Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Google redirect issues

Started by res ipsa , Jul 11 2011 08:23 AM

This topic is locked

#1
res ipsa

Posted 11 July 2011 - 08:23 AM

New Member

Member
5 posts

Approximately the last 72 hours Google/Yahoo about 90% of the time have been redirected. Not sure how I picked the malware.

Have tried several fixes to no avail --- followed all the steps in the do it yourself steps (erunt - OTM - GooredFix - TDSSKiller) but still the same issue. Have also run SuperAntiSpyware scan which found nothing.

Following the next steps, I then downloaded OTL and here is the log:

OTL logfile created on: 7/11/2011 9:08:46 AM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Jeff.TERESA\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 178.63 Mb Available Physical Memory | 35.02% Memory free
672.17 Mb Paging File | 284.37 Mb Available in Paging File | 42.31% Paging File free
Paging file location(s): C:\pagefile.sys 192 384 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 19.63 Gb Free Space | 52.71% Space Free | Partition Type: NTFS

Computer Name: TERESA | User Name: Jeff | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/11 09:07:12 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jeff.TERESA\Desktop\OTL.exe
PRC - [2011/06/30 08:50:31 | 002,424,192 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2011/06/22 11:29:14 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/25 04:41:37 | 000,537,520 | ---- | M] ( ) -- C:\WINDOWS\SYSTEM32\lxddcoms.exe
PRC - [2007/01/04 16:38:18 | 000,112,336 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
PRC - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe

========== Modules (SafeList) ==========

MOD - [2011/07/11 09:07:12 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jeff.TERESA\Desktop\OTL.exe
MOD - [2011/07/05 13:40:14 | 000,030,208 | -HS- | M] (Microsoft Corporation) -- C:\Documents and Settings\Jeff.TERESA\Application Data\cleanhtm.dll
MOD - [2006/08/25 10:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [Disabled | Stopped] -- -- (AppMgmt)
SRV - [2007/05/25 04:41:53 | 000,099,248 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe -- (lxddCATSCustConnectService)
SRV - [2007/05/25 04:41:37 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\lxddcoms.exe -- (lxdd_device)
SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2004/03/16 15:33:24 | 000,421,888 | ---- | M] (Dell) [On_Demand | Stopped] -- C:\WINDOWS\System32\dlbtcoms.exe -- (dlbt_device)

========== Driver Services (SafeList) ==========

DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2004/08/04 00:29:49 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys -- (iAimFP4)
DRV - [2004/08/04 00:29:47 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys -- (iAimFP3)
DRV - [2004/08/04 00:29:45 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys -- (iAimTV4)
DRV - [2004/08/04 00:29:43 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys -- (iAimTV3)
DRV - [2004/08/04 00:29:42 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys -- (iAimTV1)
DRV - [2004/08/04 00:29:41 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys -- (iAimTV0)
DRV - [2004/08/04 00:29:37 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys -- (iAimFP0)
DRV - [2004/08/04 00:29:37 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys -- (iAimFP1)
DRV - [2004/08/04 00:29:37 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys -- (iAimFP2)
DRV - [2004/08/04 00:29:36 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x)
DRV - [2003/08/29 03:59:24 | 001,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\BCMSM.sys -- (BCMModem)
DRV - [2003/08/13 07:36:25 | 000,206,464 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys -- (UdfReadr_xp)
DRV - [2003/08/13 07:36:25 | 000,143,834 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\pwd_2K.sys -- (pwd_2k)
DRV - [2003/08/13 07:36:25 | 000,030,630 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Mmc_2k.sys -- (mmc_2K)
DRV - [2003/08/13 07:36:25 | 000,025,898 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Dvd_2k.sys -- (dvd_2K)
DRV - [2003/08/13 07:31:19 | 000,028,164 | ---- | M] (MusicMatch, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k)
DRV - [2003/05/23 12:58:30 | 000,043,136 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2003/04/09 09:29:18 | 000,101,099 | ---- | M] (Belkin Components ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\bkusbxp.sys -- (Belkin Belkin 11Mbps Wireless USB Network Adapter®) Belkin Belkin 11Mbps Wireless USB Network Adapter®
DRV - [2003/01/07 12:32:26 | 000,015,400 | R--- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\NetMotCM.sys -- (ndiscm)
DRV - [2002/12/17 12:32:58 | 000,061,424 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2002/12/17 12:32:46 | 000,023,436 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2002/12/17 12:27:32 | 000,241,152 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\cdudf_xp.sys -- (cdudf_xp)
DRV - [2002/11/08 13:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2002/04/11 13:47:52 | 000,011,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ipfilter.sys -- (IPFilter)
DRV - [2001/08/17 12:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90XBC)
DRV - [2000/10/15 16:38:54 | 000,016,068 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\pcandis5.sys -- (PCANDIS5)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.neelephan...etcleaning.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = http://localhost;

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.neelephan...tcleaning.com/"
FF - prefs.js..network.proxy.no_proxies_on: "http://localhost,"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/23 06:54:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/22 11:29:35 | 000,000,000 | ---D | M]

[2011/02/23 12:04:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jeff.TERESA\Application Data\Mozilla\Extensions
[2011/07/09 19:25:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jeff.TERESA\Application Data\Mozilla\Firefox\Profiles\d2vdpktl.default\extensions
[2011/02/23 12:02:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/09/21 12:24:16 | 000,001,329 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\crawlersrch.xml

