Malware Takeover

[lilgeezy24]

Hey Everyone

I seem to have the same problem as others with malware that is stopping mbam, symantec and other antivirus programs from scanning. When i try to do a scan it will scan for about 20 seconds and then automatically close.

(even in safe mode)

And when I try to re-open it I get this message...

"Windows cannot access the specified drive, path or file. You may not have the appropriate permissions to access the item."

The only thing that i have used to scan that completed is MGtools, but i dont know what to look for or how to remove it from my computer.

I would appreciate any help offered before i just re format my hardrive and instiall winXP again

I tried combofix and have a log.. it says it deleted and disinfected some things but the comp is still acting the same.

ComboFix.txt

[lilgeezy24]

ComboFix 11-09-12.03 - Owner 09/12/2011 17:22:16.1.2 - x86 NETWORK

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.842 [GMT -4:00]

Running from: c:\documents and settings\Owner\Desktop\Bleeping computer downloads\ComboFix.exe

AV: AntiVir Desktop *Enabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}

AV: Microsoft Security Essentials *Disabled/Outdated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory

c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini

c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\SL9C.tmp.5510cc53.ini

c:\documents and settings\Administrator\Start Menu\Programs\System Recovery

c:\documents and settings\Administrator\Start Menu\Programs\System Recovery\Application & Driver Recovery.lnk

c:\documents and settings\Administrator\Start Menu\Programs\System Recovery\Create my Drivers-Applications CD(s).lnk

c:\documents and settings\Administrator\Start Menu\Programs\System Recovery\System Recovery.lnk

c:\documents and settings\Administrator\WINDOWS

c:\documents and settings\All Users\Application Data\DisplayVerifierOnline.dll

c:\documents and settings\All Users\Application Data\jI09200GoNmM09200

c:\documents and settings\All Users\Application Data\jI09200GoNmM09200\jI09200GoNmM09200

c:\documents and settings\All Users\Application Data\jI09200GoNmM09200\jI09200GoNmM09200.exe

c:\documents and settings\All Users\Application Data\Tarma Installer

c:\documents and settings\All Users\Start Menu\Programs\System Recovery

c:\documents and settings\All Users\Start Menu\Programs\System Recovery\Recovery Help Manual.pdf

c:\documents and settings\Default User\WINDOWS

c:\documents and settings\Guest\WINDOWS

c:\documents and settings\NetworkService\Local Settings\Application Data\jifdorh.dll

c:\documents and settings\Owner\Application Data\2086498716582A7C3D45DF42784D1FCB

c:\documents and settings\Owner\Application Data\2086498716582A7C3D45DF42784D1FCB\enemies-names.txt

c:\documents and settings\Owner\Application Data\2086498716582A7C3D45DF42784D1FCB\hookdll.dll

c:\documents and settings\Owner\Application Data\2086498716582A7C3D45DF42784D1FCB\local.ini

c:\documents and settings\Owner\Application Data\2086498716582A7C3D45DF42784D1FCB\lsrslt.ini

c:\documents and settings\Owner\Application Data\46B4E172B37CD1CCDDD01D80B9E55993

c:\documents and settings\Owner\Application Data\46B4E172B37CD1CCDDD01D80B9E55993\enemies-names.txt

c:\documents and settings\Owner\Application Data\46B4E172B37CD1CCDDD01D80B9E55993\local.ini

c:\documents and settings\Owner\Application Data\46B4E172B37CD1CCDDD01D80B9E55993\lsrslt.ini

c:\documents and settings\Owner\Application Data\Adobe\plugs

c:\documents and settings\Owner\Application Data\Adobe\plugs\mmc101.exe

c:\documents and settings\Owner\Application Data\Adobe\plugs\mmc20.exe

c:\documents and settings\Owner\Application Data\Adobe\plugs\mmc83.exe

c:\documents and settings\Owner\Application Data\Adobe\plugs\mmc949656.txt

c:\documents and settings\Owner\Application Data\Adobe\plugs\mmc963187.txt

c:\documents and settings\Owner\Application Data\Adobe\plugs\mmc971406.txt

c:\documents and settings\Owner\Application Data\Adobe\shed

c:\documents and settings\Owner\Application Data\Adobe\shed\thr1.chm

c:\documents and settings\Owner\Application Data\hostactioncenter.exe

c:\documents and settings\Owner\Application Data\PriceGong

c:\documents and settings\Owner\Application Data\PriceGong\Data\1.xml

c:\documents and settings\Owner\Application Data\PriceGong\Data\a.xml

c:\documents and settings\Owner\Application Data\PriceGong\Data\b.xml

c:\documents and settings\Owner\Application Data\PriceGong\Data\c.xml

c:\documents and settings\Owner\Application Data\PriceGong\Data\d.xml

c:\documents and settings\Owner\Application Data\PriceGong\Data\e.xml

c:\documents and settings\Owner\Application Data\PriceGong\Data\f.xml

c:\documents and settings\Owner\Application Data\PriceGong\Data\g.xml

c:\documents and settings\Owner\Application Data\PriceGong\Data\h.xml

c:\documents and settings\Owner\Application Data\PriceGong\Data\i.xml

c:\documents and settings\Owner\Application Data\PriceGong\Data\j.xml

c:\documents and settings\Owner\Application Data\PriceGong\Data\k.xml

c:\documents and settings\Owner\Application Data\PriceGong\Data\l.xml

c:\documents and settings\Owner\Application Data\PriceGong\Data\m.xml

c:\documents and settings\Owner\Application Data\PriceGong\Data\mru.xml

c:\documents and settings\Owner\Application Data\PriceGong\Data\n.xml

c:\documents and settings\Owner\Application Data\PriceGong\Data\o.xml

c:\documents and settings\Owner\Application Data\PriceGong\Data\p.xml

c:\documents and settings\Owner\Application Data\PriceGong\Data\q.xml

c:\documents and settings\Owner\Application Data\PriceGong\Data\r.xml

c:\documents and settings\Owner\Application Data\PriceGong\Data\s.xml

c:\documents and settings\Owner\Application Data\PriceGong\Data\t.xml

c:\documents and settings\Owner\Application Data\PriceGong\Data\u.xml

c:\documents and settings\Owner\Application Data\PriceGong\Data\ugyrioujvr.tmp

c:\documents and settings\Owner\Application Data\PriceGong\Data\v.xml

c:\documents and settings\Owner\Application Data\PriceGong\Data\w.xml

c:\documents and settings\Owner\Application Data\PriceGong\Data\x.xml

c:\documents and settings\Owner\Application Data\PriceGong\Data\y.xml

c:\documents and settings\Owner\Application Data\PriceGong\Data\z.xml

c:\documents and settings\Owner\Local Settings\Application Data\ApplicationHistory

c:\documents and settings\Owner\Local Settings\Application Data\ApplicationHistory\ehshell.exe.a87fcbb.ini

c:\documents and settings\Owner\Local Settings\Application Data\ApplicationHistory\MCInstaller.exe.2591de4.ini

c:\documents and settings\Owner\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini

c:\documents and settings\Owner\Local Settings\Application Data\ApplicationHistory\ngen.exe.89f695a3.ini

c:\documents and settings\Owner\Local Settings\Application Data\ApplicationHistory\ProcessDll.exe.cd116cf9.ini

c:\documents and settings\Owner\Local Settings\Application Data\ApplicationHistory\SL4D.tmp.86365231.ini

c:\documents and settings\Owner\Local Settings\Application Data\ApplicationHistory\SL9C.tmp.5510cc53.ini

c:\documents and settings\Owner\Local Settings\Application Data\ApplicationHistory\SVCD2DVD.exe.30e204de.ini

c:\documents and settings\Owner\Local Settings\Application Data\catcertcsc.exe

c:\documents and settings\Owner\Start Menu\Programs\System Recovery

c:\documents and settings\Owner\Start Menu\Programs\System Recovery\Application & Driver Recovery.lnk

c:\documents and settings\Owner\Start Menu\Programs\System Recovery\Create my Drivers-Applications CD(s).lnk

c:\documents and settings\Owner\Start Menu\Programs\System Recovery\System Recovery.lnk

c:\documents and settings\Owner\ugyrioujvr.tmp

c:\documents and settings\Owner\WINDOWS

c:\documents and settings\Tee\Local Settings\Application Data\ApplicationHistory

c:\documents and settings\Tee\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini

c:\documents and settings\Tee\Local Settings\Application Data\ApplicationHistory\SL9C.tmp.5510cc53.ini

c:\documents and settings\Tee\Start Menu\Programs\System Recovery

c:\documents and settings\Tee\Start Menu\Programs\System Recovery\Application & Driver Recovery.lnk

c:\documents and settings\Tee\Start Menu\Programs\System Recovery\Create my Drivers-Applications CD(s).lnk

c:\documents and settings\Tee\Start Menu\Programs\System Recovery\System Recovery.lnk

c:\documents and settings\Tee\WINDOWS

c:\program files\RegGenie

c:\program files\RegGenie\Backups\40791.7620359491

c:\program files\RegGenie\RegGenie.ini

c:\windows\$NtUninstallKB45193$

c:\windows\$NtUninstallKB45193$\2246158266

c:\windows\1043810424

c:\windows\assembly\GAC_MSIL\desktop.ini

c:\windows\ptl6ndic.dll

c:\windows\RegGenieOnUninstall.exe

c:\windows\system32\comct332.ocx

c:\windows\system32\config\systemprofile\WINDOWS

c:\windows\system32\drivers\npf.sys

c:\windows\system32\Packet.dll

c:\windows\system32\pthreadVC.dll

c:\windows\system32\ReadMe.txt

c:\windows\system32\WanPacket.dll

c:\windows\system32\wpcap.dll

.

Infected copy of c:\windows\system32\drivers\cdrom.sys was found and disinfected

Restored copy from - c:\windows\ServicePackFiles\i386\cdrom.sys

.

Infected copy of c:\program files\SUPERAntiSpyware\SASCORE.EXE was found and disinfected

Restored copy from - c:\system volume information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP588\A0211509.exe

.

Infected copy of c:\progra~1\SYMANT~1\SYMANT~1\DefWatch.exe was found and disinfected

Restored copy from - c:\system volume information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP588\A0209177.exe

.

Infected copy of c:\program files\Java\jre6\bin\jqs.exe was found and disinfected

Restored copy from - c:\system volume information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP588\A0209178.exe

.

Infected copy of c:\program files\idt\intelxpv_v103\wdm\STacSV.exe was found and disinfected

Restored copy from - c:\windows\system32\stacsv.exe

.

Infected copy of c:\windows\system32\SearchIndexer.exe was found and disinfected

Restored copy from - c:\system volume information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP588\A0209180.exe

.

Infected copy of c:\progra~1\SYMANT~1\SYMANT~1\DefWatch.exe was found and disinfected

Restored copy from - c:\system volume information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP588\A0209177.exe

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_7848373e

.

.

((((((((((((((((((((((((( Files Created from 2011-08-12 to 2011-09-12 )))))))))))))))))))))))))))))))

.

.

2011-09-12 21:09 . 2011-09-12 21:09 -------- d-----w- c:\documents and settings\Owner\Application Data\Avira

2011-09-12 18:16 . 2011-09-12 18:18 48016 --sha-w- c:\windows\system32\c_56610.nl_

2011-09-12 03:52 . 2011-09-12 03:56 -------- dc----w- C:\MGtools

2011-09-12 03:49 . 2011-07-06 23:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-09-12 03:48 . 2011-07-06 23:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-09-12 03:22 . 2011-09-12 03:22 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2011-09-05 11:34 . 2011-09-05 11:34 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Threat Expert

2011-09-05 02:03 . 2011-09-05 02:08 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools

2011-09-05 02:03 . 2011-09-05 02:03 -------- d-----w- c:\documents and settings\Owner\Application Data\PC Tools

2011-09-04 20:09 . 2011-09-04 20:09 239104 ----a-w- c:\windows\system32\wscui32.dll

2011-09-03 10:17 . 2011-09-03 10:17 599040 -c----w- c:\windows\system32\dllcache\crypt32.dll

2011-09-03 02:20 . 2011-09-03 02:20 -------- d--h--w- c:\windows\msdownld.tmp

2011-09-02 20:44 . 2011-09-02 20:44 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit

2011-09-02 20:42 . 2011-09-02 21:27 -------- d-----w- c:\documents and settings\Owner\Application Data\IObit

2011-09-02 20:16 . 2011-09-02 20:35 -------- d-----w- c:\documents and settings\Owner\Application Data\Registry Cleaner

2011-09-02 19:54 . 2011-09-02 19:54 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\AMUST

2011-09-02 19:48 . 2011-09-02 19:48 -------- d-----w- c:\documents and settings\All Users\Application Data\!SASCORE

2011-09-02 19:48 . 2011-09-12 21:33 -------- d-----w- c:\program files\SUPERAntiSpyware

2011-09-02 17:18 . 2011-09-02 17:18 4194304 ----a-w- c:\windows\system32\maaamtym.dll

2011-09-02 17:17 . 2011-09-02 17:18 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

2011-09-02 15:30 . 2011-09-02 15:30 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\PackageAware

2011-09-02 05:40 . 2011-09-02 05:40 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\2K Games

2011-08-31 22:04 . 2011-08-31 22:04 -------- d-----w- c:\program files\Common Files\Steam

2011-08-31 20:43 . 2011-08-31 20:43 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Activision

2011-08-31 20:41 . 2010-06-02 08:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll

2011-08-31 20:41 . 2010-06-02 08:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll

2011-08-31 20:41 . 2010-06-02 08:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll

2011-08-31 20:41 . 2010-05-26 15:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll

2011-08-31 20:41 . 2010-05-26 15:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll

2011-08-31 20:41 . 2010-05-26 15:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll

2011-08-31 20:41 . 2010-05-26 15:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll

2011-08-31 20:41 . 2010-05-26 15:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll

2011-08-31 20:41 . 2010-02-04 14:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll

2011-08-31 20:41 . 2010-02-04 14:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll

2011-08-31 20:41 . 2010-02-04 14:01 238936 ----a-w- c:\windows\system32\xactengine3_6.dll

2011-08-31 20:41 . 2010-02-04 14:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll

2011-08-31 20:29 . 2011-08-31 20:29 -------- d-----w- c:\program files\Activision

2011-08-27 01:06 . 2011-08-27 01:06 -------- d-----w- c:\program files\Apple Software Update

2011-08-25 21:10 . 2011-08-25 21:10 -------- d-----w- c:\program files\EA GAMES

2011-08-25 21:04 . 2011-08-25 21:04 -------- d-sh--w- c:\windows\system32\AI_RecycleBin

2011-08-25 21:04 . 2011-08-25 21:04 -------- d-----w- c:\program files\W3i

2011-08-25 21:04 . 2011-08-25 21:04 -------- d-----w- c:\documents and settings\All Users\Application Data\W3i

2011-08-25 21:04 . 2011-08-25 21:04 -------- d-----w- c:\documents and settings\Owner\Application Data\NetAssistant

2011-08-19 01:23 . 2011-08-19 01:23 -------- d-----w- c:\documents and settings\Owner\Application Data\vlc

2011-08-19 01:15 . 2011-08-19 01:23 -------- d-----w- c:\documents and settings\Owner\Application Data\uPlayer

2011-08-19 01:15 . 2011-08-19 01:15 -------- d-----w- c:\program files\uPlayer

2011-08-19 01:14 . 2011-08-19 01:35 -------- d-----w- c:\program files\Common Files\FreeCause

2011-08-15 18:11 . 2011-08-15 18:11 -------- d-----w- c:\program files\Common Files\Adobe

2011-08-14 17:47 . 2011-08-14 17:47 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-08-14 02:12 . 2011-08-14 02:12 -------- d-----w- c:\windows\Temp301C9D70-ACA1-50E5-859B-41624187A40B-Signatures

2011-08-14 01:48 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys

2011-08-14 01:45 . 2011-08-14 01:45 0 ----a-w- c:\windows\system32\ConduitEngine.tmp

2011-08-14 01:45 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys

2011-08-14 01:42 . 2011-03-29 15:22 1034240 ----a-r- c:\windows\system32\drivers\AE2500xp.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-09-12 18:15 . 2005-04-13 16:55 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys

2011-09-12 03:56 . 2011-09-12 03:52 146025 -c--a-w- C:\MGlogs.zip

2011-09-03 10:17 . 2005-04-13 16:55 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-07-20 15:30 . 2010-01-23 19:58 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2011-07-20 15:30 . 2010-01-23 19:58 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys

2011-07-15 13:29 . 2005-04-13 16:55 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-07-08 14:02 . 2005-04-13 16:55 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys

2011-06-24 14:10 . 2005-04-13 17:12 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2011-06-23 18:36 . 2005-04-13 16:56 916480 ----a-w- c:\windows\system32\wininet.dll

2011-06-23 18:36 . 2005-04-13 16:55 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-06-23 18:36 . 2005-04-13 16:55 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-06-23 12:05 . 2005-04-13 16:55 385024 ----a-w- c:\windows\system32\html.iec

2011-06-20 17:44 . 2005-04-13 16:56 293376 ----a-w- c:\windows\system32\winsrv.dll

2001-09-28 22:00 . 2006-12-29 21:52 164864 -c--a-w- c:\program files\UNWISE.EXE

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[7] 2009-08-27 . F232BA9F39BC0F722672C7E79E68EBEA . 634648 . . [7.00.6000.16915] . . c:\windows\ie8\iexplore.exe

[7] 2009-08-27 . 332EC7562F3AA7364F2D4231C56DA986 . 634648 . . [7.00.6000.21115] . . c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\iexplore.exe

[7] 2009-06-29 . 3CFC56F73D494FC1AA2B6E981DF15ACD . 634632 . . [7.00.6000.16876] . . c:\windows\ie7updates\KB974455-IE7\iexplore.exe

[7] 2009-06-29 . 02E2754D3E566C11A4934825920C47DD . 634632 . . [7.00.6000.21073] . . c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\iexplore.exe

[7] 2009-03-08 . B60DDDD2D63CE41CB8C487FCFBB6419E . 638816 . . [8.00.6001.18702] . . c:\windows\system32\dllcache\iexplore.exe

