2010-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-22 08:54]

2010-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-22 08:54]

.

.

------- Supplementary Scan -------

.

uStart Page = about:blank

IE: E&xport to Microsoft Excel - c:\programs\MICROS~1\OFFICE11\EXCEL.EXE/3000

Trusted Zone: brassring.com\sjobs

FF - ProfilePath - c:\documents and settings\Robert\Application Data\Mozilla\Firefox\Profiles\syjt9bbj.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com

FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=

FF - prefs.js: network.proxy.type - 0

FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\coFFPlgn\components\coFFPlgn.dll

FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\IPSFFPlgn\components\IPSFFPl.dll

FF - plugin: c:\documents and settings\Robert\Application Data\Move Networks\plugins\npqmp071505000010.dll

FF - plugin: c:\documents and settings\Robert\Application Data\Move Networks\plugins\npqmp071505000011.dll

FF - plugin: c:\players\iTunes\Mozilla Plugins\npitunes.dll

FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll

---- FIREFOX POLICIES ----

FF - user.js: network.protocol-handler.warn-external.dnupdate - falsec:\internet utilities\Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\internet utilities\Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\internet utilities\Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\internet utilities\Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\internet utilities\Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\internet utilities\Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\internet utilities\Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\internet utilities\Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\internet utilities\Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\internet utilities\Firefox\greprefs\all.js - pref("network.proxy.type", 5);

c:\internet utilities\Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\internet utilities\Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\internet utilities\Firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\internet utilities\Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\internet utilities\Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\internet utilities\Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\internet utilities\Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\internet utilities\Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\internet utilities\Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\internet utilities\Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\internet utilities\Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\internet utilities\Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\internet utilities\Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\internet utilities\Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\internet utilities\Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

- - - - ORPHANS REMOVED - - - -

AddRemove-HijackThis - f:\program installers\HijackThis.exe

AddRemove-{F46BF5EA-0B4E-4A41-8C4B-3B127346E30F} - c:\documents and settings\Robert\Local Settings\Application Data\{2853BFD5-3865-45EB-A4E3-967D4A9B969A}\NBCDirectInstaller.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-06-30 10:04

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NIS]

"ImagePath"="\"c:\program files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\17.7.0.12\diMaster.dll\" /prefetch:1"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(684)

c:\security\Super Anti-Spyware\SASWINLO.DLL

c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(7608)

c:\windows\system32\msi.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\windows\system32\Ati2evxx.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\windows\eHome\ehRecvr.exe

c:\windows\eHome\ehSched.exe

c:\windows\ehome\mcrdsvc.exe

c:\windows\system32\dllhost.exe

c:\windows\system32\wscntfy.exe

c:\windows\eHome\ehmsas.exe

c:\windows\stsystra.exe

c:\program files\iPod\bin\iPodService.exe

.

**************************************************************************

.

Completion time: 2010-06-30 10:11:44 - machine was rebooted

ComboFix-quarantined-files.txt 2010-06-30 14:11

Pre-Run: 18,547,109,888 bytes free

Post-Run: 18,427,899,904 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

Current=3 Default=3 Failed=0 LastKnownGood=1 Sets=1,2,3,4

- - End Of File - - 7935C450B69B5C6B92CB5C0C6386137B

Link to post
Share on other sites

Good! :D

Last steps:

Step 1

* Go to start > run and copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

Then hit enter.

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

Step 2

Please manually delete mbr, GMER, JavaRa and DDS.

Step 3

Please download and install the latest version of Java from:

www.java.com/en

Step 4

Some malware preventions:

http://forums.malwarebytes.org/index.php?showtopic=9365

Safe surfing! :)

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.