O1 HOSTS File: ([2011/07/09 15:45:47 | 000,000,703 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\Jeff.TERESA\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll (Google Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnote...ad/mnviewer.cab (Musicnotes Viewer)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.micr...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://codecs.micros...386/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www1.snapfish...fishActivia.cab (Snapfish Activia)
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} https://chat1.j2.com...u/TLIEFlash.CAB (TLIEFlashObj Class)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupd...7855.6073958333 (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=100 (Performance Viewer Activex Control)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://my.garmin.co...inAxControl.CAB (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.85.102 68.87.69.150
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\tuvULBQj: DllName - tuvULBQj.dll - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Jeff.TERESA\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jeff.TERESA\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O29 - HKLM SecurityProviders - (digeste.dll) - File not found
O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\nnnonLfe) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 08:59:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (smrgdf C:\Documents and Settings\Jeff\Application Data\iolo\) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/11 09:07:11 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jeff.TERESA\Desktop\OTL.exe
[2011/07/11 09:00:54 | 001,458,992 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Jeff.TERESA\Desktop\TDSSKiller.exe
[2011/07/11 08:59:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeff.TERESA\Desktop\GooredFix Backups
[2011/07/11 08:51:58 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/07/11 08:45:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/07/11 08:45:07 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/07/11 08:45:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/07/09 16:53:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeff.TERESA\Application Data\SUPERAntiSpyware.com
[2011/07/09 16:53:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/07/09 16:53:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/07/09 16:53:07 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/07/07 13:16:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeff.TERESA\Application Data\Sammsoft
[2011/07/07 12:33:00 | 000,512,688 | ---- | C] (Xceed Software Inc (450) 442-2626 [email protected] www.xceedsoft.com) -- C:\WINDOWS\System32\XceedCry.dll
[2011/07/07 12:33:00 | 000,423,784 | ---- | C] (Xceed Software Inc (450) 442-2626 [email protected] www.xceedsoft.com) -- C:\WINDOWS\System32\XceedBkp.dll
[2011/07/07 12:32:58 | 000,188,416 | ---- | C] (SoftShape Development) -- C:\WINDOWS\System32\actsplash.ocx
[2011/07/07 12:32:58 | 000,089,088 | ---- | C] (Ariad Software) -- C:\WINDOWS\System32\ProgressBar4.ocx
[2011/07/05 08:00:10 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2008/11/20 20:35:28 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddinpa.dll
[2008/11/20 20:35:28 | 000,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddiesc.dll
[2008/11/20 20:35:28 | 000,323,584 | ---- | C] ( ) -- C:\WINDOWS\System32\LXDDhcp.dll
[2008/11/20 20:35:26 | 000,999,424 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddusb1.dll
[2008/11/20 20:35:25 | 001,232,896 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddserv.dll
[2008/11/20 20:35:24 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddprox.dll
[2008/11/20 20:35:23 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddpmui.dll
[2008/11/20 20:35:23 | 000,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddpplc.dll
[2008/11/20 20:35:22 | 000,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddlmpm.dll
[2008/11/20 20:35:16 | 000,385,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddih.exe
[2008/11/20 20:35:15 | 000,700,416 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddhbn3.dll
[2008/11/20 20:35:13 | 000,537,520 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddcoms.exe
[2008/11/20 20:35:12 | 000,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddcomc.dll
[2008/11/20 20:35:12 | 000,425,984 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddcomm.dll
[2008/11/20 20:35:11 | 000,394,160 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddcfg.exe
[2003/08/26 09:55:43 | 000,429,264 | ---- | C] (Adobe Systems) -- C:\Program Files\AdbeRdr60_DLM_enu_full.exe
[5 C:\Documents and Settings\All Users\Documents\*.tmp files -> C:\Documents and Settings\All Users\Documents\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/11 09:07:12 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jeff.TERESA\Desktop\OTL.exe
[2011/07/11 08:54:58 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2011/07/11 08:54:56 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/11 08:53:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2011/07/11 08:53:01 | 534,843,392 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/11 08:53:01 | 000,185,816 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/11 08:45:11 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Jeff.TERESA\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/07/11 08:45:07 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Jeff.TERESA\Desktop\NTREGOPT.lnk
[2011/07/11 08:45:07 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Jeff.TERESA\Desktop\ERUNT.lnk
[2011/07/11 08:18:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/09 19:22:07 | 000,000,650 | ---- | M] () -- C:\WINDOWS\ka.ini
[2011/07/09 16:53:36 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/07/09 15:45:47 | 000,000,703 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts
[2011/07/01 18:46:00 | 001,458,992 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Jeff.TERESA\Desktop\TDSSKiller.exe
[5 C:\Documents and Settings\All Users\Documents\*.tmp files -> C:\Documents and Settings\All Users\Documents\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/11 08:45:11 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Jeff.TERESA\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/07/11 08:45:07 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Jeff.TERESA\Desktop\NTREGOPT.lnk
[2011/07/11 08:45:07 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Jeff.TERESA\Desktop\ERUNT.lnk
[2011/07/09 20:23:47 | 534,843,392 | -HS- | C] () -- C:\hiberfil.sys
[2011/07/09 16:53:36 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/07/07 12:32:58 | 000,389,120 | ---- | C] () -- C:\WINDOWS\System32\ACTSKN43.OCX
[2011/07/07 12:32:58 | 000,011,012 | ---- | C] () -- C:\WINDOWS\System32\threadapi.tlb
[2010/11/12 15:50:53 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\Jeff.TERESA\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/15 23:20:34 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/06/05 14:26:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2009/05/20 23:49:29 | 000,000,091 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2009/05/12 07:12:45 | 000,001,894 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2008/12/02 23:40:36 | 000,883,403 | -HS- | C] () -- C:\WINDOWS\System32\efLnonnn.ini2
[2008/12/02 23:40:33 | 000,883,403 | -HS- | C] () -- C:\WINDOWS\System32\efLnonnn.ini
[2008/11/21 01:28:54 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxddvs.dll
[2008/11/21 01:28:39 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\lxddcoin.dll
[2008/11/21 01:16:57 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\lxdddrs.dll
[2008/11/21 01:16:57 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxddcnv4.dll
[2008/11/21 01:16:57 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxddcaps.dll
[2008/11/21 01:04:42 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\LXF3PMON.DLL
[2008/11/21 01:04:42 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXF3FXPU.DLL
[2008/11/21 01:04:36 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\lxf3oem.dll
[2008/11/21 01:04:36 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\LXF3PMRC.DLL
[2008/11/20 20:44:35 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\lxddrwrd.ini
[2008/11/20 20:35:29 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\LXDDinst.dll
[2008/11/20 20:35:15 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxddgrd.dll
[2008/01/06 16:15:29 | 000,000,379 | ---- | C] () -- C:\WINDOWS\disney.ini
[2007/07/12 22:17:13 | 000,000,869 | ---- | C] () -- C:\WINDOWS\w21099w.ini
[2007/07/12 22:17:12 | 000,000,589 | ---- | C] () -- C:\WINDOWS\W21099.INI
[2007/06/27 10:39:43 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2007/06/27 10:39:42 | 000,696,320 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2007/05/22 19:14:58 | 000,008,784 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2007/05/01 20:30:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\softcoin.dll
[2007/05/01 20:30:00 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\gencoin.dll
[2006/10/17 18:55:26 | 000,000,650 | ---- | C] () -- C:\WINDOWS\ka.ini
[2005/10/07 08:14:08 | 000,000,523 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2005/10/07 08:02:21 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\dlbtcoin.dll
[2005/10/07 08:02:21 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\dlbtsnls.dll
[2005/10/05 21:08:37 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\install.dll
[2005/10/05 21:08:37 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\WRLSetup.exe
[2004/10/02 06:54:36 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/05/27 06:51:10 | 000,005,460 | ---- | C] () -- C:\WINDOWS\kwv2.dat
[2004/03/31 21:06:28 | 000,000,136 | RHS- | C] () -- C:\WINDOWS\didduid.ini
[2004/03/29 09:10:59 | 000,004,212 | ---- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2004/03/26 23:59:18 | 000,000,804 | ---- | C] () -- C:\WINDOWS\System32\ncase.ini
[2004/03/25 18:06:58 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\dlbtcur.dll
[2004/03/25 18:06:00 | 000,557,056 | ---- | C] () -- C:\WINDOWS\System32\dlbtjswr.dll
[2004/03/25 17:59:50 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\dlbtcu.dll
[2004/03/25 17:53:48 | 000,401,408 | ---- | C] () -- C:\WINDOWS\System32\dlbtutil.dll
[2004/03/10 10:00:50 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\dlbtih.exe
[2003/12/04 18:03:10 | 000,000,017 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2003/10/08 09:09:46 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbtvs.dll
[2003/09/22 21:46:06 | 000,004,136 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2003/08/24 10:40:28 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/08/23 13:06:08 | 000,000,174 | ---- | C] () -- C:\WINDOWS\System32\mcini.ini
[2003/08/23 04:39:53 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\instlsp.exe
[2003/08/22 21:37:46 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2003/08/22 21:33:57 | 000,000,143 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2003/08/22 16:47:43 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2003/08/22 16:27:17 | 000,002,940 | ---- | C] () -- C:\WINDOWS\VTruck5.ini
[2003/08/22 16:15:35 | 000,002,351 | ---- | C] () -- C:\WINDOWS\VTruck4.ini
[2003/08/22 12:04:34 | 000,002,616 | ---- | C] () -- C:\WINDOWS\VTruck3.ini
[2003/08/22 11:58:16 | 000,002,382 | ---- | C] () -- C:\WINDOWS\VTruck2.ini
[2003/08/22 11:35:12 | 000,001,872 | ---- | C] () -- C:\WINDOWS\VTruck1.ini
[2003/08/13 07:38:57 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/08/13 07:35:21 | 000,000,258 | ---- | C] () -- C:\WINDOWS\System32\BDEMERGE.INI
[2003/08/13 07:32:12 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2003/08/13 07:28:35 | 000,000,779 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2003/08/13 07:28:35 | 000,000,185 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2003/08/13 07:21:51 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/08/13 07:08:56 | 000,002,048 | --S- | C] () -- C:\WINDOWS\BOOTSTAT.DAT
[2003/08/13 07:06:22 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/08/13 07:06:08 | 000,470,418 | ---- | C] () -- C:\WINDOWS\System32\PERFH009.DAT
[2003/08/13 07:06:08 | 000,083,852 | ---- | C] () -- C:\WINDOWS\System32\PERFC009.DAT
[2003/08/13 07:05:44 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/08/13 06:53:08 | 000,000,549 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2002/09/03 09:05:08 | 000,185,816 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2002/09/03 08:59:14 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2002/09/03 08:56:30 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2002/09/03 08:31:46 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN
[2002/09/03 08:31:44 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.DAT
[2002/08/29 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\MLANG.DAT
[2002/08/29 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\PERFI009.DAT
[2002/08/29 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\DSSEC.DAT
[2002/08/29 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\MIB.BIN
[2002/08/29 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\PERFD009.DAT
[2002/08/29 05:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2002/08/29 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT
[2002/04/11 13:47:52 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\msmscoin.dll
[2002/01/24 04:39:36 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\lxaxih.exe
[2002/01/24 04:29:26 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\lxaxlcnp.dll
[2002/01/24 04:09:56 | 000,174,592 | ---- | C] () -- C:\WINDOWS\System32\LEXPPS.EXE
[2002/01/24 04:05:11 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\INSTMON.EXE

========== LOP Check ==========

[2009/05/20 23:49:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2008/11/20 22:16:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eFax Messenger 4.4 Output
[2007/06/27 15:55:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2007/12/04 19:38:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Musicnotes
[2003/09/05 09:24:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OLYMPUS
[2009/05/21 00:04:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 10
[2008/12/12 08:44:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007/03/09 19:07:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/03/29 16:38:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeff.TERESA\Application Data\Leadertech
[2011/07/09 19:33:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeff.TERESA\Application Data\Sammsoft

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >

#2
ali.B

Posted 11 July 2011 - 01:50 PM

Trusted Helper

Malware Removal
3,086 posts

hi

Step 1

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.micr...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://codecs.micros...386/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupd...7855.6073958333 (Reg Error: Key error.)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://my.garmin.co...inAxControl.CAB (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O20 - Winlogon\Notify\tuvULBQj: DllName - tuvULBQj.dll - File not found
O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\nnnonLfe) - File not found
O34 - HKLM BootExecute: (smrgdf C:\Documents and Settings\Jeff\Application Data\iolo\) - File not found
[2007/03/09 19:07:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Step 2

Download aswMBR.exe ( 1.8mb ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image

Things I would like to see in your reply:

OTL log
aswMBR log

#3
res ipsa

Posted 11 July 2011 - 03:42 PM

New Member

Topic Starter
Member
5 posts

Thank you for your help.....

