Definitely have malware :(

C

CamaroJeff

New member
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:39:19 AM, on 9/28/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\lxczcoms.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.98rock.com/cc-common/babes/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: 216.19.0.250 idenupdate.motorola.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Browser Helper Object - {AFD4AD01-58C1-47DB-A404-FBE00A6C5486} - C:\Program Files\Shared\lib.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [Ksebuhey] rundll32.exe "C:\WINDOWS\urufixej.dll",e
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: ikowin32.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} - http://66.154.44.68/cam/Install.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by14fd.bay14.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8E28B3A9-FE83-45D1-B657-D5426B81A121} (CustomerCtrl Class) - https://cs7b.instantservice.com/jars/customerxsigned42.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O16 - DPF: {D9EA64B2-B966-E177-332C-78B69886526D} - http://download.newaol.com/bkpromo/download/PerformerSetup.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O18 - Filter hijack: text/html - {d9d9d031-9536-47bb-8aa2-d3a1501a502d} - C:\WINDOWS\system32\dsound3dd.dll
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: lxcz_device - - C:\WINDOWS\system32\lxczcoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\

--
End of file - 7849 bytes
 
Hi,

Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt
  • Save both reports to your desktop. Post them back to your topic.

Download GMER here by clicking download exe -button and then saving it your desktop:
  • Double-click .exe that you downloaded
  • Click rootkit-tab and then scan.
  • Don't check
    Show All
    box while scanning in progress!
  • When scanning is ready, click Copy.
  • This copies log to clipboard
  • Post log in your reply.
 
okay, DDS came up with these.

DDS.txt


DDS (Ver_09-09-29.01) - NTFSx86
Run by Spiderman at 20:43:32.89 on Fri 10/02/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.201 [GMT -4:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\lxczcoms.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\SYSTEM32\notepad.exe
C:\Documents and Settings\Spiderman\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.98rock.com/cc-common/babes/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: dsWebAllowBHO Class: {2f85d76c-0569-466f-a488-493e6bd0e955} - c:\program files\windows desktop search\dsWebAllow.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Browser Helper Object: {afd4ad01-58c1-47db-a404-fbe00a6c5486} - c:\program files\shared\lib.dll
TB: {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
mRun: [FaxCenterServer] "c:\program files\lexmark fax solutions\fm3032.exe" /s
mRun: [Ksebuhey] rundll32.exe "c:\windows\urufixej.dll",e
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\documents and settings\spiderman\start menu\programs\startup\ikowin32.exe
IE: &ieSpell Options - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: &Search
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Check &Spelling - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: Lookup on Merriam Webster - file://c:\program files\iespell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\iespell\wikipedia.HTM
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\windows\system32\msjava.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - hxxp://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
DPF: {205FF73B-CA67-11D5-99DD-444553540000} - hxxp://66.154.44.68/cam/Install.cab
DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} - hxxp://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/wmv9dmo.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://by14fd.bay14.hotmail.msn.com/resources/MsnPUpld.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} - hxxp://chat.yahoo.com/cab/yacsui.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {8E28B3A9-FE83-45D1-B657-D5426B81A121} - hxxps://cs7b.instantservice.com/jars/customerxsigned42.cab
DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} - hxxp://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {D9EA64B2-B966-E177-332C-78B69886526D} - hxxp://download.newaol.com/bkpromo/download/PerformerSetup.cab
DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} - hxxp://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab
DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - hxxp://fdl.msn.com/zone/datafiles/heartbeat.cab
Filter: text/html - {d9d9d031-9536-47bb-8aa2-d3a1501a502d} - c:\windows\system32\dsound3dd.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: {4A54500A-65FE-4F4A-B860-20EAE2F577F9} - No File
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll
LSA: Notification Packages = scecli carcpc.dll

============= SERVICES / DRIVERS ===============

R2 lxcz_device;lxcz_device;c:\windows\system32\lxczcoms.exe -service --> c:\windows\system32\lxczcoms.exe -service [?]
S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [2006-8-13 2944]
S3 brparimg;Brother Multi Function Parallel Image driver;c:\windows\system32\drivers\BrParImg.sys [2006-8-13 3168]
S3 BrParWdm;Brother WDM Parallel Driver;c:\windows\system32\drivers\BrParwdm.sys [2006-8-13 39552]
S3 BrSerWDM;Brother Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [2006-8-13 60416]
S3 DMSKSSRh;DMSKSSRh;\??\c:\docume~1\spider~1\locals~1\temp\dmskssrh.sys --> c:\docume~1\spider~1\locals~1\temp\DMSKSSRh.sys [?]
S3 SaiNtSub;SaiNtSub;c:\windows\system32\drivers\SaiNtSub.sys [2005-2-4 19200]
S3 samhid;samhid;c:\windows\system32\drivers\samhid.sys --> c:\windows\system32\drivers\samhid.sys [?]

