Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Google Redirect Help

Started by jerosakireno , Jun 21 2011 05:38 PM

This topic is locked

#1
jerosakireno

Posted 21 June 2011 - 05:38 PM

Member

Member
38 posts

About a couple weeks ago I got some virus that seems to only be affecting google. When I click on any search result using google, it redirects me to somewhere else (scour/yellowpages, etc). But if I copy the link, paste in in the address bar, & hit enter, it works fine (thought you should know that).

Currently I've been using Glary Utilities, Spybot, Cleanup, ATF Cleaner, Hijackthis, rkill, & gooredfix to clean my computer. I just learned about OTL from reading the guides, & here is my OTL log: (I had to include as an attachment, it would not send when i copy & paste)

CSRSS.EXE - I dont know what that is... But I have a feeling...

Anyway, I can post more logs or info that is needed, I'm not sure what else I should give at this point.

Attached Files

my otl log.txt 51KB 106 downloads

#2
ali.B

Posted 22 June 2011 - 04:49 AM

Trusted Helper

Malware Removal
3,086 posts

I'll post the log to make it easier to analyze

OTL logfile created on: 6/21/2011 7:11:27 PM - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\theonyxserpent\My Documents\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

509.98 Mb Total Physical Memory | 68.57 Mb Available Physical Memory | 13.44% Memory free
1.21 Gb Paging File | 0.60 Gb Available in Paging File | 49.47% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 8.82 Gb Free Space | 23.67% Space Free | Partition Type: NTFS

Computer Name: THEONYXCOMPUTER | User Name: theonyxserpent | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/21 19:10:58 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\theonyxserpent\My Documents\Downloads\OTL.exe
PRC - [2011/06/19 15:06:41 | 000,180,736 | ---- | M] () -- C:\Documents and Settings\theonyxserpent\Local Settings\temp\csrss.exe
PRC - [2011/06/16 17:32:32 | 000,184,832 | ---- | M] () -- C:\Documents and Settings\theonyxserpent\Application Data\dwm.exe
PRC - [2011/06/16 17:32:07 | 000,176,128 | ---- | M] () -- C:\Documents and Settings\theonyxserpent\Application Data\Microsoft\conhost.exe
PRC - [2011/05/30 18:05:11 | 000,768,512 | ---- | M] () -- C:\WINDOWS\system32\msctf32.exe
PRC - [2011/05/30 18:05:09 | 000,768,512 | ---- | M] () -- C:\WINDOWS\system32\msjtes4032.exe
PRC - [2011/05/30 18:05:09 | 000,768,512 | ---- | M] () -- C:\WINDOWS\system32\digest32.exe
PRC - [2011/05/30 18:05:09 | 000,768,512 | ---- | M] () -- C:\WINDOWS\system32\avifile32.exe
PRC - [2011/05/09 23:01:07 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/08/05 06:17:12 | 000,204,800 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Pro\DTProShellHlp.exe
PRC - [2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/02/09 03:50:00 | 000,578,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\CCM\CcmExec.exe
PRC - [2006/02/09 03:50:00 | 000,248,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\CCM\clicomp\RemCtrl\Wuser32.exe

========== Modules (SafeList) ==========

MOD - [2011/06/21 19:10:58 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\theonyxserpent\My Documents\Downloads\OTL.exe
MOD - [2006/08/25 11:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/05/30 18:05:11 | 000,768,512 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\msctf32.exe -- (WmdmPmSN32)
SRV - [2011/05/30 18:05:09 | 000,768,512 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\digest32.exe -- (VNCTEMP32)
SRV - [2011/05/30 18:05:09 | 000,768,512 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\avifile32.exe -- (Netlogon32)
SRV - [2009/06/16 18:18:45 | 000,469,504 | ---- | M] (Constantin Kaplinsky) [On_Demand | Stopped] -- C:\VNCTEMP\WinVNC.exe -- (VNCTEMP)
SRV - [2008/12/10 15:46:58 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2006/02/09 03:50:00 | 000,578,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\CCM\CcmExec.exe -- (CcmExec)
SRV - [2006/02/09 03:50:00 | 000,248,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\CCM\clicomp\RemCtrl\Wuser32.exe -- (Wuser32)

========== Driver Services (SafeList) ==========

DRV - [2009/12/14 17:20:33 | 000,722,416 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2006/02/09 03:50:00 | 000,020,704 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CCM\PrepDrv.sys -- (prepdrvr)
DRV - [2006/02/09 02:50:00 | 000,011,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\kbstuff5.sys -- (kbstuff)
DRV - [2006/02/09 02:50:00 | 000,008,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\idisw2km.sys -- (idisw2km)
DRV - [2005/11/24 19:51:38 | 000,245,248 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2005/02/01 18:18:38 | 000,017,992 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\bcm42rly.sys -- (BCM42RLY)
DRV - [2003/04/15 10:39:54 | 000,011,319 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\a302.sys -- ({E6759E0C-470B-44DC-A4A1-627E68BB3A85})
DRV - [2001/08/22 08:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 75 2B 18 06 84 C6 C5 4F 94 90 2C 04 01 93 77 62 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50202

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://start.mozilla...en-US:official"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.10.01
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 50202
FF - prefs.js..network.proxy.type: 1

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/09 23:01:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/09 23:01:35 | 000,000,000 | ---D | M]

[2009/12/13 16:09:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\theonyxserpent\Application Data\Mozilla\Extensions
[2004/09/29 02:32:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\theonyxserpent\Application Data\Mozilla\Firefox\Profiles\og0g7s2n.default\extensions
[2004/09/29 02:10:36 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\theonyxserpent\Application Data\Mozilla\Firefox\Profiles\og0g7s2n.default\extensions\{02f2bf09-f910-4c12-9090-1c4a7646a895}
[2011/06/21 18:08:42 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\theonyxserpent\Application Data\Mozilla\Firefox\Profiles\og0g7s2n.default\extensions\{e1a852cd-b45a-4656-b124-e020f6e257cb}
[2010/10/08 23:58:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\THEONYXSERPENT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OG0G7S2N.DEFAULT\EXTENSIONS\[email protected]
[2009/12/12 18:47:36 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/05/09 23:01:05 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011/05/09 23:01:17 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