OTL Log:

OTL logfile created on: 7/11/2011 4:26:37 PM - Run 2
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Jeff.TERESA\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 167.91 Mb Available Physical Memory | 32.92% Memory free
672.17 Mb Paging File | 346.14 Mb Available in Paging File | 51.50% Paging File free
Paging file location(s): C:\pagefile.sys 192 384 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 21.35 Gb Free Space | 57.33% Space Free | Partition Type: NTFS

Computer Name: TERESA | User Name: Jeff | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/11 09:07:12 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jeff.TERESA\Desktop\OTL.exe
PRC - [2011/06/30 08:50:31 | 002,424,192 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2011/06/22 11:29:14 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/25 04:41:37 | 000,537,520 | ---- | M] ( ) -- C:\WINDOWS\SYSTEM32\lxddcoms.exe
PRC - [2007/01/04 16:38:18 | 000,112,336 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
PRC - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe

========== Modules (SafeList) ==========

MOD - [2011/07/11 09:07:12 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jeff.TERESA\Desktop\OTL.exe
MOD - [2011/07/05 13:40:14 | 000,030,208 | -HS- | M] (Microsoft Corporation) -- C:\Documents and Settings\Jeff.TERESA\Application Data\cleanhtm.dll
MOD - [2006/08/25 10:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [Disabled | Stopped] -- -- (AppMgmt)
SRV - [2007/05/25 04:41:53 | 000,099,248 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe -- (lxddCATSCustConnectService)
SRV - [2007/05/25 04:41:37 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\lxddcoms.exe -- (lxdd_device)
SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2004/03/16 15:33:24 | 000,421,888 | ---- | M] (Dell) [On_Demand | Stopped] -- C:\WINDOWS\System32\dlbtcoms.exe -- (dlbt_device)

========== Driver Services (SafeList) ==========

DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2004/08/04 00:29:49 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys -- (iAimFP4)
DRV - [2004/08/04 00:29:47 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys -- (iAimFP3)
DRV - [2004/08/04 00:29:45 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys -- (iAimTV4)
DRV - [2004/08/04 00:29:43 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys -- (iAimTV3)
DRV - [2004/08/04 00:29:42 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys -- (iAimTV1)
DRV - [2004/08/04 00:29:41 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys -- (iAimTV0)
DRV - [2004/08/04 00:29:37 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys -- (iAimFP0)
DRV - [2004/08/04 00:29:37 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys -- (iAimFP1)
DRV - [2004/08/04 00:29:37 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys -- (iAimFP2)
DRV - [2004/08/04 00:29:36 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x)
DRV - [2003/08/29 03:59:24 | 001,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\BCMSM.sys -- (BCMModem)
DRV - [2003/08/13 07:36:25 | 000,206,464 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys -- (UdfReadr_xp)
DRV - [2003/08/13 07:36:25 | 000,143,834 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\pwd_2K.sys -- (pwd_2k)
DRV - [2003/08/13 07:36:25 | 000,030,630 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Mmc_2k.sys -- (mmc_2K)
DRV - [2003/08/13 07:36:25 | 000,025,898 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Dvd_2k.sys -- (dvd_2K)
DRV - [2003/08/13 07:31:19 | 000,028,164 | ---- | M] (MusicMatch, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k)
DRV - [2003/05/23 12:58:30 | 000,043,136 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2003/04/09 09:29:18 | 000,101,099 | ---- | M] (Belkin Components ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\bkusbxp.sys -- (Belkin Belkin 11Mbps Wireless USB Network Adapter®) Belkin Belkin 11Mbps Wireless USB Network Adapter®
DRV - [2003/01/07 12:32:26 | 000,015,400 | R--- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\NetMotCM.sys -- (ndiscm)
DRV - [2002/12/17 12:32:58 | 000,061,424 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2002/12/17 12:32:46 | 000,023,436 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2002/12/17 12:27:32 | 000,241,152 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\cdudf_xp.sys -- (cdudf_xp)
DRV - [2002/11/08 13:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2002/04/11 13:47:52 | 000,011,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ipfilter.sys -- (IPFilter)
DRV - [2001/08/17 12:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90XBC)
DRV - [2000/10/15 16:38:54 | 000,016,068 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\pcandis5.sys -- (PCANDIS5)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.neelephan...etcleaning.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = http://localhost;

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.neelephan...tcleaning.com/"
FF - prefs.js..network.proxy.no_proxies_on: "http://localhost,"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/23 06:54:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/22 11:29:35 | 000,000,000 | ---D | M]

[2011/02/23 12:04:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jeff.TERESA\Application Data\Mozilla\Extensions
[2011/07/09 19:25:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jeff.TERESA\Application Data\Mozilla\Firefox\Profiles\d2vdpktl.default\extensions
[2011/02/23 12:02:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/09/21 12:24:16 | 000,001,329 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\crawlersrch.xml

O1 HOSTS File: ([2011/07/11 16:19:17 | 000,000,098 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\Jeff.TERESA\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll (Google Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnote...ad/mnviewer.cab (Musicnotes Viewer)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www1.snapfish...fishActivia.cab (Snapfish Activia)
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} https://chat1.j2.com...u/TLIEFlash.CAB (TLIEFlashObj Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.85.102 68.87.69.150
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Jeff.TERESA\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jeff.TERESA\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O29 - HKLM SecurityProviders - (digeste.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 08:59:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/11 16:23:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/07/11 16:19:11 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/07/11 09:07:11 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jeff.TERESA\Desktop\OTL.exe
[2011/07/11 09:00:54 | 001,458,992 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Jeff.TERESA\Desktop\TDSSKiller.exe
[2011/07/11 08:59:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeff.TERESA\Desktop\GooredFix Backups
[2011/07/11 08:51:58 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/07/11 08:45:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/07/11 08:45:07 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/07/11 08:45:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/07/09 16:53:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeff.TERESA\Application Data\SUPERAntiSpyware.com
[2011/07/09 16:53:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/07/09 16:53:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/07/09 16:53:07 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/07/07 13:16:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeff.TERESA\Application Data\Sammsoft
[2011/07/07 12:33:00 | 000,512,688 | ---- | C] (Xceed Software Inc (450) 442-2626 [email protected] www.xceedsoft.com) -- C:\WINDOWS\System32\XceedCry.dll
[2011/07/07 12:33:00 | 000,423,784 | ---- | C] (Xceed Software Inc (450) 442-2626 [email protected] www.xceedsoft.com) -- C:\WINDOWS\System32\XceedBkp.dll
[2011/07/07 12:32:58 | 000,188,416 | ---- | C] (SoftShape Development) -- C:\WINDOWS\System32\actsplash.ocx
[2011/07/07 12:32:58 | 000,089,088 | ---- | C] (Ariad Software) -- C:\WINDOWS\System32\ProgressBar4.ocx
[2011/07/05 08:00:10 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2008/11/20 20:35:28 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddinpa.dll
[2008/11/20 20:35:28 | 000,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddiesc.dll
[2008/11/20 20:35:28 | 000,323,584 | ---- | C] ( ) -- C:\WINDOWS\System32\LXDDhcp.dll
[2008/11/20 20:35:26 | 000,999,424 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddusb1.dll
[2008/11/20 20:35:25 | 001,232,896 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddserv.dll
[2008/11/20 20:35:24 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddprox.dll
[2008/11/20 20:35:23 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddpmui.dll
[2008/11/20 20:35:23 | 000,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddpplc.dll
[2008/11/20 20:35:22 | 000,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddlmpm.dll
[2008/11/20 20:35:16 | 000,385,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddih.exe
[2008/11/20 20:35:15 | 000,700,416 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddhbn3.dll
[2008/11/20 20:35:13 | 000,537,520 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddcoms.exe
[2008/11/20 20:35:12 | 000,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddcomc.dll
[2008/11/20 20:35:12 | 000,425,984 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddcomm.dll
[2008/11/20 20:35:11 | 000,394,160 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddcfg.exe
[2003/08/26 09:55:43 | 000,429,264 | ---- | C] (Adobe Systems) -- C:\Program Files\AdbeRdr60_DLM_enu_full.exe
[5 C:\Documents and Settings\All Users\Documents\*.tmp files -> C:\Documents and Settings\All Users\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/11 16:24:49 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2011/07/11 16:22:42 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/11 16:22:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2011/07/11 16:22:11 | 534,843,392 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/11 16:19:17 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\Hosts
[2011/07/11 16:18:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/11 09:07:12 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jeff.TERESA\Desktop\OTL.exe
[2011/07/11 08:53:01 | 000,185,816 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/11 08:45:11 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Jeff.TERESA\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/07/11 08:45:07 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Jeff.TERESA\Desktop\NTREGOPT.lnk
[2011/07/11 08:45:07 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Jeff.TERESA\Desktop\ERUNT.lnk
[2011/07/09 19:22:07 | 000,000,650 | ---- | M] () -- C:\WINDOWS\ka.ini
[2011/07/09 16:53:36 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/07/01 18:46:00 | 001,458,992 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Jeff.TERESA\Desktop\TDSSKiller.exe
[5 C:\Documents and Settings\All Users\Documents\*.tmp files -> C:\Documents and Settings\All Users\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/11 08:45:11 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Jeff.TERESA\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/07/11 08:45:07 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Jeff.TERESA\Desktop\NTREGOPT.lnk
[2011/07/11 08:45:07 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Jeff.TERESA\Desktop\ERUNT.lnk
[2011/07/09 20:23:47 | 534,843,392 | -HS- | C] () -- C:\hiberfil.sys
[2011/07/09 16:53:36 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/07/07 12:32:58 | 000,389,120 | ---- | C] () -- C:\WINDOWS\System32\ACTSKN43.OCX
[2011/07/07 12:32:58 | 000,011,012 | ---- | C] () -- C:\WINDOWS\System32\threadapi.tlb
[2010/11/12 15:50:53 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\Jeff.TERESA\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/15 23:20:34 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/06/05 14:26:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2009/05/20 23:49:29 | 000,000,091 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2009/05/12 07:12:45 | 000,001,894 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2008/12/02 23:40:36 | 000,883,403 | -HS- | C] () -- C:\WINDOWS\System32\efLnonnn.ini2
[2008/12/02 23:40:33 | 000,883,403 | -HS- | C] () -- C:\WINDOWS\System32\efLnonnn.ini
[2008/11/21 01:28:54 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxddvs.dll
[2008/11/21 01:28:39 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\lxddcoin.dll
[2008/11/21 01:16:57 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\lxdddrs.dll
[2008/11/21 01:16:57 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxddcnv4.dll
[2008/11/21 01:16:57 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxddcaps.dll
[2008/11/21 01:04:42 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\LXF3PMON.DLL
[2008/11/21 01:04:42 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXF3FXPU.DLL
[2008/11/21 01:04:36 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\lxf3oem.dll
[2008/11/21 01:04:36 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\LXF3PMRC.DLL
[2008/11/20 20:44:35 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\lxddrwrd.ini
[2008/11/20 20:35:29 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\LXDDinst.dll
[2008/11/20 20:35:15 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxddgrd.dll
[2008/01/06 16:15:29 | 000,000,379 | ---- | C] () -- C:\WINDOWS\disney.ini
[2007/07/12 22:17:13 | 000,000,869 | ---- | C] () -- C:\WINDOWS\w21099w.ini
[2007/07/12 22:17:12 | 000,000,589 | ---- | C] () -- C:\WINDOWS\W21099.INI
[2007/06/27 10:39:43 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2007/06/27 10:39:42 | 000,696,320 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2007/05/22 19:14:58 | 000,008,784 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2007/05/01 20:30:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\softcoin.dll
[2007/05/01 20:30:00 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\gencoin.dll
[2006/10/17 18:55:26 | 000,000,650 | ---- | C] () -- C:\WINDOWS\ka.ini
[2005/10/07 08:14:08 | 000,000,523 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2005/10/07 08:02:21 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\dlbtcoin.dll
[2005/10/07 08:02:21 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\dlbtsnls.dll
[2005/10/05 21:08:37 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\install.dll
[2005/10/05 21:08:37 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\WRLSetup.exe
[2004/10/02 06:54:36 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/05/27 06:51:10 | 000,005,460 | ---- | C] () -- C:\WINDOWS\kwv2.dat
[2004/03/31 21:06:28 | 000,000,136 | RHS- | C] () -- C:\WINDOWS\didduid.ini
[2004/03/29 09:10:59 | 000,004,212 | ---- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2004/03/26 23:59:18 | 000,000,804 | ---- | C] () -- C:\WINDOWS\System32\ncase.ini
[2004/03/25 18:06:58 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\dlbtcur.dll
[2004/03/25 18:06:00 | 000,557,056 | ---- | C] () -- C:\WINDOWS\System32\dlbtjswr.dll
[2004/03/25 17:59:50 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\dlbtcu.dll
[2004/03/25 17:53:48 | 000,401,408 | ---- | C] () -- C:\WINDOWS\System32\dlbtutil.dll
[2004/03/10 10:00:50 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\dlbtih.exe
[2003/12/04 18:03:10 | 000,000,017 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2003/10/08 09:09:46 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbtvs.dll
[2003/09/22 21:46:06 | 000,004,136 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2003/08/24 10:40:28 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/08/23 13:06:08 | 000,000,174 | ---- | C] () -- C:\WINDOWS\System32\mcini.ini
[2003/08/23 04:39:53 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\instlsp.exe
[2003/08/22 21:37:46 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2003/08/22 21:33:57 | 000,000,143 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2003/08/22 16:47:43 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2003/08/22 16:27:17 | 000,002,940 | ---- | C] () -- C:\WINDOWS\VTruck5.ini
[2003/08/22 16:15:35 | 000,002,351 | ---- | C] () -- C:\WINDOWS\VTruck4.ini
[2003/08/22 12:04:34 | 000,002,616 | ---- | C] () -- C:\WINDOWS\VTruck3.ini
[2003/08/22 11:58:16 | 000,002,382 | ---- | C] () -- C:\WINDOWS\VTruck2.ini
[2003/08/22 11:35:12 | 000,001,872 | ---- | C] () -- C:\WINDOWS\VTruck1.ini
[2003/08/13 07:38:57 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/08/13 07:35:21 | 000,000,258 | ---- | C] () -- C:\WINDOWS\System32\BDEMERGE.INI
[2003/08/13 07:32:12 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2003/08/13 07:28:35 | 000,000,779 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2003/08/13 07:28:35 | 000,000,185 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2003/08/13 07:21:51 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/08/13 07:08:56 | 000,002,048 | --S- | C] () -- C:\WINDOWS\BOOTSTAT.DAT
[2003/08/13 07:06:22 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/08/13 07:06:08 | 000,470,418 | ---- | C] () -- C:\WINDOWS\System32\PERFH009.DAT
[2003/08/13 07:06:08 | 000,083,852 | ---- | C] () -- C:\WINDOWS\System32\PERFC009.DAT
[2003/08/13 07:05:44 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/08/13 06:53:08 | 000,000,549 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2002/09/03 09:05:08 | 000,185,816 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2002/09/03 08:59:14 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2002/09/03 08:56:30 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2002/09/03 08:31:46 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN
[2002/09/03 08:31:44 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.DAT
[2002/08/29 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\MLANG.DAT
[2002/08/29 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\PERFI009.DAT
[2002/08/29 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\DSSEC.DAT
[2002/08/29 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\MIB.BIN
[2002/08/29 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\PERFD009.DAT
[2002/08/29 05:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2002/08/29 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT
[2002/04/11 13:47:52 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\msmscoin.dll
[2002/01/24 04:39:36 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\lxaxih.exe
[2002/01/24 04:29:26 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\lxaxlcnp.dll
[2002/01/24 04:09:56 | 000,174,592 | ---- | C] () -- C:\WINDOWS\System32\LEXPPS.EXE
[2002/01/24 04:05:11 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\INSTMON.EXE