=============== Created Last 30 ================

2009-10-02 20:39 14,514 a------- c:\windows\itecigitulob.dll
2009-10-02 17:41 13,067 a------- c:\windows\ifidevac.dll
2009-10-02 07:21 12,291 a------- c:\windows\anelizodowurafox.dll
2009-10-01 21:19 11,460 a------- c:\windows\eleharuculihi.dll
2009-10-01 17:28 11,650 a------- c:\windows\okehazuyosegefim.dll
2009-09-30 23:20 12,390 a------- c:\windows\urucozis.dll
2009-09-30 20:02 15,257 a------- c:\windows\ukoyuzubizeb.dll
2009-09-30 18:03 11,576 a------- c:\windows\imujoxuc.dll
2009-09-30 07:18 11,520 a------- c:\windows\ufiyosegef.dll
2009-09-29 21:32 11,581 a------- c:\windows\imunesey.dll
2009-09-29 19:30 11,638 a------- c:\windows\egayiyoh.dll
2009-09-29 17:32 11,520 a------- c:\windows\isitibuxer.dll
2009-09-29 07:02 13,701 a------- c:\windows\ajibatidedug.dll
2009-09-28 22:40 11,404 a------- c:\windows\okecuvuhoxuquxoj.dll
2009-09-28 15:27 11,638 a------- c:\windows\upotepin.dll
2009-09-28 13:25 11,520 a------- c:\windows\oxumopuduy.dll
2009-09-28 11:23 11,576 a------- c:\windows\iyatahixowetohe.dll
2009-09-27 21:45 11,706 a------- c:\windows\awaworucato.dll
2009-09-27 15:54 11,520 a------- c:\windows\ajayelovawubixax.dll
2009-09-27 09:26 11,644 a------- c:\windows\inutezezuquj.dll
2009-09-26 19:29 11,638 a------- c:\windows\ibimapiqiyonox.dll
2009-09-26 17:27 11,638 a------- c:\windows\ogipucovotuket.dll
2009-09-26 15:28 11,638 a------- c:\windows\asicolal.dll
2009-09-25 13:09 11,520 a------- c:\windows\oraluwen.dll
2009-09-25 07:19 13,740 a------- c:\windows\ugifiwuz.dll
2009-09-24 20:53 11,576 a------- c:\windows\ayimapiq.dll
2009-09-24 18:52 11,644 a------- c:\windows\opohugil.dll
2009-09-24 12:37 11,520 a------- c:\windows\eheriwesozo.dll
2009-09-24 10:35 13,675 a------- c:\windows\abozemiz.dll
2009-09-24 08:33 12,904 a------- c:\windows\ufihilofej.dll
2009-09-24 06:31 11,448 a------- c:\windows\odajezoweqoh.dll
2009-09-24 04:29 11,706 a------- c:\windows\oqegovagifobaw.dll
2009-09-24 02:27 11,448 a------- c:\windows\osutiles.dll
2009-09-24 00:25 11,162 a------- c:\windows\ifereweha.dll
2009-09-23 22:23 12,108 a------- c:\windows\ebocoroj.dll
2009-09-23 20:21 11,386 a------- c:\windows\orehifuc.dll
2009-09-23 18:19 11,588 a------- c:\windows\elujewuj.dll
2009-09-23 16:17 11,330 a------- c:\windows\amikulej.dll
2009-09-23 14:15 11,392 a------- c:\windows\ofuvozeraz.dll
2009-09-23 12:13 11,392 a------- c:\windows\edojolij.dll
2009-09-23 10:11 11,448 a------- c:\windows\udociluvunebur.dll
2009-09-23 08:09 11,330 a------- c:\windows\amezawuf.dll
2009-09-23 06:07 12,029 a------- c:\windows\ofofafawi.dll
2009-09-23 04:05 12,056 a------- c:\windows\edilaref.dll
2009-09-23 02:03 11,330 a------- c:\windows\uwodewiy.dll
2009-09-23 00:01 12,825 a------- c:\windows\ebimizih.dll
2009-09-22 21:59 11,650 a------- c:\windows\evayasomizih.dll
2009-09-22 19:57 11,588 a------- c:\windows\omelolac.dll
2009-09-22 17:55 11,386 a------- c:\windows\unuhovehula.dll
2009-09-22 15:53 11,386 a------- c:\windows\ubejefiq.dll
2009-09-22 13:51 11,386 a------- c:\windows\utogofor.dll
2009-09-22 11:49 11,386 a------- c:\windows\efemirux.dll
2009-09-22 09:47 11,448 a------- c:\windows\aduyamuk.dll
2009-09-22 07:45 11,448 a------- c:\windows\uhodesuvaruk.dll
2009-09-22 05:43 11,448 a------- c:\windows\uwapalir.dll
2009-09-22 03:41 12,895 a------- c:\windows\opunevif.dll
2009-09-22 01:39 12,116 a------- c:\windows\ofoqusiwoj.dll
2009-09-21 23:37 12,851 a------- c:\windows\ejodafaw.dll
2009-09-21 21:35 11,386 a------- c:\windows\irakarat.dll
2009-09-21 19:33 11,386 a------- c:\windows\amukupugebudax.dll
2009-09-21 17:32 87,168 a------- c:\windows\system32\drivers\3e3b0e9.sys
2009-09-21 17:31 11,448 a------- c:\windows\ixuqeduk.dll
2009-09-21 10:52 11,386 a------- c:\windows\imawiloji.dll
2009-09-21 08:50 12,047 a------- c:\windows\idogezorijegozu.dll
2009-09-21 06:48 11,650 a------- c:\windows\axinirumecahalev.dll
2009-09-21 04:46 11,448 a------- c:\windows\ojuqafar.dll
2009-09-21 02:44 11,448 a------- c:\windows\uvikuwafonut.dll
2009-09-21 00:42 12,329 a------- c:\windows\ukayewecig.dll
2009-09-20 22:40 13,645 a------- c:\windows\ojipevubeqovuzi.dll
2009-09-20 20:38 11,386 a------- c:\windows\enuxusum.dll
2009-09-20 18:36 11,330 a------- c:\windows\arihexop.dll
2009-09-20 16:34 12,198 a------- c:\windows\oheqazejo.dll
2009-09-20 14:32 11,448 a------- c:\windows\ukifefeqacolal.dll
2009-09-20 12:30 11,392 a------- c:\windows\ubelerih.dll
2009-09-20 10:28 11,448 a------- c:\windows\ejidiwoxewofes.dll
2009-09-20 08:26 11,706 a------- c:\windows\atomanap.dll
2009-09-20 06:24 12,112 a------- c:\windows\ikenalepetiyo.dll
2009-09-20 04:22 12,065 a------- c:\windows\uxosuloromazizu.dll
2009-09-20 02:20 12,001 a------- c:\windows\ejeruzifuloru.dll
2009-09-20 00:18 14,565 a------- c:\windows\atezosowuwu.dll
2009-09-19 22:16 12,293 a------- c:\windows\iwisefubemob.dll
2009-09-19 20:14 11,392 a------- c:\windows\arubawutilesol.dll
2009-09-19 18:12 11,448 a------- c:\windows\uhinufeworitulus.dll
2009-09-19 16:10 11,706 a------- c:\windows\uxeturet.dll
2009-09-19 14:08 11,588 a------- c:\windows\aweqasoqege.dll
2009-09-19 12:06 11,386 a------- c:\windows\okucuzuhifuci.dll
2009-09-19 10:04 11,386 a------- c:\windows\ifocoxicakihev.dll
2009-09-19 08:02 12,757 a------- c:\windows\owebalikoqatu.dll
2009-09-19 06:00 13,906 a------- c:\windows\ixikerevafidel.dll
2009-09-19 03:58 11,448 a------- c:\windows\eqavafidelujolij.dll
2009-09-19 01:56 11,386 a------- c:\windows\awequmofut.dll
2009-09-18 23:54 11,386 a------- c:\windows\ifiyuruwokuqisal.dll
2009-09-18 21:52 11,386 a------- c:\windows\uyezizaz.dll
2009-09-18 19:50 11,386 a------- c:\windows\ewovuzitoha.dll
2009-09-18 17:48 11,386 a------- c:\windows\orejulowu.dll
2009-09-18 15:49 11,588 a------- c:\windows\olenelanavecazu.dll
2009-09-18 01:52 12,368 a------- c:\windows\ofeholuh.dll
2009-09-17 23:50 11,386 a------- c:\windows\idujizuqu.dll
2009-09-17 21:48 11,588 a------- c:\windows\oteqesuhelehizu.dll
2009-09-17 19:46 11,448 a------- c:\windows\usotolix.dll
2009-09-17 17:44 11,448 a------- c:\windows\uhoyiger.dll
2009-09-17 15:42 11,448 a------- c:\windows\epulifipuluk.dll
2009-09-17 13:40 11,386 a------- c:\windows\uhikorilowadil.dll
2009-09-17 11:38 11,644 a------- c:\windows\ukonirumecah.dll
2009-09-17 09:36 11,588 a------- c:\windows\eleqafarip.dll
2009-09-17 07:34 11,386 a------- c:\windows\obawulevefi.dll
2009-09-17 05:32 13,586 a------- c:\windows\iqokilomi.dll
2009-09-17 03:30 11,706 a------- c:\windows\icopevubeqo.dll
2009-09-17 01:28 11,706 a------- c:\windows\udexusumo.dll
2009-09-16 23:26 11,448 a------- c:\windows\acerimuquj.dll
2009-09-16 21:24 13,060 a------- c:\windows\ecefotoc.dll
2009-09-16 19:22 11,330 a------- c:\windows\exelowunikazubi.dll
2009-09-16 17:20 11,588 a------- c:\windows\anurituci.dll
2009-09-16 15:18 11,386 a------- c:\windows\ekoboneravasam.dll
2009-09-16 13:16 11,386 a------- c:\windows\ucagosixaxeteted.dll
2009-09-16 11:14 11,706 a------- c:\windows\uxatigokidonot.dll
2009-09-16 09:12 11,448 a------- c:\windows\alewanulamolimar.dll
2009-09-16 07:10 11,280 a------- c:\windows\ajocetuw.dll
2009-09-16 05:08 11,330 a------- c:\windows\onehebaf.dll
2009-09-16 03:08 13,003 a------- c:\windows\odehusucam.dll
2009-09-16 00:30 11,392 a------- c:\windows\ufirubohojafabi.dll
2009-09-15 22:28 11,392 a------- c:\windows\ewizotuqo.dll
2009-09-15 20:26 11,392 a------- c:\windows\uvamibah.dll
2009-09-15 18:24 11,386 a------- c:\windows\ehigozux.dll
2009-09-15 16:22 11,588 a------- c:\windows\oliyonidopumam.dll
2009-09-15 14:20 11,386 a------- c:\windows\uribiyov.dll
2009-09-15 12:21 11,386 a------- c:\windows\ucijumuqobo.dll
2009-09-15 10:02 11,386 a------- c:\windows\eyudobuvo.dll
2009-09-15 08:00 11,386 a------- c:\windows\awiritadumo.dll
2009-09-15 05:58 11,448 a------- c:\windows\adafegizutaz.dll
2009-09-15 03:56 11,532 a------- c:\windows\ucelesolas.dll
2009-09-15 01:54 11,386 a------- c:\windows\ibuwunoz.dll
2009-09-14 23:52 12,277 a------- c:\windows\ajakigat.dll
2009-09-14 21:50 11,588 a------- c:\windows\ixiyetasoyu.dll
2009-09-14 19:48 11,386 a------- c:\windows\enebebaguwimu.dll
2009-09-14 17:46 11,392 a------- c:\windows\amifepohebafi.dll
2009-09-14 15:44 11,448 a------- c:\windows\ucezitoha.dll
2009-09-14 13:42 11,706 a------- c:\windows\abahakucadic.dll
2009-09-14 11:40 11,644 a------- c:\windows\ukicagayusaqitih.dll
2009-09-14 09:38 11,588 a------- c:\windows\ucoyenev.dll
2009-09-14 07:36 13,751 a------- c:\windows\obiwiyel.dll
2009-09-14 05:34 11,330 a------- c:\windows\ucikiwikisoxe.dll
2009-09-14 03:32 13,111 a------- c:\windows\usoniwulaqo.dll
2009-09-14 01:30 11,392 a------- c:\windows\agaqatuza.dll
2009-09-13 23:28 11,650 a------- c:\windows\uxucubalepi.dll
2009-09-13 21:26 11,448 a------- c:\windows\ijuxorigeg.dll
2009-09-13 19:38 11,386 a------- c:\windows\adexipab.dll
2009-09-13 17:36 11,330 a------- c:\windows\utodiqatarive.dll
2009-09-13 15:34 11,386 a------- c:\windows\eqamoyes.dll
2009-09-13 13:32 11,386 a------- c:\windows\uyazoquqisefac.dll
2009-09-13 11:29 11,448 a------- c:\windows\olumodet.dll
2009-09-13 09:27 11,448 a------- c:\windows\omiyeviw.dll
2009-09-13 08:18 12,762 a------- c:\windows\acavakadevi.dll
2009-09-13 06:20 12,791 a------- c:\windows\uvajivanoq.dll
2009-09-13 04:00 13,866 a------- c:\windows\apegupiditemekok.dll
2009-09-13 02:02 11,391 a------- c:\windows\urewixanimi.dll
2009-09-12 23:42 11,448 a------- c:\windows\eduhovoj.dll
2009-09-12 21:40 12,001 a------- c:\windows\eyogudorayeher.dll
2009-09-12 19:38 11,330 a------- c:\windows\olemopajeboy.dll
2009-09-12 17:36 11,391 a------- c:\windows\unuwevev.dll
2009-09-12 15:35 11,386 a------- c:\windows\ekesuyeg.dll
2009-09-12 15:11 <DIR> --d----- c:\windows\system32\wbem\Repository

