Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Google Redirect Help


  • This topic is locked This topic is locked

#16
jerosakireno

jerosakireno

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
Hi, it didn't say anything about the recovery tool being installed, but I think I installed combofix before, which may have already installed the recovery tool at that time. But here is the log:


ComboFix 11-06-25.05 - theonyxserpent 06/26/2011 11:15:49.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.510.125 [GMT -4:00]
Running from: c:\documents and settings\theonyxserpent\My Documents\Downloads\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\og0g7s2n.default\extensions\{02f2bf09-f910-4c12-9090-1c4a7646a895}
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\og0g7s2n.default\extensions\{02f2bf09-f910-4c12-9090-1c4a7646a895}\chrome.manifest
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\og0g7s2n.default\extensions\{02f2bf09-f910-4c12-9090-1c4a7646a895}\chrome\xulcache.jar
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\og0g7s2n.default\extensions\{02f2bf09-f910-4c12-9090-1c4a7646a895}\defaults\preferences\xulcache.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\og0g7s2n.default\extensions\{02f2bf09-f910-4c12-9090-1c4a7646a895}\install.rdf
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\og0g7s2n.default\extensions\{3cb6c568-ca5b-4b41-8a2c-9cfe0d13c63c}
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\og0g7s2n.default\extensions\{3cb6c568-ca5b-4b41-8a2c-9cfe0d13c63c}\chrome.manifest
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\og0g7s2n.default\extensions\{3cb6c568-ca5b-4b41-8a2c-9cfe0d13c63c}\chrome\xulcache.jar
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\og0g7s2n.default\extensions\{3cb6c568-ca5b-4b41-8a2c-9cfe0d13c63c}\defaults\preferences\xulcache.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\og0g7s2n.default\extensions\{3cb6c568-ca5b-4b41-8a2c-9cfe0d13c63c}\install.rdf
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\og0g7s2n.default\extensions\{410951ef-6ec8-4a82-9edf-2326feded017}
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\og0g7s2n.default\extensions\{410951ef-6ec8-4a82-9edf-2326feded017}\chrome.manifest
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\og0g7s2n.default\extensions\{410951ef-6ec8-4a82-9edf-2326feded017}\chrome\xulcache.jar
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\og0g7s2n.default\extensions\{410951ef-6ec8-4a82-9edf-2326feded017}\defaults\preferences\xulcache.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\og0g7s2n.default\extensions\{410951ef-6ec8-4a82-9edf-2326feded017}\install.rdf
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\og0g7s2n.default\extensions\{79fc8e7d-f139-4472-8239-1bc2386bef51}
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\og0g7s2n.default\extensions\{79fc8e7d-f139-4472-8239-1bc2386bef51}\chrome.manifest
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\og0g7s2n.default\extensions\{79fc8e7d-f139-4472-8239-1bc2386bef51}\chrome\xulcache.jar
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\og0g7s2n.default\extensions\{79fc8e7d-f139-4472-8239-1bc2386bef51}\defaults\preferences\xulcache.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\og0g7s2n.default\extensions\{79fc8e7d-f139-4472-8239-1bc2386bef51}\install.rdf
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\og0g7s2n.default\extensions\{e1a852cd-b45a-4656-b124-e020f6e257cb}
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\og0g7s2n.default\extensions\{e1a852cd-b45a-4656-b124-e020f6e257cb}\chrome.manifest
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\og0g7s2n.default\extensions\{e1a852cd-b45a-4656-b124-e020f6e257cb}\chrome\xulcache.jar
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\og0g7s2n.default\extensions\{e1a852cd-b45a-4656-b124-e020f6e257cb}\defaults\preferences\xulcache.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\og0g7s2n.default\extensions\{e1a852cd-b45a-4656-b124-e020f6e257cb}\install.rdf
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\og0g7s2n.default\extensions\{ffb9df16-4c73-49a1-9a00-5aaaf2092ab0}
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\og0g7s2n.default\extensions\{ffb9df16-4c73-49a1-9a00-5aaaf2092ab0}\chrome.manifest
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\og0g7s2n.default\extensions\{ffb9df16-4c73-49a1-9a00-5aaaf2092ab0}\chrome\xulcache.jar
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\og0g7s2n.default\extensions\{ffb9df16-4c73-49a1-9a00-5aaaf2092ab0}\defaults\preferences\xulcache.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\og0g7s2n.default\extensions\{ffb9df16-4c73-49a1-9a00-5aaaf2092ab0}\install.rdf
c:\documents and settings\LocalService\Application Data\02000000f12dedc91270C.manifest
c:\documents and settings\LocalService\Application Data\02000000f12dedc91270O.manifest
c:\documents and settings\LocalService\Application Data\02000000f12dedc91270P.manifest
c:\documents and settings\LocalService\Application Data\02000000f12dedc91270S.manifest
c:\documents and settings\Mouth\Application Data\Mozilla\Firefox\Profiles\og0g7s2n.default\extensions\{02f2bf09-f910-4c12-9090-1c4a7646a895}
c:\documents and settings\Mouth\Application Data\Mozilla\Firefox\Profiles\og0g7s2n.default\extensions\{02f2bf09-f910-4c12-9090-1c4a7646a895}\chrome.manifest
c:\documents and settings\Mouth\Application Data\Mozilla\Firefox\Profiles\og0g7s2n.default\extensions\{02f2bf09-f910-4c12-9090-1c4a7646a895}\chrome\xulcache.jar
c:\documents and settings\Mouth\Application Data\Mozilla\Firefox\Profiles\og0g7s2n.default\extensions\{02f2bf09-f910-4c12-9090-1c4a7646a895}\defaults\preferences\xulcache.js
c:\documents and settings\Mouth\Application Data\Mozilla\Firefox\Profiles\og0g7s2n.default\extensions\{02f2bf09-f910-4c12-9090-1c4a7646a895}\install.rdf
c:\documents and settings\Mouth\Application Data\Mozilla\Firefox\Profiles\og0g7s2n.default\extensions\{3cb6c568-ca5b-4b41-8a2c-9cfe0d13c63c}