Hosts file not found
O2 - BHO: (no name) - {06182B75-C684-4FC5-9490-2C0401937762} - C:\WINDOWS\system32\avifile32.dll (CrypKey Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (bc18472a) - {090C0182-31A9-0ECD-FF41-A9974AF03086} - C:\WINDOWS\system32\ole3232.dll (AIDEX Team)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (bc18472a) - {877C1DAE-9760-C59B-1953-F6490A4BEB0D} - C:\WINDOWS\system32\ole3232.dll (AIDEX Team)
O2 - BHO: (Burn4Free Toolbar Helper) - {D187A56B-A33F-4CBE-9D77-459FC0BAE012} - C:\Program Files\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll ()
O4 - HKLM..\Run: [conhost] C:\Documents and Settings\theonyxserpent\Application Data\Microsoft\conhost.exe ()
O4 - HKLM..\Run: [RandMAC] C:\extracted\MadMACs\MadMACs.exe ()
O4 - HKCU..\Run: [DAEMON Tools Pro Agent] C:\Program Files\DAEMON Tools Pro\DTProAgent.exe (DT Soft Ltd)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
F3 - HKCU WinNT: Load - (C:\DOCUME~1\THEONY~1\LOCALS~1\Temp\csrss.exe) - C:\Documents and Settings\theonyxserpent\Local Settings\temp\csrss.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ntent/opuc2.cab (Office Update Installation Engine)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1232729059632 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = onyx
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (C:\Documents and Settings\theonyxserpent\Application Data\dwm.exe) - C:\Documents and Settings\theonyxserpent\Application Data\dwm.exe ()
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/05/10 14:57:30 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/19 18:35:40 | 000,778,240 | ---- | C] (AIDEX Team) -- C:\Documents and Settings\theonyxserpent\0.7444794942552231.exe
[2011/06/19 15:51:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\theonyxserpent\Desktop\Weird Al
[2011/06/19 13:43:13 | 000,761,344 | ---- | C] (CrypKey Inc.) -- C:\Documents and Settings\theonyxserpent\0.8392963025605327.exe
[2011/06/18 00:33:24 | 000,764,416 | ---- | C] (CrypKey Inc.) -- C:\Documents and Settings\theonyxserpent\0.13213259864909277.exe
[2011/06/12 01:02:48 | 000,775,168 | ---- | C] (AIDEX Team) -- C:\Documents and Settings\theonyxserpent\0.51216886613992.exe
[2011/06/12 01:02:44 | 000,775,168 | ---- | C] (AIDEX Team) -- C:\Documents and Settings\theonyxserpent\0.030780498129318268.exe
[2011/06/08 23:18:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\theonyxserpent\Local Settings\Application Data\Identities
[2011/06/05 10:24:35 | 000,177,152 | ---- | C] (AIDEX Team) -- C:\WINDOWS\System32\ole323232.dll
[2011/06/04 23:13:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MpEngineStore
[2011/06/01 20:35:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\theonyxserpent\Start Menu\Programs\CleanUp!
[2011/06/01 20:35:25 | 000,000,000 | ---D | C] -- C:\Program Files\CleanUp!
[2011/06/01 20:32:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011/05/30 22:27:02 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/05/30 22:09:48 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/05/30 18:05:39 | 000,177,152 | ---- | C] (AIDEX Team) -- C:\WINDOWS\System32\ole3232.dll
[2011/05/30 18:05:10 | 000,349,696 | ---- | C] (CrypKey Inc.) -- C:\WINDOWS\System32\avifile32.dll
[2011/05/29 08:42:15 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/05/29 08:35:04 | 000,000,000 | R--D | C] -- C:\Documents and Settings\theonyxserpent\Start Menu\Programs\Administrative Tools
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\theonyxserpent\*.tmp files -> C:\Documents and Settings\theonyxserpent\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/21 19:17:44 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/21 19:08:39 | 000,094,468 | ---- | M] () -- C:\Documents and Settings\theonyxserpent\Application Data\47D2.A7B
[2011/06/21 18:15:55 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\theonyxserpent\0.1353540854083134.exe
[2011/06/20 21:34:12 | 000,045,056 | ---- | M] () -- C:\Documents and Settings\theonyxserpent\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/20 12:24:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/06/19 19:52:23 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2011/06/19 18:35:43 | 000,778,240 | ---- | M] (AIDEX Team) -- C:\Documents and Settings\theonyxserpent\0.7444794942552231.exe
[2011/06/19 16:11:20 | 000,000,386 | ---- | M] () -- C:\WINDOWS\SMSCFG.ini
[2011/06/19 16:10:47 | 000,000,330 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2011/06/19 16:10:39 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/19 16:10:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/19 13:43:16 | 000,761,344 | ---- | M] (CrypKey Inc.) -- C:\Documents and Settings\theonyxserpent\0.8392963025605327.exe
[2011/06/19 12:16:00 | 000,000,419 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2011/06/19 02:58:58 | 000,783,360 | ---- | M] () -- C:\Documents and Settings\theonyxserpent\0.15206404849377453.exe
[2011/06/18 23:19:09 | 000,783,360 | ---- | M] () -- C:\Documents and Settings\theonyxserpent\0.28316220305451056.exe
[2011/06/18 03:21:41 | 000,769,536 | ---- | M] () -- C:\Documents and Settings\theonyxserpent\0.7873924106824436.exe
[2011/06/18 00:33:27 | 000,764,416 | ---- | M] (CrypKey Inc.) -- C:\Documents and Settings\theonyxserpent\0.13213259864909277.exe
[2011/06/16 17:32:32 | 000,184,832 | ---- | M] () -- C:\Documents and Settings\theonyxserpent\Application Data\dwm.exe
[2011/06/13 19:21:52 | 063,225,228 | ---- | M] () -- C:\Documents and Settings\theonyxserpent\Desktop\CMOR DEMSEY.wav
[2011/06/13 19:21:03 | 000,022,170 | ---- | M] () -- C:\Documents and Settings\theonyxserpent\Desktop\CMOR DEMSEY.aup
[2011/06/12 01:02:50 | 000,775,168 | ---- | M] (AIDEX Team) -- C:\Documents and Settings\theonyxserpent\0.51216886613992.exe
[2011/06/12 01:02:46 | 000,775,168 | ---- | M] (AIDEX Team) -- C:\Documents and Settings\theonyxserpent\0.030780498129318268.exe
[2011/06/10 23:25:58 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\theonyxserpent\0.9646917216924414.exe
[2011/06/10 23:25:57 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\theonyxserpent\0.8217498544660679.exe
[2011/06/05 10:24:37 | 000,000,097 | ---- | M] () -- C:\WINDOWS\System32\918880264
[2011/06/05 10:24:35 | 000,177,152 | ---- | M] (AIDEX Team) -- C:\WINDOWS\System32\ole323232.dll
[2011/06/01 20:35:43 | 000,000,687 | ---- | M] () -- C:\Documents and Settings\theonyxserpent\Desktop\CleanUp!.lnk
[2011/05/30 22:09:48 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/05/30 18:05:39 | 000,177,152 | ---- | M] (AIDEX Team) -- C:\WINDOWS\System32\ole3232.dll
[2011/05/30 18:05:11 | 000,768,512 | ---- | M] () -- C:\WINDOWS\System32\msctf32.exe
[2011/05/30 18:05:11 | 000,768,512 | ---- | M] () -- C:\WINDOWS\System32\avicap3232.exe
[2011/05/30 18:05:10 | 000,349,696 | ---- | M] (CrypKey Inc.) -- C:\WINDOWS\System32\avifile32.dll
[2011/05/30 18:05:09 | 000,768,512 | ---- | M] () -- C:\WINDOWS\System32\msjtes4032.exe
[2011/05/30 18:05:09 | 000,768,512 | ---- | M] () -- C:\WINDOWS\System32\digest32.exe
[2011/05/30 18:05:09 | 000,768,512 | ---- | M] () -- C:\WINDOWS\System32\avifile32.exe
[2011/05/29 08:42:25 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/05/27 23:10:56 | 000,000,741 | ---- | M] () -- C:\Documents and Settings\theonyxserpent\Desktop\Glary Utilities.lnk
[2011/05/27 22:10:28 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/05/27 21:57:54 | 000,015,618 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\w70st7567b4372d
[2011/05/27 21:57:53 | 000,015,618 | -HS- | M] () -- C:\Documents and Settings\theonyxserpent\Local Settings\Application Data\w70st7567b4372d
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\theonyxserpent\*.tmp files -> C:\Documents and Settings\theonyxserpent\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/21 18:15:55 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\theonyxserpent\0.1353540854083134.exe
[2011/06/19 02:58:56 | 000,783,360 | ---- | C] () -- C:\Documents and Settings\theonyxserpent\0.15206404849377453.exe
[2011/06/18 23:19:06 | 000,783,360 | ---- | C] () -- C:\Documents and Settings\theonyxserpent\0.28316220305451056.exe
[2011/06/18 03:21:38 | 000,769,536 | ---- | C] () -- C:\Documents and Settings\theonyxserpent\0.7873924106824436.exe
[2011/06/13 19:21:13 | 063,225,228 | ---- | C] () -- C:\Documents and Settings\theonyxserpent\Desktop\CMOR DEMSEY.wav
[2011/06/12 22:09:23 | 000,184,832 | ---- | C] () -- C:\Documents and Settings\theonyxserpent\Application Data\dwm.exe
[2011/06/10 23:25:58 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\theonyxserpent\0.9646917216924414.exe
[2011/06/10 23:25:57 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\theonyxserpent\0.8217498544660679.exe
[2011/06/05 10:24:37 | 000,768,512 | ---- | C] () -- C:\WINDOWS\System32\avifile32.exe
[2011/06/05 10:24:35 | 000,768,512 | ---- | C] () -- C:\WINDOWS\System32\msjtes4032.exe
[2011/06/05 10:24:35 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\918880264
[2011/06/01 20:35:43 | 000,000,687 | ---- | C] () -- C:\Documents and Settings\theonyxserpent\Desktop\CleanUp!.lnk
[2011/05/30 18:05:41 | 000,768,512 | ---- | C] () -- C:\WINDOWS\System32\avicap3232.exe
[2011/05/30 18:05:24 | 000,768,512 | ---- | C] () -- C:\WINDOWS\System32\digest32.exe
[2011/05/30 18:05:15 | 000,768,512 | ---- | C] () -- C:\WINDOWS\System32\msctf32.exe
[2011/05/29 08:42:25 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/05/29 08:42:19 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/05/22 12:46:25 | 000,000,419 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2011/05/21 19:20:19 | 000,015,618 | -HS- | C] () -- C:\Documents and Settings\theonyxserpent\Local Settings\Application Data\w70st7567b4372d
[2011/05/21 19:20:19 | 000,015,618 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\w70st7567b4372d
[2011/05/21 19:19:55 | 000,094,468 | ---- | C] () -- C:\Documents and Settings\theonyxserpent\Application Data\47D2.A7B
[2011/01/31 00:04:34 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/11/19 01:00:37 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/11/19 01:00:32 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/11/19 01:00:32 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/11/19 01:00:31 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2010/11/19 01:00:30 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/10/15 21:39:54 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/12/12 17:49:31 | 000,002,733 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
[2007/06/04 16:51:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2007/03/23 15:59:00 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/11/07 14:25:34 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/10/25 11:25:47 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\SVSetup.Exe
[2006/10/25 11:25:46 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\SVSetup.dll
[2006/10/25 11:25:45 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\SSCoInst.exe
[2006/10/25 11:25:44 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\SSCoInst.dll
[2006/10/25 11:25:31 | 000,020,594 | ---- | C] () -- C:\WINDOWS\System32\Dels3LMK.DLL
[2006/10/12 11:51:49 | 000,006,454 | ---- | C] () -- C:\WINDOWS\solomon.ini
[2006/10/12 11:25:50 | 000,100,352 | ---- | C] () -- C:\WINDOWS\System32\pg32conv.dll
[2006/10/12 11:25:29 | 001,128,448 | ---- | C] () -- C:\WINDOWS\System32\sbl.dll
[2006/10/12 11:25:27 | 000,496,640 | ---- | C] () -- C:\WINDOWS\System32\tls7012d.dll
[2005/05/10 16:41:41 | 000,000,546 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/05/10 16:24:15 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/05/10 16:24:09 | 000,099,965 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2005/05/10 16:24:00 | 000,004,147 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2005/05/10 15:43:28 | 000,000,386 | ---- | C] () -- C:\WINDOWS\SMSCFG.ini
[2005/05/10 15:40:10 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\e1000msg.dll
[2005/05/10 15:00:47 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/05/10 14:53:16 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/05/10 10:24:45 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/05/10 10:23:14 | 000,255,064 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/10/08 04:47:08 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2004/09/29 01:46:40 | 000,045,056 | ---- | C] () -- C:\Documents and Settings\theonyxserpent\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/08/04 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 08:00:00 | 000,384,976 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 08:00:00 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\netid.dll
[2004/08/04 08:00:00 | 000,054,184 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 08:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 08:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/04 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

< End of report >

#3
ali.B

Posted 22 June 2011 - 05:02 AM

Trusted Helper

Malware Removal
3,086 posts

hi

Step 1

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
SRV - [2011/05/30 18:05:11 | 000,768,512 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\msctf32.exe -- (WmdmPmSN32)
SRV - [2011/05/30 18:05:09 | 000,768,512 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\digest32.exe -- (VNCTEMP32)
SRV - [2011/05/30 18:05:09 | 000,768,512 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\avifile32.exe -- (Netlogon32)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50202
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 50202
FF - prefs.js..network.proxy.type: 1
O2 - BHO: (no name) - {06182B75-C684-4FC5-9490-2C0401937762} - C:\WINDOWS\system32\avifile32.dll (CrypKey Inc.)
O2 - BHO: (bc18472a) - {090C0182-31A9-0ECD-FF41-A9974AF03086} - C:\WINDOWS\system32\ole3232.dll (AIDEX Team)
O2 - BHO: (bc18472a) - {877C1DAE-9760-C59B-1953-F6490A4BEB0D} - C:\WINDOWS\system32\ole3232.dll (AIDEX Team)
O4 - HKLM..\Run: [conhost] C:\Documents and Settings\theonyxserpent\Application Data\Microsoft\conhost.exe ()
F3 - HKCU WinNT: Load - (C:\DOCUME~1\THEONY~1\LOCALS~1\Temp\csrss.exe) - C:\Documents and Settings\theonyxserpent\Local Settings\temp\csrss.exe ()
O20 - HKCU Winlogon: Shell - (C:\Documents and Settings\theonyxserpent\Application Data\dwm.exe) - C:\Documents and Settings\theonyxserpent\Application Data\dwm.exe ()
[2011/06/19 18:35:40 | 000,778,240 | ---- | C] (AIDEX Team) -- C:\Documents and Settings\theonyxserpent\0.7444794942552231.exe
[2011/06/19 15:51:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\theonyxserpent\Desktop\Weird Al
[2011/06/19 13:43:13 | 000,761,344 | ---- | C] (CrypKey Inc.) -- C:\Documents and Settings\theonyxserpent\0.8392963025605327.exe
[2011/06/18 00:33:24 | 000,764,416 | ---- | C] (CrypKey Inc.) -- C:\Documents and Settings\theonyxserpent\0.13213259864909277.exe
[2011/06/12 01:02:48 | 000,775,168 | ---- | C] (AIDEX Team) -- C:\Documents and Settings\theonyxserpent\0.51216886613992.exe
[2011/06/12 01:02:44 | 000,775,168 | ---- | C] (AIDEX Team) -- C:\Documents and Settings\theonyxserpent\0.030780498129318268.exe
[2011/06/05 10:24:35 | 000,177,152 | ---- | C] (AIDEX Team) -- C:\WINDOWS\System32\ole323232.dll
[2011/05/30 18:05:39 | 000,177,152 | ---- | C] (AIDEX Team) -- C:\WINDOWS\System32\ole3232.dll
[2011/05/30 18:05:10 | 000,349,696 | ---- | C] (CrypKey Inc.) -- C:\WINDOWS\System32\avifile32.dll
[2011/06/21 19:08:39 | 000,094,468 | ---- | M] () -- C:\Documents and Settings\theonyxserpent\Application Data\47D2.A7B
[2011/06/21 18:15:55 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\theonyxserpent\0.1353540854083134.exe
[2011/06/19 18:35:43 | 000,778,240 | ---- | M] (AIDEX Team) -- C:\Documents and Settings\theonyxserpent\0.7444794942552231.exe
[2011/06/19 13:43:16 | 000,761,344 | ---- | M] (CrypKey Inc.) -- C:\Documents and Settings\theonyxserpent\0.8392963025605327.exe
[2011/06/19 02:58:58 | 000,783,360 | ---- | M] () -- C:\Documents and Settings\theonyxserpent\0.15206404849377453.exe
[2011/06/18 23:19:09 | 000,783,360 | ---- | M] () -- C:\Documents and Settings\theonyxserpent\0.28316220305451056.exe
[2011/06/18 03:21:41 | 000,769,536 | ---- | M] () -- C:\Documents and Settings\theonyxserpent\0.7873924106824436.exe
[2011/06/18 00:33:27 | 000,764,416 | ---- | M] (CrypKey Inc.) -- C:\Documents and Settings\theonyxserpent\0.13213259864909277.exe
[2011/06/16 17:32:32 | 000,184,832 | ---- | M] () -- C:\Documents and Settings\theonyxserpent\Application Data\dwm.exe
[2011/06/13 19:21:52 | 063,225,228 | ---- | M] () -- C:\Documents and Settings\theonyxserpent\Desktop\CMOR DEMSEY.wav
[2011/06/13 19:21:03 | 000,022,170 | ---- | M] () -- C:\Documents and Settings\theonyxserpent\Desktop\CMOR DEMSEY.aup
[2011/06/12 01:02:50 | 000,775,168 | ---- | M] (AIDEX Team) -- C:\Documents and Settings\theonyxserpent\0.51216886613992.exe
[2011/06/12 01:02:46 | 000,775,168 | ---- | M] (AIDEX Team) -- C:\Documents and Settings\theonyxserpent\0.030780498129318268.exe
[2011/06/10 23:25:58 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\theonyxserpent\0.9646917216924414.exe
[2011/06/10 23:25:57 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\theonyxserpent\0.8217498544660679.exe
[2011/06/05 10:24:37 | 000,000,097 | ---- | M] () -- C:\WINDOWS\System32\918880264
[2011/06/05 10:24:35 | 000,177,152 | ---- | M] (AIDEX Team) -- C:\WINDOWS\System32\ole323232.dll
[2011/05/21 19:20:19 | 000,015,618 | -HS- | C] () -- C:\Documents and Settings\theonyxserpent\Local Settings\Application Data\w70st7567b4372d
[2011/05/21 19:20:19 | 000,015,618 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\w70st7567b4372d
[2011/05/21 19:19:55 | 000,094,468 | ---- | C] () -- C:\Documents and Settings\theonyxserpent\Application Data\47D2.A7B


