BestTechie Forums: NEW TDSSSERV[RESOLVED] - BestTechie Forums

Jump to content

Sign In »

Register Now!

Help

Recommended Software

Page 1 of 1

You cannot start a new topic
This topic is locked

NEW TDSSSERV[RESOLVED] Google still redirects

Tweet

#1 TheTerrorist_75

Anti-Idiotarian

Group: Admin
Posts: 3772
Joined: 29-August 04
Location:Fulton, NY
Operating System:XP Home

Posted 07 June 2010 - 07:52 AM

Even with all f the programs to protect him he still went to bad sites and got infected.

AntiVir Log

Avira AntiVir Personal
Report file date: Sunday, June 06, 2010 16:34

Scanning for 2190565 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : GROOVIN

Version information:
BUILD.DAT : 10.0.0.567 32097 Bytes 4/19/2010 15:07:00
AVSCAN.EXE : 10.0.3.0 433832 Bytes 4/1/2010 17:37:38
AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 17:57:04
LUKE.DLL : 10.0.2.3 104296 Bytes 3/7/2010 23:33:04
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 04:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 14:05:36
VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 00:27:49
VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 22:37:42
VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 21:37:42
VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 16:29:03
VBASE005.VDF : 7.10.6.82 2494464 Bytes 4/15/2010 20:28:30
VBASE006.VDF : 7.10.7.218 2294784 Bytes 6/2/2010 20:28:37
VBASE007.VDF : 7.10.7.219 2048 Bytes 6/2/2010 20:28:37
VBASE008.VDF : 7.10.7.220 2048 Bytes 6/2/2010 20:28:37
VBASE009.VDF : 7.10.7.221 2048 Bytes 6/2/2010 20:28:38
VBASE010.VDF : 7.10.7.222 2048 Bytes 6/2/2010 20:28:38
VBASE011.VDF : 7.10.7.223 2048 Bytes 6/2/2010 20:28:38
VBASE012.VDF : 7.10.7.224 2048 Bytes 6/2/2010 20:28:38
VBASE013.VDF : 7.10.7.225 2048 Bytes 6/2/2010 20:28:38
VBASE014.VDF : 7.10.7.226 2048 Bytes 6/2/2010 20:28:38
VBASE015.VDF : 7.10.7.227 2048 Bytes 6/2/2010 20:28:38
VBASE016.VDF : 7.10.7.228 2048 Bytes 6/2/2010 20:28:39
VBASE017.VDF : 7.10.7.229 2048 Bytes 6/2/2010 20:28:39
VBASE018.VDF : 7.10.7.230 2048 Bytes 6/2/2010 20:28:39
VBASE019.VDF : 7.10.7.231 2048 Bytes 6/2/2010 20:28:39
VBASE020.VDF : 7.10.7.232 2048 Bytes 6/2/2010 20:28:39
VBASE021.VDF : 7.10.7.233 2048 Bytes 6/2/2010 20:28:39
VBASE022.VDF : 7.10.7.234 2048 Bytes 6/2/2010 20:28:39
VBASE023.VDF : 7.10.7.235 2048 Bytes 6/2/2010 20:28:40
VBASE024.VDF : 7.10.7.236 2048 Bytes 6/2/2010 20:28:40
VBASE025.VDF : 7.10.7.237 2048 Bytes 6/2/2010 20:28:40
VBASE026.VDF : 7.10.7.238 2048 Bytes 6/2/2010 20:28:40
VBASE027.VDF : 7.10.7.239 2048 Bytes 6/2/2010 20:28:40
VBASE028.VDF : 7.10.7.240 2048 Bytes 6/2/2010 20:28:40
VBASE029.VDF : 7.10.7.241 2048 Bytes 6/2/2010 20:28:40
VBASE030.VDF : 7.10.7.242 2048 Bytes 6/2/2010 20:28:41
VBASE031.VDF : 7.10.7.252 87552 Bytes 6/6/2010 20:28:41
Engineversion : 8.2.2.6
AEVDF.DLL : 8.1.2.0 106868 Bytes 6/6/2010 20:28:51
AESCRIPT.DLL : 8.1.3.31 1352058 Bytes 6/6/2010 20:28:50
AESCN.DLL : 8.1.6.1 127347 Bytes 6/6/2010 20:28:49
AESBX.DLL : 8.1.3.1 254324 Bytes 6/6/2010 20:28:51
AERDL.DLL : 8.1.4.6 541043 Bytes 6/6/2010 20:28:49
AEPACK.DLL : 8.2.1.1 426358 Bytes 3/19/2010 17:34:51
AEOFFICE.DLL : 8.1.1.0 201081 Bytes 6/6/2010 20:28:48
AEHEUR.DLL : 8.1.1.33 2724214 Bytes 6/6/2010 20:28:47
AEHELP.DLL : 8.1.11.5 242038 Bytes 6/6/2010 20:28:44
AEGEN.DLL : 8.1.3.10 377205 Bytes 6/6/2010 20:28:44
AEEMU.DLL : 8.1.2.0 393588 Bytes 6/6/2010 20:28:43
AECORE.DLL : 8.1.15.3 192886 Bytes 6/6/2010 20:28:42
AEBB.DLL : 8.1.1.0 53618 Bytes 6/6/2010 20:28:42
AVWINLL.DLL : 10.0.0.0 19304 Bytes 1/14/2010 17:03:38
AVPREF.DLL : 10.0.0.0 44904 Bytes 1/14/2010 17:03:35
AVREP.DLL : 10.0.0.8 62209 Bytes 2/18/2010 21:47:40
AVREG.DLL : 10.0.3.0 53096 Bytes 4/1/2010 17:35:46
AVSCPLR.DLL : 10.0.3.0 83816 Bytes 4/1/2010 17:39:51
AVARKT.DLL : 10.0.0.14 227176 Bytes 4/1/2010 17:22:13
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 1/26/2010 14:53:30
SQLITE3.DLL : 3.6.19.0 355688 Bytes 1/28/2010 17:57:58
AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/16/2010 20:38:56
NETNT.DLL : 10.0.0.0 11624 Bytes 2/19/2010 19:41:00
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 18:10:20
RCTEXT.DLL : 10.0.53.0 97128 Bytes 4/9/2010 19:14:29

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp
Logging.............................: low
Primary action......................: quarantine
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR,

Start of the scan: Sunday, June 06, 2010 16:34

Starting search for hidden objects.

