Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Browser HiJacked [Solved]

Started by kws_divine , Mar 22 2009 05:36 PM

This topic is locked

#1
kws_divine

Posted 22 March 2009 - 05:36 PM

Member

Member
224 posts

I don't use IE. I use Firefox. But "Internet Explorer Is Not Responding" message keeps coming up every 15 minutes or so. And once in a while a pop up comes up with it too.
Please help.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:36:30 PM, on 3/22/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DNA\btdna.exe
C:\Documents and Settings\Evan\Application Data\nidle\nidle.exe
C:\Documents and Settings\Evan\Application Data\Twain\Twain.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: MessengerUpdate - {5948A52A-BA3A-49A8-BCAF-D578502BDA9D} - C:\Documents and Settings\Evan\Application Data\Messenger\Drivers\MsgUpdate.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [nidle] "C:\Documents and Settings\Evan\Application Data\nidle\nidle.exe" 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKCU\..\Run: [Twain] C:\Documents and Settings\Evan\Application Data\Twain\Twain.exe
O4 - HKCU\..\Run: [IgfxSys] rundll32.exe "C:\Documents and Settings\Evan\Application Data\Messenger\Drivers\IgfxSys.dll",StartProtector
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\WINDOWS\system32\dokupoye.dll mkmyuz.dll c:\windows\system32\tokutide.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 7475 bytes

#2
Jimmy2012

Posted 24 March 2009 - 11:51 PM

Trusted Helper

Retired Staff
6,238 posts

Hello kws_divine,
Sorry about the delay.

Download OTListIt2 to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

#3
kws_divine

Posted 25 March 2009 - 02:10 PM

Member

Topic Starter
Member
224 posts

OTLIST

OTListIt logfile created on: 3/25/2009 7:56:27 AM - Run 1
OTListIt2 by OldTimer - Version 2.0.7.1 Folder = C:\Documents and Settings\Evan\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.48 Mb Total Physical Memory | 429.83 Mb Available Physical Memory | 42.04% Memory free
2.40 Gb Paging File | 1.69 Gb Available in Paging File | 70.38% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 199.08 Gb Free Space | 85.49% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: EVAN-280D759949
Current User Name: Evan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe (Zone Labs, LLC)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\system32\CTHELPER.EXE (Creative Technology Ltd)
PRC - C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Zone Labs, LLC)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\RocketDock\RocketDock.exe ()
PRC - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
PRC - C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
PRC - C:\Documents and Settings\Evan\Application Data\nidle\nidle.exe ()
PRC - C:\Documents and Settings\Evan\Application Data\Twain\Twain.exe ()
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
PRC - C:\Program Files\Steam\Steam.exe (Valve Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Documents and Settings\Evan\Desktop\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service [On_Demand | Running]) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (NVSvc [Auto | Running]) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
SRV - (usnjsvc [Disabled | Stopped]) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (Viewpoint Manager Service [Auto | Running]) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (vsmon [Auto | Running]) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe (Zone Labs, LLC)

========== Driver Services (SafeList) ==========

DRV - (COMMONFX.DLL [On_Demand | Running]) -- C:\WINDOWS\system32\COMMONFX.DLL (Creative Technology Ltd)
DRV - (CT20XUT.DLL [On_Demand | Stopped]) -- C:\WINDOWS\system32\CT20XUT.DLL (Creative Technology Ltd.)
DRV - (ctac32k [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ctac32k.sys (Creative Technology Ltd)
DRV - (ctaud2k [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV - (CTAUDFX.DLL [On_Demand | Running]) -- C:\WINDOWS\system32\CTAUDFX.DLL (Creative Technology Ltd)
DRV - (ctdvda2k [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\ctdvda2k.sys (Creative Technology Ltd)
DRV - (CTEAPSFX.DLL [On_Demand | Stopped]) -- C:\WINDOWS\system32\CTEAPSFX.DLL (Creative Technology Ltd)
DRV - (CTEDSPFX.DLL [On_Demand | Stopped]) -- C:\WINDOWS\system32\CTEDSPFX.DLL (Creative Technology Ltd)
DRV - (CTEDSPIO.DLL [On_Demand | Stopped]) -- C:\WINDOWS\system32\CTEDSPIO.DLL (Creative Technology Ltd)
DRV - (CTEDSPSY.DLL [On_Demand | Stopped]) -- C:\WINDOWS\system32\CTEDSPSY.DLL (Creative Technology Ltd)
DRV - (CTERFXFX.DLL [On_Demand | Stopped]) -- C:\WINDOWS\system32\CTERFXFX.DLL (Creative Technology Ltd)
DRV - (CTEXFIFX.DLL [On_Demand | Stopped]) -- C:\WINDOWS\system32\CTEXFIFX.DLL (Creative Technology Ltd.)
DRV - (CTHWIUT.DLL [On_Demand | Stopped]) -- C:\WINDOWS\system32\CTHWIUT.DLL (Creative Technology Ltd.)
DRV - (ctprxy2k [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV - (CTSBLFX.DLL [On_Demand | Running]) -- C:\WINDOWS\system32\CTSBLFX.DLL (Creative Technology Ltd)
DRV - (ctsfm2k [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (emupia [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\emupia2k.sys (Creative Technology Ltd)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (ha10kx2k [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ha10kx2k.sys (Creative Technology Ltd)
DRV - (hap16v2k [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\hap16v2k.sys (Creative Technology Ltd)
DRV - (hap17v2k [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\hap17v2k.sys (Creative Technology Ltd)
DRV - (libusb0 [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\libusb0.sys (http://libusb-win32.sourceforge.net)
DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (ossrv [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (rtl8139 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\RTL8139.SYS (Realtek Semiconductor Corporation)
DRV - (SASDIFSV [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM [On_Demand | Running]) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys ()
DRV - (srescan [Boot | Running]) -- C:\WINDOWS\system32\ZoneLabs\srescan.sys (Zone Labs, LLC)
DRV - (USBAAPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple, Inc.)
DRV - (vsdatant [System | Running]) -- C:\WINDOWS\System32\vsdatant.sys (Zone Labs, LLC)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\System32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...&ar=msnhome
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.7

FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/02/22 21:07:46 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/03/08 16:14:03 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/03/14 01:49:36 | 00,000,000 | ---D | M]