:Files
C:\Documents and Settings\theonyxserpent\*.exe

:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Step 2

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image

Things I would like to see in your reply:

OTL log
aswMBR log

#4
jerosakireno

Posted 22 June 2011 - 08:50 PM

Member

Topic Starter
Member
38 posts

Ok first of all, when I clicked "runfix" my computer crashed & restarted, but then I tried it in safe mode & it worked. Just thought I'd share that.

-The results from the "fix" is attached as "results from OTL". (wasnt sure if you wanted to see this or not)
-The log I saved after the 2nd scan is attached as "after fix scan otl".
-The aswMBR log is attached as "log for aswMBR"

Attached Files

results from OTL.txt 14.05KB 122 downloads
after fix scan otl.txt 41.92KB 91 downloads
log for aswMBR.txt 1.46KB 97 downloads

#5
ali.B

Posted 23 June 2011 - 05:31 AM

Trusted Helper

Malware Removal
3,086 posts

hi

Please do not attach logs anymore, its difficult to read them from notepad, post them instead

#6
ali.B

Posted 23 June 2011 - 05:32 AM

Trusted Helper

Malware Removal
3,086 posts

OTL logfile created on: 6/22/2011 10:37:25 PM - Run 3
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\theonyxserpent\My Documents\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

509.98 Mb Total Physical Memory | 144.43 Mb Available Physical Memory | 28.32% Memory free
1.21 Gb Paging File | 0.93 Gb Available in Paging File | 76.51% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 8.95 Gb Free Space | 24.02% Space Free | Partition Type: NTFS

Computer Name: THEONYXCOMPUTER | User Name: theonyxserpent | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/21 19:10:58 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\theonyxserpent\My Documents\Downloads\OTL.exe
PRC - [2011/05/09 23:01:07 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/02/09 03:50:00 | 000,578,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\CCM\CcmExec.exe
PRC - [2006/02/09 03:50:00 | 000,248,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\CCM\clicomp\RemCtrl\Wuser32.exe

========== Modules (SafeList) ==========

MOD - [2011/06/21 19:10:58 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\theonyxserpent\My Documents\Downloads\OTL.exe
MOD - [2006/08/25 11:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2009/06/16 18:18:45 | 000,469,504 | ---- | M] (Constantin Kaplinsky) [On_Demand | Stopped] -- C:\VNCTEMP\WinVNC.exe -- (VNCTEMP)
SRV - [2008/12/10 15:46:58 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2006/02/09 03:50:00 | 000,578,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\CCM\CcmExec.exe -- (CcmExec)
SRV - [2006/02/09 03:50:00 | 000,248,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\CCM\clicomp\RemCtrl\Wuser32.exe -- (Wuser32)

========== Driver Services (SafeList) ==========

DRV - [2011/06/21 23:14:52 | 000,020,552 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hitmanpro35.sys -- (hitmanpro35)
DRV - [2009/12/14 17:20:33 | 000,722,416 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2006/02/09 03:50:00 | 000,020,704 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CCM\PrepDrv.sys -- (prepdrvr)
DRV - [2006/02/09 02:50:00 | 000,011,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\kbstuff5.sys -- (kbstuff)
DRV - [2006/02/09 02:50:00 | 000,008,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\idisw2km.sys -- (idisw2km)
DRV - [2005/11/24 19:51:38 | 000,245,248 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2005/02/01 18:18:38 | 000,017,992 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\bcm42rly.sys -- (BCM42RLY)
DRV - [2003/04/15 10:39:54 | 000,011,319 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\a302.sys -- ({E6759E0C-470B-44DC-A4A1-627E68BB3A85})
DRV - [2001/08/22 08:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 75 2B 18 06 84 C6 C5 4F 94 90 2C 04 01 93 77 62 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://start.mozilla...en-US:official"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.10.01
FF - prefs.js..network.proxy.http_port: 64667

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/09 23:01:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/09 23:01:35 | 000,000,000 | ---D | M]

[2009/12/13 16:09:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\theonyxserpent\Application Data\Mozilla\Extensions
[2011/06/22 21:40:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\theonyxserpent\Application Data\Mozilla\Firefox\Profiles\og0g7s2n.default\extensions
[2004/09/29 02:10:36 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\theonyxserpent\Application Data\Mozilla\Firefox\Profiles\og0g7s2n.default\extensions\{02f2bf09-f910-4c12-9090-1c4a7646a895}
[2011/06/21 23:10:21 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\theonyxserpent\Application Data\Mozilla\Firefox\Profiles\og0g7s2n.default\extensions\{3cb6c568-ca5b-4b41-8a2c-9cfe0d13c63c}
[2011/06/21 18:08:42 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\theonyxserpent\Application Data\Mozilla\Firefox\Profiles\og0g7s2n.default\extensions\{e1a852cd-b45a-4656-b124-e020f6e257cb}
[2011/06/22 22:11:30 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\theonyxserpent\Application Data\Mozilla\Firefox\Profiles\og0g7s2n.default\extensions\{ffb9df16-4c73-49a1-9a00-5aaaf2092ab0}
[2010/10/08 23:58:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\THEONYXSERPENT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OG0G7S2N.DEFAULT\EXTENSIONS\[email protected]
[2009/12/12 18:47:36 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/05/09 23:01:05 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011/05/09 23:01:17 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

Hosts file not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Burn4Free Toolbar Helper) - {D187A56B-A33F-4CBE-9D77-459FC0BAE012} - C:\Program Files\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll ()
O4 - HKLM..\Run: [RandMAC] C:\extracted\MadMACs\MadMACs.exe ()
O4 - HKCU..\Run: [DAEMON Tools Pro Agent] C:\Program Files\DAEMON Tools Pro\DTProAgent.exe (DT Soft Ltd)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ntent/opuc2.cab (Office Update Installation Engine)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1232729059632 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = onyx
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/05/10 14:57:30 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/22 22:01:01 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/21 22:15:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/06/21 22:12:14 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2011/06/21 22:06:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\theonyxserpent\My Documents\My Received Files
[2011/06/08 23:18:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\theonyxserpent\Local Settings\Application Data\Identities
[2011/06/04 23:13:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MpEngineStore
[2011/06/01 20:35:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\theonyxserpent\Start Menu\Programs\CleanUp!
[2011/06/01 20:35:25 | 000,000,000 | ---D | C] -- C:\Program Files\CleanUp!
[2011/06/01 20:32:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011/05/30 22:27:02 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/05/29 08:42:15 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/05/29 08:35:04 | 000,000,000 | R--D | C] -- C:\Documents and Settings\theonyxserpent\Start Menu\Programs\Administrative Tools
[1 C:\Documents and Settings\theonyxserpent\*.tmp files -> C:\Documents and Settings\theonyxserpent\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/22 22:36:42 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/22 22:31:04 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\theonyxserpent\Desktop\MBR.dat
[2011/06/22 22:28:43 | 000,000,330 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2011/06/22 22:28:36 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/22 22:28:19 | 000,000,386 | ---- | M] () -- C:\WINDOWS\SMSCFG.ini
[2011/06/22 22:28:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/22 21:21:13 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2011/06/21 23:14:52 | 000,020,552 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/06/21 22:27:42 | 000,001,663 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk
[2011/06/20 21:34:12 | 000,045,056 | ---- | M] () -- C:\Documents and Settings\theonyxserpent\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/20 12:24:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/06/19 12:16:00 | 000,000,419 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2011/06/01 20:35:43 | 000,000,687 | ---- | M] () -- C:\Documents and Settings\theonyxserpent\Desktop\CleanUp!.lnk
[2011/05/30 18:05:11 | 000,768,512 | ---- | M] () -- C:\WINDOWS\System32\avicap3232.exe
[2011/05/30 18:05:09 | 000,768,512 | ---- | M] () -- C:\WINDOWS\System32\msjtes4032.exe
[2011/05/29 08:42:25 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/05/27 23:10:56 | 000,000,741 | ---- | M] () -- C:\Documents and Settings\theonyxserpent\Desktop\Glary Utilities.lnk
[2011/05/27 22:10:28 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[1 C:\Documents and Settings\theonyxserpent\*.tmp files -> C:\Documents and Settings\theonyxserpent\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/22 22:31:04 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\theonyxserpent\Desktop\MBR.dat
[2011/06/21 22:14:19 | 000,020,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/06/21 22:12:15 | 000,001,663 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk
[2011/06/05 10:24:35 | 000,768,512 | ---- | C] () -- C:\WINDOWS\System32\msjtes4032.exe
[2011/06/01 20:35:43 | 000,000,687 | ---- | C] () -- C:\Documents and Settings\theonyxserpent\Desktop\CleanUp!.lnk
[2011/05/30 18:05:41 | 000,768,512 | ---- | C] () -- C:\WINDOWS\System32\avicap3232.exe
[2011/05/29 08:42:25 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/05/29 08:42:19 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/05/22 12:46:25 | 000,000,419 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2011/01/31 00:04:34 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/11/19 01:00:37 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/11/19 01:00:32 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/11/19 01:00:32 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/11/19 01:00:31 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2010/11/19 01:00:30 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/10/15 21:39:54 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/12/12 17:49:31 | 000,002,733 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
[2007/06/04 16:51:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2007/03/23 15:59:00 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/11/07 14:25:34 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/10/25 11:25:47 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\SVSetup.Exe
[2006/10/25 11:25:46 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\SVSetup.dll
[2006/10/25 11:25:45 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\SSCoInst.exe
[2006/10/25 11:25:44 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\SSCoInst.dll
[2006/10/25 11:25:31 | 000,020,594 | ---- | C] () -- C:\WINDOWS\System32\Dels3LMK.DLL
[2006/10/12 11:51:49 | 000,006,454 | ---- | C] () -- C:\WINDOWS\solomon.ini
[2006/10/12 11:25:50 | 000,100,352 | ---- | C] () -- C:\WINDOWS\System32\pg32conv.dll
[2006/10/12 11:25:29 | 001,128,448 | ---- | C] () -- C:\WINDOWS\System32\sbl.dll
[2006/10/12 11:25:27 | 000,496,640 | ---- | C] () -- C:\WINDOWS\System32\tls7012d.dll
[2005/05/10 16:41:41 | 000,000,546 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/05/10 16:24:15 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/05/10 16:24:09 | 000,099,965 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2005/05/10 16:24:00 | 000,004,147 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2005/05/10 15:43:28 | 000,000,386 | ---- | C] () -- C:\WINDOWS\SMSCFG.ini
[2005/05/10 15:40:10 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\e1000msg.dll
[2005/05/10 15:00:47 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/05/10 14:53:16 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/05/10 10:24:45 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/05/10 10:23:14 | 000,255,064 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/10/08 04:47:08 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2004/09/29 01:46:40 | 000,045,056 | ---- | C] () -- C:\Documents and Settings\theonyxserpent\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/08/04 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 08:00:00 | 000,384,976 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 08:00:00 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\netid.dll
[2004/08/04 08:00:00 | 000,054,184 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 08:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 08:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/04 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2009/12/14 13:28:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
[2011/02/17 23:58:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\dPhIcDd15405
[2011/06/21 22:18:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/10/02 01:44:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScreenVCR
[2007/06/13 14:24:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/12/12 15:50:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2011/01/31 00:02:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\theonyxserpent\Application Data\Cocoon Software
[2009/12/14 13:37:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\theonyxserpent\Application Data\DAEMON Tools Pro
[2009/12/12 18:12:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\theonyxserpent\Application Data\GlarySoft
[2010/10/08 23:35:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\theonyxserpent\Application Data\MSNInstaller
[2004/09/29 03:36:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\theonyxserpent\Application Data\Smith Micro
[2011/06/20 19:10:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\theonyxserpent\Application Data\uTorrent
[2009/12/13 12:50:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\theonyxserpent\Application Data\yoclient
[2011/06/22 22:28:43 | 000,000,330 | ---- | M] () -- C:\WINDOWS\Tasks\GlaryInitialize.job

