Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Trojan.Vundo.H [Solved]

Started by amd256 , May 08 2009 02:10 PM

This topic is locked

#1
amd256

Posted 08 May 2009 - 02:10 PM

Member

Member
10 posts

Tried a few different programs but none have fully cleaned my computer.

hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:53:48 PM, on 5/8/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\RioMSC.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
O2 - BHO: (no name) - {7746d366-2557-497f-9d12-4c8f7889e640} - c:\windows\system32\tdcdcky.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.9.0\IEViewBar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebo...toUploader5.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgree...eensActivia.cab
O16 - DPF: {6E704581-CCAE-46D2-9C64-20D724B3624E} (UnagiAx Class) - http://radaol-prod-w...agi3.0.84.2.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius....tiveXPlugin.cab
O20 - Winlogon Notify: !saswinlogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: irqrohbz - C:\WINDOWS\SYSTEM32\tdcdcky.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - - (file missing)
O23 - Service: VundoFix Service (vundofixsvc) - Atribune.org - C:\WINDOWS\SYSTEM32\VundoFixSVC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\

--
End of file - 7710 bytes

mbam

Malwarebytes' Anti-Malware 1.36
Database version: 2079
Windows 5.1.2600 Service Pack 3

5/7/2009 12:34:07 PM
mbam-log-2009-05-07 (12-34-07).txt

Scan type: Full Scan (C:\|)
Objects scanned: 202522
Time elapsed: 1 hour(s), 24 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7746d366-2557-497f-9d12-4c8f7889e640} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\irqrohbz (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{7746d366-2557-497f-9d12-4c8f7889e640} (Trojan.Vundo.H) -> Delete on reboot.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\system32\tdcdcky.dll (Trojan.Vundo.H) -> Delete on reboot.

VundoFix

VundoFix V7.0.6

Scan started at 4:16:01 PM 5/6/2009

Listing files found while scanning....

C:\Windows\system32\vjwhdmxu.dll

Beginning removal...

Attempting to delete C:\Windows\system32\vjwhdmxu.dll
C:\Windows\system32\vjwhdmxu.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

Performing Repairs to the registry.
Done!

VundoFix V7.0.6

Scan started at 12:39:29 PM 5/7/2009

Listing files found while scanning....

C:\Windows\system32\vjwhdmxu.dll

Beginning removal...

Attempting to delete C:\Windows\system32\vjwhdmxu.dll
C:\Windows\system32\vjwhdmxu.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

None have fully deleted or cleaned the files, the 4 or 5 files keep reappearing after reboot.

Thanks for the help.

#2
andrewuk

Posted 08 May 2009 - 02:55 PM

Trusted Helper

Malware Removal
5,297 posts

Hello amd256

welcome to geekstogo

Please go to this page here and start at Step Five: Rootkit Detection and post the Rooter.exe log and OTListIT logs here in reply.

The text from these files may exceed the maximum post length for this forum. Hence, you may need to post the information over 2 or more posts.

andrewuk

#3
amd256

Posted 08 May 2009 - 03:13 PM

Member

Topic Starter
Member
10 posts

Rooter log:

Microsoft Windows XP Home Edition (5.1.2600) Service Pack 3

A:\ [Removable] (Total:0 Mo/Free:0 Mo)
C:\ [Fixed] - NTFS - (Total:76285 Mo/Free:556 Mo)
D:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
E:\ [Removable] (Total:244 Mo/Free:242 Mo)

Fri 05/08/2009|16:05

----------------------\\ Processes..

--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\Program Files\Ahead\InCD\InCDsrv.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\Explorer.EXE
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
---------- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
---------- C:\Program Files\Bonjour\mDNSResponder.exe
---------- C:\WINDOWS\System32\CTsvcCDA.exe
---------- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\drivers\KodakCCS.exe
---------- C:\WINDOWS\system32\nvsvc32.exe
---------- C:\WINDOWS\system32\RioMSC.exe
---------- C:\WINDOWS\system32\ScsiAccess.EXE
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\wanmpsvc.exe
---------- C:\WINDOWS\System32\MsPMSPSv.exe
---------- c:\WINDOWS\system32\ZuneBusEnum.exe
---------- C:\WINDOWS\System32\alg.exe
---------- C:\WINDOWS\system32\wscntfy.exe
---------- C:\WINDOWS\system32\ctfmon.exe
---------- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
---------- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
---------- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
---------- C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
---------- C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Rooter$\RK.exe

----------------------\\ Search..

Trojan ! .. C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\tdcdcky.dll,DllMain -

----------------------\\ Tasks

C:\WINDOWS\tasks\At1.job

----------------------\\ ROOTKIT !!

1 - "C:\Rooter$\Rooter_1.txt" - Fri 05/08/2009|16:07

----------------------\\ Scan completed at 16:07

OTListIt2 Log:

OTListIt logfile created on: 5/8/2009 4:08:48 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.15.4 Folder = C:\Documents and Settings\KENT WIRGES\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.01 Mb Total Physical Memory | 280.08 Mb Available Physical Memory | 54.81% Memory free
1.22 Gb Paging File | 1.03 Gb Available in Paging File | 84.02% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 24.54 Gb Free Space | 32.94% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 244.44 Mb Total Space | 242.12 Mb Free Space | 99.05% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: WIRGESCOMPUTER
Current User Name: KENT WIRGES
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Program Files\Ahead\InCD\InCDsrv.exe (Nero AG)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (AOL LLC)
PRC - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\WINDOWS\System32\CTsvcCDA.exe (Creative Technology Ltd)
PRC - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe (SEIKO EPSON CORPORATION)
PRC - C:\WINDOWS\system32\drivers\KodakCCS.exe (Eastman Kodak Company)
PRC - C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\WINDOWS\system32\RioMSC.exe (Digital Networks North America, Inc.)
PRC - C:\WINDOWS\system32\ScsiAccess.EXE ()
PRC - C:\WINDOWS\wanmpsvc.exe (America Online, Inc.)
PRC - C:\WINDOWS\System32\MsPMSPSv.exe (Microsoft Corporation)
PRC - c:\WINDOWS\system32\ZuneBusEnum.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
PRC - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe ()
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Documents and Settings\KENT WIRGES\Desktop\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (AOL ACS [Auto | Stopped]) -- C:\Program Files\Common Files\AOL\ACS\acsd.exe (AOL LLC)
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Automatic LiveUpdate Scheduler [Auto | Running]) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Creative Service for CDROM Access [Auto | Running]) -- C:\WINDOWS\System32\CTsvcCDA.exe (Creative Technology Ltd)
SRV - (EPSONStatusAgent2 [Auto | Running]) -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe (SEIKO EPSON CORPORATION)
SRV - (gusvc [Disabled | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (InCDsrvR [Auto | Running]) -- C:\Program Files\Ahead\InCD\InCDsrv.exe (Nero AG)
SRV - (iPod Service [On_Demand | Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (KodakCCS [Auto | Running]) -- C:\WINDOWS\system32\drivers\KodakCCS.exe (Eastman Kodak Company)
SRV - (LiveUpdate [On_Demand | Stopped]) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE (Symantec Corporation)
SRV - (NVSvc [Auto | Running]) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
SRV - (Pml Driver HPZ12 [Auto | Stopped]) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (RioMSC [Auto | Running]) -- C:\WINDOWS\system32\RioMSC.exe (Digital Networks North America, Inc.)
SRV - (ScsiAccess [Auto | Running]) -- C:\WINDOWS\system32\ScsiAccess.EXE ()
SRV - (SNDSrvc [On_Demand | Stopped]) -- File not found
SRV - (Viewpoint Manager Service [Disabled | Stopped]) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (vundofixsvc [On_Demand | Stopped]) -- C:\WINDOWS\system32\VundoFixSVC.exe (Atribune.org)
SRV - (WANMiniportService [Auto | Running]) -- C:\WINDOWS\wanmpsvc.exe (America Online, Inc.)
SRV - (WMDM PMSP Service [Auto | Running]) -- C:\WINDOWS\System32\MsPMSPSv.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
SRV - (ZuneBusEnum [Auto | Running]) -- c:\WINDOWS\system32\ZuneBusEnum.exe (Microsoft Corporation)
SRV - (ZuneNetworkSvc [Auto | Stopped]) -- c:\Program Files\Zune\ZuneNss.exe (Microsoft Corporation)
SRV - (ZuneWlanCfgSvc [On_Demand | Stopped]) -- c:\WINDOWS\system32\ZuneWlanCfgSvc.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - ($sys$cor [Boot | Running]) -- C:\WINDOWS\System32\Drivers\$sys$cor.sys (First 4 Internet)
DRV - ($sys$crater [System | Running]) -- C:\WINDOWS\system32\$sys$filesystem\crater.sys (First 4 Internet)
DRV - (ASCTRM [Auto | Running]) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows ® 2000 DDK provider)
DRV - (BCMModem [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\BCMSM.sys (Broadcom Corporation)
DRV - (DcCam [System | Running]) -- C:\WINDOWS\system32\DRIVERS\DcCam.sys (Eastman Kodak Company)
DRV - (DcFpoint [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\DcFpoint.sys (Eastman Kodak Company)
DRV - (DCFS2K [Auto | Running]) -- C:\WINDOWS\system32\drivers\dcfs2k.sys (Eastman Kodak Company)
DRV - (DcLps [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\DcLps.sys (Eastman Kodak Company)
DRV - (DcPTP [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\DcPTP.sys (Eastman Kodak Company)
DRV - (Exportit [System | Stopped]) -- C:\WINDOWS\system32\DRIVERS\exportit.sys (Eastman Kodak Company)
DRV - (gameenum [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\gameenum.sys (Microsoft Corporation)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HPZid412 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZid412.sys (HP)
DRV - (HPZipr12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZipr12.sys (HP)
DRV - (HPZius12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZius12.sys (HP)
DRV - (InCDfs [Disabled | Running]) -- C:\WINDOWS\System32\drivers\InCDfs.sys (Nero AG)
DRV - (InCDPass [System | Running]) -- C:\WINDOWS\System32\DRIVERS\InCDPass.sys (Nero AG)
DRV - (incdrm [System | Running]) -- C:\WINDOWS\System32\drivers\InCDrm.sys (Nero AG)
DRV - (ixwrdaik [Boot | Running]) -- C:\WINDOWS\system32\drivers\ixwrdaik.sys (Microsoft Corporation)
DRV - (MCSTRM [Auto | Running]) -- C:\WINDOWS\System32\drivers\mcstrm.sys (RealNetworks, Inc.)
DRV - (MODEMCSA [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (OMCI [System | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS (Dell Computer Corporation)
DRV - (P16X [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\P16X.sys (Creative Technology Ltd.)
DRV - (PfModNT [Auto | Running]) -- C:\WINDOWS\System32\PfModNT.sys (Creative Technology Ltd.)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (rtl8139 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\RTL8139.SYS (Realtek Semiconductor Corporation)
DRV - (sasdifsv [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (sasenum [On_Demand | Stopped]) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (saskutil [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (sdcplh [System | Running]) -- C:\WINDOWS\System32\drivers\sdcplh.sys ()
DRV - (Secdrv [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SYMDNS [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS (Symantec Corporation)
DRV - (SymEvent [On_Demand | Running]) -- C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Corporation)
DRV - (SYMFW [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\SYMFW.SYS (Symantec Corporation)
DRV - (SYMIDS [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS (Symantec Corporation)
DRV - (SYMNDIS [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS (Symantec Corporation)
DRV - (SYMREDRV [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (SYMTDI [System | Running]) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (USBAAPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple, Inc.)
DRV - (wanatw [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys (America Online, Inc.)
DRV - (WinUSB [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\WinUSB.sys (Microsoft Corporation)
DRV - (xusb21 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\xusb21.sys (Microsoft Corporation)
DRV - (zumbus [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\zumbus.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - Reg Error: Key error. File not found
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/?src=toolbar
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