==================== Find3M ====================

2009-09-01 11:21 11,588 a------- c:\windows\urocawaj.dll
2009-09-01 09:19 12,091 a------- c:\windows\ipopuficuzuhi.dll
2009-09-01 07:17 13,025 a------- c:\windows\ebajurij.dll
2009-09-01 05:15 11,392 a------- c:\windows\oferesox.dll
2009-09-01 03:13 11,448 a------- c:\windows\exovevukov.dll
2009-09-01 01:11 11,392 a------- c:\windows\exapejid.dll
2009-08-31 23:09 13,676 a------- c:\windows\uracusezejoher.dll
2009-08-31 21:07 12,274 a------- c:\windows\ofazowem.dll
2009-08-31 19:05 11,330 a------- c:\windows\eximifora.dll
2009-08-31 17:03 11,330 a------- c:\windows\ewolorom.dll
2009-08-31 15:01 11,386 a------- c:\windows\ovadurayapeva.dll
2009-08-31 12:59 11,392 a------- c:\windows\uwemavab.dll
2009-08-31 10:57 11,386 a------- c:\windows\upuyosamavab.dll
2009-08-31 08:55 12,329 a------- c:\windows\oyolaloc.dll
2009-08-31 06:53 14,738 a------- c:\windows\iwewogij.dll
2009-08-31 04:51 11,330 a------- c:\windows\irenufuq.dll
2009-08-31 02:49 11,386 a------- c:\windows\ifogafek.dll
2009-08-31 00:47 11,448 a------- c:\windows\ibotuwef.dll
2009-08-30 22:45 11,392 a------- c:\windows\awayofik.dll
2009-08-30 20:43 11,335 a------- c:\windows\iqejinur.dll
2009-08-30 18:41 11,330 a------- c:\windows\ugiholur.dll
2009-08-30 16:39 11,330 a------- c:\windows\oxenozum.dll
2009-08-30 14:37 11,391 a------- c:\windows\ejotilarej.dll
2009-08-30 12:35 11,330 a------- c:\windows\usoxivaz.dll
2009-08-30 10:33 11,588 a------- c:\windows\alotakob.dll
2009-08-28 19:27 11,448 a------- c:\windows\acaderotegixiv.dll
2009-08-28 17:25 11,386 a------- c:\windows\avukejubetovapuz.dll
2009-08-28 15:23 11,386 a------- c:\windows\iqafovah.dll
2009-08-28 13:21 11,588 a------- c:\windows\oviloqetuguzele.dll
2009-08-28 11:19 11,386 a------- c:\windows\ejerivehamiro.dll
2009-08-28 09:17 11,588 a------- c:\windows\ogakupujaxakuqe.dll
2009-08-28 07:15 11,392 a------- c:\windows\aqugojudoyatupek.dll
2009-08-28 05:13 11,448 a------- c:\windows\ixitikapawogep.dll
2009-08-28 03:11 11,448 a------- c:\windows\aborerew.dll
2009-08-28 01:09 12,168 a------- c:\windows\avezaxifivufep.dll
2009-08-27 23:07 11,330 a------- c:\windows\ewihedil.dll
2009-08-27 21:05 11,330 a------- c:\windows\avanepoza.dll
2009-08-27 19:03 11,330 a------- c:\windows\itedowubucu.dll
2009-07-26 12:58 182,656 a------- c:\windows\system32\dllcache\ndis.sys
2009-07-19 09:33 3,597,824 a------- c:\windows\system32\dllcache\mshtml.dll
2009-07-19 09:32 6,067,200 -------- c:\windows\system32\dllcache\ieframe.dll
2009-07-17 15:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-17 15:01 58,880 a------- c:\windows\system32\atl(3)(3).dll
2009-07-17 15:01 58,880 -------- c:\windows\system32\dllcache\atl.dll
2009-07-13 23:43 10,841,088 a------- c:\windows\system32\dllcache\wmp.dll
2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll
2009-07-13 23:43 286,208 -------- c:\windows\system32\dllcache\wmpdxm.dll
2009-07-10 09:27 1,315,328 -------- c:\windows\system32\dllcache\msoe.dll
2007-03-29 09:13 87,608 a------- c:\docume~1\spider~1\applic~1\ezpinst.exe
2007-03-29 09:13 47,360 a------- c:\docume~1\spider~1\applic~1\pcouffin.sys
2006-11-25 03:57 482 a------- c:\program files\Del.js
2005-08-21 12:42 905 ac------ c:\program files\uninstal.log
2004-07-09 19:24 784 a------- c:\docume~1\spider~1\applic~1\mpauth.dat
2006-01-11 02:41 56 ---shr-- c:\windows\system32\6BBF71BA10.sys
2006-09-23 20:47 10,856 a--sh--- c:\windows\system32\KGyGaAvL.sys
2009-02-09 23:52 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009020920090210\index.dat

============= FINISH: 20:44:57.71 ===============
 
okay, i can unzip files, but im not sure how to go about zipping and attaching. it says in the text file:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

im not sure where to go from here.



GMER came up with this as an option before any scan was possible:

WARNING !!!
GMER has found system modification, which might have been caused by ROOTKIT activity. Dou you want to fully scan your system ?

GMER showed up as jpi5ewj4.exe upon saving and as running through task manager. not sure where to go from there either.

i do appreciate your help very much and patience is definately a virtue of mine at the moment. i just want to ge this thing running like normal again :sad:
 
Hi,

It's ok to paste attach.txt contents into your post without zipping :)

In GMER case let it finish its scan and then:
-When scanning is ready, click Copy button (in GMER). This copies log to clipboard.
-Post log in your reply.
 
alright, heres what attach.txt came up with. going to scan with GMER and post results momentarily




UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-09-29.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 7/9/2004 6:12:37 PM
System Uptime: 9/29/2009 6:39:44 AM (86 hours ago)

Motherboard: Dell Computer Corp. | | 0C2425
Processor: Intel(R) Celeron(R) CPU 2.50GHz | Microprocessor | 2491/400mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 71 GiB total, 4.52 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E96E-E325-11CE-BFC1-08002BE10318}
Description: Plug and Play Monitor
Device ID: DISPLAY\DELD002\4&328453E3&0&80861100&00&02
Manufacturer: (Standard monitor types)
Name: Plug and Play Monitor
PNP Device ID: DISPLAY\DELD002\4&328453E3&0&80861100&00&02
Service:

Class GUID: {4D36E96D-E325-11CE-BFC1-08002BE10318}
Description: Intel(R) 537EP V9x DFV PCI Modem
Device ID: PCI\VEN_8086&DEV_1080&SUBSYS_10001028&REV_04\4&3B1CAF2B&0&30F0
Manufacturer: Intel Corporation
Name: Intel(R) 537EP V9x DFV PCI Modem
PNP Device ID: PCI\VEN_8086&DEV_1080&SUBSYS_10001028&REV_04\4&3B1CAF2B&0&30F0
Service: Modem

Class GUID: {4D36E980-E325-11CE-BFC1-08002BE10318}
Description: Floppy disk drive
Device ID: FDC\GENERIC_FLOPPY_DRIVE\5&C4AE404&0&0
Manufacturer: (Standard floppy disk drives)
Name: Floppy disk drive
PNP Device ID: FDC\GENERIC_FLOPPY_DRIVE\5&C4AE404&0&0
Service: flpydisk

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: ATI WDM TV Tuner (Microsoft)
Device ID: ROOT\LEGACY_ATITUNEP\0000
Manufacturer:
Name: ATI WDM TV Tuner (Microsoft)
PNP Device ID: ROOT\LEGACY_ATITUNEP\0000
Service: ATITUNEP

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: ATI WDM TV Audio Crossbar (Microsoft)
Device ID: ROOT\LEGACY_ATIXSAUDIO\0000
Manufacturer:
Name: ATI WDM TV Audio Crossbar (Microsoft)
PNP Device ID: ROOT\LEGACY_ATIXSAUDIO\0000
Service: ATIXSAudio

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: ATI WDM Specialized MVD Codec (Microsoft)
Device ID: ROOT\LEGACY_MVDCODEC\0000
Manufacturer:
Name: ATI WDM Specialized MVD Codec (Microsoft)
PNP Device ID: ROOT\LEGACY_MVDCODEC\0000
Service: MVDCODEC

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: ATI WDM Specialized PCD Codec (Microsoft)
Device ID: ROOT\LEGACY_PCDCODEC\0000
Manufacturer:
Name: ATI WDM Specialized PCD Codec (Microsoft)
PNP Device ID: ROOT\LEGACY_PCDCODEC\0000
Service: PCDCODEC

==== System Restore Points ===================

RP536: 9/11/2009 6:08:04 PM - Restore Operation
RP537: 9/12/2009 3:07:10 PM - Restore Operation
RP538: 9/13/2009 3:49:33 PM - System Checkpoint
RP539: 9/14/2009 4:58:05 PM - System Checkpoint
RP540: 9/15/2009 5:29:48 PM - System Checkpoint
RP541: 9/16/2009 6:30:49 PM - System Checkpoint
RP542: 9/17/2009 7:03:11 PM - System Checkpoint
RP543: 9/18/2009 7:29:50 PM - System Checkpoint
RP544: 9/19/2009 8:57:54 PM - System Checkpoint
RP545: 9/20/2009 9:29:33 PM - System Checkpoint
RP546: 9/21/2009 9:36:49 PM - System Checkpoint
RP547: 9/22/2009 11:56:59 PM - System Checkpoint
RP548: 9/24/2009 12:34:10 AM - System Checkpoint
RP549: 9/25/2009 1:02:38 AM - System Checkpoint
RP550: 9/26/2009 2:02:31 AM - System Checkpoint
RP551: 9/27/2009 3:02:46 AM - System Checkpoint
RP552: 9/28/2009 4:02:32 AM - System Checkpoint
RP553: 9/29/2009 7:45:36 AM - System Checkpoint
RP554: 9/30/2009 8:44:28 AM - System Checkpoint
RP555: 10/1/2009 9:44:27 AM - System Checkpoint
RP556: 10/2/2009 10:44:17 AM - System Checkpoint

==== Installed Programs ======================


µTorrent
ABBYY FineReader 6.0 Sprint
AC3Filter (remove only)
Adobe Acrobat 5.0
Adobe Flash Player 10 ActiveX
Adobe Reader 7.0
AOL Instant Messenger
AutoUpdate
Banctec Service Agreement
Battlefield 2(TM)
Bejeweled 2 Deluxe 1.0
Big Fish Games Client
Bookworm Deluxe 1.03
Broadcom Management Programs
Business Card Generator Fonts
Business Card Shop
Chutes and Ladders
Critical Update for Windows Media Player 11 (KB959772)
dBpoweramp DSP Effects
Deer Avenger
Dell Driver Reset Tool
Dell Networking Guide
Dell Solution Center
DivX Codec
DVDSentry
Dyno2000 Version 3.10
ffdshow [rev 1324] [2007-07-01]
Google Video Player
GTAIII
HarryThompson.com - Webjal Patcher
Help and Support Customization
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 2.0.2
Hot Rod Garage to Glory
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
ieSpell
Intel(R) 537EP V9x DFV PCI Modem
Intel(R) Extreme Graphics Driver
Internet Explorer Default Page
IrfanView (remove only)
Java 2 Runtime Environment, SE v1.4.2
Kaspersky Online Scanner
Learn2 Player (Uninstall Only)
Lexmark 1200 Series
Lexmark 640 Series
Lexmark Fax Solutions
Macromedia Flash Player
Macromedia Shockwave Player
MathPlayer
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Age of Empires Gold
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office PowerPoint Viewer 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
MicroStaff WINASPI
Mobsters Superbot
Modem Event Monitor
MS Access 97 SP2
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
MyJAL MediaPAL
Mystery Case Files: Madame Fate ™
Need For Speed Hot Pursuit 2
Network Play System (Patching)
NVIDIA Drivers
ObjectDock
PeerGuardian 2.0
PowerDVD
QuickTime
R/C Pilot Simulator
RealFlight G3 R/C Simulator
RealFlight Simulator
RealPlayer
Saitek Configuration Software
Saitek NT Controller Drivers
Samsung CamCorder Driver
Samsung Video Codec 1.1 Uninstall
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Shockwave
Sonic DLA
Sonic RecordNow!
Sonic Update Manager
Spybot - Search & Destroy
Spybot - Search & Destroy 1.5.2.20
SpywareBlaster v3.5.1
TVersity Codec Pack 1.1
TVersity Media Server 0.9.11.4 beta
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB968389)
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Visual FoxPro ODBC Driver
WavePad Uninstall
WebFldrs XP
Webjal install by HarryThompson.com
Windows Desktop Search
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
ZoneAlarm Spy Blocker

==== Event Viewer Messages From Past Week ========

9/29/2009 6:59:20 AM, error: Service Control Manager [7034] - The TVersityMediaServer service terminated unexpectedly. It has done this 1 time(s).
9/29/2009 6:40:53 AM, error: Service Control Manager [7000] - The Background Intelligent Transfer Service service failed to start due to the following error: The system cannot find the file specified.
9/27/2009 9:15:15 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 30 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
9/27/2009 9:00:15 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
9/26/2009 8:21:16 PM, error: Dhcp [1002] - The IP address lease 192.168.1.100 for the Network Card with network address 000D56EFBA03 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
9/25/2009 7:27:07 AM, error: Service Control Manager [7000] - The Automatic Updates service failed to start due to the following error: The system cannot find the file specified.
9/25/2009 7:27:07 AM, error: DCOM [10005] - DCOM got error "%2" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

==== End Of File ===========================
 
wow, that took a lot longer than i thought. heres the results...