c:\documents and settings\Mouth\Application Data\Mozilla\Firefox\Profiles\og0g7s2n.default\extensions\{3cb6c568-ca5b-4b41-8a2c-9cfe0d13c63c}\chrome.manifest
c:\documents and settings\Mouth\Application Data\Mozilla\Firefox\Profiles\og0g7s2n.default\extensions\{3cb6c568-ca5b-4b41-8a2c-9cfe0d13c63c}\chrome\xulcache.jar
c:\documents and settings\Mouth\Application Data\Mozilla\Firefox\Profiles\og0g7s2n.default\extensions\{3cb6c568-ca5b-4b41-8a2c-9cfe0d13c63c}\defaults\preferences\xulcache.js
c:\documents and settings\Mouth\Application Data\Mozilla\Firefox\Profiles\og0g7s2n.default\extensions\{3cb6c568-ca5b-4b41-8a2c-9cfe0d13c63c}\install.rdf
c:\documents and settings\Mouth\Application Data\Mozilla\Firefox\Profiles\og0g7s2n.default\extensions\{410951ef-6ec8-4a82-9edf-2326feded017}
c:\documents and settings\Mouth\Application Data\Mozilla\Firefox\Profiles\og0g7s2n.default\extensions\{410951ef-6ec8-4a82-9edf-2326feded017}\chrome.manifest
c:\documents and settings\Mouth\Application Data\Mozilla\Firefox\Profiles\og0g7s2n.default\extensions\{410951ef-6ec8-4a82-9edf-2326feded017}\chrome\xulcache.jar
c:\documents and settings\Mouth\Application Data\Mozilla\Firefox\Profiles\og0g7s2n.default\extensions\{410951ef-6ec8-4a82-9edf-2326feded017}\defaults\preferences\xulcache.js
c:\documents and settings\Mouth\Application Data\Mozilla\Firefox\Profiles\og0g7s2n.default\extensions\{410951ef-6ec8-4a82-9edf-2326feded017}\install.rdf
c:\documents and settings\Mouth\Application Data\Mozilla\Firefox\Profiles\og0g7s2n.default\extensions\{79fc8e7d-f139-4472-8239-1bc2386bef51}
c:\documents and settings\Mouth\Application Data\Mozilla\Firefox\Profiles\og0g7s2n.default\extensions\{79fc8e7d-f139-4472-8239-1bc2386bef51}\chrome.manifest
c:\documents and settings\Mouth\Application Data\Mozilla\Firefox\Profiles\og0g7s2n.default\extensions\{79fc8e7d-f139-4472-8239-1bc2386bef51}\chrome\xulcache.jar
c:\documents and settings\Mouth\Application Data\Mozilla\Firefox\Profiles\og0g7s2n.default\extensions\{79fc8e7d-f139-4472-8239-1bc2386bef51}\defaults\preferences\xulcache.js
c:\documents and settings\Mouth\Application Data\Mozilla\Firefox\Profiles\og0g7s2n.default\extensions\{79fc8e7d-f139-4472-8239-1bc2386bef51}\install.rdf
c:\documents and settings\Mouth\Application Data\Mozilla\Firefox\Profiles\og0g7s2n.default\extensions\{e1a852cd-b45a-4656-b124-e020f6e257cb}
c:\documents and settings\Mouth\Application Data\Mozilla\Firefox\Profiles\og0g7s2n.default\extensions\{e1a852cd-b45a-4656-b124-e020f6e257cb}\chrome.manifest
c:\documents and settings\Mouth\Application Data\Mozilla\Firefox\Profiles\og0g7s2n.default\extensions\{e1a852cd-b45a-4656-b124-e020f6e257cb}\chrome\xulcache.jar
c:\documents and settings\Mouth\Application Data\Mozilla\Firefox\Profiles\og0g7s2n.default\extensions\{e1a852cd-b45a-4656-b124-e020f6e257cb}\defaults\preferences\xulcache.js
c:\documents and settings\Mouth\Application Data\Mozilla\Firefox\Profiles\og0g7s2n.default\extensions\{e1a852cd-b45a-4656-b124-e020f6e257cb}\install.rdf
c:\documents and settings\Mouth\Application Data\Mozilla\Firefox\Profiles\og0g7s2n.default\extensions\{ffb9df16-4c73-49a1-9a00-5aaaf2092ab0}
c:\documents and settings\Mouth\Application Data\Mozilla\Firefox\Profiles\og0g7s2n.default\extensions\{ffb9df16-4c73-49a1-9a00-5aaaf2092ab0}\chrome.manifest
c:\documents and settings\Mouth\Application Data\Mozilla\Firefox\Profiles\og0g7s2n.default\extensions\{ffb9df16-4c73-49a1-9a00-5aaaf2092ab0}\chrome\xulcache.jar
c:\documents and settings\Mouth\Application Data\Mozilla\Firefox\Profiles\og0g7s2n.default\extensions\{ffb9df16-4c73-49a1-9a00-5aaaf2092ab0}\defaults\preferences\xulcache.js
c:\documents and settings\Mouth\Application Data\Mozilla\Firefox\Profiles\og0g7s2n.default\extensions\{ffb9df16-4c73-49a1-9a00-5aaaf2092ab0}\install.rdf
c:\documents and settings\theonyxserpent\Application Data\dwm.exe
c:\documents and settings\theonyxserpent\Application Data\Microsoft\conhost.exe
c:\documents and settings\theonyxserpent\Application Data\Mozilla\Firefox\Profiles\og0g7s2n.default\extensions\{02f2bf09-f910-4c12-9090-1c4a7646a895}\chrome.manifest
c:\documents and settings\theonyxserpent\Application Data\Mozilla\Firefox\Profiles\og0g7s2n.default\extensions\{02f2bf09-f910-4c12-9090-1c4a7646a895}\chrome\xulcache.jar
c:\documents and settings\theonyxserpent\Application Data\Mozilla\Firefox\Profiles\og0g7s2n.default\extensions\{02f2bf09-f910-4c12-9090-1c4a7646a895}\defaults\preferences\xulcache.js
c:\documents and settings\theonyxserpent\Application Data\Mozilla\Firefox\Profiles\og0g7s2n.default\extensions\{02f2bf09-f910-4c12-9090-1c4a7646a895}\install.rdf
c:\documents and settings\theonyxserpent\Application Data\Mozilla\Firefox\Profiles\og0g7s2n.default\extensions\{3cb6c568-ca5b-4b41-8a2c-9cfe0d13c63c}\chrome.manifest
c:\documents and settings\theonyxserpent\Application Data\Mozilla\Firefox\Profiles\og0g7s2n.default\extensions\{3cb6c568-ca5b-4b41-8a2c-9cfe0d13c63c}\chrome\xulcache.jar
c:\documents and settings\theonyxserpent\Application Data\Mozilla\Firefox\Profiles\og0g7s2n.default\extensions\{3cb6c568-ca5b-4b41-8a2c-9cfe0d13c63c}\defaults\preferences\xulcache.js
c:\documents and settings\theonyxserpent\Application Data\Mozilla\Firefox\Profiles\og0g7s2n.default\extensions\{3cb6c568-ca5b-4b41-8a2c-9cfe0d13c63c}\install.rdf
c:\documents and settings\theonyxserpent\Application Data\Mozilla\Firefox\Profiles\og0g7s2n.default\extensions\{e1a852cd-b45a-4656-b124-e020f6e257cb}\chrome.manifest
c:\documents and settings\theonyxserpent\Application Data\Mozilla\Firefox\Profiles\og0g7s2n.default\extensions\{e1a852cd-b45a-4656-b124-e020f6e257cb}\chrome\xulcache.jar
c:\documents and settings\theonyxserpent\Application Data\Mozilla\Firefox\Profiles\og0g7s2n.default\extensions\{e1a852cd-b45a-4656-b124-e020f6e257cb}\defaults\preferences\xulcache.js