The scan of running processes will be started
Scan process 'dllhost.exe' - '50' Module(s) have been scanned
Scan process 'dllhost.exe' - '45' Module(s) have been scanned
Scan process 'vssvc.exe' - '48' Module(s) have been scanned
Scan process 'avscan.exe' - '64' Module(s) have been scanned
Scan process 'avcenter.exe' - '63' Module(s) have been scanned
Scan process 'avgnt.exe' - '53' Module(s) have been scanned
Scan process 'sched.exe' - '55' Module(s) have been scanned
Scan process 'avshadow.exe' - '26' Module(s) have been scanned
Scan process 'avguard.exe' - '55' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '54' Module(s) have been scanned
Scan process 'ctfmon.exe' - '26' Module(s) have been scanned
Scan process 'msmsgs.exe' - '42' Module(s) have been scanned
Scan process 'jusched.exe' - '21' Module(s) have been scanned
Scan process 'SiteAdv.exe' - '51' Module(s) have been scanned
Scan process 'ezprint.exe' - '62' Module(s) have been scanned
Scan process 'lxcymon.exe' - '29' Module(s) have been scanned
Scan process 'hkcmd.exe' - '31' Module(s) have been scanned
Scan process 'igfxtray.exe' - '31' Module(s) have been scanned
Scan process 'Explorer.EXE' - '106' Module(s) have been scanned
Scan process 'alg.exe' - '33' Module(s) have been scanned
Scan process 'dmadmin.exe' - '27' Module(s) have been scanned
Scan process 'svchost.exe' - '39' Module(s) have been scanned
Scan process 'SeaPort.exe' - '56' Module(s) have been scanned
Scan process 'lxcycoms.exe' - '28' Module(s) have been scanned
Scan process 'jqs.exe' - '33' Module(s) have been scanned
Scan process 'spoolsv.exe' - '61' Module(s) have been scanned
Scan process 'svchost.exe' - '30' Module(s) have been scanned
Scan process 'svchost.exe' - '161' Module(s) have been scanned
Scan process 'svchost.exe' - '38' Module(s) have been scanned
Scan process 'svchost.exe' - '39' Module(s) have been scanned
Scan process 'lsass.exe' - '51' Module(s) have been scanned
Scan process 'services.exe' - '36' Module(s) have been scanned
Scan process 'winlogon.exe' - '71' Module(s) have been scanned
Scan process 'csrss.exe' - '12' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '427' files ).

Starting the file scan:

Begin scan in 'C:\'
C:\Documents and Settings\Buc\Local Settings\Application Data\Opera\Opera\cache\opr0000P
[WARNING] The file could not be read!
C:\System Volume Information\_restore{2156839D-A153-4825-B240-21D536D4E5B7}\RP574\A0042414.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen2 Trojan
[NOTE] The file was moved to the quarantine directory under the name '46b79ff3.qua'.
C:\System Volume Information\_restore{2156839D-A153-4825-B240-21D536D4E5B7}\RP577\A0042996.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '5e20b031.qua'.
C:\System Volume Information\_restore{2156839D-A153-4825-B240-21D536D4E5B7}\RP577\A0042997.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '0c7feada.qua'.
C:\System Volume Information\_restore{2156839D-A153-4825-B240-21D536D4E5B7}\RP577\A0042999.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '6a48a518.qua'.
C:\System Volume Information\_restore{2156839D-A153-4825-B240-21D536D4E5B7}\RP577\A0043000.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '2fcc8826.qua'.
C:\System Volume Information\_restore{2156839D-A153-4825-B240-21D536D4E5B7}\RP577\A0043001.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '50d7ba47.qua'.
C:\System Volume Information\_restore{2156839D-A153-4825-B240-21D536D4E5B7}\RP577\A0043002.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '1c6f960d.qua'.

End of the scan: Sunday, June 06, 2010 17:00
Used time: 26:26 Minute(s)

The scan has been done completely.

5460 Scanned directories
122218 Files were scanned
7 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
7 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
122211 Files not concerned
636 Archives were scanned
1 Warnings
7 Notes
292381 Objects were scanned with rootkit scan
0 Hidden objects were found

SAS log

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/06/2010 at 07:19 PM

Application Version : 4.38.1004

Core Rules Database Version : 5038
Trace Rules Database Version: 2850

Scan type : Complete Scan
Total Scan Time : 00:25:04

Memory items scanned : 449
Memory threats detected : 0
Registry items scanned : 5145
Registry threats detected : 2
File items scanned : 17136
File threats detected : 0

Rootkit.TDSServ
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TDSSserv.sys
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDSSserv.sys

MBAM log

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4173

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/6/2010 3:41:12 PM
mbam-log-2010-06-06 (15-41-12).txt

Scan type: Quick scan
Objects scanned: 134263
Time elapsed: 5 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 37
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 20
Files Infected: 26

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{480098c6-f6ad-4c61-9b5c-2bae228a34d1} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6160f76a-1992-4b17-a32d-0c706d159105} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{877f3eab-4462-44df-8475-6064eafd7fbf} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{883dfc00-8a21-411d-956c-73a4e4b7d16f} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{ac5ab953-ed25-4f9c-87f0-b086b0178ffa} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c28a0312-c403-417b-a425-a915bc0519cd} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{25b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\{5617ECA9-488D-4BA2-8562-9710B9AB78D2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\F5JMWNZTHI (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Internet Saving Optimizer (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Media Access Startup (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ROUA3O12PW (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Internet Saving Optimizer (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Media Access Startup (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{16b6279b-9ff5-41fb-8bf9-404324f5dd1f}}_is1 (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1fb52ab3-5987-45a2-85e0-f3ec30dddc29}}_is1 (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\TDSSserv (Rootkit.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{0ba0192d-94a5-45e3-b2b8-3ec5a1a0b5ec} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{2224e955-00e9-4613-a844-ce69fccaae91} (Adware.DoubleD) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\Internet Saving Optimizer (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340 (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\Data (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\chrome (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\chrome\content (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\components (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850 (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\Data (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\FF (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\FF\chrome (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\FF\chrome\content (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\FF\components (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Buc\Local Settings\Application Data\Internet Saving Optimizer (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Buc\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340 (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Buc\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340 (Adware.DoubleD) -> Files: 2781 -> Quarantined and deleted successfully.
C:\Documents and Settings\Buc\Local Settings\Application Data\Media Access Startup (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Buc\Local Settings\Application Data\Media Access Startup\1.5.0.850 (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Buc\Local Settings\Application Data\Media Access Startup\1.5.0.850 (Adware.DoubleD) -> Files: 529 -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\NPCommon.dll (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\unins000.dat (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\unins000.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\Data\config.md (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\chrome.manifest (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\install.rdf (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\chrome\NPAddOn.jar (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\chrome\content\NPAddOn.js (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\chrome\content\NPAddOn.xul (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\components\NPFFAddOn.dll (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\components\NPFFAddOn.xpt (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\components\NPFFHelperComponent.js (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\hppx.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\MAHelper.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\unins000.dat (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\unins000.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\Data\config.md (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\FF\chrome.manifest (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\FF\install.rdf (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\FF\chrome\HPAddOn.jar (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\FF\chrome\content\HPAddOn.js (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\FF\chrome\content\HPAddOn.xul (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\FF\components\HPFFAddOn.xpt (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\FF\components\HPFFHelperComponent.js (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