[7] 2009-02-28 . BCD8E48709BE4A79606F0B6E8E9A6162 . 636088 . . [7.00.6000.21020] . . c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\iexplore.exe

[7] 2009-02-28 . A251068640DDB69FD7805B57D89D7FF7 . 636072 . . [7.00.6000.16827] . . c:\windows\ie7updates\KB972260-IE7\iexplore.exe

[7] 2008-12-19 . 15E8A89499741D5CF59A9CF6463A4339 . 634024 . . [7.00.6000.20978] . . c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\iexplore.exe

[7] 2008-12-19 . 030D78FE84A086ED376EFCBD2D72C522 . 634024 . . [7.00.6000.16791] . . c:\windows\ie7updates\KB963027-IE7\iexplore.exe

[7] 2008-10-15 . 9D3DB9ADFABD2F0BC778EC03250A3ABB . 633632 . . [7.00.6000.16762] . . c:\windows\ie7updates\KB961260-IE7\iexplore.exe

[7] 2008-10-15 . 056C927CF7207857E8B34F7A8FFD9B9E . 633632 . . [7.00.6000.20935] . . c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\iexplore.exe

[7] 2008-08-23 . E8305C30D35E85D6657ED3E9934CB302 . 635848 . . [7.00.6000.20900] . . c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\iexplore.exe

[7] 2008-08-23 . 1F03216084447F990AE797317D0A6E70 . 635848 . . [7.00.6000.16735] . . c:\windows\ie7updates\KB958215-IE7\iexplore.exe

[7] 2008-06-23 . 64E376A47763DAEABCDA14BD5B6EA286 . 625664 . . [7.00.6000.16705] . . c:\windows\ie7updates\KB956390-IE7\iexplore.exe

[7] 2008-06-23 . C52A9EF571E91535EB78DB4B8B95EA07 . 625664 . . [7.00.6000.20861] . . c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\iexplore.exe

[7] 2008-04-22 . 197B7E4030CFBD8D2979D375E1787AA2 . 625664 . . [7.00.6000.20815] . . c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\iexplore.exe

[7] 2008-04-22 . 232B22817B90AE0AFF2D189E3E3735AC . 625664 . . [7.00.6000.16674] . . c:\windows\ie7updates\KB953838-IE7\iexplore.exe

[7] 2008-04-14 . 55794B97A7FAABD2910873C85274F409 . 93184 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\iexplore.exe

[7] 2008-02-29 . 2D0E5592AB5A46C27DAF7CCAFF4F5B59 . 625664 . . [7.00.6000.16640] . . c:\windows\ie7updates\KB950759-IE7\iexplore.exe

[7] 2008-02-22 . 6E0888626E0CAC79F57149814E22DB4D . 625664 . . [7.00.6000.20772] . . c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\iexplore.exe

[7] 2007-12-06 . 2703D940A62B731AA220529DD7331A78 . 625664 . . [7.00.6000.16608] . . c:\windows\ie7updates\KB947864-IE7\iexplore.exe

[7] 2007-12-06 . 809D17D8FA0FDAEE07778CD821CAFFDE . 625664 . . [7.00.6000.20733] . . c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\iexplore.exe

[7] 2007-10-10 . E854D02E4231F704D9BE782A424E6D8B . 625152 . . [7.00.6000.16574] . . c:\windows\ie7updates\KB944533-IE7\iexplore.exe

[7] 2007-10-10 . 632BDE0179847234433CA50945442ACB . 625664 . . [7.00.6000.20696] . . c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\iexplore.exe

[7] 2007-08-17 . 3AC2BC667DA0AF2C968E96E1630F5AB5 . 625152 . . [7.00.6000.16544] . . c:\windows\ie7updates\KB942615-IE7\iexplore.exe

[7] 2007-08-17 . 5577D0E3AC2F9F035ACD81B44AF5F511 . 625152 . . [7.00.6000.20661] . . c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\iexplore.exe

[7] 2007-06-27 . BD8502DFD53FC24FB8D6929DC46B8C2C . 625152 . . [7.00.6000.20627] . . c:\windows\$hf_mig$\KB937143-IE7\SP2QFE\iexplore.exe

[7] 2007-06-27 . 275CEE268B9E5D82474C43D5D249D111 . 625152 . . [7.00.6000.16512] . . c:\windows\ie7updates\KB939653-IE7\iexplore.exe

[7] 2007-04-24 . 10BDB55982586A432A3951EB19A26009 . 625152 . . [7.00.6000.16473] . . c:\windows\ie7updates\KB937143-IE7\iexplore.exe

[7] 2007-04-24 . 9B3516C1F30DA17ADD3818573047D63C . 625152 . . [7.00.6000.20583] . . c:\windows\$hf_mig$\KB933566-IE7\SP2QFE\iexplore.exe

[7] 2007-02-28 . D321092F8529CDAE843D6E24E3CAC6CB . 625152 . . [7.00.6000.20544] . . c:\windows\$hf_mig$\KB931768-IE7\SP2QFE\iexplore.exe

[7] 2007-02-21 . 683DDE71BCF03B501B912D20CB93B549 . 623616 . . [7.00.6000.16441] . . c:\windows\ie7updates\KB933566-IE7\iexplore.exe

[7] 2007-01-08 . 93A6A4F5293AE19E3B37021AABCF0902 . 623616 . . [7.00.6000.16414] . . c:\windows\ie7updates\KB931768-IE7\iexplore.exe

[-] 2006-10-17 . 5334D4461AA92A7B008755FE6D13C5F2 . 622080 . . [7.00.5730.11] . . c:\windows\ie7updates\KB928090-IE7\iexplore.exe

[-] 2004-08-10 . E7484514C0464642BE7B4DC2689354C8 . 93184 . . [6.00.2900.2180] . . c:\windows\ie7\iexplore.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{132A3557-F4F3-4BCC-9648-8346A82E74Cf}]

2011-09-04 20:09 239104 ----a-w- c:\windows\system32\wscui32.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AdobeUMUpdate"="c:\documents and settings\Owner\Application Data\AdobeUM\AdobeUMUpdate\AdobeUMupdt32.exe" [2011-09-04 56832]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-08-12 4603264]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-03-12 483422]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"vptray"="c:\progra~1\SYMANT~1\SYMANT~1\vptray.exe" [2003-04-26 90112]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

"AdobeUMUpdate"="c:\documents and settings\Owner\Application Data\AdobeUM\AdobeUMUpdate\AdobeUMupdt32.exe" [2011-09-04 56832]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BigFix.lnk

backup=c:\windows\pss\BigFix.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Install Pending Files.LNK]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Install Pending Files.LNK

backup=c:\windows\pss\Install Pending Files.LNKCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Run Google Web Accelerator.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Run Google Web Accelerator.lnk

backup=c:\windows\pss\Run Google Web Accelerator.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk

backup=c:\windows\pss\Windows Search.lnkCommon Startup

backupExtension=Common Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

c:\windows\system32\dumprep 0 -k [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]

2005-05-03 21:02 543232 -c--a-w- c:\windows\zHotkey.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]

2005-08-05 17:56 64512 ----a-w- c:\windows\ehome\ehtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

2005-04-25 17:29 77824 -c--a-w- c:\windows\system32\hkcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

2005-04-25 17:32 94208 -c--a-w- c:\windows\system32\igfxtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstallIQUpdater]

2011-08-09 21:02 1176064 ----a-w- c:\program files\W3i\InstallIQUpdater\InstallIQUpdater.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 00:12 1695232 --sh--w- c:\program files\Messenger\msmsgs.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]

2005-06-02 23:03 1957888 -c----w- c:\program files\Ahead\Nero BackItUp\NBJ.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2001-07-09 18:50 155648 -c--a-w- c:\windows\system32\NeroCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]

2005-04-25 17:32 114688 -c--a-w- c:\windows\system32\igfxpers.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]

2002-09-14 06:42 212992 -c--a-w- c:\windows\SMINST\Recguard.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]

2005-03-09 15:49 966656 -c--a-w- c:\windows\creator\remind_xp.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]

2009-03-12 17:53 483422 ----a-w- c:\windows\sttray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunKistEM]

2004-11-15 22:04 135168 -c--a-w- c:\program files\Digital Media Reader\shwiconEM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"PrismXL"=2 (0x2)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Program Files\\Common Files\\AOL\\1144556525\\ee\\aim6.exe"=

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\BitComet\\BitComet.exe"=

"c:\\WINDOWS\\system32\\mmc.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\Common Files\\AOL\\1144556525\\ee\\aolsoftware.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\W3i\\InstallIQUpdater\\InstallIQUpdater.exe"=

"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

"c:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"=

"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=

"c:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DW20.EXE"=

"c:\\WINDOWS\\system32\\mshta.exe"=

"c:\\Program Files\\Google\\Update\\GoogleUpdate.exe"=

"c:\\Program Files\\EA GAMES\\MOHAA\\MOHAA.exe"=

"c:\\Documents and Settings\\Owner\\Application Data\\AdobeUM\\AdobeUMUpdate\\AdobeUMupdt32.exe"=

"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=

"c:\\Documents and Settings\\Owner\\Desktop\\Bleeping computer downloads\\SUPERAntiSpyware.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"81:TCP"= 81:TCP:*:Disabled:www.fileporn.org

"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

"15072:TCP"= 15072:TCP:*:Disabled:BitComet 15072 TCP

"15072:UDP"= 15072:UDP:*:Disabled:BitComet 15072 UDP

"27097:TCP"= 27097:TCP:*:Disabled:BitComet 27097 TCP

"27097:UDP"= 27097:UDP:*:Disabled:BitComet 27097 UDP

"49154:TCP"= 49154:TCP:*:Disabled:BitComet 49154 TCP

"49154:UDP"= 49154:UDP:*:Disabled:BitComet 49154 UDP

"53580:TCP"= 53580:TCP:*:Disabled:BitComet 53580 TCP

"53580:UDP"= 53580:UDP:*:Disabled:BitComet 53580 UDP

"6839:TCP"= 6839:TCP:*:Disabled:BitComet 6839 TCP

"6839:UDP"= 6839:UDP:*:Disabled:BitComet 6839 UDP

"52890:TCP"= 52890:TCP:*:Disabled:BitComet 52890 TCP

"52890:UDP"= 52890:UDP:*:Disabled:BitComet 52890 UDP

"62890:TCP"= 62890:TCP:*:Disabled:BitComet 62890 TCP

"62890:UDP"= 62890:UDP:*:Disabled:BitComet 62890 UDP

"38839:TCP"= 38839:TCP:*:Disabled:BitCometBeta 38839 TCP

"38839:UDP"= 38839:UDP:*:Disabled:BitCometBeta 38839 UDP

"9383:TCP"= 9383:TCP:*:Disabled:BitComet 9383 TCP

"9383:UDP"= 9383:UDP:*:Disabled:BitComet 9383 UDP

"9879:TCP"= 9879:TCP:*:Disabled:BitComet 9879 TCP

"9879:UDP"= 9879:UDP:*:Disabled:BitComet 9879 UDP

"6346:TCP"= 6346:TCP:BitComet 6346 TCP

"6346:UDP"= 6346:UDP:BitComet 6346 UDP

"43823:TCP"= 43823:TCP:BitComet 43823 TCP

"43823:UDP"= 43823:UDP:BitComet 43823 UDP

"31853:TCP"= 31853:TCP:BitComet 31853 TCP

"31853:UDP"= 31853:UDP:BitComet 31853 UDP

"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015

"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016

"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

"23301:TCP"= 23301:TCP:BitComet 23301 TCP

"23301:UDP"= 23301:UDP:BitComet 23301 UDP

.

R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [9/12/2011 5:33 PM 116608]

R3 Linksys_adapter_H;Linksys Adapter Network Driver;c:\windows\system32\drivers\AE2500xp.sys [8/13/2011 9:42 PM 1034240]

S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [7/10/2006 10:36 PM 691696]

S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]

S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]

S1 cqknmdjg;cqknmdjg; [x]

S1 MpKsl1b68c793;MpKsl1b68c793; [x]

S1 MpKsl3c4a2abb;MpKsl3c4a2abb; [x]

S1 MpKsld7d2ad1c;MpKsld7d2ad1c; [x]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 12:27 PM 12880]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 5:55 PM 67664]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/20/2010 9:39 PM 135664]

S2 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/20/2010 9:39 PM 135664]

S2 RPCQT;Remote Procedure Call (CQTPM);c:\windows\System32\svchost.exe -k netsvcs [4/13/2005 12:56 PM 14336]

S3 ATMFBUS;A600 USB Composite Device Driver;c:\windows\system32\DRIVERS\ATMFBUS.sys --> c:\windows\system32\DRIVERS\ATMFBUS.sys [?]

S3 ATMFCVsp;A600 Cricket CM Port;c:\windows\system32\DRIVERS\ATMFCVsp.sys --> c:\windows\system32\DRIVERS\ATMFCVsp.sys [?]

S3 ATMFFLT;A600 USB Modem Installation CD;c:\windows\system32\DRIVERS\ATMFFLT.sys --> c:\windows\system32\DRIVERS\ATMFFLT.sys [?]

S3 ATMFMdm;A600 Cricket EVDO Modem;c:\windows\system32\DRIVERS\ATMFMdm.sys --> c:\windows\system32\DRIVERS\ATMFMdm.sys [?]

S3 ATMFNET;A600 Cricket EVDO Network Adapter;c:\windows\system32\DRIVERS\ATMFNET.sys --> c:\windows\system32\DRIVERS\ATMFNET.sys [?]

S3 ATMFNVsp;A600 Cricket NMEA Port Serial Port;c:\windows\system32\DRIVERS\ATMFNVsp.sys --> c:\windows\system32\DRIVERS\ATMFNVsp.sys [?]

S3 ATMFVsp;A600 Cricket Diagnostics Port;c:\windows\system32\DRIVERS\ATMFVsp.sys --> c:\windows\system32\DRIVERS\ATMFVsp.sys [?]

S3 DPCNET5U;Satellite USB Driver;c:\windows\system32\DRIVERS\dpcnet5u.sys --> c:\windows\system32\DRIVERS\dpcnet5u.sys [?]

S3 gAGP440p;gAGP440p; [x]

S3 TfNetMon;TfNetMon; [x]

S4 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [1/23/2010 3:58 PM 136360]

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

RPCQT

.

Contents of the 'Scheduled Tasks' folder

.

2011-09-09 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]

.

2007-10-30 c:\windows\Tasks\BitComet.job

- c:\progra~1\BitComet\BitComet.exe [2009-07-31 09:05]

.

2011-09-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-21 01:38]

.

2011-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-21 01:38]

.

2011-09-12 c:\windows\Tasks\User_Feed_Synchronization-{7B8B7F67-DA93-447D-83C7-A6BD434B3F4A}.job

- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://google.com/

uInternet Settings,ProxyOverride = <local>

IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm

IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm

IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm

TCP: DhcpNameServer = 192.168.1.1

.

- - - - ORPHANS REMOVED - - - -

.

HKCU-Run-DisplayVerifierOnline - c:\documents and settings\All Users\Application Data\DisplayVerifierOnline.dll

HKCU-Run-Wbapuvaca - c:\windows\ptl6ndic.dll

SafeBoot-53117751.sys

MSConfigStartUp-DAEMON Tools - c:\program files\DAEMON Tools\daemon.exe

MSConfigStartUp-DW6 - c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe

MSConfigStartUp-IntelAudioStudio - c:\program files\Intel Audio Studio\IntelAudioStudio.exe

MSConfigStartUp-kakiziguv - c:\windows\system32\polekove.dll

MSConfigStartUp-RemoteControl - c:\program files\CyberLink\PowerDVD\PDVDServ.exe

MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe

MSConfigStartUp-webHancer Agent - c:\program files\webHancer\Programs\whagent.exe

MSConfigStartUp-{382AC062-0AEF-1033-0802-050718200001} - c:\program files\Common Files\{382AC062-0AEF-1033-0802-050718200001}\Update.exe

MSConfigStartUp-{382AC062-0AF0-1033-0802-050718200001} - c:\program files\Common Files\{382AC062-0AF0-1033-0802-050718200001}\Update.exe

MSConfigStartUp-{382AC062-0AFF-1033-0802-050718200001} - c:\program files\Common Files\{382AC062-0AFF-1033-0802-050718200001}\Update.exe

MSConfigStartUp-{382AC062-0B0D-1033-0802-050718200001} - c:\program files\Common Files\{382AC062-0B0D-1033-0802-050718200001}\Update.exe

AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\documents and settings\All Users\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}\standard_1.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-09-12 17:41

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet009\Services\.cdrom]

"ImagePath"="\*"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-3411350672-2408072866-3857614147-1006\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•A~*]

"AB141C35E9F4BF344B9FC010BB17F68A"=""

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(588)

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

c:\windows\system32\WININET.dll

.

- - - - - - - > 'explorer.exe'(1980)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\program files\Common Files\Ahead\Lib\NeroDigitalExt.dll

c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll

.

Completion time: 2011-09-12 17:50:11 - machine was rebooted

ComboFix-quarantined-files.txt 2011-09-12 21:50

.

Pre-Run: 59,100,139,520 bytes free

Post-Run: 59,777,572,864 bytes free

.