GMER 1.0.15.15087 - http://www.gmer.net
Rootkit scan 2009-10-03 12:54:54
Windows 5.1.2600 Service Pack 3
Running: jpi5ewj4.exe; Driver: C:\DOCUME~1\SPIDER~1\LOCALS~1\Temp\fgldqpow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\drivers\3e3b0e9.sys ZwCreateEvent [0xBAD2F595]
SSDT \SystemRoot\System32\drivers\3e3b0e9.sys ZwCreateKey [0xBAD2D585]
SSDT sptd.sys ZwEnumerateKey [0xF8772FB2]
SSDT sptd.sys ZwEnumerateValueKey [0xF8773340]
SSDT \SystemRoot\System32\drivers\3e3b0e9.sys ZwOpenKey [0xBAD2D645]
SSDT sptd.sys ZwQueryKey [0xF8773418]
SSDT sptd.sys ZwQueryValueKey [0xF8773298]

Code 8334C500 pIofCallDriver

---- Kernel code sections - GMER 1.0.15 ----

? C:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.
.text USBPORT.SYS!DllUnload F7E228AC 5 Bytes JMP 831C41C8
? System32\Drivers\aef8tb7n.SYS The system cannot find the path specified. !
? C:\WINDOWS\System32\drivers\3e3b0e9.sys The system cannot find the file specified.

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[2860] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 04131088 C:\WINDOWS\system32\dsound3dd.dll
? C:\WINDOWS\System32\svchost.exe[4024] image checksum mismatch; number of sections mismatch; time/date stamp mismatch;
? C:\WINDOWS\System32\svchost.exe[4032] image checksum mismatch; number of sections mismatch; time/date stamp mismatch;

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!IoConnectInterrupt] [F878406C] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F8784018] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F87A69AE] sptd.sys
IAT atapi.sys[ntoskrnl.exe!IoConnectInterrupt] [F878406C] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F876DAD4] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F876DC1A] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F876DB9C] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F876E748] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F876E61E] sptd.sys
IAT \SystemRoot\System32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F878329A] sptd.sys

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] CB8401C7
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] 9BE90043
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetEntriesInAclW] 560001D4
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] 06C7F18B
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] [0043CB84] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] 01D48DE8
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!GetTokenInformation] 2444F600
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenProcessToken] 07740108
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenThreadToken] D55CE856
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetServiceStatus] 8B590001
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] 04C25EC6
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegCloseKey] 8B55C300
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] 1475FFEC
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] FF1075FF
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] 10C48308
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrlenW] 8B55C35D
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalFree] 1475FFEC
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcess] FF1075FF
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThread] 75FF0C75
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] DA58E808
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 458B0001
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LCMapStringW] 2300E800
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!FreeLibrary] F18B0002
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcpyW] E8F07589
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] 0001D35B
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpiW] 00FC6583
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExitProcess] 8D0875FF
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCommandLineW] 06C70C4E
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] [0043CB90] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcessHeap] 001C95E8
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetErrorMode] E8C68B00
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] 000223B2
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!RegisterWaitForSingleObject] 560004C2
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] 006AF18B
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] 4E8D016A
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!QueryPerformanceCounter] 9006C70C
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetTickCount] E80043CB
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThreadId] 000021DF
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcessId] E95ECE8B
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetSystemTimeAsFileTime] 0001D3EE
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!TerminateProcess] E8F18B56
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!UnhandledExceptionFilter] FFFFFFDB
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalAlloc] 082444F6
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpW] 56077401
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] 01D4B5E8
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtQuerySecurityObject] 0004C25E
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlFreeHeap] CB9C01C7
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtOpenKey] BCE90043
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscat] 56FFFFFF
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscpy] 06C7F18B
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlAllocateHeap] [0043CB9C] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] FFFFAEE8
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitUnicodeString] 2444F6FF
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitializeSid] 07740108
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] D488E856
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] 8B590001
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtClose] 04C25EC6
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] B8046A00
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] [00436E6D] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] 022265E8
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetAce] 89F18B00
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlImageNtHeader] 7D8BF075
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcslen] 33E85708
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] 830001D3
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCopySid] 8300FC65
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] 06C70C4E
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] [0043CB90] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] 001BF5E8
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] E8C68B00
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerListen] 00022312
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] 830004C2
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] 60830020
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] 0A8B0004
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] 04728B56
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] CB8401C7
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] 9BE90043
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetEntriesInAclW] 560001D4
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] 06C7F18B
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] [0043CB84] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] 01D48DE8
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!GetTokenInformation] 2444F600
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenProcessToken] 07740108
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenThreadToken] D55CE856
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetServiceStatus] 8B590001
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] 04C25EC6
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegCloseKey] 8B55C300
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] 1475FFEC
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] FF1075FF
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] 10C48308
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrlenW] 8B55C35D
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalFree] 1475FFEC
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcess] FF1075FF
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThread] 75FF0C75
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] DA58E808
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 458B0001
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LCMapStringW] 2300E800
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!FreeLibrary] F18B0002
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcpyW] E8F07589
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] 0001D35B
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpiW] 00FC6583
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExitProcess] 8D0875FF
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCommandLineW] 06C70C4E
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] [0043CB90] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcessHeap] 001C95E8
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetErrorMode] E8C68B00
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] 000223B2
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!RegisterWaitForSingleObject] 560004C2
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] 006AF18B
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] 4E8D016A
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!QueryPerformanceCounter] 9006C70C
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetTickCount] E80043CB
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThreadId] 000021DF
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcessId] E95ECE8B
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetSystemTimeAsFileTime] 0001D3EE
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!TerminateProcess] E8F18B56
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!UnhandledExceptionFilter] FFFFFFDB
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalAlloc] 082444F6
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpW] 56077401
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] 01D4B5E8
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtQuerySecurityObject] 0004C25E
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlFreeHeap] CB9C01C7
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtOpenKey] BCE90043
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscat] 56FFFFFF
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscpy] 06C7F18B
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlAllocateHeap] [0043CB9C] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] FFFFAEE8
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitUnicodeString] 2444F6FF
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitializeSid] 07740108
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] D488E856
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] 8B590001
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtClose] 04C25EC6
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] B8046A00
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] [00436E6D] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] 022265E8
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetAce] 89F18B00
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlImageNtHeader] 7D8BF075
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcslen] 33E85708
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] 830001D3
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCopySid] 8300FC65
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] 06C70C4E
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] [0043CB90] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] 001BF5E8
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] E8C68B00
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerListen] 00022312
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] 830004C2
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] 60830020
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] 0A8B0004
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] 04728B56


...text is too long, continued in next post...
 
---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 3e3b0e9.sys
Device \FileSystem\Ntfs \Ntfs 8336A1E8
Device \Driver\NDIS \Device\Ndis [83273984] NDIS.sys[.reloc]
Device \Driver\Tcpip \Device\Ip 3e3b0e9.sys
Device \Driver\usbuhci \Device\USBPDO-0 8310F1E8
Device \Driver\PCI_NTPNP1052 \Device\00000044 sptd.sys
Device \Driver\usbuhci \Device\USBPDO-1 8310F1E8
Device \Driver\usbuhci \Device\USBPDO-2 8310F1E8
Device \Driver\usbehci \Device\USBPDO-3 831B51E8
Device \Driver\Tcpip \Device\Tcp 3e3b0e9.sys
Device \Driver\Ftdisk \Device\HarddiskVolume1 833D81E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 833D81E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{DC6DEC2A-4BED-4762-8851-E561345257A5} 82EEA1E8
Device \Driver\Cdrom \Device\CdRom0 830C11E8
Device \Driver\Cdrom \Device\CdRom1 830C11E8
Device \Driver\Cdrom \Device\CdRom2 830C11E8
Device \Driver\NetBT \Device\NetBt_Wins_Export 82EEA1E8
Device \Driver\NetBT \Device\NetbiosSmb 82EEA1E8
Device \Driver\Tcpip \Device\Udp 3e3b0e9.sys
Device \Driver\Tcpip \Device\RawIp 3e3b0e9.sys
Device \Driver\usbuhci \Device\USBFDO-0 8310F1E8
Device \Driver\usbuhci \Device\USBFDO-1 8310F1E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 831E9790
Device \Driver\Tcpip \Device\IPMULTICAST 3e3b0e9.sys
Device \Driver\usbuhci \Device\USBFDO-2 8310F1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 831E9790
Device \Driver\usbehci \Device\USBFDO-3 831B51E8
Device \Driver\Ftdisk \Device\FtControl 833D81E8
Device \Driver\aef8tb7n \Device\Scsi\aef8tb7n1 83051540
Device \Driver\aef8tb7n \Device\Scsi\aef8tb7n1Port2Path0Target0Lun0 83051540
Device \FileSystem\Fastfat \Fat 82CD5368
Device \FileSystem\Fastfat \Fat B5F75297
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Cdfs \Cdfs 831931E8
Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\System32\drivers\3e3b0e9.sys (*** hidden *** ) [SYSTEM] 3e3b0e9 <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\3e3b0e9@ImagePath \SystemRoot\System32\drivers\3e3b0e9.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\3e3b0e9@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\3e3b0e9@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\3e3b0e9@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\3e3b0e9@kadfmmqr 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\3e3b0e9@F96ZK6nPB YmF0dXJhbWViZWwuY29t
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 515188436
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 -8797297
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x3C 0xE9 0xF5 0x3B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xE6 0x01 0x5F 0x93 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x7A 0x9F 0x6C 0x5F ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x3C 0xE9 0xF5 0x3B ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xE6 0x01 0x5F 0x93 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x7A 0x9F 0x6C 0x5F ...
Reg HKLM\SYSTEM\ControlSet004\Services\3e3b0e9@ImagePath \SystemRoot\System32\drivers\3e3b0e9.sys
Reg HKLM\SYSTEM\ControlSet004\Services\3e3b0e9@Type 1
Reg HKLM\SYSTEM\ControlSet004\Services\3e3b0e9@Start 1
Reg HKLM\SYSTEM\ControlSet004\Services\3e3b0e9@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet004\Services\3e3b0e9@kadfmmqr 1
Reg HKLM\SYSTEM\ControlSet004\Services\3e3b0e9@F96ZK6nPB YmF0dXJhbWViZWwuY29t
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x3C 0xE9 0xF5 0x3B ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xE6 0x01 0x5F 0x93 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x7A 0x9F 0x6C 0x5F ...

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\Spiderman\Local Settings\Temporary Internet Files\Content.IE5\1DPZU1I1\errorPageStrings[1] 850 bytes
File C:\Documents and Settings\Spiderman\My Documents\bobos stuff\INSANE CLOWN POSSE-47 ALBUMS\Insane Clown Posse - The Wraith (Remix Albums) [2006] - Rap [www.torrentazos.com]\Insane Clown Posse - The Wraith (Remix Albums) [2006] - Rap [www.torrentazos.com]\CD1\108-IN~1.MP3 6286753 bytes
File C:\I386\ndis.sys (size mismatch) 168192/182656 bytes executable
File C:\WINDOWS\$NtServicePackUninstall$\ndis.sys (size mismatch) 182912/182656 bytes executable
File C:\WINDOWS\SYSTEM32\DLLCACHE\ndis.sys (size mismatch) 212224/182656 bytes executable
File C:\WINDOWS\SYSTEM32\DRIVERS\ndis.sys (size mismatch) 212224/182656 bytes executable

---- EOF - GMER 1.0.15 ----
 
IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

µTorrent


I'd like you to read this thread.

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).


After that:

Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

  1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
    Remember to re-enable them afterwards.

  2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds.txt log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
 
i know, utorrent can be a nasty program :red: i have deleted that program several times as it may have caused problems in the past. needless to say i havent used that program in a couple of years. i have removed the program again.

combofix has been run and heres its report. a new dds will be posted shortly.


ComboFix 09-10-03.01 - Spiderman 10/04/2009 9:27.2.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.159 [GMT -4:00]
Running from: c:\documents and settings\Spiderman\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Spiderman\Application Data\wiaserva.log
c:\documents and settings\Spiderman\Start Menu\Programs\Startup\ikowin32.exe
c:\program files\Common\_helper.dll
c:\program files\Common\helper.dll
c:\program files\Common\helper.sig
c:\program files\Shared\lib.dll
c:\program files\Shared\lib.sig
c:\temp\abW9
c:\temp\abW9\tPho.log
c:\windows\abahakucadic.dll
c:\windows\aborerew.dll
c:\windows\abozemiz.dll
c:\windows\acaderotegixiv.dll
c:\windows\acavakadevi.dll
c:\windows\acerimuquj.dll
c:\windows\adafegizutaz.dll
c:\windows\adexipab.dll
c:\windows\adowegumesawe.dll
c:\windows\aduyamuk.dll
c:\windows\agaqatuza.dll
c:\windows\ajakigat.dll
c:\windows\ajayelovawubixax.dll
c:\windows\ajibatidedug.dll
c:\windows\ajocetuw.dll
c:\windows\alewanulamolimar.dll
c:\windows\alotakob.dll
c:\windows\amezawuf.dll
c:\windows\amifepohebafi.dll
c:\windows\amikulej.dll
c:\windows\amukupugebudax.dll
c:\windows\anelizodowurafox.dll
c:\windows\anurituci.dll
c:\windows\apegupiditemekok.dll
c:\windows\aqugojudoyatupek.dll
c:\windows\arihexop.dll
c:\windows\arubawutilesol.dll
c:\windows\asicolal.dll
c:\windows\atezosowuwu.dll
c:\windows\atomanap.dll
c:\windows\avanepoza.dll
c:\windows\avezaxifivufep.dll
c:\windows\avukejubetovapuz.dll
c:\windows\awaworucato.dll
c:\windows\awayofik.dll
c:\windows\aweqasoqege.dll
c:\windows\awequmofut.dll
c:\windows\awiritadumo.dll
c:\windows\axinirumecahalev.dll
c:\windows\ayimapiq.dll
c:\windows\download
c:\windows\ebajurij.dll
c:\windows\ebimizih.dll
c:\windows\ebocoroj.dll
c:\windows\ecefotoc.dll
c:\windows\edilaref.dll
c:\windows\edojolij.dll
c:\windows\eduhovoj.dll
c:\windows\efemirux.dll
c:\windows\egayiyoh.dll
c:\windows\eheriwesozo.dll
c:\windows\ehigozux.dll
c:\windows\ejerivehamiro.dll
c:\windows\ejeruzifuloru.dll
c:\windows\ejidiwoxewofes.dll
c:\windows\ejodafaw.dll
c:\windows\ejotilarej.dll
c:\windows\ekesuyeg.dll
c:\windows\ekoboneravasam.dll
c:\windows\eleharuculihi.dll
c:\windows\eleqafarip.dll
c:\windows\elujewuj.dll
c:\windows\enebebaguwimu.dll
c:\windows\enuxusum.dll
c:\windows\epulifipuluk.dll
c:\windows\eqamoyes.dll
c:\windows\eqavafidelujolij.dll
c:\windows\evayasomizih.dll
c:\windows\ewedigojeruqa.dll
c:\windows\ewihedil.dll
c:\windows\ewizotuqo.dll
c:\windows\ewolorom.dll
c:\windows\ewovuzitoha.dll
c:\windows\exapejid.dll
c:\windows\exelowunikazubi.dll
c:\windows\eximifora.dll
c:\windows\exovevukov.dll
c:\windows\eyogudorayeher.dll
c:\windows\eyudobuvo.dll
c:\windows\gcdx.dll
c:\windows\ibimapiqiyonox.dll
c:\windows\ibotuwef.dll
c:\windows\ibuwunoz.dll
c:\windows\icopevubeqo.dll
c:\windows\idogezorijegozu.dll
c:\windows\idujizuqu.dll
c:\windows\ifereweha.dll
c:\windows\ifidevac.dll
c:\windows\ifiyuruwokuqisal.dll
c:\windows\ifocoxicakihev.dll
c:\windows\ifogafek.dll
c:\windows\ijuxorigeg.dll
c:\windows\ikenalepetiyo.dll
c:\windows\imawiloji.dll
c:\windows\imujoxuc.dll
c:\windows\imunesey.dll
c:\windows\Installer\11195550.msp
c:\windows\Installer\3970c5.msp
c:\windows\Installer\73330d.msp
c:\windows\Installer\9dbd7d7.msp
c:\windows\Installer\f876ad4.msi
c:\windows\Installer\f876adc.msi
c:\windows\Installer\f876ae4.msi
c:\windows\Installer\f876af1.msi
c:\windows\Installer\f876af9.msi
c:\windows\Installer\f876b01.msi
c:\windows\inutezezuquj.dll
c:\windows\ipopuficuzuhi.dll
c:\windows\iqafovah.dll
c:\windows\iqejinur.dll
c:\windows\iqokilomi.dll
c:\windows\irakarat.dll
c:\windows\irenufuq.dll
c:\windows\isitibuxer.dll
c:\windows\itecigitulob.dll
c:\windows\itedowubucu.dll
c:\windows\iwewogij.dll
c:\windows\iwisefubemob.dll
c:\windows\ixikerevafidel.dll
c:\windows\ixitikapawogep.dll
c:\windows\ixiyetasoyu.dll
c:\windows\ixuqeduk.dll
c:\windows\iyatahixowetohe.dll
c:\windows\msstd.dll
c:\windows\msto.dll
c:\windows\obawulevefi.dll
c:\windows\obe.dll
c:\windows\obiwiyel.dll
c:\windows\odajezoweqoh.dll
c:\windows\odehusucam.dll
c:\windows\ofazowem.dll
c:\windows\ofeholuh.dll
c:\windows\oferesox.dll
c:\windows\ofofafawi.dll
c:\windows\ofoqusiwoj.dll
c:\windows\ofuvozeraz.dll
c:\windows\ogakupujaxakuqe.dll
c:\windows\ogipucovotuket.dll
c:\windows\oheqazejo.dll
c:\windows\ojipevubeqovuzi.dll
c:\windows\ojuqafar.dll
c:\windows\okecuvuhoxuquxoj.dll
c:\windows\okehazuyosegefim.dll
c:\windows\okucuzuhifuci.dll
c:\windows\olemopajeboy.dll
c:\windows\olenelanavecazu.dll
c:\windows\oliyonidopumam.dll
c:\windows\olumodet.dll
c:\windows\omelolac.dll
c:\windows\omiyeviw.dll
c:\windows\onehebaf.dll
c:\windows\opohugil.dll
c:\windows\opunevif.dll
c:\windows\oqegovagifobaw.dll
c:\windows\oraluwen.dll
c:\windows\orehifuc.dll
c:\windows\orejulowu.dll
c:\windows\osutiles.dll
c:\windows\oteqesuhelehizu.dll
c:\windows\ovadurayapeva.dll
c:\windows\oviloqetuguzele.dll
c:\windows\owebalikoqatu.dll
c:\windows\oxenozum.dll
c:\windows\oxumopuduy.dll
c:\windows\oyolaloc.dll
c:\windows\system32\aston.mt
c:\windows\system32\comrepl.exe
c:\windows\system32\drivers\3e3b0e9.sys
c:\windows\system32\mcrh.tmp
c:\windows\ubejefiq.dll
c:\windows\ubelerih.dll
c:\windows\ucagosixaxeteted.dll
c:\windows\ucelesolas.dll
c:\windows\ucezitoha.dll
c:\windows\ucijumuqobo.dll
c:\windows\ucikiwikisoxe.dll
c:\windows\ucoyenev.dll
c:\windows\udexusumo.dll
c:\windows\udociluvunebur.dll
c:\windows\ufihilofej.dll
c:\windows\ufirubohojafabi.dll
c:\windows\ufiyosegef.dll
c:\windows\ugifiwuz.dll
c:\windows\ugiholur.dll
c:\windows\uhikorilowadil.dll
c:\windows\uhinufeworitulus.dll
c:\windows\uhodesuvaruk.dll
c:\windows\uhoyiger.dll
c:\windows\ukayewecig.dll
c:\windows\ukicagayusaqitih.dll
c:\windows\ukifefeqacolal.dll
c:\windows\ukonirumecah.dll
c:\windows\ukoyuzubizeb.dll
c:\windows\unuhovehula.dll
c:\windows\unuwevev.dll
c:\windows\upotepin.dll
c:\windows\upuyosamavab.dll
c:\windows\uracusezejoher.dll
c:\windows\urewixanimi.dll
c:\windows\uribiyov.dll
c:\windows\urocawaj.dll
c:\windows\urucozis.dll
c:\windows\urufixej.dll
c:\windows\usoniwulaqo.dll
c:\windows\usotolix.dll
c:\windows\usoxivaz.dll
c:\windows\utodiqatarive.dll
c:\windows\utogofor.dll
c:\windows\uvajivanoq.dll
c:\windows\uvamibah.dll
c:\windows\uvikuwafonut.dll
c:\windows\uwapalir.dll
c:\windows\uwemavab.dll
c:\windows\uwodewiy.dll
c:\windows\uxatigokidonot.dll
c:\windows\uxeturet.dll
c:\windows\uxosuloromazizu.dll
c:\windows\uxucubalepi.dll
c:\windows\uyazoquqisefac.dll
c:\windows\uyezizaz.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_3e3b0e9


((((((((((((((((((((((((( Files Created from 2009-09-04 to 2009-10-04 )))))))))))))))))))))))))))))))
.

2009-10-04 14:11 . 2009-10-04 14:11 11554 ----a-w- c:\windows\egoxowalif.dll
2009-09-12 19:11 . 2009-09-12 19:11 -------- d-----w- c:\windows\system32\wbem\Repository
2009-09-04 17:15 . 2009-09-12 19:11 -------- d-----w- c:\documents and settings\Bobo\Local Settings\Application Data\{7774A5C0-4F5A-4A25-A039-29FB6B2E855C}

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-04 13:44 . 2009-06-23 12:15 -------- d-----w- c:\program files\Shared
2009-10-04 13:44 . 2009-03-31 21:56 -------- d-----w- c:\program files\Common
2009-10-04 13:21 . 2002-08-29 10:00 182656 ----a-w- c:\windows\system32\drivers\ndis.sys
2009-10-04 12:15 . 2009-08-28 01:45 120 ----a-w- c:\windows\Ulujoqafarip.dat
2009-09-30 00:02 . 2005-12-30 00:37 -------- d-----w- c:\program files\Common Files\KnifeEdge
2009-09-14 21:38 . 2005-07-13 03:08 -------- d-----w- c:\program files\Program Files
2009-09-12 19:10 . 2009-03-15 00:26 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-03 03:58 . 2004-07-09 22:13 118440 ----a-w- c:\documents and settings\Spiderman\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-25 21:35 . 2009-08-25 16:29 -------- d-----w- c:\documents and settings\All Users\Application Data\10983904
2009-08-06 21:57 . 2009-08-06 21:57 -------- d-----w- c:\program files\MSBuild
2009-08-06 21:56 . 2009-08-06 21:56 -------- d-----w- c:\program files\Reference Assemblies
2009-07-17 19:01 . 2002-08-29 10:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-17 19:01 . 2002-08-29 10:00 58880 ----a-w- c:\windows\system32\atl(3)(3).dll
2009-07-14 03:43 . 2004-08-11 05:45 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2006-11-25 07:57 . 2006-11-25 07:57 482 ----a-w- c:\program files\Del.js
2005-08-21 16:42 . 2005-06-27 23:17 905 -c--a-w- c:\program files\uninstal.log
2006-01-11 06:41 . 2004-08-29 00:07 56 --sh--r- c:\windows\SYSTEM32\6BBF71BA10.sys
2006-09-24 00:47 . 2004-08-29 00:07 10856 --sha-w- c:\windows\SYSTEM32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-05-12 6729728]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2007-02-08 295856]
"NvMediaCenter"="NvMCTray.dll" - c:\windows\SYSTEM32\nvmctray.dll [2005-05-12 86016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\SYSTEM32\narrator.exe [2008-04-14 53760]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2006-03-13 233472]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli carcpc.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk.disabled]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk.disabled
backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.disabledCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Exif Launcher.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Exif Launcher.lnk
backup=c:\windows\pss\Exif Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PowerReg Scheduler.exe]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\PowerReg Scheduler.exe
backup=c:\windows\pss\PowerReg Scheduler.exeCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Spiderman^Start Menu^Programs^Startup^clippy.exe]
path=c:\documents and settings\Spiderman\Start Menu\Programs\Startup\clippy.exe
backup=c:\windows\pss\clippy.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Spiderman^Start Menu^Programs^Startup^Magnifier.lnk]
path=c:\documents and settings\Spiderman\Start Menu\Programs\Startup\Magnifier.lnk
backup=c:\windows\pss\Magnifier.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Spiderman^Start Menu^Programs^Startup^Stardock ObjectDock.lnk]
path=c:\documents and settings\Spiderman\Start Menu\Programs\Startup\Stardock ObjectDock.lnk
backup=c:\windows\pss\Stardock ObjectDock.lnkStartup

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Insider"=c:\program files\Insider\Insider.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"runner1"=c:\windows\mrofinu572.exe 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139
"QuickTime Task"="c:\program files\QuickTime\bak\qttask.exe" -atboottime
"nwiz"=nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\SYSTEM32\\lxczcoms.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Summitsoft\\Business Card Shop\\FRegister.exe"=
"c:\\Program Files\\Summitsoft\\Business Card Shop\\BCGUpdate.exe"=
"c:\\Program Files\\Summitsoft\\Business Card Shop\\Summitsoft Products.exe"=
"c:\\Program Files\\Summitsoft\\Business Card Shop\\BCGFonts.exe"=
"c:\\Program Files\\Summitsoft\\Business Card Shop\\Splash_LDS.exe"=
"c:\\Program Files\\Summitsoft\\Business Card Shop\\Splash Series 1_Oct132008.exe"=

S3 brfilt;Brother MFC Filter Driver;c:\windows\SYSTEM32\DRIVERS\BrFilt.sys [8/13/2006 9:48 AM 2944]
S3 brparimg;Brother Multi Function Parallel Image driver;c:\windows\SYSTEM32\DRIVERS\BrParImg.sys [8/13/2006 9:48 AM 3168]
S3 BrParWdm;Brother WDM Parallel Driver;c:\windows\SYSTEM32\DRIVERS\BrParwdm.sys [8/13/2006 9:48 AM 39552]
S3 BrSerWDM;Brother Serial driver;c:\windows\SYSTEM32\DRIVERS\BrSerWdm.sys [8/13/2006 9:48 AM 60416]
S3 DMSKSSRh;DMSKSSRh;\??\c:\docume~1\SPIDER~1\LOCALS~1\Temp\DMSKSSRh.sys --> c:\docume~1\SPIDER~1\LOCALS~1\Temp\DMSKSSRh.sys [?]
S3 SaiNtSub;SaiNtSub;c:\windows\SYSTEM32\DRIVERS\SaiNtSub.sys [2/4/2005 10:28 PM 19200]
S3 samhid;samhid;c:\windows\system32\drivers\samhid.sys --> c:\windows\system32\drivers\samhid.sys [?]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.98rock.com/cc-common/babes/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: &Search
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} - hxxp://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
DPF: {D9EA64B2-B966-E177-332C-78B69886526D} - hxxp://download.newaol.com/bkpromo/download/PerformerSetup.cab
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
HKLM-Run-Ksebuhey - c:\windows\urufixej.dll
AddRemove-Viewpoint Manager - c:\program files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-04 10:10
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1665667976-894762885-3311537992-1007\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(552)
c:\windows\system32\NTMARTA.DLL

- - - - - - - > 'lsass.exe'(608)
c:\windows\carcpc.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(3540)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\carcpc.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SYSTEM32\LEXBCES.EXE
c:\windows\SYSTEM32\LEXPPS.EXE
c:\windows\SYSTEM32\lxczcoms.exe
c:\windows\SYSTEM32\nvsvc32.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\TVersity\Media Server\MediaServer.exe
c:\windows\SYSTEM32\wscntfy.exe
c:\windows\SYSTEM32\rundll32.exe
.
**************************************************************************
.
Completion time: 2009-10-04 10:17 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-04 14:17
ComboFix2.txt 2007-11-30 03:16

Pre-Run: 4,740,100,096 bytes free
Post-Run: 4,988,645,376 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
406 --- E O F --- 2009-08-27 21:59
 
heres the dds log.


DDS (Ver_09-09-29.01) - NTFSx86
Run by Spiderman at 10:30:41.29 on Sun 10/04/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.244 [GMT -4:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
svchost.exe
C:\WINDOWS\system32\lxczcoms.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\Spiderman\Desktop\dds.pif

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.98rock.com/cc-common/babes/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: dsWebAllowBHO Class: {2f85d76c-0569-466f-a488-493e6bd0e955} - c:\program files\windows desktop search\dsWebAllow.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
TB: {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
mRun: [FaxCenterServer] "c:\program files\lexmark fax solutions\fm3032.exe" /s
dRunOnce: [RunNarrator] Narrator.exe
IE: &ieSpell Options - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: &Search
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Check &Spelling - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: Lookup on Merriam Webster - file://c:\program files\iespell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\iespell\wikipedia.HTM
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\windows\system32\msjava.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - hxxp://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
DPF: {205FF73B-CA67-11D5-99DD-444553540000} - hxxp://66.154.44.68/cam/Install.cab
DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} - hxxp://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/wmv9dmo.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://by14fd.bay14.hotmail.msn.com/resources/MsnPUpld.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} - hxxp://chat.yahoo.com/cab/yacsui.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {8E28B3A9-FE83-45D1-B657-D5426B81A121} - hxxps://cs7b.instantservice.com/jars/customerxsigned42.cab
DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} - hxxp://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {D9EA64B2-B966-E177-332C-78B69886526D} - hxxp://download.newaol.com/bkpromo/download/PerformerSetup.cab
DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} - hxxp://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab
DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - hxxp://fdl.msn.com/zone/datafiles/heartbeat.cab
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll
LSA: Notification Packages = scecli carcpc.dll

============= SERVICES / DRIVERS ===============

R2 lxcz_device;lxcz_device;c:\windows\system32\lxczcoms.exe -service --> c:\windows\system32\lxczcoms.exe -service [?]
S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [2006-8-13 2944]
S3 brparimg;Brother Multi Function Parallel Image driver;c:\windows\system32\drivers\BrParImg.sys [2006-8-13 3168]
S3 BrParWdm;Brother WDM Parallel Driver;c:\windows\system32\drivers\BrParwdm.sys [2006-8-13 39552]
S3 BrSerWDM;Brother Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [2006-8-13 60416]
S3 DMSKSSRh;DMSKSSRh;\??\c:\docume~1\spider~1\locals~1\temp\dmskssrh.sys --> c:\docume~1\spider~1\locals~1\temp\DMSKSSRh.sys [?]
S3 SaiNtSub;SaiNtSub;c:\windows\system32\drivers\SaiNtSub.sys [2005-2-4 19200]
S3 samhid;samhid;c:\windows\system32\drivers\samhid.sys --> c:\windows\system32\drivers\samhid.sys [?]
UnknownUnknown 3e3b0e9;3e3b0e9; [x]

=============== Created Last 30 ================

2009-10-04 10:16 11,520 a------- c:\windows\ifocolaloc.dll
2009-10-04 10:11 11,554 a------- c:\windows\egoxowalif.dll
2009-10-04 09:23 <DIR> a-dshr-- C:\cmdcons
2009-10-04 09:20 229,888 a------- c:\windows\PEV.exe
2009-10-04 09:20 161,792 a------- c:\windows\SWREG.exe
2009-10-04 09:20 98,816 a------- c:\windows\sed.exe
2009-09-12 15:11 <DIR> --d----- c:\windows\system32\wbem\Repository

==================== Find3M ====================

2009-10-04 09:21 182,656 a------- c:\windows\system32\dllcache\ndis.sys
2009-10-04 09:21 182,656 -------- c:\windows\system32\drivers\ndis.sys
2009-07-19 09:33 3,597,824 a------- c:\windows\system32\dllcache\mshtml.dll
2009-07-19 09:32 6,067,200 -------- c:\windows\system32\dllcache\ieframe.dll
2009-07-17 15:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-17 15:01 58,880 a------- c:\windows\system32\atl(3)(3).dll
2009-07-17 15:01 58,880 -------- c:\windows\system32\dllcache\atl.dll
2009-07-13 23:43 10,841,088 a------- c:\windows\system32\dllcache\wmp.dll
2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll
2009-07-13 23:43 286,208 -------- c:\windows\system32\dllcache\wmpdxm.dll
2009-07-10 09:27 1,315,328 -------- c:\windows\system32\dllcache\msoe.dll
2007-03-29 09:13 87,608 a------- c:\docume~1\spider~1\applic~1\ezpinst.exe
2007-03-29 09:13 47,360 a------- c:\docume~1\spider~1\applic~1\pcouffin.sys
2006-11-25 03:57 482 a------- c:\program files\Del.js
2005-08-21 12:42 905 ac------ c:\program files\uninstal.log
2004-07-09 19:24 784 a------- c:\docume~1\spider~1\applic~1\mpauth.dat
2006-01-11 02:41 56 ---shr-- c:\windows\system32\6BBF71BA10.sys
2006-09-23 20:47 10,856 a--sh--- c:\windows\system32\KGyGaAvL.sys
2009-02-09 23:52 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009020920090210\index.dat

============= FINISH: 10:31:40.98 ===============
 
also, if needed, the attach.txt log that accompanies. computer is running faster already too.



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-09-29.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 7/9/2004 6:12:37 PM
System Uptime: 10/4/2009 9:53:49 AM (1 hours ago)

Motherboard: Dell Computer Corp. | | 0C2425
Processor: Intel(R) Celeron(R) CPU 2.50GHz | Microprocessor | 2491/400mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 71 GiB total, 4.678 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E96E-E325-11CE-BFC1-08002BE10318}
Description: Plug and Play Monitor
Device ID: DISPLAY\DELD002\4&328453E3&0&80861100&00&02
Manufacturer: (Standard monitor types)
Name: Plug and Play Monitor
PNP Device ID: DISPLAY\DELD002\4&328453E3&0&80861100&00&02
Service:

Class GUID: {4D36E96D-E325-11CE-BFC1-08002BE10318}
Description: Intel(R) 537EP V9x DFV PCI Modem
Device ID: PCI\VEN_8086&DEV_1080&SUBSYS_10001028&REV_04\4&3B1CAF2B&0&30F0
Manufacturer: Intel Corporation
Name: Intel(R) 537EP V9x DFV PCI Modem
PNP Device ID: PCI\VEN_8086&DEV_1080&SUBSYS_10001028&REV_04\4&3B1CAF2B&0&30F0
Service: Modem

Class GUID: {4D36E980-E325-11CE-BFC1-08002BE10318}
Description: Floppy disk drive
Device ID: FDC\GENERIC_FLOPPY_DRIVE\5&C4AE404&0&0
Manufacturer: (Standard floppy disk drives)
Name: Floppy disk drive
PNP Device ID: FDC\GENERIC_FLOPPY_DRIVE\5&C4AE404&0&0
Service: flpydisk

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: ATI WDM TV Tuner (Microsoft)
Device ID: ROOT\LEGACY_ATITUNEP\0000
Manufacturer:
Name: ATI WDM TV Tuner (Microsoft)
PNP Device ID: ROOT\LEGACY_ATITUNEP\0000
Service: ATITUNEP

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: ATI WDM TV Audio Crossbar (Microsoft)
Device ID: ROOT\LEGACY_ATIXSAUDIO\0000
Manufacturer:
Name: ATI WDM TV Audio Crossbar (Microsoft)
PNP Device ID: ROOT\LEGACY_ATIXSAUDIO\0000
Service: ATIXSAudio

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: ATI WDM Specialized MVD Codec (Microsoft)
Device ID: ROOT\LEGACY_MVDCODEC\0000
Manufacturer:
Name: ATI WDM Specialized MVD Codec (Microsoft)
PNP Device ID: ROOT\LEGACY_MVDCODEC\0000
Service: MVDCODEC

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: ATI WDM Specialized PCD Codec (Microsoft)
Device ID: ROOT\LEGACY_PCDCODEC\0000
Manufacturer:
Name: ATI WDM Specialized PCD Codec (Microsoft)
PNP Device ID: ROOT\LEGACY_PCDCODEC\0000
Service: PCDCODEC

==== System Restore Points ===================

RP536: 9/11/2009 6:08:04 PM - Restore Operation
RP537: 9/12/2009 3:07:10 PM - Restore Operation
RP538: 9/13/2009 3:49:33 PM - System Checkpoint
RP539: 9/14/2009 4:58:05 PM - System Checkpoint
RP540: 9/15/2009 5:29:48 PM - System Checkpoint
RP541: 9/16/2009 6:30:49 PM - System Checkpoint
RP542: 9/17/2009 7:03:11 PM - System Checkpoint
RP543: 9/18/2009 7:29:50 PM - System Checkpoint
RP544: 9/19/2009 8:57:54 PM - System Checkpoint
RP545: 9/20/2009 9:29:33 PM - System Checkpoint
RP546: 9/21/2009 9:36:49 PM - System Checkpoint
RP547: 9/22/2009 11:56:59 PM - System Checkpoint
RP548: 9/24/2009 12:34:10 AM - System Checkpoint
RP549: 9/25/2009 1:02:38 AM - System Checkpoint
RP550: 9/26/2009 2:02:31 AM - System Checkpoint
RP551: 9/27/2009 3:02:46 AM - System Checkpoint
RP552: 9/28/2009 4:02:32 AM - System Checkpoint
RP553: 9/29/2009 7:45:36 AM - System Checkpoint
RP554: 9/30/2009 8:44:28 AM - System Checkpoint
RP555: 10/1/2009 9:44:27 AM - System Checkpoint
RP556: 10/2/2009 10:44:17 AM - System Checkpoint
RP557: 10/3/2009 11:21:28 AM - System Checkpoint

==== Installed Programs ======================


ABBYY FineReader 6.0 Sprint
AC3Filter (remove only)
Adobe Acrobat 5.0
Adobe Flash Player 10 ActiveX
Adobe Reader 7.0
AOL Instant Messenger
AutoUpdate
Banctec Service Agreement
Battlefield 2(TM)
Bejeweled 2 Deluxe 1.0
Big Fish Games Client
Bookworm Deluxe 1.03
Broadcom Management Programs
Business Card Generator Fonts
Business Card Shop
Chutes and Ladders
Critical Update for Windows Media Player 11 (KB959772)
dBpoweramp DSP Effects
Deer Avenger
Dell Driver Reset Tool
Dell Networking Guide
Dell Solution Center
DivX Codec
DVDSentry
Dyno2000 Version 3.10
ffdshow [rev 1324] [2007-07-01]
Google Video Player
GTAIII
HarryThompson.com - Webjal Patcher
Help and Support Customization
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 2.0.2
Hot Rod Garage to Glory
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
ieSpell
Intel(R) 537EP V9x DFV PCI Modem
Intel(R) Extreme Graphics Driver
Internet Explorer Default Page
IrfanView (remove only)
Java 2 Runtime Environment, SE v1.4.2
Kaspersky Online Scanner
Learn2 Player (Uninstall Only)
Lexmark 1200 Series
Lexmark 640 Series
Lexmark Fax Solutions
Macromedia Flash Player
Macromedia Shockwave Player
MathPlayer
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Age of Empires Gold
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office PowerPoint Viewer 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
MicroStaff WINASPI
Mobsters Superbot
Modem Event Monitor
MS Access 97 SP2
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
MyJAL MediaPAL
Mystery Case Files: Madame Fate ™
Need For Speed Hot Pursuit 2
Network Play System (Patching)
NVIDIA Drivers
ObjectDock
PeerGuardian 2.0
PowerDVD
QuickTime
R/C Pilot Simulator
RealFlight G3 R/C Simulator
RealFlight Simulator
RealPlayer
Saitek Configuration Software
Saitek NT Controller Drivers
Samsung CamCorder Driver
Samsung Video Codec 1.1 Uninstall
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Shockwave
Sonic DLA
Sonic RecordNow!
Sonic Update Manager
Spybot - Search & Destroy
Spybot - Search & Destroy 1.5.2.20
SpywareBlaster v3.5.1
TVersity Codec Pack 1.1
TVersity Media Server 0.9.11.4 beta
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB968389)
Viewpoint Media Player
Visual FoxPro ODBC Driver
WavePad Uninstall
WebFldrs XP
Webjal install by HarryThompson.com
Windows Desktop Search
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
ZoneAlarm Spy Blocker

==== Event Viewer Messages From Past Week ========

9/29/2009 8:00:52 PM, error: DCOM [10005] - DCOM got error "%2" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
9/29/2009 6:59:20 AM, error: Service Control Manager [7034] - The TVersityMediaServer service terminated unexpectedly. It has done this 1 time(s).
9/29/2009 6:40:53 AM, error: Service Control Manager [7000] - The Background Intelligent Transfer Service service failed to start due to the following error: The system cannot find the file specified.
9/29/2009 6:40:53 AM, error: Service Control Manager [7000] - The Automatic Updates service failed to start due to the following error: The system cannot find the file specified.
9/27/2009 9:15:15 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 30 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
9/27/2009 9:00:15 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
10/4/2009 9:26:46 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PEVSystemStart service to connect.

==== End Of File ===========================
 
Hi,


Open notepad and copy/paste the text in the quotebox below into it:

Code: 
http://forums.spybot.info/showthread.php?p=339991#post339991
Driver::
3e3b0e9
Collect::
c:\windows\carcpc.dll
File::
c:\windows\ifocolaloc.dll
c:\windows\egoxowalif.dll
c:\windows\Ulujoqafarip.dat
c:\program files\Del.js
DDS::
TB: {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} - hxxp://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
Registry::
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"=hex(7):73,63,65,63,6c,69,00,00
[-HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PowerReg Scheduler.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"runner1"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000000


Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

CFScriptB-4.gif


Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.


Uninstall old Adobe Reader versions and get the latest one (9.1 + updates 9.1.2 and 9.1.3 for it) here or get Foxit Reader here. Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here.

Do you necessary need Adobe Acrobat 5.0? If not, I strongly recommend to uninstall it since it's badly outdated.

Uninstall your current shockwave player and get the fresh one here if needed.

Check here to see if your Flash is up-to-date (do it separately with each of your browsers). If not, uninstall vulnerable versions by following instructions here. Fresh version can be obtained here.


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 16.
  • Click the
    Download
    button to the right.
  • Select Windows on platform combobox and check the box that says:
    Accept License Agreement. Click continue.
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u16-windows-i586-p.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.


Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.


Please run an online scan with Kaspersky Online Scanner as instructed in the screenshot here.


Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.
 
heres the fresh combofix log after pasting the text file. will be doing the following steps shortly.


ComboFix 09-10-03.01 - Spiderman 10/04/2009 12:31.3.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.240 [GMT -4:00]
Running from: c:\documents and settings\Spiderman\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Spiderman\Desktop\CFScript.txt

FILE ::
"c:\program files\Del.js"
"c:\windows\egoxowalif.dll"
"c:\windows\ifocolaloc.dll"
"c:\windows\Ulujoqafarip.dat"

file zipped: c:\windows\carcpc.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Common
c:\program files\Common\_helper.sig
c:\program files\Del.js
c:\program files\Shared
c:\windows\carcpc.dll
c:\windows\egoxowalif.dll
c:\windows\ifocolaloc.dll
c:\windows\okaleriweso.dll
c:\windows\system32\dsound3dd.dll
c:\windows\Ulujoqafarip.dat

.
((((((((((((((((((((((((( Files Created from 2009-09-04 to 2009-10-04 )))))))))))))))))))))))))))))))
.

2009-09-12 19:11 . 2009-09-12 19:11 -------- d-----w- c:\windows\system32\wbem\Repository
2009-09-04 17:15 . 2009-09-12 19:11 -------- d-----w- c:\documents and settings\Bobo\Local Settings\Application Data\{7774A5C0-4F5A-4A25-A039-29FB6B2E855C}

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-04 13:21 . 2002-08-29 10:00 182656 ------w- c:\windows\system32\drivers\ndis.sys
2009-09-30 00:02 . 2005-12-30 00:37 -------- d-----w- c:\program files\Common Files\KnifeEdge
2009-09-14 21:38 . 2005-07-13 03:08 -------- d-----w- c:\program files\Program Files
2009-09-12 19:10 . 2009-03-15 00:26 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-03 03:58 . 2004-07-09 22:13 118440 ----a-w- c:\documents and settings\Spiderman\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-25 21:35 . 2009-08-25 16:29 -------- d-----w- c:\documents and settings\All Users\Application Data\10983904
2009-08-06 21:57 . 2009-08-06 21:57 -------- d-----w- c:\program files\MSBuild
2009-08-06 21:56 . 2009-08-06 21:56 -------- d-----w- c:\program files\Reference Assemblies
2009-07-17 19:01 . 2002-08-29 10:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-17 19:01 . 2002-08-29 10:00 58880 ----a-w- c:\windows\system32\atl(3)(3).dll
2009-07-14 03:43 . 2004-08-11 05:45 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2005-08-21 16:42 . 2005-06-27 23:17 905 -c--a-w- c:\program files\uninstal.log
2006-01-11 06:41 . 2004-08-29 00:07 56 --sh--r- c:\windows\SYSTEM32\6BBF71BA10.sys
2006-09-24 00:47 . 2004-08-29 00:07 10856 --sha-w- c:\windows\SYSTEM32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-10-04_14.11.07 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-04 16:44 . 2009-10-04 16:44 40960 c:\windows\temp\rtdrvmon.exe
- 2009-10-04 13:54 . 2009-10-04 13:54 40960 c:\windows\temp\rtdrvmon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-05-12 6729728]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2007-02-08 295856]
"NvMediaCenter"="NvMCTray.dll" - c:\windows\SYSTEM32\nvmctray.dll [2005-05-12 86016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\SYSTEM32\narrator.exe [2008-04-14 53760]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2006-03-13 233472]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk.disabled]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk.disabled
backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.disabledCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Exif Launcher.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Exif Launcher.lnk
backup=c:\windows\pss\Exif Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Spiderman^Start Menu^Programs^Startup^clippy.exe]
path=c:\documents and settings\Spiderman\Start Menu\Programs\Startup\clippy.exe
backup=c:\windows\pss\clippy.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Spiderman^Start Menu^Programs^Startup^Magnifier.lnk]
path=c:\documents and settings\Spiderman\Start Menu\Programs\Startup\Magnifier.lnk
backup=c:\windows\pss\Magnifier.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Spiderman^Start Menu^Programs^Startup^Stardock ObjectDock.lnk]
path=c:\documents and settings\Spiderman\Start Menu\Programs\Startup\Stardock ObjectDock.lnk
backup=c:\windows\pss\Stardock ObjectDock.lnkStartup

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Insider"=c:\program files\Insider\Insider.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\bak\qttask.exe" -atboottime
"nwiz"=nwiz.exe /install

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\SYSTEM32\\lxczcoms.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Summitsoft\\Business Card Shop\\FRegister.exe"=
"c:\\Program Files\\Summitsoft\\Business Card Shop\\BCGUpdate.exe"=
"c:\\Program Files\\Summitsoft\\Business Card Shop\\Summitsoft Products.exe"=
"c:\\Program Files\\Summitsoft\\Business Card Shop\\BCGFonts.exe"=
"c:\\Program Files\\Summitsoft\\Business Card Shop\\Splash_LDS.exe"=
"c:\\Program Files\\Summitsoft\\Business Card Shop\\Splash Series 1_Oct132008.exe"=

S3 brfilt;Brother MFC Filter Driver;c:\windows\SYSTEM32\DRIVERS\BrFilt.sys [8/13/2006 9:48 AM 2944]
S3 brparimg;Brother Multi Function Parallel Image driver;c:\windows\SYSTEM32\DRIVERS\BrParImg.sys [8/13/2006 9:48 AM 3168]
S3 BrParWdm;Brother WDM Parallel Driver;c:\windows\SYSTEM32\DRIVERS\BrParwdm.sys [8/13/2006 9:48 AM 39552]
S3 BrSerWDM;Brother Serial driver;c:\windows\SYSTEM32\DRIVERS\BrSerWdm.sys [8/13/2006 9:48 AM 60416]
S3 DMSKSSRh;DMSKSSRh;\??\c:\docume~1\SPIDER~1\LOCALS~1\Temp\DMSKSSRh.sys --> c:\docume~1\SPIDER~1\LOCALS~1\Temp\DMSKSSRh.sys [?]
S3 SaiNtSub;SaiNtSub;c:\windows\SYSTEM32\DRIVERS\SaiNtSub.sys [2/4/2005 10:28 PM 19200]
S3 samhid;samhid;c:\windows\system32\drivers\samhid.sys --> c:\windows\system32\drivers\samhid.sys [?]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.98rock.com/cc-common/babes/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: &Search
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {D9EA64B2-B966-E177-332C-78B69886526D} - hxxp://download.newaol.com/bkpromo/download/PerformerSetup.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-04 12:45
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1665667976-894762885-3311537992-1007\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(4052)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SYSTEM32\LEXBCES.EXE
c:\windows\SYSTEM32\LEXPPS.EXE
c:\windows\SYSTEM32\lxczcoms.exe
c:\windows\SYSTEM32\nvsvc32.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\TVersity\Media Server\MediaServer.exe
c:\windows\SYSTEM32\wscntfy.exe
c:\windows\SYSTEM32\rundll32.exe
.
**************************************************************************
.
Completion time: 2009-10-04 12:54 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-04 16:54
ComboFix2.txt 2009-10-04 14:17
ComboFix3.txt 2007-11-30 03:16

Pre-Run: 4,962,119,680 bytes free
Post-Run: 4,930,002,944 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
166 --- E O F --- 2009-08-27 21:59
 
will be doing the following steps shortly.
Click to expand...
Ok. Please see also if you can find a zip file with name beginning as [4]-Submit. Upload it here. Kindly include a link to this topic in the message.
 
i ran a search for said file ([4]-Submit) through win rar and came up with zero results. are there any other methods to find this file if its present?

currently im attepmting to update java. i get to the step of clicking "the link to download Windows Offline Installation with or without Multi-language and save to your desktop" and i do not find the link to update offline. should i continue with the installation that the site suggests? all other steps have been completed successfully.

i cannot express how much i appreciate your help in this matter. the computer is running much better already but i know there are more steps to follow. im patiently awaiting further instructions to ensure things go as they should :)
 
Sorry, I should had been more specific. See if you can find .zip file beginning with that name in c:\qoobox\quarantine folder.
 
i found and submitted the [4]-Submit zip file, it was right where you said it was.

im still not sure what to do with the offline installation for java though, i still dont find a link for it. should i continue with the method the site gives me? i have not done the ATF cleaner or the Kaspersky scan yet because of the java update issue. should i continue on with the rest of the steps without updating java?
 
alright, i figured the java update out once i found the correct link :red:
i will be finishing up the rest after i get home from work today.
 
You must log in or register to reply here.
Back
Top