========== LOP Check ==========

[2009/05/20 23:49:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2008/11/20 22:16:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eFax Messenger 4.4 Output
[2007/06/27 15:55:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2007/12/04 19:38:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Musicnotes
[2003/09/05 09:24:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OLYMPUS
[2009/05/21 00:04:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 10
[2008/12/12 08:44:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/07/11 16:23:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/03/29 16:38:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeff.TERESA\Application Data\Leadertech
[2011/07/09 19:33:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeff.TERESA\Application Data\Sammsoft

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >

aswMBR log:

aswMBR version 0.9.7.705 Copyright© 2011 AVAST Software
Run date: 2011-07-11 16:38:25
-----------------------------
16:38:25.781 OS Version: Windows 5.1.2600 Service Pack 2
16:38:25.781 Number of processors: 1 586 0x209
16:38:25.781 ComputerName: TERESA UserName: Jeff
16:38:26.171 Initialize success
16:38:43.812 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
16:38:43.812 Disk 0 Vendor: WDC_WD400EB-75CPF0 06.04G06 Size: 38166MB BusType: 3
16:38:45.843 Disk 0 MBR read successfully
16:38:45.843 Disk 0 MBR scan
16:38:45.843 Disk 0 Windows XP default MBR code
16:38:47.843 Disk 0 scanning sectors +78156225
16:38:47.875 Disk 0 scanning C:\WINDOWS\system32\drivers
16:39:04.406 Service scanning
16:39:05.531 Disk 0 trace - called modules:
16:39:05.546 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
16:39:05.546 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82fabab8]
16:39:05.546 3 CLASSPNP.SYS[f863905b] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x82f87d98]
16:39:05.546 Scan finished successfully
16:39:33.546 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Jeff.TERESA\Desktop\MBR.dat"
16:39:33.593 The log file has been saved successfully to "C:\Documents and Settings\Jeff.TERESA\Desktop\aswMBR.txt"

#4
ali.B

Posted 12 July 2011 - 01:20 AM

Trusted Helper

Malware Removal
3,086 posts

hi

Step 1

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
MOD - [2011/07/05 13:40:14 | 000,030,208 | -HS- | M] (Microsoft Corporation) -- C:\Documents and Settings\Jeff.TERESA\Application Data\cleanhtm.dll
O29 - HKLM SecurityProviders - (digeste.dll) - File not found
[2011/07/11 16:23:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2007/06/27 10:39:43 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2007/06/27 10:39:42 | 000,696,320 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2004/05/27 06:51:10 | 000,005,460 | ---- | C] () -- C:\WINDOWS\kwv2.dat
[2004/03/31 21:06:28 | 000,000,136 | RHS- | C] () -- C:\WINDOWS\didduid.ini

:Files
ipconfig /fluhdns /c

:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Step 2

Please read carefully and follow these steps.

Download TDSSKiller and save it to your Desktop.
Extract its contents to your desktop.
Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Things I would like to see in your reply:

OTL log
TDSSkiller log

#5
res ipsa

Posted 12 July 2011 - 01:21 PM

New Member

Topic Starter
Member
5 posts

Sorry slow to respond --- unavailable all day until now. Thanks again for your help.

No threat was detected in the TDSSKiller scan.

OTL log:

OTL logfile created on: 7/12/2011 2:08:11 PM - Run 3
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Jeff.TERESA\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 148.41 Mb Available Physical Memory | 29.10% Memory free
672.17 Mb Paging File | 337.89 Mb Available in Paging File | 50.27% Paging File free
Paging file location(s): C:\pagefile.sys 192 384 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 21.28 Gb Free Space | 57.15% Space Free | Partition Type: NTFS

Computer Name: TERESA | User Name: Jeff | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/11 09:07:12 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jeff.TERESA\Desktop\OTL.exe
PRC - [2011/06/30 08:50:31 | 002,424,192 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2011/06/22 11:29:14 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/25 04:41:37 | 000,537,520 | ---- | M] ( ) -- C:\WINDOWS\SYSTEM32\lxddcoms.exe
PRC - [2007/01/04 16:38:18 | 000,112,336 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
PRC - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe

========== Modules (SafeList) ==========

MOD - [2011/07/11 09:07:12 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jeff.TERESA\Desktop\OTL.exe
MOD - [2011/07/05 13:40:14 | 000,030,208 | -HS- | M] (Microsoft Corporation) -- C:\Documents and Settings\Jeff.TERESA\Application Data\cleanhtm.dll
MOD - [2006/08/25 10:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [Disabled | Stopped] -- -- (AppMgmt)
SRV - [2007/05/25 04:41:53 | 000,099,248 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe -- (lxddCATSCustConnectService)
SRV - [2007/05/25 04:41:37 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\lxddcoms.exe -- (lxdd_device)
SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2004/03/16 15:33:24 | 000,421,888 | ---- | M] (Dell) [On_Demand | Stopped] -- C:\WINDOWS\System32\dlbtcoms.exe -- (dlbt_device)