Current=9 Default=9 Failed=8 LastKnownGood=10 Sets=1,2,3,4,5,6,7,8,9,10

- - End Of File - - B598FAAE80A5124EF1A79A68AFB54F73

[lilgeezy24]

I ran combofix and it stated that my comp was infected with rootkit.zeroaccess it says deleted alot of files and fixed them but the computer is still acting the same. mbam still wont scan

ComboFix 11-09-12.03 - Owner 09/12/2011 17:22:16.1.2 - x86 NETWORK

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.842 [GMT -4:00]

Running from: c:\documents and settings\Owner\Desktop\Bleeping computer downloads\ComboFix.exe

AV: AntiVir Desktop *Enabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}

AV: Microsoft Security Essentials *Disabled/Outdated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory

c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini

c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\SL9C.tmp.5510cc53.ini

c:\documents and settings\Administrator\Start Menu\Programs\System Recovery

c:\documents and settings\Administrator\Start Menu\Programs\System Recovery\Application & Driver Recovery.lnk

c:\documents and settings\Administrator\Start Menu\Programs\System Recovery\Create my Drivers-Applications CD(s).lnk

c:\documents and settings\Administrator\Start Menu\Programs\System Recovery\System Recovery.lnk

c:\documents and settings\Administrator\WINDOWS

c:\documents and settings\All Users\Application Data\DisplayVerifierOnline.dll

c:\documents and settings\All Users\Application Data\jI09200GoNmM09200

c:\documents and settings\All Users\Application Data\jI09200GoNmM09200\jI09200GoNmM09200

c:\documents and settings\All Users\Application Data\jI09200GoNmM09200\jI09200GoNmM09200.exe

c:\documents and settings\All Users\Application Data\Tarma Installer

c:\documents and settings\All Users\Start Menu\Programs\System Recovery

c:\documents and settings\All Users\Start Menu\Programs\System Recovery\Recovery Help Manual.pdf

c:\documents and settings\Default User\WINDOWS

c:\documents and settings\Guest\WINDOWS

c:\documents and settings\NetworkService\Local Settings\Application Data\jifdorh.dll

c:\documents and settings\Owner\Application Data\2086498716582A7C3D45DF42784D1FCB

c:\documents and settings\Owner\Application Data\2086498716582A7C3D45DF42784D1FCB\enemies-names.txt

c:\documents and settings\Owner\Application Data\2086498716582A7C3D45DF42784D1FCB\hookdll.dll

c:\documents and settings\Owner\Application Data\2086498716582A7C3D45DF42784D1FCB\local.ini

c:\documents and settings\Owner\Application Data\2086498716582A7C3D45DF42784D1FCB\lsrslt.ini

c:\documents and settings\Owner\Application Data\46B4E172B37CD1CCDDD01D80B9E55993

c:\documents and settings\Owner\Application Data\46B4E172B37CD1CCDDD01D80B9E55993\enemies-names.txt

c:\documents and settings\Owner\Application Data\46B4E172B37CD1CCDDD01D80B9E55993\local.ini

c:\documents and settings\Owner\Application Data\46B4E172B37CD1CCDDD01D80B9E55993\lsrslt.ini

c:\documents and settings\Owner\Application Data\Adobe\plugs

c:\documents and settings\Owner\Application Data\Adobe\plugs\mmc101.exe

c:\documents and settings\Owner\Application Data\Adobe\plugs\mmc20.exe

c:\documents and settings\Owner\Application Data\Adobe\plugs\mmc83.exe

c:\documents and settings\Owner\Application Data\Adobe\plugs\mmc949656.txt

c:\documents and settings\Owner\Application Data\Adobe\plugs\mmc963187.txt

c:\documents and settings\Owner\Application Data\Adobe\plugs\mmc971406.txt

c:\documents and settings\Owner\Application Data\Adobe\shed

c:\documents and settings\Owner\Application Data\Adobe\shed\thr1.chm

c:\documents and settings\Owner\Application Data\hostactioncenter.exe

c:\documents and settings\Owner\Application Data\PriceGong

c:\documents and settings\Owner\Application Data\PriceGong\Data\1.xml

c:\documents and settings\Owner\Application Data\PriceGong\Data\a.xml

c:\documents and settings\Owner\Application Data\PriceGong\Data\b.xml

c:\documents and settings\Owner\Application Data\PriceGong\Data\c.xml

c:\documents and settings\Owner\Application Data\PriceGong\Data\d.xml

c:\documents and settings\Owner\Application Data\PriceGong\Data\e.xml

c:\documents and settings\Owner\Application Data\PriceGong\Data\f.xml

c:\documents and settings\Owner\Application Data\PriceGong\Data\g.xml

c:\documents and settings\Owner\Application Data\PriceGong\Data\h.xml

c:\documents and settings\Owner\Application Data\PriceGong\Data\i.xml

c:\documents and settings\Owner\Application Data\PriceGong\Data\j.xml

c:\documents and settings\Owner\Application Data\PriceGong\Data\k.xml

c:\documents and settings\Owner\Application Data\PriceGong\Data\l.xml

c:\documents and settings\Owner\Application Data\PriceGong\Data\m.xml

c:\documents and settings\Owner\Application Data\PriceGong\Data\mru.xml

c:\documents and settings\Owner\Application Data\PriceGong\Data\n.xml

c:\documents and settings\Owner\Application Data\PriceGong\Data\o.xml

c:\documents and settings\Owner\Application Data\PriceGong\Data\p.xml

c:\documents and settings\Owner\Application Data\PriceGong\Data\q.xml

c:\documents and settings\Owner\Application Data\PriceGong\Data\r.xml

c:\documents and settings\Owner\Application Data\PriceGong\Data\s.xml

c:\documents and settings\Owner\Application Data\PriceGong\Data\t.xml

c:\documents and settings\Owner\Application Data\PriceGong\Data\u.xml

c:\documents and settings\Owner\Application Data\PriceGong\Data\ugyrioujvr.tmp

c:\documents and settings\Owner\Application Data\PriceGong\Data\v.xml

c:\documents and settings\Owner\Application Data\PriceGong\Data\w.xml

c:\documents and settings\Owner\Application Data\PriceGong\Data\x.xml

c:\documents and settings\Owner\Application Data\PriceGong\Data\y.xml

c:\documents and settings\Owner\Application Data\PriceGong\Data\z.xml

c:\documents and settings\Owner\Local Settings\Application Data\ApplicationHistory

c:\documents and settings\Owner\Local Settings\Application Data\ApplicationHistory\ehshell.exe.a87fcbb.ini

c:\documents and settings\Owner\Local Settings\Application Data\ApplicationHistory\MCInstaller.exe.2591de4.ini

c:\documents and settings\Owner\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini

c:\documents and settings\Owner\Local Settings\Application Data\ApplicationHistory\ngen.exe.89f695a3.ini

c:\documents and settings\Owner\Local Settings\Application Data\ApplicationHistory\ProcessDll.exe.cd116cf9.ini

c:\documents and settings\Owner\Local Settings\Application Data\ApplicationHistory\SL4D.tmp.86365231.ini

c:\documents and settings\Owner\Local Settings\Application Data\ApplicationHistory\SL9C.tmp.5510cc53.ini

c:\documents and settings\Owner\Local Settings\Application Data\ApplicationHistory\SVCD2DVD.exe.30e204de.ini

c:\documents and settings\Owner\Local Settings\Application Data\catcertcsc.exe

c:\documents and settings\Owner\Start Menu\Programs\System Recovery

c:\documents and settings\Owner\Start Menu\Programs\System Recovery\Application & Driver Recovery.lnk

c:\documents and settings\Owner\Start Menu\Programs\System Recovery\Create my Drivers-Applications CD(s).lnk

c:\documents and settings\Owner\Start Menu\Programs\System Recovery\System Recovery.lnk

c:\documents and settings\Owner\ugyrioujvr.tmp

c:\documents and settings\Owner\WINDOWS

c:\documents and settings\Tee\Local Settings\Application Data\ApplicationHistory

c:\documents and settings\Tee\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini

c:\documents and settings\Tee\Local Settings\Application Data\ApplicationHistory\SL9C.tmp.5510cc53.ini

c:\documents and settings\Tee\Start Menu\Programs\System Recovery

c:\documents and settings\Tee\Start Menu\Programs\System Recovery\Application & Driver Recovery.lnk

c:\documents and settings\Tee\Start Menu\Programs\System Recovery\Create my Drivers-Applications CD(s).lnk

c:\documents and settings\Tee\Start Menu\Programs\System Recovery\System Recovery.lnk

c:\documents and settings\Tee\WINDOWS

c:\program files\RegGenie

c:\program files\RegGenie\Backups\40791.7620359491

c:\program files\RegGenie\RegGenie.ini

c:\windows\$NtUninstallKB45193$

c:\windows\$NtUninstallKB45193$\2246158266

c:\windows\1043810424

c:\windows\assembly\GAC_MSIL\desktop.ini

c:\windows\ptl6ndic.dll

c:\windows\RegGenieOnUninstall.exe

c:\windows\system32\comct332.ocx

c:\windows\system32\config\systemprofile\WINDOWS

c:\windows\system32\drivers\npf.sys

c:\windows\system32\Packet.dll

c:\windows\system32\pthreadVC.dll

c:\windows\system32\ReadMe.txt

c:\windows\system32\WanPacket.dll

c:\windows\system32\wpcap.dll

.

Infected copy of c:\windows\system32\drivers\cdrom.sys was found and disinfected

Restored copy from - c:\windows\ServicePackFiles\i386\cdrom.sys

.

Infected copy of c:\program files\SUPERAntiSpyware\SASCORE.EXE was found and disinfected

Restored copy from - c:\system volume information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP588\A0211509.exe

.

Infected copy of c:\progra~1\SYMANT~1\SYMANT~1\DefWatch.exe was found and disinfected

Restored copy from - c:\system volume information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP588\A0209177.exe

.

Infected copy of c:\program files\Java\jre6\bin\jqs.exe was found and disinfected

Restored copy from - c:\system volume information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP588\A0209178.exe

.

Infected copy of c:\program files\idt\intelxpv_v103\wdm\STacSV.exe was found and disinfected

Restored copy from - c:\windows\system32\stacsv.exe

.

Infected copy of c:\windows\system32\SearchIndexer.exe was found and disinfected

Restored copy from - c:\system volume information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP588\A0209180.exe

.

Infected copy of c:\progra~1\SYMANT~1\SYMANT~1\DefWatch.exe was found and disinfected

Restored copy from - c:\system volume information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP588\A0209177.exe

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_7848373e

.

.

((((((((((((((((((((((((( Files Created from 2011-08-12 to 2011-09-12 )))))))))))))))))))))))))))))))

.

.

2011-09-12 21:09 . 2011-09-12 21:09 -------- d-----w- c:\documents and settings\Owner\Application Data\Avira

2011-09-12 18:16 . 2011-09-12 18:18 48016 --sha-w- c:\windows\system32\c_56610.nl_

2011-09-12 03:52 . 2011-09-12 03:56 -------- dc----w- C:\MGtools

2011-09-12 03:49 . 2011-07-06 23:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-09-12 03:48 . 2011-07-06 23:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-09-12 03:22 . 2011-09-12 03:22 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2011-09-05 11:34 . 2011-09-05 11:34 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Threat Expert

2011-09-05 02:03 . 2011-09-05 02:08 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools

2011-09-05 02:03 . 2011-09-05 02:03 -------- d-----w- c:\documents and settings\Owner\Application Data\PC Tools

2011-09-04 20:09 . 2011-09-04 20:09 239104 ----a-w- c:\windows\system32\wscui32.dll

2011-09-03 10:17 . 2011-09-03 10:17 599040 -c----w- c:\windows\system32\dllcache\crypt32.dll

2011-09-03 02:20 . 2011-09-03 02:20 -------- d--h--w- c:\windows\msdownld.tmp

2011-09-02 20:44 . 2011-09-02 20:44 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit

2011-09-02 20:42 . 2011-09-02 21:27 -------- d-----w- c:\documents and settings\Owner\Application Data\IObit

2011-09-02 20:16 . 2011-09-02 20:35 -------- d-----w- c:\documents and settings\Owner\Application Data\Registry Cleaner

2011-09-02 19:54 . 2011-09-02 19:54 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\AMUST

2011-09-02 19:48 . 2011-09-02 19:48 -------- d-----w- c:\documents and settings\All Users\Application Data\!SASCORE

2011-09-02 19:48 . 2011-09-12 21:33 -------- d-----w- c:\program files\SUPERAntiSpyware

2011-09-02 17:18 . 2011-09-02 17:18 4194304 ----a-w- c:\windows\system32\maaamtym.dll

2011-09-02 17:17 . 2011-09-02 17:18 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

2011-09-02 15:30 . 2011-09-02 15:30 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\PackageAware

2011-09-02 05:40 . 2011-09-02 05:40 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\2K Games

2011-08-31 22:04 . 2011-08-31 22:04 -------- d-----w- c:\program files\Common Files\Steam

2011-08-31 20:43 . 2011-08-31 20:43 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Activision

2011-08-31 20:41 . 2010-06-02 08:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll

2011-08-31 20:41 . 2010-06-02 08:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll

2011-08-31 20:41 . 2010-06-02 08:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll

2011-08-31 20:41 . 2010-05-26 15:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll

2011-08-31 20:41 . 2010-05-26 15:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll

2011-08-31 20:41 . 2010-05-26 15:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll

2011-08-31 20:41 . 2010-05-26 15:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll

2011-08-31 20:41 . 2010-05-26 15:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll

2011-08-31 20:41 . 2010-02-04 14:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll

2011-08-31 20:41 . 2010-02-04 14:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll

2011-08-31 20:41 . 2010-02-04 14:01 238936 ----a-w- c:\windows\system32\xactengine3_6.dll

2011-08-31 20:41 . 2010-02-04 14:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll

2011-08-31 20:29 . 2011-08-31 20:29 -------- d-----w- c:\program files\Activision

2011-08-27 01:06 . 2011-08-27 01:06 -------- d-----w- c:\program files\Apple Software Update

2011-08-25 21:10 . 2011-08-25 21:10 -------- d-----w- c:\program files\EA GAMES

2011-08-25 21:04 . 2011-08-25 21:04 -------- d-sh--w- c:\windows\system32\AI_RecycleBin

2011-08-25 21:04 . 2011-08-25 21:04 -------- d-----w- c:\program files\W3i

2011-08-25 21:04 . 2011-08-25 21:04 -------- d-----w- c:\documents and settings\All Users\Application Data\W3i

2011-08-25 21:04 . 2011-08-25 21:04 -------- d-----w- c:\documents and settings\Owner\Application Data\NetAssistant

2011-08-19 01:23 . 2011-08-19 01:23 -------- d-----w- c:\documents and settings\Owner\Application Data\vlc

2011-08-19 01:15 . 2011-08-19 01:23 -------- d-----w- c:\documents and settings\Owner\Application Data\uPlayer

2011-08-19 01:15 . 2011-08-19 01:15 -------- d-----w- c:\program files\uPlayer

2011-08-19 01:14 . 2011-08-19 01:35 -------- d-----w- c:\program files\Common Files\FreeCause

2011-08-15 18:11 . 2011-08-15 18:11 -------- d-----w- c:\program files\Common Files\Adobe

2011-08-14 17:47 . 2011-08-14 17:47 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-08-14 02:12 . 2011-08-14 02:12 -------- d-----w- c:\windows\Temp301C9D70-ACA1-50E5-859B-41624187A40B-Signatures

2011-08-14 01:48 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys

2011-08-14 01:45 . 2011-08-14 01:45 0 ----a-w- c:\windows\system32\ConduitEngine.tmp

2011-08-14 01:45 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys

2011-08-14 01:42 . 2011-03-29 15:22 1034240 ----a-r- c:\windows\system32\drivers\AE2500xp.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-09-12 18:15 . 2005-04-13 16:55 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys

2011-09-12 03:56 . 2011-09-12 03:52 146025 -c--a-w- C:\MGlogs.zip

2011-09-03 10:17 . 2005-04-13 16:55 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-07-20 15:30 . 2010-01-23 19:58 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2011-07-20 15:30 . 2010-01-23 19:58 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys

2011-07-15 13:29 . 2005-04-13 16:55 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-07-08 14:02 . 2005-04-13 16:55 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys

2011-06-24 14:10 . 2005-04-13 17:12 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2011-06-23 18:36 . 2005-04-13 16:56 916480 ----a-w- c:\windows\system32\wininet.dll

2011-06-23 18:36 . 2005-04-13 16:55 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-06-23 18:36 . 2005-04-13 16:55 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-06-23 12:05 . 2005-04-13 16:55 385024 ----a-w- c:\windows\system32\html.iec

2011-06-20 17:44 . 2005-04-13 16:56 293376 ----a-w- c:\windows\system32\winsrv.dll

2001-09-28 22:00 . 2006-12-29 21:52 164864 -c--a-w- c:\program files\UNWISE.EXE

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[7] 2009-08-27 . F232BA9F39BC0F722672C7E79E68EBEA . 634648 . . [7.00.6000.16915] . . c:\windows\ie8\iexplore.exe

[7] 2009-08-27 . 332EC7562F3AA7364F2D4231C56DA986 . 634648 . . [7.00.6000.21115] . . c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\iexplore.exe

[7] 2009-06-29 . 3CFC56F73D494FC1AA2B6E981DF15ACD . 634632 . . [7.00.6000.16876] . . c:\windows\ie7updates\KB974455-IE7\iexplore.exe

[7] 2009-06-29 . 02E2754D3E566C11A4934825920C47DD . 634632 . . [7.00.6000.21073] . . c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\iexplore.exe

[7] 2009-03-08 . B60DDDD2D63CE41CB8C487FCFBB6419E . 638816 . . [8.00.6001.18702] . . c:\windows\system32\dllcache\iexplore.exe

[7] 2009-02-28 . BCD8E48709BE4A79606F0B6E8E9A6162 . 636088 . . [7.00.6000.21020] . . c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\iexplore.exe

[7] 2009-02-28 . A251068640DDB69FD7805B57D89D7FF7 . 636072 . . [7.00.6000.16827] . . c:\windows\ie7updates\KB972260-IE7\iexplore.exe

[7] 2008-12-19 . 15E8A89499741D5CF59A9CF6463A4339 . 634024 . . [7.00.6000.20978] . . c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\iexplore.exe

[7] 2008-12-19 . 030D78FE84A086ED376EFCBD2D72C522 . 634024 . . [7.00.6000.16791] . . c:\windows\ie7updates\KB963027-IE7\iexplore.exe

[7] 2008-10-15 . 9D3DB9ADFABD2F0BC778EC03250A3ABB . 633632 . . [7.00.6000.16762] . . c:\windows\ie7updates\KB961260-IE7\iexplore.exe

[7] 2008-10-15 . 056C927CF7207857E8B34F7A8FFD9B9E . 633632 . . [7.00.6000.20935] . . c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\iexplore.exe