O1 HOSTS File: (686 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: () - {7746d366-2557-497f-9d12-4c8f7889e640} - c:\windows\system32\tdcdcky.dll ()
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (Viewpoint Toolbar) - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.9.0\IEViewBar.dll (Viewpoint Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &AOL Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnote...ad/mnviewer.cab (Musicnotes Viewer)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo.walgree...eensActivia.cab (Snapfish Activia)
O16 - DPF: {6E704581-CCAE-46D2-9C64-20D724B3624E} http://radaol-prod-w...agi3.0.84.2.cab (UnagiAx Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...ows-i586-jc.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius....tiveXPlugin.cab (ScorchPlugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!saswinlogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\irqrohbz: DllName - tdcdcky.dll - C:\WINDOWS\system32\tdcdcky.dll ()
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/06/12 16:31:01 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[10 C:\WINDOWS\System32\*.tmp files]
[7 C:\WINDOWS\*.tmp files]
[5 C:\DOCUME~1\KENTWI~1\My Documents\*.tmp files]
[2009/05/08 16:05:41 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/05/08 16:05:36 | 00,502,272 | ---- | C] (OldTimer Tools) -- C:\DOCUME~1\KENTWI~1\Desktop\OTListIt2.exe
[2009/05/08 16:05:36 | 00,267,612 | ---- | C] () -- C:\DOCUME~1\KENTWI~1\Desktop\Rooter.exe
[2009/05/08 15:31:11 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2009/05/08 15:28:12 | 00,000,000 | ---D | C] -- C:\SDFix
[2009/05/08 15:28:06 | 01,529,241 | ---- | C] () -- C:\DOCUME~1\KENTWI~1\Desktop\SDFix.exe
[2009/05/08 15:04:47 | 00,096,978 | ---- | C] (Business Information Solutions) -- C:\DOCUME~1\KENTWI~1\Desktop\VirtumundoBeGone.exe
[2009/05/08 14:53:25 | 00,001,734 | ---- | C] () -- C:\DOCUME~1\KENTWI~1\Desktop\HijackThis.lnk
[2009/05/08 14:53:25 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/05/07 13:23:29 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/05/07 13:16:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/05/07 13:16:08 | 00,000,780 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/05/07 13:16:06 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/05/07 13:16:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\KENT WIRGES\Application Data\SUPERAntiSpyware.com
[2009/05/07 13:15:36 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009/05/07 13:15:32 | 06,325,280 | ---- | C] () -- C:\DOCUME~1\KENTWI~1\Desktop\SUPERAntiSpyware.exe
[2009/05/06 17:07:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009/05/06 17:07:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\KENT WIRGES\Local Settings\temp
[2009/05/06 16:16:01 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2009/05/06 16:15:32 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\DOCUME~1\KENTWI~1\Desktop\HJTInstall.exe
[2009/05/05 17:55:11 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2009/05/05 17:43:33 | 00,000,398 | ---- | C] () -- C:\Boot.bak
[2009/05/05 17:43:29 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/05/05 17:43:27 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/05/05 17:42:33 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/05/05 17:42:33 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/05/05 17:42:33 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/05/05 17:42:33 | 00,117,248 | ---- | C] () -- C:\WINDOWS\vFind.exe
[2009/05/05 17:42:33 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/05/05 17:42:33 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/05/05 17:42:33 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/05/05 17:42:33 | 00,029,696 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/05/05 17:41:32 | 03,012,988 | R--- | C] () -- C:\DOCUME~1\KENTWI~1\Desktop\ComboFix.exe
[2009/05/05 17:02:53 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\secedit.exe
[2009/05/05 17:00:18 | 01,056,768 | ---- | C] () -- C:\WINDOWS\sectest.db
[2009/05/05 16:56:35 | 00,000,000 | ---D | C] -- C:\DOCUME~1\KENTWI~1\Desktop\Dial-a-fix-v0.60.0.24
[2009/05/05 16:56:25 | 00,335,992 | ---- | C] () -- C:\DOCUME~1\KENTWI~1\Desktop\Dial-a-fix-v0.60.0.24.zip
[2009/05/04 17:45:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/05/04 17:45:01 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/05/01 16:45:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2009/05/01 15:44:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\KENT WIRGES\Application Data\grhsbstt
[2009/05/01 14:38:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\KENT WIRGES\Application Data\Malwarebytes
[2009/05/01 14:38:37 | 00,000,696 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/05/01 14:38:36 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/05/01 14:38:33 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/05/01 14:38:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/05/01 14:38:27 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/04/29 15:17:58 | 00,578,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2009/04/29 15:11:24 | 00,000,434 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2009/04/27 22:01:08 | 00,064,407 | ---- | C] () -- C:\DOCUME~1\KENTWI~1\My Documents\Statement150_from_OMAHA_CHR.pdf
[2009/04/26 15:10:11 | 00,182,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndis.sys
[2009/04/25 11:26:07 | 00,005,360 | -HS- | C] () -- C:\WINDOWS\System32\nuvanifi.exe
[2009/04/24 17:22:05 | 00,860,754 | ---- | C] () -- C:\DOCUME~1\KENTWI~1\My Documents\NewsandNotes090424.pdf
[2009/04/24 12:29:45 | 00,000,000 | ---D | C] -- C:\Program Files\SymNetDrv
[2009/04/24 07:02:19 | 00,124,016 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2009/04/24 07:02:19 | 00,091,904 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2009/04/24 07:02:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\KENT WIRGES\Application Data\Symantec
[2009/04/24 07:02:02 | 00,466,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\capicom.dll
[2009/04/24 07:02:01 | 00,000,000 | ---D | C] -- C:\Program Files\Symantec
[2009/04/24 07:02:01 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2009/04/24 07:01:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2009/04/23 22:42:10 | 00,000,000 | ---D | C] -- C:\Program Files\Angle Interactive
[2009/04/23 22:14:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\KENT WIRGES\Application Data\Logs
[2009/04/23 22:09:44 | 00,000,000 | ---D | C] -- C:\My Downloads
[2009/04/23 22:09:33 | 00,000,000 | ---D | C] -- C:\Program Files\QuickDownloadPack
[2009/04/22 08:37:48 | 00,000,000 | ---D | C] -- C:\DOCUME~1\KENTWI~1\My Documents\BladeTrainCarr001
[2009/04/22 08:37:46 | 00,156,575 | ---- | C] () -- C:\DOCUME~1\KENTWI~1\My Documents\BladeTrainCarr001.zip
[2009/04/20 00:19:58 | 00,024,064 | ---- | C] () -- C:\DOCUME~1\KENTWI~1\My Documents\garretts.doc
[2009/04/18 14:54:27 | 00,461,841 | ---- | C] () -- C:\DOCUME~1\KENTWI~1\My Documents\NewsandNotes090417.pdf
[2009/04/15 17:05:26 | 00,473,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009/04/15 17:05:26 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009/04/15 17:05:26 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll
[2009/04/15 17:05:26 | 00,284,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll
[2009/04/15 17:05:26 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009/04/15 17:05:26 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009/04/15 17:05:25 | 00,729,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2009/04/15 17:05:25 | 00,714,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll
[2009/04/15 17:05:25 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll
[2009/04/15 17:01:55 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe
[2009/04/15 17:01:55 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp4res.dll
[2009/04/15 13:11:26 | 00,000,000 | ---D | C] -- C:\DOCUME~1\KENTWI~1\My Documents\postcard_1
[2009/04/15 12:41:59 | 00,699,201 | ---- | C] () -- C:\DOCUME~1\KENTWI~1\My Documents\100_3859.zip
[2009/04/15 12:36:04 | 01,405,773 | ---- | C] () -- C:\DOCUME~1\KENTWI~1\My Documents\postcard_1.zip
[2009/04/14 08:06:42 | 00,000,000 | ---D | C] -- C:\DOCUME~1\KENTWI~1\My Documents\R_U_Ready_Video
[2009/04/14 08:05:50 | 07,692,193 | ---- | C] () -- C:\DOCUME~1\KENTWI~1\My Documents\R_U_Ready_Video.zip
[2009/04/13 10:13:23 | 00,331,956 | -H-- | C] () -- C:\DOCUME~1\KENTWI~1\My Documents\ZbThumbnail.info
[2009/04/11 19:12:23 | 00,031,744 | ---- | C] () -- C:\DOCUME~1\KENTWI~1\My Documents\1989 supra theft deterant system.doc
[2009/04/09 12:00:11 | 00,019,968 | ---- | C] () -- C:\DOCUME~1\KENTWI~1\My Documents\When driving on the interstate.doc
[2008/05/03 11:59:57 | 00,000,078 | ---- | C] () -- C:\WINDOWS\TONKA.INI
[2007/12/25 14:53:11 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2007/08/22 18:20:20 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2007/08/22 18:18:35 | 00,225,280 | ---- | C] () -- C:\WINDOWS\System32\nvwrsda.dll
[2007/08/16 19:28:05 | 00,000,139 | ---- | C] () -- C:\WINDOWS\chmpchss.INI
[2007/07/29 10:39:02 | 00,000,960 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/06/09 18:47:53 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/05/03 17:26:18 | 00,000,151 | ---- | C] () -- C:\WINDOWS\Flash32.INI
[2007/05/03 17:25:09 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2007/04/21 17:00:02 | 00,001,179 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2006/11/23 14:16:54 | 00,163,840 | ---- | C] () -- C:\WINDOWS\System32\Cpl4811.dll
[2006/10/22 12:22:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/10/22 12:22:00 | 00,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/10/22 12:22:00 | 00,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/10/22 12:22:00 | 00,027,136 | ---- | C] () -- C:\WINDOWS\System32\nvcod.dll
[2006/07/21 20:59:25 | 00,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2006/07/20 20:23:48 | 00,040,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\sdcplh.sys
[2006/07/03 19:33:43 | 00,027,764 | ---- | C] () -- C:\WINDOWS\MiniCarRacing.ini
[2006/07/03 13:32:52 | 00,000,144 | ---- | C] () -- C:\WINDOWS\ka.ini
[2006/06/23 12:25:15 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2006/06/21 13:01:51 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Game.INI
[2006/06/21 11:27:32 | 00,000,900 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/06/12 18:16:24 | 00,000,045 | ---- | C] () -- C:\WINDOWS\EPSP825.ini
[2006/06/12 18:05:18 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/06/12 16:41:49 | 00,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2006/06/12 16:41:11 | 00,002,092 | ---- | C] () -- C:\WINDOWS\System32\P16X.ini
[2006/06/12 16:41:11 | 00,000,026 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2006/06/12 16:41:10 | 00,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[2006/06/12 16:41:10 | 00,039,936 | ---- | C] () -- C:\WINDOWS\System32\P16X.dll
[2006/06/12 16:41:08 | 00,006,175 | ---- | C] () -- C:\WINDOWS\MIXDEF.INI
[2006/06/12 16:41:08 | 00,005,917 | ---- | C] () -- C:\WINDOWS\SBMIXDEF.INI
[2006/06/12 16:41:07 | 00,000,064 | ---- | C] () -- C:\WINDOWS\P16x.ini
[2006/06/12 16:40:17 | 00,000,245 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2002/11/14 23:01:34 | 00,001,024 | ---- | C] () -- C:\WINDOWS\System32\atsdrve.dll
[2002/06/25 16:50:00 | 00,001,959 | ---- | C] () -- C:\WINDOWS\win.ini
[2002/06/25 16:48:54 | 00,144,384 | ---- | C] () -- C:\WINDOWS\uyahanof.dll
[2002/06/25 16:47:50 | 00,000,243 | ---- | C] () -- C:\WINDOWS\system.ini
[2002/06/25 16:43:40 | 00,143,872 | ---- | C] () -- C:\WINDOWS\System32\vjwhdmxu.dll
[2002/06/25 16:43:40 | 00,103,424 | ---- | C] () -- C:\WINDOWS\System32\wwgrnyb.dll
[2002/06/25 16:43:40 | 00,103,424 | ---- | C] () -- C:\WINDOWS\System32\tdcdcky.dll
[2000/09/08 15:53:50 | 00,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll
[1997/06/13 20:56:08 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