Rooter log

Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows XP Home Edition (5.1.2600) Service Pack 3
[32_bits] - x86 Family 15 Model 2 Stepping 9, GenuineIntel
.
[wscsvc] (Security Center) RUNNING (state:4)
[SharedAccess] RUNNING (state:4)
Windows Firewall -> Enabled
.
Internet Explorer 8.0.6001.18702
.
A:\ [Removable]
C:\ [Fixed-NTFS] .. ( Total:74 Go - Free:61 Go )
D:\ [CD_Rom]
.
Scan : 21:12.51
Path : C:\Documents and Settings\Buc\Desktop\Rooter.exe
User : Buc ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
______ System (4)
______ \SystemRoot\System32\smss.exe (292)
______ \??\C:\WINDOWS\system32\csrss.exe (340)
______ \??\C:\WINDOWS\system32\winlogon.exe (364)
______ C:\WINDOWS\system32\services.exe (408)
______ C:\WINDOWS\system32\lsass.exe (420)
______ C:\WINDOWS\system32\svchost.exe (580)
______ C:\WINDOWS\system32\svchost.exe (640)
______ C:\WINDOWS\System32\svchost.exe (680)
______ C:\WINDOWS\system32\svchost.exe (716)
______ C:\WINDOWS\system32\spoolsv.exe (884)
______ C:\Program Files\Avira\AntiVir Desktop\sched.exe (928)
______ C:\Program Files\Avira\AntiVir Desktop\avguard.exe (1068)
______ C:\Program Files\Java\jre6\bin\jqs.exe (1172)
______ C:\WINDOWS\system32\lxcycoms.exe (1216)
______ C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (1248)
______ C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (1264)
______ C:\WINDOWS\System32\svchost.exe (1348)
______ C:\WINDOWS\System32\dmadmin.exe (1424)
______ C:\WINDOWS\system32\wuauclt.exe (1504)
______ C:\WINDOWS\Explorer.EXE (1784)
______ C:\WINDOWS\system32\igfxtray.exe (1952)
______ C:\WINDOWS\system32\hkcmd.exe (1960)
______ C:\Program Files\Lexmark 3400 Series\lxcymon.exe (1984)
______ C:\Program Files\Lexmark 3400 Series\ezprint.exe (1996)
______ C:\Program Files\SiteAdvisor\6253\SiteAdv.exe (2044)
______ C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (196)
______ C:\Program Files\Common Files\Java\Java Update\jusched.exe (232)
______ C:\Program Files\Messenger\msmsgs.exe (272)
______ C:\WINDOWS\system32\ctfmon.exe (260)
______ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (320)
______ C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (332)
______ C:\WINDOWS\System32\alg.exe (988)
______ C:\WINDOWS\system32\wuauclt.exe (2428)
______ C:\Documents and Settings\Buc\Desktop\Rooter.exe (2660)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:32256 | Length:80023233024)
.
----------------------\\ Scheduled Tasks
.
C:\WINDOWS\Tasks\desktop.ini
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\Tasks\NSSstub.job
C:\WINDOWS\Tasks\SA.DAT
C:\WINDOWS\Tasks\User_Feed_Synchronization-{422E5770-D947-4E46-90F1-DE548591BFEE}.job
.
----------------------\\ Registry
.
Rootkit! ... [HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_TDSSSERV]
Rootkit! ... [HKLM\SYSTEM\ControlSet002\Enum\Root\LEGACY_TDSSSERV]
Rootkit! ... [HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TDSSSERV]
.
----------------------\\ Files & Folders
.
C:\DOCUME~1\Buc\My Documents\Downloads\NTI_CD-Maker_Platinum_v6[1].0.0.64_by_Vietcrack\cdmaker_60064_crack.exe
==> Cracks & Keygens <==
.
----------------------\\ Scan completed at 21:12.58
.
C:\Rooter$\Rooter_1.txt - (06/06/2010 | 21:12.58).c

LockSearch

LockSearch by jpshortstuff (05.11.09.1)
Log created at 21:14 on 06/06/2010 (Buc)
Scanning C:\

C:\pagefile.sys
-------------------------

-=E.O.F=-

CKScanner log

CKScanner - Additional Security Risks - These are not necessarily bad
c:\documents and settings\buc\my documents\downloads\nti_cd-maker_platinum_v6[1].0.0.64_by_vietcrack\cdmaker_60064_crack.exe
c:\documents and settings\buc\my documents\downloads\nti_cd-maker_platinum_v6[1].0.0.64_by_vietcrack\nti_cd~1.exe
c:\documents and settings\buc\my documents\downloads\nti_cd-maker_platinum_v6[1].0.0.64_by_vietcrack\readme.txt
scanner sequence 3.CP.11
----- EOF -----

WVCheck

No file created

GMER log

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-06 23:06:04
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Buc\LOCALS~1\Temp\pxldqpog.sys

---- System - GMER 1.0.15 ----

SSDT F7C9C386 ZwCreateKey
SSDT F7C9C37C ZwCreateThread
SSDT F7C9C38B ZwDeleteKey
SSDT F7C9C395 ZwDeleteValueKey
SSDT F7C9C39A ZwLoadKey
SSDT F7C9C368 ZwOpenProcess
SSDT F7C9C36D ZwOpenThread
SSDT F7C9C3A4 ZwReplaceKey
SSDT F7C9C39F ZwRestoreKey
SSDT F7C9C390 ZwSetValueKey
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xED4C3620]

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 450 804E2AAC 1 Byte [20]
.rsrc C:\WINDOWS\system32\drivers\atapi.sys entry point in ".rsrc" section [0xF74C8780]

---- Devices - GMER 1.0.15 ----

Device \Driver\atapi \Device\Ide\IdePort0 [F74BBB3A] atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xac]}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F74BBB3A] atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xac]}
Device \Driver\atapi \Device\Ide\IdePort1 [F74BBB3A] atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xac]}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e [F74BBB3A] atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xac]}

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet003\Services\tdssserv@start 1
Reg HKLM\SYSTEM\ControlSet003\Services\tdssserv@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\tdssserv@imagepath \systemroot\system32\drivers\TDSSserv.sys

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----

OTL logs

OTL logfile created on: 6/6/2010 11:08:10 PM - Run 1
OTL by OldTimer - Version 3.2.5.3 Folder = C:\Documents and Settings\Buc\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

759.00 Mb Total Physical Memory | 444.00 Mb Available Physical Memory | 58.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 1140 2280 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 61.98 Gb Free Space | 83.17% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GROOVIN
Current User Name: Buc
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/06/06 20:54:56 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Buc\Desktop\OTL.exe
PRC - [2010/05/18 13:26:23 | 002,397,424 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/03/02 11:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/01/14 17:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/12/04 17:03:00 | 000,036,640 | ---- | M] () -- C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
PRC - [2007/06/25 10:34:56 | 000,082,608 | ---- | M] (Lexmark International Inc.) -- C:\Program Files\Lexmark 3400 Series\ezprint.exe
PRC - [2007/06/25 10:34:55 | 000,291,504 | ---- | M] () -- C:\Program Files\Lexmark 3400 Series\lxcymon.exe
PRC - [2007/06/20 06:28:55 | 000,537,264 | ---- | M] ( ) -- C:\WINDOWS\system32\lxcycoms.exe
PRC - [2007/06/08 19:25:40 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

========== Modules (SafeList) ==========

MOD - [2010/06/06 20:54:56 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Buc\Desktop\OTL.exe
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2008/02/02 09:37:11 | 000,011,552 | ---- | M] () -- C:\Program Files\SiteAdvisor\6253\saHook.dll

========== Win32 Services (SafeList) ==========

SRV - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/01/14 17:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2007/06/20 06:28:55 | 000,537,264 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\lxcycoms.exe -- (lxcy_device)

========== Driver Services (SafeList) ==========

DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/03/01 10:05:24 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/05/11 12:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/05/11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2004/10/01 10:24:00 | 002,279,424 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/08/03 22:41:36 | 000,606,684 | ---- | M] (LT) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2004/08/03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/11/26 18:14:10 | 000,028,857 | ---- | M] (Efficient Networks, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\enethusb.sys -- (ENETHUSB)
DRV - [2002/07/17 08:53:02 | 000,016,877 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Aspi32.sys -- (ASPI32)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.yahoo.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