========== Purity Check ==========

< End of report >

#7
ali.B

Posted 23 June 2011 - 05:32 AM

Trusted Helper

Malware Removal
3,086 posts

aswMBR version 0.9.7.675 Copyright© 2011 AVAST Software
Run date: 2011-06-22 22:30:03
-----------------------------
22:30:03.093 OS Version: Windows 5.1.2600 Service Pack 2
22:30:03.093 Number of processors: 1 586 0x209
22:30:03.093 ComputerName: THEONYXCOMPUTER UserName: theonyxserpent
22:30:04.609 Initialize success
22:30:18.687 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
22:30:18.687 Disk 0 Vendor: HITACHI_DK23FB-40 00M1A0C1 Size: 38154MB BusType: 3
22:30:18.687 Disk 0 MBR read error 0
22:30:18.703 Disk 0 MBR scan
22:30:18.703 Disk 0 unknown MBR code
22:30:18.703 MBR BIOS signature not found 0
22:30:18.703 Disk 0 scanning sectors +78124095
22:30:18.703 Disk 0 scanning C:\WINDOWS\system32\drivers
22:30:23.843 Service scanning
22:30:25.046 Disk 0 trace - called modules:
22:30:25.062 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x82fdf1f8]<<
22:30:25.062 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82f0aab8]
22:30:25.062 3 CLASSPNP.SYS[f86f905b] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x82f0bd98]
22:30:25.062 \Driver\atapi[0x82f59308] -> IRP_MJ_CREATE -> 0x82fdf1f8
22:30:25.390 Scan finished successfully
22:31:04.859 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\theonyxserpent\Desktop\MBR.dat"
22:31:04.875 The log file has been saved successfully to "C:\Documents and Settings\theonyxserpent\Desktop\log for aswMBR.txt"

#8
ali.B

Posted 23 June 2011 - 05:38 AM

Trusted Helper

Malware Removal
3,086 posts

hi

Step 1

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
[2011/05/30 18:05:11 | 000,768,512 | ---- | M] () -- C:\WINDOWS\System32\avicap3232.exe
[2011/05/30 18:05:09 | 000,768,512 | ---- | M] () -- C:\WINDOWS\System32\msjtes4032.exe
[2007/06/13 14:24:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint

:Services

:Reg

:Files

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Step 2
Please read carefully and follow these steps.

Download TDSSKiller and save it to your Desktop.
Extract its contents to your desktop.
Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Things I would like to see in your reply:

OTL log
TDSSKiller log

#9
jerosakireno

Posted 23 June 2011 - 03:48 PM

Member

Topic Starter
Member
38 posts

Sorry about that, it wasnt letting me do that-thats why I was adding them as attachments.

Here are the results of the custom scan:

All processes killed
========== OTL ==========
C:\WINDOWS\system32\avicap3232.exe moved successfully.
C:\WINDOWS\system32\msjtes4032.exe moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\UserShell\AOL9Plus folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\UserShell\AOL9 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\UserShell folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell\AOL9Plus folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell\AOL9 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\AxMetaStream_Win folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint folder moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Mouth
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: theonyxserpent
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 99225355 bytes
->Flash cache emptied: 1654 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 95.00 mb

[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: Mouth
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

User: theonyxserpent
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.24.1 log created on 06232011_173125

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

I ran OTL again & this is what I got:

OTL logfile created on: 6/23/2011 5:41:57 PM - Run 5
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\theonyxserpent\My Documents\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

509.98 Mb Total Physical Memory | 163.62 Mb Available Physical Memory | 32.08% Memory free
1.21 Gb Paging File | 0.95 Gb Available in Paging File | 78.02% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 8.09 Gb Free Space | 21.72% Space Free | Partition Type: NTFS

Computer Name: THEONYXCOMPUTER | User Name: theonyxserpent | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/21 19:10:58 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\theonyxserpent\My Documents\Downloads\OTL.exe
PRC - [2011/05/09 23:01:07 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/02/09 03:50:00 | 000,578,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\CCM\CcmExec.exe
PRC - [2006/02/09 03:50:00 | 000,248,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\CCM\clicomp\RemCtrl\Wuser32.exe

========== Modules (SafeList) ==========

MOD - [2011/06/21 19:10:58 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\theonyxserpent\My Documents\Downloads\OTL.exe
MOD - [2006/08/25 11:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2009/06/16 18:18:45 | 000,469,504 | ---- | M] (Constantin Kaplinsky) [On_Demand | Stopped] -- C:\VNCTEMP\WinVNC.exe -- (VNCTEMP)
SRV - [2008/12/10 15:46:58 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2006/02/09 03:50:00 | 000,578,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\CCM\CcmExec.exe -- (CcmExec)
SRV - [2006/02/09 03:50:00 | 000,248,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\CCM\clicomp\RemCtrl\Wuser32.exe -- (Wuser32)

========== Driver Services (SafeList) ==========

DRV - [2011/06/21 23:14:52 | 000,020,552 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hitmanpro35.sys -- (hitmanpro35)
DRV - [2009/12/14 17:20:33 | 000,722,416 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2006/02/09 03:50:00 | 000,020,704 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CCM\PrepDrv.sys -- (prepdrvr)
DRV - [2006/02/09 02:50:00 | 000,011,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\kbstuff5.sys -- (kbstuff)
DRV - [2006/02/09 02:50:00 | 000,008,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\idisw2km.sys -- (idisw2km)
DRV - [2005/11/24 19:51:38 | 000,245,248 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2005/02/01 18:18:38 | 000,017,992 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\bcm42rly.sys -- (BCM42RLY)
DRV - [2003/04/15 10:39:54 | 000,011,319 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\a302.sys -- ({E6759E0C-470B-44DC-A4A1-627E68BB3A85})
DRV - [2001/08/22 08:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 75 2B 18 06 84 C6 C5 4F 94 90 2C 04 01 93 77 62 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://start.mozilla...en-US:official"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.10.01
FF - prefs.js..network.proxy.http_port: 64667

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/09 23:01:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/09 23:01:35 | 000,000,000 | ---D | M]