========== Files - Modified Within 30 Days ==========

[10 C:\WINDOWS\System32\*.tmp files]
[7 C:\WINDOWS\*.tmp files]
[5 C:\DOCUME~1\KENTWI~1\My Documents\*.tmp files]
[2009/05/08 16:04:36 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/08 16:04:34 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\KENT WIRGES\Local Settings\desktop.ini
[2009/05/08 16:04:31 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/05/08 15:55:30 | 00,502,272 | ---- | M] (OldTimer Tools) -- C:\DOCUME~1\KENTWI~1\Desktop\OTListIt2.exe
[2009/05/08 15:55:04 | 00,267,612 | ---- | M] () -- C:\DOCUME~1\KENTWI~1\Desktop\Rooter.exe
[2009/05/08 15:36:50 | 00,000,686 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2009/05/08 15:25:52 | 01,529,241 | ---- | M] () -- C:\DOCUME~1\KENTWI~1\Desktop\SDFix.exe
[2009/05/08 15:02:40 | 00,096,978 | ---- | M] (Business Information Solutions) -- C:\DOCUME~1\KENTWI~1\Desktop\VirtumundoBeGone.exe
[2009/05/08 14:53:26 | 00,001,734 | ---- | M] () -- C:\DOCUME~1\KENTWI~1\Desktop\HijackThis.lnk
[2009/05/08 14:50:41 | 00,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2009/05/07 13:16:08 | 00,000,780 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/05/07 13:11:08 | 06,325,280 | ---- | M] () -- C:\DOCUME~1\KENTWI~1\Desktop\SUPERAntiSpyware.exe
[2009/05/06 17:04:02 | 00,000,243 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/05/06 16:06:48 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\DOCUME~1\KENTWI~1\Desktop\HJTInstall.exe
[2009/05/05 17:55:01 | 00,290,888 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/05/05 17:52:35 | 00,578,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\user32.dll
[2009/05/05 17:52:35 | 00,578,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2009/05/05 17:43:33 | 00,000,468 | RHS- | M] () -- C:\boot.ini
[2009/05/05 17:42:04 | 03,012,988 | R--- | M] () -- C:\DOCUME~1\KENTWI~1\Desktop\ComboFix.exe
[2009/05/05 17:33:12 | 01,056,768 | ---- | M] () -- C:\WINDOWS\sectest.db
[2009/05/05 16:49:18 | 00,335,992 | ---- | M] () -- C:\DOCUME~1\KENTWI~1\Desktop\Dial-a-fix-v0.60.0.24.zip
[2009/05/05 16:34:25 | 00,001,959 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/05/05 16:34:25 | 00,000,398 | ---- | M] () -- C:\Boot.bak
[2009/05/01 21:32:51 | 00,182,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndis.sys
[2009/05/01 16:34:40 | 00,006,456 | -H-- | M] () -- C:\WINDOWS\System32\tapuginu
[2009/05/01 15:36:46 | 00,117,248 | ---- | M] () -- C:\WINDOWS\vFind.exe
[2009/05/01 14:38:37 | 00,000,696 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/05/01 14:34:24 | 00,078,822 | ---- | M] () -- C:\VETlog.dmp
[2009/04/29 16:21:31 | 00,002,137 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\iTunes.lnk
[2009/04/29 14:50:14 | 00,182,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ndis.sys
[2009/04/29 13:40:58 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/04/29 07:34:30 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/27 22:01:13 | 00,064,407 | ---- | M] () -- C:\DOCUME~1\KENTWI~1\My Documents\Statement150_from_OMAHA_CHR.pdf
[2009/04/27 09:47:34 | 00,002,483 | ---- | M] () -- C:\DOCUME~1\KENTWI~1\Desktop\Microsoft Word.lnk
[2009/04/25 11:26:07 | 00,005,360 | -HS- | M] () -- C:\WINDOWS\System32\nuvanifi.exe
[2009/04/24 17:22:12 | 00,860,754 | ---- | M] () -- C:\DOCUME~1\KENTWI~1\My Documents\NewsandNotes090424.pdf
[2009/04/22 20:38:16 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/04/22 08:37:47 | 00,156,575 | ---- | M] () -- C:\DOCUME~1\KENTWI~1\My Documents\BladeTrainCarr001.zip
[2009/04/20 00:19:59 | 00,024,064 | ---- | M] () -- C:\DOCUME~1\KENTWI~1\My Documents\garretts.doc
[2009/04/18 14:54:31 | 00,461,841 | ---- | M] () -- C:\DOCUME~1\KENTWI~1\My Documents\NewsandNotes090417.pdf
[2009/04/17 19:58:38 | 00,369,152 | -HS- | M] () -- C:\DOCUME~1\KENTWI~1\My Documents\Thumbs.db
[2009/04/16 12:45:58 | 00,000,654 | ---- | M] () -- C:\DOCUME~1\KENTWI~1\My Documents\Shortcut to Dalton's space cover.lnk
[2009/04/16 12:45:58 | 00,000,394 | ---- | M] () -- C:\DOCUME~1\KENTWI~1\My Documents\Shortcut to Shared Documents.lnk
[2009/04/15 21:37:48 | 00,406,328 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/04/15 21:37:47 | 00,063,528 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/04/15 21:37:46 | 00,477,846 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/15 21:21:02 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/04/15 12:42:04 | 00,699,201 | ---- | M] () -- C:\DOCUME~1\KENTWI~1\My Documents\100_3859.zip
[2009/04/15 12:36:16 | 01,405,773 | ---- | M] () -- C:\DOCUME~1\KENTWI~1\My Documents\postcard_1.zip
[2009/04/14 08:06:42 | 07,692,193 | ---- | M] () -- C:\DOCUME~1\KENTWI~1\My Documents\R_U_Ready_Video.zip
[2009/04/13 10:33:15 | 00,331,956 | -H-- | M] () -- C:\DOCUME~1\KENTWI~1\My Documents\ZbThumbnail.info
[2009/04/11 19:12:24 | 00,031,744 | ---- | M] () -- C:\DOCUME~1\KENTWI~1\My Documents\1989 supra theft deterant system.doc
[2009/04/09 12:00:14 | 00,019,968 | ---- | M] () -- C:\DOCUME~1\KENTWI~1\My Documents\When driving on the interstate.doc
< End of report >

OTListIt Extras logfile created on: 5/8/2009 4:08:48 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.15.4 Folder = C:\Documents and Settings\KENT WIRGES\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.01 Mb Total Physical Memory | 280.08 Mb Available Physical Memory | 54.81% Memory free
1.22 Gb Paging File | 1.03 Gb Available in Paging File | 84.02% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 24.54 Gb Free Space | 32.94% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 244.44 Mb Total Space | 242.12 Mb Free Space | 99.05% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: WIRGESCOMPUTER
Current User Name: KENT WIRGES
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\symantecantivirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\symantecfirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10244:TCP" = 10244:TCP:LocalSubNet:Enabled:Zune Network Sharing Service
"10285:UDP" = 10285:UDP:LocalSubNet:Enabled:Zune Network Sharing Service
"10286:UDP" = 10286:UDP:LocalSubNet:Enabled:Zune Network Sharing Service
"10287:UDP" = 10287:UDP:LocalSubNet:Enabled:Zune Network Sharing Service
"10288:UDP" = 10288:UDP:LocalSubNet:Enabled:Zune Network Sharing Service
"10289:UDP" = 10289:UDP:LocalSubNet:Enabled:Zune Network Sharing Service

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"10244:TCP" = 10244:TCP:LocalSubNet:Enabled:Zune Network Sharing Service
"10285:UDP" = 10285:UDP:LocalSubNet:Enabled:Zune Network Sharing Service
"10286:UDP" = 10286:UDP:LocalSubNet:Enabled:Zune Network Sharing Service
"10287:UDP" = 10287:UDP:LocalSubNet:Enabled:Zune Network Sharing Service
"10288:UDP" = 10288:UDP:LocalSubNet:Enabled:Zune Network Sharing Service
"10289:UDP" = 10289:UDP:LocalSubNet:Enabled:Zune Network Sharing Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 (America Online, Inc.)
C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL 9.0 (AOL, LLC.)
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 (America Online, Inc.)
C:\Program Files\Rio\Rio Music Manager\riomm.exe:*:Enabled:Rio Music Manager (Digital Networks North America, Inc.)
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater ()
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL Connectivity Service Dialer (AOL LLC)
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL Connectivity Service (AOL LLC)
C:\Program Files\Common Files\AOL\1187327464\ee\aolsoftware.exe:*:Enabled:AOL Shared Components (AOL LLC)
C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed (AOL LLC)
C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader (America Online, Inc.)
C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL System Information (AOL LLC)
C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL 9.0 (AOL, LLC.)
C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes (Apple Inc.)
C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour (Apple Inc.)
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe:*:Enabled:GoogleToolbarNotifier (Google Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}" = Zune Language Pack (FR)
"{015E4B8A-29B5-4AE3-BD08-38220FADFF4C}" = aspi
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0DC86BEC-5CE3-413A-BB61-C40A3D186B24}" = Scan
"{10E98E14-832C-4AF7-A4D1-6A9EF83B282E}" = VCAMCEN
"{14220DB1-DD96-4BCD-B3D5-03A4EA6631C4}" = RemoteCapture 2.7.5
"{14BEB6DF-A499-4A38-8E06-E173BCD5C087}" = ScannerCopy
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{154508C0-07C5-4659-A7A0-E49968750D21}" = HLPPDOCK
"{17293791-C82E-476C-9997-9A0FF234A19B}" = HP Product Assistant
"{178BAABD-0C95-4EB6-9E12-29A039EA27F6}" = Qwest eChat Support Tools
"{181821B7-82AA-44DA-9DAF-EF254CCB670A}" = Fax
"{1AD5F465-8282-4DAD-B957-E09C0B783D18}" = InstantShare
"{1B680FBA-E317-4E93-AF43-3B59798A4BE0}" = Copy
"{20FBC0A0-3160-4F14-83ED-3A74BB6B8C31}" = TrayApp
"{2236B741-6631-49AE-B76E-3E14CA01CC87}" = RemoteCapture Task
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{272EC8BA-5A08-4ea1-A189-684466A06B02}" = cp_dwShrek2Albums1
"{282EF7E3-AE54-48AE-A11D-27F512F23AB3}" = Rio Music Manager
"{2D1C2321-8FDB-49B8-A66B-4008DC0B6B5D}" = File Viewer Utility 1.3.2
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{2E8428AD-6CD2-4031-916A-3CF9BBF2DEC9}" = Unload
"{318AB667-3230-41B5-A617-CB3BF748D371}" = iTunes
"{31A57C3E-30DD-421F-B5C7-974DACB0D05F}" = Canon Camera WIA Driver
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{342C7C88-D335-4bc2-8CF1-281857629CE2}" = HP PSC & OfficeJet 4.7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3762DB2D-71BD-421F-9E55-C74DA7DF4D07}" = CueTour
"{391E18CE-7D3B-45E9-A8F0-34E77F14F47A}" = ProductContext
"{3B304631-1355-4A32-BEA0-494DEFB3506D}" = Nancy Drew: The Final Scene
"{442BE28B-782B-4DC0-B490-E70A403B1C69}" = Readme
"{461073BF-9642-4A73-B58E-157358D412AB}" = 6200
"{469730CC-78DF-4CD3-B286-562D459EA619}" = ESSCAM
"{48C82F7A-F100-4DAB-A310-8E18BF2159E1}" = ESSvpot
"{493F2531-C2E5-4B73-8B11-66E9CFDA9AFA}" = Rio Internet Update
"{4998FF95-709A-430A-B104-92A009ABB848}" = QuickConnect
"{582D2A53-F426-4C5E-A2E6-43C1AB36B907}" = Safari
"{58762801-BA53-42B3-890B-C6B9CC8CFE26}" = QuickConnect
"{5E8D588F-307C-4250-B622-26969027319A}" = PanoStandAlone
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{644D04A2-C682-4FD5-977D-03B804C4B9C5}" = CreativeProjects
"{646A65DD-23FC-418E-B9F0-E0500FB42CB1}" = PhotoGallery
"{64FC0C98-B035-4530-B15D-3D30610B6DF1}" = HP Software Update
"{6518675B-CC8D-4AB3-A3F6-CC02FF6548D7}" = 6200_Help
"{655CB07D-C944-40BE-B93F-55957CAC7625}" = AiO_Scan
"{66F0AC35-4805-44BC-A3D4-347D4196F9B3}" = Microsoft Xbox 360 Accessories 1.1
"{68963635-14A4-48D9-B431-DF3A74D1AAE1}" = Destinations
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69BD6399-3D8F-45B7-81D9-819361F5101D}" = PCDLNCH
"{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}" = Power Tab Editor 1.7
"{700A6597-3CE6-49C1-AA75-846B24CDA66D}" = BufferChm
"{724517BD-1DE1-4986-BFCA-C1DFD379E3BC}" = cp_dwShrek2Cards1
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{78F79C84-BFD5-4D79-A07D-F39A3CF428DC}" = HLPIndex
"{797EE0CA-8165-405C-B5CE-F11EC20F1BB0}" = Microsoft VC9 runtime libraries
"{7AD25C9F-9957-4D1C-95EF-9BCD09F6D31B}" = HPSystemDiagnostics
"{7D999C82-259D-47D6-A081-E2DFEFB2EFBE}" = Philips Device Transfer Pop-up
"{84CDF5A8-1D57-4B69-BAB6-1F11D8923375}" = SkinsHP1
"{85CFD253-38AE-4DB1-ACB7-F0F4C791990D}" = AiOSoftware
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{87843A41-7808-4F2E-B13F-25C1E67CF2FD}" = ESShelp
"{8BB4B58A-A402-4DE8-8FCD-287E60B88DD8}" = ESSCT
"{8BC3B99B-A6BE-4A0B-8535-B1B94BA4B1B1}" = DocProc
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90300409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content
"{91130409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Small Business
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{924EB80F-C2BB-4B9F-8412-88BBA937393F}" = MobileMe Control Panel
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9692FD03-6662-4E62-B08C-30DFF51651E1}" = Actiontec Gateway
"{96E16100-A77F-4B31-B9AD-FFBA040EE1BD}" = Sound Blaster Live!
"{972C1B83-34ED-4A9A-AE27-10B39B096201}" = Rave-MP
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9D1CF8B6-17B3-4832-B062-2C2DD0B57B04}" = CCHelp
"{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore
"{9E38979C-FA65-476D-80C7-72F4EADE726C}" = Nancy Drew: The Curse of Blackmoor Manor
"{A0AF08BA-3630-4505-BFB2-A41F3837B0D0}" = SFR2
"{A29EA741-24F7-4C07-9B2C-06CB6491BE4A}" = Camera Window
"{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}" = ESSvpaht
"{A5B9D22C-755A-4AC6-9904-875E80838BB6}" = CP_AtenaShokunin1Config
"{A6F18A67-B771-4191-8A33-36D2E742D6D9}" = ESSANUP
"{AC76BA86-7AD7-1033-7B44-A70800000002}" = Adobe Reader 7.0.8
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B911B811-BA3E-46D4-90F8-6F3338359651}" = Director
"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU
"{BD29EBAC-AD7D-4b27-B727-4CC6AC52D36B}" = MarketResearch
"{BEF56F2D-56ED-4176-BF72-7B68D4A3B98D}" = Canon PhotoRecord
"{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon Utilities ZoomBrowser EX
"{C354C9B6-A4E0-4BB0-A368-6DC6BCA0E314}" = SFR
"{C3F81504-72F3-4262-9449-487404DA75BB}" = 6200Trb
"{C8E4455F-0F70-4DA2-A9F9-2D56C80E10AD}" = Sibelius Scorch (ActiveX Only)
"{CA0A1E54-CE0F-4366-B09C-A87B61DC5633}" = Symantec Network Drivers Update
"{CA60320D-6A16-49C8-A34F-84EEF4799567}" = ESSTUTOR
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{cddcbbf1-2703-46bc-938b-bcc81a1eeaaa}" = SUPERAntiSpyware Free Edition
"{CDFCF124-115F-4976-8BF4-08C89187A146}" = WebReg
"{CE0C8CC5-E396-442B-A50E-D1D374A9E820}" = DocumentViewer
"{D15E9DB5-6BEB-4534-901E-80C0A29BAB97}" = ESSAdpt
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{EE4ACABF-531E-419A-9225-B8E0FA4955AF}" = Zune Language Pack (ES)
"{F11A403B-0DE9-4953-B790-7A2F014FBB2B}" = PhotoStitch
"{F2D0C1B1-80FF-46F9-BA61-33B01A07FAFC}" = HLPCCTR
"{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}" = OTtBP
"{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime
"{FAF0DAD8-1EA7-4FEF-80E5-8D8D6EBD5A23}" = RAW Image Task
"{FC22D020-3005-4715-8DF9-F3EDE81DEB3D}" = CreativeProjectsTemplates
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FF70513F-E3A7-402F-84FB-B7810A064BE2}" = Zune
"82A44D22-9452-49FB-00FB-CEC7DCAF7E23" = EA SPORTS online 2007
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Animals of Africa" = Animals of Africa
"AOL Toolbar" = AOL Toolbar
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"AolCoach" = AOL Coach Version 1.0(Build:20030807.3)
"AudibleManager" = AudibleManager
"BCM V.92 56K Modem" = BCM V.92 56K Modem
"Booym" = Booym
"Championship Chess" = Championship Chess
"Charmed" = Charmed
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Dark Tiles" = Dark Tiles
"Demonstar Special Edition" = Demonstar Special Edition
"Drone" = Drone
"DVD Decrypter" = DVD Decrypter (Remove Only)
"EPSON Printer and Utilities" = EPSON Printer Software
"Fishing Special Edition" = Fishing Special Edition
"Gonzo Heads" = Gonzo Heads
"HijackThis" = HijackThis 2.0.2
"HP Photo & Imaging" = HP Image Zone 4.7
"HPExtendedCapabilities" = HP Extended Capabilities 4.7
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{14220DB1-DD96-4BCD-B3D5-03A4EA6631C4}" = Canon Utilities RemoteCapture 2.7
"InstallShield_{2236B741-6631-49AE-B76E-3E14CA01CC87}" = Canon RemoteCapture Task for ZoomBrowser EX
"InstallShield_{2D1C2321-8FDB-49B8-A66B-4008DC0B6B5D}" = Canon Utilities File Viewer Utility 1.3
"InstallShield_{31A57C3E-30DD-421F-B5C7-974DACB0D05F}" = Canon EOS Kiss REBEL 300D WIA Driver
"InstallShield_{A29EA741-24F7-4C07-9B2C-06CB6491BE4A}" = Canon Camera Window for ZoomBrowser EX
"InstallShield_{F11A403B-0DE9-4953-B790-7A2F014FBB2B}" = Canon Utilities PhotoStitch 3.1
"InstallShield_{FAF0DAD8-1EA7-4FEF-80E5-8D8D6EBD5A23}" = Canon RAW Image Task for ZoomBrowser EX
"InterActual Player" = InterActual Player
"LiveUpdate" = LiveUpdate 3.0 (Symantec Corporation)
"malwarebytes' anti-malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nancy Drew: Stay Tuned For Danger" = Nancy Drew: Stay Tuned For Danger
"Nero PhotoShow Elite" = Nero PhotoShow Elite
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Node Jumper Special Edition" = Node Jumper Special Edition
"NVIDIA Display Driver" = NVIDIA Display Driver
"NVIDIA Drivers" = NVIDIA Drivers
"RealPlayer 6.0" = RealPlayer Basic
"Scripture Memory System" = Scripture Memory System
"Silent Package Run-Time Sample" = EPSON Online Reference Guide
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Standard Edition" = Standard Edition
"Star Miner Special Edition" = Star Miner Special Edition
"Street Legal Racing Redline" = Street Legal Racing Redline
"StreetPlugin" = Learn2 Player (Uninstall Only)
"tv_enua" = Lernout & Hauspie TruVoice American English TTS Engine
"USB Game Controller" = USB Game Controller
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"Viewpoint Toolbar" = Viewpoint Toolbar
"ViewpointMediaPlayer" = Viewpoint Media Player
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"winusb0100" = Microsoft WinUsb 1.0
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WOLAPI" = Westwood Shared Internet Components
"Wudf01007" = Microsoft User-Mode Driver Framework Feature Pack 1.7
"Zune" = Zune