[7] 2008-08-23 . E8305C30D35E85D6657ED3E9934CB302 . 635848 . . [7.00.6000.20900] . . c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\iexplore.exe

[7] 2008-08-23 . 1F03216084447F990AE797317D0A6E70 . 635848 . . [7.00.6000.16735] . . c:\windows\ie7updates\KB958215-IE7\iexplore.exe

[7] 2008-06-23 . 64E376A47763DAEABCDA14BD5B6EA286 . 625664 . . [7.00.6000.16705] . . c:\windows\ie7updates\KB956390-IE7\iexplore.exe

[7] 2008-06-23 . C52A9EF571E91535EB78DB4B8B95EA07 . 625664 . . [7.00.6000.20861] . . c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\iexplore.exe

[7] 2008-04-22 . 197B7E4030CFBD8D2979D375E1787AA2 . 625664 . . [7.00.6000.20815] . . c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\iexplore.exe

[7] 2008-04-22 . 232B22817B90AE0AFF2D189E3E3735AC . 625664 . . [7.00.6000.16674] . . c:\windows\ie7updates\KB953838-IE7\iexplore.exe

[7] 2008-04-14 . 55794B97A7FAABD2910873C85274F409 . 93184 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\iexplore.exe

[7] 2008-02-29 . 2D0E5592AB5A46C27DAF7CCAFF4F5B59 . 625664 . . [7.00.6000.16640] . . c:\windows\ie7updates\KB950759-IE7\iexplore.exe

[7] 2008-02-22 . 6E0888626E0CAC79F57149814E22DB4D . 625664 . . [7.00.6000.20772] . . c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\iexplore.exe

[7] 2007-12-06 . 2703D940A62B731AA220529DD7331A78 . 625664 . . [7.00.6000.16608] . . c:\windows\ie7updates\KB947864-IE7\iexplore.exe

[7] 2007-12-06 . 809D17D8FA0FDAEE07778CD821CAFFDE . 625664 . . [7.00.6000.20733] . . c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\iexplore.exe

[7] 2007-10-10 . E854D02E4231F704D9BE782A424E6D8B . 625152 . . [7.00.6000.16574] . . c:\windows\ie7updates\KB944533-IE7\iexplore.exe

[7] 2007-10-10 . 632BDE0179847234433CA50945442ACB . 625664 . . [7.00.6000.20696] . . c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\iexplore.exe

[7] 2007-08-17 . 3AC2BC667DA0AF2C968E96E1630F5AB5 . 625152 . . [7.00.6000.16544] . . c:\windows\ie7updates\KB942615-IE7\iexplore.exe

[7] 2007-08-17 . 5577D0E3AC2F9F035ACD81B44AF5F511 . 625152 . . [7.00.6000.20661] . . c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\iexplore.exe

[7] 2007-06-27 . BD8502DFD53FC24FB8D6929DC46B8C2C . 625152 . . [7.00.6000.20627] . . c:\windows\$hf_mig$\KB937143-IE7\SP2QFE\iexplore.exe

[7] 2007-06-27 . 275CEE268B9E5D82474C43D5D249D111 . 625152 . . [7.00.6000.16512] . . c:\windows\ie7updates\KB939653-IE7\iexplore.exe

[7] 2007-04-24 . 10BDB55982586A432A3951EB19A26009 . 625152 . . [7.00.6000.16473] . . c:\windows\ie7updates\KB937143-IE7\iexplore.exe

[7] 2007-04-24 . 9B3516C1F30DA17ADD3818573047D63C . 625152 . . [7.00.6000.20583] . . c:\windows\$hf_mig$\KB933566-IE7\SP2QFE\iexplore.exe

[7] 2007-02-28 . D321092F8529CDAE843D6E24E3CAC6CB . 625152 . . [7.00.6000.20544] . . c:\windows\$hf_mig$\KB931768-IE7\SP2QFE\iexplore.exe

[7] 2007-02-21 . 683DDE71BCF03B501B912D20CB93B549 . 623616 . . [7.00.6000.16441] . . c:\windows\ie7updates\KB933566-IE7\iexplore.exe

[7] 2007-01-08 . 93A6A4F5293AE19E3B37021AABCF0902 . 623616 . . [7.00.6000.16414] . . c:\windows\ie7updates\KB931768-IE7\iexplore.exe

[-] 2006-10-17 . 5334D4461AA92A7B008755FE6D13C5F2 . 622080 . . [7.00.5730.11] . . c:\windows\ie7updates\KB928090-IE7\iexplore.exe

[-] 2004-08-10 . E7484514C0464642BE7B4DC2689354C8 . 93184 . . [6.00.2900.2180] . . c:\windows\ie7\iexplore.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{132A3557-F4F3-4BCC-9648-8346A82E74Cf}]

2011-09-04 20:09 239104 ----a-w- c:\windows\system32\wscui32.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AdobeUMUpdate"="c:\documents and settings\Owner\Application Data\AdobeUM\AdobeUMUpdate\AdobeUMupdt32.exe" [2011-09-04 56832]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-08-12 4603264]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-03-12 483422]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"vptray"="c:\progra~1\SYMANT~1\SYMANT~1\vptray.exe" [2003-04-26 90112]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

"AdobeUMUpdate"="c:\documents and settings\Owner\Application Data\AdobeUM\AdobeUMUpdate\AdobeUMupdt32.exe" [2011-09-04 56832]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BigFix.lnk

backup=c:\windows\pss\BigFix.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Install Pending Files.LNK]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Install Pending Files.LNK

backup=c:\windows\pss\Install Pending Files.LNKCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Run Google Web Accelerator.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Run Google Web Accelerator.lnk

backup=c:\windows\pss\Run Google Web Accelerator.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk

backup=c:\windows\pss\Windows Search.lnkCommon Startup

backupExtension=Common Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

c:\windows\system32\dumprep 0 -k [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]

2005-05-03 21:02 543232 -c--a-w- c:\windows\zHotkey.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]

2005-08-05 17:56 64512 ----a-w- c:\windows\ehome\ehtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

2005-04-25 17:29 77824 -c--a-w- c:\windows\system32\hkcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

2005-04-25 17:32 94208 -c--a-w- c:\windows\system32\igfxtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstallIQUpdater]

2011-08-09 21:02 1176064 ----a-w- c:\program files\W3i\InstallIQUpdater\InstallIQUpdater.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 00:12 1695232 --sh--w- c:\program files\Messenger\msmsgs.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]

2005-06-02 23:03 1957888 -c----w- c:\program files\Ahead\Nero BackItUp\NBJ.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2001-07-09 18:50 155648 -c--a-w- c:\windows\system32\NeroCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]

2005-04-25 17:32 114688 -c--a-w- c:\windows\system32\igfxpers.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]

2002-09-14 06:42 212992 -c--a-w- c:\windows\SMINST\Recguard.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]

2005-03-09 15:49 966656 -c--a-w- c:\windows\creator\remind_xp.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]

2009-03-12 17:53 483422 ----a-w- c:\windows\sttray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunKistEM]

2004-11-15 22:04 135168 -c--a-w- c:\program files\Digital Media Reader\shwiconEM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"PrismXL"=2 (0x2)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Program Files\\Common Files\\AOL\\1144556525\\ee\\aim6.exe"=

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\BitComet\\BitComet.exe"=

"c:\\WINDOWS\\system32\\mmc.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\Common Files\\AOL\\1144556525\\ee\\aolsoftware.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\W3i\\InstallIQUpdater\\InstallIQUpdater.exe"=

"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

"c:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"=

"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=

"c:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DW20.EXE"=

"c:\\WINDOWS\\system32\\mshta.exe"=

"c:\\Program Files\\Google\\Update\\GoogleUpdate.exe"=

"c:\\Program Files\\EA GAMES\\MOHAA\\MOHAA.exe"=

"c:\\Documents and Settings\\Owner\\Application Data\\AdobeUM\\AdobeUMUpdate\\AdobeUMupdt32.exe"=

"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=

"c:\\Documents and Settings\\Owner\\Desktop\\Bleeping computer downloads\\SUPERAntiSpyware.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"81:TCP"= 81:TCP:*:Disabled:www.fileporn.org

"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

"15072:TCP"= 15072:TCP:*:Disabled:BitComet 15072 TCP

"15072:UDP"= 15072:UDP:*:Disabled:BitComet 15072 UDP

"27097:TCP"= 27097:TCP:*:Disabled:BitComet 27097 TCP

"27097:UDP"= 27097:UDP:*:Disabled:BitComet 27097 UDP

"49154:TCP"= 49154:TCP:*:Disabled:BitComet 49154 TCP

"49154:UDP"= 49154:UDP:*:Disabled:BitComet 49154 UDP

"53580:TCP"= 53580:TCP:*:Disabled:BitComet 53580 TCP

"53580:UDP"= 53580:UDP:*:Disabled:BitComet 53580 UDP

"6839:TCP"= 6839:TCP:*:Disabled:BitComet 6839 TCP

"6839:UDP"= 6839:UDP:*:Disabled:BitComet 6839 UDP

"52890:TCP"= 52890:TCP:*:Disabled:BitComet 52890 TCP

"52890:UDP"= 52890:UDP:*:Disabled:BitComet 52890 UDP

"62890:TCP"= 62890:TCP:*:Disabled:BitComet 62890 TCP

"62890:UDP"= 62890:UDP:*:Disabled:BitComet 62890 UDP

"38839:TCP"= 38839:TCP:*:Disabled:BitCometBeta 38839 TCP

"38839:UDP"= 38839:UDP:*:Disabled:BitCometBeta 38839 UDP

"9383:TCP"= 9383:TCP:*:Disabled:BitComet 9383 TCP

"9383:UDP"= 9383:UDP:*:Disabled:BitComet 9383 UDP

"9879:TCP"= 9879:TCP:*:Disabled:BitComet 9879 TCP

"9879:UDP"= 9879:UDP:*:Disabled:BitComet 9879 UDP

"6346:TCP"= 6346:TCP:BitComet 6346 TCP

"6346:UDP"= 6346:UDP:BitComet 6346 UDP

"43823:TCP"= 43823:TCP:BitComet 43823 TCP

"43823:UDP"= 43823:UDP:BitComet 43823 UDP

"31853:TCP"= 31853:TCP:BitComet 31853 TCP

"31853:UDP"= 31853:UDP:BitComet 31853 UDP

"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015

"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016

"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

"23301:TCP"= 23301:TCP:BitComet 23301 TCP

"23301:UDP"= 23301:UDP:BitComet 23301 UDP

.

R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [9/12/2011 5:33 PM 116608]

R3 Linksys_adapter_H;Linksys Adapter Network Driver;c:\windows\system32\drivers\AE2500xp.sys [8/13/2011 9:42 PM 1034240]

S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [7/10/2006 10:36 PM 691696]

S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]

S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]

S1 cqknmdjg;cqknmdjg; [x]

S1 MpKsl1b68c793;MpKsl1b68c793; [x]

S1 MpKsl3c4a2abb;MpKsl3c4a2abb; [x]

S1 MpKsld7d2ad1c;MpKsld7d2ad1c; [x]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 12:27 PM 12880]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 5:55 PM 67664]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/20/2010 9:39 PM 135664]

S2 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/20/2010 9:39 PM 135664]

S2 RPCQT;Remote Procedure Call (CQTPM);c:\windows\System32\svchost.exe -k netsvcs [4/13/2005 12:56 PM 14336]

S3 ATMFBUS;A600 USB Composite Device Driver;c:\windows\system32\DRIVERS\ATMFBUS.sys --> c:\windows\system32\DRIVERS\ATMFBUS.sys [?]

S3 ATMFCVsp;A600 Cricket CM Port;c:\windows\system32\DRIVERS\ATMFCVsp.sys --> c:\windows\system32\DRIVERS\ATMFCVsp.sys [?]

S3 ATMFFLT;A600 USB Modem Installation CD;c:\windows\system32\DRIVERS\ATMFFLT.sys --> c:\windows\system32\DRIVERS\ATMFFLT.sys [?]

S3 ATMFMdm;A600 Cricket EVDO Modem;c:\windows\system32\DRIVERS\ATMFMdm.sys --> c:\windows\system32\DRIVERS\ATMFMdm.sys [?]

S3 ATMFNET;A600 Cricket EVDO Network Adapter;c:\windows\system32\DRIVERS\ATMFNET.sys --> c:\windows\system32\DRIVERS\ATMFNET.sys [?]

S3 ATMFNVsp;A600 Cricket NMEA Port Serial Port;c:\windows\system32\DRIVERS\ATMFNVsp.sys --> c:\windows\system32\DRIVERS\ATMFNVsp.sys [?]

S3 ATMFVsp;A600 Cricket Diagnostics Port;c:\windows\system32\DRIVERS\ATMFVsp.sys --> c:\windows\system32\DRIVERS\ATMFVsp.sys [?]

S3 DPCNET5U;Satellite USB Driver;c:\windows\system32\DRIVERS\dpcnet5u.sys --> c:\windows\system32\DRIVERS\dpcnet5u.sys [?]

S3 gAGP440p;gAGP440p; [x]

S3 TfNetMon;TfNetMon; [x]

S4 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [1/23/2010 3:58 PM 136360]

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

RPCQT

.

Contents of the 'Scheduled Tasks' folder

.

2011-09-09 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]

.

2007-10-30 c:\windows\Tasks\BitComet.job

- c:\progra~1\BitComet\BitComet.exe [2009-07-31 09:05]

.

2011-09-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-21 01:38]

.

2011-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-21 01:38]

.

2011-09-12 c:\windows\Tasks\User_Feed_Synchronization-{7B8B7F67-DA93-447D-83C7-A6BD434B3F4A}.job

- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://google.com/

uInternet Settings,ProxyOverride = <local>

IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm

IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm

IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm

TCP: DhcpNameServer = 192.168.1.1

.

- - - - ORPHANS REMOVED - - - -

.

HKCU-Run-DisplayVerifierOnline - c:\documents and settings\All Users\Application Data\DisplayVerifierOnline.dll

HKCU-Run-Wbapuvaca - c:\windows\ptl6ndic.dll

SafeBoot-53117751.sys

MSConfigStartUp-DAEMON Tools - c:\program files\DAEMON Tools\daemon.exe

MSConfigStartUp-DW6 - c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe

MSConfigStartUp-IntelAudioStudio - c:\program files\Intel Audio Studio\IntelAudioStudio.exe

MSConfigStartUp-kakiziguv - c:\windows\system32\polekove.dll

MSConfigStartUp-RemoteControl - c:\program files\CyberLink\PowerDVD\PDVDServ.exe

MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe

MSConfigStartUp-webHancer Agent - c:\program files\webHancer\Programs\whagent.exe

MSConfigStartUp-{382AC062-0AEF-1033-0802-050718200001} - c:\program files\Common Files\{382AC062-0AEF-1033-0802-050718200001}\Update.exe

MSConfigStartUp-{382AC062-0AF0-1033-0802-050718200001} - c:\program files\Common Files\{382AC062-0AF0-1033-0802-050718200001}\Update.exe

MSConfigStartUp-{382AC062-0AFF-1033-0802-050718200001} - c:\program files\Common Files\{382AC062-0AFF-1033-0802-050718200001}\Update.exe

MSConfigStartUp-{382AC062-0B0D-1033-0802-050718200001} - c:\program files\Common Files\{382AC062-0B0D-1033-0802-050718200001}\Update.exe

AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\documents and settings\All Users\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}\standard_1.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-09-12 17:41

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet009\Services\.cdrom]

"ImagePath"="\*"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-3411350672-2408072866-3857614147-1006\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•A~*]

"AB141C35E9F4BF344B9FC010BB17F68A"=""

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(588)

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

c:\windows\system32\WININET.dll

.

- - - - - - - > 'explorer.exe'(1980)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\program files\Common Files\Ahead\Lib\NeroDigitalExt.dll

c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll

.

Completion time: 2011-09-12 17:50:11 - machine was rebooted

ComboFix-quarantined-files.txt 2011-09-12 21:50

.

Pre-Run: 59,100,139,520 bytes free

Post-Run: 59,777,572,864 bytes free

.

Current=9 Default=9 Failed=8 LastKnownGood=10 Sets=1,2,3,4,5,6,7,8,9,10

- - End Of File - - B598FAAE80A5124EF1A79A68AFB54F73

i rebooted and ran another combofix....

ComboFix 11-09-12.03 - Owner 09/12/2011 18:42:16.2.2 - x86 NETWORK

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.819 [GMT -4:00]

Running from: c:\documents and settings\Owner\Desktop\Bleeping computer downloads\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Outdated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

.

.

((((((((((((((((((((((((( Files Created from 2011-08-12 to 2011-09-12 )))))))))))))))))))))))))))))))

.

.