c:\documents and settings\theonyxserpent\Application Data\Mozilla\Firefox\Profiles\og0g7s2n.default\extensions\{e1a852cd-b45a-4656-b124-e020f6e257cb}\install.rdf
c:\documents and settings\theonyxserpent\Application Data\Mozilla\Firefox\Profiles\og0g7s2n.default\extensions\{ffb9df16-4c73-49a1-9a00-5aaaf2092ab0}\chrome.manifest
c:\documents and settings\theonyxserpent\Application Data\Mozilla\Firefox\Profiles\og0g7s2n.default\extensions\{ffb9df16-4c73-49a1-9a00-5aaaf2092ab0}\chrome\xulcache.jar
c:\documents and settings\theonyxserpent\Application Data\Mozilla\Firefox\Profiles\og0g7s2n.default\extensions\{ffb9df16-4c73-49a1-9a00-5aaaf2092ab0}\defaults\preferences\xulcache.js
c:\documents and settings\theonyxserpent\Application Data\Mozilla\Firefox\Profiles\og0g7s2n.default\extensions\{ffb9df16-4c73-49a1-9a00-5aaaf2092ab0}\install.rdf
.
c:\windows\system32\sfcfiles.dll was missing
Restored copy from - c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\sfcfiles.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-05-26 to 2011-06-26 )))))))))))))))))))))))))))))))
.
.
2011-06-26 15:21 . 2008-04-14 00:12 1614848 ----a-w- c:\windows\system32\sfcfiles.dll
2011-06-24 20:56 . 2011-06-24 20:56 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-06-24 20:56 . 2011-06-24 20:56 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-06-23 23:06 . 2011-06-23 23:06 568832 ----a-w- c:\windows\system32\avifile32.exe
2011-06-23 23:06 . 2011-06-23 23:06 568832 ----a-w- c:\windows\system32\dpnaddr32.exe
2011-06-23 23:06 . 2011-06-23 23:06 568832 ----a-w- c:\windows\system32\schedsvc32.exe
2011-06-23 23:06 . 2011-06-23 23:06 369664 ----a-w- c:\windows\system32\avifile32.dll
2011-06-23 22:44 . 2011-06-23 22:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2011-06-23 22:34 . 2011-06-23 22:34 -------- d-----w- C:\f02976e5e14006106d
2011-06-23 22:33 . 2011-06-23 22:33 -------- d-----w- c:\windows\system32\drivers\UMDF
2011-06-23 22:33 . 2011-06-23 22:33 -------- d-----w- c:\windows\system32\LogFiles
2011-06-23 02:01 . 2011-06-23 02:01 -------- d-----w- C:\_OTL
2011-06-22 02:14 . 2011-06-22 03:14 20552 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-06-22 02:12 . 2011-06-22 02:12 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-06-09 03:18 . 2011-06-09 03:18 -------- d-----w- c:\documents and settings\theonyxserpent\Local Settings\Application Data\Identities
2011-06-05 03:13 . 2011-06-23 10:37 -------- d-----w- c:\windows\system32\MpEngineStore
2011-06-02 00:35 . 2011-06-02 00:35 -------- d-----w- c:\program files\CleanUp!
2011-06-02 00:32 . 2011-06-22 02:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2011-05-31 02:15 . 2011-05-31 02:15 0 ---ha-w- c:\documents and settings\theonyxserpent\wbczjdzfrr.tmp
2011-05-31 02:09 . 2011-05-31 02:09 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-24 20:56 . 2011-05-10 03:01 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\spoolsv.exe
[7] 2005-06-11 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[7] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\system32\dllcache\spoolsv.exe
[7] 2004-08-04 . 7435B108B935E42EA92CA94F59C8E717 . 57856 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB896423$\spoolsv.exe
.
[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\sfcfiles.dll
[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
[7] 2004-08-04 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\sfcfiles.dll
.
c:\windows\System32\spoolsv.exe ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06182B75-C684-4FC5-9490-2C0401937762}]
2011-06-23 23:06 369664 ----a-w- c:\windows\system32\avifile32.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D187A56B-A33F-4CBE-9D77-459FC0BAE012}]
2010-01-18 19:28 815104 ----a-w- c:\program files\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2009-08-05 224712]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RandMAC"="c:\extracted\MadMACs\MadMACs.exe" [2008-08-06 253245]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2003-04-07 04:07 114688 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2003-04-07 04:19 155648 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-10-13 16:24 1694208 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-01-26 20:31 2144088 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-12-12 22:47 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\avifile32.exe"=
"c:\\WINDOWS\\system32\\schedsvc32.exe"=
"c:\\WINDOWS\\system32\\dpnaddr32.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12/14/2009 1:20 PM 722416]
R2 UPS32;Uninterruptible Power Supply ;c:\windows\system32\schedsvc32.exe [6/23/2011 7:06 PM 568832]
R2 winmgmt32;Windows Management Instrumentation ;c:\windows\system32\dpnaddr32.exe [6/23/2011 7:06 PM 568832]
R3 {E6759E0C-470B-44DC-A4A1-627E68BB3A85};AIM 3.0 SI164;c:\windows\system32\drivers\a302.sys [5/10/2005 3:35 PM 11319]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys --> c:\windows\system32\DRIVERS\ewusbnet.sys [?]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [6/21/2011 10:14 PM 20552]
S3 VNCTEMP;Gencontrol WinVNC temporary service;c:\vnctemp\WinVNC.exe [6/16/2009 6:18 PM 469504]
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 17:42]
.
2011-06-25 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2009-12-12 21:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:57980
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\theonyxserpent\Application Data\Mozilla\Firefox\Profiles\og0g7s2n.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://start.mozilla.org/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 57980
FF - prefs.js: network.proxy.type - 1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-26 11:22
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2011-06-26 11:25:41
ComboFix-quarantined-files.txt 2011-06-26 15:25
ComboFix2.txt 2011-05-29 13:07
ComboFix3.txt 2009-06-16 22:59
.
Pre-Run: 8,343,834,624 bytes free
Post-Run: 8,325,505,024 bytes free
.
- - End Of File - - 21F4B0EDDE50DBCDB1B98E4B88F5FC2C