[2009/02/22 21:12:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Evan\Application Data\mozilla\Extensions
[2009/02/22 18:48:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Evan\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/02/22 21:12:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Evan\Application Data\mozilla\Extensions\[email protected]
[2009/02/22 18:48:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Evan\Application Data\mozilla\Firefox\Profiles\46paeel1.default\extensions
[2009/03/24 07:53:22 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/03/05 08:43:59 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/02/22 21:07:54 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/03/05 08:43:54 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/03/05 08:43:54 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/03/07 04:16:06 | 00,211,456 | ---- | M] () -- C:\Program Files\mozilla firefox\components\srff.dll
[2009/01/19 19:28:04 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/01/19 19:28:04 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/01/19 19:28:04 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/01/19 19:28:04 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/01/19 19:28:04 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/01/19 19:28:04 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/01/19 19:28:04 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (766 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (MessengerUpdate Class) - {5948A52A-BA3A-49A8-BCAF-D578502BDA9D} - C:\Documents and Settings\Evan\Application Data\Messenger\Drivers\MsgUpdate.dll (Pending Approval)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - Reg Error: Key error. File not found
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" (Adobe Systems Inc.)
O4 - HKLM..\Run: [CTHelper] CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] CTXFIHLP.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /install ()
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" (Zone Labs, LLC)
O4 - HKCU..\Run: [Aim6] File not found
O4 - HKCU..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe" (BitTorrent, Inc.)
O4 - HKCU..\Run: [IgfxSys] rundll32.exe "C:\Documents and Settings\Evan\Application Data\Messenger\Drivers\IgfxSys.dll",StartProtector File not found
O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
O4 - HKCU..\Run: [nidle] "C:\Documents and Settings\Evan\Application Data\nidle\nidle.exe" 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310 ()
O4 - HKCU..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" ()
O4 - HKCU..\Run: [Steam] "c:\program files\steam\steam.exe" -silent (Valve Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [Twain] C:\Documents and Settings\Evan\Application Data\Twain\Twain.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\dokupoye.dll) - C:\WINDOWS\system32\dokupoye.dll File not found
O20 - AppInit_DLLs: (mkmyuz.dll) - File not found
O20 - AppInit_DLLs: (c:\windows\system32\tokutide.dll) - c:\windows\system32\tokutide.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[2009/03/25 07:55:52 | 00,499,200 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Evan\Desktop\OTListIt2.exe
[2009/03/24 22:58:47 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Evan\Desktop\Eamon & Eminem - I Dont Want You Back (Remix).mp3
[2009/03/24 22:07:58 | 04,705,011 | ---- | C] () -- C:\Documents and Settings\Evan\Desktop\Eminem - Without Me (dirty).mp3
[2009/03/24 22:06:39 | 08,202,309 | ---- | C] () -- C:\Documents and Settings\Evan\Desktop\Eminem ft. Dr. Dre and 50 Cent - Crack A Bottle.mp3
[2009/03/24 21:48:18 | 03,084,794 | ---- | C] () -- C:\Documents and Settings\Evan\Desktop\Jay-Z- my president is black remix.mp3
[2009/03/22 19:36:23 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Evan\Desktop\HijackThis.lnk
[2009/03/22 19:36:23 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/03/22 19:36:17 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Evan\Desktop\HJTInstall.exe
[2009/03/18 21:03:06 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2009/03/17 23:34:10 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusb.dll
[2009/03/17 23:34:08 | 00,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusd.dll
[2009/03/17 23:34:07 | 00,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbscan.sys
[2009/03/17 23:34:07 | 00,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbscan.sys
[2009/03/15 22:10:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Evan\Desktop\[cheat-project.com] BlakMajik 1.3 Public 2008-08-18
[2009/03/14 01:52:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2009/03/14 01:52:17 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2009/03/14 01:49:37 | 00,001,800 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk
[2009/03/14 01:49:36 | 00,002,337 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2009/03/14 01:47:33 | 00,000,000 | ---D | C] -- C:\Program Files\Adobe
[2009/03/14 01:47:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2009/03/09 18:58:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Evan\Desktop\AddOns
[2009/03/08 22:15:27 | 20,408,181 | ---- | C] () -- C:\Documents and Settings\Evan\Desktop\AddOns.rar
[2009/03/08 14:21:44 | 00,000,000 | ---D | C] -- C:\Program Files\CleanUp!
[2009/03/07 04:25:44 | 00,000,000 | ---D | C] -- C:\WINDOWS\iwuq
[2009/03/07 04:25:44 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\iwuq
[2009/03/07 04:10:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Evan\Application Data\Twain
[2009/03/07 04:05:16 | 00,000,000 | ---D | C] -- C:\Program Files\WWShow
[2009/03/07 04:00:09 | 00,000,000 | ---D | C] -- C:\Program Files\Jcore
[2009/03/07 01:53:48 | 01,805,682 | -HS- | C] () -- C:\WINDOWS\System32\upamiyuj.ini
[2009/03/07 01:48:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Evan\Application Data\nidle
[2009/03/07 01:48:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Evan\Application Data\Messenger
[2009/03/07 01:48:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\km5
[2009/03/07 01:48:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Et
[2009/03/07 01:48:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\bh3
[2009/03/07 01:48:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\aNI02
[2009/03/07 01:48:28 | 00,000,000 | ---D | C] -- C:\Temp
[2009/03/07 01:15:50 | 00,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2009/03/07 01:07:12 | 00,009,728 | ---- | C] () -- C:\Documents and Settings\Evan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/05 00:49:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Evan\Local Settings\Application Data\Adobe
[2009/03/05 00:47:16 | 00,000,000 | ---D | C] -- C:\Program Files\Adobe_Photoshop_CS3
[2009/03/05 00:46:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Evan\Desktop\AdobePhotoshopCS3
[2009/03/03 23:47:24 | 00,000,000 | ---D | C] -- C:\Program Files\Half Life Player
[2009/03/03 23:25:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Evan\My Documents\colour_binds_pro
[2009/03/03 22:13:34 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2009/03/03 20:42:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Evan\My Documents\Downloads
[2009/03/03 20:19:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Evan\Application Data\BitTorrent
[2009/03/03 20:18:55 | 00,000,000 | ---D | C] -- C:\Program Files\DNA
[2009/03/03 20:18:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Evan\Local Settings\Application Data\DNA
[2009/03/03 20:18:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Evan\Application Data\DNA
[2009/03/03 20:18:54 | 00,000,000 | ---D | C] -- C:\Program Files\BitTorrent
[2009/03/03 13:53:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2009/03/03 13:49:22 | 00,000,588 | ---- | C] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2009/03/03 13:49:22 | 00,000,588 | ---- | C] () -- C:\WINDOWS\System32\settings.sfm
[2009/03/03 03:05:41 | 00,043,520 | ---- | C] (http://libusb-win32.sourceforge.net) -- C:\WINDOWS\System32\libusb0.dll
[2009/03/03 03:05:41 | 00,028,672 | ---- | C] (http://libusb-win32.sourceforge.net) -- C:\WINDOWS\System32\drivers\libusb0.sys
[2009/03/03 03:05:41 | 00,000,000 | ---D | C] -- C:\Program Files\LibUSB-Win32
[2009/03/03 03:04:38 | 00,000,000 | ---D | C] -- C:\files
[2009/03/02 22:39:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Evan\My Documents\Incomplete
[2009/02/28 17:26:00 | 03,671,318 | ---- | C] () -- C:\Documents and Settings\Evan\Desktop\Evan Laid To Rest Cover.mp3
[2009/02/25 23:20:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Evan\Desktop\libmp3lame-win-3.98.2
[2009/02/25 22:44:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Evan\Application Data\Audacity
[2009/02/25 22:44:05 | 00,000,000 | ---D | C] -- C:\Program Files\Audacity 1.3 Beta (Unicode)
[2009/02/24 23:02:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Evan\My Documents\TabIt Tabs
[2009/02/24 23:02:46 | 00,000,000 | ---D | C] -- C:\Program Files\TabIt
[2009/02/24 00:34:31 | 05,068,152 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2009/02/24 00:34:31 | 00,033,846 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Music Converter.bmp
[2009/02/24 00:34:31 | 00,013,785 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Music Converter.dat
[2009/02/24 00:34:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Evan\Application Data\AccurateRip
[2009/02/24 00:34:29 | 00,000,000 | ---D | C] -- C:\Program Files\Illustrate
[2009/02/24 00:16:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Evan\Local Settings\Application Data\Identities
[2009/02/23 23:55:12 | 00,221,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmpns.dll
[2009/02/23 21:47:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak
[2009/02/23 21:47:04 | 00,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthport.sys
[2009/02/23 21:47:04 | 00,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2009/02/23 21:46:26 | 00,351,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp3res.dll
[2009/02/23 21:46:03 | 02,136,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2009/02/23 21:46:02 | 02,180,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2009/02/23 21:46:02 | 02,015,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2009/02/23 21:46:01 | 02,057,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2009/02/23 21:45:08 | 00,453,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2009/02/23 21:43:14 | 00,022,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdsvc.exe
[2009/02/23 21:43:14 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2009/02/23 21:43:12 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2009/02/23 20:38:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Evan\Application Data\Viewpoint
[2009/02/23 14:54:01 | 00,208,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\muweb.dll
[2009/02/23 14:54:00 | 00,268,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2009/02/23 14:54:00 | 00,027,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[2009/03/25 07:55:52 | 00,499,200 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Evan\Desktop\OTListIt2.exe
[2009/03/24 22:58:47 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Evan\Desktop\Eamon & Eminem - I Dont Want You Back (Remix).mp3
[2009/03/24 22:19:09 | 04,705,011 | ---- | M] () -- C:\Documents and Settings\Evan\Desktop\Eminem - Without Me (dirty).mp3
[2009/03/24 22:07:07 | 08,202,309 | ---- | M] () -- C:\Documents and Settings\Evan\Desktop\Eminem ft. Dr. Dre and 50 Cent - Crack A Bottle.mp3
[2009/03/24 21:49:39 | 03,084,794 | ---- | M] () -- C:\Documents and Settings\Evan\Desktop\Jay-Z- my president is black remix.mp3
[2009/03/22 19:36:23 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Evan\Desktop\HijackThis.lnk
[2009/03/22 19:36:17 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Evan\Desktop\HJTInstall.exe
[2009/03/19 20:00:48 | 03,671,318 | ---- | M] () -- C:\Documents and Settings\Evan\Desktop\Evan Laid To Rest Cover.mp3
[2009/03/19 18:57:00 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/03/18 21:04:27 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/03/18 21:03:28 | 00,002,337 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2009/03/18 21:03:15 | 00,211,590 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/03/18 21:03:12 | 00,352,185 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2009/03/18 21:03:12 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/03/18 21:03:05 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/03/17 23:48:31 | 00,030,480 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-00000008-00001102-00000008-10221102}.rfx
[2009/03/17 23:48:31 | 00,030,480 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000002-00000000-00000008-00001102-00000008-10221102}.rfx
[2009/03/17 23:48:31 | 00,029,772 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000002-00000000-00000008-00001102-00000008-10221102}.rfx
[2009/03/17 23:48:31 | 00,029,772 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000002-00000000-00000008-00001102-00000008-10221102}.rfx
[2009/03/17 23:48:31 | 00,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-00000008-00001102-00000008-10221102}.rfx
[2009/03/17 23:47:46 | 04,958,588 | ---- | M] () -- C:\WINDOWS\{00000002-00000000-00000008-00001102-00000008-10221102}.CDF
[2009/03/17 23:47:46 | 04,958,588 | ---- | M] () -- C:\WINDOWS\{00000002-00000000-00000008-00001102-00000008-10221102}.BAK
[2009/03/15 03:12:40 | 00,015,896 | ---- | M] () -- C:\Documents and Settings\Evan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/03/15 03:11:49 | 00,101,440 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/03/15 01:26:15 | 00,000,588 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2009/03/15 01:26:15 | 00,000,588 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2009/03/14 01:49:37 | 00,001,800 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk
[2009/03/13 19:27:31 | 00,009,728 | ---- | M] () -- C:\Documents and Settings\Evan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/11 22:06:24 | 00,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2009/03/10 16:15:10 | 00,458,340 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/03/10 16:15:10 | 00,392,626 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/03/10 16:15:10 | 00,058,800 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/03/09 00:38:24 | 20,408,181 | ---- | M] () -- C:\Documents and Settings\Evan\Desktop\AddOns.rar
[2009/03/07 12:56:31 | 06,382,348 | -H-- | M] () -- C:\Documents and Settings\Evan\Local Settings\Application Data\IconCache.db
[2009/03/07 01:59:29 | 00,006,456 | -H-- | M] () -- C:\WINDOWS\System32\gakudiba
[2009/03/07 01:57:01 | 01,805,682 | -HS- | M] () -- C:\WINDOWS\System32\upamiyuj.ini
[2009/02/24 04:02:29 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/02/24 00:34:31 | 00,013,785 | ---- | M] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Music Converter.dat
[2009/02/24 00:34:20 | 00,033,846 | ---- | M] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Music Converter.bmp
[2009/02/24 00:34:15 | 05,068,152 | ---- | M] () -- C:\WINDOWS\System32\SpoonUninstall.exe
< End of report >

EXTRAS

OTListIt Extras logfile created on: 3/25/2009 7:56:27 AM - Run 1
OTListIt2 by OldTimer - Version 2.0.7.1 Folder = C:\Documents and Settings\Evan\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.48 Mb Total Physical Memory | 429.83 Mb Available Physical Memory | 42.04% Memory free
2.40 Gb Paging File | 1.69 Gb Available in Paging File | 70.38% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 199.08 Gb Free Space | 85.49% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: EVAN-280D759949
Current User Name: Evan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger (Microsoft Corporation)
C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard (Microsoft Corporation)
C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader (AOL LLC)
C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM (AOL LLC)
C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger (Microsoft Corporation)
C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) (Microsoft Corporation)
C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour (Apple Inc.)
C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes (Apple Inc.)
C:\Program Files\DNA\btdna.exe:*:Enabled:DNA (BitTorrent, Inc.)
C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent (BitTorrent, Inc.)
C:\WINDOWS\explorer.exe:*:Enabled:Explorer (Microsoft Corporation)
C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire (Lime Wire, LLC)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 11
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Professional
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}" = iTunes
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Acrobat 8 Professional - English, Français, Deutsch" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AIM_6" = AIM 6
"CleanUp!" = CleanUp!
"dBpoweramp Music Converter" = dBpoweramp Music Converter
"Half Life Player_is1" = Half Life Player 1.00
"HijackThis" = HijackThis 2.0.2
"LibUSB-Win32_is1" = LibUSB-Win32-0.1.12.1
"LimeWire" = LimeWire PRO 5.0.11
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Mozilla Firefox (3.0.7)" = Mozilla Firefox (3.0.7)
"NVIDIA Drivers" = NVIDIA Drivers
"RocketDock_is1" = RocketDock 1.3.5
"Steam App 10" = Counter-Strike
"Steam App 13210" = Unreal Tournament 3
"Steam App 240" = Counter-Strike: Source
"Steam App 70" = Half-Life
"TabIt for Windows_is1" = TabIt version 2.03
"ViewpointMediaPlayer" = Viewpoint Media Player
"WinRAR archiver" = WinRAR archiver
"ZoneAlarm Pro" = ZoneAlarm Pro

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/22/2009 4:04:57 AM | Computer Name = EVAN-280D759949 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting
module msgupdate.dll, version 1.0.0.1, fault address 0x0001c614.

Error - 3/22/2009 5:04:57 AM | Computer Name = EVAN-280D759949 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting
module msgupdate.dll, version 1.0.0.1, fault address 0x0001c614.

Error - 3/22/2009 6:04:57 AM | Computer Name = EVAN-280D759949 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting
module msgupdate.dll, version 1.0.0.1, fault address 0x0001c614.

Error - 3/22/2009 7:04:57 AM | Computer Name = EVAN-280D759949 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting
module msgupdate.dll, version 1.0.0.1, fault address 0x0001c614.

Error - 3/22/2009 8:04:58 AM | Computer Name = EVAN-280D759949 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting
module msgupdate.dll, version 1.0.0.1, fault address 0x0001c614.

Error - 3/22/2009 9:04:58 AM | Computer Name = EVAN-280D759949 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting
module msgupdate.dll, version 1.0.0.1, fault address 0x0001c614.

Error - 3/22/2009 10:04:58 AM | Computer Name = EVAN-280D759949 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting
module msgupdate.dll, version 1.0.0.1, fault address 0x0001c614.

Error - 3/22/2009 11:04:58 AM | Computer Name = EVAN-280D759949 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting
module msgupdate.dll, version 1.0.0.1, fault address 0x0001c614.

Error - 3/22/2009 12:04:59 PM | Computer Name = EVAN-280D759949 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting
module msgupdate.dll, version 1.0.0.1, fault address 0x0001c614.

Error - 3/22/2009 12:05:30 PM | Computer Name = EVAN-280D759949 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting
module msgupdate.dll, version 1.0.0.1, fault address 0x0001c614.