2011-09-12 18:16 . 2011-09-12 18:18 48016 --sha-w- c:\windows\system32\c_56610.nl_

2011-09-12 03:52 . 2011-09-12 03:56 -------- dc----w- C:\MGtools

2011-09-12 03:49 . 2011-07-06 23:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-09-12 03:48 . 2011-07-06 23:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-09-12 03:22 . 2011-09-12 03:22 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2011-09-12 00:57 . 2011-09-12 00:57 -------- d-----w- c:\documents and settings\All Users\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}

2011-09-12 00:32 . 2011-09-12 03:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-09-11 22:41 . 2011-09-11 22:41 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Symantec

2011-09-11 22:41 . 2011-09-11 22:40 83208 ----a-w- c:\windows\system32\S32EVNT1.DLL

2011-09-11 22:41 . 2011-09-11 22:40 73624 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2011-09-11 22:41 . 2011-09-11 22:40 124167 ----a-w- c:\windows\system32\SYMEVNT.386

2011-09-11 22:41 . 2011-09-11 22:41 -------- d-----w- c:\program files\Symantec

2011-09-11 22:41 . 2011-09-11 22:41 -------- d-----w- c:\program files\Common Files\Symantec Shared

2011-09-11 18:50 . 2011-09-11 18:50 -------- d-----w- c:\program files\Trend Micro

2011-09-05 21:46 . 2011-09-05 21:46 -------- d-----w- c:\documents and settings\Owner\Application Data\RegGenie

2011-09-05 18:41 . 2011-09-12 00:57 -------- d-----w- c:\documents and settings\Owner\Application Data\Uniblue

2011-09-05 11:34 . 2011-09-05 11:34 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Threat Expert

2011-09-05 02:03 . 2011-09-05 02:08 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools

2011-09-05 02:03 . 2011-09-05 02:03 -------- d-----w- c:\documents and settings\Owner\Application Data\PC Tools

2011-09-04 20:09 . 2011-09-04 20:09 239104 ----a-w- c:\windows\system32\wscui32.dll

2011-09-03 10:17 . 2011-09-03 10:17 599040 -c----w- c:\windows\system32\dllcache\crypt32.dll

2011-09-03 02:20 . 2011-09-03 02:20 -------- d--h--w- c:\windows\msdownld.tmp

2011-09-02 20:44 . 2011-09-02 20:44 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit

2011-09-02 20:42 . 2011-09-02 21:27 -------- d-----w- c:\documents and settings\Owner\Application Data\IObit

2011-09-02 20:16 . 2011-09-02 20:35 -------- d-----w- c:\documents and settings\Owner\Application Data\Registry Cleaner

2011-09-02 19:54 . 2011-09-02 19:54 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\AMUST

2011-09-02 19:48 . 2011-09-02 19:48 -------- d-----w- c:\documents and settings\All Users\Application Data\!SASCORE

2011-09-02 19:48 . 2011-09-12 21:33 -------- d-----w- c:\program files\SUPERAntiSpyware

2011-09-02 17:18 . 2011-09-02 17:18 4194304 ----a-w- c:\windows\system32\maaamtym.dll

2011-09-02 17:17 . 2011-09-02 17:18 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

2011-09-02 15:30 . 2011-09-02 15:30 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\PackageAware

2011-09-02 05:40 . 2011-09-02 05:40 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\2K Games

2011-08-31 22:04 . 2011-08-31 22:04 -------- d-----w- c:\program files\Common Files\Steam

2011-08-31 20:43 . 2011-08-31 20:43 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Activision

2011-08-31 20:41 . 2010-06-02 08:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll

2011-08-31 20:41 . 2010-06-02 08:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll

2011-08-31 20:41 . 2010-06-02 08:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll

2011-08-31 20:41 . 2010-05-26 15:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll

2011-08-31 20:41 . 2010-05-26 15:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll

2011-08-31 20:41 . 2010-05-26 15:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll

2011-08-31 20:41 . 2010-05-26 15:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll

2011-08-31 20:41 . 2010-05-26 15:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll

2011-08-31 20:41 . 2010-02-04 14:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll

2011-08-31 20:41 . 2010-02-04 14:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll

2011-08-31 20:41 . 2010-02-04 14:01 238936 ----a-w- c:\windows\system32\xactengine3_6.dll

2011-08-31 20:41 . 2010-02-04 14:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll

2011-08-31 20:29 . 2011-08-31 20:29 -------- d-----w- c:\program files\Activision

2011-08-27 01:06 . 2011-08-27 01:06 -------- d-----w- c:\program files\Apple Software Update

2011-08-25 21:10 . 2011-08-25 21:10 -------- d-----w- c:\program files\EA GAMES

2011-08-25 21:04 . 2011-08-25 21:04 -------- d-sh--w- c:\windows\system32\AI_RecycleBin

2011-08-25 21:04 . 2011-08-25 21:04 -------- d-----w- c:\program files\W3i

2011-08-25 21:04 . 2011-08-25 21:04 -------- d-----w- c:\documents and settings\All Users\Application Data\W3i

2011-08-25 21:04 . 2011-08-25 21:04 -------- d-----w- c:\documents and settings\Owner\Application Data\NetAssistant

2011-08-19 01:23 . 2011-08-19 01:23 -------- d-----w- c:\documents and settings\Owner\Application Data\vlc

2011-08-19 01:15 . 2011-08-19 01:23 -------- d-----w- c:\documents and settings\Owner\Application Data\uPlayer

2011-08-19 01:15 . 2011-08-19 01:15 -------- d-----w- c:\program files\uPlayer

2011-08-19 01:14 . 2011-08-19 01:35 -------- d-----w- c:\program files\Common Files\FreeCause

2011-08-15 18:11 . 2011-08-15 18:11 -------- d-----w- c:\program files\Common Files\Adobe

2011-08-14 17:47 . 2011-08-14 17:47 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-08-14 02:12 . 2011-08-14 02:12 -------- d-----w- c:\windows\Temp301C9D70-ACA1-50E5-859B-41624187A40B-Signatures

2011-08-14 01:48 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys

2011-08-14 01:45 . 2011-08-14 01:45 0 ----a-w- c:\windows\system32\ConduitEngine.tmp

2011-08-14 01:45 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys

2011-08-14 01:42 . 2011-03-29 15:22 1034240 ----a-r- c:\windows\system32\drivers\AE2500xp.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-09-12 18:15 . 2005-04-13 16:55 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys

2011-09-12 03:56 . 2011-09-12 03:52 146025 -c--a-w- C:\MGlogs.zip

2011-09-03 10:17 . 2005-04-13 16:55 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-07-15 13:29 . 2005-04-13 16:55 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-07-08 14:02 . 2005-04-13 16:55 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys

2011-06-24 14:10 . 2005-04-13 17:12 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2011-06-23 18:36 . 2005-04-13 16:56 916480 ----a-w- c:\windows\system32\wininet.dll

2011-06-23 18:36 . 2005-04-13 16:55 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-06-23 18:36 . 2005-04-13 16:55 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-06-23 12:05 . 2005-04-13 16:55 385024 ----a-w- c:\windows\system32\html.iec

2011-06-20 17:44 . 2005-04-13 16:56 293376 ----a-w- c:\windows\system32\winsrv.dll

2001-09-28 22:00 . 2006-12-29 21:52 164864 -c--a-w- c:\program files\UNWISE.EXE

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[7] 2009-08-27 . F232BA9F39BC0F722672C7E79E68EBEA . 634648 . . [7.00.6000.16915] . . c:\windows\ie8\iexplore.exe

[7] 2009-08-27 . 332EC7562F3AA7364F2D4231C56DA986 . 634648 . . [7.00.6000.21115] . . c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\iexplore.exe

[7] 2009-06-29 . 3CFC56F73D494FC1AA2B6E981DF15ACD . 634632 . . [7.00.6000.16876] . . c:\windows\ie7updates\KB974455-IE7\iexplore.exe

[7] 2009-06-29 . 02E2754D3E566C11A4934825920C47DD . 634632 . . [7.00.6000.21073] . . c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\iexplore.exe

[7] 2009-03-08 . B60DDDD2D63CE41CB8C487FCFBB6419E . 638816 . . [8.00.6001.18702] . . c:\windows\system32\dllcache\iexplore.exe

[7] 2009-02-28 . BCD8E48709BE4A79606F0B6E8E9A6162 . 636088 . . [7.00.6000.21020] . . c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\iexplore.exe

[7] 2009-02-28 . A251068640DDB69FD7805B57D89D7FF7 . 636072 . . [7.00.6000.16827] . . c:\windows\ie7updates\KB972260-IE7\iexplore.exe

[7] 2008-12-19 . 15E8A89499741D5CF59A9CF6463A4339 . 634024 . . [7.00.6000.20978] . . c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\iexplore.exe

[7] 2008-12-19 . 030D78FE84A086ED376EFCBD2D72C522 . 634024 . . [7.00.6000.16791] . . c:\windows\ie7updates\KB963027-IE7\iexplore.exe

[7] 2008-10-15 . 9D3DB9ADFABD2F0BC778EC03250A3ABB . 633632 . . [7.00.6000.16762] . . c:\windows\ie7updates\KB961260-IE7\iexplore.exe

[7] 2008-10-15 . 056C927CF7207857E8B34F7A8FFD9B9E . 633632 . . [7.00.6000.20935] . . c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\iexplore.exe

[7] 2008-08-23 . E8305C30D35E85D6657ED3E9934CB302 . 635848 . . [7.00.6000.20900] . . c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\iexplore.exe

[7] 2008-08-23 . 1F03216084447F990AE797317D0A6E70 . 635848 . . [7.00.6000.16735] . . c:\windows\ie7updates\KB958215-IE7\iexplore.exe

[7] 2008-06-23 . 64E376A47763DAEABCDA14BD5B6EA286 . 625664 . . [7.00.6000.16705] . . c:\windows\ie7updates\KB956390-IE7\iexplore.exe

[7] 2008-06-23 . C52A9EF571E91535EB78DB4B8B95EA07 . 625664 . . [7.00.6000.20861] . . c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\iexplore.exe

[7] 2008-04-22 . 197B7E4030CFBD8D2979D375E1787AA2 . 625664 . . [7.00.6000.20815] . . c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\iexplore.exe

[7] 2008-04-22 . 232B22817B90AE0AFF2D189E3E3735AC . 625664 . . [7.00.6000.16674] . . c:\windows\ie7updates\KB953838-IE7\iexplore.exe

[7] 2008-04-14 . 55794B97A7FAABD2910873C85274F409 . 93184 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\iexplore.exe

[7] 2008-02-29 . 2D0E5592AB5A46C27DAF7CCAFF4F5B59 . 625664 . . [7.00.6000.16640] . . c:\windows\ie7updates\KB950759-IE7\iexplore.exe

[7] 2008-02-22 . 6E0888626E0CAC79F57149814E22DB4D . 625664 . . [7.00.6000.20772] . . c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\iexplore.exe

[7] 2007-12-06 . 2703D940A62B731AA220529DD7331A78 . 625664 . . [7.00.6000.16608] . . c:\windows\ie7updates\KB947864-IE7\iexplore.exe

[7] 2007-12-06 . 809D17D8FA0FDAEE07778CD821CAFFDE . 625664 . . [7.00.6000.20733] . . c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\iexplore.exe

[7] 2007-10-10 . E854D02E4231F704D9BE782A424E6D8B . 625152 . . [7.00.6000.16574] . . c:\windows\ie7updates\KB944533-IE7\iexplore.exe

[7] 2007-10-10 . 632BDE0179847234433CA50945442ACB . 625664 . . [7.00.6000.20696] . . c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\iexplore.exe

[7] 2007-08-17 . 3AC2BC667DA0AF2C968E96E1630F5AB5 . 625152 . . [7.00.6000.16544] . . c:\windows\ie7updates\KB942615-IE7\iexplore.exe

[7] 2007-08-17 . 5577D0E3AC2F9F035ACD81B44AF5F511 . 625152 . . [7.00.6000.20661] . . c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\iexplore.exe

[7] 2007-06-27 . BD8502DFD53FC24FB8D6929DC46B8C2C . 625152 . . [7.00.6000.20627] . . c:\windows\$hf_mig$\KB937143-IE7\SP2QFE\iexplore.exe

[7] 2007-06-27 . 275CEE268B9E5D82474C43D5D249D111 . 625152 . . [7.00.6000.16512] . . c:\windows\ie7updates\KB939653-IE7\iexplore.exe

[7] 2007-04-24 . 10BDB55982586A432A3951EB19A26009 . 625152 . . [7.00.6000.16473] . . c:\windows\ie7updates\KB937143-IE7\iexplore.exe

[7] 2007-04-24 . 9B3516C1F30DA17ADD3818573047D63C . 625152 . . [7.00.6000.20583] . . c:\windows\$hf_mig$\KB933566-IE7\SP2QFE\iexplore.exe

[7] 2007-02-28 . D321092F8529CDAE843D6E24E3CAC6CB . 625152 . . [7.00.6000.20544] . . c:\windows\$hf_mig$\KB931768-IE7\SP2QFE\iexplore.exe

[7] 2007-02-21 . 683DDE71BCF03B501B912D20CB93B549 . 623616 . . [7.00.6000.16441] . . c:\windows\ie7updates\KB933566-IE7\iexplore.exe

[7] 2007-01-08 . 93A6A4F5293AE19E3B37021AABCF0902 . 623616 . . [7.00.6000.16414] . . c:\windows\ie7updates\KB931768-IE7\iexplore.exe

[-] 2006-10-17 . 5334D4461AA92A7B008755FE6D13C5F2 . 622080 . . [7.00.5730.11] . . c:\windows\ie7updates\KB928090-IE7\iexplore.exe

[-] 2004-08-10 . E7484514C0464642BE7B4DC2689354C8 . 93184 . . [6.00.2900.2180] . . c:\windows\ie7\iexplore.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{132A3557-F4F3-4BCC-9648-8346A82E74Cf}]

2011-09-04 20:09 239104 ----a-w- c:\windows\system32\wscui32.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AdobeUMUpdate"="c:\documents and settings\Owner\Application Data\AdobeUM\AdobeUMUpdate\AdobeUMupdt32.exe" [2011-09-04 56832]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-08-12 4603264]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-03-12 483422]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"vptray"="c:\progra~1\SYMANT~1\SYMANT~1\vptray.exe" [2003-04-26 90112]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

"AdobeUMUpdate"="c:\documents and settings\Owner\Application Data\AdobeUM\AdobeUMUpdate\AdobeUMupdt32.exe" [2011-09-04 56832]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BigFix.lnk

backup=c:\windows\pss\BigFix.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Install Pending Files.LNK]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Install Pending Files.LNK

backup=c:\windows\pss\Install Pending Files.LNKCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Run Google Web Accelerator.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Run Google Web Accelerator.lnk

backup=c:\windows\pss\Run Google Web Accelerator.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk

backup=c:\windows\pss\Windows Search.lnkCommon Startup

backupExtension=Common Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

c:\windows\system32\dumprep 0 -k [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]

2005-05-03 21:02 543232 -c--a-w- c:\windows\zHotkey.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]

2005-08-05 17:56 64512 ----a-w- c:\windows\ehome\ehtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

2005-04-25 17:29 77824 -c--a-w- c:\windows\system32\hkcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

2005-04-25 17:32 94208 -c--a-w- c:\windows\system32\igfxtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstallIQUpdater]

2011-08-09 21:02 1176064 ----a-w- c:\program files\W3i\InstallIQUpdater\InstallIQUpdater.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 00:12 1695232 --sh--w- c:\program files\Messenger\msmsgs.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]

2005-06-02 23:03 1957888 -c----w- c:\program files\Ahead\Nero BackItUp\NBJ.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2001-07-09 18:50 155648 -c--a-w- c:\windows\system32\NeroCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]

2005-04-25 17:32 114688 -c--a-w- c:\windows\system32\igfxpers.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]

2002-09-14 06:42 212992 -c--a-w- c:\windows\SMINST\Recguard.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]

2005-03-09 15:49 966656 -c--a-w- c:\windows\creator\remind_xp.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]

2009-03-12 17:53 483422 ----a-w- c:\windows\sttray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunKistEM]

2004-11-15 22:04 135168 -c--a-w- c:\program files\Digital Media Reader\shwiconEM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"PrismXL"=2 (0x2)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Program Files\\Common Files\\AOL\\1144556525\\ee\\aim6.exe"=

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\BitComet\\BitComet.exe"=

"c:\\WINDOWS\\system32\\mmc.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\Common Files\\AOL\\1144556525\\ee\\aolsoftware.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\W3i\\InstallIQUpdater\\InstallIQUpdater.exe"=

"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

"c:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"=

"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=

"c:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DW20.EXE"=

"c:\\WINDOWS\\system32\\mshta.exe"=

"c:\\Program Files\\Google\\Update\\GoogleUpdate.exe"=

"c:\\Program Files\\EA GAMES\\MOHAA\\MOHAA.exe"=

"c:\\Documents and Settings\\Owner\\Application Data\\AdobeUM\\AdobeUMUpdate\\AdobeUMupdt32.exe"=

"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=

"c:\\Documents and Settings\\Owner\\Desktop\\Bleeping computer downloads\\SUPERAntiSpyware.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"81:TCP"= 81:TCP:*:Disabled:www.fileporn.org

"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

"15072:TCP"= 15072:TCP:*:Disabled:BitComet 15072 TCP

"15072:UDP"= 15072:UDP:*:Disabled:BitComet 15072 UDP

"27097:TCP"= 27097:TCP:*:Disabled:BitComet 27097 TCP

"27097:UDP"= 27097:UDP:*:Disabled:BitComet 27097 UDP

"49154:TCP"= 49154:TCP:*:Disabled:BitComet 49154 TCP

"49154:UDP"= 49154:UDP:*:Disabled:BitComet 49154 UDP

"53580:TCP"= 53580:TCP:*:Disabled:BitComet 53580 TCP

"53580:UDP"= 53580:UDP:*:Disabled:BitComet 53580 UDP

"6839:TCP"= 6839:TCP:*:Disabled:BitComet 6839 TCP

"6839:UDP"= 6839:UDP:*:Disabled:BitComet 6839 UDP

"52890:TCP"= 52890:TCP:*:Disabled:BitComet 52890 TCP

"52890:UDP"= 52890:UDP:*:Disabled:BitComet 52890 UDP

"62890:TCP"= 62890:TCP:*:Disabled:BitComet 62890 TCP

"62890:UDP"= 62890:UDP:*:Disabled:BitComet 62890 UDP

"38839:TCP"= 38839:TCP:*:Disabled:BitCometBeta 38839 TCP

"38839:UDP"= 38839:UDP:*:Disabled:BitCometBeta 38839 UDP

"9383:TCP"= 9383:TCP:*:Disabled:BitComet 9383 TCP

"9383:UDP"= 9383:UDP:*:Disabled:BitComet 9383 UDP

"9879:TCP"= 9879:TCP:*:Disabled:BitComet 9879 TCP

"9879:UDP"= 9879:UDP:*:Disabled:BitComet 9879 UDP

"6346:TCP"= 6346:TCP:BitComet 6346 TCP

"6346:UDP"= 6346:UDP:BitComet 6346 UDP

"43823:TCP"= 43823:TCP:BitComet 43823 TCP

"43823:UDP"= 43823:UDP:BitComet 43823 UDP

"31853:TCP"= 31853:TCP:BitComet 31853 TCP

"31853:UDP"= 31853:UDP:BitComet 31853 UDP

"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015

"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016

"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

"23301:TCP"= 23301:TCP:BitComet 23301 TCP

"23301:UDP"= 23301:UDP:BitComet 23301 UDP

.