Edited by jerosakireno, 26 June 2011 - 09:33 AM.

  • 0

Advertisements


#17
ali.B

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

FCopy::
c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe | c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\spoolsv.exe
c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe | c:\windows\System32\spoolsv.exe
c:\windows\system32\dllcache\sfcfiles.dll | c:\windows\system32\sfcfiles.dll
c:\windows\system32\dllcache\sfcfiles.dll | c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\sfcfiles.dll

Collect::
c:\windows\system32\avifile32.exe
c:\windows\system32\dpnaddr32.exe
c:\windows\system32\schedsvc32.exe
c:\windows\system32\avifile32.dll

Driver::
UPS32
winmgmt32


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Next

  • Make sure to use Internet Explorer for this
  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:

    • c:\windows\system32\drivers\sptd.sys
  • Click on the Upload button
  • If a pop-up appears saying the file has been scanned already, please select the ReScan button.
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.

Next

Open OTL , click the Quick Scan button and post the log it produces
  • 0

#18
jerosakireno

jerosakireno

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
I got as far as dragging the CFScript.txt into the exe file, that all ran & produced this log:

ComboFix 11-06-26.01 - theonyxserpent 06/26/2011 13:16:16.4.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.510.284 [GMT -4:00]
Running from: c:\documents and settings\theonyxserpent\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\theonyxserpent\Desktop\CFScript.txt
.
file zipped: c:\windows\system32\avifile32.dll
file zipped: c:\windows\system32\avifile32.exe
file zipped: c:\windows\system32\dpnaddr32.exe
file zipped: c:\windows\system32\schedsvc32.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\og0g7s2n.default\extensions\{1a4c74cd-c991-4e7b-a443-3161c5c851e9}
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\og0g7s2n.default\extensions\{1a4c74cd-c991-4e7b-a443-3161c5c851e9}\chrome.manifest
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\og0g7s2n.default\extensions\{1a4c74cd-c991-4e7b-a443-3161c5c851e9}\chrome\xulcache.jar
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\og0g7s2n.default\extensions\{1a4c74cd-c991-4e7b-a443-3161c5c851e9}\defaults\preferences\xulcache.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\og0g7s2n.default\extensions\{1a4c74cd-c991-4e7b-a443-3161c5c851e9}\install.rdf
c:\documents and settings\Mouth\Application Data\Mozilla\Firefox\Profiles\og0g7s2n.default\extensions\{1a4c74cd-c991-4e7b-a443-3161c5c851e9}
c:\documents and settings\Mouth\Application Data\Mozilla\Firefox\Profiles\og0g7s2n.default\extensions\{1a4c74cd-c991-4e7b-a443-3161c5c851e9}\chrome.manifest
c:\documents and settings\Mouth\Application Data\Mozilla\Firefox\Profiles\og0g7s2n.default\extensions\{1a4c74cd-c991-4e7b-a443-3161c5c851e9}\chrome\xulcache.jar
c:\documents and settings\Mouth\Application Data\Mozilla\Firefox\Profiles\og0g7s2n.default\extensions\{1a4c74cd-c991-4e7b-a443-3161c5c851e9}\defaults\preferences\xulcache.js
c:\documents and settings\Mouth\Application Data\Mozilla\Firefox\Profiles\og0g7s2n.default\extensions\{1a4c74cd-c991-4e7b-a443-3161c5c851e9}\install.rdf
c:\documents and settings\theonyxserpent\Application Data\Mozilla\Firefox\Profiles\og0g7s2n.default\extensions\{1a4c74cd-c991-4e7b-a443-3161c5c851e9}
c:\documents and settings\theonyxserpent\Application Data\Mozilla\Firefox\Profiles\og0g7s2n.default\extensions\{1a4c74cd-c991-4e7b-a443-3161c5c851e9}\chrome.manifest
c:\documents and settings\theonyxserpent\Application Data\Mozilla\Firefox\Profiles\og0g7s2n.default\extensions\{1a4c74cd-c991-4e7b-a443-3161c5c851e9}\chrome\xulcache.jar
c:\documents and settings\theonyxserpent\Application Data\Mozilla\Firefox\Profiles\og0g7s2n.default\extensions\{1a4c74cd-c991-4e7b-a443-3161c5c851e9}\defaults\preferences\xulcache.js
c:\documents and settings\theonyxserpent\Application Data\Mozilla\Firefox\Profiles\og0g7s2n.default\extensions\{1a4c74cd-c991-4e7b-a443-3161c5c851e9}\install.rdf
c:\windows\system32\avifile32.dll
c:\windows\system32\avifile32.exe
c:\windows\system32\dpnaddr32.exe
c:\windows\system32\schedsvc32.exe
.
.
--------------- FCopy ---------------
.
c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe --> c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\spoolsv.exe
c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe --> c:\windows\System32\spoolsv.exe
c:\windows\system32\dllcache\sfcfiles.dll --> c:\windows\system32\sfcfiles.dll
c:\windows\system32\dllcache\sfcfiles.dll --> c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_UPS32
-------\Legacy_WINMGMT32
-------\Service_UPS32
-------\Service_winmgmt32
.
.
((((((((((((((((((((((((( Files Created from 2011-05-26 to 2011-06-26 )))))))))))))))))))))))))))))))
.
.
2011-06-26 17:16 . 2005-06-11 00:17 57856 ----a-w- c:\windows\system32\spoolsv.exe
2011-06-26 15:21 . 2004-08-04 12:00 1580544 ----a-w- c:\windows\system32\sfcfiles.dll
2011-06-24 20:56 . 2011-06-24 20:56 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-06-24 20:56 . 2011-06-24 20:56 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-06-23 22:44 . 2011-06-23 22:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2011-06-23 22:34 . 2011-06-23 22:34 -------- d-----w- C:\f02976e5e14006106d
2011-06-23 22:33 . 2011-06-23 22:33 -------- d-----w- c:\windows\system32\drivers\UMDF
2011-06-23 22:33 . 2011-06-23 22:33 -------- d-----w- c:\windows\system32\LogFiles
2011-06-23 02:01 . 2011-06-23 02:01 -------- d-----w- C:\_OTL
2011-06-22 02:14 . 2011-06-22 03:14 20552 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-06-22 02:12 . 2011-06-22 02:12 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-06-09 03:18 . 2011-06-09 03:18 -------- d-----w- c:\documents and settings\theonyxserpent\Local Settings\Application Data\Identities
2011-06-05 03:13 . 2011-06-23 10:37 -------- d-----w- c:\windows\system32\MpEngineStore
2011-06-02 00:35 . 2011-06-02 00:35 -------- d-----w- c:\program files\CleanUp!
2011-06-02 00:32 . 2011-06-22 02:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2011-05-31 02:15 . 2011-05-31 02:15 0 ---ha-w- c:\documents and settings\theonyxserpent\wbczjdzfrr.tmp
2011-05-31 02:09 . 2011-05-31 02:09 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-24 20:56 . 2011-05-10 03:01 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D187A56B-A33F-4CBE-9D77-459FC0BAE012}]
2010-01-18 19:28 815104 ----a-w- c:\program files\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2009-08-05 224712]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RandMAC"="c:\extracted\MadMACs\MadMACs.exe" [2008-08-06 253245]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2003-04-07 04:07 114688 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2003-04-07 04:19 155648 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-10-13 16:24 1694208 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-01-26 20:31 2144088 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-12-12 22:47 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12/14/2009 1:20 PM 722416]
R3 {E6759E0C-470B-44DC-A4A1-627E68BB3A85};AIM 3.0 SI164;c:\windows\system32\drivers\a302.sys [5/10/2005 3:35 PM 11319]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys --> c:\windows\system32\DRIVERS\ewusbnet.sys [?]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [6/21/2011 10:14 PM 20552]
S3 VNCTEMP;Gencontrol WinVNC temporary service;c:\vnctemp\WinVNC.exe [6/16/2009 6:18 PM 469504]
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 17:42]
.
2011-06-26 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2009-12-12 21:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:57980
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\theonyxserpent\Application Data\Mozilla\Firefox\Profiles\og0g7s2n.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://start.mozilla.org/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 57980
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-26 13:25
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2924)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe
c:\windows\system32\CCM\CcmExec.exe
c:\windows\system32\msiexec.exe
.
**************************************************************************
.
Completion time: 2011-06-26 13:29:32 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-26 17:29
ComboFix2.txt 2011-06-26 15:25
ComboFix3.txt 2011-05-29 13:07
ComboFix4.txt 2009-06-16 22:59
.
Pre-Run: 8,394,702,848 bytes free
Post-Run: 8,367,529,984 bytes free
.
- - End Of File - - 85C2F29A3D12C7FE21DD3751DF7253A9
Upload was successful