[2009/12/13 16:09:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\theonyxserpent\Application Data\Mozilla\Extensions
[2011/06/22 21:40:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\theonyxserpent\Application Data\Mozilla\Firefox\Profiles\og0g7s2n.default\extensions
[2004/09/29 02:10:36 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\theonyxserpent\Application Data\Mozilla\Firefox\Profiles\og0g7s2n.default\extensions\{02f2bf09-f910-4c12-9090-1c4a7646a895}
[2011/06/21 23:10:21 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\theonyxserpent\Application Data\Mozilla\Firefox\Profiles\og0g7s2n.default\extensions\{3cb6c568-ca5b-4b41-8a2c-9cfe0d13c63c}
[2011/06/21 18:08:42 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\theonyxserpent\Application Data\Mozilla\Firefox\Profiles\og0g7s2n.default\extensions\{e1a852cd-b45a-4656-b124-e020f6e257cb}
[2011/06/22 22:11:30 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\theonyxserpent\Application Data\Mozilla\Firefox\Profiles\og0g7s2n.default\extensions\{ffb9df16-4c73-49a1-9a00-5aaaf2092ab0}
[2010/10/08 23:58:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\THEONYXSERPENT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OG0G7S2N.DEFAULT\EXTENSIONS\[email protected]
[2009/12/12 18:47:36 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/05/09 23:01:05 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011/05/09 23:01:17 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/06/23 17:31:35 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Burn4Free Toolbar Helper) - {D187A56B-A33F-4CBE-9D77-459FC0BAE012} - C:\Program Files\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll ()
O4 - HKLM..\Run: [RandMAC] C:\extracted\MadMACs\MadMACs.exe ()
O4 - HKCU..\Run: [DAEMON Tools Pro Agent] C:\Program Files\DAEMON Tools Pro\DTProAgent.exe (DT Soft Ltd)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ntent/opuc2.cab (Office Update Installation Engine)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1232729059632 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = onyx
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/05/10 14:57:30 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/22 22:01:01 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/21 22:15:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/06/21 22:12:14 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2011/06/21 22:06:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\theonyxserpent\My Documents\My Received Files
[2011/06/08 23:18:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\theonyxserpent\Local Settings\Application Data\Identities
[2011/06/04 23:13:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MpEngineStore
[2011/06/01 20:35:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\theonyxserpent\Start Menu\Programs\CleanUp!
[2011/06/01 20:35:25 | 000,000,000 | ---D | C] -- C:\Program Files\CleanUp!
[2011/06/01 20:32:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011/05/30 22:27:02 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/05/29 08:42:15 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/05/29 08:35:04 | 000,000,000 | R--D | C] -- C:\Documents and Settings\theonyxserpent\Start Menu\Programs\Administrative Tools
[1 C:\Documents and Settings\theonyxserpent\*.tmp files -> C:\Documents and Settings\theonyxserpent\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/23 17:38:55 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/23 17:34:43 | 000,000,330 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2011/06/23 17:34:32 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/23 17:33:40 | 000,000,386 | ---- | M] () -- C:\WINDOWS\SMSCFG.ini
[2011/06/23 17:33:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/23 17:31:35 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/06/23 16:55:53 | 000,045,056 | ---- | M] () -- C:\Documents and Settings\theonyxserpent\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/22 22:54:14 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2011/06/22 22:31:04 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\theonyxserpent\Desktop\MBR.dat
[2011/06/21 23:14:52 | 000,020,552 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/06/21 22:27:42 | 000,001,663 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk
[2011/06/20 12:24:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/06/19 12:16:00 | 000,000,419 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2011/06/01 20:35:43 | 000,000,687 | ---- | M] () -- C:\Documents and Settings\theonyxserpent\Desktop\CleanUp!.lnk
[2011/05/29 08:42:25 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/05/27 23:10:56 | 000,000,741 | ---- | M] () -- C:\Documents and Settings\theonyxserpent\Desktop\Glary Utilities.lnk
[2011/05/27 22:10:28 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[1 C:\Documents and Settings\theonyxserpent\*.tmp files -> C:\Documents and Settings\theonyxserpent\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/22 22:31:04 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\theonyxserpent\Desktop\MBR.dat
[2011/06/21 22:14:19 | 000,020,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/06/21 22:12:15 | 000,001,663 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk
[2011/06/01 20:35:43 | 000,000,687 | ---- | C] () -- C:\Documents and Settings\theonyxserpent\Desktop\CleanUp!.lnk
[2011/05/29 08:42:25 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/05/29 08:42:19 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/05/22 12:46:25 | 000,000,419 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2011/01/31 00:04:34 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/11/19 01:00:37 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/11/19 01:00:32 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/11/19 01:00:32 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/11/19 01:00:31 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2010/11/19 01:00:30 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/10/15 21:39:54 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/12/12 17:49:31 | 000,002,733 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
[2007/06/04 16:51:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2007/03/23 15:59:00 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/11/07 14:25:34 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/10/25 11:25:47 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\SVSetup.Exe
[2006/10/25 11:25:46 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\SVSetup.dll
[2006/10/25 11:25:45 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\SSCoInst.exe
[2006/10/25 11:25:44 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\SSCoInst.dll
[2006/10/25 11:25:31 | 000,020,594 | ---- | C] () -- C:\WINDOWS\System32\Dels3LMK.DLL
[2006/10/12 11:51:49 | 000,006,454 | ---- | C] () -- C:\WINDOWS\solomon.ini
[2006/10/12 11:25:50 | 000,100,352 | ---- | C] () -- C:\WINDOWS\System32\pg32conv.dll
[2006/10/12 11:25:29 | 001,128,448 | ---- | C] () -- C:\WINDOWS\System32\sbl.dll
[2006/10/12 11:25:27 | 000,496,640 | ---- | C] () -- C:\WINDOWS\System32\tls7012d.dll
[2005/05/10 16:41:41 | 000,000,546 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/05/10 16:24:15 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/05/10 16:24:09 | 000,099,965 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2005/05/10 16:24:00 | 000,004,147 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2005/05/10 15:43:28 | 000,000,386 | ---- | C] () -- C:\WINDOWS\SMSCFG.ini
[2005/05/10 15:40:10 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\e1000msg.dll
[2005/05/10 15:00:47 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/05/10 14:53:16 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/05/10 10:24:45 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/05/10 10:23:14 | 000,255,064 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/10/08 04:47:08 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2004/09/29 01:46:40 | 000,045,056 | ---- | C] () -- C:\Documents and Settings\theonyxserpent\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/08/04 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 08:00:00 | 000,384,976 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 08:00:00 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\netid.dll
[2004/08/04 08:00:00 | 000,054,184 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 08:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 08:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/04 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2009/12/14 13:28:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
[2011/02/17 23:58:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\dPhIcDd15405
[2011/06/21 22:18:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/10/02 01:44:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScreenVCR
[2009/12/12 15:50:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2011/01/31 00:02:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\theonyxserpent\Application Data\Cocoon Software
[2009/12/14 13:37:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\theonyxserpent\Application Data\DAEMON Tools Pro
[2009/12/12 18:12:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\theonyxserpent\Application Data\GlarySoft
[2010/10/08 23:35:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\theonyxserpent\Application Data\MSNInstaller
[2004/09/29 03:36:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\theonyxserpent\Application Data\Smith Micro
[2011/06/20 19:10:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\theonyxserpent\Application Data\uTorrent
[2009/12/13 12:50:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\theonyxserpent\Application Data\yoclient
[2011/06/23 17:34:43 | 000,000,330 | ---- | M] () -- C:\WINDOWS\Tasks\GlaryInitialize.job

========== Purity Check ==========

< End of report >

#10
jerosakireno

Posted 23 June 2011 - 04:00 PM

Member

Topic Starter
Member
38 posts

Here is the TDSSKiller log:

2011/06/23 17:54:27.0968 3756 TDSS rootkit removing tool 2.5.5.0 Jun 16 2011 15:25:15
2011/06/23 17:54:28.0312 3756 ================================================================================
2011/06/23 17:54:28.0312 3756 SystemInfo:
2011/06/23 17:54:28.0312 3756
2011/06/23 17:54:28.0312 3756 OS Version: 5.1.2600 ServicePack: 2.0
2011/06/23 17:54:28.0312 3756 Product type: Workstation
2011/06/23 17:54:28.0312 3756 ComputerName: THEONYXCOMPUTER
2011/06/23 17:54:28.0312 3756 UserName: theonyxserpent
2011/06/23 17:54:28.0312 3756 Windows directory: C:\WINDOWS
2011/06/23 17:54:28.0312 3756 System windows directory: C:\WINDOWS
2011/06/23 17:54:28.0312 3756 Processor architecture: Intel x86
2011/06/23 17:54:28.0312 3756 Number of processors: 1
2011/06/23 17:54:28.0312 3756 Page size: 0x1000
2011/06/23 17:54:28.0312 3756 Boot type: Normal boot
2011/06/23 17:54:28.0312 3756 ================================================================================
2011/06/23 17:54:30.0421 3756 Initialize success
2011/06/23 17:54:35.0828 3796 ================================================================================
2011/06/23 17:54:35.0828 3796 Scan started
2011/06/23 17:54:35.0828 3796 Mode: Manual;
2011/06/23 17:54:35.0828 3796 ================================================================================
2011/06/23 17:54:37.0609 3796 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/06/23 17:54:37.0640 3796 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/06/23 17:54:37.0765 3796 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
2011/06/23 17:54:37.0843 3796 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
2011/06/23 17:54:37.0937 3796 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
2011/06/23 17:54:38.0265 3796 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/06/23 17:54:38.0296 3796 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/06/23 17:54:38.0750 3796 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/06/23 17:54:38.0968 3796 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/06/23 17:54:39.0046 3796 BCM42RLY (438179abe9b7a922a21b8d6369ff52ff) C:\WINDOWS\System32\BCM42RLY.SYS
2011/06/23 17:54:39.0125 3796 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/06/23 17:54:39.0171 3796 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/06/23 17:54:39.0234 3796 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/06/23 17:54:39.0281 3796 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/06/23 17:54:39.0312 3796 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/06/23 17:54:39.0546 3796 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/06/23 17:54:39.0703 3796 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2011/06/23 17:54:39.0937 3796 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
2011/06/23 17:54:39.0953 3796 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/06/23 17:54:40.0015 3796 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2011/06/23 17:54:40.0078 3796 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/06/23 17:54:40.0171 3796 E1000 (a97b4360acc61d9d3cae50cd155ef02c) C:\WINDOWS\system32\DRIVERS\e1000325.sys
2011/06/23 17:54:40.0250 3796 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/06/23 17:54:40.0328 3796 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/06/23 17:54:40.0375 3796 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2011/06/23 17:54:40.0421 3796 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/06/23 17:54:40.0515 3796 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/06/23 17:54:40.0578 3796 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/06/23 17:54:40.0609 3796 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/06/23 17:54:40.0703 3796 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/06/23 17:54:40.0968 3796 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/06/23 17:54:41.0046 3796 hitmanpro35 (6022645993a89434332569e1dd9f009b) C:\WINDOWS\system32\drivers\hitmanpro35.sys
2011/06/23 17:54:41.0171 3796 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/06/23 17:54:41.0375 3796 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/06/23 17:54:41.0468 3796 ialm (1406d6ef4436aee970efe13193123965) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/06/23 17:54:41.0562 3796 idisw2km (da242c93d44675136c719cb1e83cd2a1) C:\WINDOWS\system32\DRIVERS\idisw2km.sys
2011/06/23 17:54:41.0609 3796 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/06/23 17:54:41.0718 3796 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/06/23 17:54:41.0921 3796 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/06/23 17:54:42.0000 3796 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/06/23 17:54:42.0031 3796 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/06/23 17:54:42.0062 3796 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/06/23 17:54:42.0171 3796 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/06/23 17:54:42.0203 3796 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/06/23 17:54:42.0250 3796 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/06/23 17:54:42.0312 3796 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/06/23 17:54:42.0375 3796 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/06/23 17:54:42.0453 3796 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/06/23 17:54:42.0515 3796 kbstuff (ee79516334a94d263c784958e1ed0ae4) C:\WINDOWS\system32\DRIVERS\kbstuff5.sys
2011/06/23 17:54:42.0593 3796 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
2011/06/23 17:54:42.0890 3796 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/06/23 17:54:43.0031 3796 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/06/23 17:54:43.0093 3796 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2011/06/23 17:54:43.0125 3796 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/06/23 17:54:43.0156 3796 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/06/23 17:54:43.0187 3796 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/06/23 17:54:43.0265 3796 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/06/23 17:54:43.0359 3796 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/06/23 17:54:43.0406 3796 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2011/06/23 17:54:43.0437 3796 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/06/23 17:54:43.0468 3796 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/06/23 17:54:43.0500 3796 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/06/23 17:54:43.0593 3796 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/06/23 17:54:43.0625 3796 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2011/06/23 17:54:43.0656 3796 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2011/06/23 17:54:43.0718 3796 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/06/23 17:54:43.0765 3796 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/06/23 17:54:44.0000 3796 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/06/23 17:54:44.0031 3796 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/06/23 17:54:44.0062 3796 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/06/23 17:54:44.0109 3796 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/06/23 17:54:44.0203 3796 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2011/06/23 17:54:44.0296 3796 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/06/23 17:54:44.0328 3796 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/06/23 17:54:44.0359 3796 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/06/23 17:54:44.0390 3796 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/06/23 17:54:44.0421 3796 OMCI (cec7e2c6c1fa00c7ab2f5434f848ae51) C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
2011/06/23 17:54:44.0484 3796 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/06/23 17:54:44.0515 3796 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/06/23 17:54:44.0546 3796 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/06/23 17:54:44.0703 3796 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/06/23 17:54:44.0765 3796 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
2011/06/23 17:54:44.0828 3796 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/06/23 17:54:45.0078 3796 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/06/23 17:54:45.0156 3796 prepdrvr (9b322103efe09f5f4a957af62b0387b1) C:\WINDOWS\system32\CCM\prepdrv.sys
2011/06/23 17:54:45.0343 3796 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/06/23 17:54:45.0390 3796 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/06/23 17:54:45.0593 3796 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/06/23 17:54:45.0703 3796 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/06/23 17:54:45.0734 3796 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/06/23 17:54:45.0765 3796 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/06/23 17:54:45.0859 3796 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/06/23 17:54:45.0890 3796 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/06/23 17:54:45.0937 3796 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/06/23 17:54:46.0015 3796 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/06/23 17:54:46.0125 3796 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/06/23 17:54:46.0281 3796 RT73 (7436bfd3a542cf6ff55097200031b293) C:\WINDOWS\system32\DRIVERS\rt73.sys
2011/06/23 17:54:46.0500 3796 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/06/23 17:54:46.0562 3796 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/06/23 17:54:46.0593 3796 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/06/23 17:54:46.0671 3796 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/06/23 17:54:46.0812 3796 smwdm (5018a9db5eb62e3edb3110f82f556285) C:\WINDOWS\system32\drivers\smwdm.sys
2011/06/23 17:54:46.0953 3796 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
2011/06/23 17:54:47.0078 3796 sptd (a80cd850d69d996c832bea37e3a6aa1e) C:\WINDOWS\system32\Drivers\sptd.sys
2011/06/23 17:54:47.0078 3796 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: a80cd850d69d996c832bea37e3a6aa1e
2011/06/23 17:54:47.0093 3796 sptd - detected LockedFile.Multi.Generic (1)
2011/06/23 17:54:47.0125 3796 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/06/23 17:54:47.0187 3796 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/06/23 17:54:47.0421 3796 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/06/23 17:54:47.0453 3796 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2011/06/23 17:54:47.0593 3796 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/06/23 17:54:47.0703 3796 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/06/23 17:54:47.0750 3796 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/06/23 17:54:47.0781 3796 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/06/23 17:54:47.0812 3796 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/06/23 17:54:47.0953 3796 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2011/06/23 17:54:48.0078 3796 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys
2011/06/23 17:54:48.0140 3796 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/06/23 17:54:48.0203 3796 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/06/23 17:54:48.0406 3796 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/06/23 17:54:48.0468 3796 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/06/23 17:54:48.0500 3796 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/06/23 17:54:48.0562 3796 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/06/23 17:54:48.0593 3796 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2011/06/23 17:54:48.0703 3796 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/06/23 17:54:48.0750 3796 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/06/23 17:54:48.0859 3796 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/06/23 17:54:49.0062 3796 {6080A529-897E-4629-A488-ABA0C29B635E} (fd1f4e9cf06c71c8d73a24acf18d8296) C:\WINDOWS\system32\drivers\ialmsbw.sys
2011/06/23 17:54:49.0125 3796 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (d4d7331d33d1fa73e588e5ce0d90a4c1) C:\WINDOWS\system32\drivers\ialmkchw.sys
2011/06/23 17:54:49.0156 3796 {E6759E0C-470B-44DC-A4A1-627E68BB3A85} (7d815767c1389817e2c4b85226fbac1d) C:\WINDOWS\system32\drivers\A302.sys
2011/06/23 17:54:49.0203 3796 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/06/23 17:54:49.0328 3796 ================================================================================
2011/06/23 17:54:49.0328 3796 Scan finished
2011/06/23 17:54:49.0328 3796 ================================================================================
2011/06/23 17:54:49.0359 3788 Detected object count: 1
2011/06/23 17:54:49.0359 3788 Actual detected object count: 1
2011/06/23 17:54:53.0218 3788 LockedFile.Multi.Generic(sptd) - User select action: Skip

