Cincheetah

October 1, 2010

Since I use my computer for work - I read through a few threads to see if I could get some fixes on my own - you guys are a wealth of knowledge! I've made a little progress (the hijacking seems to have ceased) - however it appears the registry has a few problems. I'll post 2 GMER report after combo fix log/TDSSKiller logs.

I did run combo fix (as I saw this on another thread) - and TDSSKiller afterwards which did find something (I assume that is what was causing the highjacks)

ComboFix 10-09-30.03 - Administrator 10/01/2010 10:37:34.1.2 - x86 NETWORK

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.3297 [GMT -4:00]

Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe

AV: System Shield *On-access scanning enabled* (Updated) {2565CEEE-6BDB-4A6D-AD6D-F682F2695014}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

c:\program files\autorun.inf

c:\windows\settings.reg

c:\windows\system32\Data

----- BITS: Possible infected sites -----

hxxp://download.iolo.net

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_6TO4

-------\Legacy_NPF

((((((((((((((((((((((((( Files Created from 2010-09-01 to 2010-10-01 )))))))))))))))))))))))))))))))

.

2010-09-29 23:36 . 2010-09-29 23:36 -------- d-----w- C:\Rooter$

2010-09-29 22:42 . 2010-09-29 22:43 -------- d-----w- c:\program files\ERUNT

2010-09-29 21:31 . 2010-09-29 21:31 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2010-09-29 20:57 . 2010-09-29 20:57 -------- d-----w- c:\documents and settings\NetworkService\Application Data\iolo

2010-09-29 00:01 . 2010-09-29 00:01 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit

2010-09-29 00:01 . 2010-09-29 00:01 -------- d-----w- c:\program files\IObit

2010-09-28 23:31 . 2010-09-28 23:31 -------- d-----w- c:\program files\Trend Micro

2010-09-28 23:30 . 2006-06-19 17:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll

2010-09-28 23:30 . 2006-05-25 19:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll

2010-09-28 23:30 . 2005-08-26 05:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll

2010-09-28 23:30 . 2003-02-03 00:06 153088 ----a-w- c:\windows\system32\unrar3.dll

2010-09-28 23:30 . 2002-03-06 05:00 75264 ----a-w- c:\windows\system32\unacev2.dll

2010-09-28 23:30 . 2010-09-28 23:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software

2010-09-28 22:26 . 2010-09-28 22:26 -------- d-----w- c:\windows\system32\vmm32

2010-09-28 22:26 . 2010-09-28 22:26 -------- d-----w- c:\program files\CCleaner

2010-09-27 21:30 . 2010-09-28 22:26 -------- d-----w- c:\program files\Spybot - Search & Destroy

2010-09-27 21:30 . 2010-09-28 22:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2010-09-22 22:06 . 2010-09-28 22:26 -------- d-----w- c:\program files\Common Files\Motive

2010-09-18 22:16 . 2010-09-18 22:16 -------- d-----w- c:\program files\Common Files\Authentium

2010-09-18 22:16 . 2009-11-11 23:46 118784 ----a-w- c:\windows\system32\iavlsp.dll

2010-09-18 22:16 . 2010-07-06 19:44 94384 ----a-w- c:\windows\system32\IncContxMenu.dll

2010-09-18 22:16 . 2010-07-06 19:44 2319536 ----a-w- c:\windows\system32\Incinerator.dll

2010-09-18 22:16 . 2010-06-29 22:30 9341 ----a-w- c:\windows\system32\drivers\filedisk.sys

2010-09-18 22:16 . 2010-09-07 13:37 41957480 ----a-w- c:\documents and settings\All Users\Application Data\iolo\System Shield\smsysshieldinstaller.exe

2010-09-18 22:16 . 2010-02-03 14:21 12288 ----a-w- c:\windows\system32\smrgdf.exe

2010-09-18 22:16 . 2010-02-03 14:21 30208 ----a-w- c:\windows\system32\iolobtdfg.exe

2010-09-18 22:16 . 2010-09-18 22:16 -------- d-----w- c:\program files\iolo

2010-09-18 22:13 . 2010-09-18 22:13 74703 ----a-w- c:\windows\system32\mfc45.dll

2010-09-18 22:13 . 2010-09-18 22:13 -------- d-----w- C:\iolo

2010-09-18 21:50 . 2010-09-18 22:26 -------- d-----w- c:\documents and settings\All Users\Application Data\iolo

2010-09-18 17:56 . 2010-09-18 17:56 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AdobeUM

2010-09-18 17:55 . 2010-09-18 17:56 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

2010-09-18 13:21 . 2010-09-18 13:21 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.33.18.5\SetupAdmin.exe

2010-09-18 13:10 . 2010-09-18 13:10 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 10.0.0.68\SetupAdmin.exe

2010-09-18 12:51 . 2010-09-18 13:12 -------- d-----w- c:\program files\iTunes

2010-09-18 12:51 . 2010-09-18 12:51 -------- d-----w- c:\program files\iTunes(2)

2010-09-16 22:47 . 2010-09-16 22:47 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Yahoo!