[ System Events ]
Error - 3/19/2009 4:02:25 PM | Computer Name = EVAN-280D759949 | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last
Error was The referenced assembly is not installed on your system.

Error - 3/19/2009 4:02:25 PM | Computer Name = EVAN-280D759949 | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC. Reference
error message: The referenced assembly is not installed on your system. .

Error - 3/19/2009 4:02:25 PM | Computer Name = EVAN-280D759949 | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_39049d00\MFC80U.DLL.
Reference
error message: The operation completed successfully. .

Error - 3/19/2009 4:02:25 PM | Computer Name = EVAN-280D759949 | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last
Error was The referenced assembly is not installed on your system.

Error - 3/19/2009 4:02:25 PM | Computer Name = EVAN-280D759949 | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC. Reference
error message: The referenced assembly is not installed on your system. .

Error - 3/19/2009 4:02:25 PM | Computer Name = EVAN-280D759949 | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_39049d00\MFC80U.DLL.
Reference
error message: The operation completed successfully. .

Error - 3/19/2009 8:01:23 PM | Computer Name = EVAN-280D759949 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service usnjsvc with
arguments "" in order to run the server: {98AC5C33-EE18-4EC2-BE25-3B16EE8F75F1}

Error - 3/19/2009 8:01:33 PM | Computer Name = EVAN-280D759949 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service usnjsvc with
arguments "" in order to run the server: {98AC5C33-EE18-4EC2-BE25-3B16EE8F75F1}

Error - 3/19/2009 8:01:44 PM | Computer Name = EVAN-280D759949 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service usnjsvc with
arguments "" in order to run the server: {98AC5C33-EE18-4EC2-BE25-3B16EE8F75F1}

Error - 3/19/2009 8:01:54 PM | Computer Name = EVAN-280D759949 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service usnjsvc with
arguments "" in order to run the server: {98AC5C33-EE18-4EC2-BE25-3B16EE8F75F1}

< End of report >

#4
Jimmy2012

Posted 25 March 2009 - 10:54 PM

Trusted Helper

Retired Staff
6,238 posts

Hello kws_divine,

Your logs show signs of a keylogger.

If this computer has been used for on-line banking, call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.

From a clean computer, change ALL your on-line passwords.

Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

#5
kws_divine

Posted 26 March 2009 - 06:39 PM

Member

Topic Starter
Member
224 posts

ComboFix 09-03-26.01 - Evan 2009-03-26 20:32:44.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.396 [GMT -4:00]
Running from: c:\documents and settings\Evan\Desktop\ComboFix.exe
FW: ZoneAlarm Pro Firewall *disabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Evan\Application Data\twain\Twain.exe
c:\documents and settings\Evan\Local Settings\Temporary Internet Files\bestwiner.stt
c:\documents and settings\Evan\Local Settings\Temporary Internet Files\fbk.sts
c:\windows\system32\upamiyuj.ini

.
((((((((((((((((((((((((( Files Created from 2009-02-27 to 2009-03-27 )))))))))))))))))))))))))))))))
.

2009-03-22 19:36 . 2009-03-22 19:36 <DIR> d-------- c:\program files\Trend Micro
2009-03-17 23:34 . 2004-08-04 00:56 159,232 --a------ c:\windows\system32\ptpusd.dll
2009-03-17 23:34 . 2004-08-03 22:58 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2009-03-17 23:34 . 2004-08-03 22:58 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys
2009-03-17 23:34 . 2001-08-17 22:36 5,632 --a------ c:\windows\system32\ptpusb.dll
2009-03-14 01:52 . 2009-03-14 01:52 <DIR> d-------- c:\program files\Common Files\Macrovision Shared
2009-03-14 01:52 . 2009-03-14 01:52 <DIR> d-------- c:\documents and settings\All Users\Application Data\FLEXnet
2009-03-08 14:21 . 2009-03-08 14:21 <DIR> d-------- c:\program files\CleanUp!
2009-03-07 04:25 . 2009-03-07 04:26 <DIR> d-------- c:\windows\iwuq
2009-03-07 04:25 . 2009-03-11 22:05 <DIR> d-------- c:\program files\Common Files\iwuq
2009-03-07 04:10 . 2009-03-26 20:33 <DIR> d-------- c:\documents and settings\Evan\Application Data\Twain
2009-03-07 04:05 . 2009-03-07 12:50 <DIR> d-------- c:\program files\WWShow
2009-03-07 04:00 . 2009-03-07 12:50 <DIR> d-------- c:\program files\Jcore
2009-03-07 01:48 . 2009-03-07 01:48 <DIR> d-------- c:\windows\system32\km5
2009-03-07 01:48 . 2009-03-07 01:48 <DIR> d-------- c:\windows\system32\Et
2009-03-07 01:48 . 2009-03-07 01:48 <DIR> d-------- c:\windows\system32\bh3
2009-03-07 01:48 . 2009-03-07 02:01 <DIR> d-------- c:\windows\system32\aNI02
2009-03-07 01:48 . 2009-03-08 14:22 <DIR> d-------- C:\Temp
2009-03-07 01:48 . 2009-03-07 01:48 <DIR> d-------- c:\documents and settings\Evan\Application Data\nidle
2009-03-07 01:48 . 2009-03-07 01:48 <DIR> d-------- c:\documents and settings\Evan\Application Data\Messenger
2009-03-07 01:15 . 2009-03-07 01:15 <DIR> d-------- c:\windows\Sun
2009-03-05 00:47 . 2009-03-11 22:05 <DIR> d-------- c:\program files\Adobe_Photoshop_CS3
2009-03-03 23:47 . 2009-03-03 23:47 <DIR> d-------- c:\program files\Half Life Player
2009-03-03 22:13 . 2009-03-14 01:52 <DIR> d-------- c:\program files\Common Files\Adobe
2009-03-03 20:19 . 2009-03-09 19:00 <DIR> d-------- c:\documents and settings\Evan\Application Data\BitTorrent
2009-03-03 20:18 . 2009-03-26 20:35 <DIR> d-------- c:\program files\DNA
2009-03-03 20:18 . 2009-03-03 20:18 <DIR> d-------- c:\program files\BitTorrent
2009-03-03 20:18 . 2009-03-26 20:35 <DIR> d-------- c:\documents and settings\Evan\Application Data\DNA
2009-03-03 13:49 . 2009-03-15 01:26 588 --a------ c:\windows\system32\settingsbkup.sfm
2009-03-03 13:49 . 2009-03-15 01:26 588 --a------ c:\windows\system32\settings.sfm
2009-03-03 03:05 . 2009-03-03 03:05 <DIR> d-------- c:\program files\LibUSB-Win32
2009-03-03 03:05 . 2007-03-20 12:33 43,520 --a------ c:\windows\system32\libusb0.dll
2009-03-03 03:05 . 2007-03-20 12:33 28,672 --a------ c:\windows\system32\drivers\libusb0.sys
2009-03-03 03:04 . 2009-02-05 20:23 <DIR> d-------- C:\files

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-27 00:35 --------- d-----w c:\program files\Steam
2009-03-25 11:42 --------- d-----w c:\documents and settings\Evan\Application Data\LimeWire
2009-03-19 01:02 1,574,912 ----a-w c:\windows\Internet Logs\xDB2.tmp
2009-03-10 20:16 --------- d-----w c:\program files\SUPERAntiSpyware
2009-03-03 06:54 --------- d-----w c:\documents and settings\Evan\Application Data\Apple Computer
2009-03-01 14:53 --------- d-----w c:\documents and settings\Evan\Application Data\Audacity
2009-02-26 22:41 1,498,112 ----a-w c:\windows\Internet Logs\xDB1.tmp
2009-02-25 03:02 --------- d-----w c:\program files\TabIt
2009-02-24 04:34 --------- d-----w c:\program files\Illustrate
2009-02-24 04:34 --------- d-----w c:\documents and settings\Evan\Application Data\AccurateRip
2009-02-24 00:38 --------- d-----w c:\documents and settings\Evan\Application Data\Viewpoint
2009-02-23 03:20 --------- d-----w c:\program files\Project64 1.6
2009-02-23 03:18 12,531,125 ----a-w C:\Super Smash Bros. (U) [!].zip
2009-02-23 03:14 --------- d-----w c:\program files\QuickTime
2009-02-23 03:14 --------- d-----w c:\program files\iTunes
2009-02-23 03:14 --------- d-----w c:\program files\iPod
2009-02-23 03:14 --------- d-----w c:\program files\Common Files\Apple
2009-02-23 03:14 --------- d-----w c:\program files\Bonjour
2009-02-23 03:14 --------- d-----w c:\program files\Apple Software Update
2009-02-23 03:14 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2009-02-23 03:14 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-02-23 03:13 --------- d-----w c:\documents and settings\All Users\Application Data\Apple
2009-02-23 01:12 --------- d-----w c:\program files\LimeWire
2009-02-23 01:07 --------- d-----w c:\program files\Java
2009-02-23 00:06 --------- d-----w c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-02-23 00:04 --------- d-----w c:\program files\Windows Live
2009-02-23 00:04 --------- d-----w c:\program files\Messenger Plus! Live
2009-02-22 23:58 --------- d-----w c:\program files\Zone Labs
2009-02-22 23:43 --------- d-----w c:\program files\RocketDock
2009-02-22 23:33 --------- d-----w c:\program files\Windows Live SkyDrive
2009-02-22 23:29 --------- d-----w c:\program files\Common Files\Windows Live
2009-02-22 23:25 --------- d-----w c:\program files\Viewpoint
2009-02-22 23:25 --------- d-----w c:\program files\Common Files\AOL
2009-02-22 23:25 --------- d-----w c:\program files\AIM6
2009-02-22 23:25 --------- d-----w c:\documents and settings\Evan\Application Data\acccore
2009-02-22 23:25 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2009-02-22 23:25 --------- d-----w c:\documents and settings\All Users\Application Data\AOL OCP
2009-02-22 23:25 --------- d-----w c:\documents and settings\All Users\Application Data\AOL
2009-02-22 23:25 --------- d-----w c:\documents and settings\All Users\Application Data\acccore
2009-02-22 23:20 --------- d-----w c:\documents and settings\Evan\Application Data\SUPERAntiSpyware.com
2009-02-22 23:20 --------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-02-22 23:19 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-02-22 22:53 --------- d-----w c:\documents and settings\Evan\Application Data\Creative
2009-02-22 22:33 --------- d-----w c:\program files\microsoft frontpage
2009-02-11 16:30 --------- d-----w c:\program files\Audacity 1.3 Beta (Unicode)
2009-02-09 18:18 6,307,328 ----a-w c:\windows\system32\drivers\nv4_mini.sys
2009-03-07 08:16 211,456 ----a-w c:\program files\mozilla firefox\components\srff.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5948A52A-BA3A-49A8-BCAF-D578502BDA9D}]
2009-02-19 19:55 292352 --a------ c:\documents and settings\Evan\Application Data\Messenger\Drivers\MsgUpdate.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-03-08 1830128]
"Steam"="c:\program files\steam\steam.exe" [2009-02-22 1410296]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-03-03 321344]
"nidle"="c:\documents and settings\Evan\Application Data\nidle\nidle.exe" [2009-03-07 56832]
"IgfxSys"="c:\documents and settings\Evan\Application Data\Messenger\Drivers\IgfxSys.dll" [2009-03-10 173568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-09 13680640]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-09 86016]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-22 136600]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 620152]
"nwiz"="nwiz.exe" [2009-02-09 c:\windows\system32\nwiz.exe]
"CTHelper"="CTHELPER.EXE" [2007-04-09 c:\windows\system32\CtHelper.exe]
"CTxfiHlp"="CTXFIHLP.EXE" [2007-04-09 c:\windows\system32\Ctxfihlp.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe [2009-03-14 295606]
Adobe Acrobat Synchronizer.lnk - c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 12:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-01-15 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-01-15 55024]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2009-02-22 24652]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [2009-03-03 28672]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-01-15 7408]
.
Contents of the 'Scheduled Tasks' folder

2009-03-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 13:34]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Aim6 - (no file)

.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
FF - ProfilePath - c:\documents and settings\Evan\Application Data\Mozilla\Firefox\Profiles\46paeel1.default\
FF - component: c:\program files\Mozilla Firefox\components\srff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-26 20:35:47
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?
CTxfiHlp = CTXFIHLP.EXE?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(564)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\wscntfy.exe
c:\program files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\windows\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2009-03-26 20:38:05 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-27 00:38:03

Pre-Run: 213,691,375,616 bytes free
Post-Run: 213,680,816,128 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

226 --- E O F --- 2009-03-03 17:54:42

#6
Jimmy2012

Posted 26 March 2009 - 11:14 PM

Trusted Helper

Retired Staff
6,238 posts

Hello kws_divine,

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\documents and settings\Evan\Application Data\Messenger\Drivers\IgfxSys.dll

Folder::
c:\documents and settings\Evan\Application Data\Twain
c:\windows\system32\km5
c:\windows\system32\Et
c:\windows\system32\bh3
c:\windows\system32\aNI02
c:\documents and settings\Evan\Application Data\nidle

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nidle"=-
"IgfxSys"=-

DirLook::
c:\windows\iwuq
c:\program files\Common Files\iwuq

SysRst::

Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt. Please post the following report into your next reply:

Combofix.txt .