Only 1 suspicious object found, it was skipped for now... Here is a screenshot:

Posted Image

#11
ali.B

Posted 23 June 2011 - 11:44 PM

Trusted Helper

Malware Removal
3,086 posts

hi

open OTL

Under the Custom Scan/Fixes box paste the following:

/md5start
sptd.sys
/md5stop

Clik the Quick Scan button and post the log it produces.

#12
jerosakireno

Posted 25 June 2011 - 08:37 AM

Member

Topic Starter
Member
38 posts

This is the log it produced after trying to runfix. It doesn't look like it did anything. I also tried to do this in safe mode, but I got the same result.

Error: Unable to interpret </md5start> in the current context!
Error: Unable to interpret <sptd.sys> in the current context!
Error: Unable to interpret </md5stop> in the current context!

OTL by OldTimer - Version 3.2.24.1 log created on 06252011_102826

Here are the results of the scan after doing that:

OTL logfile created on: 6/25/2011 10:30:22 AM - Run 6
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\theonyxserpent\My Documents\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

509.98 Mb Total Physical Memory | 98.71 Mb Available Physical Memory | 19.36% Memory free
1.21 Gb Paging File | 0.74 Gb Available in Paging File | 61.10% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 7.31 Gb Free Space | 19.62% Space Free | Partition Type: NTFS

Computer Name: THEONYXCOMPUTER | User Name: theonyxserpent | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/25 02:54:33 | 000,176,128 | ---- | M] () -- C:\Documents and Settings\theonyxserpent\Local Settings\temp\csrss.exe
PRC - [2011/06/25 02:54:06 | 000,181,760 | ---- | M] () -- C:\Documents and Settings\theonyxserpent\Application Data\dwm.exe
PRC - [2011/06/25 02:53:38 | 000,171,008 | ---- | M] () -- C:\Documents and Settings\theonyxserpent\Local Settings\temp\0.4218099101307523.exe
PRC - [2011/06/24 16:56:40 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/06/23 19:06:21 | 000,568,832 | ---- | M] (AIDEX Team) -- C:\WINDOWS\system32\schedsvc32.exe
PRC - [2011/06/23 19:06:21 | 000,568,832 | ---- | M] (AIDEX Team) -- C:\WINDOWS\system32\avifile32.exe
PRC - [2011/06/23 19:06:19 | 000,568,832 | ---- | M] (AIDEX Team) -- C:\WINDOWS\system32\dpnaddr32.exe
PRC - [2011/06/21 19:10:58 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\theonyxserpent\My Documents\Downloads\OTL.exe
PRC - [2009/08/05 06:17:12 | 000,204,800 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Pro\DTProShellHlp.exe
PRC - [2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/02/09 03:50:00 | 000,578,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\CCM\CcmExec.exe
PRC - [2006/02/09 03:50:00 | 000,248,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\CCM\clicomp\RemCtrl\Wuser32.exe

========== Modules (SafeList) ==========

MOD - [2011/06/21 19:10:58 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\theonyxserpent\My Documents\Downloads\OTL.exe
MOD - [2006/08/25 11:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/06/23 19:06:21 | 000,568,832 | ---- | M] (AIDEX Team) [Auto | Running] -- C:\WINDOWS\system32\schedsvc32.exe -- (UPS32)
SRV - [2011/06/23 19:06:19 | 000,568,832 | ---- | M] (AIDEX Team) [Auto | Running] -- C:\WINDOWS\system32\dpnaddr32.exe -- (winmgmt32)
SRV - [2009/06/16 18:18:45 | 000,469,504 | ---- | M] (Constantin Kaplinsky) [On_Demand | Stopped] -- C:\VNCTEMP\WinVNC.exe -- (VNCTEMP)
SRV - [2008/12/10 15:46:58 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2006/02/09 03:50:00 | 000,578,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\CCM\CcmExec.exe -- (CcmExec)
SRV - [2006/02/09 03:50:00 | 000,248,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\CCM\clicomp\RemCtrl\Wuser32.exe -- (Wuser32)

========== Driver Services (SafeList) ==========

DRV - [2011/06/21 23:14:52 | 000,020,552 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hitmanpro35.sys -- (hitmanpro35)
DRV - [2009/12/14 17:20:33 | 000,722,416 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2006/02/09 03:50:00 | 000,020,704 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CCM\PrepDrv.sys -- (prepdrvr)
DRV - [2006/02/09 02:50:00 | 000,011,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\kbstuff5.sys -- (kbstuff)
DRV - [2006/02/09 02:50:00 | 000,008,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\idisw2km.sys -- (idisw2km)
DRV - [2005/11/24 19:51:38 | 000,245,248 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2005/02/01 18:18:38 | 000,017,992 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\bcm42rly.sys -- (BCM42RLY)
DRV - [2003/04/15 10:39:54 | 000,011,319 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\a302.sys -- ({E6759E0C-470B-44DC-A4A1-627E68BB3A85})
DRV - [2001/08/22 08:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 75 2B 18 06 84 C6 C5 4F 94 90 2C 04 01 93 77 62 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:57980

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://start.mozilla...en-US:official"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.10.01
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 57980
FF - prefs.js..network.proxy.type: 1

FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/24 16:56:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/09 23:01:35 | 000,000,000 | ---D | M]