But when I clicked upload for that suspicious file on virscan.org, I got this message:




ERROR: Can't find upload file!
  • 0

#19
ali.B

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

Rootkit Unhooker:
  • Please download Rootkit Unhooker and save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth. Uncheck the rest and then click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get the following warning, just click OK and continue.

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"

  • 0

#20
jerosakireno

jerosakireno

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
Unhooker Report:


RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 2)
Number of processors #1
==============================================
>Drivers
==============================================
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2181376 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2181376 bytes
0x804D7000 RAW 2181376 bytes
0x804D7000 WMIxWDM 2181376 bytes
0xBF800000 Win32k 1851392 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1851392 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF85AF000 PCI_PNP2686 1052672 bytes
0xF85AF000 spna.sys 1052672 bytes
0xF85AF000 sptd 1052672 bytes
0xF7B31000 C:\WINDOWS\system32\drivers\smwdm.sys 581632 bytes (Analog Devices, Inc., SoundMAX Integrated Digital Audio )
0xF8425000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xBF06F000 C:\WINDOWS\System32\ialmdd5.DLL 483328 bytes (Intel Corporation, DirectDraw® Driver for Intel® Graphics Technology)
0xEF71B000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 454656 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF7A22000 C:\WINDOWS\system32\DRIVERS\update.sys 364544 bytes (Microsoft Corporation, Update Driver)
0xEF7FF000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 360448 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xEF29F000 C:\WINDOWS\system32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xEEAA0000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xF7AD4000 C:\WINDOWS\System32\Drivers\add0kriy.SYS 233472 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xF7A7B000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 200704 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xF8569000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xBF041000 C:\WINDOWS\System32\ialmdev5.DLL 188416 bytes (Intel Corporation, Component GHAL Driver)
0xF83F8000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xEF31E000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 180224 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xEE90D000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xEF78A000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xEF7D7000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xF8513000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xF7B0D000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF7BBF000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xEEAE1000 C:\WINDOWS\System32\Drivers\RDPWD.SYS 143360 bytes (Microsoft Corporation, RDP Terminal Stack Driver (US/Canada Only, Not for Export))
0xF7C14000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 143360 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xEF7B5000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xBF01F000 C:\WINDOWS\System32\ialmdnt5.dll 139264 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0xEF6FA000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 135168 bytes (Microsoft Corporation, IP Network Address Translator)
0x806EC000 ACPI_HAL 131968 bytes
0x806EC000 C:\WINDOWS\system32\hal.dll 131968 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF84DB000 fltMgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF8539000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF7BF6000 C:\WINDOWS\system32\DRIVERS\e1000325.sys 122880 bytes (Intel Corporation, Intel® PRO/1000 Adapter NDIS 5.1 deserialized driver)
0xEF94A000 C:\WINDOWS\system32\drivers\ialmsbw.sys 114688 bytes (Intel Corporation, Intel Graphics Platform (SoftBIOS) Driver for Windows 2000® & Windows XP™)
0xF83DD000 Mup.sys 110592 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF84FB000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xEF6BA000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xF8597000 C:\WINDOWS\System32\Drivers\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xF7C37000 C:\WINDOWS\system32\DRIVERS\ialmnt5.sys 94208 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0xF84B2000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF7ABD000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xEEE02000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xEF966000 C:\WINDOWS\system32\drivers\ialmkchw.sys 81920 bytes (Intel Corporation, Intel Graphics Chipset (KCH) Driver for Windows 2000® & Windows XP™)
0xF7BE2000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xF7C4E000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xEF857000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF84C9000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF8558000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF7AAC000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xF8851000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF8911000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xF8721000 Combo-Fix.sys 61440 bytes
0xF8941000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF8931000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xEEE9F000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF87B1000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF8921000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 53248 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF8711000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF8901000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xBF012000 C:\WINDOWS\System32\ialmrnt5.dll 53248 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0xF8741000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF86F1000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF8761000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF86E1000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF8751000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF8791000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF8781000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xEF22F000 C:\WINDOWS\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0xF8701000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF8801000 C:\WINDOWS\System32\Drivers\Fips.SYS 36864 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF8841000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xF88F1000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF86D1000 isapnp.sys 36864 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF8771000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF87D1000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xF8811000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF8A41000 C:\ComboFix\catchme.sys 32768 bytes
0xF8AC9000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF8AD1000 C:\WINDOWS\system32\drivers\A302.sys 28672 bytes (Intel Corporation, Silicon Image 164 Minidriver)
0xF8A19000 C:\WINDOWS\system32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xF8AB1000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF8951000 C:\WINDOWS\System32\Drivers\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF8A11000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 28672 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF8981000 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xF89F9000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF8A01000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF8A61000 C:\WINDOWS\System32\Drivers\TDTCP.SYS 24576 bytes (Microsoft Corporation, TCP Transport Driver)
0xF8AB9000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF8AC1000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF8959000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF8A89000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF8A91000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xF8A81000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF8A09000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 20480 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF8989000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF8BC9000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xEF5B6000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF7C66000 C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS 16384 bytes (Dell Computer Corporation, OMCI Device Driver)
0xF8B99000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xF8AE1000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF8BA9000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF8B7D000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xEF1B3000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF8BAD000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF7C7E000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF8BEF000 C:\WINDOWS\system32\drivers\aeaudio.sys 8192 bytes (Andrea Electronics Corporation, Andrea Audio Stub Driver)
0xF8BFB000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF8BD7000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xF8C03000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF8BF9000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF8BD5000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0xF8BED000 C:\WINDOWS\system32\DRIVERS\kbstuff5.sys 8192 bytes (Microsoft Corporation, WUSER 32 Keyboard Stuffer)
0xF8BD1000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF8BFF000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF8C5D000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xF8C29000 C:\WINDOWS\system32\Drivers\PROCEXP113.SYS 8192 bytes
0xF8C01000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF8BF5000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF8BF7000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF8BD3000 C:\WINDOWS\System32\Drivers\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF8D8F000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF8D6F000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF8D6C000 C:\WINDOWS\system32\DRIVERS\idisw2km.sys 4096 bytes (Microsoft Corporation, SMS Mirror Miniport Driver)
0xF8DF4000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF8C99000 PCIIde.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x82F701F8 unknown_irp_handler 3592 bytes
0x82F711F8 unknown_irp_handler 3592 bytes
0x82D5B1F8 unknown_irp_handler 3592 bytes
0x82FDE1F8 unknown_irp_handler 3592 bytes
0x82B281F8 unknown_irp_handler 3592 bytes
0x82E231F8 unknown_irp_handler 3592 bytes
0x82F721F8 unknown_irp_handler 3592 bytes
0x82D651F8 unknown_irp_handler 3592 bytes
0x82D5A500 unknown_irp_handler 2816 bytes
0x82C44500 unknown_irp_handler 2816 bytes
0x82C40500 unknown_irp_handler 2816 bytes
0x82B55500 unknown_irp_handler 2816 bytes
==============================================
>Stealth
==============================================
WARNING: File locked for read access [C:\WINDOWS\system32\drivers\sptd.sys]
  • 0