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-10-01 13:41 . 2007-09-05 12:31 1324 ----a-w- c:\windows\system32\d3d9caps.dat

2010-09-28 22:26 . 2009-10-04 23:18 -------- d-----w- c:\program files\Verizon

2010-09-24 00:11 . 2008-05-01 23:58 -------- d-----w- c:\program files\dl_Cats

2010-09-22 23:11 . 2005-09-08 11:53 -------- d-----w- c:\program files\Dell

2010-09-22 22:17 . 2009-07-11 18:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Motive

2010-09-21 21:56 . 2009-11-28 15:26 -------- d-----w- c:\program files\Common Files\McAfee

2010-09-21 21:53 . 2006-04-21 10:48 -------- d-----w- c:\program files\Lavasoft

2010-09-21 21:40 . 2009-10-03 12:03 -------- d-----w- c:\program files\Uniblue

2010-09-21 13:42 . 2008-12-27 16:26 -------- d-----w- c:\program files\DoremiSoft

2010-09-21 13:39 . 2009-03-02 14:28 -------- d-----w- c:\program files\SpreadsheetConverter

2010-09-21 13:39 . 2008-12-26 16:20 -------- d-----w- c:\program files\Show.kit 2.1

2010-09-21 13:38 . 2008-08-16 11:12 -------- d-----w- c:\program files\Flash Website Design

2010-09-21 13:37 . 2008-10-12 13:12 -------- d-----w- c:\program files\AnvSoft Flash to Video Converter

2010-09-18 21:48 . 2005-10-13 21:43 -------- d-----w- c:\program files\Google

2010-09-18 13:22 . 2008-07-16 20:58 -------- d-----w- c:\program files\Safari

2010-09-18 13:16 . 2009-12-16 23:11 -------- d-----w- c:\program files\QuickTime

2010-09-18 13:11 . 2007-07-10 00:35 -------- d-----w- c:\program files\Common Files\Apple

2010-09-18 12:51 . 2005-10-03 15:42 -------- d-----w- c:\program files\iPod

2010-09-07 21:31 . 2008-08-09 15:17 -------- d-----w- c:\program files\Microsoft Silverlight

2010-08-21 14:53 . 2010-08-21 14:53 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.33.17.8\SetupAdmin.exe

2010-08-21 14:52 . 2010-08-21 14:51 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

2010-08-21 14:37 . 2010-08-21 14:37 -------- d-----w- c:\program files\Bonjour

2010-08-21 14:31 . 2010-08-21 14:31 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe

2010-08-17 13:17 . 2004-08-19 20:49 58880 ----a-w- c:\windows\system32\spoolsv.exe

2010-07-22 15:49 . 2004-08-19 20:49 590848 ----a-w- c:\windows\system32\rpcrt4.dll

2010-07-22 05:57 . 2009-04-15 10:03 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2010-07-17 09:00 . 2010-08-02 09:08 423656 ----a-w- c:\windows\system32\deployJava1.dll

2007-08-18 13:18 . 2007-08-18 13:18 2293712 ----a-w- c:\program files\FLV PlayerFCSetup.exe

2007-08-18 13:15 . 2007-08-18 13:15 3655608 ----a-w- c:\program files\FLV PlayerRCATSetup.exe

2007-08-18 13:14 . 2007-08-18 13:14 411248 ----a-w- c:\program files\FLV PlayerRCSetup.exe

2003-12-03 19:31 . 2003-12-03 19:31 1005 ----a-w- c:\program files\SMDesk.ini

2002-09-27 14:40 . 2002-09-27 14:40 69632 ----a-w- c:\program files\Start.exe

2007-03-09 07:12 . 2007-03-09 07:12 27648 --sha-w- c:\windows\system32\AVSredirect.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c5d332f5-f6c8-4845-bd6c-937838ba907f}]

2010-09-05 17:18 2735200 ----a-w- c:\program files\Freecorder_3\tbFre1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{c5d332f5-f6c8-4845-bd6c-937838ba907f}"= "c:\program files\Freecorder_3\tbFre1.dll" [2010-09-05 2735200]

[HKEY_CLASSES_ROOT\clsid\{c5d332f5-f6c8-4845-bd6c-937838ba907f}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-04-25 139264]

"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-15 344064]

"CTSysVol"="c:\program files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]

"P17Helper"="P17.dll" [2005-05-03 64512]

"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]

"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2006-03-22 1191936]

"Dell Photo AIO Printer 942"="c:\program files\Dell Photo AIO Printer 942\dlbubmgr.exe" [2004-08-31 294912]

"DellMCM"="c:\program files\Dell Photo AIO Printer 942\memcard.exe" [2004-07-27 262144]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-08 47904]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-05-30 202256]

"DLBUCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLBUtime.dll" [2007-02-12 73728]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]

"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2010-03-17 1565696]

"IObit Security 360"="c:\program files\IObit\IObit Security 360\IS360tray.exe" [2010-06-11 1280344]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Monitor.lnk - c:\program files\SanDisk\SanDisk TransferMate\SD Monitor.exe [2007-9-1 114688]

VPN Client.lnk - c:\windows\Installer\{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}\Icon3E5562ED7.ico [2008-1-25 6144]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ \0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]

backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]

backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]

backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkbMonitor.exe.lnk]

backup=c:\windows\pss\NkbMonitor.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Cin^Start Menu^Programs^Startup^Memeo AutoBackup Launcher.lnk]

backup=c:\windows\pss\Memeo AutoBackup Launcher.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Cin^Start Menu^Programs^Startup^Memeo AutoSync Launcher.lnk]

backup=c:\windows\pss\Memeo AutoSync Launcher.lnkStartup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dvd43]