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [7/10/2006 10:36 PM 691696]

R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [9/12/2011 5:33 PM 116608]

R3 Linksys_adapter_H;Linksys Adapter Network Driver;c:\windows\system32\drivers\AE2500xp.sys [8/13/2011 9:42 PM 1034240]

S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]

S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]

S1 cqknmdjg;cqknmdjg; [x]

S1 MpKsl1b68c793;MpKsl1b68c793; [x]

S1 MpKsl3c4a2abb;MpKsl3c4a2abb; [x]

S1 MpKsld7d2ad1c;MpKsld7d2ad1c; [x]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 12:27 PM 12880]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 5:55 PM 67664]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/20/2010 9:39 PM 135664]

S2 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/20/2010 9:39 PM 135664]

S2 RPCQT;Remote Procedure Call (CQTPM);c:\windows\System32\svchost.exe -k netsvcs [4/13/2005 12:56 PM 14336]

S3 ATMFBUS;A600 USB Composite Device Driver;c:\windows\system32\DRIVERS\ATMFBUS.sys --> c:\windows\system32\DRIVERS\ATMFBUS.sys [?]

S3 ATMFCVsp;A600 Cricket CM Port;c:\windows\system32\DRIVERS\ATMFCVsp.sys --> c:\windows\system32\DRIVERS\ATMFCVsp.sys [?]

S3 ATMFFLT;A600 USB Modem Installation CD;c:\windows\system32\DRIVERS\ATMFFLT.sys --> c:\windows\system32\DRIVERS\ATMFFLT.sys [?]

S3 ATMFMdm;A600 Cricket EVDO Modem;c:\windows\system32\DRIVERS\ATMFMdm.sys --> c:\windows\system32\DRIVERS\ATMFMdm.sys [?]

S3 ATMFNET;A600 Cricket EVDO Network Adapter;c:\windows\system32\DRIVERS\ATMFNET.sys --> c:\windows\system32\DRIVERS\ATMFNET.sys [?]

S3 ATMFNVsp;A600 Cricket NMEA Port Serial Port;c:\windows\system32\DRIVERS\ATMFNVsp.sys --> c:\windows\system32\DRIVERS\ATMFNVsp.sys [?]

S3 ATMFVsp;A600 Cricket Diagnostics Port;c:\windows\system32\DRIVERS\ATMFVsp.sys --> c:\windows\system32\DRIVERS\ATMFVsp.sys [?]

S3 DPCNET5U;Satellite USB Driver;c:\windows\system32\DRIVERS\dpcnet5u.sys --> c:\windows\system32\DRIVERS\dpcnet5u.sys [?]

S3 gAGP440p;gAGP440p; [x]

S3 TfNetMon;TfNetMon; [x]

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

RPCQT

.

Contents of the 'Scheduled Tasks' folder

.

2011-09-09 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]

.

2007-10-30 c:\windows\Tasks\BitComet.job

- c:\progra~1\BitComet\BitComet.exe [2009-07-31 09:05]

.

2011-09-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-21 01:38]

.

2011-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-21 01:38]

.

2011-09-12 c:\windows\Tasks\User_Feed_Synchronization-{7B8B7F67-DA93-447D-83C7-A6BD434B3F4A}.job

- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://google.com/

uInternet Settings,ProxyOverride = <local>

IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm

IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm

IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm

TCP: DhcpNameServer = 192.168.1.1

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-09-12 18:51

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet009\Services\.cdrom]

"ImagePath"="\*"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-3411350672-2408072866-3857614147-1006\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•A~*]

"AB141C35E9F4BF344B9FC010BB17F68A"=""

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(600)

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

c:\windows\system32\WININET.dll

.

- - - - - - - > 'explorer.exe'(1608)

c:\windows\system32\WININET.dll

.

Completion time: 2011-09-12 18:54:55

ComboFix-quarantined-files.txt 2011-09-12 22:54

ComboFix2.txt 2011-09-12 21:50

.

Pre-Run: 59,844,632,576 bytes free

Post-Run: 59,857,158,144 bytes free

.

Current=9 Default=9 Failed=8 LastKnownGood=10 Sets=1,2,3,4,5,6,7,8,9,10

- - End Of File - - 028E4C22695B41F7E8C5F0B6A421A978

[B-boy/StyLe/]

Hello lilgeezy24 ! Welcome to Malwarebytes Forums!

My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:

• I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  
• The logs can take some time to research, so please be patient with me.
  
• Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  
• Instructions that I give are for your system only!
  
• Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  
• Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  
• Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

IMPORTANT NOTE: One or more of the identified infections is related to the rootkit ZeroAccess. Rootkits, backdoor Trojans, Botnets, and IRCBots are very dangerous because they compromise system integrity by making changes that allow it to be used be the attacker for malicious purposes. Rootkits are used be Trojans to conceal its presence (hide from view) in order to prevent detection of an attacker's software and make removal more difficult. Many rootkits can hook into the Windows 32-bit kernel, and patch several APIs to hide new registry keys and files they install. They can disable your anti-virus and security tools to prevent detection and removal. Remote attackers use backdoors as a means of accessing and taking control of a computer that bepasses security mechanisms. This type of exploit allows them to steal sensitive information like passwords, personal and financial data which is send back to the hacker. To learn more about these types of infections, you can refer to:

• What danger is presented be rootkits?
  
• Rootkits and how to combat them
  
• r00tkit Analysis: What Is A Rootkit
  

If your computer was used for online banking, has credit card information or other sensitive data on it, you should stay disconnected from the Internet until your system is fully cleaned. All passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums. You should consider them to be compromised and change each password using a clean computer, not the infected one. If not, an attacker may get the new passwords and transaction information. If using a router, you need to reset it with a strong logon/password so the malware cannot gain control before connect again. Banking and credit card institutions should be notified of the possible security breach. Because your computer was compromised please read:

• How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
  
• What Should I Do If I've Become A Victim Of Identity Theft?
  
• Identity Theft Victims Guide - What to do
  

Although the infection has been identified and may be removed, your PC has likely been compromised and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume the computer is secure even if the malware appears to have been removed. In some instances an infection may have caused so much damage to your system that it cannot be completely cleaned or repaired so you can never be sure that you have completely removed a rootkit. The malware may leave so many remnants behind that security tools cannot find them. Tools that claim to be able to remove rootkits cannot guarantee that all traces of it will be removed. Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Please read:

• When should I re-format? How should I reinstall?
  
• Help: I Got Hacked. Now What Do I Do?
  
• Where to draw the line? When to recommend a format and reinstall?

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. If you decide to continue please do this:

Some notes before we proceed:

You are are going down on the danger road by doing things on your own.

You've run powerful tools like Combofix without supervision. Doing so can severely cripple or render your computer.

Please refrain from doing so.Keep calm, removing malware isn't a quick process.

STEP 1

Delete your copy of Combofix and download a fresh one from here.

Save it your desktop but do not run it yet ! <--- important !!!

We need to execute a CFScript to clean some remnants.

Please do this:

1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

2. Open notepad => navigate to format and make sure that wordwrap is unchecked. <--- important !!!

3. Copy/paste the text in the codebox below into it:

KILLALL::
Driver::
cqknmdjg
.cdrom
FileLook::
c:\windows\system32\maaamtym.dll
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"81:TCP"=-

4. Save this as CFScript.txt, in the same location as ComboFix.exe

5. Close any open browsers.

6. Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

STEP 2

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Please click this link-->Virustotal

When the Virustotal page has finished loading, click the Browse button and navigate to the following file and click Submit.

c:\windows\system32\maaamtym.dll

note, if VT says these files have already been analysed, make sure you click re-analyse file now.

Please post back the results of the scan in your next post.

If Virustotal is busy, try the same at Virscan: http://virscan.org/

Repeat the steps for the following file:

c:\windows\system32\c_56610.nl_

STEP 3

We need to scan the system with this special tool.

• Please download Junction.zip and save it.
  
• Unzip it and put junction.exe in the Windows directory (C:\Windows).
  
• Go to Start => Run... => Copy and paste the following command in the run box and click OK:
  
  cmd /c junction -s c:\ >log.txt&log.txt& del log.txt

  A command window opens starting to scan the system. Wait until a log file opens. Copy and paste or attach the content of it.

Regards,

Georgi

[lilgeezy24]

The Only Thing I was able to do was the 2 virustotal scans.

my comp wont let me delete the old combofix "Cannot delete combofix: Access denied make sure disk is not full or write protected and that the file is not currently in use".

And the command prompt says " 'Junction' is not recognized as an internal or external command, operable program or batch file." it just says this and a blank notepad log pops up.

File name: maaamtym.dll

Submission date: 2011-09-13 17:08:33 (UTC)

Current status: queued (#7) queued (#7) analysing finished

Result: 0/ 44 (0.0%)

AhnLab-V3 2011.09.12.01 2011.09.13 -

AntiVir 7.11.14.189 2011.09.13 -

Antiy-AVL 2.0.3.7 2011.09.13 -

Avast 4.8.1351.0 2011.09.13 -

Avast5 5.0.677.0 2011.09.13 -

AVG 10.0.0.1190 2011.09.13 -

BitDefender 7.2 2011.09.13 -

ByteHero 1.0.0.1 2011.09.13 -

CAT-QuickHeal 11.00 2011.09.13 -

ClamAV 0.97.0.0 2011.09.13 -

Commtouch 5.3.2.6 2011.09.13 -

Comodo 10098 2011.09.13 -

DrWeb 5.0.2.03300 2011.09.13 -

Emsisoft 5.1.0.11 2011.09.13 -

eSafe 7.0.17.0 2011.09.13 -

eTrust-Vet 36.1.8556 2011.09.13 -

F-Prot 4.6.2.117 2011.09.13 -

F-Secure 9.0.16440.0 2011.09.13 -

Fortinet 4.3.370.0 2011.09.11 -

GData 22 2011.09.13 -

Ikarus T3.1.1.107.0 2011.09.13 -

Jiangmin 13.0.900 2011.09.13 -

K7AntiVirus 9.112.5128 2011.09.13 -

Kaspersky 9.0.0.837 2011.09.13 -

McAfee 5.400.0.1158 2011.09.13 -

McAfee-GW-Edition 2010.1D 2011.09.12 -

Microsoft 1.7604 2011.09.13 -

NOD32 6460 2011.09.13 -

Norman 6.07.11 2011.09.13 -

nProtect 2011-09-13.01 2011.09.13 -

Panda 10.0.3.5 2011.09.13 -

PCTools 8.0.0.5 2011.09.13 -

Prevx 3.0 2011.09.13 -

Rising 23.74.03.03 2011.09.09 -

Sophos 4.69.0 2011.09.13 -

SUPERAntiSpyware 4.40.0.1006 2011.09.13 -

Symantec 20111.2.0.82 2011.09.13 -

TheHacker 6.7.0.1.293 2011.09.10 -

TrendMicro 9.500.0.1008 2011.09.13 -

TrendMicro-HouseCall 9.500.0.1008 2011.09.13 -

VBA32 None 2011.09.13 -

VIPRE 10464 2011.09.13 -

ViRobot 2011.9.10.4666 2011.09.13 -

VirusBuster 14.0.210.1 2011.09.13 -

Additional informationShow all

MD5 : ef553db7b2549cae949d3fc3238a68a2

SHA1 : 920bf1eba78e31adda739fe8001c81fbba53042e

SHA256: 45b3b041913c1df3f01d12d3a554a906e207975cd2e1cc2a37aa918b28b6365f

File name: c_56610.nl_

Submission date: 2011-09-13 17:12:42 (UTC)

Current status: queued queued analysing finished

Result: 18/ 44 (40.9%)

AhnLab-V3 2011.09.12.01 2011.09.13 Trojan/Win32.Patched

AntiVir 7.11.14.189 2011.09.13 TR/ATRAPS.Gen2

Antiy-AVL 2.0.3.7 2011.09.13 -

Avast 4.8.1351.0 2011.09.13 Win32:Alureon-AJI [Rtk]

Avast5 5.0.677.0 2011.09.13 Win32:Alureon-AJI [Rtk]

AVG 10.0.0.1190 2011.09.13 -

BitDefender 7.2 2011.09.13 Gen:Trojan.Heur.Hype.cqW@aCfAJ1b

ByteHero 1.0.0.1 2011.09.13 -

CAT-QuickHeal 11.00 2011.09.13 -

ClamAV 0.97.0.0 2011.09.13 -

Commtouch 5.3.2.6 2011.09.13 -

Comodo 10098 2011.09.13 UnclassifiedMalware

DrWeb 5.0.2.03300 2011.09.13 Trojan.Inject.53003

Emsisoft 5.1.0.11 2011.09.13 Backdoor.Win32.Smadow!IK

eSafe 7.0.17.0 2011.09.13 -

eTrust-Vet 36.1.8556 2011.09.13 -

F-Prot 4.6.2.117 2011.09.13 -

F-Secure 9.0.16440.0 2011.09.13 Gen:Variant.TDss.15

Fortinet 4.3.370.0 2011.09.11 W32/ZAccess.E!tr.bdr

GData 22 2011.09.13 Gen:Trojan.Heur.Hype.cqW@aCfAJ1b

Ikarus T3.1.1.107.0 2011.09.13 Backdoor.Win32.Smadow

Jiangmin 13.0.900 2011.09.13 -

K7AntiVirus 9.112.5128 2011.09.13 -

Kaspersky 9.0.0.837 2011.09.13 -

McAfee 5.400.0.1158 2011.09.13 -

McAfee-GW-Edition 2010.1D 2011.09.12 Heuristic.BehavesLike.Win32.Spyware.C

Microsoft 1.7604 2011.09.13 Backdoor:Win32/Smadow.gen!B

NOD32 6460 2011.09.13 a variant of Win32/Sirefef.CR

Norman 6.07.11 2011.09.13 W32/ZAccess.G

nProtect 2011-09-13.01 2011.09.13 -

Panda 10.0.3.5 2011.09.13 Suspicious file

PCTools 8.0.0.5 2011.09.13 -

Prevx 3.0 2011.09.13 -

Rising 23.74.03.03 2011.09.09 -

Sophos 4.69.0 2011.09.13 Sus/UnkPack-C

SUPERAntiSpyware 4.40.0.1006 2011.09.13 -

Symantec 20111.2.0.82 2011.09.13 -

TheHacker 6.7.0.1.293 2011.09.10 -

TrendMicro 9.500.0.1008 2011.09.13 -

TrendMicro-HouseCall 9.500.0.1008 2011.09.13 -

VBA32 3.12.16.4 2011.09.13 -

VIPRE 10464 2011.09.13 -

ViRobot 2011.9.10.4666 2011.09.13 -

VirusBuster 14.0.210.1 2011.09.13 -

Additional informationShow all

MD5 : 7e4440ccefc1839d4a29e4e74e7a0dc9

SHA1 : 25d9a92e526488309ae253edcca64dca437769a0

SHA256: 21f57ec30b48ac2f8eb09e353313fe8692cecc57dd12684ece2beb64429b84dc

[B-boy/StyLe/]

Hi lilgeezy24,

Please read carefully and follow these steps.

• Download TDSSKiller and save it to your Desktop.
  
• Extract its contents to your desktop.
  
• Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  
  
• If an malicious object is detected, the default action will be Cure, click on Continue.
  
  
• If a suspicious object is detected, the default action will be Skip, click on Continue.
  
• Select Skip to the sptd.sys.
  
  
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  
  
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  
• If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
  

After that please try to download a fresh copy of Combofix from here.

I want you to rename Combofix.exe as you download it to svchost.exe

Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix.

Close any open browsers.

Double click on the renamed combofix.exe on your desktop (svchost.exe) & follow the prompts.

When finished, it will produce a logfile located at C:\ComboFix.txt

Post the log in your next reply.

Regards,

Georgi

[lilgeezy24]

TDSkiller worked and i have the log for that...

I renamed combofix to svchost.exe it closed a few seconds right after executing. I tried to open it again and i got this message.

"Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item."