#7
kws_divine

Posted 27 March 2009 - 06:56 PM

Member

Topic Starter
Member
224 posts

ComboFix 09-03-26.03 - Evan 2009-03-27 20:44:19.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.661 [GMT -4:00]
Running from: c:\documents and settings\Evan\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Evan\Desktop\CFScript.txt.txt
FW: ZoneAlarm Pro Firewall *disabled*
* Created a new restore point

FILE ::
c:\documents and settings\Evan\Application Data\Messenger\Drivers\IgfxSys.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Evan\Application Data\Messenger\Drivers\IgfxSys.dll
c:\documents and settings\Evan\Application Data\nidle
c:\documents and settings\Evan\Application Data\nidle\nidle.exe
c:\documents and settings\Evan\Application Data\Twain
c:\documents and settings\Evan\Local Settings\Temporary Internet Files\fbk.sts
c:\windows\system32\aNI02
c:\windows\system32\bh3
c:\windows\system32\bh3\GT22B4E.exe
c:\windows\system32\Et
c:\windows\system32\Et\eupf091.exe
c:\windows\system32\km5

.
((((((((((((((((((((((((( Files Created from 2009-02-28 to 2009-03-28 )))))))))))))))))))))))))))))))
.

2009-03-22 19:36 . 2009-03-22 19:36 <DIR> d-------- c:\program files\Trend Micro
2009-03-17 23:34 . 2004-08-04 00:56 159,232 --a------ c:\windows\system32\ptpusd.dll
2009-03-17 23:34 . 2004-08-03 22:58 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2009-03-17 23:34 . 2004-08-03 22:58 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys
2009-03-17 23:34 . 2001-08-17 22:36 5,632 --a------ c:\windows\system32\ptpusb.dll
2009-03-14 01:52 . 2009-03-14 01:52 <DIR> d-------- c:\program files\Common Files\Macrovision Shared
2009-03-14 01:52 . 2009-03-14 01:52 <DIR> d-------- c:\documents and settings\All Users\Application Data\FLEXnet
2009-03-08 14:21 . 2009-03-08 14:21 <DIR> d-------- c:\program files\CleanUp!
2009-03-07 04:25 . 2009-03-07 04:26 <DIR> d-------- c:\windows\iwuq
2009-03-07 04:25 . 2009-03-11 22:05 <DIR> d-------- c:\program files\Common Files\iwuq
2009-03-07 04:05 . 2009-03-07 12:50 <DIR> d-------- c:\program files\WWShow
2009-03-07 04:00 . 2009-03-07 12:50 <DIR> d-------- c:\program files\Jcore
2009-03-07 01:48 . 2009-03-08 14:22 <DIR> d-------- C:\Temp
2009-03-07 01:48 . 2009-03-07 01:48 <DIR> d-------- c:\documents and settings\Evan\Application Data\Messenger
2009-03-07 01:15 . 2009-03-07 01:15 <DIR> d-------- c:\windows\Sun
2009-03-05 00:47 . 2009-03-11 22:05 <DIR> d-------- c:\program files\Adobe_Photoshop_CS3
2009-03-03 23:47 . 2009-03-03 23:47 <DIR> d-------- c:\program files\Half Life Player
2009-03-03 22:13 . 2009-03-14 01:52 <DIR> d-------- c:\program files\Common Files\Adobe
2009-03-03 20:19 . 2009-03-09 19:00 <DIR> d-------- c:\documents and settings\Evan\Application Data\BitTorrent
2009-03-03 20:18 . 2009-03-27 07:54 <DIR> d-------- c:\program files\DNA
2009-03-03 20:18 . 2009-03-03 20:18 <DIR> d-------- c:\program files\BitTorrent
2009-03-03 20:18 . 2009-03-27 20:36 <DIR> d-------- c:\documents and settings\Evan\Application Data\DNA
2009-03-03 13:49 . 2009-03-15 01:26 588 --a------ c:\windows\system32\settingsbkup.sfm
2009-03-03 13:49 . 2009-03-15 01:26 588 --a------ c:\windows\system32\settings.sfm
2009-03-03 03:05 . 2009-03-03 03:05 <DIR> d-------- c:\program files\LibUSB-Win32
2009-03-03 03:05 . 2007-03-20 12:33 43,520 --a------ c:\windows\system32\libusb0.dll
2009-03-03 03:05 . 2007-03-20 12:33 28,672 --a------ c:\windows\system32\drivers\libusb0.sys
2009-03-03 03:04 . 2009-02-05 20:23 <DIR> d-------- C:\files

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-27 11:55 --------- d-----w c:\program files\Steam
2009-03-27 00:41 --------- d-----w c:\program files\Java
2009-03-25 11:42 --------- d-----w c:\documents and settings\Evan\Application Data\LimeWire
2009-03-19 01:02 1,574,912 ----a-w c:\windows\Internet Logs\xDB2.tmp
2009-03-10 20:16 --------- d-----w c:\program files\SUPERAntiSpyware
2009-03-09 09:19 410,984 ----a-w c:\windows\system32\deploytk.dll
2009-03-03 06:54 --------- d-----w c:\documents and settings\Evan\Application Data\Apple Computer
2009-03-01 14:53 --------- d-----w c:\documents and settings\Evan\Application Data\Audacity
2009-02-26 22:41 1,498,112 ----a-w c:\windows\Internet Logs\xDB1.tmp
2009-02-25 03:02 --------- d-----w c:\program files\TabIt
2009-02-24 04:34 5,068,152 ----a-w c:\windows\system32\SpoonUninstall.exe
2009-02-24 04:34 --------- d-----w c:\program files\Illustrate
2009-02-24 04:34 --------- d-----w c:\documents and settings\Evan\Application Data\AccurateRip
2009-02-24 00:38 --------- d-----w c:\documents and settings\Evan\Application Data\Viewpoint
2009-02-23 03:20 --------- d-----w c:\program files\Project64 1.6
2009-02-23 03:18 12,531,125 ----a-w C:\Super Smash Bros. (U) [!].zip
2009-02-23 03:14 --------- d-----w c:\program files\QuickTime
2009-02-23 03:14 --------- d-----w c:\program files\iTunes
2009-02-23 03:14 --------- d-----w c:\program files\iPod
2009-02-23 03:14 --------- d-----w c:\program files\Common Files\Apple
2009-02-23 03:14 --------- d-----w c:\program files\Bonjour
2009-02-23 03:14 --------- d-----w c:\program files\Apple Software Update
2009-02-23 03:14 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2009-02-23 03:14 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-02-23 03:13 --------- d-----w c:\documents and settings\All Users\Application Data\Apple
2009-02-23 01:12 --------- d-----w c:\program files\LimeWire
2009-02-23 00:06 --------- d-----w c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-02-23 00:04 --------- d-----w c:\program files\Windows Live
2009-02-23 00:04 --------- d-----w c:\program files\Messenger Plus! Live
2009-02-22 23:58 --------- d-----w c:\program files\Zone Labs
2009-02-22 23:43 --------- d-----w c:\program files\RocketDock
2009-02-22 23:33 --------- d-----w c:\program files\Windows Live SkyDrive
2009-02-22 23:29 --------- d-----w c:\program files\Common Files\Windows Live
2009-02-22 23:25 --------- d-----w c:\program files\Viewpoint
2009-02-22 23:25 --------- d-----w c:\program files\Common Files\AOL
2009-02-22 23:25 --------- d-----w c:\program files\AIM6
2009-02-22 23:25 --------- d-----w c:\documents and settings\Evan\Application Data\acccore
2009-02-22 23:25 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2009-02-22 23:25 --------- d-----w c:\documents and settings\All Users\Application Data\AOL OCP
2009-02-22 23:25 --------- d-----w c:\documents and settings\All Users\Application Data\AOL
2009-02-22 23:25 --------- d-----w c:\documents and settings\All Users\Application Data\acccore
2009-02-22 23:20 --------- d-----w c:\documents and settings\Evan\Application Data\SUPERAntiSpyware.com
2009-02-22 23:20 --------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-02-22 23:19 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-02-22 22:53 409,600 ----a-w c:\windows\system32\wrap_oal.dll
2009-02-22 22:53 114,688 ----a-w c:\windows\system32\OpenAL32.dll
2009-02-22 22:53 --------- d-----w c:\documents and settings\Evan\Application Data\Creative
2009-02-22 22:33 --------- d-----w c:\program files\microsoft frontpage
2009-02-11 16:30 --------- d-----w c:\program files\Audacity 1.3 Beta (Unicode)
2009-02-09 10:19 1,846,272 ----a-w c:\windows\system32\win32k.sys
2009-02-05 15:54 453,152 ----a-w c:\windows\system32\NVUNINST.EXE
2009-03-07 08:16 211,456 ----a-w c:\program files\mozilla firefox\components\srff.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of c:\program files\Common Files\iwuq ----

2009-03-07 04:27 0 --a------ c:\program files\Common Files\iwuq\iwuql.lck
2009-03-07 04:26 0 --a------ c:\program files\Common Files\iwuq\iwuqm.lck
2009-03-07 04:26 0 --a------ c:\program files\Common Files\iwuq\iwuqa.lck
2004-04-19 22:26 4933375 --a------ c:\program files\Common Files\iwuq\iwuqd\class-barrel
2004-04-19 22:26 1234193 --a------ c:\program files\Common Files\iwuq\iwuqd\vocabulary

---- Directory of c:\windows\iwuq ----

2009-03-07 04:28 4419 --a------ c:\windows\iwuq\iwuq.dat
2002-07-26 18:02 153088 --a------ c:\windows\iwuq\wu