========== Driver Services (SafeList) ==========

DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2004/08/04 00:29:49 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys -- (iAimFP4)
DRV - [2004/08/04 00:29:47 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys -- (iAimFP3)
DRV - [2004/08/04 00:29:45 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys -- (iAimTV4)
DRV - [2004/08/04 00:29:43 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys -- (iAimTV3)
DRV - [2004/08/04 00:29:42 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys -- (iAimTV1)
DRV - [2004/08/04 00:29:41 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys -- (iAimTV0)
DRV - [2004/08/04 00:29:37 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys -- (iAimFP0)
DRV - [2004/08/04 00:29:37 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys -- (iAimFP1)
DRV - [2004/08/04 00:29:37 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys -- (iAimFP2)
DRV - [2004/08/04 00:29:36 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x)
DRV - [2003/08/29 03:59:24 | 001,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\BCMSM.sys -- (BCMModem)
DRV - [2003/08/13 07:36:25 | 000,206,464 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys -- (UdfReadr_xp)
DRV - [2003/08/13 07:36:25 | 000,143,834 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\pwd_2K.sys -- (pwd_2k)
DRV - [2003/08/13 07:36:25 | 000,030,630 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Mmc_2k.sys -- (mmc_2K)
DRV - [2003/08/13 07:36:25 | 000,025,898 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Dvd_2k.sys -- (dvd_2K)
DRV - [2003/08/13 07:31:19 | 000,028,164 | ---- | M] (MusicMatch, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k)
DRV - [2003/05/23 12:58:30 | 000,043,136 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2003/04/09 09:29:18 | 000,101,099 | ---- | M] (Belkin Components ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\bkusbxp.sys -- (Belkin Belkin 11Mbps Wireless USB Network Adapter®) Belkin Belkin 11Mbps Wireless USB Network Adapter®
DRV - [2003/01/07 12:32:26 | 000,015,400 | R--- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\NetMotCM.sys -- (ndiscm)
DRV - [2002/12/17 12:32:58 | 000,061,424 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2002/12/17 12:32:46 | 000,023,436 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2002/12/17 12:27:32 | 000,241,152 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\cdudf_xp.sys -- (cdudf_xp)
DRV - [2002/11/08 13:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2002/04/11 13:47:52 | 000,011,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ipfilter.sys -- (IPFilter)
DRV - [2001/08/17 12:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90XBC)
DRV - [2000/10/15 16:38:54 | 000,016,068 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\pcandis5.sys -- (PCANDIS5)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.neelephan...etcleaning.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = http://localhost;

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.neelephan...tcleaning.com/"
FF - prefs.js..network.proxy.no_proxies_on: "http://localhost,"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/23 06:54:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/22 11:29:35 | 000,000,000 | ---D | M]

[2011/02/23 12:04:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jeff.TERESA\Application Data\Mozilla\Extensions
[2011/07/09 19:25:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jeff.TERESA\Application Data\Mozilla\Firefox\Profiles\d2vdpktl.default\extensions
[2011/02/23 12:02:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/09/21 12:24:16 | 000,001,329 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\crawlersrch.xml

O1 HOSTS File: ([2011/07/11 16:19:17 | 000,000,098 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\Jeff.TERESA\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll (Google Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnote...ad/mnviewer.cab (Musicnotes Viewer)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www1.snapfish...fishActivia.cab (Snapfish Activia)
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} https://chat1.j2.com...u/TLIEFlash.CAB (TLIEFlashObj Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.85.102 68.87.69.150
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Jeff.TERESA\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jeff.TERESA\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 08:59:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/12 14:05:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/07/11 16:37:00 | 001,925,512 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Jeff.TERESA\Desktop\aswMBR.exe
[2011/07/11 16:19:11 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/07/11 09:07:11 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jeff.TERESA\Desktop\OTL.exe
[2011/07/11 09:00:54 | 001,458,992 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Jeff.TERESA\Desktop\TDSSKiller.exe
[2011/07/11 08:59:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeff.TERESA\Desktop\GooredFix Backups
[2011/07/11 08:51:58 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/07/11 08:45:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/07/11 08:45:07 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/07/11 08:45:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/07/09 16:53:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeff.TERESA\Application Data\SUPERAntiSpyware.com
[2011/07/09 16:53:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/07/09 16:53:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/07/09 16:53:07 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/07/07 13:16:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeff.TERESA\Application Data\Sammsoft
[2011/07/07 12:33:00 | 000,512,688 | ---- | C] (Xceed Software Inc (450) 442-2626 [email protected] www.xceedsoft.com) -- C:\WINDOWS\System32\XceedCry.dll
[2011/07/07 12:33:00 | 000,423,784 | ---- | C] (Xceed Software Inc (450) 442-2626 [email protected] www.xceedsoft.com) -- C:\WINDOWS\System32\XceedBkp.dll
[2011/07/07 12:32:58 | 000,188,416 | ---- | C] (SoftShape Development) -- C:\WINDOWS\System32\actsplash.ocx
[2011/07/07 12:32:58 | 000,089,088 | ---- | C] (Ariad Software) -- C:\WINDOWS\System32\ProgressBar4.ocx
[2011/07/05 08:00:10 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2008/11/20 20:35:28 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddinpa.dll
[2008/11/20 20:35:28 | 000,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddiesc.dll
[2008/11/20 20:35:28 | 000,323,584 | ---- | C] ( ) -- C:\WINDOWS\System32\LXDDhcp.dll
[2008/11/20 20:35:26 | 000,999,424 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddusb1.dll
[2008/11/20 20:35:25 | 001,232,896 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddserv.dll
[2008/11/20 20:35:24 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddprox.dll
[2008/11/20 20:35:23 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddpmui.dll
[2008/11/20 20:35:23 | 000,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddpplc.dll
[2008/11/20 20:35:22 | 000,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddlmpm.dll
[2008/11/20 20:35:16 | 000,385,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddih.exe
[2008/11/20 20:35:15 | 000,700,416 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddhbn3.dll
[2008/11/20 20:35:13 | 000,537,520 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddcoms.exe
[2008/11/20 20:35:12 | 000,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddcomc.dll
[2008/11/20 20:35:12 | 000,425,984 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddcomm.dll
[2008/11/20 20:35:11 | 000,394,160 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddcfg.exe
[2003/08/26 09:55:43 | 000,429,264 | ---- | C] (Adobe Systems) -- C:\Program Files\AdbeRdr60_DLM_enu_full.exe
[5 C:\Documents and Settings\All Users\Documents\*.tmp files -> C:\Documents and Settings\All Users\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/12 14:06:52 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2011/07/12 14:05:48 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/12 14:04:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2011/07/12 14:04:33 | 534,843,392 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/12 13:19:46 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/11 16:39:33 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Jeff.TERESA\Desktop\MBR.dat
[2011/07/11 16:37:43 | 001,925,512 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Jeff.TERESA\Desktop\aswMBR.exe
[2011/07/11 16:19:17 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\Hosts
[2011/07/11 09:07:12 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jeff.TERESA\Desktop\OTL.exe
[2011/07/11 08:53:01 | 000,185,816 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/11 08:45:11 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Jeff.TERESA\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/07/11 08:45:07 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Jeff.TERESA\Desktop\NTREGOPT.lnk
[2011/07/11 08:45:07 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Jeff.TERESA\Desktop\ERUNT.lnk
[2011/07/09 19:22:07 | 000,000,650 | ---- | M] () -- C:\WINDOWS\ka.ini
[2011/07/09 16:53:36 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/07/01 18:46:00 | 001,458,992 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Jeff.TERESA\Desktop\TDSSKiller.exe
[5 C:\Documents and Settings\All Users\Documents\*.tmp files -> C:\Documents and Settings\All Users\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/11 16:39:33 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Jeff.TERESA\Desktop\MBR.dat
[2011/07/11 08:45:11 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Jeff.TERESA\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/07/11 08:45:07 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Jeff.TERESA\Desktop\NTREGOPT.lnk
[2011/07/11 08:45:07 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Jeff.TERESA\Desktop\ERUNT.lnk
[2011/07/09 20:23:47 | 534,843,392 | -HS- | C] () -- C:\hiberfil.sys
[2011/07/09 16:53:36 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/07/07 12:32:58 | 000,389,120 | ---- | C] () -- C:\WINDOWS\System32\ACTSKN43.OCX
[2011/07/07 12:32:58 | 000,011,012 | ---- | C] () -- C:\WINDOWS\System32\threadapi.tlb
[2010/11/12 15:50:53 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\Jeff.TERESA\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/15 23:20:34 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/06/05 14:26:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2009/05/20 23:49:29 | 000,000,091 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2009/05/12 07:12:45 | 000,001,894 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2008/12/02 23:40:36 | 000,883,403 | -HS- | C] () -- C:\WINDOWS\System32\efLnonnn.ini2
[2008/12/02 23:40:33 | 000,883,403 | -HS- | C] () -- C:\WINDOWS\System32\efLnonnn.ini
[2008/11/21 01:28:54 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxddvs.dll
[2008/11/21 01:28:39 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\lxddcoin.dll
[2008/11/21 01:16:57 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\lxdddrs.dll
[2008/11/21 01:16:57 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxddcnv4.dll
[2008/11/21 01:16:57 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxddcaps.dll
[2008/11/21 01:04:42 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\LXF3PMON.DLL
[2008/11/21 01:04:42 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXF3FXPU.DLL
[2008/11/21 01:04:36 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\lxf3oem.dll
[2008/11/21 01:04:36 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\LXF3PMRC.DLL
[2008/11/20 20:44:35 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\lxddrwrd.ini
[2008/11/20 20:35:29 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\LXDDinst.dll
[2008/11/20 20:35:15 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxddgrd.dll
[2008/01/06 16:15:29 | 000,000,379 | ---- | C] () -- C:\WINDOWS\disney.ini
[2007/07/12 22:17:13 | 000,000,869 | ---- | C] () -- C:\WINDOWS\w21099w.ini
[2007/07/12 22:17:12 | 000,000,589 | ---- | C] () -- C:\WINDOWS\W21099.INI
[2007/05/22 19:14:58 | 000,008,784 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2007/05/01 20:30:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\softcoin.dll
[2007/05/01 20:30:00 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\gencoin.dll
[2006/10/17 18:55:26 | 000,000,650 | ---- | C] () -- C:\WINDOWS\ka.ini
[2005/10/07 08:14:08 | 000,000,523 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2005/10/07 08:02:21 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\dlbtcoin.dll
[2005/10/07 08:02:21 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\dlbtsnls.dll
[2005/10/05 21:08:37 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\install.dll
[2005/10/05 21:08:37 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\WRLSetup.exe
[2004/10/02 06:54:36 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/03/29 09:10:59 | 000,004,212 | ---- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2004/03/26 23:59:18 | 000,000,804 | ---- | C] () -- C:\WINDOWS\System32\ncase.ini
[2004/03/25 18:06:58 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\dlbtcur.dll
[2004/03/25 18:06:00 | 000,557,056 | ---- | C] () -- C:\WINDOWS\System32\dlbtjswr.dll
[2004/03/25 17:59:50 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\dlbtcu.dll
[2004/03/25 17:53:48 | 000,401,408 | ---- | C] () -- C:\WINDOWS\System32\dlbtutil.dll
[2004/03/10 10:00:50 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\dlbtih.exe
[2003/12/04 18:03:10 | 000,000,017 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2003/10/08 09:09:46 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbtvs.dll
[2003/09/22 21:46:06 | 000,004,136 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2003/08/24 10:40:28 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/08/23 13:06:08 | 000,000,174 | ---- | C] () -- C:\WINDOWS\System32\mcini.ini
[2003/08/23 04:39:53 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\instlsp.exe
[2003/08/22 21:37:46 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2003/08/22 21:33:57 | 000,000,143 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2003/08/22 16:47:43 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2003/08/22 16:27:17 | 000,002,940 | ---- | C] () -- C:\WINDOWS\VTruck5.ini
[2003/08/22 16:15:35 | 000,002,351 | ---- | C] () -- C:\WINDOWS\VTruck4.ini
[2003/08/22 12:04:34 | 000,002,616 | ---- | C] () -- C:\WINDOWS\VTruck3.ini
[2003/08/22 11:58:16 | 000,002,382 | ---- | C] () -- C:\WINDOWS\VTruck2.ini
[2003/08/22 11:35:12 | 000,001,872 | ---- | C] () -- C:\WINDOWS\VTruck1.ini
[2003/08/13 07:38:57 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/08/13 07:35:21 | 000,000,258 | ---- | C] () -- C:\WINDOWS\System32\BDEMERGE.INI
[2003/08/13 07:32:12 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2003/08/13 07:28:35 | 000,000,779 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2003/08/13 07:28:35 | 000,000,185 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2003/08/13 07:21:51 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/08/13 07:08:56 | 000,002,048 | --S- | C] () -- C:\WINDOWS\BOOTSTAT.DAT
[2003/08/13 07:06:22 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/08/13 07:06:08 | 000,470,418 | ---- | C] () -- C:\WINDOWS\System32\PERFH009.DAT
[2003/08/13 07:06:08 | 000,083,852 | ---- | C] () -- C:\WINDOWS\System32\PERFC009.DAT
[2003/08/13 07:05:44 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/08/13 06:53:08 | 000,000,549 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2002/09/03 09:05:08 | 000,185,816 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2002/09/03 08:59:14 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2002/09/03 08:56:30 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2002/09/03 08:31:46 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN
[2002/09/03 08:31:44 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.DAT
[2002/08/29 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\MLANG.DAT
[2002/08/29 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\PERFI009.DAT
[2002/08/29 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\DSSEC.DAT
[2002/08/29 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\MIB.BIN
[2002/08/29 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\PERFD009.DAT
[2002/08/29 05:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2002/08/29 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT
[2002/04/11 13:47:52 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\msmscoin.dll
[2002/01/24 04:39:36 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\lxaxih.exe
[2002/01/24 04:29:26 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\lxaxlcnp.dll
[2002/01/24 04:09:56 | 000,174,592 | ---- | C] () -- C:\WINDOWS\System32\LEXPPS.EXE
[2002/01/24 04:05:11 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\INSTMON.EXE