2006-05-22 18:26 694272 ----a-w- c:\program files\dvd43\DVD43_Tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]

2005-02-23 21:19 53248 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

2004-08-09 09:03 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

2004-08-09 09:03 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]

2008-01-01 14:03 36864 ----a-w- c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McPvTray]

2008-05-28 14:33 655360 ----a-w- c:\program files\McAfee\Anti-Theft\McPvTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 00:12 1695232 --sh--w- c:\program files\Messenger\msmsgs.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=

"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=

"c:\\Program Files\\America Online 9.0\\waol.exe"=

"c:\\Old Data\\Program Files\\Macromedia\\Flash MX\\Flash.exe"=

"c:\\Old Data\\Program Files\\Macromedia\\Dreamweaver MX\\Dreamweaver.exe"=

"c:\\Old Data\\Program Files\\WS_FTP\\WS_FTP95.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\WINDOWS\\system32\\fxsclnt.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Old Data\\Program Files\\Macromedia\\Fireworks MX\\Fireworks.exe"=

"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=

"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=

"c:\\WINDOWS\\system32\\dlbucoms.exe"=

"c:\\Program Files\\Parallels\\Parallels Transporter\\Parallels Transporter\\ParallelsTransporter.exe"=

"c:\\Program Files\\Parallels\\Parallels Transporter\\Parallels Transporter Agent\\ParallelsTransporterAgent.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

"c:\\Program Files\\Replay AV 8\\Replay Player\\Replay Player.exe"=

"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\iolo\\System Mechanic Professional\\SysMech.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

"62515:UDP"= 62515:UDP:Cisco VPN Serivice

R0 McPvDrv;McPvDrv;c:\windows\system32\drivers\McPvDrv.sys [5/28/2008 10:32 AM 61688]

S2 AMP;AMP;c:\windows\system32\drivers\amp.sys [1/19/2010 6:53 PM 127016]

S2 AMPSE;AMPSE;c:\windows\system32\drivers\ampse.sys [1/19/2010 6:53 PM 1118248]

S2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [9/18/2010 6:16 PM 711352]

S2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [9/18/2010 6:16 PM 711352]

S2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\is360srv.exe [9/28/2010 8:01 PM 312152]

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [11/28/2009 11:28 AM 93320]

S2 vseamps;vseamps;c:\program files\Common Files\Authentium\AntiVirus5\vseamps.exe [1/19/2010 6:46 PM 121384]

S2 vsedsps;vsedsps;c:\program files\Common Files\Authentium\AntiVirus5\vsedsps.exe [1/19/2010 6:46 PM 117288]

S3 GPWADrv;Service for L6 GuitarPort Driver (WDM);c:\windows\system32\drivers\GPWADrv.sys [12/9/2005 8:06 PM 393216]

S3 L6DP;L6DP;c:\windows\system32\drivers\l6dp.sys [7/15/2002 11:39 PM 26496]

S3 vseqrts;vseqrts;c:\program files\Common Files\Authentium\AntiVirus5\vseqrts.exe [1/19/2010 6:46 PM 158248]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]

2010-05-04 17:20 124928 ----a-w- c:\windows\system32\advpack.dll

.

Contents of the 'Scheduled Tasks' folder

2010-09-29 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-10-01 c:\windows\Tasks\User_Feed_Synchronization-{9126A126-9FBD-4754-B7F4-B9FC53C8E989}.job

- c:\windows\system32\msfeedssync.exe [2006-10-17 23:36]

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.dell4me.com/myway

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

LSP: c:\windows\system32\iavlsp.dll

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

FF - ProfilePath -

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

.

------- File Associations -------

.

JSEFile=NOTEPAD.EXE %1

.

- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)

ActiveSetup-{FDC32A47-A70D-4F9E-97DD-7E08EA9C6BF8} - c:\documents and settings\Cin\Application Data\Bitrix Security\fadosvlk.dll

AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-10-01 10:58

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

DLBUCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLBUtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]

"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1028)

c:\windows\system32\WININET.dll

c:\windows\system32\l3codeca.acm

c:\windows\system32\scg726.acm

c:\windows\system32\alf2cd.acm

c:\windows\system32\AC3ACM.acm

- - - - - - - > 'lsass.exe'(1088)

c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(1444)

c:\windows\system32\WININET.dll

c:\windows\system32\iavlsp.dll

c:\windows\system32\ieframe.dll

.