((((((((((((((((((((((((((((( SnapShot@2009-03-26_20.37.35.59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-02-09 10:20:05 1,847,424 ----a-w c:\windows\$hf_mig$\KB958690\SP2QFE\win32k.sys
+ 2009-02-09 11:13:27 1,846,784 ----a-w c:\windows\$hf_mig$\KB958690\SP3GDR\win32k.sys
+ 2009-02-09 11:08:53 1,847,552 ----a-w c:\windows\$hf_mig$\KB958690\SP3QFE\win32k.sys
+ 2008-07-09 07:38:24 17,272 ----a-w c:\windows\$hf_mig$\KB958690\spmsg.dll
+ 2008-07-09 07:38:25 231,288 ----a-w c:\windows\$hf_mig$\KB958690\spuninst.exe
+ 2008-07-09 07:38:24 26,488 ----a-w c:\windows\$hf_mig$\KB958690\update\spcustom.dll
+ 2008-07-09 07:38:29 755,576 ----a-w c:\windows\$hf_mig$\KB958690\update\update.exe
+ 2008-07-09 07:38:37 382,840 ----a-w c:\windows\$hf_mig$\KB958690\update\updspapi.dll
+ 2008-12-05 06:41:26 144,896 ----a-w c:\windows\$hf_mig$\KB960225\SP2QFE\schannel.dll
+ 2008-12-05 06:54:55 144,896 ----a-w c:\windows\$hf_mig$\KB960225\SP3GDR\schannel.dll
+ 2008-12-05 06:58:08 144,896 ----a-w c:\windows\$hf_mig$\KB960225\SP3QFE\schannel.dll
+ 2007-11-30 11:18:51 17,272 ----a-w c:\windows\$hf_mig$\KB960225\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w c:\windows\$hf_mig$\KB960225\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w c:\windows\$hf_mig$\KB960225\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w c:\windows\$hf_mig$\KB960225\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB960225\update\updspapi.dll
- 2004-08-04 12:00:00 144,896 -c--a-w c:\windows\system32\dllcache\schannel.dll
+ 2008-12-05 07:12:45 144,896 -c--a-w c:\windows\system32\dllcache\schannel.dll
- 2008-09-15 11:57:41 1,846,016 -c--a-w c:\windows\system32\dllcache\win32k.sys
+ 2009-02-09 10:19:34 1,846,272 -c--a-w c:\windows\system32\dllcache\win32k.sys
- 2009-03-15 07:11:49 101,440 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2009-03-27 07:07:08 101,440 ----a-w c:\windows\system32\FNTCACHE.DAT
- 2009-02-23 01:07:46 144,792 ----a-w c:\windows\system32\java.exe
+ 2009-03-09 09:19:11 144,792 ----a-w c:\windows\system32\java.exe
- 2009-02-23 01:07:46 144,792 ----a-w c:\windows\system32\javaw.exe
+ 2009-03-09 09:19:13 144,792 ----a-w c:\windows\system32\javaw.exe
- 2009-02-23 01:07:46 148,888 ----a-w c:\windows\system32\javaws.exe
+ 2009-03-09 09:19:13 148,888 ----a-w c:\windows\system32\javaws.exe
+ 2009-02-25 16:55:00 24,768,960 ----a-w c:\windows\system32\MRT.exe
- 2004-08-04 12:00:00 144,896 ----a-w c:\windows\system32\schannel.dll
+ 2008-12-05 07:12:45 144,896 ----a-w c:\windows\system32\schannel.dll
- 2008-07-09 07:38:24 17,272 ------w c:\windows\system32\spmsg.dll
+ 2007-11-30 11:18:51 17,272 ------w c:\windows\system32\spmsg.dll
- 2009-03-25 16:11:54 11,497,122 ----a-w c:\windows\system32\ZoneLabs\spyware.dat
+ 2009-03-27 16:11:56 11,588,231 ----a-w c:\windows\system32\ZoneLabs\spyware.dat
- 2009-02-23 01:11:56 10,696,658 ----a-w c:\windows\system32\ZoneLabs\spyware0.dat
+ 2009-03-27 11:55:23 11,576,520 ----a-w c:\windows\system32\ZoneLabs\spyware0.dat
+ 2009-03-27 07:07:25 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_654.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((((( System Restore )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\753e898aa686fe612cad5eab8e27\msi.dll
2005-05-04 15:45 2890240 {D6FF1591-2905-465D-81DA-6555B0413920}\RP2\A0000118.dll

c:\753e898aa686fe612cad5eab8e27\msiexec.exe
2005-05-04 15:45 78848 {D6FF1591-2905-465D-81DA-6555B0413920}\RP2\A0000114.exe

c:\753e898aa686fe612cad5eab8e27\msihnd.dll
2005-05-04 15:45 271360 {D6FF1591-2905-465D-81DA-6555B0413920}\RP2\A0000117.dll

c:\753e898aa686fe612cad5eab8e27\msimsg.dll
2005-05-04 15:45 884736 {D6FF1591-2905-465D-81DA-6555B0413920}\RP2\A0000116.dll

c:\753e898aa686fe612cad5eab8e27\msisip.dll
2005-05-04 15:45 15360 {D6FF1591-2905-465D-81DA-6555B0413920}\RP2\A0000115.dll

c:\753e898aa686fe612cad5eab8e27\spmsg.dll
2005-05-04 15:45 13536 {D6FF1591-2905-465D-81DA-6555B0413920}\RP2\A0000107.dll

c:\753e898aa686fe612cad5eab8e27\spuninst.exe
2005-05-04 15:45 209632 {D6FF1591-2905-465D-81DA-6555B0413920}\RP2\A0000105.exe

c:\753e898aa686fe612cad5eab8e27\UPDATE\spcustom.dll
2005-05-04 15:45 22240 {D6FF1591-2905-465D-81DA-6555B0413920}\RP2\A0000108.dll

c:\753e898aa686fe612cad5eab8e27\UPDATE\update.exe
2005-05-04 15:45 718048 {D6FF1591-2905-465D-81DA-6555B0413920}\RP2\A0000104.exe

c:\753e898aa686fe612cad5eab8e27\UPDATE\updspapi.dll
2005-05-04 15:45 371936 {D6FF1591-2905-465D-81DA-6555B0413920}\RP2\A0000106.dll

c:\bin\jpiexp.dll
2009-02-22 21:07 110592 {D6FF1591-2905-465D-81DA-6555B0413920}\RP41\A0007256.dll

2009-03-27 19:55 2234 c:\documents and settings\Evan\Application Data\Messenger\Drivers\conf.sys
2009-03-07 01:57 2234 {D6FF1591-2905-465D-81DA-6555B0413920}\RP20\A0004183.sys
2009-03-27 02:36 2234 {D6FF1591-2905-465D-81DA-6555B0413920}\RP42\A0007429.sys

c:\documents and settings\Evan\Application Data\Messenger\Drivers\IgfxSys.dll
2009-02-19 19:59 173056 {D6FF1591-2905-465D-81DA-6555B0413920}\RP26\A0005432.dll
2009-03-10 09:49 173568 {D6FF1591-2905-465D-81DA-6555B0413920}\RP43\A0007453.dll

2009-03-10 09:49 239616 c:\documents and settings\Evan\Application Data\Messenger\Drivers\phuninst.dll
2009-02-19 19:59 239616 {D6FF1591-2905-465D-81DA-6555B0413920}\RP26\A0005434.dll

2009-03-10 16:07 13 c:\documents and settings\Evan\Application Data\Messenger\Drivers\pub.dll
2009-03-04 18:41 7 {D6FF1591-2905-465D-81DA-6555B0413920}\RP26\A0005433.dll

2009-03-10 09:49 292352 c:\documents and settings\Evan\Application Data\Messenger\Sys\mu.dll
2009-02-19 19:55 292352 {D6FF1591-2905-465D-81DA-6555B0413920}\RP26\A0005431.dll

c:\documents and settings\Evan\Application Data\Microsoft\Windows\eowkekw.exe
2009-03-07 04:15 35328 {D6FF1591-2905-465D-81DA-6555B0413920}\RP20\A0004187.exe

c:\documents and settings\Evan\Application Data\nidle\nidle.exe
2009-03-07 01:48 56832 {D6FF1591-2905-465D-81DA-6555B0413920}\RP43\A0007454.exe

c:\documents and settings\Evan\Application Data\SpeedRunner\SpeedRunner.exe
2009-03-07 04:15 225280 {D6FF1591-2905-465D-81DA-6555B0413920}\RP20\A0004188.exe

c:\documents and settings\Evan\Application Data\Twain\Twain.exe
2009-03-07 04:10 61952 {D6FF1591-2905-465D-81DA-6555B0413920}\RP40\A0007130.exe

c:\documents and settings\Evan\Desktop\AdobePhotoshopCS3\AdobePhotoshopCS3\Adobe_Photoshop_CS3\msvcp71.dll
{D6FF1591-2905-465D-81DA-6555B0413920}\RP20\A0003145.dll

c:\documents and settings\Evan\Desktop\AdobePhotoshopCS3\AdobePhotoshopCS3\Adobe_Photoshop_CS3\msvcr71.dll
{D6FF1591-2905-465D-81DA-6555B0413920}\RP20\A0003146.dll

c:\documents and settings\Evan\Desktop\AdobePhotoshopCS3\AdobePhotoshopCS3\Adobe_Photoshop_CS3\msvcr80.dll
{D6FF1591-2905-465D-81DA-6555B0413920}\RP20\A0003147.dll

c:\documents and settings\Evan\Desktop\AdobePhotoshopCS3\AdobePhotoshopCS3\Adobe_Photoshop_CS3\Shfolder.dll
{D6FF1591-2905-465D-81DA-6555B0413920}\RP20\A0003148.dll

c:\documents and settings\Evan\Desktop\ATF_Cleaner.exe
2009-03-19 07:38 50688 {D6FF1591-2905-465D-81DA-6555B0413920}\RP41\A0007402.exe

c:\documents and settings\Evan\Desktop\OTListIt2.exe
2009-03-25 07:55 499200 {D6FF1591-2905-465D-81DA-6555B0413920}\RP41\A0007403.exe

c:\documents and settings\Evan\Desktop\SUPERAntiSpyware_4.25.1012_-_Fina_HERM_www.xtremew.orgl\SUPERAntiSpyware 4.25.1012 - Final\Keygen-nGen\Keygen.exe
{D6FF1591-2905-465D-81DA-6555B0413920}\RP4\A0000242.exe

c:\documents and settings\Evan\Desktop\SUPERAntiSpyware_4.25.1012_-_Fina_HERM_www.xtremew.orgl\SUPERAntiSpyware 4.25.1012 - Final\SUPERAntiSpywarePro.exe
2009-01-20 08:42 5903392 {D6FF1591-2905-465D-81DA-6555B0413920}\RP4\A0000244.exe

C:\jsoundds.dll
2009-02-22 21:07 18432 {D6FF1591-2905-465D-81DA-6555B0413920}\RP41\A0007264.dll

c:\program files\Adobe_Photoshop_CS3\msvcp71.dll
2007-03-21 12:52 298496 {D6FF1591-2905-465D-81DA-6555B0413920}\RP25\A0005385.dll

c:\program files\Adobe_Photoshop_CS3\msvcr71.dll
2007-03-21 12:52 155648 {D6FF1591-2905-465D-81DA-6555B0413920}\RP25\A0005386.dll

c:\program files\Adobe_Photoshop_CS3\msvcr80.dll
2007-03-21 12:52 242688 {D6FF1591-2905-465D-81DA-6555B0413920}\RP25\A0005387.dll

c:\program files\Adobe_Photoshop_CS3\Shfolder.dll
2007-03-21 12:53 11776 {D6FF1591-2905-465D-81DA-6555B0413920}\RP25\A0005388.dll

c:\program files\Common Files\iwuq\iwuqa.exe
2006-07-19 16:01 17408 {D6FF1591-2905-465D-81DA-6555B0413920}\RP25\A0005383.exe

c:\program files\Common Files\iwuq\iwuqd\iwuqc.dll
2004-02-18 07:26 46080 {D6FF1591-2905-465D-81DA-6555B0413920}\RP25\A0005389.dll

c:\program files\Common Files\iwuq\iwuql.exe
2006-07-19 16:05 16384 {D6FF1591-2905-465D-81DA-6555B0413920}\RP25\A0005384.exe

c:\program files\Common Files\iwuq\iwuqp.exe
2006-07-19 16:16 9216 {D6FF1591-2905-465D-81DA-6555B0413920}\RP25\A0005390.exe