Hosts file not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll ()
O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll ()
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark 3400 Series\ezprint.exe (Lexmark International Inc.)
O4 - HKLM..\Run: [FaxCenterServer] C:\Program Files\Lexmark Fax Solutions\fm3032.exe ()
O4 - HKLM..\Run: [LXCYCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.DLL (Lexmark International Inc.)
O4 - HKLM..\Run: [lxcymon.exe] C:\Program Files\Lexmark 3400 Series\lxcymon.exe ()
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corp.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe ()
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKLM..\RunOnce: [NSSInstallation] C:\WINDOWS\System32\Adobe\Shockwave 11\nssstub.exe (Symantec Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMorePrograms = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogOff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarCustomize = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1176029080890 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} http://support.f-sec...m/ols/fscax.cab (F-Secure Online Scanner 3.3)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254
O18 - Protocol\Handler\siteadvisor {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll ()
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop Components:0 () -
O24 - Desktop WallPaper: C:\Documents and Settings\Buc\Application Data\IrfanView\IrfanView_Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Buc\Application Data\IrfanView\IrfanView_Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/04/06 07:45:01 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2007/04/06 07:44:38 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: LanmanServer - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: LanmanServer - File not found
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: UploadMgr - Service
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608555} - Internet Explorer Classes for Java
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.4
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: Microsoft Base Smart Card Crypto Provider Package -

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DIVX - C:\WINDOWS\System32\divx.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: VIDC.wmv3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation)
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2010/06/06 21:12:54 | 000,000,000 | ---D | C] -- C:\Rooter$
[2010/06/06 20:58:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/06/06 20:54:56 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Buc\Desktop\OTL.exe
[2010/06/06 20:52:51 | 000,173,119 | ---- | C] (Eric_71) -- C:\Documents and Settings\Buc\Desktop\Rooter.exe
[2010/06/06 20:52:03 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Buc\Desktop\TFC.exe
[2010/06/06 20:25:35 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Buc\Recent
[2010/06/06 18:49:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Buc\Application Data\SUPERAntiSpyware.com
[2010/06/06 18:49:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/06/06 18:49:30 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/06/06 18:37:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/06/06 18:36:53 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/06/06 18:36:53 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/06/06 18:36:53 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/06/06 18:36:53 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/06/06 18:36:53 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/06/06 18:36:33 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/06/06 17:20:15 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/06/06 16:34:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010/06/06 16:30:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Buc\Application Data\Avira
[2010/06/06 16:27:14 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010/06/06 16:27:14 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2010/06/06 16:27:14 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2010/06/06 16:27:13 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/06/06 16:27:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2010/06/06 16:20:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Buc\Local Settings\Application Data\Opera
[2010/06/06 16:20:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Buc\Application Data\Opera
[2010/06/06 16:20:21 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
[2010/06/06 15:34:39 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/06/06 15:34:38 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/06/06 15:32:10 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/06/06 14:39:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Buc\Application Data\Malwarebytes
[2010/06/06 14:39:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/06/06 14:18:54 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010/06/06 14:18:17 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/01/13 17:23:55 | 000,323,584 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcyhcp.dll
[2007/04/04 11:40:29 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcypmui.dll
[2007/04/04 11:39:21 | 001,224,704 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcyserv.dll
[2007/04/04 11:34:13 | 000,421,888 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcycomm.dll
[2007/04/04 11:32:49 | 000,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcylmpm.dll
[2007/04/04 11:31:38 | 000,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcyiesc.dll
[2007/04/04 11:29:29 | 000,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcypplc.dll
[2007/04/04 11:28:42 | 000,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcycomc.dll
[2007/04/04 11:28:11 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcyprox.dll
[2007/04/04 11:22:25 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcyinpa.dll
[2007/04/04 11:21:51 | 000,995,328 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcyusb1.dll
[2007/04/04 11:18:18 | 000,696,320 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcyhbn3.dll
[1 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/06/06 22:25:03 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/06/06 21:13:04 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\NSSstub.job
[2010/06/06 21:08:26 | 000,000,876 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/06/06 21:08:08 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/06 21:08:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/06 21:07:24 | 004,431,872 | ---- | M] () -- C:\Documents and Settings\Buc\ntuser.dat
[2010/06/06 21:07:24 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Buc\ntuser.ini
[2010/06/06 20:54:56 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Buc\Desktop\OTL.exe
[2010/06/06 20:54:16 | 003,513,237 | ---- | M] () -- C:\Documents and Settings\Buc\Desktop\WVCheck.exe
[2010/06/06 20:53:35 | 000,451,584 | ---- | M] () -- C:\Documents and Settings\Buc\Desktop\CKScanner.exe
[2010/06/06 20:53:10 | 000,032,653 | ---- | M] () -- C:\Documents and Settings\Buc\Desktop\LockSearch.exe
[2010/06/06 20:52:52 | 000,173,119 | ---- | M] (Eric_71) -- C:\Documents and Settings\Buc\Desktop\Rooter.exe
[2010/06/06 20:52:03 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Buc\Desktop\TFC.exe
[2010/06/06 20:31:03 | 000,000,595 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/06/06 20:31:03 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/06/06 20:31:03 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2010/06/06 20:28:55 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{422E5770-D947-4E46-90F1-DE548591BFEE}.job
[2010/06/06 18:49:33 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/06/06 18:36:38 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/06/06 18:36:38 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/06/06 18:36:38 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/06/06 18:36:38 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/06/06 18:36:37 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/06/06 16:27:29 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010/06/06 16:20:26 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2010/06/06 16:14:48 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/06/06 15:41:21 | 005,562,634 | -H-- | M] () -- C:\Documents and Settings\Buc\Local Settings\Application Data\IconCache.db
[2010/06/06 15:34:42 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/06 15:32:11 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\Buc\Desktop\CCleaner.lnk
[2010/06/06 15:22:37 | 000,612,432 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.new
[2010/06/06 14:23:21 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/06/06 13:51:10 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/31 07:10:07 | 000,000,341 | ---- | M] () -- C:\Documents and Settings\Buc\Desktop\12.url
[2010/05/22 21:34:42 | 000,000,231 | ---- | M] () -- C:\Documents and Settings\Buc\Desktop\Social Security Online.url
[1 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/06 20:55:47 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Buc\Desktop\gmer.exe
[2010/06/06 20:54:10 | 003,513,237 | ---- | C] () -- C:\Documents and Settings\Buc\Desktop\WVCheck.exe
[2010/06/06 20:53:35 | 000,451,584 | ---- | C] () -- C:\Documents and Settings\Buc\Desktop\CKScanner.exe
[2010/06/06 20:53:10 | 000,032,653 | ---- | C] () -- C:\Documents and Settings\Buc\Desktop\LockSearch.exe
[2010/06/06 18:49:33 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/06/06 16:27:29 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010/06/06 16:20:26 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2010/06/06 15:34:42 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/06 15:32:11 | 000,001,548 | ---- | C] () -- C:\Documents and Settings\Buc\Desktop\CCleaner.lnk
[2010/06/06 14:23:21 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2008/01/13 17:25:36 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\LXPRMON.DLL
[2008/01/13 17:25:36 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXPMONUI.DLL
[2008/01/13 17:23:55 | 000,274,432 | ---- | C] () -- C:\WINDOWS\System32\lxcyinst.dll
[2008/01/13 17:23:18 | 000,344,064 | R--- | C] () -- C:\WINDOWS\System32\lxcycoin.dll
[2007/04/28 10:52:23 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/04/26 19:53:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iplayer.INI
[2007/04/12 10:12:59 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/04/12 10:12:59 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/04/12 10:12:59 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/04/12 10:12:58 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007/04/12 10:12:58 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2007/04/08 20:47:48 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/08/14 17:07:04 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxcycaps.dll
[2006/08/08 15:58:04 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\lxcydrs.dll
[2006/03/23 04:33:20 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxcyvs.dll
[2006/01/25 18:11:04 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\lxcycnv4.dll