Completion time: 2010-10-01 11:01:00 - machine was rebooted

ComboFix-quarantined-files.txt 2010-10-01 15:00

Pre-Run: 121,264,717,824 bytes free

Post-Run: 121,148,014,592 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

- - End Of File - - 190ADA934C68BC9D018B44EFEFA76D8D

####################################################################################

2010/10/01 11:07:14.0843 TDSS rootkit removing tool 2.4.3.0 Sep 27 2010 15:28:54

2010/10/01 11:07:14.0843 ================================================================================

2010/10/01 11:07:14.0843 SystemInfo:

2010/10/01 11:07:14.0843

2010/10/01 11:07:14.0843 OS Version: 5.1.2600 ServicePack: 3.0

2010/10/01 11:07:14.0843 Product type: Workstation

2010/10/01 11:07:14.0843 ComputerName: CINCHEETAH

2010/10/01 11:07:14.0843 UserName: Administrator

2010/10/01 11:07:14.0843 Windows directory: C:\WINDOWS

2010/10/01 11:07:14.0843 System windows directory: C:\WINDOWS

2010/10/01 11:07:14.0843 Processor architecture: Intel x86

2010/10/01 11:07:14.0843 Number of processors: 2

2010/10/01 11:07:14.0843 Page size: 0x1000

2010/10/01 11:07:14.0843 Boot type: Safe boot with network

2010/10/01 11:07:14.0843 ================================================================================

2010/10/01 11:07:15.0125 Initialize success

2010/10/01 11:07:21.0500 ================================================================================

2010/10/01 11:07:21.0500 Scan started

2010/10/01 11:07:21.0500 Mode: Manual;

2010/10/01 11:07:21.0500 ================================================================================

2010/10/01 11:07:24.0468 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

2010/10/01 11:07:24.0625 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2010/10/01 11:07:24.0687 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2010/10/01 11:07:24.0718 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

2010/10/01 11:07:24.0796 ADSEXPB (d08916e4579f64af0844ca2c283573a6) C:\WINDOWS\system32\Drivers\adsexpb.sys

2010/10/01 11:07:24.0875 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2010/10/01 11:07:24.0968 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

2010/10/01 11:07:25.0062 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

2010/10/01 11:07:25.0093 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

2010/10/01 11:07:25.0125 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

2010/10/01 11:07:25.0171 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

2010/10/01 11:07:25.0218 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

2010/10/01 11:07:25.0312 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

2010/10/01 11:07:25.0375 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

2010/10/01 11:07:25.0421 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys

2010/10/01 11:07:25.0546 AMP (182806937f4af5cc0f3c65b4d68b051e) C:\WINDOWS\system32\DRIVERS\amp.sys

2010/10/01 11:07:25.0640 AMPSE (b95101fbceb2ae4873e3bc38460f5568) C:\WINDOWS\system32\DRIVERS\ampse.sys

2010/10/01 11:07:25.0718 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

2010/10/01 11:07:25.0812 APLMp50 (1bf91f352d746ad7469fa71783b5fae8) C:\WINDOWS\system32\Drivers\APLMp50.sys

2010/10/01 11:07:25.0875 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

2010/10/01 11:07:25.0921 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

2010/10/01 11:07:25.0968 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

2010/10/01 11:07:26.0093 Aspi32 (b979979ab8027f7f53fb16ec4229b7db) C:\WINDOWS\system32\drivers\Aspi32.sys

2010/10/01 11:07:26.0234 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2010/10/01 11:07:26.0421 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2010/10/01 11:07:26.0625 ati2mtag (b8142104502f794689c1c0bcbfb53b98) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

2010/10/01 11:07:26.0859 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2010/10/01 11:07:26.0984 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2010/10/01 11:07:27.0062 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2010/10/01 11:07:27.0296 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

2010/10/01 11:07:27.0328 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2010/10/01 11:07:27.0390 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

2010/10/01 11:07:27.0437 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2010/10/01 11:07:27.0531 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2010/10/01 11:07:27.0625 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2010/10/01 11:07:27.0765 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys

2010/10/01 11:07:27.0859 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

2010/10/01 11:07:27.0953 ctsfm2k (8db84de3aab34a8b4c2f644eff41cd76) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys

2010/10/01 11:07:28.0031 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\WINDOWS\system32\DRIVERS\CVirtA.sys

2010/10/01 11:07:28.0125 CVPNDRVA (26deef07394624247d1f549bd94f0b15) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys

2010/10/01 11:07:28.0234 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

2010/10/01 11:07:28.0375 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

2010/10/01 11:07:28.0484 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2010/10/01 11:07:28.0593 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2010/10/01 11:07:28.0703 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2010/10/01 11:07:28.0734 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2010/10/01 11:07:28.0781 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2010/10/01 11:07:28.0859 DNE (7b4fdfbe97c047175e613aa96f3de987) C:\WINDOWS\system32\DRIVERS\dne2000.sys

2010/10/01 11:07:28.0906 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

2010/10/01 11:07:28.0968 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2010/10/01 11:07:29.0031 drvmcdb (96bc8f872f0270c10edc3931f1c03776) C:\WINDOWS\system32\drivers\drvmcdb.sys

2010/10/01 11:07:29.0109 drvnddm (5afbec7a6ac61b211633dfdb1d9e0c89) C:\WINDOWS\system32\drivers\drvnddm.sys

2010/10/01 11:07:29.0234 dvd43llh (1fc1eed3ea0c3a0ecf8a95b97e1b4831) C:\WINDOWS\system32\DRIVERS\dvd43llh.sys

2010/10/01 11:07:29.0265 E100B (95974e66d3de4951d29e28e8bc0b644c) C:\WINDOWS\system32\DRIVERS\e100b325.sys