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/1/2009 3:38:31 PM | Computer Name = WIRGESCOMPUTER | Source = Application Error | ID = 1000
Description = Faulting application eftkguwn.exe, version 0.0.0.0, faulting module
msvcrt.dll, version 7.0.2600.5512, fault address 0x000360ad.

Error - 5/1/2009 3:38:51 PM | Computer Name = WIRGESCOMPUTER | Source = Application Error | ID = 1000
Description = Faulting application eftkguwn.exe, version 0.0.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x00002f2f.

Error - 5/1/2009 5:24:35 PM | Computer Name = WIRGESCOMPUTER | Source = Application Error | ID = 1000
Description = Faulting application eftkguwn.exe, version 0.0.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x0000000f.

Error - 5/1/2009 5:25:44 PM | Computer Name = WIRGESCOMPUTER | Source = Application Error | ID = 1000
Description = Faulting application eftkguwn.exe, version 0.0.0.0, faulting module
msvcrt.dll, version 7.0.2600.5512, fault address 0x000360ad.

Error - 5/1/2009 5:29:16 PM | Computer Name = WIRGESCOMPUTER | Source = Application Error | ID = 1000
Description = Faulting application eftkguwn.exe, version 0.0.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x0000000f.

Error - 5/1/2009 5:39:10 PM | Computer Name = WIRGESCOMPUTER | Source = Application Error | ID = 1000
Description = Faulting application eftkguwn.exe, version 0.0.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x0000000f.

Error - 5/1/2009 5:45:31 PM | Computer Name = WIRGESCOMPUTER | Source = Application Error | ID = 1000
Description = Faulting application hpqtra08.exe, version 45.4.157.0, faulting module
hpqcxm08.dll, version 45.4.157.0, fault address 0x0000119d.

Error - 5/1/2009 5:49:12 PM | Computer Name = WIRGESCOMPUTER | Source = Application Error | ID = 1000
Description = Faulting application eftkguwn.exe, version 0.0.0.0, faulting module
msvcrt.dll, version 7.0.2600.5512, fault address 0x000360ad.

Error - 5/1/2009 5:58:34 PM | Computer Name = WIRGESCOMPUTER | Source = Application Error | ID = 1000
Description = Faulting application eftkguwn.exe, version 0.0.0.0, faulting module
msvcrt.dll, version 7.0.2600.5512, fault address 0x000360ad.

Error - 5/6/2009 5:48:38 PM | Computer Name = WIRGESCOMPUTER | Source = Winlogon | ID = 1015
Description = A critical system process, C:\WINDOWS\system32\lsass.exe, failed with
status code 00000000. The machine must now be restarted.

[ System Events ]
Error - 5/8/2009 4:47:57 PM | Computer Name = WIRGESCOMPUTER | Source = Service Control Manager | ID = 7001
Description = The Zune Network Sharing Service service depends on the Universal
Plug and Play Device Host service which failed to start because of the following
error: %%0

Error - 5/8/2009 4:47:57 PM | Computer Name = WIRGESCOMPUTER | Source = Service Control Manager | ID = 7034
Description = The Automatic LiveUpdate Scheduler service terminated unexpectedly.
It has done this 1 time(s).

Error - 5/8/2009 5:04:41 PM | Computer Name = WIRGESCOMPUTER | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the AOL Connectivity Service
service to connect.

Error - 5/8/2009 5:04:41 PM | Computer Name = WIRGESCOMPUTER | Source = Service Control Manager | ID = 7000
Description = The AOL Connectivity Service service failed to start due to the following
error: %%1053

Error - 5/8/2009 5:04:41 PM | Computer Name = WIRGESCOMPUTER | Source = Service Control Manager | ID = 7000
Description = The Background Intelligent Transfer Service service failed to start
due to the following error: %%2

Error - 5/8/2009 5:04:41 PM | Computer Name = WIRGESCOMPUTER | Source = Service Control Manager | ID = 7000
Description = The Automatic Updates service failed to start due to the following
error: %%2

Error - 5/8/2009 5:04:41 PM | Computer Name = WIRGESCOMPUTER | Source = Service Control Manager | ID = 7001
Description = The Zune Network Sharing Service service depends on the Universal
Plug and Play Device Host service which failed to start because of the following
error: %%0

Error - 5/8/2009 5:04:43 PM | Computer Name = WIRGESCOMPUTER | Source = Removable Storage Service | ID = 262255
Description = RSM could not load media in drive Drive 0 of library SanDisk Cruzer
Mini USB Device.

Error - 5/8/2009 5:04:47 PM | Computer Name = WIRGESCOMPUTER | Source = Removable Storage Service | ID = 262255
Description = RSM could not load media in drive Drive 0 of library SanDisk Cruzer
Mini USB Device.

Error - 5/8/2009 5:04:52 PM | Computer Name = WIRGESCOMPUTER | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

< End of report >

#4
andrewuk

Posted 08 May 2009 - 03:59 PM

Trusted Helper

Malware Removal
5,297 posts

delete the version of combofix you have and then please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

also:

We will runOTListIt , but go for a shortened log.

Close all windows and open it by double clicking on the icon
we are targetting a selective output, hence:
- on the left hand side, in the box titled "Processes" select none
- on the left hand side, in the box titled "Drivers" select none
- on the left hand side, in the box titled "Extra Registry" select none
- on the right hand side, in the box titled "Files created within" select none
- on the right hand side, in the box titled "Files modified within" select none
- tick both the boxes marked Purity check and Lop check
Click Run Scan and let the program run uninterrupted
It will produce one log for you called OTListIt.txt. Please post both that log here in reply.
You may need to use two posts to get it all on the forum

andrewuk

Edited by andrewuk, 08 May 2009 - 04:00 PM.

#5
amd256

Posted 08 May 2009 - 04:25 PM

Member

Topic Starter
Member
10 posts

Combo Fix:

ComboFix 09-05-08.03 - KENT WIRGES 05/08/2009 17:07.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.276 [GMT -5:00]
Running from: c:\documents and settings\KENT WIRGES\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\KENTWI~1\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\KENT WIRGES\Local Settings\temp\IadHide5.dll

.
((((((((((((((((((((((((( Files Created from 2009-04-08 to 2009-05-08 )))))))))))))))))))))))))))))))
.