========== LOP Check ==========

[2009/05/20 23:49:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2008/11/20 22:16:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eFax Messenger 4.4 Output
[2007/06/27 15:55:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2007/12/04 19:38:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Musicnotes
[2003/09/05 09:24:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OLYMPUS
[2009/05/21 00:04:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 10
[2008/12/12 08:44:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/07/12 14:05:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/03/29 16:38:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeff.TERESA\Application Data\Leadertech
[2011/07/09 19:33:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeff.TERESA\Application Data\Sammsoft

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >

TDSSKiller log:

2011/07/12 14:16:27.0062 3356 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56
2011/07/12 14:16:27.0500 3356 ================================================================================
2011/07/12 14:16:27.0500 3356 SystemInfo:
2011/07/12 14:16:27.0500 3356
2011/07/12 14:16:27.0500 3356 OS Version: 5.1.2600 ServicePack: 2.0
2011/07/12 14:16:27.0500 3356 Product type: Workstation
2011/07/12 14:16:27.0500 3356 ComputerName: TERESA
2011/07/12 14:16:27.0500 3356 UserName: Jeff
2011/07/12 14:16:27.0500 3356 Windows directory: C:\WINDOWS
2011/07/12 14:16:27.0500 3356 System windows directory: C:\WINDOWS
2011/07/12 14:16:27.0500 3356 Processor architecture: Intel x86
2011/07/12 14:16:27.0500 3356 Number of processors: 1
2011/07/12 14:16:27.0500 3356 Page size: 0x1000
2011/07/12 14:16:27.0500 3356 Boot type: Normal boot
2011/07/12 14:16:27.0500 3356 ================================================================================
2011/07/12 14:16:29.0515 3356 Initialize success
2011/07/12 14:16:36.0578 3616 ================================================================================
2011/07/12 14:16:36.0578 3616 Scan started
2011/07/12 14:16:36.0578 3616 Mode: Manual;
2011/07/12 14:16:36.0578 3616 ================================================================================
2011/07/12 14:16:37.0156 3616 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS
2011/07/12 14:16:37.0312 3616 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/07/12 14:16:37.0468 3616 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/07/12 14:16:37.0609 3616 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\System32\DRIVERS\adpu160m.sys
2011/07/12 14:16:37.0781 3616 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
2011/07/12 14:16:37.0937 3616 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
2011/07/12 14:16:38.0171 3616 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
2011/07/12 14:16:38.0343 3616 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\System32\DRIVERS\agp440.sys
2011/07/12 14:16:38.0500 3616 agpCPQ (67288b07d6aba6c1267b626e67bc56fd) C:\WINDOWS\System32\DRIVERS\agpCPQ.sys
2011/07/12 14:16:38.0828 3616 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\System32\DRIVERS\aha154x.sys
2011/07/12 14:16:38.0968 3616 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\System32\DRIVERS\aic78u2.sys
2011/07/12 14:16:39.0109 3616 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\System32\DRIVERS\aic78xx.sys
2011/07/12 14:16:39.0234 3616 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\System32\DRIVERS\aliide.sys
2011/07/12 14:16:39.0421 3616 alim1541 (f312b7cef21eff52fa23056b9d815fad) C:\WINDOWS\System32\DRIVERS\alim1541.sys
2011/07/12 14:16:39.0562 3616 amdagp (675c16a3c1f8482f85ee4a97fc0dde3d) C:\WINDOWS\System32\DRIVERS\amdagp.sys
2011/07/12 14:16:39.0703 3616 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\System32\DRIVERS\amsint.sys
2011/07/12 14:16:39.0843 3616 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\System32\DRIVERS\asc.sys
2011/07/12 14:16:39.0984 3616 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\System32\DRIVERS\asc3350p.sys
2011/07/12 14:16:40.0140 3616 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\System32\DRIVERS\asc3550.sys
2011/07/12 14:16:40.0312 3616 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/07/12 14:16:40.0640 3616 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/07/12 14:16:40.0890 3616 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/07/12 14:16:41.0093 3616 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/07/12 14:16:41.0281 3616 bcm4sbxp (068523d2cd260069b19ad68adea0d739) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
2011/07/12 14:16:41.0546 3616 BCMModem (41347688046d49cde0f6d138a534f73d) C:\WINDOWS\system32\DRIVERS\BCMSM.sys
2011/07/12 14:16:41.0765 3616 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/07/12 14:16:41.0890 3616 Belkin Belkin 11Mbps Wireless USB Network Adapter® (12650385335d84fa69c99bf9fed0c210) C:\WINDOWS\system32\DRIVERS\bkusbxp.sys
2011/07/12 14:16:42.0140 3616 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\System32\DRIVERS\cbidf2k.sys
2011/07/12 14:16:42.0218 3616 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/07/12 14:16:42.0406 3616 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys
2011/07/12 14:16:42.0593 3616 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/07/12 14:16:42.0671 3616 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/07/12 14:16:42.0859 3616 Cdr4_xp (297acc7d7c66ec86ee0b4eb5af9a8fd3) C:\WINDOWS\system32\drivers\Cdr4_xp.sys
2011/07/12 14:16:42.0984 3616 Cdralw2k (5e31abf467a6fd857710c0927c88ee4c) C:\WINDOWS\system32\drivers\Cdralw2k.sys
2011/07/12 14:16:43.0140 3616 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/07/12 14:16:43.0281 3616 cdudf_xp (cfd81f2140193fc7f1812e6d6eaf6795) C:\WINDOWS\system32\drivers\cdudf_xp.sys
2011/07/12 14:16:43.0593 3616 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\System32\DRIVERS\cmdide.sys
2011/07/12 14:16:43.0812 3616 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\System32\DRIVERS\cpqarray.sys
2011/07/12 14:16:44.0015 3616 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\System32\DRIVERS\dac2w2k.sys
2011/07/12 14:16:44.0187 3616 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\System32\DRIVERS\dac960nt.sys
2011/07/12 14:16:44.0421 3616 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/07/12 14:16:44.0609 3616 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2011/07/12 14:16:44.0796 3616 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
2011/07/12 14:16:44.0937 3616 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/07/12 14:16:45.0078 3616 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2011/07/12 14:16:45.0203 3616 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\System32\DRIVERS\dpti2o.sys
2011/07/12 14:16:45.0390 3616 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/07/12 14:16:45.0578 3616 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
2011/07/12 14:16:45.0750 3616 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
2011/07/12 14:16:45.0968 3616 dvd_2K (677829f7010768eeeed8d0083e510dab) C:\WINDOWS\system32\drivers\dvd_2K.sys
2011/07/12 14:16:46.0125 3616 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
2011/07/12 14:16:46.0328 3616 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/07/12 14:16:46.0484 3616 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/07/12 14:16:46.0593 3616 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2011/07/12 14:16:46.0718 3616 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/07/12 14:16:46.0859 3616 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/07/12 14:16:46.0984 3616 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/07/12 14:16:47.0078 3616 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/07/12 14:16:47.0234 3616 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/07/12 14:16:47.0437 3616 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/07/12 14:16:47.0562 3616 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\System32\DRIVERS\hpn.sys
2011/07/12 14:16:47.0734 3616 HTTP (cb77bb47e67e84deb17ba29632501730) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/07/12 14:16:47.0890 3616 i2omgmt (8f09f91b5c91363b77bcd15599570f2c) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/07/12 14:16:48.0000 3616 i2omp (ed6bf9e441fdea13292a6d30a64a24c3) C:\WINDOWS\System32\DRIVERS\i2omp.sys
2011/07/12 14:16:48.0156 3616 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/07/12 14:16:48.0296 3616 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys
2011/07/12 14:16:48.0468 3616 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys
2011/07/12 14:16:48.0609 3616 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys
2011/07/12 14:16:49.0046 3616 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys
2011/07/12 14:16:49.0156 3616 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys
2011/07/12 14:16:49.0343 3616 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys
2011/07/12 14:16:49.0500 3616 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys
2011/07/12 14:16:49.0656 3616 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys
2011/07/12 14:16:49.0859 3616 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys
2011/07/12 14:16:50.0015 3616 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys
2011/07/12 14:16:50.0234 3616 ialm (44b7d5a4f2bd9fe21aea0bb0bace38c4) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/07/12 14:16:50.0531 3616 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/07/12 14:16:50.0687 3616 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\System32\DRIVERS\ini910u.sys
2011/07/12 14:16:50.0875 3616 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\System32\DRIVERS\intelide.sys
2011/07/12 14:16:51.0093 3616 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/07/12 14:16:51.0250 3616 ip6fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/07/12 14:16:51.0468 3616 IPFilter (9ea02e03ed52d25551a6e46cf3b94b01) C:\WINDOWS\system32\DRIVERS\IPFilter.sys