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2007/04/06 07:45:01 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/06/06 20:31:03 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2007/04/06 07:45:01 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2007/07/19 12:13:23 | 000,000,076 | ---- | M] () -- C:\DVDPATH.TXT
[2007/04/06 07:45:01 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2007/06/22 10:29:14 | 000,001,659 | -H-- | M] () -- C:\IPH.PH
[2010/06/06 18:37:24 | 000,019,830 | ---- | M] () -- C:\JavaRa.log
[2007/04/06 07:45:01 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2007/04/08 06:06:10 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/09/01 16:58:58 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/06/06 21:08:00 | 1195,376,640 | -HS- | M] () -- C:\pagefile.sys
[2007/04/08 06:42:59 | 000,008,433 | ---- | M] () -- C:\SSInst.log

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2007/04/06 03:30:00 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2007/04/06 03:30:00 | 000,602,112 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2007/04/06 03:30:00 | 000,389,120 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\user32.dll /md5 >
[2008/04/13 20:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2008/04/13 20:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll

< %PROGRAMFILES%\*. >
[2008/02/05 16:53:45 | 000,000,000 | ---D | M] -- C:\Program Files\Abbyy FineReader 6.0 Sprint
[2007/06/22 10:29:14 | 000,000,000 | ---D | M] -- C:\Program Files\AIM6
[2010/06/06 16:27:13 | 000,000,000 | ---D | M] -- C:\Program Files\Avira
[2010/06/06 15:32:11 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2008/06/15 09:47:17 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2007/04/06 07:42:16 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2007/04/08 06:27:08 | 000,000,000 | ---D | M] -- C:\Program Files\Efficient Networks
[2010/06/06 17:20:15 | 000,000,000 | ---D | M] -- C:\Program Files\ESET
[2010/06/06 14:23:05 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2008/01/24 22:47:08 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2007/04/26 18:19:50 | 000,000,000 | ---D | M] -- C:\Program Files\InterActual
[2010/01/22 21:03:07 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2007/04/09 15:51:34 | 000,000,000 | ---D | M] -- C:\Program Files\IrfanView
[2010/06/06 18:36:33 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2008/05/05 20:16:59 | 000,000,000 | ---D | M] -- C:\Program Files\jv16 PowerTools
[2007/04/12 10:12:58 | 000,000,000 | ---D | M] -- C:\Program Files\K-Lite Codec Pack
[2007/04/09 14:55:12 | 000,000,000 | ---D | M] -- C:\Program Files\Lavalys
[2008/01/13 17:24:51 | 000,000,000 | ---D | M] -- C:\Program Files\Lexmark 3400 Series
[2008/01/13 17:25:51 | 000,000,000 | ---D | M] -- C:\Program Files\Lexmark Fax Solutions
[2008/01/13 17:27:42 | 000,000,000 | ---D | M] -- C:\Program Files\Lexmark Toolbar
[2010/06/06 14:21:29 | 000,000,000 | ---D | M] -- C:\Program Files\lx_cats
[2010/06/06 15:34:42 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/09/01 17:09:21 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2009/08/18 20:40:16 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2007/04/06 07:45:09 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2008/09/01 17:03:19 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2007/04/08 08:02:59 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2009/08/18 20:38:34 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2007/04/06 07:41:36 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2007/08/15 09:26:13 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 6.0
[2007/04/09 14:38:16 | 000,000,000 | ---D | M] -- C:\Program Files\Nero
[2008/09/01 17:00:59 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2009/07/19 19:14:07 | 000,000,000 | ---D | M] -- C:\Program Files\NOS
[2007/04/06 07:41:47 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2010/06/06 16:22:40 | 000,000,000 | ---D | M] -- C:\Program Files\Opera
[2009/08/13 00:14:11 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2007/04/08 07:58:57 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2008/05/22 10:15:20 | 000,000,000 | ---D | M] -- C:\Program Files\SiteAdvisor
[2010/06/06 18:38:51 | 000,000,000 | ---D | M] -- C:\Program Files\SpywareBlaster
[2010/06/06 18:49:33 | 000,000,000 | ---D | M] -- C:\Program Files\SUPERAntiSpyware
[2007/04/06 07:50:14 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2007/04/12 11:04:16 | 000,000,000 | ---D | M] -- C:\Program Files\Viewpoint
[2010/06/06 15:11:14 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2008/09/01 17:00:55 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2008/09/01 17:00:55 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2007/04/06 07:41:47 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2009/07/19 20:04:51 | 000,000,000 | ---D | M] -- C:\Program Files\WOT
[2007/04/06 07:45:09 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2009/05/06 12:25:30 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-01-23 01:03:21

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >

OTL Extras logfile created on: 6/6/2010 11:08:10 PM - Run 1
OTL by OldTimer - Version 3.2.5.3 Folder = C:\Documents and Settings\Buc\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

759.00 Mb Total Physical Memory | 444.00 Mb Available Physical Memory | 58.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 1140 2280 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 61.98 Gb Free Space | 83.17% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GROOVIN
Current User Name: Buc
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\WINDOWS\system32\lxcycoms.exe" = C:\WINDOWS\system32\lxcycoms.exe:*:Enabled:Lexmark Communications System -- ( )
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- File not found
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07474E69-E9E4-4B03-AC0E-D24B04231033}" = Nero 7 Essentials
"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" = Lexmark Toolbar
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F85CAAA-B786-4E5B-AADD-638856992EF3}" = Opera 10.53
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver
"{98177940-C048-4831-A279-F3888B1E2C7F}" = InstallMgr
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A8AC89BA-D8CB-4372-9743-1C54D23286B0}" = MSN Toolbar
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B6EF6DCE-078E-4952-A7FA-352A9C349EB0}" = MSN Toolbar
"{B7148D71-0A8F-4501-96B4-4E1CC67F874E}" = Microsoft Default Manager
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DB6BD5D5-8482-45C0-99CF-745C5B924497}" = WOT for Internet Explorer
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"Adobe Shockwave Player" = Adobe Shockwave Player
"AIM_6" = AIM 6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"EfntSSDSL" = Efficient Networks SpeedStream DSL
"ESET Online Scanner" = ESET Online Scanner v3
"EVEREST Home Edition_is1" = EVEREST Home Edition v1.51
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InterActual Player" = InterActual Player
"IrfanView" = IrfanView (remove only)
"jv16 PowerTools_is1" = jv16 PowerTools 1.3
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 1.70
"Lexmark 3400 Series" = Lexmark 3400 Series
"Lexmark Fax Solutions" = Lexmark Fax Solutions
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee SiteAdvisor" = McAfee SiteAdvisor
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"ViewpointMediaPlayer" = Viewpoint Media Player
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/7/2010 6:00:14 AM | Computer Name = GROOVIN | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