2011/09/13 14:29:23.0734 2908 TDSS rootkit removing tool 2.5.22.0 Sep 13 2011 15:55:17

2011/09/13 14:29:23.0968 2908 ================================================================================

2011/09/13 14:29:23.0968 2908 SystemInfo:

2011/09/13 14:29:23.0968 2908

2011/09/13 14:29:23.0968 2908 OS Version: 5.1.2600 ServicePack: 3.0

2011/09/13 14:29:23.0968 2908 Product type: Workstation

2011/09/13 14:29:23.0968 2908 ComputerName: YOUR-4CFD40D048

2011/09/13 14:29:23.0968 2908 UserName: Owner

2011/09/13 14:29:23.0968 2908 Windows directory: C:\WINDOWS

2011/09/13 14:29:23.0968 2908 System windows directory: C:\WINDOWS

2011/09/13 14:29:23.0968 2908 Processor architecture: Intel x86

2011/09/13 14:29:23.0968 2908 Number of processors: 2

2011/09/13 14:29:23.0968 2908 Page size: 0x1000

2011/09/13 14:29:23.0968 2908 Boot type: Normal boot

2011/09/13 14:29:23.0968 2908 ================================================================================

2011/09/13 14:29:25.0687 2908 Initialize success

2011/09/13 14:29:31.0453 3640 ================================================================================

2011/09/13 14:29:31.0453 3640 Scan started

2011/09/13 14:29:31.0453 3640 Mode: Manual;

2011/09/13 14:29:31.0453 3640 ================================================================================

2011/09/13 14:29:33.0296 3640 7848373e (8f2bb1827cac01aee6a16e30a1260199) C:\WINDOWS\1043810424:2276968641.exe

2011/09/13 14:29:33.0578 3640 Suspicious file (Hidden): C:\WINDOWS\1043810424:2276968641.exe. md5: 8f2bb1827cac01aee6a16e30a1260199

2011/09/13 14:29:33.0578 3640 7848373e - detected HiddenFile.Multi.Generic (1)

2011/09/13 14:29:33.0796 3640 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

2011/09/13 14:29:33.0828 3640 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/09/13 14:29:33.0859 3640 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2011/09/13 14:29:33.0890 3640 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

2011/09/13 14:29:33.0937 3640 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2011/09/13 14:29:33.0968 3640 AFD (10b5b921f711380e69a3105e9ea3b105) C:\WINDOWS\System32\drivers\afd.sys

2011/09/13 14:29:33.0984 3640 AFD - detected Rootkit.Win32.ZAccess.e (0)

2011/09/13 14:29:34.0015 3640 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

2011/09/13 14:29:34.0046 3640 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

2011/09/13 14:29:34.0062 3640 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

2011/09/13 14:29:34.0093 3640 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

2011/09/13 14:29:34.0109 3640 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

2011/09/13 14:29:34.0140 3640 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

2011/09/13 14:29:34.0187 3640 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

2011/09/13 14:29:34.0203 3640 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys

2011/09/13 14:29:34.0234 3640 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

2011/09/13 14:29:34.0281 3640 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

2011/09/13 14:29:34.0296 3640 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

2011/09/13 14:29:34.0312 3640 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

2011/09/13 14:29:34.0328 3640 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

2011/09/13 14:29:34.0406 3640 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/09/13 14:29:34.0437 3640 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2011/09/13 14:29:34.0484 3640 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/09/13 14:29:34.0671 3640 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/09/13 14:29:35.0000 3640 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2011/09/13 14:29:35.0187 3640 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

2011/09/13 14:29:35.0203 3640 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/09/13 14:29:35.0250 3640 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

2011/09/13 14:29:35.0265 3640 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/09/13 14:29:35.0296 3640 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/09/13 14:29:35.0343 3640 Cdr4_xp (837eef65af62d4e8a37c41d3879f7274) C:\WINDOWS\system32\drivers\Cdr4_xp.sys

2011/09/13 14:29:35.0484 3640 Cdralw2k (579da2f9f5401f55dae2cf8779d61dfc) C:\WINDOWS\system32\drivers\Cdralw2k.sys

2011/09/13 14:29:35.0531 3640 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/09/13 14:29:35.0593 3640 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys

2011/09/13 14:29:35.0640 3640 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

2011/09/13 14:29:35.0687 3640 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

2011/09/13 14:29:35.0703 3640 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

2011/09/13 14:29:35.0765 3640 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/09/13 14:29:35.0843 3640 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2011/09/13 14:29:35.0875 3640 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2011/09/13 14:29:35.0906 3640 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2011/09/13 14:29:35.0953 3640 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2011/09/13 14:29:36.0000 3640 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

2011/09/13 14:29:36.0015 3640 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/09/13 14:29:36.0078 3640 E100B (6ca101f9aa3d845ba31f6e13c01301a8) C:\WINDOWS\system32\DRIVERS\e100b325.sys

2011/09/13 14:29:36.0140 3640 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/09/13 14:29:36.0171 3640 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

2011/09/13 14:29:36.0203 3640 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2011/09/13 14:29:36.0250 3640 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

2011/09/13 14:29:36.0296 3640 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2011/09/13 14:29:36.0359 3640 fssfltr (c6ee3a87fe609d3e1db9dbd072a248de) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys

2011/09/13 14:29:36.0406 3640 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/09/13 14:29:36.0437 3640 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/09/13 14:29:36.0500 3640 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/09/13 14:29:36.0546 3640 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2011/09/13 14:29:36.0625 3640 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2011/09/13 14:29:36.0656 3640 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

2011/09/13 14:29:36.0703 3640 HSFHWBS2 (b6b0721a86e51d141ec55c3cc1ca5686) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys

2011/09/13 14:29:36.0765 3640 HSF_DP (b2dfc168d6f7512faea085253c5a37ad) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys

2011/09/13 14:29:36.0859 3640 HSF_DPV (698204d9c2832e53633e53a30a53fc3d) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys

2011/09/13 14:29:37.0046 3640 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/09/13 14:29:37.0093 3640 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

2011/09/13 14:29:37.0125 3640 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys

2011/09/13 14:29:37.0156 3640 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2011/09/13 14:29:37.0250 3640 ialm (d95eb1c9b3a5c2f6fdeab05dd03736fe) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

2011/09/13 14:29:37.0328 3640 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2011/09/13 14:29:37.0359 3640 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

2011/09/13 14:29:37.0406 3640 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

2011/09/13 14:29:37.0453 3640 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2011/09/13 14:29:37.0500 3640 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2011/09/13 14:29:37.0515 3640 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2011/09/13 14:29:37.0546 3640 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/09/13 14:29:37.0593 3640 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/09/13 14:29:37.0625 3640 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/09/13 14:29:37.0656 3640 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/09/13 14:29:37.0703 3640 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/09/13 14:29:37.0734 3640 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/09/13 14:29:37.0765 3640 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

2011/09/13 14:29:37.0812 3640 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2011/09/13 14:29:37.0828 3640 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/09/13 14:29:37.0937 3640 Linksys_adapter_H (bcdf72dce41874b3ad9143d537b493b2) C:\WINDOWS\system32\DRIVERS\AE2500xp.sys

2011/09/13 14:29:38.0140 3640 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

2011/09/13 14:29:38.0234 3640 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys

2011/09/13 14:29:38.0265 3640 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2011/09/13 14:29:38.0296 3640 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2011/09/13 14:29:38.0312 3640 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/09/13 14:29:38.0375 3640 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2011/09/13 14:29:38.0390 3640 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/09/13 14:29:38.0500 3640 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

2011/09/13 14:29:38.0515 3640 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/09/13 14:29:38.0578 3640 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/09/13 14:29:38.0625 3640 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2011/09/13 14:29:38.0671 3640 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/09/13 14:29:38.0687 3640 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/09/13 14:29:38.0718 3640 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2011/09/13 14:29:38.0765 3640 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/09/13 14:29:38.0796 3640 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

2011/09/13 14:29:38.0828 3640 mxnic (e1cdf20697d992cf83ff86dd04df1285) C:\WINDOWS\system32\DRIVERS\mxnic.sys

2011/09/13 14:29:39.0000 3640 NAVAP (73c3bbe77011e9121930148fc5a8d2fd) C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVAP.sys

2011/09/13 14:29:39.0031 3640 NAVAPEL (035adce1cce9f50d6d32b733aa9b1aa7) C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAPEL.SYS

2011/09/13 14:29:39.0156 3640 NAVENG (49d802531e5984cf1fe028c6c129b9d8) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20101018.002\NAVENG.sys

2011/09/13 14:29:39.0218 3640 NAVEX15 (158676a5758c1fa519563b3e72fbf256) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20101018.002\NAVEX15.sys

2011/09/13 14:29:39.0406 3640 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2011/09/13 14:29:39.0453 3640 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/09/13 14:29:39.0484 3640 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/09/13 14:29:39.0515 3640 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/09/13 14:29:39.0546 3640 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/09/13 14:29:39.0578 3640 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/09/13 14:29:39.0609 3640 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/09/13 14:29:39.0687 3640 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

2011/09/13 14:29:39.0734 3640 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2011/09/13 14:29:39.0765 3640 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/09/13 14:29:39.0843 3640 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2011/09/13 14:29:39.0937 3640 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

2011/09/13 14:29:40.0015 3640 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/09/13 14:29:40.0046 3640 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/09/13 14:29:40.0078 3640 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys

2011/09/13 14:29:40.0109 3640 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys

2011/09/13 14:29:40.0125 3640 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys

2011/09/13 14:29:40.0156 3640 NWRDR (36b9b950e3d2e100970a48d8bad86740) C:\WINDOWS\system32\DRIVERS\nwrdr.sys

2011/09/13 14:29:40.0203 3640 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

2011/09/13 14:29:40.0265 3640 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys

2011/09/13 14:29:40.0312 3640 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

2011/09/13 14:29:40.0328 3640 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/09/13 14:29:40.0375 3640 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2011/09/13 14:29:40.0390 3640 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/09/13 14:29:40.0453 3640 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2011/09/13 14:29:40.0484 3640 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

2011/09/13 14:29:40.0718 3640 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

2011/09/13 14:29:40.0750 3640 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

2011/09/13 14:29:40.0796 3640 pfc (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys

2011/09/13 14:29:40.0843 3640 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/09/13 14:29:40.0906 3640 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2011/09/13 14:29:40.0921 3640 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/09/13 14:29:40.0953 3640 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys

2011/09/13 14:29:40.0984 3640 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

2011/09/13 14:29:41.0000 3640 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

2011/09/13 14:29:41.0031 3640 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

2011/09/13 14:29:41.0062 3640 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

2011/09/13 14:29:41.0078 3640 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

2011/09/13 14:29:41.0093 3640 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/09/13 14:29:41.0140 3640 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/09/13 14:29:41.0203 3640 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/09/13 14:29:41.0234 3640 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/09/13 14:29:41.0281 3640 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/09/13 14:29:41.0328 3640 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/09/13 14:29:41.0390 3640 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2011/09/13 14:29:41.0453 3640 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/09/13 14:29:41.0500 3640 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/09/13 14:29:41.0578 3640 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\WINDOWS\system32\DRIVERS\RimSerial.sys

2011/09/13 14:29:41.0609 3640 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys

2011/09/13 14:29:41.0734 3640 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS

2011/09/13 14:29:41.0765 3640 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

2011/09/13 14:29:41.0828 3640 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/09/13 14:29:41.0875 3640 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

2011/09/13 14:29:41.0890 3640 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

2011/09/13 14:29:41.0937 3640 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2011/09/13 14:29:41.0984 3640 sfng32 (cecdd7cb5db385775790d30fa10f0507) C:\WINDOWS\system32\drivers\sfng32.sys

2011/09/13 14:29:42.0031 3640 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys

2011/09/13 14:29:42.0078 3640 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

2011/09/13 14:29:42.0281 3640 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2011/09/13 14:29:42.0343 3640 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2011/09/13 14:29:42.0421 3640 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/09/13 14:29:42.0531 3640 STHDA (228519217a88c2f6b0cf8c022e6d669c) C:\WINDOWS\system32\drivers\sthda.sys

2011/09/13 14:29:42.0640 3640 SunkFilt (86ca1a5c15a5a98d5533945fb1120b05) C:\WINDOWS\System32\Drivers\sunkfilt.sys

2011/09/13 14:29:42.0671 3640 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/09/13 14:29:42.0703 3640 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2011/09/13 14:29:42.0765 3640 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

2011/09/13 14:29:42.0781 3640 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

2011/09/13 14:29:42.0859 3640 SymEvent (b36605d45281772a088ee2d70c913a55) C:\Program Files\Symantec\SYMEVENT.SYS

2011/09/13 14:29:42.0890 3640 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

2011/09/13 14:29:42.0921 3640 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

2011/09/13 14:29:42.0968 3640 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2011/09/13 14:29:43.0031 3640 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/09/13 14:29:43.0078 3640 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/09/13 14:29:43.0109 3640 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/09/13 14:29:43.0156 3640 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/09/13 14:29:43.0265 3640 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys

2011/09/13 14:29:43.0312 3640 TPkd (5f226c681049fb1df1578af32bb641f1) C:\WINDOWS\system32\drivers\TPkd.sys

2011/09/13 14:29:43.0375 3640 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2011/09/13 14:29:43.0421 3640 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

2011/09/13 14:29:43.0468 3640 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2011/09/13 14:29:43.0625 3640 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

2011/09/13 14:29:43.0703 3640 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2011/09/13 14:29:43.0750 3640 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/09/13 14:29:43.0781 3640 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/09/13 14:29:43.0828 3640 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2011/09/13 14:29:43.0859 3640 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2011/09/13 14:29:43.0890 3640 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/09/13 14:29:43.0937 3640 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2011/09/13 14:29:43.0968 3640 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2011/09/13 14:29:43.0984 3640 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

2011/09/13 14:29:44.0015 3640 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

2011/09/13 14:29:44.0062 3640 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/09/13 14:29:44.0093 3640 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/09/13 14:29:44.0156 3640 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys

2011/09/13 14:29:44.0218 3640 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2011/09/13 14:29:44.0281 3640 winachsf (74cf3f2e4e40c4a2e18d39d6300a5c24) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

2011/09/13 14:29:44.0406 3640 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys

2011/09/13 14:29:44.0437 3640 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

2011/09/13 14:29:44.0500 3640 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2011/09/13 14:29:44.0531 3640 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2011/09/13 14:29:44.0625 3640 MBR (0x1B8) (b20939cd98b7710036274839082ae757) \Device\Harddisk0\DR0

2011/09/13 14:29:44.0640 3640 Boot (0x1200) (127e1b3642c10dc89539400a3bc1bb83) \Device\Harddisk0\DR0\Partition0

2011/09/13 14:29:44.0656 3640 Boot (0x1200) (9b95a35893e06040c022150cfb845dc1) \Device\Harddisk0\DR0\Partition1

2011/09/13 14:29:44.0671 3640 ================================================================================

2011/09/13 14:29:44.0671 3640 Scan finished

2011/09/13 14:29:44.0671 3640 ================================================================================

2011/09/13 14:29:44.0703 0660 Detected object count: 2

2011/09/13 14:29:44.0703 0660 Actual detected object count: 2

2011/09/13 14:29:59.0000 0660 HiddenFile.Multi.Generic(7848373e) - User select action: Skip

2011/09/13 14:29:59.0109 0660 AFD (10b5b921f711380e69a3105e9ea3b105) C:\WINDOWS\System32\drivers\afd.sys

2011/09/13 14:29:59.0109 0660 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\WINDOWS\system32\drivers\afd.sys) error 1813

2011/09/13 14:29:59.0968 0660 Backup copy found, using it..

2011/09/13 14:29:59.0984 0660 C:\WINDOWS\System32\drivers\afd.sys - will be cured after reboot

2011/09/13 14:29:59.0984 0660 Rootkit.Win32.ZAccess.e(AFD) - User select action: Cure

2011/09/13 14:30:09.0125 2852 Deinitialize success

[B-boy/StyLe/]

Hello,

Please re-run TDSSKiller but this time please delete the following service too:

2011/09/13 14:29:59.0000 0660 HiddenFile.Multi.Generic(7848373e) - User select action: Skip

Post the log in your next reply.

Delete your copy of Combofix and download a fresh one from the link in my previous post.

Try to run in once again.

Regards,

Georgi

[lilgeezy24]

downloaded another combofix, it still dosent work...

i now have 2 combofix.exe and 1 that was renamed to svchost.exe.. i cant delete any of them

2011/09/13 15:14:09.0921 2388 TDSS rootkit removing tool 2.5.22.0 Sep 13 2011 15:55:17

2011/09/13 15:14:10.0156 2388 ================================================================================

2011/09/13 15:14:10.0156 2388 SystemInfo:

2011/09/13 15:14:10.0156 2388

2011/09/13 15:14:10.0156 2388 OS Version: 5.1.2600 ServicePack: 3.0

2011/09/13 15:14:10.0156 2388 Product type: Workstation

2011/09/13 15:14:10.0156 2388 ComputerName: YOUR-4CFD40D048

2011/09/13 15:14:10.0156 2388 UserName: Owner

2011/09/13 15:14:10.0156 2388 Windows directory: C:\WINDOWS

2011/09/13 15:14:10.0156 2388 System windows directory: C:\WINDOWS

2011/09/13 15:14:10.0156 2388 Processor architecture: Intel x86

2011/09/13 15:14:10.0156 2388 Number of processors: 2

2011/09/13 15:14:10.0156 2388 Page size: 0x1000

2011/09/13 15:14:10.0156 2388 Boot type: Normal boot

2011/09/13 15:14:10.0156 2388 ================================================================================

2011/09/13 15:14:11.0953 2388 Initialize success

2011/09/13 15:14:14.0968 2080 ================================================================================

2011/09/13 15:14:14.0968 2080 Scan started

2011/09/13 15:14:14.0968 2080 Mode: Manual;

2011/09/13 15:14:14.0968 2080 ================================================================================

2011/09/13 15:14:17.0500 2080 7848373e (8f2bb1827cac01aee6a16e30a1260199) C:\WINDOWS\1043810424:2276968641.exe

2011/09/13 15:14:20.0140 2080 Suspicious file (Hidden): C:\WINDOWS\1043810424:2276968641.exe. md5: 8f2bb1827cac01aee6a16e30a1260199

2011/09/13 15:14:20.0140 2080 7848373e - detected HiddenFile.Multi.Generic (1)

2011/09/13 15:14:20.0281 2080 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

2011/09/13 15:14:20.0343 2080 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/09/13 15:14:20.0375 2080 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2011/09/13 15:14:20.0406 2080 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

2011/09/13 15:14:20.0453 2080 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2011/09/13 15:14:20.0484 2080 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys

2011/09/13 15:14:20.0531 2080 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

2011/09/13 15:14:20.0562 2080 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

2011/09/13 15:14:20.0578 2080 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

2011/09/13 15:14:20.0609 2080 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

2011/09/13 15:14:20.0625 2080 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

2011/09/13 15:14:20.0656 2080 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

2011/09/13 15:14:20.0687 2080 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

2011/09/13 15:14:20.0703 2080 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys

2011/09/13 15:14:20.0734 2080 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

2011/09/13 15:14:20.0765 2080 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

2011/09/13 15:14:20.0781 2080 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

2011/09/13 15:14:20.0812 2080 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

2011/09/13 15:14:20.0828 2080 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

2011/09/13 15:14:20.0906 2080 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/09/13 15:14:20.0921 2080 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2011/09/13 15:14:20.0968 2080 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/09/13 15:14:21.0140 2080 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/09/13 15:14:21.0218 2080 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2011/09/13 15:14:21.0453 2080 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

2011/09/13 15:14:21.0484 2080 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/09/13 15:14:21.0515 2080 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

2011/09/13 15:14:21.0531 2080 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/09/13 15:14:21.0578 2080 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/09/13 15:14:21.0625 2080 Cdr4_xp (837eef65af62d4e8a37c41d3879f7274) C:\WINDOWS\system32\drivers\Cdr4_xp.sys