2009-05-08 21:05 . 2009-05-08 21:07 -------- d-----w C:\Rooter$
2009-05-08 20:31 . 2009-05-08 20:31 -------- d-----w c:\windows\ERUNT
2009-05-08 20:28 . 2009-05-08 21:02 -------- d-----w C:\SDFix
2009-05-08 19:53 . 2009-05-08 19:53 -------- d-----w c:\program files\Trend Micro
2009-05-07 18:16 . 2009-05-07 18:16 -------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-05-07 18:16 . 2009-05-07 18:16 -------- d-----w c:\program files\SUPERAntiSpyware
2009-05-07 18:16 . 2009-05-07 18:16 -------- d-----w c:\documents and settings\KENT WIRGES\Application Data\SUPERAntiSpyware.com
2009-05-07 18:15 . 2009-05-07 18:15 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-05-07 18:07 . 2009-05-07 18:07 24576 ----a-w c:\windows\system32\VundoFixSVC.exe
2009-05-06 21:16 . 2009-05-08 14:21 -------- d-----w C:\VundoFix Backups
2009-05-05 22:55 . 2009-05-08 22:04 -------- d-----w c:\windows\system32\NtmsData
2009-05-05 22:02 . 2004-08-04 06:56 18432 ----a-w c:\windows\system32\secedit.exe
2009-05-01 20:44 . 2009-05-01 20:44 -------- d-----w c:\documents and settings\KENT WIRGES\Application Data\grhsbstt
2009-05-01 20:44 . 2009-05-01 20:44 -------- d-----w c:\documents and settings\KENT WIRGES\Local Settings\Application Data\grhsbstt
2009-05-01 19:38 . 2009-05-01 19:38 -------- d-----w c:\documents and settings\KENT WIRGES\Application Data\Malwarebytes
2009-05-01 19:38 . 2009-04-06 20:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-01 19:38 . 2009-04-06 20:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-01 19:38 . 2009-05-01 19:38 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-01 19:38 . 2009-05-01 19:38 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-29 20:17 . 2009-05-05 22:52 578560 -c--a-w c:\windows\system32\dllcache\user32.dll
2009-04-26 20:10 . 2009-05-02 02:32 182656 -c--a-w c:\windows\system32\dllcache\ndis.sys
2009-04-25 16:26 . 2009-04-25 16:26 5360 --sh--w c:\windows\system32\nuvanifi.exe
2009-04-24 17:29 . 2009-04-24 17:29 -------- d-----w c:\program files\SymNetDrv
2009-04-24 13:52 . 2009-04-24 13:52 -------- d-----w c:\documents and settings\NetworkService\Application Data\Symantec
2009-04-24 12:02 . 2006-09-16 03:52 124016 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS
2009-04-24 12:02 . 2006-09-16 03:52 91904 ----a-w c:\windows\system32\S32EVNT1.DLL
2009-04-24 12:02 . 2009-04-24 13:25 -------- d-----w c:\documents and settings\KENT WIRGES\Application Data\Symantec
2009-04-24 12:02 . 2009-04-24 17:30 -------- d-----w c:\program files\Symantec
2009-04-24 12:02 . 2009-05-05 21:53 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-04-24 12:01 . 2009-05-05 21:51 -------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-04-24 03:42 . 2009-04-24 20:35 -------- d-----w c:\program files\Angle Interactive
2009-04-24 03:14 . 2009-04-24 03:14 -------- d-----w c:\documents and settings\KENT WIRGES\Application Data\Logs
2009-04-24 03:09 . 2009-04-24 03:09 -------- d-----w C:\My Downloads
2009-04-24 03:09 . 2009-04-24 03:15 -------- d-----w c:\program files\QuickDownloadPack
2009-04-15 22:05 . 2009-03-06 14:22 284160 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-15 22:05 . 2009-02-09 12:10 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-15 22:05 . 2009-02-06 11:11 110592 -c----w c:\windows\system32\dllcache\services.exe
2009-04-15 22:05 . 2009-02-09 12:10 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-15 22:05 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 22:05 . 2009-02-09 12:10 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 22:05 . 2009-02-09 12:10 729088 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-04-15 22:05 . 2009-02-09 12:10 617472 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-15 22:05 . 2009-02-09 12:10 714752 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-15 22:01 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-15 22:01 . 2008-04-21 12:08 215552 -c----w c:\windows\system32\dllcache\wordpad.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-05 22:55 . 2006-09-27 15:02 82728 -c--a-w c:\documents and settings\KENT WIRGES\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-05 22:52 . 2002-06-25 21:48 578560 ----a-w c:\windows\system32\user32.dll
2009-04-29 19:50 . 2002-06-25 21:42 182656 ----a-w c:\windows\system32\drivers\ndis.sys
2009-04-29 14:33 . 2006-12-25 14:23 -------- d-----w c:\program files\Electronic Arts
2009-04-29 13:29 . 2006-07-04 00:30 -------- d-----w c:\program files\eGames
2009-04-29 13:28 . 2006-07-03 18:30 -------- d-----w c:\program files\Barbie™
2009-04-29 13:25 . 2006-10-10 01:08 -------- d-----w c:\program files\WB03d2se
2009-04-29 13:25 . 2006-06-12 21:38 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-20 17:36 . 2007-09-13 21:30 -------- d-----w c:\program files\AOL 9.0
2009-04-07 13:03 . 2006-12-22 13:06 -------- d-----w c:\program files\GameSpy Arcade
2009-04-07 13:01 . 2006-08-07 13:59 -------- d-----w c:\program files\THQ
2009-04-07 12:51 . 2007-07-09 22:57 -------- d-----w c:\program files\Best Buy Rhapsody
2009-03-06 14:22 . 2002-06-25 21:44 284160 ------w c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2002-03-05 13:56 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-20 18:09 . 2006-06-20 18:33 78336 ------w c:\windows\system32\ieencode.dll
2009-02-09 12:10 . 2002-06-25 21:40 729088 ------w c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2002-06-25 21:45 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 12:10 . 2002-06-25 21:43 714752 ------w c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2002-06-25 21:36 617472 ------w c:\windows\system32\advapi32.dll
2009-02-09 11:13 . 2002-06-25 21:50 1846784 ------w c:\windows\system32\win32k.sys
2009-02-08 00:02 . 2002-06-25 21:43 2066048 ------w c:\windows\system32\ntkrnlpa.exe
2005-01-21 00:53 . 2006-10-06 18:58 45056 -c----r c:\program files\SetAttrib.exe
2004-11-30 07:23 . 2006-10-06 18:58 40960 -c----r c:\program files\delete.exe
2002-07-19 16:50 . 2006-11-23 19:16 153088 ----a-w c:\program files\UNWISE.EXE
2009-01-24 04:24 . 2009-01-24 04:24 70656 --sha-w c:\windows\system32\hosobeki.dll.tmp
2009-01-19 14:22 . 2009-01-19 14:22 70656 --sha-w c:\windows\system32\jokabaje.dll.tmp
2009-01-19 14:22 . 2009-01-19 14:22 70656 --sha-w c:\windows\system32\lurukipe.dll.tmp
2009-01-19 02:14 . 2009-01-19 02:14 71168 --sha-w c:\windows\system32\mohuleti.dll.tmp
2009-01-24 04:24 . 2009-01-24 04:24 70656 --sha-w c:\windows\system32\pasusowi.dll.tmp
2009-01-19 02:14 . 2009-01-19 02:14 71168 --sha-w c:\windows\system32\rakisato.dll.tmp
2009-01-19 14:22 . 2009-01-19 14:22 70656 --sha-w c:\windows\system32\selababe.dll.tmp
2009-01-24 04:24 . 2009-01-24 04:24 70656 --sha-w c:\windows\system32\tenagoki.dll.tmp
2009-01-19 02:14 . 2009-01-19 02:14 71168 --sha-w c:\windows\system32\wapizaji.dll.tmp
.

((((((((((((((((((((((((((((( SnapShot@2009-05-05_22.56.16 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-07 18:16 . 2009-05-07 18:16 65024 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
+ 2009-05-07 18:16 . 2009-05-07 18:16 18944 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2009-05-08 20:31 . 2009-05-08 20:31 159744 c:\windows\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
+ 2009-05-08 20:31 . 2008-08-07 20:27 163328 c:\windows\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2009-05-08 20:31 . 2009-05-08 20:31 159744 c:\windows\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2009-05-08 20:31 . 2008-08-07 20:27 163328 c:\windows\ERUNT\SDFIX\ERDNT.EXE
+ 2009-05-08 20:31 . 2009-05-08 20:31 6737920 c:\windows\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT
+ 2009-05-08 20:31 . 2009-05-08 20:31 6737920 c:\windows\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7746d366-2557-497f-9d12-4c8f7889e640}]
2002-06-25 21:43 103424 ----a-w c:\windows\system32\tdcdcky.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-06 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-10-06 5058560]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-4 53248]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2004-4-27 635019]
Kodak software updater.lnk - c:\program files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-2-11 16423]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!saswinlogon]
2008-12-22 17:05 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\irqrohbz]
2002-06-25 21:43 103424 ----a-w c:\windows\system32\tdcdcky.dll

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave"= serwvdrv.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\c:^documents and settings^all users^start menu^programs^startup^adobe reader speed launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=3 (0x3)
"Viewpoint Manager Service"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Rio\\Rio Music Manager\\riomm.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1187327464\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 $sys$cor;$sys$cor;c:\windows\system32\drivers\$sys$cor.sys [10/6/2004 9:11 AM 18432]
R0 ixwrdaik;ixwrdaik;c:\windows\system32\drivers\ixwrdaik.sys [6/25/2002 4:43 PM 23424]
R1 $sys$crater;$sys$crater;c:\windows\system32\$sys$filesystem\crater.sys [10/7/2004 2:57 AM 11904]
R1 sasdifsv;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [4/28/2009 11:33 AM 9968]
R1 saskutil;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [4/28/2009 11:33 AM 72944]
S3 e61153df-2988-4efa-aa1a-60e402277357;e61153df-2988-4efa-aa1a-60e402277357;\??\d:\cds300\cds300.dll --> d:\cds300\cds300.dll [?]
S3 Fadpu16E;Fadpu16E;\??\c:\docume~1\KENTWI~1\LOCALS~1\Temp\Fadpu16E.sys --> c:\docume~1\KENTWI~1\LOCALS~1\Temp\Fadpu16E.sys [?]
S3 sasenum;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [4/28/2009 11:33 AM 7408]
S3 vundofixsvc;VundoFix Service;VundoFixSVC.exe --> VundoFixSVC.exe [?]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [5/27/2007 9:39 PM 24652]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
tofrlson
.
Contents of the 'Scheduled Tasks' folder

2009-04-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:34]

2009-05-08 c:\windows\Tasks\At1.job
- c:\windows\system32\tdcdcky.dll [2002-06-25 21:43]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com/?src=toolbar
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local;<local>
uInternet Settings,ProxyServer = http=localhost:7171
IE: &AOL Toolbar Search - c:\documents and settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-08 17:12
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SNDSrvc]
"ImagePath"="-"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(512)
c:\program files\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'explorer.exe'(3092)
c:\progra~1\WINDOW~3\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Ahead\InCD\InCDsrv.exe
c:\program files\Common Files\AOL\ACS\AOLacsd.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTsvcCDA.EXE
c:\program files\Common Files\EPSON\EBAPI\SAgent2.exe
c:\windows\system32\drivers\KodakCCS.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\RioMSC.exe
c:\windows\system32\ScsiAccess.EXE
c:\windows\wanmpsvc.exe
c:\windows\system32\MsPMSPSv.exe
c:\windows\system32\ZuneBusEnum.exe
c:\windows\system32\wscntfy.exe
c:\program files\HP\Digital Imaging\bin\hpqgalry.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
.
**************************************************************************
.
Completion time: 2009-05-08 17:21 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-08 22:20
ComboFix2.txt 2009-05-06 22:07
ComboFix3.txt 2009-05-05 23:03

Pre-Run: 26,339,946,496 bytes free
Post-Run: 26,316,406,784 bytes free

236 --- E O F --- 2009-04-16 02:21

OTListIt:

OTListIt logfile created on: 5/8/2009 5:22:38 PM - Run 2
OTListIt2 by OldTimer - Version 2.0.15.4 Folder = C:\Documents and Settings\KENT WIRGES\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.01 Mb Total Physical Memory | 263.63 Mb Available Physical Memory | 51.59% Memory free
1.22 Gb Paging File | 1.02 Gb Available in Paging File | 83.83% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 24.53 Gb Free Space | 32.93% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 244.44 Mb Total Space | 239.11 Mb Free Space | 97.82% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: WIRGESCOMPUTER
Current User Name: KENT WIRGES
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Win32 Services (SafeList) ==========

SRV - (AOL ACS [Auto | Stopped]) -- C:\Program Files\Common Files\AOL\ACS\acsd.exe (AOL LLC)
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Automatic LiveUpdate Scheduler [Auto | Running]) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Creative Service for CDROM Access [Auto | Running]) -- C:\WINDOWS\System32\CTsvcCDA.exe (Creative Technology Ltd)
SRV - (EPSONStatusAgent2 [Auto | Running]) -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe (SEIKO EPSON CORPORATION)
SRV - (gusvc [Disabled | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (InCDsrvR [Auto | Running]) -- C:\Program Files\Ahead\InCD\InCDsrv.exe (Nero AG)
SRV - (iPod Service [On_Demand | Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (KodakCCS [Auto | Running]) -- C:\WINDOWS\system32\drivers\KodakCCS.exe (Eastman Kodak Company)
SRV - (LiveUpdate [On_Demand | Stopped]) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE (Symantec Corporation)
SRV - (NVSvc [Auto | Running]) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
SRV - (Pml Driver HPZ12 [Auto | Stopped]) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (RioMSC [Auto | Running]) -- C:\WINDOWS\system32\RioMSC.exe (Digital Networks North America, Inc.)
SRV - (ScsiAccess [Auto | Running]) -- C:\WINDOWS\system32\ScsiAccess.EXE ()
SRV - (SNDSrvc [On_Demand | Stopped]) -- File not found
SRV - (Viewpoint Manager Service [Disabled | Stopped]) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (vundofixsvc [On_Demand | Stopped]) -- C:\WINDOWS\system32\VundoFixSVC.exe (Atribune.org)
SRV - (WANMiniportService [Auto | Running]) -- C:\WINDOWS\wanmpsvc.exe (America Online, Inc.)
SRV - (WMDM PMSP Service [Auto | Running]) -- C:\WINDOWS\System32\MsPMSPSv.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
SRV - (ZuneBusEnum [Auto | Running]) -- c:\WINDOWS\system32\ZuneBusEnum.exe (Microsoft Corporation)
SRV - (ZuneNetworkSvc [Auto | Stopped]) -- c:\Program Files\Zune\ZuneNss.exe (Microsoft Corporation)
SRV - (ZuneWlanCfgSvc [On_Demand | Stopped]) -- c:\WINDOWS\system32\ZuneWlanCfgSvc.exe (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - Reg Error: Key error. File not found
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/?src=toolbar
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: () - {7746d366-2557-497f-9d12-4c8f7889e640} - c:\windows\system32\tdcdcky.dll ()
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (Viewpoint Toolbar) - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.9.0\IEViewBar.dll (Viewpoint Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &AOL Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnote...ad/mnviewer.cab (Musicnotes Viewer)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo.walgree...eensActivia.cab (Snapfish Activia)
O16 - DPF: {6E704581-CCAE-46D2-9C64-20D724B3624E} http://radaol-prod-w...agi3.0.84.2.cab (UnagiAx Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...ows-i586-jc.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius....tiveXPlugin.cab (ScorchPlugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!saswinlogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\irqrohbz: DllName - tdcdcky.dll - C:\WINDOWS\system32\tdcdcky.dll ()
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/06/12 16:31:01 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== LOP Check ==========