2010/10/01 11:07:29.0328 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2010/10/01 11:07:29.0359 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

2010/10/01 11:07:29.0421 FileDisk (0694585d54bf46379ce41aee2b6864aa) C:\WINDOWS\system32\drivers\FileDisk.sys

2010/10/01 11:07:29.0453 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2010/10/01 11:07:29.0515 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

2010/10/01 11:07:29.0609 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2010/10/01 11:07:29.0671 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2010/10/01 11:07:29.0750 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2010/10/01 11:07:29.0875 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

2010/10/01 11:07:29.0984 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2010/10/01 11:07:30.0093 GPWADrv (7c7da88e6d3b3fac62bbffc4d938d0c7) C:\WINDOWS\system32\Drivers\GPWADrv.sys

2010/10/01 11:07:30.0171 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2010/10/01 11:07:30.0218 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

2010/10/01 11:07:30.0281 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys

2010/10/01 11:07:30.0343 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys

2010/10/01 11:07:30.0453 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2010/10/01 11:07:30.0515 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

2010/10/01 11:07:30.0562 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys

2010/10/01 11:07:30.0640 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2010/10/01 11:07:30.0750 iastor (d593517879e65167df35f6015814ac59) C:\WINDOWS\system32\drivers\iastor.sys

2010/10/01 11:07:30.0984 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2010/10/01 11:07:31.0062 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

2010/10/01 11:07:31.0125 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

2010/10/01 11:07:31.0171 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2010/10/01 11:07:31.0218 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2010/10/01 11:07:31.0265 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2010/10/01 11:07:31.0296 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2010/10/01 11:07:31.0343 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2010/10/01 11:07:31.0390 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2010/10/01 11:07:31.0453 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2010/10/01 11:07:31.0546 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2010/10/01 11:07:31.0562 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2010/10/01 11:07:31.0609 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

2010/10/01 11:07:31.0656 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2010/10/01 11:07:31.0765 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2010/10/01 11:07:31.0828 L6DP (4b0dc386061dc7276eafb24cff641ded) C:\WINDOWS\system32\Drivers\l6dp.sys

2010/10/01 11:07:31.0937 McPvDrv (436966e5f96ea810a8a80a5fb41b63ad) C:\WINDOWS\system32\drivers\McPvDrv.sys

2010/10/01 11:07:32.0000 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

2010/10/01 11:07:32.0062 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys

2010/10/01 11:07:32.0078 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2010/10/01 11:07:32.0140 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2010/10/01 11:07:32.0171 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys

2010/10/01 11:07:32.0234 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2010/10/01 11:07:32.0296 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2010/10/01 11:07:32.0484 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2010/10/01 11:07:32.0562 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

2010/10/01 11:07:32.0703 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS

2010/10/01 11:07:32.0828 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS

2010/10/01 11:07:32.0906 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2010/10/01 11:07:33.0031 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2010/10/01 11:07:33.0125 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2010/10/01 11:07:33.0218 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2010/10/01 11:07:33.0265 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2010/10/01 11:07:33.0312 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2010/10/01 11:07:33.0390 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2010/10/01 11:07:33.0468 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

2010/10/01 11:07:33.0546 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2010/10/01 11:07:33.0718 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2010/10/01 11:07:33.0765 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2010/10/01 11:07:33.0812 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2010/10/01 11:07:33.0875 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys

2010/10/01 11:07:33.0968 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2010/10/01 11:07:34.0062 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2010/10/01 11:07:34.0218 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys

2010/10/01 11:07:34.0265 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2010/10/01 11:07:34.0328 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2010/10/01 11:07:34.0375 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2010/10/01 11:07:34.0625 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

2010/10/01 11:07:34.0828 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2010/10/01 11:07:34.0875 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2010/10/01 11:07:35.0015 omci (53d5f1278d9edb21689bbbcecc09108d) C:\WINDOWS\system32\DRIVERS\omci.sys

2010/10/01 11:07:35.0265 ossrv (103a9b117a7d9903111955cdafe65ac6) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys

2010/10/01 11:07:35.0343 P17 (df886ffed69aead0cf608b89b18c3f6f) C:\WINDOWS\system32\drivers\P17.sys

2010/10/01 11:07:35.0609 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

2010/10/01 11:07:35.0859 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2010/10/01 11:07:35.0921 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2010/10/01 11:07:36.0000 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2010/10/01 11:07:36.0125 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2010/10/01 11:07:36.0203 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

2010/10/01 11:07:36.0281 Pcouffin (5b68c60b01dac03d895ec1ca0a0365da) C:\WINDOWS\system32\Drivers\Pcouffin.sys

2010/10/01 11:07:36.0500 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

2010/10/01 11:07:36.0546 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

2010/10/01 11:07:36.0656 PfModNT (d9ed17ac15720096a9f92ff4ea587b09) C:\WINDOWS\system32\drivers\PfModNT.sys

2010/10/01 11:07:36.0750 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2010/10/01 11:07:36.0796 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2010/10/01 11:07:36.0843 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2010/10/01 11:07:36.0906 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys

2010/10/01 11:07:36.0953 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

2010/10/01 11:07:36.0984 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

2010/10/01 11:07:37.0031 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

2010/10/01 11:07:37.0078 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

2010/10/01 11:07:37.0109 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

2010/10/01 11:07:37.0156 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2010/10/01 11:07:37.0250 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2010/10/01 11:07:37.0312 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2010/10/01 11:07:37.0343 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2010/10/01 11:07:37.0437 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2010/10/01 11:07:37.0593 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2010/10/01 11:07:37.0703 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2010/10/01 11:07:37.0750 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2010/10/01 11:07:37.0859 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2010/10/01 11:07:38.0046 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2010/10/01 11:07:38.0156 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

2010/10/01 11:07:38.0203 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

2010/10/01 11:07:38.0312 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2010/10/01 11:07:38.0468 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys

2010/10/01 11:07:38.0515 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

2010/10/01 11:07:38.0578 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2010/10/01 11:07:38.0687 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2010/10/01 11:07:38.0765 Srv (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys

2010/10/01 11:07:38.0843 sscdbhk5 (98625722ad52b40305e74aaa83c93086) C:\WINDOWS\system32\drivers\sscdbhk5.sys

2010/10/01 11:07:38.0906 ssrtln (d79412e3942c8a257253487536d5a994) C:\WINDOWS\system32\drivers\ssrtln.sys

2010/10/01 11:07:38.0953 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2010/10/01 11:07:39.0015 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2010/10/01 11:07:39.0109 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

2010/10/01 11:07:39.0140 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

2010/10/01 11:07:39.0296 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

2010/10/01 11:07:39.0375 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

2010/10/01 11:07:39.0437 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2010/10/01 11:07:39.0593 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2010/10/01 11:07:39.0656 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2010/10/01 11:07:39.0703 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2010/10/01 11:07:39.0781 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2010/10/01 11:07:39.0875 tfsnboio (d0177776e11b0b3f272eebd262a69661) C:\WINDOWS\system32\dla\tfsnboio.sys

2010/10/01 11:07:39.0953 tfsncofs (599804bc938b8305a5422319774da871) C:\WINDOWS\system32\dla\tfsncofs.sys

2010/10/01 11:07:39.0984 tfsndrct (a1902c00adc11c4d83f8e3ed947a6a32) C:\WINDOWS\system32\dla\tfsndrct.sys

2010/10/01 11:07:40.0046 tfsndres (d8ddb3f2b1bef15cff6728d89c042c61) C:\WINDOWS\system32\dla\tfsndres.sys

2010/10/01 11:07:40.0078 tfsnifs (c4f2dea75300971cdaee311007de138d) C:\WINDOWS\system32\dla\tfsnifs.sys

2010/10/01 11:07:40.0125 tfsnopio (272925be0ea919f08286d2ee6f102b0f) C:\WINDOWS\system32\dla\tfsnopio.sys

2010/10/01 11:07:40.0156 tfsnpool (7b7d955e5cebc2fb88b03ef875d52a2f) C:\WINDOWS\system32\dla\tfsnpool.sys

2010/10/01 11:07:40.0203 tfsnudf (e3d01263109d800c1967c12c10a0b018) C:\WINDOWS\system32\dla\tfsnudf.sys

2010/10/01 11:07:40.0250 tfsnudfa (b9e9c377906e3a65bc74598fff7f7458) C:\WINDOWS\system32\dla\tfsnudfa.sys

2010/10/01 11:07:40.0343 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys

2010/10/01 11:07:40.0421 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2010/10/01 11:07:40.0468 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

2010/10/01 11:07:40.0546 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2010/10/01 11:07:40.0687 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys

2010/10/01 11:07:40.0765 usbbus (5353218b3265e3b8190335059f697a11) C:\WINDOWS\system32\DRIVERS\lgusbbus.sys

2010/10/01 11:07:40.0828 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2010/10/01 11:07:40.0906 UsbDiag (7dd3eefc62a1ef44e5f940fa651ed9ed) C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys

2010/10/01 11:07:41.0046 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2010/10/01 11:07:41.0125 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2010/10/01 11:07:41.0171 USBModem (083031a78822eccbd7510bccd3e20d4c) C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys

2010/10/01 11:07:41.0234 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2010/10/01 11:07:41.0281 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2010/10/01 11:07:41.0312 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2010/10/01 11:07:41.0375 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2010/10/01 11:07:41.0437 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2010/10/01 11:07:41.0500 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

2010/10/01 11:07:41.0546 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

2010/10/01 11:07:41.0640 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2010/10/01 11:07:41.0734 vsdatant (27b3dd12a19eec50220df15b64913dda) C:\WINDOWS\system32\vsdatant.sys

2010/10/01 11:07:41.0906 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2010/10/01 11:07:41.0984 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys

2010/10/01 11:07:42.0078 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys

2010/10/01 11:07:42.0203 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2010/10/01 11:07:42.0296 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

2010/10/01 11:07:42.0531 winusb (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.SYS

2010/10/01 11:07:42.0687 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys

2010/10/01 11:07:42.0765 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

2010/10/01 11:07:42.0859 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2010/10/01 11:07:43.0031 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2010/10/01 11:07:43.0171 \HardDisk0\MBR - detected Rootkit.Win32.TDSS.tdl4 (0)

2010/10/01 11:07:43.0187 ================================================================================