2011/09/13 15:14:21.0640 2080 Cdralw2k (579da2f9f5401f55dae2cf8779d61dfc) C:\WINDOWS\system32\drivers\Cdralw2k.sys

2011/09/13 15:14:21.0703 2080 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/09/13 15:14:21.0781 2080 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys

2011/09/13 15:14:21.0812 2080 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

2011/09/13 15:14:21.0875 2080 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

2011/09/13 15:14:21.0890 2080 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

2011/09/13 15:14:21.0953 2080 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/09/13 15:14:22.0046 2080 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2011/09/13 15:14:22.0078 2080 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2011/09/13 15:14:22.0109 2080 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2011/09/13 15:14:22.0156 2080 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2011/09/13 15:14:22.0218 2080 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

2011/09/13 15:14:22.0250 2080 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/09/13 15:14:22.0296 2080 E100B (6ca101f9aa3d845ba31f6e13c01301a8) C:\WINDOWS\system32\DRIVERS\e100b325.sys

2011/09/13 15:14:22.0359 2080 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/09/13 15:14:22.0406 2080 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

2011/09/13 15:14:22.0453 2080 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2011/09/13 15:14:22.0484 2080 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

2011/09/13 15:14:22.0531 2080 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2011/09/13 15:14:22.0609 2080 fssfltr (c6ee3a87fe609d3e1db9dbd072a248de) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys

2011/09/13 15:14:22.0625 2080 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/09/13 15:14:22.0656 2080 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/09/13 15:14:22.0718 2080 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/09/13 15:14:22.0796 2080 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2011/09/13 15:14:22.0843 2080 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2011/09/13 15:14:22.0875 2080 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

2011/09/13 15:14:22.0921 2080 HSFHWBS2 (b6b0721a86e51d141ec55c3cc1ca5686) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys

2011/09/13 15:14:22.0984 2080 HSF_DP (b2dfc168d6f7512faea085253c5a37ad) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys

2011/09/13 15:14:23.0125 2080 HSF_DPV (698204d9c2832e53633e53a30a53fc3d) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys

2011/09/13 15:14:23.0203 2080 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/09/13 15:14:23.0265 2080 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

2011/09/13 15:14:23.0296 2080 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys

2011/09/13 15:14:23.0328 2080 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2011/09/13 15:14:23.0406 2080 ialm (d95eb1c9b3a5c2f6fdeab05dd03736fe) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

2011/09/13 15:14:23.0468 2080 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2011/09/13 15:14:23.0515 2080 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

2011/09/13 15:14:23.0562 2080 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

2011/09/13 15:14:23.0593 2080 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2011/09/13 15:14:23.0640 2080 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2011/09/13 15:14:23.0671 2080 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2011/09/13 15:14:23.0703 2080 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/09/13 15:14:23.0750 2080 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/09/13 15:14:23.0781 2080 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/09/13 15:14:23.0812 2080 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/09/13 15:14:23.0859 2080 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/09/13 15:14:23.0953 2080 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/09/13 15:14:23.0984 2080 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

2011/09/13 15:14:24.0031 2080 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2011/09/13 15:14:24.0046 2080 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/09/13 15:14:24.0156 2080 Linksys_adapter_H (bcdf72dce41874b3ad9143d537b493b2) C:\WINDOWS\system32\DRIVERS\AE2500xp.sys

2011/09/13 15:14:24.0265 2080 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

2011/09/13 15:14:24.0328 2080 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys

2011/09/13 15:14:24.0375 2080 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2011/09/13 15:14:24.0406 2080 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2011/09/13 15:14:24.0421 2080 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/09/13 15:14:24.0468 2080 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2011/09/13 15:14:24.0484 2080 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/09/13 15:14:24.0593 2080 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

2011/09/13 15:14:24.0625 2080 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/09/13 15:14:24.0671 2080 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/09/13 15:14:24.0718 2080 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2011/09/13 15:14:24.0750 2080 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/09/13 15:14:24.0781 2080 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/09/13 15:14:24.0796 2080 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2011/09/13 15:14:24.0859 2080 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/09/13 15:14:24.0890 2080 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

2011/09/13 15:14:24.0921 2080 mxnic (e1cdf20697d992cf83ff86dd04df1285) C:\WINDOWS\system32\DRIVERS\mxnic.sys

2011/09/13 15:14:25.0093 2080 NAVAP (73c3bbe77011e9121930148fc5a8d2fd) C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVAP.sys

2011/09/13 15:14:25.0125 2080 NAVAPEL (035adce1cce9f50d6d32b733aa9b1aa7) C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAPEL.SYS

2011/09/13 15:14:25.0234 2080 NAVENG (49d802531e5984cf1fe028c6c129b9d8) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20101018.002\NAVENG.sys

2011/09/13 15:14:25.0296 2080 NAVEX15 (158676a5758c1fa519563b3e72fbf256) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20101018.002\NAVEX15.sys

2011/09/13 15:14:25.0437 2080 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2011/09/13 15:14:25.0468 2080 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/09/13 15:14:25.0500 2080 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/09/13 15:14:25.0531 2080 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/09/13 15:14:25.0562 2080 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/09/13 15:14:25.0593 2080 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/09/13 15:14:25.0625 2080 NetBT (4ed248a6f7c6da7d456a6946f94604ce) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/09/13 15:14:25.0625 2080 NetBT - detected Rootkit.Win32.ZAccess.e (0)

2011/09/13 15:14:25.0703 2080 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

2011/09/13 15:14:25.0750 2080 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2011/09/13 15:14:25.0781 2080 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/09/13 15:14:25.0859 2080 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2011/09/13 15:14:25.0937 2080 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

2011/09/13 15:14:26.0031 2080 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/09/13 15:14:26.0062 2080 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/09/13 15:14:26.0078 2080 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys

2011/09/13 15:14:26.0125 2080 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys

2011/09/13 15:14:26.0156 2080 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys

2011/09/13 15:14:26.0171 2080 NWRDR (36b9b950e3d2e100970a48d8bad86740) C:\WINDOWS\system32\DRIVERS\nwrdr.sys

2011/09/13 15:14:26.0203 2080 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

2011/09/13 15:14:26.0234 2080 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys

2011/09/13 15:14:26.0250 2080 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

2011/09/13 15:14:26.0328 2080 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/09/13 15:14:26.0375 2080 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2011/09/13 15:14:26.0390 2080 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/09/13 15:14:26.0453 2080 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2011/09/13 15:14:26.0484 2080 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

2011/09/13 15:14:26.0625 2080 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

2011/09/13 15:14:26.0656 2080 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

2011/09/13 15:14:26.0703 2080 pfc (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys

2011/09/13 15:14:26.0765 2080 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/09/13 15:14:26.0812 2080 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2011/09/13 15:14:26.0843 2080 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/09/13 15:14:26.0875 2080 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys

2011/09/13 15:14:26.0890 2080 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

2011/09/13 15:14:26.0921 2080 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

2011/09/13 15:14:26.0937 2080 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

2011/09/13 15:14:26.0984 2080 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

2011/09/13 15:14:27.0015 2080 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

2011/09/13 15:14:27.0062 2080 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/09/13 15:14:27.0093 2080 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/09/13 15:14:27.0109 2080 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/09/13 15:14:27.0140 2080 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/09/13 15:14:27.0171 2080 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/09/13 15:14:27.0187 2080 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/09/13 15:14:27.0234 2080 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2011/09/13 15:14:27.0296 2080 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/09/13 15:14:27.0359 2080 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/09/13 15:14:27.0437 2080 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\WINDOWS\system32\DRIVERS\RimSerial.sys

2011/09/13 15:14:27.0468 2080 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys

2011/09/13 15:14:27.0593 2080 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS

2011/09/13 15:14:27.0640 2080 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

2011/09/13 15:14:27.0687 2080 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/09/13 15:14:27.0718 2080 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

2011/09/13 15:14:27.0843 2080 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

2011/09/13 15:14:27.0921 2080 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2011/09/13 15:14:27.0953 2080 sfng32 (cecdd7cb5db385775790d30fa10f0507) C:\WINDOWS\system32\drivers\sfng32.sys

2011/09/13 15:14:28.0015 2080 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys

2011/09/13 15:14:28.0062 2080 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

2011/09/13 15:14:28.0078 2080 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2011/09/13 15:14:28.0125 2080 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2011/09/13 15:14:28.0171 2080 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/09/13 15:14:28.0281 2080 STHDA (228519217a88c2f6b0cf8c022e6d669c) C:\WINDOWS\system32\drivers\sthda.sys

2011/09/13 15:14:28.0390 2080 SunkFilt (86ca1a5c15a5a98d5533945fb1120b05) C:\WINDOWS\System32\Drivers\sunkfilt.sys

2011/09/13 15:14:28.0421 2080 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/09/13 15:14:28.0453 2080 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2011/09/13 15:14:28.0515 2080 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

2011/09/13 15:14:28.0531 2080 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

2011/09/13 15:14:28.0609 2080 SymEvent (b36605d45281772a088ee2d70c913a55) C:\Program Files\Symantec\SYMEVENT.SYS

2011/09/13 15:14:28.0640 2080 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

2011/09/13 15:14:28.0656 2080 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

2011/09/13 15:14:28.0703 2080 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2011/09/13 15:14:28.0765 2080 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/09/13 15:14:28.0828 2080 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/09/13 15:14:28.0843 2080 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/09/13 15:14:28.0937 2080 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/09/13 15:14:29.0031 2080 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys

2011/09/13 15:14:29.0062 2080 TPkd (5f226c681049fb1df1578af32bb641f1) C:\WINDOWS\system32\drivers\TPkd.sys

2011/09/13 15:14:29.0140 2080 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2011/09/13 15:14:29.0187 2080 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

2011/09/13 15:14:29.0234 2080 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2011/09/13 15:14:29.0281 2080 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

2011/09/13 15:14:29.0312 2080 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2011/09/13 15:14:29.0343 2080 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/09/13 15:14:29.0421 2080 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/09/13 15:14:29.0468 2080 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2011/09/13 15:14:29.0500 2080 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2011/09/13 15:14:29.0546 2080 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/09/13 15:14:29.0593 2080 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2011/09/13 15:14:29.0609 2080 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2011/09/13 15:14:29.0625 2080 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

2011/09/13 15:14:29.0671 2080 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

2011/09/13 15:14:29.0703 2080 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/09/13 15:14:29.0750 2080 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/09/13 15:14:29.0796 2080 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys

2011/09/13 15:14:29.0859 2080 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2011/09/13 15:14:29.0937 2080 winachsf (74cf3f2e4e40c4a2e18d39d6300a5c24) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

2011/09/13 15:14:30.0125 2080 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys

2011/09/13 15:14:30.0156 2080 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

2011/09/13 15:14:30.0203 2080 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2011/09/13 15:14:30.0250 2080 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2011/09/13 15:14:30.0343 2080 MBR (0x1B8) (b20939cd98b7710036274839082ae757) \Device\Harddisk0\DR0

2011/09/13 15:14:30.0375 2080 Boot (0x1200) (127e1b3642c10dc89539400a3bc1bb83) \Device\Harddisk0\DR0\Partition0

2011/09/13 15:14:30.0390 2080 Boot (0x1200) (9b95a35893e06040c022150cfb845dc1) \Device\Harddisk0\DR0\Partition1

2011/09/13 15:14:30.0390 2080 ================================================================================

2011/09/13 15:14:30.0390 2080 Scan finished

2011/09/13 15:14:30.0390 2080 ================================================================================

2011/09/13 15:14:30.0406 0168 Detected object count: 2

2011/09/13 15:14:30.0406 0168 Actual detected object count: 2

2011/09/13 15:14:46.0000 0168 HKLM\SYSTEM\ControlSet009\services\7848373e - will be deleted after reboot

2011/09/13 15:14:46.0000 0168 HKLM\SYSTEM\ControlSet010\services\7848373e - will be deleted after reboot

2011/09/13 15:14:46.0015 0168 C:\WINDOWS\1043810424:2276968641.exe - will be deleted after reboot

2011/09/13 15:14:46.0015 0168 HiddenFile.Multi.Generic(7848373e) - User select action: Delete

2011/09/13 15:14:46.0062 0168 NetBT (4ed248a6f7c6da7d456a6946f94604ce) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/09/13 15:14:46.0062 0168 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\WINDOWS\system32\drivers\netbt.sys) error 1813

2011/09/13 15:14:50.0031 0168 Backup copy found, using it..

2011/09/13 15:14:50.0062 0168 C:\WINDOWS\system32\DRIVERS\netbt.sys - will be cured after reboot

2011/09/13 15:14:50.0062 0168 Rootkit.Win32.ZAccess.e(NetBT) - User select action: Cure

2011/09/13 15:15:15.0062 0632 Deinitialize success

[B-boy/StyLe/]

Hello lilgeezy24,

Please download aswMBR to your desktop.

• Double click the aswMBR.exe icon to run it.
  
• The program will offers to download the latest antivirus definitions from Avast servers. Click YES to agree.
  
• When it's done in the AV Scan drop down options choose C:\
  
  
• Click the Scan button to start the scan
  
• On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.
  

Please perform the following scan too:

• Download DDS by sUBs from the link below. Save it to your desktop.
  • DDS.scr
    

  [*]Double click on the DDS icon, allow it to run.

  [*]A small box will open, with an explaination about the tool. No input is needed, the scan is running.

  [*]Notepad will open with the results.

  [*]Follow the instructions that pop up for posting the results.

  [*]Close the program window, and delete the program from your desktop.

Regards,

Georgi

[lilgeezy24]

MBR scanned for a few seconds and cut off right after a file came up in red in the scan.

DDS is asking for a program to open the file

[B-boy/StyLe/]

Hi,

Do you have an XP CD at hand (or can you borrow one from a friend/family member)?

Regards,

Georgi

[lilgeezy24]

yes i have an xp cd

[B-boy/StyLe/]

Great !

Let's try to boot your computer using a Boot CD.

Please print this guide for future reference!

You will need a blank CD, your Windows XP install disc, a clean computer and a flash drive.

Please follow the steps below and let me know if you were successful. Please tell me what error messages you got and/or what steps you got hung up on.

1. Download the PE Builder to your desktop

http://www.nu2.nu/download.php?sFile=pebuilder3110a.exe

• Double-Click on the PE Builder that you just downloaded to your desktop.
  
• Follow all of the instructions/prompts that come up.
  

2. Insert your XP CD with SP1/SP2/SP3 into a CD Rom drive

• Double-Click on PE Builder.exe located on your desktop.
  
• Click NO to Search for Windows Installation Files
  
• Make the following selections from the Main Screen that pops up:
  • Builder
    • Source:(path to Windows installation files)
      • Enter the path to the drive where your XP CD is located.
        
      • You can click on the "..." button on the right to navigate to the path as well.
        

      [*]Custom: (include files and folders from this directory)

      • No information is necessary, leave blank.
        

      [*]Output:

      • Keep the default
        

  • Media output
    • Choose Create ISO image
      
    • Do not choose Burn to CD/DVD
      • Download the RunScanner plugin and save it to your desktop

      http://www.paraglidernc.com/Files/RunScanner10025.cab

      Please note: You will be prompted for the folder that it shall be saved. By default it appears as runscanner10025. It should be modified to just runscanner <--- Important!!!

      • Press the Plugin button on the PE Builder interface
        
      • Press the Add button and navigate to the location of the RunScanner plugin to install
        
      • Please note: If you are using a Windows XP disc with sp2 then highlight RpsSS needs to launch DComLaunch and then press Enable
        

      [*]When your done press Close and the PE Builder interface will re-appear

  3. Click on the "Build" button

  • You will see the Windows EULA message. Click on I Agree
    
  • You will now see the Build Screen. Let it run it's course
    
  • When the Build is finished you can click close, then exit
    

  4. Burn your ISO file to CD

  • Please see http://www.petri.co.il/how_to_write_iso_files_to_cd.htm on how to burn an ISO to CD.
    

  ==========

  Next........

  From your clean computer..

  Please download OTLPE.zip and save it to a flash drive.

  http://oldtimer.geekstogo.com/OTLPE.zip

  http://www.itxassociates.com/OT-Tools/OTLPE.zip

  Double click and unzip OTLPE.zip to its own folder on your flash drive. Name it OTLPE <-- Important!!

  ==========

  Plug your flash drive into your sick computer now and do as instructed below..

  ==========

  1. Restart Your sick Computer Using the PE Builder ISO CD That You Have Created

  • Insert the CD in to one of your CD/DVD drives.
    
  • Restart your computer.
    • The computer should choose to boot from the CD automatically. If it doesn't and you are asked if you want to boot from CD, then choose that option.
      

    [*]Once the desktop appears, you will receive a message asking: Do you want to start Network support?

    • Click on No
      

    [*]After it loads press the Go button in the lower left and do this....

    • Go
      
    • System
      
    • Display
      
    • Screen Resolution
      
    • 1024x768
      

    Next choose....

    • Go
      
    • Programs
      
    • A43 File Management Utility
      

  ==========

  In A43File Management you should see your flash drive

  Navigate to the OTLPE folder that you saved to your flash drive.

  Open the OTLPE folder and double click Start.cmd.

  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
    
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
    
  • OTLPE should now start
    
  • Copy and Paste the following code from your flash drive into the textbox.
    

    
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    /md5start
    mswsock.dll
    /md5stop
    %systemroot%\system32\drivers\*.sys /90
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\*. /mp /s
    

    
    

  • Push
    
  • A report will open named "OTL.txt" and another will be minimized to the system tray named "Extra.txt". Save both log's to your flash drive. Copy and Paste them in your next reply.
    

  Regards,

  Georgi

[B-boy/StyLe/]

Hi lilgeezy24,

It's been several days. Do you still need help on this?

This thread will be closed if you don't respond within 72 hours.

Regards,

Georgi

[B-boy/StyLe/]

Hi lilgeezy24,

Are you still with me ?

If you don't understand my instructions, please feel free to ask me.

Thanks !

Regards,

Georgi

[LDTate]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!