[2009/05/07 13:16:21 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2008/12/21 02:27:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2009/02/09 23:09:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2007/06/04 21:12:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ahead
[2009/01/15 08:40:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL
[2007/09/13 16:29:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL Downloads
[2009/01/15 08:39:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL OCP
[2008/06/05 08:12:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple
[2008/06/05 08:15:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2006/06/12 16:40:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Creative
[2009/04/24 15:36:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2009/03/06 09:01:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google
[2008/03/01 18:42:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HP
[2007/07/09 17:59:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2007/05/31 09:45:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kodak
[2007/09/13 16:32:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Macromedia
[2009/05/01 14:38:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2008/01/30 00:36:38 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2008/03/05 13:51:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\nView_Profiles
[2006/06/12 16:45:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QuickTime
[2009/05/07 13:16:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/05/05 16:51:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2007/11/24 11:25:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2006/07/03 13:30:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vivendi Universal Games
[2007/05/07 21:20:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2009/05/07 13:16:06 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\KENT WIRGES\Application Data
[2009/01/31 16:47:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\KENT WIRGES\Application Data\Adobe
[2008/05/16 22:04:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\KENT WIRGES\Application Data\AdobeUM
[2007/12/25 14:55:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\KENT WIRGES\Application Data\Ahead
[2007/10/29 14:47:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\KENT WIRGES\Application Data\AOL
[2008/07/30 15:24:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\KENT WIRGES\Application Data\Apple Computer
[2008/05/30 17:37:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\KENT WIRGES\Application Data\ArcSoft
[2006/06/23 12:25:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\KENT WIRGES\Application Data\Atari
[2007/07/15 21:52:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\KENT WIRGES\Application Data\Google
[2009/05/01 15:44:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\KENT WIRGES\Application Data\grhsbstt
[2006/09/19 12:01:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\KENT WIRGES\Application Data\Help
[2006/06/12 16:37:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\KENT WIRGES\Application Data\Identities
[2007/04/30 20:51:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\KENT WIRGES\Application Data\InstallShield
[2006/06/23 12:19:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\KENT WIRGES\Application Data\Leadertech
[2009/04/23 22:14:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\KENT WIRGES\Application Data\Logs
[2006/09/26 15:00:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\KENT WIRGES\Application Data\Macromedia
[2009/05/01 14:38:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\KENT WIRGES\Application Data\Malwarebytes
[2009/04/29 08:23:55 | 00,000,000 | --SD | M] -- C:\Documents and Settings\KENT WIRGES\Application Data\Microsoft
[2009/04/29 16:44:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\KENT WIRGES\Application Data\Mozilla
[2008/05/30 17:36:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\KENT WIRGES\Application Data\Real
[2009/02/07 15:00:08 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\KENT WIRGES\Application Data\SecuROM
[2007/11/14 23:01:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\KENT WIRGES\Application Data\Sibelius Software
[2007/06/04 21:52:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\KENT WIRGES\Application Data\Simple Star
[2007/11/09 17:00:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\KENT WIRGES\Application Data\Snapfish
[2007/06/29 12:49:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\KENT WIRGES\Application Data\Sun
[2009/05/07 13:16:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\KENT WIRGES\Application Data\SUPERAntiSpyware.com
[2009/04/24 08:25:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\KENT WIRGES\Application Data\Symantec
[2007/05/28 16:23:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\KENT WIRGES\Application Data\Thinstall
[2007/05/14 16:40:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\KENT WIRGES\Application Data\Viewpoint
[2007/09/06 05:34:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\KENT WIRGES\Application Data\Wal-Mart Digital Photo Viewer
[2009/04/22 20:38:16 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2009/05/08 14:50:41 | 00,000,434 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2002/06/25 16:42:17 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/05/08 17:12:10 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========

< End of report >

#6
amd256

Posted 08 May 2009 - 04:26 PM

Member

Topic Starter
Member
10 posts

FYI I will be out of the office to most likely Monday so I will not be able to update the status on further instructions till then.

Thanks for all the help thus far.

#7
andrewuk

Posted 09 May 2009 - 05:30 AM

Trusted Helper

Malware Removal
5,297 posts

there are some Internet Explorer restrictions on your machine - have they been put there by yourself or work?

====STEP 1====
1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\windows\system32\tdcdcky.dll
c:\documents and settings\KENT WIRGES\Application Data\grhsbstt
c:\documents and settings\KENT WIRGES\Local Settings\Application Data\grhsbstt
c:\windows\system32\nuvanifi.exe
c:\windows\system32\hosobeki.dll.tmp
c:\windows\system32\jokabaje.dll.tmp
c:\windows\system32\lurukipe.dll.tmp
c:\windows\system32\mohuleti.dll.tmp
c:\windows\system32\pasusowi.dll.tmp
c:\windows\system32\rakisato.dll.tmp
c:\windows\system32\selababe.dll.tmp
c:\windows\system32\tenagoki.dll.tmp
c:\windows\system32\wapizaji.dll.tmp
c:\windows\system32\hosobeki.dll
c:\windows\system32\jokabaje.dll
c:\windows\system32\lurukipe.dll
c:\windows\system32\mohuleti.dll
c:\windows\system32\pasusowi.dll
c:\windows\system32\rakisato.dll
c:\windows\system32\selababe.dll
c:\windows\system32\tenagoki.dll
c:\windows\system32\wapizaji.dll
c:\windows\system32\drivers\ixwrdaik.sys
c:\windows\Tasks\At1.job

Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7746d366-2557-497f-9d12-4c8f7889e640}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\irqrohbz]

Driver::
ixwrdaik

NetSvc::
tofrlson

Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

====STEP 2====
i want to scan a couple of files i do not recognise:

Please go to VirSCAN.org FREE on-line scan service
Copy and paste the following file path into the "Suspicious files to scan"box on the top of the page:
- c:\program files\SetAttrib.exe
Click on the Upload button
Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
Paste the contents of the Clipboard in your next reply (you will need to paste the link onto a notepad before you do the other scans below, else the contents of your clipboard will be written over with the new links).

Could you do the same for the following files:

c:\program files\delete.exe

====STEP 3====
We will run OTListIt , but go for a shortened log.

Close all windows and open it by double clicking on the icon
we are targetting a selective output, hence:
- on the left hand side, in the box titled "Processes" select none
- on the left hand side, in the box titled "Drivers" select none
- on the left hand side, in the box titled "Extra Registry" select none
- on the right hand side, in the box titled "Files created within" select none
- on the right hand side, in the box titled "Files modified within" select none
- tick both the boxes marked Purity check and Lop check
Click Run Scan and let the program run uninterrupted
It will produce one log for you called OTListIt.txt. Please post both that log here in reply.
You may need to use two posts to get it all on the forum

In your next reply could i see:
1. the answer to the first question
2. the combofix log
3. the 2 virscan logs or links
4. the OTListIT log

The text from these files may exceed the maximum post length for this forum. Hence, you may need to post the information over 2 or more posts.

andrewuk

#8
amd256

Posted 11 May 2009 - 03:00 PM

Member

Topic Starter
Member
10 posts

1. This is a clients computer, restrictions might have been setup from their work.

2. ComboFix Log:

ComboFix 09-05-08.03 - KENT WIRGES 05/11/2009 15:02.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.254 [GMT -5:00]
Running from: c:\documents and settings\KENT WIRGES\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\KENT WIRGES\Desktop\CFScript.txt
* Created a new restore point

FILE ::
c:\documents and settings\KENT WIRGES\Application Data\grhsbstt
c:\documents and settings\KENT WIRGES\Local Settings\Application Data\grhsbstt
c:\windows\system32\drivers\ixwrdaik.sys
c:\windows\system32\hosobeki.dll
c:\windows\system32\hosobeki.dll.tmp
c:\windows\system32\jokabaje.dll
c:\windows\system32\jokabaje.dll.tmp
c:\windows\system32\lurukipe.dll
c:\windows\system32\lurukipe.dll.tmp
c:\windows\system32\mohuleti.dll
c:\windows\system32\mohuleti.dll.tmp
c:\windows\system32\nuvanifi.exe
c:\windows\system32\pasusowi.dll
c:\windows\system32\pasusowi.dll.tmp
c:\windows\system32\rakisato.dll
c:\windows\system32\rakisato.dll.tmp
c:\windows\system32\selababe.dll
c:\windows\system32\selababe.dll.tmp
c:\windows\system32\tdcdcky.dll
c:\windows\system32\tenagoki.dll
c:\windows\system32\tenagoki.dll.tmp
c:\windows\system32\wapizaji.dll
c:\windows\system32\wapizaji.dll.tmp
c:\windows\Tasks\At1.job
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\KENTWI~1\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\KENT WIRGES\Local Settings\temp\IadHide5.dll
c:\windows\system32\drivers\ixwrdaik.sys
c:\windows\system32\hosobeki.dll.tmp
c:\windows\system32\jokabaje.dll.tmp
c:\windows\system32\lurukipe.dll.tmp
c:\windows\system32\mohuleti.dll.tmp
c:\windows\system32\nuvanifi.exe
c:\windows\system32\pasusowi.dll.tmp
c:\windows\system32\rakisato.dll.tmp
c:\windows\system32\selababe.dll.tmp
c:\windows\system32\tdcdcky.dll
c:\windows\system32\tenagoki.dll.tmp
c:\windows\system32\wapizaji.dll.tmp
c:\windows\Tasks\At1.job

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ixwrdaik
-------\Service_ixwrdaik

((((((((((((((((((((((((( Files Created from 2009-04-11 to 2009-05-11 )))))))))))))))))))))))))))))))
.

2009-05-08 21:05 . 2009-05-08 21:07 -------- d-----w C:\Rooter$
2009-05-08 20:31 . 2009-05-08 20:31 -------- d-----w c:\windows\ERUNT
2009-05-08 20:28 . 2009-05-08 21:02 -------- d-----w C:\SDFix
2009-05-08 19:53 . 2009-05-08 19:53 -------- d-----w c:\program files\Trend Micro
2009-05-07 18:16 . 2009-05-07 18:16 -------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-05-07 18:16 . 2009-05-07 18:16 -------- d-----w c:\program files\SUPERAntiSpyware
2009-05-07 18:16 . 2009-05-07 18:16 -------- d-----w c:\documents and settings\KENT WIRGES\Application Data\SUPERAntiSpyware.com
2009-05-07 18:15 . 2009-05-07 18:15 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-05-07 18:07 . 2009-05-07 18:07 24576 ----a-w c:\windows\system32\VundoFixSVC.exe
2009-05-06 21:16 . 2009-05-08 14:21 -------- d-----w C:\VundoFix Backups
2009-05-05 22:55 . 2009-05-11 20:07 -------- d-----w c:\windows\system32\NtmsData
2009-05-05 22:02 . 2004-08-04 06:56 18432 ----a-w c:\windows\system32\secedit.exe
2009-05-01 20:44 . 2009-05-01 20:44 -------- d-----w c:\documents and settings\KENT WIRGES\Application Data\grhsbstt
2009-05-01 20:44 . 2009-05-01 20:44 -------- d-----w c:\documents and settings\KENT WIRGES\Local Settings\Application Data\grhsbstt
2009-05-01 19:38 . 2009-05-01 19:38 -------- d-----w c:\documents and settings\KENT WIRGES\Application Data\Malwarebytes
2009-05-01 19:38 . 2009-04-06 20:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-01 19:38 . 2009-04-06 20:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-01 19:38 . 2009-05-01 19:38 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-01 19:38 . 2009-05-01 19:38 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-29 20:17 . 2009-05-05 22:52 578560 -c--a-w c:\windows\system32\dllcache\user32.dll
2009-04-26 20:10 . 2009-05-02 02:32 182656 -c--a-w c:\windows\system32\dllcache\ndis.sys
2009-04-24 17:29 . 2009-04-24 17:29 -------- d-----w c:\program files\SymNetDrv
2009-04-24 13:52 . 2009-04-24 13:52 -------- d-----w c:\documents and settings\NetworkService\Application Data\Symantec
2009-04-24 12:02 . 2006-09-16 03:52 124016 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS
2009-04-24 12:02 . 2006-09-16 03:52 91904 ----a-w c:\windows\system32\S32EVNT1.DLL
2009-04-24 12:02 . 2009-04-24 13:25 -------- d-----w c:\documents and settings\KENT WIRGES\Application Data\Symantec
2009-04-24 12:02 . 2009-04-24 17:30 -------- d-----w c:\program files\Symantec
2009-04-24 12:02 . 2009-05-05 21:53 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-04-24 12:01 . 2009-05-05 21:51 -------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-04-24 03:42 . 2009-04-24 20:35 -------- d-----w c:\program files\Angle Interactive
2009-04-24 03:14 . 2009-04-24 03:14 -------- d-----w c:\documents and settings\KENT WIRGES\Application Data\Logs
2009-04-24 03:09 . 2009-04-24 03:09 -------- d-----w C:\My Downloads
2009-04-24 03:09 . 2009-04-24 03:15 -------- d-----w c:\program files\QuickDownloadPack
2009-04-15 22:05 . 2009-03-06 14:22 284160 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-15 22:05 . 2009-02-09 12:10 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-15 22:05 . 2009-02-06 11:11 110592 -c----w c:\windows\system32\dllcache\services.exe
2009-04-15 22:05 . 2009-02-09 12:10 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-15 22:05 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 22:05 . 2009-02-09 12:10 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 22:05 . 2009-02-09 12:10 729088 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-04-15 22:05 . 2009-02-09 12:10 617472 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-15 22:05 . 2009-02-09 12:10 714752 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-15 22:01 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-15 22:01 . 2008-04-21 12:08 215552 -c----w c:\windows\system32\dllcache\wordpad.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-11 20:01 . 2002-06-25 21:43 23424 ----a-w c:\windows\system32\drivers\aihumihe.sys
2009-05-05 22:55 . 2006-09-27 15:02 82728 -c--a-w c:\documents and settings\KENT WIRGES\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-05 22:52 . 2002-06-25 21:48 578560 ----a-w c:\windows\system32\user32.dll
2009-04-29 19:50 . 2002-06-25 21:42 182656 ----a-w c:\windows\system32\drivers\ndis.sys
2009-04-29 14:33 . 2006-12-25 14:23 -------- d-----w c:\program files\Electronic Arts
2009-04-29 13:29 . 2006-07-04 00:30 -------- d-----w c:\program files\eGames
2009-04-29 13:28 . 2006-07-03 18:30 -------- d-----w c:\program files\Barbie™
2009-04-29 13:25 . 2006-10-10 01:08 -------- d-----w c:\program files\WB03d2se
2009-04-29 13:25 . 2006-06-12 21:38 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-20 17:36 . 2007-09-13 21:30 -------- d-----w c:\program files\AOL 9.0
2009-04-07 13:03 . 2006-12-22 13:06 -------- d-----w c:\program files\GameSpy Arcade
2009-04-07 13:01 . 2006-08-07 13:59 -------- d-----w c:\program files\THQ
2009-04-07 12:51 . 2007-07-09 22:57 -------- d-----w c:\program files\Best Buy Rhapsody
2009-03-06 14:22 . 2002-06-25 21:44 284160 ------w c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2002-03-05 13:56 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-20 18:09 . 2006-06-20 18:33 78336 ------w c:\windows\system32\ieencode.dll
2005-01-21 00:53 . 2006-10-06 18:58 45056 -c----r c:\program files\SetAttrib.exe
2004-11-30 07:23 . 2006-10-06 18:58 40960 -c----r c:\program files\delete.exe
2002-07-19 16:50 . 2006-11-23 19:16 153088 ----a-w c:\program files\UNWISE.EXE
.