[2009/12/13 16:09:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\theonyxserpent\Application Data\Mozilla\Extensions
[2011/06/22 21:40:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\theonyxserpent\Application Data\Mozilla\Firefox\Profiles\og0g7s2n.default\extensions
[2004/09/29 02:10:36 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\theonyxserpent\Application Data\Mozilla\Firefox\Profiles\og0g7s2n.default\extensions\{02f2bf09-f910-4c12-9090-1c4a7646a895}
[2011/06/21 23:10:21 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\theonyxserpent\Application Data\Mozilla\Firefox\Profiles\og0g7s2n.default\extensions\{3cb6c568-ca5b-4b41-8a2c-9cfe0d13c63c}
[2011/06/21 18:08:42 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\theonyxserpent\Application Data\Mozilla\Firefox\Profiles\og0g7s2n.default\extensions\{e1a852cd-b45a-4656-b124-e020f6e257cb}
[2011/06/25 10:01:25 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\theonyxserpent\Application Data\Mozilla\Firefox\Profiles\og0g7s2n.default\extensions\{ffb9df16-4c73-49a1-9a00-5aaaf2092ab0}
[2010/10/08 23:58:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\THEONYXSERPENT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OG0G7S2N.DEFAULT\EXTENSIONS\[email protected]
[2009/12/12 18:47:36 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/06/24 16:56:41 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011/05/09 23:01:17 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/06/23 17:31:35 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {06182B75-C684-4FC5-9490-2C0401937762} - C:\WINDOWS\system32\avifile32.dll ()
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Burn4Free Toolbar Helper) - {D187A56B-A33F-4CBE-9D77-459FC0BAE012} - C:\Program Files\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll ()
O4 - HKLM..\Run: [conhost] C:\Documents and Settings\theonyxserpent\Application Data\Microsoft\conhost.exe ()
O4 - HKLM..\Run: [RandMAC] C:\extracted\MadMACs\MadMACs.exe ()
O4 - HKCU..\Run: [DAEMON Tools Pro Agent] C:\Program Files\DAEMON Tools Pro\DTProAgent.exe (DT Soft Ltd)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
F3 - HKCU WinNT: Load - (C:\DOCUME~1\THEONY~1\LOCALS~1\Temp\csrss.exe) - C:\Documents and Settings\theonyxserpent\Local Settings\temp\csrss.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ntent/opuc2.cab (Office Update Installation Engine)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1232729059632 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = onyx
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (C:\Documents and Settings\theonyxserpent\Application Data\dwm.exe) - C:\Documents and Settings\theonyxserpent\Application Data\dwm.exe ()
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/05/10 14:57:30 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/23 19:06:37 | 000,568,832 | ---- | C] (AIDEX Team) -- C:\WINDOWS\System32\avifile32.exe
[2011/06/23 19:06:26 | 000,568,832 | ---- | C] (AIDEX Team) -- C:\WINDOWS\System32\dpnaddr32.exe
[2011/06/23 19:06:23 | 000,568,832 | ---- | C] (AIDEX Team) -- C:\WINDOWS\System32\schedsvc32.exe
[2011/06/23 19:04:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\theonyxserpent\Desktop\Other Audio
[2011/06/23 18:44:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/06/23 18:34:02 | 000,000,000 | ---D | C] -- C:\f02976e5e14006106d
[2011/06/23 18:33:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2011/06/23 18:33:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2011/06/22 22:01:01 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/21 22:15:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/06/21 22:12:14 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2011/06/21 22:06:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\theonyxserpent\My Documents\My Received Files
[2011/06/08 23:18:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\theonyxserpent\Local Settings\Application Data\Identities
[2011/06/04 23:13:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MpEngineStore
[2011/06/01 20:35:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\theonyxserpent\Start Menu\Programs\CleanUp!
[2011/06/01 20:35:25 | 000,000,000 | ---D | C] -- C:\Program Files\CleanUp!
[2011/06/01 20:32:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011/05/30 22:27:02 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/05/29 08:42:15 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/05/29 08:35:04 | 000,000,000 | R--D | C] -- C:\Documents and Settings\theonyxserpent\Start Menu\Programs\Administrative Tools
[1 C:\Documents and Settings\theonyxserpent\*.tmp files -> C:\Documents and Settings\theonyxserpent\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/25 10:25:37 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/25 10:21:18 | 000,004,306 | ---- | M] () -- C:\Documents and Settings\theonyxserpent\Application Data\47D2.A7B
[2011/06/25 02:54:06 | 000,181,760 | ---- | M] () -- C:\Documents and Settings\theonyxserpent\Application Data\dwm.exe
[2011/06/25 00:42:03 | 000,000,330 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2011/06/25 00:41:51 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/25 00:40:25 | 000,000,386 | ---- | M] () -- C:\WINDOWS\SMSCFG.ini
[2011/06/25 00:40:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/25 00:24:21 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2011/06/23 19:06:37 | 000,000,062 | ---- | M] () -- C:\WINDOWS\System32\918880264
[2011/06/23 19:06:21 | 000,568,832 | ---- | M] (AIDEX Team) -- C:\WINDOWS\System32\schedsvc32.exe
[2011/06/23 19:06:21 | 000,568,832 | ---- | M] (AIDEX Team) -- C:\WINDOWS\System32\avifile32.exe
[2011/06/23 19:06:19 | 000,568,832 | ---- | M] (AIDEX Team) -- C:\WINDOWS\System32\dpnaddr32.exe
[2011/06/23 19:06:19 | 000,369,664 | ---- | M] () -- C:\WINDOWS\System32\avifile32.dll
[2011/06/23 18:49:47 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\theonyxserpent\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/06/23 18:49:46 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\theonyxserpent\Desktop\Windows Media Player.lnk
[2011/06/23 18:33:54 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2011/06/23 17:31:35 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/06/23 16:55:53 | 000,045,056 | ---- | M] () -- C:\Documents and Settings\theonyxserpent\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/21 23:14:52 | 000,020,552 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/06/21 22:27:42 | 000,001,663 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk
[2011/06/20 12:24:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/06/19 12:16:00 | 000,000,419 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2011/06/01 20:35:43 | 000,000,687 | ---- | M] () -- C:\Documents and Settings\theonyxserpent\Desktop\CleanUp!.lnk
[2011/05/29 08:42:25 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/05/27 23:10:56 | 000,000,741 | ---- | M] () -- C:\Documents and Settings\theonyxserpent\Desktop\Glary Utilities.lnk
[2011/05/27 22:10:28 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[1 C:\Documents and Settings\theonyxserpent\*.tmp files -> C:\Documents and Settings\theonyxserpent\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/25 02:54:06 | 000,181,760 | ---- | C] () -- C:\Documents and Settings\theonyxserpent\Application Data\dwm.exe
[2011/06/25 02:53:45 | 000,004,306 | ---- | C] () -- C:\Documents and Settings\theonyxserpent\Application Data\47D2.A7B
[2011/06/23 19:06:23 | 000,000,062 | ---- | C] () -- C:\WINDOWS\System32\918880264
[2011/06/23 19:06:19 | 000,369,664 | ---- | C] () -- C:\WINDOWS\System32\avifile32.dll
[2011/06/23 18:33:54 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2011/06/21 22:14:19 | 000,020,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/06/21 22:12:15 | 000,001,663 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk
[2011/06/01 20:35:43 | 000,000,687 | ---- | C] () -- C:\Documents and Settings\theonyxserpent\Desktop\CleanUp!.lnk
[2011/05/29 08:42:25 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/05/29 08:42:19 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/05/22 12:46:25 | 000,000,419 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2011/01/31 00:04:34 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/11/19 01:00:37 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/11/19 01:00:32 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/11/19 01:00:32 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/11/19 01:00:31 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2010/11/19 01:00:30 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/10/15 21:39:54 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/12/12 17:49:31 | 000,002,733 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
[2007/06/04 16:51:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2007/03/23 15:59:00 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/11/07 14:25:34 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/10/25 11:25:47 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\SVSetup.Exe
[2006/10/25 11:25:46 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\SVSetup.dll
[2006/10/25 11:25:45 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\SSCoInst.exe
[2006/10/25 11:25:44 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\SSCoInst.dll
[2006/10/25 11:25:31 | 000,020,594 | ---- | C] () -- C:\WINDOWS\System32\Dels3LMK.DLL
[2006/10/12 11:51:49 | 000,006,454 | ---- | C] () -- C:\WINDOWS\solomon.ini
[2006/10/12 11:25:50 | 000,100,352 | ---- | C] () -- C:\WINDOWS\System32\pg32conv.dll
[2006/10/12 11:25:29 | 001,128,448 | ---- | C] () -- C:\WINDOWS\System32\sbl.dll
[2006/10/12 11:25:27 | 000,496,640 | ---- | C] () -- C:\WINDOWS\System32\tls7012d.dll
[2005/05/10 16:41:41 | 000,000,546 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/05/10 16:24:15 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/05/10 16:24:09 | 000,099,965 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2005/05/10 16:24:00 | 000,004,147 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2005/05/10 15:43:28 | 000,000,386 | ---- | C] () -- C:\WINDOWS\SMSCFG.ini
[2005/05/10 15:40:10 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\e1000msg.dll
[2005/05/10 15:00:47 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/05/10 14:53:16 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/05/10 10:24:45 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/05/10 10:23:14 | 000,255,064 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/10/08 04:47:08 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2004/09/29 01:46:40 | 000,045,056 | ---- | C] () -- C:\Documents and Settings\theonyxserpent\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/08/04 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 08:00:00 | 000,991,744 | ---- | C] () -- C:\WINDOWS\System32\drmv2clt.dll
[2004/08/04 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 08:00:00 | 000,384,976 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 08:00:00 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\netid.dll
[2004/08/04 08:00:00 | 000,054,184 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 08:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 08:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/04 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2009/12/14 13:28:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
[2011/02/17 23:58:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\dPhIcDd15405
[2011/06/21 22:18:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/10/02 01:44:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScreenVCR
[2011/06/23 18:44:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/12/12 15:50:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2011/01/31 00:02:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\theonyxserpent\Application Data\Cocoon Software
[2009/12/14 13:37:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\theonyxserpent\Application Data\DAEMON Tools Pro
[2009/12/12 18:12:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\theonyxserpent\Application Data\GlarySoft
[2010/10/08 23:35:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\theonyxserpent\Application Data\MSNInstaller
[2004/09/29 03:36:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\theonyxserpent\Application Data\Smith Micro
[2011/06/20 19:10:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\theonyxserpent\Application Data\uTorrent
[2009/12/13 12:50:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\theonyxserpent\Application Data\yoclient
[2011/06/25 00:42:03 | 000,000,330 | ---- | M] () -- C:\WINDOWS\Tasks\GlaryInitialize.job

========== Purity Check ==========

< End of report >

#13
ali.B

Posted 25 June 2011 - 03:10 PM

Trusted Helper

Malware Removal
3,086 posts

hi

You received that error because you clicked Run Fix after pasting those

Paste them Under Custom Scans/Fixes and click Run Scan

#14
jerosakireno

Posted 25 June 2011 - 04:58 PM

Member

Topic Starter
Member
38 posts

Oops! Terribly sorry about that... Here you go:

OTL logfile created on: 6/25/2011 6:45:23 PM - Run 7
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\theonyxserpent\My Documents\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

509.98 Mb Total Physical Memory | 186.99 Mb Available Physical Memory | 36.67% Memory free
1.21 Gb Paging File | 0.81 Gb Available in Paging File | 66.60% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 7.40 Gb Free Space | 19.88% Space Free | Partition Type: NTFS

Computer Name: THEONYXCOMPUTER | User Name: theonyxserpent | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/25 02:54:33 | 000,176,128 | ---- | M] () -- C:\Documents and Settings\theonyxserpent\Local Settings\temp\csrss.exe
PRC - [2011/06/25 02:54:06 | 000,181,760 | ---- | M] () -- C:\Documents and Settings\theonyxserpent\Application Data\dwm.exe
PRC - [2011/06/25 02:53:38 | 000,171,008 | ---- | M] () -- C:\Documents and Settings\theonyxserpent\Local Settings\temp\0.4218099101307523.exe
PRC - [2011/06/24 16:56:40 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/06/23 19:06:21 | 000,568,832 | ---- | M] (AIDEX Team) -- C:\WINDOWS\system32\schedsvc32.exe
PRC - [2011/06/23 19:06:21 | 000,568,832 | ---- | M] (AIDEX Team) -- C:\WINDOWS\system32\avifile32.exe
PRC - [2011/06/23 19:06:19 | 000,568,832 | ---- | M] (AIDEX Team) -- C:\WINDOWS\system32\dpnaddr32.exe
PRC - [2011/06/21 19:10:58 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\theonyxserpent\My Documents\Downloads\OTL.exe
PRC - [2009/08/05 06:17:12 | 000,204,800 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Pro\DTProShellHlp.exe
PRC - [2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/02/09 03:50:00 | 000,578,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\CCM\CcmExec.exe
PRC - [2006/02/09 03:50:00 | 000,248,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\CCM\clicomp\RemCtrl\Wuser32.exe

========== Modules (SafeList) ==========

MOD - [2011/06/21 19:10:58 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\theonyxserpent\My Documents\Downloads\OTL.exe
MOD - [2006/08/25 11:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/06/23 19:06:21 | 000,568,832 | ---- | M] (AIDEX Team) [Auto | Running] -- C:\WINDOWS\system32\schedsvc32.exe -- (UPS32)
SRV - [2011/06/23 19:06:19 | 000,568,832 | ---- | M] (AIDEX Team) [Auto | Running] -- C:\WINDOWS\system32\dpnaddr32.exe -- (winmgmt32)
SRV - [2009/06/16 18:18:45 | 000,469,504 | ---- | M] (Constantin Kaplinsky) [On_Demand | Stopped] -- C:\VNCTEMP\WinVNC.exe -- (VNCTEMP)
SRV - [2008/12/10 15:46:58 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2006/02/09 03:50:00 | 000,578,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\CCM\CcmExec.exe -- (CcmExec)
SRV - [2006/02/09 03:50:00 | 000,248,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\CCM\clicomp\RemCtrl\Wuser32.exe -- (Wuser32)

========== Driver Services (SafeList) ==========

DRV - [2011/06/21 23:14:52 | 000,020,552 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hitmanpro35.sys -- (hitmanpro35)
DRV - [2009/12/14 17:20:33 | 000,722,416 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2006/02/09 03:50:00 | 000,020,704 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CCM\PrepDrv.sys -- (prepdrvr)
DRV - [2006/02/09 02:50:00 | 000,011,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\kbstuff5.sys -- (kbstuff)
DRV - [2006/02/09 02:50:00 | 000,008,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\idisw2km.sys -- (idisw2km)
DRV - [2005/11/24 19:51:38 | 000,245,248 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2005/02/01 18:18:38 | 000,017,992 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\bcm42rly.sys -- (BCM42RLY)
DRV - [2003/04/15 10:39:54 | 000,011,319 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\a302.sys -- ({E6759E0C-470B-44DC-A4A1-627E68BB3A85})
DRV - [2001/08/22 08:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 75 2B 18 06 84 C6 C5 4F 94 90 2C 04 01 93 77 62 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:57980