Error - 5/9/2010 7:15:55 PM | Computer Name = GROOVIN | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

Error - 5/10/2010 7:07:35 AM | Computer Name = GROOVIN | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

Error - 5/12/2010 7:24:06 AM | Computer Name = GROOVIN | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

Error - 5/21/2010 8:47:46 AM | Computer Name = GROOVIN | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

Error - 6/6/2010 2:20:27 PM | Computer Name = GROOVIN | Source = Avira AntiVir | ID = 4122
Description = Unable to load file AVPREF.DLL. Returned error code: 0x45a

Error - 6/6/2010 2:33:43 PM | Computer Name = GROOVIN | Source = Avira AntiVir | ID = 4122
Description = Unable to load file AVPREF.DLL. Returned error code: 0x45a

Error - 6/6/2010 2:38:17 PM | Computer Name = GROOVIN | Source = Avira AntiVir | ID = 4122
Description = Unable to load file AVPREF.DLL. Returned error code: 0x45a

Error - 6/6/2010 4:34:26 PM | Computer Name = GROOVIN | Source = COM+ | ID = 135763
Description = The run-time environment was unable to initialize for transactions
required to support transactional components. Make sure that MS-DTC is running.
(DtcGetTransactionManagerEx(): hr = 0x8004d01

Error - 6/6/2010 7:23:14 PM | Computer Name = GROOVIN | Source = COM+ | ID = 135763
Description = The run-time environment was unable to initialize for transactions
required to support transactional components. Make sure that MS-DTC is running.
(DtcGetTransactionManagerEx(): hr = 0x8004d01

[ System Events ]
Error - 6/6/2010 4:36:43 PM | Computer Name = GROOVIN | Source = Removable Storage Service | ID = 262255
Description = RSM could not load media in drive Drive 0 of library Flash Disk USB
Device.

Error - 6/6/2010 4:38:16 PM | Computer Name = GROOVIN | Source = Removable Storage Service | ID = 262255
Description = RSM could not load media in drive Drive 0 of library Flash Disk USB
Device.

Error - 6/6/2010 4:38:18 PM | Computer Name = GROOVIN | Source = Removable Storage Service | ID = 262255
Description = RSM could not load media in drive Drive 0 of library Flash Disk USB
Device.

Error - 6/6/2010 4:46:02 PM | Computer Name = GROOVIN | Source = Removable Storage Service | ID = 262255
Description = RSM could not load media in drive Drive 0 of library Flash Disk USB
Device.

Error - 6/6/2010 4:46:04 PM | Computer Name = GROOVIN | Source = Removable Storage Service | ID = 262255
Description = RSM could not load media in drive Drive 0 of library Flash Disk USB
Device.

Error - 6/6/2010 4:59:15 PM | Computer Name = GROOVIN | Source = Removable Storage Service | ID = 262255
Description = RSM could not load media in drive Drive 0 of library Flash Disk USB
Device.

Error - 6/6/2010 4:59:18 PM | Computer Name = GROOVIN | Source = Removable Storage Service | ID = 262255
Description = RSM could not load media in drive Drive 0 of library Flash Disk USB
Device.

Error - 6/6/2010 8:59:17 PM | Computer Name = GROOVIN | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 6/6/2010 8:59:17 PM | Computer Name = GROOVIN | Source = Service Control Manager | ID = 7034
Description = The lxcy_device service terminated unexpectedly. It has done this
1 time(s).

Error - 6/6/2010 8:59:17 PM | Computer Name = GROOVIN | Source = Service Control Manager | ID = 7034
Description = The SeaPort service terminated unexpectedly. It has done this 1 time(s).

< End of report >

#2 Rorschach112

HJT Team

Group: Managers
Posts: 425
Joined: 18-February 08

Posted 07 June 2010 - 09:39 AM

Download ComboFix here :

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them

Click me
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

#3 TheTerrorist_75

Anti-Idiotarian

Group: Admin
Posts: 3772
Joined: 29-August 04
Location:Fulton, NY
Operating System:XP Home

Posted 07 June 2010 - 08:20 PM

ComboFix 10-06-07.03 - Buc 06/07/2010 21:03:39.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.759.505 [GMT -4:00]
Running from: c:\documents and settings\Buc\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

Infected copy of c:\windows\system32\drivers\atapi.sys was found and disinfected
Restored copy from - Kitty had a snack

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TDSSSERV

((((((((((((((((((((((((( Files Created from 2010-05-08 to 2010-06-08 )))))))))))))))))))))))))))))))
.

2010-06-07 01:12 . 2010-06-07 01:12 -------- d-----w- C:\Rooter$
2010-06-06 22:50 . 2010-06-06 22:50 63488 ----a-w- c:\documents and settings\Buc\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-06-06 22:50 . 2010-06-06 22:50 52224 ----a-w- c:\documents and settings\Buc\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-06-06 22:50 . 2010-06-06 22:50 117760 ----a-w- c:\documents and settings\Buc\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-06-06 22:49 . 2010-06-06 22:49 -------- d-----w- c:\documents and settings\Buc\Application Data\SUPERAntiSpyware.com
2010-06-06 22:49 . 2010-06-06 22:49 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-06-06 22:49 . 2010-06-06 22:49 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-06-06 22:36 . 2010-06-06 22:36 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-06 22:36 . 2010-06-06 22:36 -------- d-----w- c:\program files\Java
2010-06-06 22:35 . 2010-06-06 22:35 79488 ----a-w- c:\documents and settings\Buc\Application Data\Sun\Java\jre1.6.0_20\gtapi.dll
2010-06-06 22:35 . 2010-06-06 22:35 152576 ----a-w- c:\documents and settings\Buc\Application Data\Sun\Java\jre1.6.0_20\lzma.dll
2010-06-06 21:20 . 2010-06-06 21:20 -------- d-----w- c:\program files\ESET
2010-06-06 20:34 . 2010-06-06 23:49 -------- d-----w- c:\windows\system32\NtmsData
2010-06-06 20:30 . 2010-06-06 20:30 -------- d-----w- c:\documents and settings\Buc\Application Data\Avira
2010-06-06 20:27 . 2010-03-01 14:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-06-06 20:27 . 2009-05-11 16:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-06-06 20:27 . 2009-05-11 16:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-06-06 20:27 . 2010-06-06 20:27 -------- d-----w- c:\program files\Avira
2010-06-06 20:27 . 2010-06-06 20:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-06-06 20:20 . 2010-06-06 20:20 -------- d-----w- c:\documents and settings\Buc\Local Settings\Application Data\Opera
2010-06-06 20:20 . 2010-06-06 20:22 -------- d-----w- c:\program files\Opera
2010-06-06 19:34 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-06 19:34 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-06 19:32 . 2010-06-06 19:32 -------- d-----w- c:\program files\CCleaner
2010-06-06 18:39 . 2010-06-06 18:39 -------- d-----w- c:\documents and settings\Buc\Application Data\Malwarebytes
2010-06-06 18:39 . 2010-06-06 18:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-06-06 18:19 . 2010-06-06 18:19 -------- d-----w- c:\windows\system32\wbem\Repository
2010-06-06 18:18 . 2010-06-06 19:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-06 22:38 . 2008-06-15 13:39 -------- d-----w- c:\program files\SpywareBlaster
2010-06-06 22:37 . 2008-06-15 13:47 -------- d-----w- c:\program files\Common Files\Java
2010-06-06 22:31 . 2008-04-30 13:16 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-06-06 19:11 . 2007-04-26 15:59 -------- d-----w- c:\program files\Windows Media Connect 2
2010-06-06 18:23 . 2007-04-09 19:22 -------- d-----w- c:\program files\Google
2010-06-06 18:21 . 2008-01-13 21:26 -------- d-----w- c:\program files\lx_cats
2010-05-25 17:02 . 2008-02-05 20:40 -------- d-----w- c:\documents and settings\Buc\Application Data\MSN6
2010-05-01 11:28 . 2008-02-02 13:35 -------- d-----w- c:\documents and settings\Buc\Application Data\SiteAdvisor
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-08 68856]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-05-18 2397424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-11-02 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-11-02 126976]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"lxcymon.exe"="c:\program files\Lexmark 3400 Series\lxcymon.exe" [2007-06-25 291504]
"EzPrint"="c:\program files\Lexmark 3400 Series\ezprint.exe" [2007-06-25 82608]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2007-06-25 295600]
"LXCYCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll" [2006-11-21 106496]
"SiteAdvisor"="c:\program files\SiteAdvisor\6253\SiteAdv.exe" [2007-12-04 36640]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NSSInstallation"="c:\windows\system32\Adobe\Shockwave 11\nssstub.exe" [2009-02-12 181624]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\WINDOWS\\system32\\lxcycoms.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [6/6/2010 4:27 PM 135336]
R2 lxcy_device;lxcy_device;c:\windows\system32\lxcycoms.exe -service --> c:\windows\system32\lxcycoms.exe -service [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/23/2009 9:59 PM 133104]
.
Contents of the 'Scheduled Tasks' folder