2010/10/01 11:07:43.0187 Scan finished

2010/10/01 11:07:43.0187 ================================================================================

2010/10/01 11:07:43.0234 Detected object count: 1

2010/10/01 11:07:55.0343 \HardDisk0\MBR - will be cured after reboot

2010/10/01 11:07:55.0343 Rootkit.Win32.TDSS.tdl4(\HardDisk0\MBR) - User select action: Cure

2010/10/01 11:07:59.0734 Deinitialize success

###################################################################################

GMER 1.0.15.15281 - http://www.gmer.net

Rootkit scan 2010-10-01 11:39:59

Windows 5.1.2600 Service Pack 3

Running: gmer.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\fwloqkob.sys

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{0588C38B-B085-80CE-5708-161854F73ED1}\InprocServer32@ C:\Program Files\Windows Media Components\Encoder\wmex.dll

Reg HKLM\SOFTWARE\Classes\CLSID\{0588C38B-B085-80CE-5708-161854F73ED1}\InprocServer32@ThreadingModel Apartment

Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\InprocServer32@ C:\WINDOWS\system32\sysmon.ocx

Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\InprocServer32@ThreadingModel Apartment

Reg HKLM\SOFTWARE\Classes\CLSID\{77F8D6E9-F0A7-8D50-B905-CAC75B2E221B}\Implemented Categories\{0DE86A54-2BAA-11CF-A229-00AA003D7352}

Reg HKLM\SOFTWARE\Classes\CLSID\{77F8D6E9-F0A7-8D50-B905-CAC75B2E221B}\Implemented Categories\{0DE86A57-2BAA-11CF-A229-00AA003D7352}

Reg HKLM\SOFTWARE\Classes\CLSID\{77F8D6E9-F0A7-8D50-B905-CAC75B2E221B}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}

Reg HKLM\SOFTWARE\Classes\CLSID\{77F8D6E9-F0A7-8D50-B905-CAC75B2E221B}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}

Reg HKLM\SOFTWARE\Classes\CLSID\{77F8D6E9-F0A7-8D50-B905-CAC75B2E221B}\InprocServer32@ C:\WINDOWS\system32\msvidctl.dll

Reg HKLM\SOFTWARE\Classes\CLSID\{77F8D6E9-F0A7-8D50-B905-CAC75B2E221B}\InprocServer32@ThreadingModel Both

Reg HKLM\SOFTWARE\Classes\CLSID\{77F8D6E9-F0A7-8D50-B905-CAC75B2E221B}\ProgID@ BDATuner.ChannelTuneRequest.1

Reg HKLM\SOFTWARE\Classes\CLSID\{77F8D6E9-F0A7-8D50-B905-CAC75B2E221B}\TypeLib@ {9B085638-018E-11D3-9D8E-00C04F72D980}

Reg HKLM\SOFTWARE\Classes\CLSID\{77F8D6E9-F0A7-8D50-B905-CAC75B2E221B}\VersionIndependentProgID@ BDATuner.ChannelTuneRequest

---- EOF - GMER 1.0.15 ----

September 30, 2010

Hi -

My issue started with Windows Antivirus 2010 installing itself. I removed the program. The other thing I noticed is whenver I use a search engine

I'm getting redirected on anything I click on - I do get pop up windows out of nowhere and it won't let me post to your site- lastly, windows update can't connect. User mode, start windows normally, user Cin.

For purposes of malware scanning - these logs were created in safe mode with networking/admin.

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4717

Windows 5.1.2600 Service Pack 3 (Safe Mode)

Internet Explorer 7.0.5730.13

9/29/2010 6:23:14 PM

mbam-log-2010-09-29 (18-23-14).txt

Scan type: Quick scan

Objects scanned: 171280

Time elapsed: 11 minute(s), 15 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

################################

Rooter.exe (v1.0.2) by Eric_71

.

SeDebugPrivilege granted successfully ...

.

Windows XP . (5.1.2600) Service Pack 3

[32_bits] - x86 Family 15 Model 4 Stepping 3, GenuineIntel

.

[wscsvc] STOPPED (state:1) : Security Center -> Disabled !

[sharedAccess] RUNNING (state:4)

Windows Firewall -> Enabled

.

Internet Explorer 7.0.5730.13

.

A:\ [Removable]

C:\ [Fixed-NTFS] .. ( Total:228 Go - Free:113 Go )

D:\ [CD_Rom]

E:\ [CD_Rom]

F:\ [Removable]

.

Scan : 19:36.02

Path : C:\Documents and Settings\Administrator\Desktop\Rooter.exe

User : Administrator ( Administrator -> YES )

.

----------------------\\ Processes

.

Locked [system Process] (0)

______ System (4)

______ \SystemRoot\System32\smss.exe (952)

______ \??\C:\WINDOWS\system32\csrss.exe (1000)

______ \??\C:\WINDOWS\system32\winlogon.exe (1024)

______ C:\WINDOWS\system32\services.exe (1072)

______ C:\WINDOWS\system32\lsass.exe (1084)

______ C:\WINDOWS\system32\svchost.exe (1256)

______ C:\WINDOWS\system32\svchost.exe (1328)

______ C:\WINDOWS\system32\svchost.exe (1552)

______ C:\WINDOWS\system32\svchost.exe (1624)

______ C:\WINDOWS\Explorer.EXE (544)

______ C:\WINDOWS\system32\ctfmon.exe (984)

______ C:\Program Files\Internet Explorer\iexplore.exe (664)

______ C:\Program Files\Internet Explorer\iexplore.exe (1660)

______ C:\Documents and Settings\Administrator\Desktop\Rooter.exe (820)

.