2011/07/12 14:16:51.0593 3616 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/07/12 14:16:51.0765 3616 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/07/12 14:16:51.0937 3616 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/07/12 14:16:52.0140 3616 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/07/12 14:16:52.0281 3616 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/07/12 14:16:52.0453 3616 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/07/12 14:16:52.0609 3616 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/07/12 14:16:52.0765 3616 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
2011/07/12 14:16:52.0906 3616 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/07/12 14:16:53.0437 3616 mmc_2K (9b90303a9c9405a6ce1466ff4aa20fdd) C:\WINDOWS\system32\drivers\mmc_2K.sys
2011/07/12 14:16:53.0578 3616 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/07/12 14:16:53.0828 3616 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2011/07/12 14:16:54.0015 3616 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2011/07/12 14:16:54.0218 3616 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/07/12 14:16:54.0437 3616 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/07/12 14:16:54.0625 3616 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\System32\DRIVERS\mraid35x.sys
2011/07/12 14:16:54.0843 3616 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/07/12 14:16:55.0093 3616 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/07/12 14:16:55.0328 3616 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2011/07/12 14:16:55.0531 3616 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/07/12 14:16:55.0687 3616 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/07/12 14:16:55.0843 3616 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/07/12 14:16:56.0062 3616 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/07/12 14:16:56.0218 3616 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2011/07/12 14:16:56.0390 3616 MxlW2k (19dd5c581eef70134ccef87d626f4417) C:\WINDOWS\system32\drivers\MxlW2k.sys
2011/07/12 14:16:56.0546 3616 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2011/07/12 14:16:56.0703 3616 ndiscm (60e2c0023f52a78bd777b4de5fafee80) C:\WINDOWS\system32\DRIVERS\NetMotCM.sys
2011/07/12 14:16:56.0859 3616 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/07/12 14:16:57.0015 3616 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/07/12 14:16:57.0156 3616 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/07/12 14:16:57.0312 3616 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/07/12 14:16:57.0500 3616 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/07/12 14:16:57.0656 3616 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/07/12 14:16:57.0843 3616 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2011/07/12 14:16:58.0015 3616 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/07/12 14:16:58.0250 3616 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/07/12 14:16:58.0562 3616 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/07/12 14:16:58.0828 3616 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/07/12 14:16:58.0968 3616 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/07/12 14:16:59.0125 3616 omci (53d5f1278d9edb21689bbbcecc09108d) C:\WINDOWS\system32\DRIVERS\omci.sys
2011/07/12 14:16:59.0265 3616 P3 (3e16eff2a6fed2d8d7f5a66dfe65d183) C:\WINDOWS\system32\DRIVERS\p3.sys
2011/07/12 14:16:59.0453 3616 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/07/12 14:16:59.0609 3616 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/07/12 14:16:59.0750 3616 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/07/12 14:16:59.0875 3616 PCANDIS5 (d0084a9ade989fe703e4f22171f4e4dc) C:\WINDOWS\SYSTEM32\PCANDIS5.SYS
2011/07/12 14:17:00.0015 3616 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/07/12 14:17:00.0265 3616 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/07/12 14:17:00.0437 3616 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/07/12 14:17:00.0843 3616 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\System32\DRIVERS\perc2.sys
2011/07/12 14:17:00.0968 3616 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\System32\DRIVERS\perc2hib.sys
2011/07/12 14:17:01.0156 3616 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/07/12 14:17:01.0312 3616 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/07/12 14:17:01.0515 3616 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/07/12 14:17:01.0656 3616 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/07/12 14:17:01.0812 3616 pwd_2k (d8b90616a8bd53de281dbdb664c0984a) C:\WINDOWS\system32\drivers\pwd_2k.sys
2011/07/12 14:17:01.0953 3616 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\System32\DRIVERS\ql1080.sys
2011/07/12 14:17:02.0078 3616 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\System32\DRIVERS\ql10wnt.sys
2011/07/12 14:17:02.0218 3616 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\System32\DRIVERS\ql12160.sys
2011/07/12 14:17:02.0328 3616 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\System32\DRIVERS\ql1240.sys
2011/07/12 14:17:02.0437 3616 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\System32\DRIVERS\ql1280.sys
2011/07/12 14:17:02.0593 3616 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/07/12 14:17:02.0718 3616 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/07/12 14:17:02.0859 3616 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/07/12 14:17:03.0015 3616 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/07/12 14:17:03.0187 3616 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/07/12 14:17:03.0359 3616 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/07/12 14:17:03.0500 3616 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/07/12 14:17:03.0687 3616 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/07/12 14:17:03.0921 3616 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/07/12 14:17:04.0093 3616 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/07/12 14:17:04.0171 3616 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/07/12 14:17:04.0484 3616 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/07/12 14:17:04.0640 3616 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/07/12 14:17:04.0812 3616 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/07/12 14:17:04.0984 3616 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/07/12 14:17:05.0218 3616 sisagp (732d859b286da692119f286b21a2a114) C:\WINDOWS\System32\DRIVERS\sisagp.sys
2011/07/12 14:17:05.0421 3616 smwdm (31fd0707c7dbe715234f2823b27214fe) C:\WINDOWS\system32\drivers\smwdm.sys
2011/07/12 14:17:05.0656 3616 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
2011/07/12 14:17:05.0812 3616 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\System32\DRIVERS\sparrow.sys
2011/07/12 14:17:06.0015 3616 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
2011/07/12 14:17:06.0203 3616 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/07/12 14:17:06.0500 3616 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/07/12 14:17:07.0125 3616 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/07/12 14:17:07.0328 3616 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2011/07/12 14:17:07.0500 3616 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\System32\DRIVERS\symc810.sys
2011/07/12 14:17:07.0640 3616 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\System32\DRIVERS\symc8xx.sys
2011/07/12 14:17:07.0937 3616 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\System32\DRIVERS\sym_hi.sys
2011/07/12 14:17:08.0046 3616 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\System32\DRIVERS\sym_u3.sys
2011/07/12 14:17:08.0187 3616 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/07/12 14:17:08.0421 3616 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/07/12 14:17:08.0671 3616 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/07/12 14:17:08.0843 3616 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/07/12 14:17:09.0000 3616 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/07/12 14:17:09.0140 3616 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\System32\DRIVERS\toside.sys
2011/07/12 14:17:09.0390 3616 UdfReadr_xp (4e75005b74be901c30f2636df40b0c15) C:\WINDOWS\system32\drivers\UdfReadr_xp.sys
2011/07/12 14:17:09.0593 3616 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2011/07/12 14:17:09.0718 3616 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\System32\DRIVERS\ultra.sys
2011/07/12 14:17:09.0921 3616 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/07/12 14:17:10.0062 3616 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/07/12 14:17:10.0218 3616 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/07/12 14:17:10.0390 3616 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/07/12 14:17:10.0531 3616 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/07/12 14:17:10.0687 3616 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/07/12 14:17:10.0843 3616 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/07/12 14:17:11.0078 3616 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2011/07/12 14:17:11.0265 3616 viaagp (d92e7c8a30cfd14d8e15b5f7f032151b) C:\WINDOWS\System32\DRIVERS\viaagp.sys
2011/07/12 14:17:11.0453 3616 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\System32\DRIVERS\viaide.sys
2011/07/12 14:17:11.0625 3616 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/07/12 14:17:11.0812 3616 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/07/12 14:17:12.0062 3616 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/07/12 14:17:12.0296 3616 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/07/12 14:17:12.0484 3616 {6080A529-897E-4629-A488-ABA0C29B635E} (fd1f4e9cf06c71c8d73a24acf18d8296) C:\WINDOWS\system32\drivers\ialmsbw.sys
2011/07/12 14:17:12.0671 3616 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (d4d7331d33d1fa73e588e5ce0d90a4c1) C:\WINDOWS\system32\drivers\ialmkchw.sys
2011/07/12 14:17:12.0703 3616 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/07/12 14:17:12.0890 3616 Boot (0x1200) (2b575c910b343121ddfda9733ee0c7f0) \Device\Harddisk0\DR0\Partition0
2011/07/12 14:17:12.0906 3616 ================================================================================
2011/07/12 14:17:12.0906 3616 Scan finished
2011/07/12 14:17:12.0906 3616 ================================================================================
2011/07/12 14:17:12.0968 3620 Detected object count: 0
2011/07/12 14:17:12.0968 3620 Actual detected object count: 0