2008-05-01 10:30 331776 c:\program files\Common Files\System\msadc\msadce.dll
2004-08-04 08:00 331776 {D6FF1591-2905-465D-81DA-6555B0413920}\RP9\A0000503.dll

2008-10-15 05:45 18432 c:\program files\Internet Explorer\iedw.exe
2004-08-04 08:00 18432 {D6FF1591-2905-465D-81DA-6555B0413920}\RP9\A0000573.exe

2009-03-09 05:18 1208320 c:\program files\Java\jre6\bin\awt.dll
2009-02-22 21:07 1130496 {D6FF1591-2905-465D-81DA-6555B0413920}\RP41\A0007220.dll

2009-03-09 05:18 114688 c:\program files\Java\jre6\bin\axbridge.dll
2009-02-22 21:07 110592 {D6FF1591-2905-465D-81DA-6555B0413920}\RP41\A0007221.dll

2009-03-09 05:18 2359296 c:\program files\Java\jre6\bin\client\jvm.dll
2009-02-22 21:07 2359296 {D6FF1591-2905-465D-81DA-6555B0413920}\RP41\A0007268.dll

2009-03-09 05:18 192512 c:\program files\Java\jre6\bin\cmm.dll
2009-02-22 21:07 192512 {D6FF1591-2905-465D-81DA-6555B0413920}\RP41\A0007222.dll

2009-03-09 05:18 143360 c:\program files\Java\jre6\bin\dcpr.dll
2009-02-22 21:07 143360 {D6FF1591-2905-465D-81DA-6555B0413920}\RP41\A0007223.dll

2009-03-09 05:18 77824 c:\program files\Java\jre6\bin\deploy.dll
2009-02-22 21:07 77824 {D6FF1591-2905-465D-81DA-6555B0413920}\RP41\A0007224.dll

2009-03-09 05:19 410984 c:\program files\Java\jre6\bin\deploytk.dll
2009-02-22 21:07 410984 {D6FF1591-2905-465D-81DA-6555B0413920}\RP41\A0007225.dll

2009-03-09 05:18 16896 c:\program files\Java\jre6\bin\dt_shmem.dll
2009-02-22 21:07 16896 {D6FF1591-2905-465D-81DA-6555B0413920}\RP41\A0007226.dll

2009-03-09 05:18 13312 c:\program files\Java\jre6\bin\dt_socket.dll
2009-02-22 21:07 13312 {D6FF1591-2905-465D-81DA-6555B0413920}\RP41\A0007227.dll

2009-03-09 05:18 339968 c:\program files\Java\jre6\bin\fontmanager.dll
2009-02-22 21:07 339968 {D6FF1591-2905-465D-81DA-6555B0413920}\RP41\A0007228.dll

2009-03-09 05:18 15872 c:\program files\Java\jre6\bin\hpi.dll
2009-02-22 21:07 15872 {D6FF1591-2905-465D-81DA-6555B0413920}\RP41\A0007229.dll

2009-03-09 05:18 139264 c:\program files\Java\jre6\bin\hprof.dll
2009-02-22 21:07 139264 {D6FF1591-2905-465D-81DA-6555B0413920}\RP41\A0007230.dll

2009-03-09 05:18 98304 c:\program files\Java\jre6\bin\instrument.dll
2009-02-22 21:07 98304 {D6FF1591-2905-465D-81DA-6555B0413920}\RP41\A0007231.dll

2009-03-09 05:18 12800 c:\program files\Java\jre6\bin\ioser12.dll
2009-02-22 21:07 12800 {D6FF1591-2905-465D-81DA-6555B0413920}\RP41\A0007232.dll

2009-03-09 05:18 7680 c:\program files\Java\jre6\bin\j2pcsc.dll
2009-02-22 21:07 7680 {D6FF1591-2905-465D-81DA-6555B0413920}\RP41\A0007233.dll

2009-03-09 05:18 41472 c:\program files\Java\jre6\bin\j2pkcs11.dll
2009-02-22 21:07 37376 {D6FF1591-2905-465D-81DA-6555B0413920}\RP41\A0007234.dll

2009-03-09 05:18 10240 c:\program files\Java\jre6\bin\jaas_nt.dll
2009-02-22 21:07 10240 {D6FF1591-2905-465D-81DA-6555B0413920}\RP41\A0007235.dll

2009-03-09 05:19 32664 c:\program files\Java\jre6\bin\java-rmi.exe
2009-02-22 21:07 32664 {D6FF1591-2905-465D-81DA-6555B0413920}\RP41\A0007236.exe

2009-03-09 05:18 126976 c:\program files\Java\jre6\bin\java.dll
2009-02-22 21:07 126976 {D6FF1591-2905-465D-81DA-6555B0413920}\RP41\A0007237.dll

2009-03-09 05:19 144792 c:\program files\Java\jre6\bin\java.exe
2009-02-22 21:07 144792 {D6FF1591-2905-465D-81DA-6555B0413920}\RP41\A0007238.exe

2009-03-09 05:18 14336 c:\program files\Java\jre6\bin\java_crw_demo.dll
2009-02-22 21:07 14336 {D6FF1591-2905-465D-81DA-6555B0413920}\RP41\A0007239.dll

2009-03-09 05:19 58776 c:\program files\Java\jre6\bin\javacpl.exe
2009-02-22 21:07 58776 {D6FF1591-2905-465D-81DA-6555B0413920}\RP41\A0007241.exe

2009-03-09 05:19 144792 c:\program files\Java\jre6\bin\javaw.exe
2009-02-22 21:07 144792 {D6FF1591-2905-465D-81DA-6555B0413920}\RP41\A0007242.exe

2009-03-09 05:19 148888 c:\program files\Java\jre6\bin\javaws.exe
2009-02-22 21:07 148888 {D6FF1591-2905-465D-81DA-6555B0413920}\RP41\A0007243.exe

2009-03-09 05:18 5120 c:\program files\Java\jre6\bin\jawt.dll
2009-02-22 21:07 5120 {D6FF1591-2905-465D-81DA-6555B0413920}\RP41\A0007244.dll

2009-03-09 05:19 79256 c:\program files\Java\jre6\bin\jbroker.exe
2009-02-22 21:07 79256 {D6FF1591-2905-465D-81DA-6555B0413920}\RP41\A0007245.exe

2009-03-09 05:18 36352 c:\program files\Java\jre6\bin\JdbcOdbc.dll
2009-02-22 21:07 36352 {D6FF1591-2905-465D-81DA-6555B0413920}\RP41\A0007246.dll

2009-03-09 05:18 167936 c:\program files\Java\jre6\bin\jdwp.dll
2009-02-22 21:07 167936 {D6FF1591-2905-465D-81DA-6555B0413920}\RP41\A0007247.dll

2009-03-09 05:18 208896 c:\program files\Java\jre6\bin\jkernel.dll
2009-02-22 21:07 274432 {D6FF1591-2905-465D-81DA-6555B0413920}\RP41\A0007248.dll

2009-03-09 05:18 77824 c:\program files\Java\jre6\bin\jli.dll
2009-02-22 21:07 77824 {D6FF1591-2905-465D-81DA-6555B0413920}\RP41\A0007249.dll

2009-03-09 05:18 94208 c:\program files\Java\jre6\bin\jp2iexp.dll
2009-02-22 21:07 94208 {D6FF1591-2905-465D-81DA-6555B0413920}\RP41\A0007250.dll

2009-03-09 05:19 22424 c:\program files\Java\jre6\bin\jp2launcher.exe
2009-02-22 21:07 22424 {D6FF1591-2905-465D-81DA-6555B0413920}\RP41\A0007251.exe

2009-03-09 05:18 8192 c:\program files\Java\jre6\bin\jp2native.dll
2009-02-22 21:07 8192 {D6FF1591-2905-465D-81DA-6555B0413920}\RP41\A0007252.dll

2009-03-09 05:18 35840 c:\program files\Java\jre6\bin\jp2ssv.dll
2009-02-22 21:07 34816 {D6FF1591-2905-465D-81DA-6555B0413920}\RP41\A0007253.dll

2009-03-09 05:18 147456 c:\program files\Java\jre6\bin\jpeg.dll
2009-02-22 21:07 147456 {D6FF1591-2905-465D-81DA-6555B0413920}\RP41\A0007254.dll

2009-03-09 05:18 98304 c:\program files\Java\jre6\bin\jpicom.dll
2009-02-22 21:07 98304 {D6FF1591-2905-465D-81DA-6555B0413920}\RP41\A0007255.dll

2009-03-09 05:18 110592 c:\program files\Java\jre6\bin\jpiexp.dll
2009-02-22 21:07 110592 {D6FF1591-2905-465D-81DA-6555B0413920}\RP41\A0007256.dll

2009-03-09 05:18 98304 c:\program files\Java\jre6\bin\jpinscp.dll
2009-02-22 21:07 98304 {D6FF1591-2905-465D-81DA-6555B0413920}\RP41\A0007257.dll

2009-03-09 05:18 65536 c:\program files\Java\jre6\bin\jpioji.dll
2009-02-22 21:07 65536 {D6FF1591-2905-465D-81DA-6555B0413920}\RP41\A0007258.dll

2009-03-09 05:18 126976 c:\program files\Java\jre6\bin\jpishare.dll
2009-02-22 21:07 122880 {D6FF1591-2905-465D-81DA-6555B0413920}\RP41\A0007259.dll

2009-03-09 05:19 152984 c:\program files\Java\jre6\bin\jqs.exe
2009-02-22 21:07 152984 {D6FF1591-2905-465D-81DA-6555B0413920}\RP41\A0007260.exe

2009-03-09 05:19 54680 c:\program files\Java\jre6\bin\jqsnotify.exe
2009-02-22 21:07 54680 {D6FF1591-2905-465D-81DA-6555B0413920}\RP41\A0007262.exe

2009-03-09 05:18 147456 c:\program files\Java\jre6\bin\jsound.dll
2009-02-22 21:07 147456 {D6FF1591-2905-465D-81DA-6555B0413920}\RP41\A0007263.dll

2009-03-09 05:18 18432 c:\program files\Java\jre6\bin\jsoundds.dll
2009-02-22 21:07 18432 {D6FF1591-2905-465D-81DA-6555B0413920}\RP41\A0007264.dll

2009-03-09 05:19 386480 c:\program files\Java\jre6\bin\jucheck.exe
2009-02-22 21:07 382384 {D6FF1591-2905-465D-81DA-6555B0413920}\RP41\A0007265.exe

2009-03-09 05:19 54680 c:\program files\Java\jre6\bin\jureg.exe
2009-02-22 21:07 54680 {D6FF1591-2905-465D-81DA-6555B0413920}\RP41\A0007266.exe

2009-03-09 05:19 148888 c:\program files\Java\jre6\bin\jusched.exe
2009-02-22 21:07 136600 {D6FF1591-2905-465D-81DA-6555B0413920}\RP41\A0007267.exe

2009-03-09 05:19 33176 c:\program files\Java\jre6\bin\keytool.exe
2009-02-22 21:07 33176 {D6FF1591-2905-465D-81DA-6555B0413920}\RP41\A0007269.exe