#21
ali.B

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

Step 1

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

Step 2

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


Things i would like to see in your reply:
  • Malwarebytes Results.
  • Eset scanner report.
  • Update on how your computer is running

  • 0

#22
jerosakireno

jerosakireno

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
Malwarebytes Results:


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.13

6/27/2011 8:38:51 PM
mbam-log-2011-06-27 (20-38-51).txt

Scan type: Quick scan
Objects scanned: 127319
Time elapsed: 6 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


The ESET online scanner is a little weird... Its telling me I have to buy their program, it never produced a text file to the C Drive, when it was done I just copied this: hopefully this is what you're looking for from there:



C:\System Volume Information\_restore{C1610B7D-08C0-4A78-981D-4F6E8DFCA536}\RP507\A0068935.exe a variant of Win32/Kryptik.OYY trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{C1610B7D-08C0-4A78-981D-4F6E8DFCA536}\RP507\A0068936.exe a variant of Win32/Kryptik.PGS trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{C1610B7D-08C0-4A78-981D-4F6E8DFCA536}\RP507\A0068937.exe Win32/TrojanDownloader.Tracur.B trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{C1610B7D-08C0-4A78-981D-4F6E8DFCA536}\RP507\A0068938.exe Win32/TrojanDownloader.Tracur.B trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{C1610B7D-08C0-4A78-981D-4F6E8DFCA536}\RP507\A0068939.exe a variant of Win32/Kryptik.OYY trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{C1610B7D-08C0-4A78-981D-4F6E8DFCA536}\RP507\A0068940.exe a variant of Win32/Kryptik.PGS trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{C1610B7D-08C0-4A78-981D-4F6E8DFCA536}\RP507\A0068941.exe a variant of Win32/Kryptik.PGS trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{C1610B7D-08C0-4A78-981D-4F6E8DFCA536}\RP507\A0068942.exe a variant of Win32/Kryptik.PGS trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{C1610B7D-08C0-4A78-981D-4F6E8DFCA536}\RP507\A0068943.exe a variant of Win32/Kryptik.PKN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{C1610B7D-08C0-4A78-981D-4F6E8DFCA536}\RP507\A0068944.exe a variant of Win32/Kryptik.PKN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{C1610B7D-08C0-4A78-981D-4F6E8DFCA536}\RP507\A0068945.exe a variant of Win32/Kryptik.PKN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{C1610B7D-08C0-4A78-981D-4F6E8DFCA536}\RP507\A0068946.dll a variant of Win32/Kryptik.NHY trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{C1610B7D-08C0-4A78-981D-4F6E8DFCA536}\RP507\A0068947.exe a variant of Win32/Kryptik.OKQ trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{C1610B7D-08C0-4A78-981D-4F6E8DFCA536}\RP507\A0068948.exe a variant of Win32/Kryptik.OKQ trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{C1610B7D-08C0-4A78-981D-4F6E8DFCA536}\RP507\A0068949.exe a variant of Win32/Kryptik.OKQ trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{C1610B7D-08C0-4A78-981D-4F6E8DFCA536}\RP507\A0068950.dll Win32/TrojanDownloader.Agent.PDY trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{C1610B7D-08C0-4A78-981D-4F6E8DFCA536}\RP507\A0068951.dll Win32/TrojanDownloader.Agent.PDY trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{C1610B7D-08C0-4A78-981D-4F6E8DFCA536}\RP507\A0068952.exe a variant of Win32/Kryptik.OKQ trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{C1610B7D-08C0-4A78-981D-4F6E8DFCA536}\RP507\A0068953.exe a variant of Win32/Kryptik.OKQ trojan cleaned by deleting - quarantined