#6
ali.B

Posted 12 July 2011 - 02:18 PM

Trusted Helper

Malware Removal
3,086 posts

hi

Download ComboFix here :

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them

Click me
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

#7
res ipsa

Posted 12 July 2011 - 03:21 PM

New Member

Topic Starter
Member
5 posts

ComboFix log:

ComboFix 11-07-12.09 - Jeff 07/12/2011 15:35:12.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.131 [GMT -5:00]
Running from: c:\documents and settings\Jeff.TERESA\My Documents\Downloads\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\Jeff.TERESA\Application Data\cleanhtm.dll.vir
c:\documents and settings\Jeff.TERESA\Application Data\cleanhtm.exe
c:\documents and settings\Jeff.TERESA\WINDOWS
c:\documents and settings\Jeff\WINDOWS
c:\documents and settings\Teresa\WINDOWS
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\SYSTEM32\efLnonnn.ini
c:\windows\system32\efLnonnn.ini2
c:\windows\system32\ncase.ini
c:\windows\system32\O.BAT
c:\windows\system32\rnaph.dll
c:\windows\wiaserviv.log
.
.
((((((((((((((((((((((((( Files Created from 2011-06-12 to 2011-07-12 )))))))))))))))))))))))))))))))
.
.
2011-07-12 19:05 . 2011-07-12 19:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2011-07-11 21:19 . 2011-07-11 21:19 -------- d-----w- C:\_OTL
2011-07-11 13:51 . 2011-07-11 13:51 -------- d-----w- C:\_OTM
2011-07-10 00:46 . 2011-07-10 00:46 -------- d-----w- c:\documents and settings\Administrator
2011-07-10 00:18 . 2011-07-10 00:18 -------- d-----w- c:\documents and settings\JEFF~1~TER
2011-07-09 21:53 . 2011-07-09 21:53 -------- d-----w- c:\documents and settings\Jeff.TERESA\Application Data\SUPERAntiSpyware.com
2011-07-09 21:53 . 2011-07-09 21:53 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-07-09 21:53 . 2011-07-09 21:54 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-07-07 18:16 . 2011-07-10 00:33 -------- d-----w- c:\documents and settings\Jeff.TERESA\Application Data\Sammsoft
2011-07-07 17:33 . 2004-05-11 14:56 423784 ----a-w- c:\windows\system32\XceedBkp.dll
2011-07-07 17:33 . 2004-03-09 04:00 131856 ----a-w- c:\windows\system32\MSADODC.ocx
2011-07-07 17:33 . 2003-11-19 18:59 512688 ----a-w- c:\windows\system32\XceedCry.dll
2011-07-07 17:32 . 2007-06-12 03:04 2267368 ----a-w- c:\windows\system32\Flash.ocx
2011-07-07 17:32 . 2004-02-06 01:53 389120 ----a-w- c:\windows\system32\ACTSKN43.OCX
2011-07-07 17:32 . 2004-01-09 15:54 188416 ----a-w- c:\windows\system32\actsplash.ocx
2011-07-07 17:32 . 2001-03-29 03:02 89088 ----a-w- c:\windows\system32\ProgressBar4.ocx
2011-07-07 17:32 . 2000-07-15 10:00 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2003-08-26 14:59 . 2003-08-26 14:55 429264 ----a-w- c:\program files\AdbeRdr60_DLM_enu_full.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-13 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2003-09-25 77824]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\System32\ctfmon.exe" [2004-08-04 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 53760]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
2002-12-17 17:28 684032 ----a-w- c:\program files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-03-09 15:09 63712 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG]
2003-08-29 08:59 122880 ----a-w- c:\windows\BCMSMMSG.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 07:56 15360 ----a-w- c:\windows\SYSTEM32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Photo AIO Printer 922]
2004-03-29 19:12 290816 ----a-w- c:\program files\Dell Photo AIO Printer 922\dlbtbmgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
2007-06-11 19:28 312240 ----a-w- c:\program files\Lexmark Fax Solutions\fm3032.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2005-10-19 12:59 126976 ----a-w- c:\windows\SYSTEM32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2005-10-19 12:59 155648 ----a-w- c:\windows\SYSTEM32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxddamon]
2007-04-30 08:19 20480 ----a-w- c:\program files\Lexmark 2500 Series\lxddamon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxddmon.exe]
2007-06-11 19:27 291760 ----a-w- c:\program files\Lexmark 2500 Series\lxddmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2003-09-25 22:31 77824 ----a-w- c:\program files\QuickTime\qttask.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\SYSTEM32\\lxddcoms.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\lxddamon.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\App4R.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\lxddmon.exe"=
"c:\\WINDOWS\\SYSTEM32\\SPOOL\\DRIVERS\\W32X86\\3\\lxddjswx.exe"=
"c:\\WINDOWS\\SYSTEM32\\SPOOL\\DRIVERS\\W32X86\\3\\lxddpswx.exe"=
"c:\\WINDOWS\\SYSTEM32\\SPOOL\\DRIVERS\\W32X86\\3\\lxddtime.exe"=
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]
R2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/10/2007 10:44 PM 24652]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6/17/2010 8:57 AM 135664]
S2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\lxddserv.exe [11/21/2008 1:28 AM 99248]
S3 Belkin Belkin 11Mbps Wireless USB Network Adapter®;Belkin Belkin 11Mbps Wireless USB Network Adapter® Service for Belkin 11Mbps Wireless USB Network Adapter;c:\windows\SYSTEM32\DRIVERS\bkusbxp.sys [10/5/2005 9:08 PM 101099]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [6/17/2010 8:57 AM 135664]
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-17 13:57]
.
2011-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-17 13:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.neelephantcarpetcleaning.com/
mSearch Bar =
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = hxxp://localhost;
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
TCP: DhcpNameServer = 68.87.85.102 68.87.69.150
TCP: Interfaces\{955B9F80-A154-4E47-BFA0-B58A8C88A480}: NameServer = 192.168.1.254
FF - ProfilePath - c:\documents and settings\Jeff.TERESA\Application Data\Mozilla\Firefox\Profiles\d2vdpktl.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.neelephantcarpetcleaning.com/
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-cleanhtm - c:\documents and settings\Jeff.TERESA\Application Data\cleanhtm.exe
Notify-dimsntfy - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
MSConfigStartUp-ISTray - c:\program files\Spyware Doctor\pctsTray.exe
MSConfigStartUp-LogMeIn GUI - c:\program files\LogMeIn\x86\LogMeInSystray.exe
MSConfigStartUp-POINTER - point32.exe
MSConfigStartUp-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe
AddRemove-{488F0300-53BA-11DA-6784-04A72A8E18BE} - c:\05w21099\Uninst_The W-2/1099 Filer - 2005 Demo.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-12 16:12
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\windows\system32\lxddcoms.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************

.
Completion time: 2011-07-12 16:18:47 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-12 21:18
.
Pre-Run: 22,698,688,512 bytes free
Post-Run: 22,630,490,112 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
.
- - End Of File - - EE32EDC4422BEAAC4F40804E9BA62567

#8
ali.B

Posted 12 July 2011 - 04:20 PM

Trusted Helper

Malware Removal
3,086 posts

hi

Go to Add/Remove programs and uninstall Viewpoint

are you still getting redirected?

#9
res ipsa

Posted 12 July 2011 - 05:09 PM

New Member

Topic Starter
Member
5 posts

All seems to be perfect now! Thank You!

#10
ali.B

Posted 13 July 2011 - 03:42 AM

Trusted Helper

Malware Removal
3,086 posts

hi

Step 1

Posted Image

Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

Step 2

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan

Tick the box next to YES, I accept the Terms of Use
Click Start
When asked, allow the ActiveX control to install
Click Start
Make sure that the options Remove found threats and the option Scan unwanted applications is checked
Click Scan (This scan can take several hours, so please be patient)
Once the scan is completed, you may close the window
Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic

Things i would like to see in your reply:

Malwarebytes Results.
Eset scanner report.
Update on how your computer is running

#11
ali.B

Posted 17 July 2011 - 03:12 AM

Trusted Helper

Malware Removal
3,086 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.