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://start.mozilla...en-US:official"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.10.01
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 57980
FF - prefs.js..network.proxy.type: 1

FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/24 16:56:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/09 23:01:35 | 000,000,000 | ---D | M]

[2009/12/13 16:09:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\theonyxserpent\Application Data\Mozilla\Extensions
[2011/06/22 21:40:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\theonyxserpent\Application Data\Mozilla\Firefox\Profiles\og0g7s2n.default\extensions
[2004/09/29 02:10:36 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\theonyxserpent\Application Data\Mozilla\Firefox\Profiles\og0g7s2n.default\extensions\{02f2bf09-f910-4c12-9090-1c4a7646a895}
[2011/06/21 23:10:21 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\theonyxserpent\Application Data\Mozilla\Firefox\Profiles\og0g7s2n.default\extensions\{3cb6c568-ca5b-4b41-8a2c-9cfe0d13c63c}
[2011/06/21 18:08:42 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\theonyxserpent\Application Data\Mozilla\Firefox\Profiles\og0g7s2n.default\extensions\{e1a852cd-b45a-4656-b124-e020f6e257cb}
[2011/06/25 10:01:25 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\theonyxserpent\Application Data\Mozilla\Firefox\Profiles\og0g7s2n.default\extensions\{ffb9df16-4c73-49a1-9a00-5aaaf2092ab0}
[2010/10/08 23:58:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\THEONYXSERPENT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OG0G7S2N.DEFAULT\EXTENSIONS\[email protected]
[2009/12/12 18:47:36 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/06/24 16:56:41 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011/05/09 23:01:17 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/06/23 17:31:35 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {06182B75-C684-4FC5-9490-2C0401937762} - C:\WINDOWS\system32\avifile32.dll ()
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Burn4Free Toolbar Helper) - {D187A56B-A33F-4CBE-9D77-459FC0BAE012} - C:\Program Files\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll ()
O4 - HKLM..\Run: [conhost] C:\Documents and Settings\theonyxserpent\Application Data\Microsoft\conhost.exe ()
O4 - HKLM..\Run: [RandMAC] C:\extracted\MadMACs\MadMACs.exe ()
O4 - HKCU..\Run: [DAEMON Tools Pro Agent] C:\Program Files\DAEMON Tools Pro\DTProAgent.exe (DT Soft Ltd)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
F3 - HKCU WinNT: Load - (C:\DOCUME~1\THEONY~1\LOCALS~1\Temp\csrss.exe) - C:\Documents and Settings\theonyxserpent\Local Settings\temp\csrss.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ntent/opuc2.cab (Office Update Installation Engine)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1232729059632 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = onyx
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (C:\Documents and Settings\theonyxserpent\Application Data\dwm.exe) - C:\Documents and Settings\theonyxserpent\Application Data\dwm.exe ()
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/05/10 14:57:30 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/23 19:06:37 | 000,568,832 | ---- | C] (AIDEX Team) -- C:\WINDOWS\System32\avifile32.exe
[2011/06/23 19:06:26 | 000,568,832 | ---- | C] (AIDEX Team) -- C:\WINDOWS\System32\dpnaddr32.exe
[2011/06/23 19:06:23 | 000,568,832 | ---- | C] (AIDEX Team) -- C:\WINDOWS\System32\schedsvc32.exe
[2011/06/23 19:04:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\theonyxserpent\Desktop\Other Audio
[2011/06/23 18:44:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/06/23 18:34:02 | 000,000,000 | ---D | C] -- C:\f02976e5e14006106d
[2011/06/23 18:33:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2011/06/23 18:33:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2011/06/22 22:01:01 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/21 22:15:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/06/21 22:12:14 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2011/06/21 22:06:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\theonyxserpent\My Documents\My Received Files
[2011/06/08 23:18:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\theonyxserpent\Local Settings\Application Data\Identities
[2011/06/04 23:13:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MpEngineStore
[2011/06/01 20:35:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\theonyxserpent\Start Menu\Programs\CleanUp!
[2011/06/01 20:35:25 | 000,000,000 | ---D | C] -- C:\Program Files\CleanUp!
[2011/06/01 20:32:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011/05/30 22:27:02 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/05/29 08:42:15 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/05/29 08:35:04 | 000,000,000 | R--D | C] -- C:\Documents and Settings\theonyxserpent\Start Menu\Programs\Administrative Tools
[1 C:\Documents and Settings\theonyxserpent\*.tmp files -> C:\Documents and Settings\theonyxserpent\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/25 18:42:26 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/25 16:19:21 | 000,016,123 | ---- | M] () -- C:\Documents and Settings\theonyxserpent\Application Data\47D2.A7B
[2011/06/25 11:17:27 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2011/06/25 02:54:06 | 000,181,760 | ---- | M] () -- C:\Documents and Settings\theonyxserpent\Application Data\dwm.exe
[2011/06/25 00:42:03 | 000,000,330 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2011/06/25 00:41:51 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/25 00:40:25 | 000,000,386 | ---- | M] () -- C:\WINDOWS\SMSCFG.ini
[2011/06/25 00:40:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/23 19:06:37 | 000,000,062 | ---- | M] () -- C:\WINDOWS\System32\918880264
[2011/06/23 19:06:21 | 000,568,832 | ---- | M] (AIDEX Team) -- C:\WINDOWS\System32\schedsvc32.exe
[2011/06/23 19:06:21 | 000,568,832 | ---- | M] (AIDEX Team) -- C:\WINDOWS\System32\avifile32.exe
[2011/06/23 19:06:19 | 000,568,832 | ---- | M] (AIDEX Team) -- C:\WINDOWS\System32\dpnaddr32.exe
[2011/06/23 19:06:19 | 000,369,664 | ---- | M] () -- C:\WINDOWS\System32\avifile32.dll
[2011/06/23 18:49:47 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\theonyxserpent\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/06/23 18:49:46 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\theonyxserpent\Desktop\Windows Media Player.lnk
[2011/06/23 18:33:54 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2011/06/23 17:31:35 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/06/23 16:55:53 | 000,045,056 | ---- | M] () -- C:\Documents and Settings\theonyxserpent\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/21 23:14:52 | 000,020,552 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/06/21 22:27:42 | 000,001,663 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk
[2011/06/20 12:24:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/06/19 12:16:00 | 000,000,419 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2011/06/01 20:35:43 | 000,000,687 | ---- | M] () -- C:\Documents and Settings\theonyxserpent\Desktop\CleanUp!.lnk
[2011/05/29 08:42:25 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/05/27 23:10:56 | 000,000,741 | ---- | M] () -- C:\Documents and Settings\theonyxserpent\Desktop\Glary Utilities.lnk
[2011/05/27 22:10:28 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[1 C:\Documents and Settings\theonyxserpent\*.tmp files -> C:\Documents and Settings\theonyxserpent\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/25 02:54:06 | 000,181,760 | ---- | C] () -- C:\Documents and Settings\theonyxserpent\Application Data\dwm.exe
[2011/06/25 02:53:45 | 000,016,123 | ---- | C] () -- C:\Documents and Settings\theonyxserpent\Application Data\47D2.A7B
[2011/06/23 19:06:23 | 000,000,062 | ---- | C] () -- C:\WINDOWS\System32\918880264
[2011/06/23 19:06:19 | 000,369,664 | ---- | C] () -- C:\WINDOWS\System32\avifile32.dll
[2011/06/23 18:33:54 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2011/06/21 22:14:19 | 000,020,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/06/21 22:12:15 | 000,001,663 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk
[2011/06/01 20:35:43 | 000,000,687 | ---- | C] () -- C:\Documents and Settings\theonyxserpent\Desktop\CleanUp!.lnk
[2011/05/29 08:42:25 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/05/29 08:42:19 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/05/22 12:46:25 | 000,000,419 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2011/01/31 00:04:34 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/11/19 01:00:37 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/11/19 01:00:32 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/11/19 01:00:32 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/11/19 01:00:31 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2010/11/19 01:00:30 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/10/15 21:39:54 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/12/12 17:49:31 | 000,002,733 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
[2007/06/04 16:51:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2007/03/23 15:59:00 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/11/07 14:25:34 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/10/25 11:25:47 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\SVSetup.Exe
[2006/10/25 11:25:46 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\SVSetup.dll
[2006/10/25 11:25:45 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\SSCoInst.exe
[2006/10/25 11:25:44 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\SSCoInst.dll
[2006/10/25 11:25:31 | 000,020,594 | ---- | C] () -- C:\WINDOWS\System32\Dels3LMK.DLL
[2006/10/12 11:51:49 | 000,006,454 | ---- | C] () -- C:\WINDOWS\solomon.ini
[2006/10/12 11:25:50 | 000,100,352 | ---- | C] () -- C:\WINDOWS\System32\pg32conv.dll
[2006/10/12 11:25:29 | 001,128,448 | ---- | C] () -- C:\WINDOWS\System32\sbl.dll
[2006/10/12 11:25:27 | 000,496,640 | ---- | C] () -- C:\WINDOWS\System32\tls7012d.dll
[2005/05/10 16:41:41 | 000,000,546 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/05/10 16:24:15 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/05/10 16:24:09 | 000,099,965 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2005/05/10 16:24:00 | 000,004,147 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2005/05/10 15:43:28 | 000,000,386 | ---- | C] () -- C:\WINDOWS\SMSCFG.ini
[2005/05/10 15:40:10 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\e1000msg.dll
[2005/05/10 15:00:47 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/05/10 14:53:16 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/05/10 10:24:45 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/05/10 10:23:14 | 000,255,064 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/10/08 04:47:08 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2004/09/29 01:46:40 | 000,045,056 | ---- | C] () -- C:\Documents and Settings\theonyxserpent\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/08/04 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 08:00:00 | 000,991,744 | ---- | C] () -- C:\WINDOWS\System32\drmv2clt.dll
[2004/08/04 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 08:00:00 | 000,384,976 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 08:00:00 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\netid.dll
[2004/08/04 08:00:00 | 000,054,184 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 08:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 08:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/04 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2009/12/14 13:28:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
[2011/02/17 23:58:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\dPhIcDd15405
[2011/06/21 22:18:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/10/02 01:44:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScreenVCR
[2011/06/23 18:44:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/12/12 15:50:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2011/01/31 00:02:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\theonyxserpent\Application Data\Cocoon Software
[2009/12/14 13:37:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\theonyxserpent\Application Data\DAEMON Tools Pro
[2009/12/12 18:12:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\theonyxserpent\Application Data\GlarySoft
[2010/10/08 23:35:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\theonyxserpent\Application Data\MSNInstaller
[2004/09/29 03:36:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\theonyxserpent\Application Data\Smith Micro
[2011/06/20 19:10:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\theonyxserpent\Application Data\uTorrent
[2009/12/13 12:50:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\theonyxserpent\Application Data\yoclient
[2011/06/25 00:42:03 | 000,000,330 | ---- | M] () -- C:\WINDOWS\Tasks\GlaryInitialize.job

========== Purity Check ==========

========== Custom Scans ==========

< MD5 for: SPTD.SYS >
[2009/12/14 17:20:33 | 000,722,416 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys

< End of report >

#15
ali.B

Posted 26 June 2011 - 02:26 AM

Trusted Helper

Malware Removal
3,086 posts

hi

Download ComboFix here :

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them

Click me
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.