2010-06-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-24 01:59]

2010-06-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-24 01:59]

2010-06-08 c:\windows\Tasks\NSSstub.job
- c:\windows\system32\Adobe\Shockwave 11\nssstub.exe [2009-02-12 13:22]

2010-06-08 c:\windows\Tasks\User_Feed_Synchronization-{422E5770-D947-4E46-90F1-DE548591BFEE}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-07 21:10
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(364)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(3284)
c:\windows\system32\WININET.dll
c:\program files\SiteAdvisor\6253\saHook.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\lxcycoms.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
.
**************************************************************************
.
Completion time: 2010-06-07 21:13:41 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-08 01:13

Pre-Run: 66,460,205,056 bytes free
Post-Run: 66,375,041,024 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

- - End Of File - - 48F0FA5D7D552DAE7DA2C9BAF87B6116

#4 Rorschach112

HJT Team

Group: Managers
Posts: 425
Joined: 18-February 08

Posted 08 June 2010 - 09:22 AM

Download TDSSKiller and save it to your Desktop.

Extract the file and run it.
Once completed it will create a log in your C:\ drive
Please post the contents of that log

Download TFC to your desktop

Open the file and close any other windows.
It will close all programs itself when run, make sure to let it run uninterrupted.
Click the Start button to begin the process. The program should not take long to finish its job
Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Go to Kaspersky website and perform an online antivirus scan.

Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

#5 TheTerrorist_75

Anti-Idiotarian

Group: Admin
Posts: 3772
Joined: 29-August 04
Location:Fulton, NY
Operating System:XP Home

Posted 08 June 2010 - 01:47 PM

Kaspersky will not run. It says I need to install Java, but Java is up to date and functional. Internet Explorer closes saying it can't open this site. Opera doesn't have a problem.

14:20:56:203 3116 TDSS rootkit removing tool 2.3.2.0 May 31 2010 10:39:48
14:20:56:203 3116 ================================================================================
14:20:56:203 3116 SystemInfo:

14:20:56:203 3116 OS Version: 5.1.2600 ServicePack: 3.0
14:20:56:203 3116 Product type: Workstation
14:20:56:203 3116 ComputerName: GROOVIN
14:20:56:203 3116 UserName: Buc
14:20:56:203 3116 Windows directory: C:\WINDOWS
14:20:56:203 3116 Processor architecture: Intel x86
14:20:56:203 3116 Number of processors: 1
14:20:56:203 3116 Page size: 0x1000
14:20:56:203 3116 Boot type: Normal boot
14:20:56:203 3116 ================================================================================
14:20:56:531 3116 Initialize success
14:20:56:531 3116
14:20:56:531 3116 Scanning Services ...
14:20:56:859 3116 Raw services enum returned 312 services
14:20:56:859 3116
14:20:56:859 3116 Scanning Drivers ...
14:20:57:453 3116 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:20:57:500 3116 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
14:20:57:546 3116 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
14:20:57:640 3116 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
14:20:57:796 3116 ALCXWDM (8d6c30e515717248e0e52b85fd7ac466) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
14:20:57:984 3116 ASPI32 (5b01af89d16d562825c4db4530f20cbb) C:\WINDOWS\system32\drivers\ASPI32.sys
14:20:58:031 3116 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:20:58:093 3116 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
14:20:58:171 3116 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:20:58:187 3116 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
14:20:58:281 3116 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
14:20:58:343 3116 avgntflt (a88d29d928ad2b830e87b53e3f9bc182) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
14:20:58:406 3116 avipbb (1289e9a5d9118a25a13c0009519088e3) C:\WINDOWS\system32\DRIVERS\avipbb.sys
14:20:58:437 3116 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
14:20:58:468 3116 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
14:20:58:515 3116 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
14:20:58:546 3116 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
14:20:58:593 3116 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:20:58:703 3116 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
14:20:58:750 3116 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
14:20:58:828 3116 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
14:20:58:875 3116 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
14:20:58:906 3116 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
14:20:58:984 3116 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
14:20:59:031 3116 ENETHUSB (299369fc1a8e34c2f117fddbdeac3c65) C:\WINDOWS\system32\DRIVERS\enethusb.sys
14:20:59:078 3116 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
14:20:59:125 3116 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
14:20:59:140 3116 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
14:20:59:171 3116 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
14:20:59:234 3116 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
14:20:59:281 3116 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:20:59:343 3116 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:20:59:390 3116 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:20:59:453 3116 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:20:59:531 3116 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
14:20:59:625 3116 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:20:59:687 3116 ialm (d4405bd2b6e95efdc8e674ed4032874f) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
14:20:59:796 3116 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
14:20:59:843 3116 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
14:20:59:906 3116 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
14:20:59:968 3116 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
14:21:00:015 3116 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:21:00:046 3116 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:21:00:093 3116 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:21:00:156 3116 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:21:00:203 3116 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
14:21:00:234 3116 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:21:00:265 3116 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:21:00:328 3116 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
14:21:00:375 3116 klmd23 (67e1faa88fb397b3d56909d7e04f4dd3) C:\WINDOWS\system32\drivers\klmd.sys
14:21:00:406 3116 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
14:21:00:468 3116 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
14:21:00:578 3116 ltmodem5 (9ee18a5a45552673a67532ea37370377) C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys
14:21:00:656 3116 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
14:21:00:671 3116 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
14:21:00:687 3116 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:21:00:734 3116 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
14:21:00:765 3116 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
14:21:00:812 3116 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:21:00:906 3116 MRxSmb (60ae98742484e7ab80c3c1450e708148) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:21:00:968 3116 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
14:21:01:015 3116 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:21:01:046 3116 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:21:01:062 3116 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
14:21:01:109 3116 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:21:01:125 3116 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
14:21:01:156 3116 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
14:21:01:218 3116 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:21:01:250 3116 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:21:01:265 3116 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:21:01:343 3116 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
14:21:01:562 3116 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
14:21:01:656 3116 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
14:21:01:718 3116 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
14:21:01:796 3116 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
14:21:01:828 3116 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
14:21:01:875 3116 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:21:01:890 3116 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:21:01:937 3116 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
14:21:01:968 3116 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
14:21:02:015 3116 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
14:21:02:078 3116 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
14:21:02:140 3116 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
14:21:02:187 3116 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
14:21:02:296 3116 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:21:02:328 3116 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
14:21:02:343 3116 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:21:02:437 3116 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:21:02:468 3116 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:21:02:484 3116 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:21:02:515 3116 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
14:21:02:562 3116 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:21:02:609 3116 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:21:02:640 3116 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
14:21:02:703 3116 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
14:21:02:750 3116 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
14:21:02:828 3116 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
14:21:02:828 3116 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
14:21:02:875 3116 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:21:02:906 3116 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
14:21:02:968 3116 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
14:21:03:031 3116 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
14:21:03:078 3116 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
14:21:03:125 3116 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
14:21:03:171 3116 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
14:21:03:203 3116 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
14:21:03:234 3116 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
14:21:03:328 3116 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
14:21:03:421 3116 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:21:03:468 3116 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
14:21:03:484 3116 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
14:21:03:546 3116 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
14:21:03:593 3116 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
14:21:03:671 3116 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
14:21:03:718 3116 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:21:03:750 3116 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:21:03:765 3116 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:21:03:796 3116 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
14:21:03:812 3116 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
14:21:03:828 3116 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:21:03:859 3116 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
14:21:03:906 3116 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
14:21:03:953 3116 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
14:21:03:984 3116 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:21:04:031 3116 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
14:21:04:078 3116 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
14:21:04:156 3116 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
14:21:04:218 3116 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
14:21:04:218 3116
14:21:04:218 3116 Completed
14:21:04:218 3116
14:21:04:218 3116 Results:
14:21:04:218 3116 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
14:21:04:218 3116 File objects infected / cured / cured on reboot: 0 / 0 / 0
14:21:04:218 3116
14:21:04:234 3116 KLMD(ARK) unloaded successfully