The computer seems a little better. I had the redirect a little, not as much, and I just tried google search about 10 times and all ten times worked fine... But some sites are taking too long to load, almost as if I have a really slow connection, which i do not... It should be a lot faster than what it is.
  • 0

#23
ali.B

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
  • 0

#24
jerosakireno

jerosakireno

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
OTL logfile created on: 6/28/2011 5:07:47 PM - Run 8
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\theonyxserpent\My Documents\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

509.98 Mb Total Physical Memory | 280.01 Mb Available Physical Memory | 54.91% Memory free
1.21 Gb Paging File | 1.02 Gb Available in Paging File | 83.63% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 7.12 Gb Free Space | 19.12% Space Free | Partition Type: NTFS

Computer Name: THEONYXCOMPUTER | User Name: theonyxserpent | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/21 19:10:58 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\theonyxserpent\My Documents\Downloads\OTL.exe
PRC - [2009/08/05 06:17:12 | 000,204,800 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Pro\DTProShellHlp.exe
PRC - [2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/05/16 22:15:09 | 000,071,288 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
PRC - [2006/02/09 03:50:00 | 000,578,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\CCM\CcmExec.exe
PRC - [2006/02/09 03:50:00 | 000,248,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\CCM\clicomp\RemCtrl\Wuser32.exe


========== Modules (SafeList) ==========

MOD - [2011/06/21 19:10:58 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\theonyxserpent\My Documents\Downloads\OTL.exe
MOD - [2006/08/25 11:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/06/16 18:18:45 | 000,469,504 | ---- | M] (Constantin Kaplinsky) [On_Demand | Stopped] -- C:\VNCTEMP\WinVNC.exe -- (VNCTEMP)
SRV - [2008/12/10 15:46:58 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2006/02/09 03:50:00 | 000,578,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\CCM\CcmExec.exe -- (CcmExec)
SRV - [2006/02/09 03:50:00 | 000,248,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\CCM\clicomp\RemCtrl\Wuser32.exe -- (Wuser32)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2011/06/21 23:14:52 | 000,020,552 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hitmanpro35.sys -- (hitmanpro35)
DRV - [2009/12/14 17:20:33 | 000,722,416 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2006/02/09 03:50:00 | 000,020,704 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CCM\PrepDrv.sys -- (prepdrvr)
DRV - [2006/02/09 02:50:00 | 000,011,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\kbstuff5.sys -- (kbstuff)
DRV - [2006/02/09 02:50:00 | 000,008,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\idisw2km.sys -- (idisw2km)
DRV - [2005/11/24 19:51:38 | 000,245,248 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2005/02/01 18:18:38 | 000,017,992 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\bcm42rly.sys -- (BCM42RLY)
DRV - [2003/04/15 10:39:54 | 000,011,319 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\a302.sys -- ({E6759E0C-470B-44DC-A4A1-627E68BB3A85})
DRV - [2001/08/22 08:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 75 2B 18 06 84 C6 C5 4F 94 90 2C 04 01 93 77 62 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:57980

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://start.mozilla...en-US:official"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.10.01
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 57980
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/24 16:56:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/09 23:01:35 | 000,000,000 | ---D | M]