2009-03-09 05:19 33176 c:\program files\Java\jre6\bin\kinit.exe
2009-02-22 21:07 33176 {D6FF1591-2905-465D-81DA-6555B0413920}\RP41\A0007270.exe

2009-03-09 05:19 33176 c:\program files\Java\jre6\bin\klist.exe
2009-02-22 21:07 33176 {D6FF1591-2905-465D-81DA-6555B0413920}\RP41\A0007271.exe

2009-03-09 05:19 33176 c:\program files\Java\jre6\bin\ktab.exe
2009-02-22 21:07 33176 {D6FF1591-2905-465D-81DA-6555B0413920}\RP41\A0007272.exe

2009-03-09 05:18 18432 c:\program files\Java\jre6\bin\management.dll
2009-02-22 21:07 18432 {D6FF1591-2905-465D-81DA-6555B0413920}\RP41\A0007274.dll

2009-03-09 05:18 602112 c:\program files\Java\jre6\bin\mlib_image.dll
2009-02-22 21:07 602112 {D6FF1591-2905-465D-81DA-6555B0413920}\RP41\A0007275.dll

2009-03-09 05:18 77824 c:\program files\Java\jre6\bin\net.dll
2009-02-22 21:07 77824 {D6FF1591-2905-465D-81DA-6555B0413920}\RP41\A0007276.dll

2009-03-09 05:18 65536 c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
2009-02-22 21:07 65536 {D6FF1591-2905-465D-81DA-6555B0413920}\RP41\A0007279.dll

2009-03-09 05:18 20480 c:\program files\Java\jre6\bin\nio.dll
2009-02-22 21:07 20480 {D6FF1591-2905-465D-81DA-6555B0413920}\RP41\A0007277.dll

2009-03-09 05:19 410984 c:\program files\Java\jre6\bin\npdeploytk.dll
2009-02-22 21:07 410984 {D6FF1591-2905-465D-81DA-6555B0413920}\RP41\A0007278.dll

c:\program files\Java\jr
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5948A52A-BA3A-49A8-BCAF-D578502BDA9D}]
2009-02-19 19:55 292352 --a------ c:\documents and settings\Evan\Application Data\Messenger\Drivers\MsgUpdate.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-03-08 1830128]
"Steam"="c:\program files\steam\steam.exe" [2009-02-22 1410296]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-03-03 321344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-09 13680640]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-09 86016]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 620152]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"nwiz"="nwiz.exe" [2009-02-09 c:\windows\system32\nwiz.exe]
"CTHelper"="CTHELPER.EXE" [2007-04-09 c:\windows\system32\CtHelper.exe]
"CTxfiHlp"="CTXFIHLP.EXE" [2007-04-09 c:\windows\system32\Ctxfihlp.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe [2009-03-14 295606]
Adobe Acrobat Synchronizer.lnk - c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 12:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-01-15 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-01-15 55024]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2009-02-22 24652]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [2009-03-03 28672]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-01-15 7408]
.
Contents of the 'Scheduled Tasks' folder

2009-03-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 13:34]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
FF - ProfilePath - c:\documents and settings\Evan\Application Data\Mozilla\Firefox\Profiles\46paeel1.default\
FF - component: c:\program files\Mozilla Firefox\components\srff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-27 20:45:41
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?
CTxfiHlp = CTXFIHLP.EXE?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(556)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Completion time: 2009-03-27 20:46:39
ComboFix-quarantined-files.txt 2009-03-28 00:46:36
ComboFix2.txt 2009-03-27 00:38:06

Pre-Run: 213,468,270,592 bytes free
Post-Run: 213,466,656,768 bytes free

461 --- E O F --- 2009-03-27 07:01:12

#8
Jimmy2012

Posted 27 March 2009 - 11:48 PM

Trusted Helper

Retired Staff
6,238 posts

Hello kws_divine,

Make sure to use Internet Explorer for this
Please go to VirSCAN.org FREE on-line scan service
Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:
- c:\windows\iwuq\iwuq.dat
Click on the Upload button
Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
Paste the contents of the Clipboard in your next reply.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\documents and settings\Evan\Application Data\Messenger\Drivers\conf.sys
c:\documents and settings\Evan\Application Data\Messenger\Drivers\phuninst.dll
c:\documents and settings\Evan\Application Data\Messenger\Drivers\pub.dll
c:\documents and settings\Evan\Application Data\Messenger\Sys\mu.dll

Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt. Please post the following reports into your next reply:

Combofix.txt
The VirScan log.

#9
kws_divine

Posted 28 March 2009 - 12:33 PM

Member

Topic Starter
Member
224 posts

I can't use IE. It just gives me that it can't respond again.

#10
Jimmy2012

Posted 28 March 2009 - 01:12 PM

Trusted Helper

Retired Staff
6,238 posts

Hello kws_divine,
Please try it this way, you can use FireFox.

Jotti File Submission:

Please go to Jotti's malware scan
Copy and paste the following file path into the "File to upload & scan"box on the top of the page:
- c:\windows\iwuq\iwuq.dat
Click on the submit button
Please post the results in your next reply.

#11
kws_divine

Posted 28 March 2009 - 03:15 PM

Member

Topic Starter
Member
224 posts

A-Squared
Found nothing
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
CPsecure
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
Ikarus
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
Panda Antivirus
Found nothing
Quick Heal
Found nothing
Sophos Antivirus
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing

#12
Jimmy2012

Posted 28 March 2009 - 04:14 PM

Trusted Helper

Retired Staff
6,238 posts

Hello kws_divine,

Please run the CFScript with ComboFix and post the log from it in your next reply.

#13
kws_divine

Posted 28 March 2009 - 05:38 PM

Member

Topic Starter
Member
224 posts

ComboFix 09-03-27.02 - Evan 2009-03-28 19:31:10.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.560 [GMT -4:00]
Running from: c:\documents and settings\Evan\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Evan\Desktop\CFScript.txt
FW: ZoneAlarm Pro Firewall *enabled*
* Created a new restore point

FILE ::
c:\documents and settings\Evan\Application Data\Messenger\Drivers\conf.sys
c:\documents and settings\Evan\Application Data\Messenger\Drivers\phuninst.dll
c:\documents and settings\Evan\Application Data\Messenger\Drivers\pub.dll
c:\documents and settings\Evan\Application Data\Messenger\Sys\mu.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Evan\Application Data\Messenger\Drivers\conf.sys
c:\documents and settings\Evan\Application Data\Messenger\Drivers\phuninst.dll
c:\documents and settings\Evan\Application Data\Messenger\Drivers\pub.dll
c:\documents and settings\Evan\Application Data\Messenger\Sys\mu.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_PCIDump

((((((((((((((((((((((((( Files Created from 2009-02-28 to 2009-03-28 )))))))))))))))))))))))))))))))
.

2009-03-28 15:16 . 2004-08-04 08:00 218,624 --a------ c:\windows\system32\uxtheme.backup
2009-03-22 19:36 . 2009-03-22 19:36 <DIR> d-------- c:\program files\Trend Micro
2009-03-17 23:34 . 2004-08-04 00:56 159,232 --a------ c:\windows\system32\ptpusd.dll
2009-03-17 23:34 . 2004-08-03 22:58 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2009-03-17 23:34 . 2004-08-03 22:58 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys
2009-03-17 23:34 . 2001-08-17 22:36 5,632 --a------ c:\windows\system32\ptpusb.dll
2009-03-14 01:52 . 2009-03-14 01:52 <DIR> d-------- c:\program files\Common Files\Macrovision Shared
2009-03-14 01:52 . 2009-03-14 01:52 <DIR> d-------- c:\documents and settings\All Users\Application Data\FLEXnet
2009-03-08 14:21 . 2009-03-08 14:21 <DIR> d-------- c:\program files\CleanUp!
2009-03-07 04:25 . 2009-03-07 04:26 <DIR> d-------- c:\windows\iwuq
2009-03-07 04:25 . 2009-03-11 22:05 <DIR> d-------- c:\program files\Common Files\iwuq
2009-03-07 04:05 . 2009-03-07 12:50 <DIR> d-------- c:\program files\WWShow
2009-03-07 04:00 . 2009-03-07 12:50 <DIR> d-------- c:\program files\Jcore
2009-03-07 01:48 . 2009-03-08 14:22 <DIR> d-------- C:\Temp
2009-03-07 01:48 . 2009-03-07 01:48 <DIR> d-------- c:\documents and settings\Evan\Application Data\Messenger
2009-03-07 01:15 . 2009-03-07 01:15 <DIR> d-------- c:\windows\Sun
2009-03-05 00:47 . 2009-03-11 22:05 <DIR> d-------- c:\program files\Adobe_Photoshop_CS3
2009-03-03 23:47 . 2009-03-03 23:47 <DIR> d-------- c:\program files\Half Life Player
2009-03-03 22:13 . 2009-03-14 01:52 <DIR> d-------- c:\program files\Common Files\Adobe
2009-03-03 20:19 . 2009-03-28 14:45 <DIR> d-------- c:\documents and settings\Evan\Application Data\BitTorrent
2009-03-03 20:18 . 2009-03-28 19:34 <DIR> d-------- c:\program files\DNA
2009-03-03 20:18 . 2009-03-03 20:18 <DIR> d-------- c:\program files\BitTorrent
2009-03-03 20:18 . 2009-03-28 19:34 <DIR> d-------- c:\documents and settings\Evan\Application Data\DNA
2009-03-03 13:49 . 2009-03-15 01:26 588 --a------ c:\windows\system32\settingsbkup.sfm
2009-03-03 13:49 . 2009-03-15 01:26 588 --a------ c:\windows\system32\settings.sfm
2009-03-03 03:05 . 2009-03-03 03:05 <DIR> d-------- c:\program files\LibUSB-Win32
2009-03-03 03:05 . 2007-03-20 12:33 43,520 --a------ c:\windows\system32\libusb0.dll
2009-03-03 03:05 . 2007-03-20 12:33 28,672 --a------ c:\windows\system32\drivers\libusb0.sys
2009-03-03 03:04 . 2009-02-05 20:23 <DIR> d-------- C:\files