((((((((((((((((((((((((((((( SnapShot@2009-05-05_22.56.16 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-07 18:16 . 2009-05-07 18:16 65024 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
+ 2009-05-07 18:16 . 2009-05-07 18:16 18944 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2009-05-08 20:31 . 2009-05-08 20:31 159744 c:\windows\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
+ 2009-05-08 20:31 . 2008-08-07 20:27 163328 c:\windows\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2009-05-08 20:31 . 2009-05-08 20:31 159744 c:\windows\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2009-05-08 20:31 . 2008-08-07 20:27 163328 c:\windows\ERUNT\SDFIX\ERDNT.EXE
+ 2009-05-08 20:31 . 2009-05-08 20:31 6737920 c:\windows\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT
+ 2009-05-08 20:31 . 2009-05-08 20:31 6737920 c:\windows\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-06 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-10-06 5058560]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-4 53248]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2004-4-27 635019]
Kodak software updater.lnk - c:\program files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-2-11 16423]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!saswinlogon]
2008-12-22 17:05 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave"= serwvdrv.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\c:^documents and settings^all users^start menu^programs^startup^adobe reader speed launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=3 (0x3)
"Viewpoint Manager Service"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Rio\\Rio Music Manager\\riomm.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1187327464\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 $sys$cor;$sys$cor;c:\windows\system32\drivers\$sys$cor.sys [10/6/2004 9:11 AM 18432]
R1 $sys$crater;$sys$crater;c:\windows\system32\$sys$filesystem\crater.sys [10/7/2004 2:57 AM 11904]
R1 sasdifsv;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [4/28/2009 11:33 AM 9968]
R1 saskutil;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [4/28/2009 11:33 AM 72944]
S3 e61153df-2988-4efa-aa1a-60e402277357;e61153df-2988-4efa-aa1a-60e402277357;\??\d:\cds300\cds300.dll --> d:\cds300\cds300.dll [?]
S3 Fadpu16E;Fadpu16E;\??\c:\docume~1\KENTWI~1\LOCALS~1\Temp\Fadpu16E.sys --> c:\docume~1\KENTWI~1\LOCALS~1\Temp\Fadpu16E.sys [?]
S3 sasenum;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [4/28/2009 11:33 AM 7408]
S3 vundofixsvc;VundoFix Service;VundoFixSVC.exe --> VundoFixSVC.exe [?]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [5/27/2007 9:39 PM 24652]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - IXWRDAIK
.
Contents of the 'Scheduled Tasks' folder

2009-04-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com/?src=toolbar
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local;<local>
uInternet Settings,ProxyServer = http=localhost:7171
IE: &AOL Toolbar Search - c:\documents and settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-11 15:07
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SNDSrvc]
"ImagePath"="-"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(512)
c:\program files\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'explorer.exe'(2704)
c:\progra~1\WINDOW~3\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Ahead\InCD\InCDsrv.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTsvcCDA.EXE
c:\program files\Common Files\EPSON\EBAPI\SAgent2.exe
c:\windows\system32\drivers\KodakCCS.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\RioMSC.exe
c:\windows\system32\ScsiAccess.EXE
c:\windows\wanmpsvc.exe
c:\windows\system32\MsPMSPSv.exe
c:\windows\system32\ZuneBusEnum.exe
c:\windows\system32\wscntfy.exe
c:\program files\HP\Digital Imaging\bin\hpqgalry.exe
.
**************************************************************************
.
Completion time: 2009-05-11 15:15 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-11 20:14
ComboFix2.txt 2009-05-08 22:21
ComboFix3.txt 2009-05-06 22:07
ComboFix4.txt 2009-05-05 23:03

Pre-Run: 26,306,162,688 bytes free
Post-Run: 26,282,209,280 bytes free

258 --- E O F --- 2009-04-16 02:21

3. Virus Scan Logs:

VirSCAN.org Scanned Report :
Scanned time : 2009/05/11 15:40:27 (CDT)
Scanner results: All Scanners reported not find malware!
File Name : SetAttrib.exe
File Size : 45056 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : eeab0175d9f8e67c4d11ae1ea5273002
SHA1 : cd67120be3c3019001c06f349dcebfb009c31cc8
Online report : http://virscan.org/r...e60783c658.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.0.0.32 20090512023154 2009-05-12 5.50 -
AhnLab V3 2009.05.12.00 2009.05.12 2009-05-12 1.73 -
AntiVir 8.2.0.166 7.1.3.184 2009-05-11 0.12 -
Antiy 2.0.18 20090511.2388172 2009-05-11 0.13 -
Arcavir 2009 200905111628 2009-05-11 0.05 -
Authentium 5.1.1 200905111544 2009-05-11 1.18 -
AVAST! 4.7.4 090505-0 2009-05-05 0.01 -
AVG 8.5.286 270.12.25/2109 2009-05-12 3.27 -
BitDefender 7.81008.2912973 7.25343 2009-05-12 2.70 -
CA (VET) 9.0.0.143 31.6.6497 2009-05-11 17.99 -
ClamAV 0.95 9350 2009-05-10 0.02 -
Comodo 3.8 1157 2009-05-08 1.09 -
CP Secure 1.1.0.715 2009.05.12 2009-05-12 8.94 -
Dr.Web 4.44.0.9170 2009.05.11 2009-05-11 4.62 -
F-Prot 4.4.4.56 20090511 2009-05-11 1.17 -
F-Secure 5.51.6100 2009.05.11.11 2009-05-11 5.46 -
Fortinet 2.81-3.117 10.377 2009-05-11 0.18 -
GData 19.5160/19.327 20090511 2009-05-11 2.82 -
ViRobot 20090511 2009.05.11 2009-05-11 0.40 -
Ikarus T3.1.01.49 2009.05.11.72701 2009-05-11 2.96 -
JiangMin 11.0.706 2009.05.11 2009-05-11 2.60 -
Kaspersky 5.5.10 2009.05.11 2009-05-11 0.08 -
KingSoft 2009.2.5.15 2009.5.11.21 2009-05-11 0.52 -
McAfee 5.3.00 5612 2009-05-11 2.85 -
Microsoft 1.4602 2009.05.11 2009-05-11 5.78 -
mks_vir 2.01 2009.05.11 2009-05-11 2.75 -
Norman 6.01.05 6.01.00 2009-05-11 4.01 -
Panda 9.05.01 2009.05.11 2009-05-11 1.80 -
Trend Micro 8.700-1004 6.122.07 2009-05-11 0.05 -
Quick Heal 10.00 2009.05.11 2009-05-11 1.30 -
Rising 20.0 21.29.04.00 2009-05-11 1.72 -
Sophos 2.86.0 4.41 2009-05-12 2.32 -
Sunbelt 5128 5128 2009-05-08 1.60 -
Symantec 1.3.0.24 20090510.003 2009-05-10 0.69 -
nProtect 20090510.01 3595619 2009-05-10 10.78 -
The Hacker 6.3.4.1 v00324 2009-05-09 0.58 -
VBA32 3.12.10.4 20090510.1655 2009-05-10 2.42 -
VirusBuster 4.5.11.10 10.105.23/1345928 2009-05-11 1.67 -

VirSCAN.org Scanned Report :
Scanned time : 2009/05/11 15:45:50 (CDT)
Scanner results: 21% Scanner(8/38) found malware!
File Name : delete.exe
File Size : 40960 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : eeebbecd173aa30fcb629900c56e6106
SHA1 : 1e71e9cd70e18e5803933eb53b07ebea42c8ee62
Online report : http://virscan.org/r...3366b6ef0d.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.0.0.32 20090512023154 2009-05-12 2.23 Trojan-Dropper.Agent!IK
AhnLab V3 2009.05.12.00 2009.05.12 2009-05-12 0.69 Win-Trojan/Xema.variant
AntiVir 8.2.0.166 7.1.3.184 2009-05-11 0.55 -
Antiy 2.0.18 20090511.2388172 2009-05-11 0.12 -
Arcavir 2009 200905111628 2009-05-11 0.05 -
Authentium 5.1.1 200905111544 2009-05-11 1.16 -
AVAST! 4.7.4 090505-0 2009-05-05 0.01 -
AVG 8.5.286 270.12.25/2109 2009-05-12 4.64 Downloader.Agent.AKCA
BitDefender 7.81008.2912973 7.25343 2009-05-12 2.72 -
CA (VET) 9.0.0.143 31.6.6497 2009-05-11 6.93 -
ClamAV 0.95 9350 2009-05-10 0.02 -
Comodo 3.8 1157 2009-05-08 1.39 Unclassified Malware
CP Secure 1.1.0.715 2009.05.12 2009-05-12 8.93 -
Dr.Web 4.44.0.9170 2009.05.11 2009-05-11 4.49 -
F-Prot 4.4.4.56 20090511 2009-05-11 1.16 -
F-Secure 5.51.6100 2009.05.11.11 2009-05-11 0.08 -
Fortinet 2.81-3.117 10.377 2009-05-11 0.31 -
GData 19.5160/19.327 20090511 2009-05-11 2.98 -
ViRobot 20090511 2009.05.11 2009-05-11 1.02 -
Ikarus T3.1.01.49 2009.05.11.72701 2009-05-11 2.87 Trojan-Dropper.Agent
JiangMin 11.0.706 2009.05.11 2009-05-11 3.43 Trojan/Agent.aeom
Kaspersky 5.5.10 2009.05.11 2009-05-11 0.07 -
KingSoft 2009.2.5.15 2009.5.11.21 2009-05-11 1.24 -
McAfee 5.3.00 5612 2009-05-11 2.85 Generic Downloader.x
Microsoft 1.4602 2009.05.11 2009-05-11 5.59 -
mks_vir 2.01 2009.05.11 2009-05-11 2.79 -
Norman 6.01.05 6.01.00 2009-05-11 4.01 -
Panda 9.05.01 2009.05.11 2009-05-11 3.59 -
Trend Micro 8.700-1004 6.122.07 2009-05-11 0.06 -
Quick Heal 10.00 2009.05.11 2009-05-11 2.09 -
Rising 20.0 21.29.04.00 2009-05-11 4.21 -
Sophos 2.86.0 4.41 2009-05-12 2.31 -
Sunbelt 5128 5128 2009-05-08 1.68 Trojan-Downloader.Win32.Agent.aazr
Symantec 1.3.0.24 20090510.003 2009-05-10 2.11 -
nProtect 20090510.01 3595619 2009-05-10 9.41 -
The Hacker 6.3.4.1 v00324 2009-05-09 1.23 -
VBA32 3.12.10.4 20090510.1655 2009-05-10 2.39 -
VirusBuster 4.5.11.10 10.105.23/1345928 2009-05-11 1.66 -

4. OTListIT log:

OTListIt logfile created on: 5/11/2009 3:52:18 PM - Run 3
OTListIt2 by OldTimer - Version 2.0.15.4 Folder = C:\Documents and Settings\KENT WIRGES\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.01 Mb Total Physical Memory | 259.12 Mb Available Physical Memory | 50.71% Memory free
1.22 Gb Paging File | 1.02 Gb Available in Paging File | 83.87% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 24.50 Gb Free Space | 32.89% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: WIRGESCOMPUTER
Current User Name: KENT WIRGES
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Win32 Services (SafeList) ==========