----------------------\\ Device\Harddisk0\

.

\Device\Harddisk0 [sectors : 63 x 512 Bytes]

.

\Device\Harddisk0\Partition1 (Start_Offset:32256 | Length:57544704)

\Device\Harddisk0\Partition2 --[ MBR ]-- (Start_Offset:57576960 | Length:244948838400)

\Device\Harddisk0\Partition3 (Start_Offset:245006415360 | Length:4984519680)

.

----------------------\\ Scheduled Tasks

.

C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

C:\WINDOWS\Tasks\desktop.ini

C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-3178570343-2686982665-4255511254-1006.job

C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-3178570343-2686982665-4255511254-1006.job

C:\WINDOWS\Tasks\SA.DAT

C:\WINDOWS\Tasks\User_Feed_Synchronization-{9126A126-9FBD-4754-B7F4-B9FC53C8E989}.job

.

----------------------\\ Registry

.

----------------------\\ Files & Folders

.

----------------------\\ Scan completed at 19:36.03

.

C:\Rooter$\Rooter_1.txt - (29/09/2010 | 19:36.03)

###############################################################

LockSearch by jpshortstuff (05.11.09.1)

Log created at 19:37 on 29/09/2010 (Administrator)

Scanning C:\

C:\pagefile.sys

-------------------------

-=E.O.F=-

##############################################

CKScanner - Additional Security Risks - These are not necessarily bad

c:\documents and settings\cin\my documents\cincheetah.com\crackmfc.html

c:\documents and settings\cin\my documents\cincheetah.com\crackmfc.ram

c:\documents and settings\cin\my documents\cincheetah.com\web\crackmfc.rm

c:\documents and settings\cin\my documents\cincheetah.com\web1\crackmfc.rm

c:\documents and settings\cin\my documents\line 6\tones\guitarport\preset\bass\graham cracker bass.gpt

c:\documents and settings\cin\my documents\my music\itunes\itunes music\melissa ferrick\valentine heartache\04 crack the mirror 1.m4a

c:\documents and settings\cin\my documents\my music\itunes\itunes music\melissa ferrick\valentine heartache\04 crack the mirror.m4a

c:\program files\jasc software inc\paint shop pro studio\bump maps\cracked desert.pspimage

c:\program files\jasc software inc\paint shop pro studio\patterns\cracked paint.pspimage

c:\program files\line6\guitarport\data\factory\preset\bass\graham cracker bass.gpt

scanner sequence 3.CG.11

----- EOF -----

##########################################################################

Windows Validation Check

Version: 1.8.8.3

Log Created On: 1943_29-09-2010

-----------------------

Windows Information

-----------------------

Windows Version: Windows XP Service Pack 3

Windows Mode: Safe Mode with Networking

WVCheck's Auto Update Check

-----------------------

Auto-Update Option: Download updates and install them automatically.

-----------------------

Last success time for Automatic Updates for 'Detect', 'Download' and 'Install' could not be found.

WVCheck's Registry Check Check

-----------------------

Antiwpa: Not Found

-----------------------

Chew7Hale: Not Found

-----------------------

WVCheck's File Dump

-----------------------

WVCheck found no known bad files.

WVCheck's Dir Dump

-----------------------

C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage

Size: 0 bytes

Matched: *Genuine?Advantage*

-----------------------

C:\Old Data\Documents and Settings\All Users\Application Data\Microsoft\Windows Genuine Advantage

Size: 0 bytes

Matched: *Genuine?Advantage*

-----------------------

WVCheck's Missing File Check

-----------------------

WVCheck found no missing Windows files.

WVCheck's MBAM Quarantine Check

-----------------------

There were no bad files quarantined by MBAM.

WVCheck's HOSTS File Check

-----------------------

WVCheck found no bad lines in the hosts file.

WVCheck's MD5 Check

EXPERIMENTAL!!

-----------------------

user32.dll - b26b135ff1b9f60c9388b4a7d16f600b

-------- End of File, program close at 1946_29-09-2010 --------

######################################################

GMER 1.0.15.15281 - http://www.gmer.net

Rootkit scan 2010-09-30 05:41:54

Windows 5.1.2600 Service Pack 3

Running: gmer.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\fwloqkob.sys

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\Explorer.EXE[544] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00D3000A

.text C:\WINDOWS\Explorer.EXE[544] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00D4000A

.text C:\WINDOWS\Explorer.EXE[544] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00D2000C

.text C:\WINDOWS\system32\svchost.exe[1552] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00FF000A

.text C:\WINDOWS\system32\svchost.exe[1552] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0111000A

.text C:\WINDOWS\system32\svchost.exe[1552] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00FE000C

.text C:\WINDOWS\system32\svchost.exe[1552] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 00D3000A

.text C:\WINDOWS\system32\svchost.exe[1552] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 0112000A