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4180

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/8/2010 2:32:57 PM
mbam-log-2010-06-08 (14-32-57).txt

Scan type: Quick scan
Objects scanned: 134778
Time elapsed: 6 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#6 Rorschach112

HJT Team

Group: Managers
Posts: 425
Joined: 18-February 08

Posted 08 June 2010 - 05:33 PM

* Go here to run an online scannner from ESET.

Note: You will need to use Internet explorer for this scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Check next options: Remove found threats and Scan unwanted applications.
Click Scan
Wait for the scan to finish
Use notepad to open the logfile located at C:\Program Files\ESET\ESET Online Scanner\log.txt
Copy and paste that log as a reply to this topic

#7 TheTerrorist_75

Anti-Idiotarian

Group: Admin
Posts: 3772
Joined: 29-August 04
Location:Fulton, NY
Operating System:XP Home

Posted 09 June 2010 - 09:10 AM

Seeing as IE is still not functioning right I downloaded the ESET online scanner and ran it.

ESET scan results

C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\atapi.sys.vir Win32/Olmarik.TM trojan cleaned - quarantined

#8 Rorschach112

HJT Team

Group: Managers
Posts: 425
Joined: 18-February 08

Posted 09 June 2010 - 09:55 AM

well your logs are clean

lets see bout fixing that IE problem

Please download OTM

Save it to your desktop.
Please double-click OTM to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
```
:Processes

:Services

:Reg

:Files

:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[EMPTYFLASH]
[Reboot]
```
Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
Click the red Moveit! button.
Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTM and reboot your PC.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

click start > run > type cmd > type ipconfig /flushdns > click ok

reboot, IE better ?

#9 TheTerrorist_75

Anti-Idiotarian

Group: Admin
Posts: 3772
Joined: 29-August 04
Location:Fulton, NY
Operating System:XP Home

Posted 09 June 2010 - 04:07 PM

Could not flush DNS. I will look into that. I can't remember if I set this PC up last year to use OpenDNS. If not it will soon be. IE now seems to be functioning fine. No redirects or Java issues.

OTM log

All processes killed
========== PROCESSES ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Buc
->Temp folder emptied: 2693021 bytes
->Temporary Internet Files folder emptied: 7882925 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 10.00 mb

Restore point Set: OTM Restore Point (0)

OTM by OldTimer - Version 3.1.12.2 log created on 06092010_165308

#10 Rorschach112

HJT Team

Group: Managers
Posts: 425
Joined: 18-February 08

Posted 09 June 2010 - 05:49 PM

Your logs are clean

Follow these steps to uninstall Combofix and tools used in the removal of malware

Uninstall ComboFix

Remove Combofix now that we're done with it.

Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
Please follow the prompts to uninstall Combofix.
You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

Open OTL
Under the Custom Scans/Fixes box at the bottom, paste the following:
```
:Commands
[clearallrestorepoints]
```
Click the Run Fix button at the top
It might ask you to reboot, if so click YES

Open OTL to run it. (Vista users, right click on OTL and "Run as administrator")
Click on the CleanUp button.
Click Yes to begin the cleanup process and remove tools, including this application
You may be asked to reboot the machine to finish the cleanup process - if so, choose Yes

Please read my guide on how to prevent malware and about safe computing here

Thank you for your patience, and performing all of the procedures requested.

#11 TheTerrorist_75

Anti-Idiotarian

Group: Admin
Posts: 3772
Joined: 29-August 04
Location:Fulton, NY
Operating System:XP Home

Posted 09 June 2010 - 06:02 PM

Thank you for the assistance.

#12 Rorschach112

HJT Team

Group: Managers
Posts: 425
Joined: 18-February 08

Posted 10 June 2010 - 10:02 AM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

Page 1 of 1

You cannot start a new topic
This topic is locked

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users

Time Now: Feb 12 2012 01:34 PM

Skin by IPBForumSkins

Community Forum Software by IP.Board
Licensed to: BestTechie Holdings, Inc.

BestTechie Forums: NEW TDSSSERV[RESOLVED] - BestTechie Forums

Recommended Software

NEW TDSSSERV[RESOLVED] Google still redirects

Tweet

#1 TheTerrorist_75

#2 Rorschach112

#3 TheTerrorist_75

#4 Rorschach112

#5 TheTerrorist_75

#6 Rorschach112

#7 TheTerrorist_75

#8 Rorschach112

#9 TheTerrorist_75

#10 Rorschach112

#11 TheTerrorist_75

#12 Rorschach112

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users

Skin and Language

Execution Stats

BestTechie Forums: *NEW* TDSSSERV[RESOLVED] - BestTechie Forums

Recommended Software

*NEW* TDSSSERV[RESOLVED] Google still redirects Tweet

1 User(s) are reading this topic 0 members, 1 guests, 0 anonymous users

Skin and Language

Execution Stats

BestTechie Forums: NEW TDSSSERV[RESOLVED] - BestTechie Forums

NEW TDSSSERV[RESOLVED] Google still redirects

Tweet

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users