[2009/12/13 16:09:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\theonyxserpent\Application Data\Mozilla\Extensions
[2011/06/26 13:05:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\theonyxserpent\Application Data\Mozilla\Firefox\Profiles\og0g7s2n.default\extensions
[2010/10/08 23:58:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\THEONYXSERPENT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OG0G7S2N.DEFAULT\EXTENSIONS\[email protected]
[2009/12/12 18:47:36 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/06/24 16:56:41 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011/05/09 23:01:17 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/06/26 13:24:34 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Burn4Free Toolbar Helper) - {D187A56B-A33F-4CBE-9D77-459FC0BAE012} - C:\Program Files\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll ()
O4 - HKLM..\Run: [RandMAC] C:\extracted\MadMACs\MadMACs.exe ()
O4 - HKCU..\Run: [DAEMON Tools Pro Agent] C:\Program Files\DAEMON Tools Pro\DTProAgent.exe (DT Soft Ltd)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ntent/opuc2.cab (Office Update Installation Engine)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1232729059632 (WUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = onyx
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/05/10 14:57:30 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/27 22:36:06 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/06/27 20:43:42 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/06/26 11:12:52 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/06/26 11:12:52 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/06/26 11:12:52 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/06/26 11:11:38 | 004,126,959 | R--- | C] (Swearware) -- C:\Documents and Settings\theonyxserpent\Desktop\ComboFix.exe
[2011/06/23 19:04:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\theonyxserpent\Desktop\Other Audio
[2011/06/23 18:44:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/06/23 18:34:02 | 000,000,000 | ---D | C] -- C:\f02976e5e14006106d
[2011/06/23 18:33:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2011/06/23 18:33:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2011/06/22 22:01:01 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/21 22:15:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/06/21 22:12:14 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2011/06/21 22:06:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\theonyxserpent\My Documents\My Received Files
[2011/06/08 23:18:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\theonyxserpent\Local Settings\Application Data\Identities
[2011/06/04 23:13:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MpEngineStore
[2011/06/01 20:35:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\theonyxserpent\Start Menu\Programs\CleanUp!
[2011/06/01 20:35:25 | 000,000,000 | ---D | C] -- C:\Program Files\CleanUp!
[2011/06/01 20:32:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[1 C:\Documents and Settings\theonyxserpent\Desktop\*.tmp files -> C:\Documents and Settings\theonyxserpent\Desktop\*.tmp -> ]
[1 C:\Documents and Settings\theonyxserpent\*.tmp files -> C:\Documents and Settings\theonyxserpent\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/27 22:34:51 | 000,047,104 | ---- | M] () -- C:\Documents and Settings\theonyxserpent\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/27 22:34:13 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/27 17:12:13 | 000,029,566 | ---- | M] () -- C:\Documents and Settings\theonyxserpent\Desktop\Unhooker Report
[2011/06/27 12:24:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/06/26 13:50:11 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2011/06/26 13:24:34 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/06/26 13:24:27 | 000,000,330 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2011/06/26 13:24:23 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/26 13:24:18 | 000,000,386 | ---- | M] () -- C:\WINDOWS\SMSCFG.ini
[2011/06/26 13:23:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/26 13:13:19 | 004,126,959 | R--- | M] (Swearware) -- C:\Documents and Settings\theonyxserpent\Desktop\ComboFix.exe
[2011/06/25 20:02:53 | 000,017,431 | ---- | M] () -- C:\Documents and Settings\theonyxserpent\Application Data\47D2.A7B
[2011/06/23 19:06:37 | 000,000,062 | ---- | M] () -- C:\WINDOWS\System32\918880264
[2011/06/23 18:49:47 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\theonyxserpent\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/06/23 18:49:46 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\theonyxserpent\Desktop\Windows Media Player.lnk
[2011/06/23 18:33:54 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2011/06/21 23:14:52 | 000,020,552 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/06/21 22:27:42 | 000,001,663 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk
[2011/06/19 12:16:00 | 000,000,419 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2011/06/01 20:35:43 | 000,000,687 | ---- | M] () -- C:\Documents and Settings\theonyxserpent\Desktop\CleanUp!.lnk
[1 C:\Documents and Settings\theonyxserpent\Desktop\*.tmp files -> C:\Documents and Settings\theonyxserpent\Desktop\*.tmp -> ]
[1 C:\Documents and Settings\theonyxserpent\*.tmp files -> C:\Documents and Settings\theonyxserpent\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/27 17:12:12 | 000,029,566 | ---- | C] () -- C:\Documents and Settings\theonyxserpent\Desktop\Unhooker Report
[2011/06/26 11:12:53 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/06/26 11:12:52 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/06/26 11:12:52 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/06/26 11:12:52 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/06/26 11:12:52 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/06/25 02:53:45 | 000,017,431 | ---- | C] () -- C:\Documents and Settings\theonyxserpent\Application Data\47D2.A7B
[2011/06/23 19:06:23 | 000,000,062 | ---- | C] () -- C:\WINDOWS\System32\918880264
[2011/06/23 18:33:54 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2011/06/21 22:14:19 | 000,020,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/06/21 22:12:15 | 000,001,663 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk
[2011/06/01 20:35:43 | 000,000,687 | ---- | C] () -- C:\Documents and Settings\theonyxserpent\Desktop\CleanUp!.lnk
[2011/05/22 12:46:25 | 000,000,419 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2011/01/31 00:04:34 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/11/19 01:00:37 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/11/19 01:00:32 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/11/19 01:00:32 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/11/19 01:00:31 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2010/11/19 01:00:30 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/10/15 21:39:54 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/12/12 17:49:31 | 000,002,733 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
[2007/06/04 16:51:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2007/03/23 15:59:00 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/11/07 14:25:34 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/10/25 11:25:47 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\SVSetup.Exe
[2006/10/25 11:25:46 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\SVSetup.dll
[2006/10/25 11:25:45 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\SSCoInst.exe
[2006/10/25 11:25:44 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\SSCoInst.dll
[2006/10/25 11:25:31 | 000,020,594 | ---- | C] () -- C:\WINDOWS\System32\Dels3LMK.DLL
[2006/10/12 11:51:49 | 000,006,454 | ---- | C] () -- C:\WINDOWS\solomon.ini
[2006/10/12 11:25:50 | 000,100,352 | ---- | C] () -- C:\WINDOWS\System32\pg32conv.dll
[2006/10/12 11:25:29 | 001,128,448 | ---- | C] () -- C:\WINDOWS\System32\sbl.dll
[2006/10/12 11:25:27 | 000,496,640 | ---- | C] () -- C:\WINDOWS\System32\tls7012d.dll
[2005/05/10 16:41:41 | 000,000,546 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/05/10 16:24:15 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/05/10 16:24:09 | 000,099,965 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2005/05/10 16:24:00 | 000,004,147 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2005/05/10 15:43:28 | 000,000,386 | ---- | C] () -- C:\WINDOWS\SMSCFG.ini
[2005/05/10 15:40:10 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\e1000msg.dll
[2005/05/10 15:00:47 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/05/10 14:53:16 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/05/10 10:24:45 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/05/10 10:23:14 | 000,255,064 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/10/08 04:47:08 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2004/09/29 01:46:40 | 000,047,104 | ---- | C] () -- C:\Documents and Settings\theonyxserpent\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/08/04 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 08:00:00 | 000,991,744 | ---- | C] () -- C:\WINDOWS\System32\drmv2clt.dll
[2004/08/04 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 08:00:00 | 000,384,976 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 08:00:00 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\netid.dll
[2004/08/04 08:00:00 | 000,054,184 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 08:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 08:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/04 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2009/12/14 13:28:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
[2011/02/17 23:58:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\dPhIcDd15405
[2011/06/21 22:18:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/10/02 01:44:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScreenVCR
[2011/06/23 18:44:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/12/12 15:50:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2011/01/31 00:02:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\theonyxserpent\Application Data\Cocoon Software
[2009/12/14 13:37:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\theonyxserpent\Application Data\DAEMON Tools Pro
[2009/12/12 18:12:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\theonyxserpent\Application Data\GlarySoft
[2010/10/08 23:35:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\theonyxserpent\Application Data\MSNInstaller
[2004/09/29 03:36:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\theonyxserpent\Application Data\Smith Micro
[2011/06/20 19:10:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\theonyxserpent\Application Data\uTorrent
[2009/12/13 12:50:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\theonyxserpent\Application Data\yoclient
[2011/06/26 13:24:27 | 000,000,330 | ---- | M] () -- C:\WINDOWS\Tasks\GlaryInitialize.job

========== Purity Check ==========



< End of report >
  • 0

#25
ali.B

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

Congratulations your logs appear clean :)

Reset and Re-enable your System Restore

The following will implement some cleanup procedures as well as reset System Restore points:
  • Click START then RUN
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

    Posted Image

NEXT

  • Open OTL to run it. (Vista users, right click on OTL and "Run as administrator")
  • Click on the CleanUp button.
  • Click Yes to begin the cleanup process and remove tools, including this application
  • You may be asked to reboot the machine to finish the cleanup process - if so, choose Yes


Recommendations

See Here for a list of recommendations for free Antivirus\AntiSpyware applications.


  • Keep Your windows up to date by regularly checking their website at:
    http://windowsupdate.microsoft.com/

  • SpywareBlaster protects against bad ActiveX, it immunizes your PC against them.

  • SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict.

  • Make Internet Explorer more secure[list]
  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.



[*]MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.


[*]Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here

If you choose to use Firefox, I highly recommend these add-ons to keep your PC even more secure.
[list]
  • 0

Advertisements


#26
ali.B

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP