Hello Again,
Okay, as far as the security settings, i have checked them and the userdata setting is enabled, (what they say to do) and yet the update says it is checking the computer, then gives me the custom or express buttons to choose from, either one i choose gives me the same error. And the computer will only connect to the internet through the ethernet and not the wireless. I don't understand that, as it was connecting via wireless while it had all the viruses. I have checked the device manager and it is showing no conflicts and it is enabled.
Here are the latest logs
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:26:30 AM, on 5/29/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Owner.YOUR-8C1A67E1D5\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.myspace.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft....k/?LinkId=69157R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\ed6453b7-60f1-4638-9f98-47ed587334b6.exe
O4 - HKUS\S-1-5-18\..\Run: [Power2GoExpress] NA (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Power2GoExpress] NA (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: IMVU.lnk = C:\Program Files\IMVU\IMVUClient.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone:
http://*.windowsupdate.comO16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) -
https://activatemyds...20Installer.cabO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) -
http://72.71.250.3/a...sCamControl.cabO16 - DPF: {9BA9AE56-8DFC-4994-AEA9-68BEAD35A6FA} -
http://www.myfacelol...2/MyFaceLOL.cabO16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) -
http://wwwimages.ado...obat/nos/gp.cabO20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
--
End of file - 8235 bytes
ComboFix 09-05-28.07 - Owner 05/29/2009 5:32.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.555 [GMT -4:00]
Running from: c:\documents and settings\Owner.YOUR-8C1A67E1D5\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner.YOUR-8C1A67E1D5\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090528-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FILE ::
"c:\system volume information\_restore{A0427B73-25B8-43D0-92D4-F22E7758340C}\RP162\A0030834.exe"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\system volume information\_restore{A0427B73-25B8-43D0-92D4-F22E7758340C}\RP162\A0030834.exe
.
((((((((((((((((((((((((( Files Created from 2009-04-28 to 2009-05-29 )))))))))))))))))))))))))))))))
.
2009-05-28 21:34 . 2009-05-28 21:34 -------- d-----w C:\_OTL
2009-05-28 19:33 . 2009-05-28 19:33 -------- d-----w c:\documents and settings\All Users\Application Data\NortonInstaller
2009-05-28 09:22 . 2009-05-28 09:25 -------- d-----w C:\Lop SD
2009-05-28 00:59 . 2009-05-28 00:59 3371383 ----a-w c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-05-27 23:57 . 2009-05-27 23:57 -------- d-----w c:\program files\Common Files\Adobe AIR
2009-05-27 23:55 . 2009-05-27 23:56 -------- d-----w c:\program files\Common Files\Adobe
2009-05-27 23:42 . 2009-05-27 23:42 -------- d-----w c:\documents and settings\All Users\Application Data\NOS
2009-05-27 23:42 . 2009-05-27 23:42 -------- d-----w c:\program files\NOS
2009-05-27 09:15 . 2009-05-27 09:56 -------- d-----w C:\SDFix
2009-05-26 22:19 . 2009-05-26 22:19 -------- d-----w C:\rsit
2009-05-26 22:11 . 2009-05-26 22:11 -------- d-----w C:\_OTM
2009-05-22 17:45 . 2009-05-22 17:46 -------- d-----w C:\Rooter$
2009-05-22 12:33 . 2009-02-05 20:06 23152 ----a-w c:\windows\system32\drivers\aswRdr.sys
2009-05-22 12:33 . 2009-02-05 20:06 51376 ----a-w c:\windows\system32\drivers\aswTdi.sys
2009-05-22 12:33 . 2009-02-05 20:05 26944 ----a-w c:\windows\system32\drivers\aavmker4.sys
2009-05-22 12:33 . 2009-02-05 20:04 97480 ----a-w c:\windows\system32\AvastSS.scr
2009-05-22 12:33 . 2009-02-05 20:07 114768 ----a-w c:\windows\system32\drivers\aswSP.sys
2009-05-22 12:33 . 2009-02-05 20:07 20560 ----a-w c:\windows\system32\drivers\aswFsBlk.sys
2009-05-22 12:33 . 2009-02-05 20:08 93296 ----a-w c:\windows\system32\drivers\aswmon.sys
2009-05-22 12:33 . 2009-02-05 20:08 94032 ----a-w c:\windows\system32\drivers\aswmon2.sys
2009-05-22 12:33 . 2009-02-05 20:11 1256296 ----a-w c:\windows\system32\aswBoot.exe
2009-05-22 12:33 . 2009-05-22 12:33 -------- d-----w c:\program files\Alwil Software
2009-05-22 01:15 . 2005-10-16 12:00 12928 ----a-w c:\windows\system32\drivers\filedisk.sys
2009-05-22 01:15 . 2009-05-22 01:15 -------- d-----w c:\program files\WinImage
2009-05-21 22:51 . 2008-04-14 09:42 116224 -c--a-w c:\windows\system32\dllcache\xrxwiadr.dll
2009-05-21 22:51 . 2001-08-18 02:36 23040 -c--a-w c:\windows\system32\dllcache\xrxwbtmp.dll
2009-05-21 22:51 . 2008-04-14 09:42 18944 -c--a-w c:\windows\system32\dllcache\xrxscnui.dll
2009-05-21 22:51 . 2001-08-18 02:37 27648 -c--a-w c:\windows\system32\dllcache\xrxftplt.exe
2009-05-21 22:50 . 2001-08-18 02:37 4608 -c--a-w c:\windows\system32\dllcache\xrxflnch.exe
2009-05-21 22:50 . 2001-08-18 02:37 99865 -c--a-w c:\windows\system32\dllcache\xlog.exe
2009-05-21 22:50 . 2001-08-17 16:11 16970 -c--a-w c:\windows\system32\dllcache\xem336n5.sys
2009-05-21 22:50 . 2008-04-14 02:04 19455 -c--a-w c:\windows\system32\dllcache\wvchntxx.sys
2009-05-21 22:50 . 2008-04-14 02:04 12063 -c--a-w c:\windows\system32\dllcache\wsiintxx.sys
2009-05-21 22:50 . 2008-04-14 09:42 8192 -c--a-w c:\windows\system32\dllcache\wshirda.dll
2009-05-21 22:49 . 2008-04-14 04:06 8832 -c--a-w c:\windows\system32\dllcache\wmiacpi.sys
2009-05-21 22:49 . 2008-04-14 02:05 154624 -c--a-w c:\windows\system32\dllcache\wlluc48.sys
2009-05-21 22:49 . 2001-08-17 16:12 34890 -c--a-w c:\windows\system32\dllcache\wlandrv2.sys
2009-05-21 22:49 . 2001-08-17 17:28 771581 -c--a-w c:\windows\system32\dllcache\winacisa.sys
2009-05-21 22:49 . 2001-08-18 02:36 53760 -c--a-w c:\windows\system32\dllcache\wiamsmud.dll
2009-05-21 22:49 . 2001-08-17 17:28 701386 -c--a-w c:\windows\system32\dllcache\wdhaalba.sys
2009-05-21 22:49 . 2008-04-14 02:04 23615 -c--a-w c:\windows\system32\dllcache\wch7xxnt.sys
2009-05-21 22:49 . 2008-04-14 04:15 31744 -c--a-w c:\windows\system32\dllcache\wceusbsh.sys
2009-05-21 22:47 . 2001-08-17 17:49 24576 -c--a-w c:\windows\system32\dllcache\viairda.sys
2009-05-21 22:47 . 2001-08-17 17:28 687999 -c--a-w c:\windows\system32\dllcache\usrwdxjs.sys
2009-05-21 22:47 . 2001-08-17 17:28 765884 -c--a-w c:\windows\system32\dllcache\usrti.sys
2009-05-21 22:47 . 2001-08-17 17:28 113762 -c--a-w c:\windows\system32\dllcache\usrpda.sys
2009-05-21 22:47 . 2001-08-17 17:28 7556 -c--a-w c:\windows\system32\dllcache\usroslba.sys
2009-05-21 22:47 . 2001-08-17 17:28 224802 -c--a-w c:\windows\system32\dllcache\usr1807a.sys
2009-05-21 22:47 . 2001-08-17 17:28 794399 -c--a-w c:\windows\system32\dllcache\usr1806v.sys
2009-05-21 22:47 . 2001-08-17 17:28 793598 -c--a-w c:\windows\system32\dllcache\usr1806.sys
2009-05-21 22:47 . 2001-08-17 17:28 794654 -c--a-w c:\windows\system32\dllcache\usr1801.sys
2009-05-21 22:47 . 2008-04-14 04:15 20608 -c--a-w c:\windows\system32\dllcache\usbuhci.sys
2009-05-21 22:47 . 2008-04-14 04:15 26112 -c--a-w c:\windows\system32\dllcache\usbser.sys
2009-05-21 22:47 . 2008-04-14 02:05 32384 -c--a-w c:\windows\system32\dllcache\usb101et.sys
2009-05-21 22:47 . 2001-08-18 02:36 94720 -c--a-w c:\windows\system32\dllcache\umaxud32.dll
2009-05-21 22:46 . 2001-08-18 02:36 28160 -c--a-w c:\windows\system32\dllcache\umaxu40.dll
2009-05-21 22:46 . 2001-08-18 02:36 26624 -c--a-w c:\windows\system32\dllcache\umaxu22.dll
2009-05-21 22:46 . 2001-08-18 02:36 69632 -c--a-w c:\windows\system32\dllcache\umaxu12.dll
2009-05-21 22:46 . 2001-08-18 02:36 50688 -c--a-w c:\windows\system32\dllcache\umaxscan.dll
2009-05-21 22:46 . 2001-08-17 17:58 22912 -c--a-w c:\windows\system32\dllcache\umaxpcls.sys
2009-05-21 22:46 . 2001-08-18 02:36 50176 -c--a-w c:\windows\system32\dllcache\umaxp60.dll
2009-05-21 22:46 . 2001-08-18 02:36 47616 -c--a-w c:\windows\system32\dllcache\umaxcam.dll
2009-05-21 22:46 . 2001-08-18 02:36 211968 -c--a-w c:\windows\system32\dllcache\um54scan.dll
2009-05-21 22:46 . 2001-08-18 02:36 216064 -c--a-w c:\windows\system32\dllcache\um34scan.dll
2009-05-21 22:46 . 2001-08-17 17:48 11520 -c--a-w c:\windows\system32\dllcache\twotrack.sys
2009-05-21 22:46 . 2001-08-17 16:51 166784 -c--a-w c:\windows\system32\dllcache\tridxpm.sys
2009-05-21 22:46 . 2001-08-18 02:36 525568 -c--a-w c:\windows\system32\dllcache\tridxp.dll
2009-05-21 22:44 . 2001-08-17 18:56 81408 -c--a-w c:\windows\system32\dllcache\tgiul50.dll
2009-05-21 22:44 . 2008-04-14 04:10 149376 -c--a-w c:\windows\system32\dllcache\tffsport.sys
2009-05-21 22:44 . 2001-08-17 16:13 17129 -c--a-w c:\windows\system32\dllcache\tdkcd31.sys
2009-05-21 22:44 . 2001-08-17 16:13 37961 -c--a-w c:\windows\system32\dllcache\tdk100b.sys
2009-05-21 22:44 . 2001-08-17 17:49 30464 -c--a-w c:\windows\system32\dllcache\tbatm155.sys
2009-05-21 22:44 . 2001-08-17 17:52 7040 -c--a-w c:\windows\system32\dllcache\tandqic.sys
2009-05-21 22:44 . 2001-08-17 16:50 36640 -c--a-w c:\windows\system32\dllcache\t2r4mini.sys
2009-05-21 22:44 . 2001-08-17 18:56 172768 -c--a-w c:\windows\system32\dllcache\t2r4disp.dll
2009-05-21 22:44 . 2001-08-18 02:36 94293 -c--a-w c:\windows\system32\dllcache\sxports.dll
2009-05-21 22:44 . 2001-08-17 17:50 103936 -c--a-w c:\windows\system32\dllcache\sx.sys
2009-05-21 22:43 . 2001-08-17 18:02 3968 -c--a-w c:\windows\system32\dllcache\swusbflt.sys
2009-05-21 22:43 . 2001-08-18 02:36 10240 -c--a-w c:\windows\system32\dllcache\swpidflt.dll
2009-05-21 22:43 . 2001-08-18 02:36 10240 -c--a-w c:\windows\system32\dllcache\swpdflt2.dll
2009-05-21 22:43 . 2001-08-18 02:36 53760 -c--a-w c:\windows\system32\dllcache\sw_wheel.dll
2009-05-21 22:43 . 2001-08-18 02:36 41472 -c--a-w c:\windows\system32\dllcache\sw_effct.dll
2009-05-21 22:43 . 2001-08-18 02:36 155648 -c--a-w c:\windows\system32\dllcache\stlnprop.dll
2009-05-21 22:43 . 2001-08-18 02:36 53248 -c--a-w c:\windows\system32\dllcache\stlncoin.dll
2009-05-21 22:43 . 2001-08-17 16:18 285760 -c--a-w c:\windows\system32\dllcache\stlnata.sys
2009-05-21 22:43 . 2001-08-17 17:51 16896 -c--a-w c:\windows\system32\dllcache\stcusb.sys
2009-05-21 22:43 . 2001-08-17 16:11 48736 -c--a-w c:\windows\system32\dllcache\srwlnd5.sys
2009-05-21 22:41 . 2001-08-17 16:12 24576 -c--a-w c:\windows\system32\dllcache\smc8000n.sys
2009-05-21 22:40 . 2001-08-17 18:56 150144 -c--a-w c:\windows\system32\dllcache\sis6306v.dll
2009-05-21 22:40 . 2001-08-17 16:50 68608 -c--a-w c:\windows\system32\dllcache\sis6306p.sys
2009-05-21 22:40 . 2001-08-17 18:56 252032 -c--a-w c:\windows\system32\dllcache\sis300iv.dll
2009-05-21 22:40 . 2001-08-17 16:50 101760 -c--a-w c:\windows\system32\dllcache\sis300ip.sys
2009-05-21 22:40 . 2001-07-21 18:29 161568 -c--a-w c:\windows\system32\dllcache\sgsmusb.sys
2009-05-21 22:40 . 2001-07-21 18:29 18400 -c--a-w c:\windows\system32\dllcache\sgsmld.sys
2009-05-21 22:40 . 2001-08-17 16:51 98080 -c--a-w c:\windows\system32\dllcache\sgiulnt5.sys
2009-05-21 22:40 . 2001-08-18 02:36 386560 -c--a-w c:\windows\system32\dllcache\sgiul50.dll
2009-05-21 22:40 . 2001-08-17 16:19 36480 -c--a-w c:\windows\system32\dllcache\sfmanm.sys
2009-05-21 22:40 . 2001-08-17 17:48 17664 -c--a-w c:\windows\system32\dllcache\sermouse.sys
2009-05-21 22:40 . 2001-08-17 17:53 6912 -c--a-w c:\windows\system32\dllcache\seaddsmc.sys
2009-05-21 22:40 . 2008-04-14 04:15 11520 -c--a-w c:\windows\system32\dllcache\scsiscan.sys
2009-05-21 22:39 . 2001-08-17 17:52 11648 -c--a-w c:\windows\system32\dllcache\scsiprnt.sys
2009-05-21 22:39 . 2001-08-17 17:51 17280 -c--a-w c:\windows\system32\dllcache\scr111.sys
2009-05-21 22:39 . 2001-08-17 17:51 16640 -c--a-w c:\windows\system32\dllcache\scmstcs.sys
2009-05-21 22:39 . 2001-08-17 17:51 23936 -c--a-w c:\windows\system32\dllcache\sccmusbm.sys
2009-05-21 22:39 . 2001-08-17 17:51 23936 -c--a-w c:\windows\system32\dllcache\sccmn50m.sys
2009-05-21 22:39 . 2008-04-14 04:10 43904 -c--a-w c:\windows\system32\dllcache\sbp2port.sys
2009-05-21 22:39 . 2001-08-18 02:36 495616 -c--a-w c:\windows\system32\dllcache\sblfx.dll
2009-05-21 22:39 . 2001-08-17 16:50 75392 -c--a-w c:\windows\system32\dllcache\s3savmxm.sys
2009-05-21 22:39 . 2001-08-17 18:56 245632 -c--a-w c:\windows\system32\dllcache\s3savmx.dll
2009-05-21 22:39 . 2001-08-17 16:50 77824 -c--a-w c:\windows\system32\dllcache\s3sav4m.sys
2009-05-21 22:39 . 2001-08-17 18:56 198400 -c--a-w c:\windows\system32\dllcache\s3sav4.dll
2009-05-21 22:39 . 2001-08-17 16:50 61504 -c--a-w c:\windows\system32\dllcache\s3sav3dm.sys
2009-05-21 22:37 . 2001-08-17 16:12 37563 -c--a-w c:\windows\system32\dllcache\rlnet5.sys
2009-05-21 22:37 . 2001-08-18 02:36 86097 -c--a-w c:\windows\system32\dllcache\reslog32.dll
2009-05-21 22:37 . 2001-08-17 17:51 19584 -c--a-w c:\windows\system32\dllcache\rasirda.sys
2009-05-21 22:37 . 2001-08-17 17:28 714762 -c--a-w c:\windows\system32\dllcache\r2mdmkxx.sys
2009-05-21 22:37 . 2001-08-17 17:28 899146 -c--a-w c:\windows\system32\dllcache\r2mdkxga.sys
2009-05-21 22:37 . 2001-08-18 02:36 41472 -c--a-w c:\windows\system32\dllcache\qvusd.dll
2009-05-21 22:37 . 2001-08-17 17:53 3328 -c--a-w c:\windows\system32\dllcache\qv2kux.sys
2009-05-21 22:37 . 2008-04-14 04:10 6016 -c--a-w c:\windows\system32\dllcache\qic157.sys
2009-05-21 22:37 . 2001-08-17 17:28 130942 -c--a-w c:\windows\system32\dllcache\ptserlv.sys
2009-05-21 22:37 . 2001-08-17 17:28 112574 -c--a-w c:\windows\system32\dllcache\ptserlp.sys
2009-05-21 22:35 . 2008-04-14 09:40 259328 -c--a-w c:\windows\system32\dllcache\perm3dd.dll
2009-05-21 22:34 . 2001-08-18 02:36 116736 -c--a-w c:\windows\system32\dllcache\ovcodec2.dll
2009-05-21 22:34 . 2001-08-17 18:05 31872 -c--a-w c:\windows\system32\dllcache\ovce.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-29 09:38 . 2009-04-01 16:23 117760 ----a-w c:\documents and settings\Owner.YOUR-8C1A67E1D5\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-05-28 19:34 . 2007-12-21 20:05 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-05-28 00:59 . 2009-03-03 11:37 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-27 09:58 . 2009-03-03 11:32 -------- d-----w c:\program files\SUPERAntiSpyware
2009-05-26 17:20 . 2009-03-03 11:37 40160 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-26 17:19 . 2009-03-03 11:37 19096 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-22 17:08 . 2008-10-04 08:31 -------- d-----w c:\program files\Common
2009-05-22 16:39 . 2008-11-14 01:16 -------- d-----w c:\program files\Norton AntiVirus
2009-05-21 21:18 . 2008-11-15 15:55 -------- d-----w c:\program files\Windows Live Toolbar
2009-05-21 16:46 . 2008-02-18 14:43 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-05-19 17:59 . 2007-09-30 00:32 -------- d-----w c:\program files\Real
2009-05-19 17:41 . 2007-09-30 00:18 -------- d-----w c:\program files\Google
2009-05-19 17:11 . 2007-09-30 00:16 -------- d-----w c:\program files\Common Files\InstallShield
2009-05-19 17:11 . 2007-09-30 00:31 -------- d-----w c:\documents and settings\All Users\Application Data\Napster
2009-05-19 17:11 . 2007-09-30 00:31 -------- d-----w c:\program files\Napster
2009-05-19 17:08 . 2007-10-06 07:54 -------- d-----w c:\program files\Logitech
2009-05-19 17:08 . 2008-01-10 06:07 -------- d-----w c:\documents and settings\All Users\Application Data\Logishrd
2009-05-19 17:04 . 2008-02-18 14:42 -------- d-----w c:\program files\MSN Games
2009-05-19 17:04 . 2009-02-15 15:24 -------- d-----w c:\program files\Yahoo! Games
2009-05-19 17:03 . 2008-11-17 17:04 -------- d-----w c:\program files\AIM Toolbar
2009-05-19 11:24 . 2008-03-06 10:25 -------- d-----w c:\documents and settings\Owner.YOUR-8C1A67E1D5\Application Data\Yahoo!
2009-05-18 18:38 . 2007-09-30 00:45 17801 ----a-w c:\windows\system32\drivers\AegisP.sys
2009-04-14 15:58 . 2009-04-14 15:58 -------- d-----w c:\program files\Freeze.com
2009-03-06 23:48 . 2009-03-06 23:48 1245321 ----a-w c:\documents and settings\All Users\Application Data\NeoEdge Networks\Yahoo_FamilyFeud\IAF.dll
2009-03-06 21:57 . 2009-03-06 21:57 4096 ----a-w c:\windows\d3dx.dat
2009-03-06 14:22 . 2007-09-29 22:38 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 15:25 . 2009-03-03 15:26 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-03 15:24 . 2009-03-03 15:24 152576 ----a-w c:\documents and settings\Owner.YOUR-8C1A67E1D5\Application Data\Sun\Java\jre1.6.0_11\lzma.dll
2009-03-03 00:18 . 2007-09-29 22:39 826368 ----a-w c:\windows\system32\wininet.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-05-27_20.01.28 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-29 09:37 . 2009-05-29 09:37 16384 c:\windows\temp\Perflib_Perfdata_49c.dat
+ 2009-05-28 21:36 . 2009-05-28 21:36 16384 c:\windows\temp\Perflib_Perfdata_1bc.dat
+ 2009-05-29 09:37 . 2009-05-29 09:37 16384 c:\windows\temp\Perflib_Perfdata_1a4.dat
+ 2009-05-29 09:36 . 2009-05-29 09:36 16384 c:\windows\temp\Perflib_Perfdata_1a0.dat
+ 2009-05-15 14:53 . 2009-05-27 23:42 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2009-05-15 14:53 . 2009-05-22 10:08 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2005-11-23 09:03 . 2009-05-27 23:42 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2005-11-23 09:03 . 2009-05-22 10:08 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2005-11-23 09:03 . 2009-05-27 23:42 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2005-11-23 09:03 . 2009-05-22 10:08 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2006-12-02 02:54 . 2006-12-02 02:54 626688 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll
+ 2006-12-02 02:54 . 2006-12-02 02:54 548864 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll
+ 2006-12-02 02:54 . 2006-12-02 02:54 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll
+ 2009-05-18 18:56 . 2009-05-29 09:37 159035 c:\windows\system32\inetsrv\MetaBase.bin
+ 2009-05-28 19:30 . 2009-05-28 19:30 262144 c:\windows\system32\config\RCCBakup\NTUSER.DAT
+ 2009-05-29 09:38 . 2009-05-29 09:38 233472 c:\windows\ERDNT\AutoBackup\5-29-2009\Users\
00000002\UsrClass.dat
+ 2009-05-29 09:38 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\5-29-2009\ERDNT.EXE
+ 2009-05-28 09:15 . 2009-05-28 09:15 233472 c:\windows\ERDNT\AutoBackup\5-28-2009\Users\
00000002\UsrClass.dat
+ 2009-05-28 09:15 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\5-28-2009\ERDNT.EXE
+ 2009-05-29 09:37 . 2009-05-29 09:38 4677632 c:\windows\ERDNT\AutoBackup\5-29-2009\Users\
00000001\NTUSER.DAT
+ 2009-05-28 09:15 . 2009-05-28 09:15 4677632 c:\windows\ERDNT\AutoBackup\5-28-2009\Users\
00000001\NTUSER.DAT
- 2008-02-25 21:49 . 2009-05-07 07:16 24699336 c:\windows\system32\MRT.exe
+ 2008-02-25 21:49 . 2009-05-07 04:16 24699336 c:\windows\system32\MRT.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\ed6453b7-60f1-4638-9f98-47ed587334b6.exe" [2009-05-17 1830128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY" [X]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-05 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-05 688218]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2005-02-26 966656]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-29 344064]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-09-30 98304]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-03 136600]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"MsmqIntCert"="mqrt.dll" - c:\windows\system32\mqrt.dll [2008-04-14 177152]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-12-12 9555968]
c:\documents and settings\Owner.YOUR-8C1A67E1D5\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-27 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [5/22/2009 8:33 AM 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/17/2009 12:43 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2009 12:43 PM 55024]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/22/2009 8:33 AM 20560]
R2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe -k netsvcs [9/29/2007 6:39 PM 14336]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [9/29/2007 7:01 PM 200576]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2009 12:43 PM 7408]
S3 el575nd5;3Com Megahertz 10/100 LAN CardBus PC Card Driver;c:\windows\system32\drivers\el575ND5.sys [9/29/2007 6:57 PM 69692]
S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [5/27/2009 7:42 PM 33176]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.myspace.com/
uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZJxdm186YYUS&fl=0&ptb=njjpaKtLGe17KsqqIkl_9w&url=http://www.ask.com/web&q={searchTerms}&l=zj&o=sb
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: microsoft.com\*.windowsupdate
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: microsoft.com\www
Trusted Zone: microsoft.com\www.windowsupdate
Trusted Zone: windowsupdate.com
DPF: {9BA9AE56-8DFC-4994-AEA9-68BEAD35A6FA} - hxxp://www.myfacelol.com/_downloads/cab/v2/MyFaceLOL.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-05-29 05:37
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1212)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(1492)
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\WLTRYSVC.EXE
c:\windows\system32\BCMWLTRY.EXE
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\msdtc.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\windows\system32\snmp.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\mqsvc.exe
c:\windows\system32\searchindexer.exe
c:\windows\system32\mqtgsvc.exe
c:\windows\system32\WLTRAY.EXE
c:\progra~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-05-29 5:44 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-29 09:43
ComboFix2.txt 2009-05-28 00:15
ComboFix3.txt 2009-05-27 20:07
ComboFix4.txt 2008-10-28 12:40
ComboFix5.txt 2009-05-29 09:31
Pre-Run: 70,280,495,104 bytes free
Post-Run: 70,289,739,776 bytes free
326 --- E O F --- 2009-05-29 00:00