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-28 23:34 --------- d-----w c:\program files\Steam
2009-03-28 23:33 1,304,277 ----a-w c:\windows\Internet Logs\tvDebug.zip
2009-03-27 00:41 --------- d-----w c:\program files\Java
2009-03-25 11:42 --------- d-----w c:\documents and settings\Evan\Application Data\LimeWire
2009-03-19 01:02 1,574,912 ----a-w c:\windows\Internet Logs\xDB2.tmp
2009-03-10 20:16 --------- d-----w c:\program files\SUPERAntiSpyware
2009-03-03 06:54 --------- d-----w c:\documents and settings\Evan\Application Data\Apple Computer
2009-03-01 14:53 --------- d-----w c:\documents and settings\Evan\Application Data\Audacity
2009-02-26 22:41 1,498,112 ----a-w c:\windows\Internet Logs\xDB1.tmp
2009-02-25 03:02 --------- d-----w c:\program files\TabIt
2009-02-24 04:34 --------- d-----w c:\program files\Illustrate
2009-02-24 04:34 --------- d-----w c:\documents and settings\Evan\Application Data\AccurateRip
2009-02-24 00:38 --------- d-----w c:\documents and settings\Evan\Application Data\Viewpoint
2009-02-23 03:20 --------- d-----w c:\program files\Project64 1.6
2009-02-23 03:18 12,531,125 ----a-w C:\Super Smash Bros. (U) [!].zip
2009-02-23 03:14 --------- d-----w c:\program files\QuickTime
2009-02-23 03:14 --------- d-----w c:\program files\iTunes
2009-02-23 03:14 --------- d-----w c:\program files\iPod
2009-02-23 03:14 --------- d-----w c:\program files\Common Files\Apple
2009-02-23 03:14 --------- d-----w c:\program files\Bonjour
2009-02-23 03:14 --------- d-----w c:\program files\Apple Software Update
2009-02-23 03:14 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2009-02-23 03:14 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-02-23 03:13 --------- d-----w c:\documents and settings\All Users\Application Data\Apple
2009-02-23 01:12 --------- d-----w c:\program files\LimeWire
2009-02-23 00:06 --------- d-----w c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-02-23 00:04 --------- d-----w c:\program files\Windows Live
2009-02-23 00:04 --------- d-----w c:\program files\Messenger Plus! Live
2009-02-22 23:58 --------- d-----w c:\program files\Zone Labs
2009-02-22 23:43 --------- d-----w c:\program files\RocketDock
2009-02-22 23:33 --------- d-----w c:\program files\Windows Live SkyDrive
2009-02-22 23:29 --------- d-----w c:\program files\Common Files\Windows Live
2009-02-22 23:25 --------- d-----w c:\program files\Viewpoint
2009-02-22 23:25 --------- d-----w c:\program files\Common Files\AOL
2009-02-22 23:25 --------- d-----w c:\program files\AIM6
2009-02-22 23:25 --------- d-----w c:\documents and settings\Evan\Application Data\acccore
2009-02-22 23:25 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2009-02-22 23:25 --------- d-----w c:\documents and settings\All Users\Application Data\AOL OCP
2009-02-22 23:25 --------- d-----w c:\documents and settings\All Users\Application Data\AOL
2009-02-22 23:25 --------- d-----w c:\documents and settings\All Users\Application Data\acccore
2009-02-22 23:20 --------- d-----w c:\documents and settings\Evan\Application Data\SUPERAntiSpyware.com
2009-02-22 23:20 --------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-02-22 23:19 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-02-22 22:53 --------- d-----w c:\documents and settings\Evan\Application Data\Creative
2009-02-22 22:33 --------- d-----w c:\program files\microsoft frontpage
2009-02-11 16:30 --------- d-----w c:\program files\Audacity 1.3 Beta (Unicode)
2009-02-09 18:18 6,307,328 ----a-w c:\windows\system32\drivers\nv4_mini.sys
2009-03-07 08:16 211,456 ----a-w c:\program files\mozilla firefox\components\srff.dll
.

((((((((((((((((((((((((((((( SnapShot_2009-03-27_20.45.55.51 )))))))))))))))))))))))))))))))))))))))))
.
- 2004-08-04 12:00:00 218,624 -c--a-w c:\windows\system32\dllcache\uxtheme.dll
+ 2004-08-07 13:36:14 218,624 -c--a-w c:\windows\system32\dllcache\uxtheme.dll
- 2004-08-04 12:00:00 218,624 ----a-w c:\windows\system32\uxtheme.dll
+ 2004-08-07 13:36:14 218,624 ----a-w c:\windows\system32\uxtheme.dll
+ 2009-03-28 23:33:52 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_668.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5948A52A-BA3A-49A8-BCAF-D578502BDA9D}]
2009-02-19 19:55 292352 --a------ c:\documents and settings\Evan\Application Data\Messenger\Drivers\MsgUpdate.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-03-08 1830128]
"Steam"="c:\program files\steam\steam.exe" [2009-02-22 1410296]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-03-03 321344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-09 13680640]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-09 86016]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 620152]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"nwiz"="nwiz.exe" [2009-02-09 c:\windows\system32\nwiz.exe]
"CTHelper"="CTHELPER.EXE" [2007-04-09 c:\windows\system32\CtHelper.exe]
"CTxfiHlp"="CTXFIHLP.EXE" [2007-04-09 c:\windows\system32\Ctxfihlp.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe [2009-03-14 295606]
Adobe Acrobat Synchronizer.lnk - c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 12:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-01-15 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-01-15 55024]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2009-02-22 24652]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [2009-03-03 28672]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-01-15 7408]
.
Contents of the 'Scheduled Tasks' folder

2009-03-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 13:34]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
FF - ProfilePath - c:\documents and settings\Evan\Application Data\Mozilla\Firefox\Profiles\46paeel1.default\
FF - component: c:\program files\Mozilla Firefox\components\srff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-28 19:34:18
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?
CTxfiHlp = CTXFIHLP.EXE?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(560)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\program files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
.
**************************************************************************
.
Completion time: 2009-03-28 19:36:23 - machine was rebooted [Evan]
ComboFix-quarantined-files.txt 2009-03-28 23:36:21
ComboFix2.txt 2009-03-28 00:46:40
ComboFix3.txt 2009-03-27 00:38:06

Pre-Run: 212,151,889,920 bytes free
Post-Run: 212,151,853,056 bytes free

228 --- E O F --- 2009-03-27 07:01:12

#14
Jimmy2012

Posted 29 March 2009 - 10:02 AM

Trusted Helper

Retired Staff
6,238 posts

Hello kws_divine,

Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.

Click NO
In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
Now click the Scan button.
Once the scan is complete, you may receive another notice about rootkit activity.
Click OK.
GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
Save it where you can easily find it, such as your desktop.

Post the contents of GMER.txt in your next reply.

#15
kws_divine

Posted 31 March 2009 - 05:50 AM

Member

Topic Starter
Member
224 posts

GMER 1.0.15.14966 - http://www.gmer.net
Rootkit scan 2009-03-31 07:45:18
Windows 5.1.2600 Service Pack 2

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwConnectPort [0xF3858040]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateFile [0xF3854930]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateKey [0xF385FA80]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreatePort [0xF3858510]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateProcess [0xF385E870]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateProcessEx [0xF385EAA0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateSection [0xF3861FD0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateWaitablePort [0xF3858600]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwDeleteFile [0xF3854F20]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwDeleteKey [0xF38606E0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwDeleteValueKey [0xF3860440]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwDuplicateObject [0xF385E580]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwLoadKey [0xF38608B0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwMapViewOfSection [0xF3862270]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwOpenFile [0xF3854D70]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwOpenProcess [0xF385E350]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwOpenThread [0xF385E150]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwRenameKey [0xF3861250]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwReplaceKey [0xF3860CB0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwRequestWaitReplyPort [0xF3857C00]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwRestoreKey [0xF3861080]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwSecureConnectPort [0xF3858220]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwSetInformationFile [0xF3855120]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwSetValueKey [0xF3860140]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xF37EAF20]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 23E4 805012D4 12 Bytes [10, 85, 85, F3, 70, E8, 85, ...]
? srescan.sys The system cannot find the file specified. !

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [F385CCA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [F385D1C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [F385D320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [F385CE10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [F385CE10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [F385CCA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [F385D1C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [F385D320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [F385CCA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [F385D320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [F385D1C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [F385CE10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F385D320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F385D1C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F385CCA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [F385CE10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F385CCA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F385D1C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [F385D320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCloseAdapter] [F385D320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisOpenAdapter] [F385D1C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisDeregisterProtocol] [F385CE10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisRegisterProtocol] [F385CCA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [F385CCA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [F385CE10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [F385D320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F385D1C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

---- Devices - GMER 1.0.15 ----

Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\Evan\My Documents\Downloads\World of Warcraft 2.4.3 [Play WoW Free on Private Server] [ITR WoW]\World of Warcraft 2.4.3 [Play WoW Free on Private Server] [ITR WoW]\wowdata\Interface\AddOns\QuestHelper\LibAboutPanel\libs\CallbackHandler-1.0\CallbackHandler-1.0.lua 8740 bytes
File C:\Documents and Settings\Evan\My Documents\Downloads\World of Warcraft 2.4.3 [Play WoW Free on Private Server] [ITR WoW]\World of Warcraft 2.4.3 [Play WoW Free on Private Server] [ITR WoW]\wowdata\Interface\AddOns\QuestHelper\LibAboutPanel\libs\CallbackHandler-1.0\CallbackHandler-1.0.xml 218 bytes
File C:\Documents and Settings\Evan\My Documents\Downloads\World of Warcraft 2.4.3 [Play WoW Free on Private Server] [ITR WoW]\World of Warcraft 2.4.3 [Play WoW Free on Private Server] [ITR WoW]\wowdata\Interface\AddOns\Titan\libs\AceConfig-3.0\AceConfigCmd-3.0\AceConfigCmd-3.0.lua 21346 bytes
File C:\Documents and Settings\Evan\My Documents\Downloads\World of Warcraft 2.4.3 [Play WoW Free on Private Server] [ITR WoW]\World of Warcraft 2.4.3 [Play WoW Free on Private Server] [ITR WoW]\wowdata\Interface\AddOns\Titan\libs\AceConfig-3.0\AceConfigCmd-3.0\AceConfigCmd-3.0.xml 218 bytes
File C:\Documents and Settings\Evan\My Documents\Downloads\World of Warcraft 2.4.3 [Play WoW Free on Private Server] [ITR WoW]\World of Warcraft 2.4.3 [Play WoW Free on Private Server] [ITR WoW]\wowdata\Interface\AddOns\Titan\libs\AceConfig-3.0\AceConfigDialog-3.0\AceConfigDialog-3.0.lua 48858 bytes
File C:\Documents and Settings\Evan\My Documents\Downloads\World of Warcraft 2.4.3 [Play WoW Free on Private Server] [ITR WoW]\World of Warcraft 2.4.3 [Play WoW Free on Private Server] [ITR WoW]\wowdata\Interface\AddOns\Titan\libs\AceConfig-3.0\AceConfigDialog-3.0\AceConfigDialog-3.0.xml 221 bytes
File C:\Documents and Settings\Evan\My Documents\Downloads\World of Warcraft 2.4.3 [Play WoW Free on Private Server] [ITR WoW]\World of Warcraft 2.4.3 [Play WoW Free on Private Server] [ITR WoW]\wowdata\Interface\AddOns\Titan\libs\AceConfig-3.0\AceConfigRegistry-3.0\AceConfigRegistry-3.0.lua 11077 bytes
File C:\Documents and Settings\Evan\My Documents\Downloads\World of Warcraft 2.4.3 [Play WoW Free on Private Server] [ITR WoW]\World of Warcraft 2.4.3 [Play WoW Free on Private Server] [ITR WoW]\wowdata\Interface\AddOns\Titan\libs\AceConfig-3.0\AceConfigRegistry-3.0\AceConfigRegistry-3.0.xml 223 bytes
File C:\Documents and Settings\Evan\My Documents\Downloads\World of Warcraft 2.4.3 [Play WoW Free on Private Server] [ITR WoW]\World of Warcraft 2.4.3 [Play WoW Free on Private Server] [ITR WoW]\wowdata\Interface\AddOns\Titan\libs\LibSharedMedia-3.0\CallbackHandler-1.0\CallbackHandler-1.0.lua 8744 bytes
File C:\Documents and Settings\Evan\My Documents\Downloads\World of Warcraft 2.4.3 [Play WoW Free on Private Server] [ITR WoW]\World of Warcraft 2.4.3 [Play WoW Free on Private Server] [ITR WoW]\wowdata\Interface\AddOns\Titan\libs\LibSharedMedia-3.0\LibSharedMedia-3.0\lib.xml 218 bytes
File C:\Documents and Settings\Evan\My Documents\Downloads\World of Warcraft 2.4.3 [Play WoW Free on Private Server] [ITR WoW]\World of Warcraft 2.4.3 [Play WoW Free on Private Server] [ITR WoW]\wowdata\Interface\AddOns\Titan\libs\LibSharedMedia-3.0\LibSharedMedia-3.0\LibSharedMedia-3.0.lua 6802 bytes

---- EOF - GMER 1.0.15 ----