SRV - (AOL ACS [Auto | Stopped]) -- C:\Program Files\Common Files\AOL\ACS\acsd.exe (AOL LLC)
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Automatic LiveUpdate Scheduler [Auto | Running]) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Creative Service for CDROM Access [Auto | Running]) -- C:\WINDOWS\System32\CTsvcCDA.exe (Creative Technology Ltd)
SRV - (EPSONStatusAgent2 [Auto | Running]) -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe (SEIKO EPSON CORPORATION)
SRV - (gusvc [Disabled | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (InCDsrvR [Auto | Running]) -- C:\Program Files\Ahead\InCD\InCDsrv.exe (Nero AG)
SRV - (iPod Service [On_Demand | Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (KodakCCS [Auto | Running]) -- C:\WINDOWS\system32\drivers\KodakCCS.exe (Eastman Kodak Company)
SRV - (LiveUpdate [On_Demand | Stopped]) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE (Symantec Corporation)
SRV - (NVSvc [Auto | Running]) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
SRV - (Pml Driver HPZ12 [Auto | Stopped]) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (RioMSC [Auto | Running]) -- C:\WINDOWS\system32\RioMSC.exe (Digital Networks North America, Inc.)
SRV - (ScsiAccess [Auto | Running]) -- C:\WINDOWS\system32\ScsiAccess.EXE ()
SRV - (SNDSrvc [On_Demand | Stopped]) -- File not found
SRV - (Viewpoint Manager Service [Disabled | Stopped]) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (vundofixsvc [On_Demand | Stopped]) -- C:\WINDOWS\system32\VundoFixSVC.exe (Atribune.org)
SRV - (WANMiniportService [Auto | Running]) -- C:\WINDOWS\wanmpsvc.exe (America Online, Inc.)
SRV - (WMDM PMSP Service [Auto | Running]) -- C:\WINDOWS\System32\MsPMSPSv.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
SRV - (ZuneBusEnum [Auto | Running]) -- c:\WINDOWS\system32\ZuneBusEnum.exe (Microsoft Corporation)
SRV - (ZuneNetworkSvc [Auto | Stopped]) -- c:\Program Files\Zune\ZuneNss.exe (Microsoft Corporation)
SRV - (ZuneWlanCfgSvc [On_Demand | Stopped]) -- c:\WINDOWS\system32\ZuneWlanCfgSvc.exe (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - Reg Error: Key error. File not found
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/?src=toolbar
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (Viewpoint Toolbar) - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.9.0\IEViewBar.dll (Viewpoint Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &AOL Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnote...ad/mnviewer.cab (Musicnotes Viewer)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo.walgree...eensActivia.cab (Snapfish Activia)
O16 - DPF: {6E704581-CCAE-46D2-9C64-20D724B3624E} http://radaol-prod-w...agi3.0.84.2.cab (UnagiAx Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...ows-i586-jc.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius....tiveXPlugin.cab (ScorchPlugin Class)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!saswinlogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/06/12 16:31:01 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== LOP Check ==========

[2009/05/07 13:16:21 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2008/12/21 02:27:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2009/02/09 23:09:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2007/06/04 21:12:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ahead
[2009/01/15 08:40:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL
[2007/09/13 16:29:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL Downloads
[2009/01/15 08:39:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL OCP
[2008/06/05 08:12:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple
[2008/06/05 08:15:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2006/06/12 16:40:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Creative
[2009/04/24 15:36:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2009/03/06 09:01:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google
[2008/03/01 18:42:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HP
[2007/07/09 17:59:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2007/05/31 09:45:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kodak
[2007/09/13 16:32:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Macromedia
[2009/05/01 14:38:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2008/01/30 00:36:38 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2008/03/05 13:51:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\nView_Profiles
[2006/06/12 16:45:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QuickTime
[2009/05/07 13:16:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/05/05 16:51:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2007/11/24 11:25:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2006/07/03 13:30:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vivendi Universal Games
[2007/05/07 21:20:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2009/05/07 13:16:06 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\KENT WIRGES\Application Data
[2009/01/31 16:47:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\KENT WIRGES\Application Data\Adobe
[2008/05/16 22:04:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\KENT WIRGES\Application Data\AdobeUM
[2007/12/25 14:55:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\KENT WIRGES\Application Data\Ahead
[2007/10/29 14:47:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\KENT WIRGES\Application Data\AOL
[2008/07/30 15:24:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\KENT WIRGES\Application Data\Apple Computer
[2008/05/30 17:37:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\KENT WIRGES\Application Data\ArcSoft
[2006/06/23 12:25:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\KENT WIRGES\Application Data\Atari
[2007/07/15 21:52:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\KENT WIRGES\Application Data\Google
[2009/05/01 15:44:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\KENT WIRGES\Application Data\grhsbstt
[2006/09/19 12:01:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\KENT WIRGES\Application Data\Help
[2006/06/12 16:37:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\KENT WIRGES\Application Data\Identities
[2007/04/30 20:51:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\KENT WIRGES\Application Data\InstallShield
[2006/06/23 12:19:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\KENT WIRGES\Application Data\Leadertech
[2009/04/23 22:14:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\KENT WIRGES\Application Data\Logs
[2006/09/26 15:00:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\KENT WIRGES\Application Data\Macromedia
[2009/05/01 14:38:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\KENT WIRGES\Application Data\Malwarebytes
[2009/04/29 08:23:55 | 00,000,000 | --SD | M] -- C:\Documents and Settings\KENT WIRGES\Application Data\Microsoft
[2009/04/29 16:44:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\KENT WIRGES\Application Data\Mozilla
[2008/05/30 17:36:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\KENT WIRGES\Application Data\Real
[2009/02/07 15:00:08 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\KENT WIRGES\Application Data\SecuROM
[2007/11/14 23:01:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\KENT WIRGES\Application Data\Sibelius Software
[2007/06/04 21:52:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\KENT WIRGES\Application Data\Simple Star
[2007/11/09 17:00:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\KENT WIRGES\Application Data\Snapfish
[2007/06/29 12:49:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\KENT WIRGES\Application Data\Sun
[2009/05/07 13:16:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\KENT WIRGES\Application Data\SUPERAntiSpyware.com
[2009/04/24 08:25:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\KENT WIRGES\Application Data\Symantec
[2007/05/28 16:23:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\KENT WIRGES\Application Data\Thinstall
[2007/05/14 16:40:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\KENT WIRGES\Application Data\Viewpoint
[2007/09/06 05:34:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\KENT WIRGES\Application Data\Wal-Mart Digital Photo Viewer
[2009/04/22 20:38:16 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2002/06/25 16:42:17 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/05/11 15:06:54 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========

< End of report >

#9
andrewuk

Posted 11 May 2009 - 03:23 PM

Trusted Helper

Malware Removal
5,297 posts

looking better.

in this post we will clear some infected files and do some general scans to clear out the remnants and ensure nothing else sneaked onto your machine.

the scans will likely take 4 hours, quite possibly much longer. so just let them run.

we will also update your java.

====STEP 1====
Run OTListIt2.exe

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTLI
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

:Files
c:\program files\delete.exe
c:\documents and settings\KENT WIRGES\Application Data\grhsbstt
c:\documents and settings\KENT WIRGES\Local Settings\Application Data\grhsbstt
c:\windows\system32\drivers\aihumihe.sys

:Commands
[resethosts]
[purity]
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
Then post a new OTL2 log

====STEP 2====
Please download ATF Cleaner by Atribune.

Caution: This program is for Windows 2000, XP and Vista only
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

====STEP 3====
we will update and re-run your malwarebytes:

double click the malwarebytes icon on your desktop to open the program

on the tabs at the top, select Update and then press the Check for Updates button on that page. If an update is found, it will download and install the latest version.
once complete (a new version of malwarebytes may download) select the tab Scanner
select "Perform Full Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

====STEP 4====
Please download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
Accept any prompts. A log will appear (JavaRa.log), no need to post the log in reply.
Open JavaRa.exe again and select Search For Updates.
Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

====STEP 5====
Please do an online scan with Kaspersky WebScanner (this will identify any issues, we will clear them in the following post)

Kaspersky online scanner uses JAVA tecnology to perform the scan. If you do not have the latest JAVA version, follow the instrutions below under Upgrading Java, to download and install the latest vesion.

Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure the following is checked.
- Spyware, Adware, Dialers, and other potentially dangerous programs
  Archives
  Mail databases
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply.

Upgrading Java:

Download the latest version of Java SE Runtime Environment (JRE)JRE 6 Update 13.
Click the "Download" button to the right.
Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
Click on Continue.
Click on the link to download Windows Offline Installation (jre-6u13-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java version.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u13-windows-i586-p.exe and select "Run as an Administrator.")

In your next reply could i see:
1. the OTListIT log
2. the malwarebytes log
3. the kaspersky log
4. some idea of how your machine is running now

The text from these files may exceed the maximum post length for this forum. Hence, you may need to post the information over 2 or more posts.

andrewuk

#10
amd256

Posted 11 May 2009 - 03:45 PM

Member

Topic Starter
Member
10 posts

OTListIt2 Log:

OTListIt logfile created on: 5/11/2009 4:31:02 PM - Run 4
OTListIt2 by OldTimer - Version 2.0.15.4 Folder = C:\Documents and Settings\KENT WIRGES\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.01 Mb Total Physical Memory | 261.93 Mb Available Physical Memory | 51.26% Memory free
1.22 Gb Paging File | 1.02 Gb Available in Paging File | 83.53% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 24.51 Gb Free Space | 32.90% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 244.44 Mb Total Space | 239.15 Mb Free Space | 97.84% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: WIRGESCOMPUTER
Current User Name: KENT WIRGES
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Program Files\Ahead\InCD\InCDsrv.exe (Nero AG)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (AOL LLC)
PRC - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\WINDOWS\System32\CTsvcCDA.exe (Creative Technology Ltd)
PRC - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe (SEIKO EPSON CORPORATION)
PRC - C:\WINDOWS\system32\drivers\KodakCCS.exe (Eastman Kodak Company)
PRC - C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\WINDOWS\system32\RioMSC.exe (Digital Networks North America, Inc.)
PRC - C:\WINDOWS\system32\ScsiAccess.EXE ()
PRC - C:\WINDOWS\wanmpsvc.exe (America Online, Inc.)
PRC - C:\WINDOWS\System32\MsPMSPSv.exe (Microsoft Corporation)
PRC - c:\WINDOWS\system32\ZuneBusEnum.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
PRC - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe ()
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe (Hewlett-Packard Co.)
PRC - C:\Documents and Settings\KENT WIRGES\Desktop\OTListIt2.exe (OldTimer Tools)
PRC - C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (AOL ACS [Auto | Stopped]) -- C:\Program Files\Common Files\AOL\ACS\acsd.exe (AOL LLC)
SRV - (Apple Mobile Device [Auto | Stopped]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Automatic LiveUpdate Scheduler [Auto | Running]) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Creative Service for CDROM Access [Auto | Running]) -- C:\WINDOWS\System32\CTsvcCDA.exe (Creative Technology Ltd)
SRV - (EPSONStatusAgent2 [Auto | Running]) -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe (SEIKO EPSON CORPORATION)
SRV - (gusvc [Disabled | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (InCDsrvR [Auto | Running]) -- C:\Program Files\Ahead\InCD\InCDsrv.exe (Nero AG)
SRV - (iPod Service [On_Demand | Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (KodakCCS [Auto | Running]) -- C:\WINDOWS\system32\drivers\KodakCCS.exe (Eastman Kodak Company)
SRV - (LiveUpdate [On_Demand | Stopped]) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE (Symantec Corporation)
SRV - (NVSvc [Auto | Running]) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
SRV - (Pml Driver HPZ12 [Auto | Stopped]) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (RioMSC [Auto | Running]) -- C:\WINDOWS\system32\RioMSC.exe (Digital Networks North America, Inc.)
SRV - (ScsiAccess [Auto | Running]) -- C:\WINDOWS\system32\ScsiAccess.EXE ()
SRV - (SNDSrvc [On_Demand | Stopped]) -- File not found
SRV - (Viewpoint Manager Service [Disabled | Stopped]) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (vundofixsvc [On_Demand | Stopped]) -- C:\WINDOWS\system32\VundoFixSVC.exe (Atribune.org)
SRV - (WANMiniportService [Auto | Running]) -- C:\WINDOWS\wanmpsvc.exe (America Online, Inc.)
SRV - (WMDM PMSP Service [Auto | Running]) -- C:\WINDOWS\System32\MsPMSPSv.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
SRV - (ZuneBusEnum [Auto | Running]) -- c:\WINDOWS\system32\ZuneBusEnum.exe (Microsoft Corporation)
SRV - (ZuneNetworkSvc [Auto | Stopped]) -- c:\Program Files\Zune\ZuneNss.exe (Microsoft Corporation)
SRV - (ZuneWlanCfgSvc [On_Demand | Stopped]) -- c:\WINDOWS\system32\ZuneWlanCfgSvc.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - ($sys$cor [Boot | Running]) -- C:\WINDOWS\System32\Drivers\$sys$cor.sys (First 4 Internet)
DRV - ($sys$crater [System | Running]) -- C:\WINDOWS\system32\$sys$filesystem\crater.sys (First 4 Internet)
DRV - (ASCTRM [Auto | Running]) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows ® 2000 DDK provider)
DRV - (BCMModem [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\BCMSM.sys (Broadcom Corporation)
DRV - (DcCam [System | Running]) -- C:\WINDOWS\system32\DRIVERS\DcCam.sys (Eastman Kodak Company)
DRV - (DcFpoint [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\DcFpoint.sys (Eastman Kodak Company)
DRV - (DCFS2K [Auto | Running]) -- C:\WINDOWS\system32\drivers\dcfs2k.sys (Eastman Kodak Company)
DRV - (DcLps [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\DcLps.sys (Eastman Kodak Company)
DRV - (DcPTP [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\DcPTP.sys (Eastman Kodak Company)
DRV - (Exportit [System | Stopped]) -- C:\WINDOWS\system32\DRIVERS\exportit.sys (Eastman Kodak Company)
DRV - (gameenum [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\gameenum.sys (Microsoft Corporation)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HPZid412 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZid412.sys (HP)
DRV - (HPZipr12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZipr12.sys (HP)
DRV - (HPZius12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZius12.sys (HP)
DRV - (InCDfs [Disabled | Running]) -- C:\WINDOWS\System32\drivers\InCDfs.sys (Nero AG)
DRV - (InCDPass [System | Running]) -- C:\WINDOWS\System32\DRIVERS\InCDPass.sys (Nero AG)
DRV - (incdrm [System | Running]) -- C:\WINDOWS\System32\drivers\InCDrm.sys (Nero AG)
DRV - (MCSTRM [Auto | Running]) -- C:\WINDOWS\System32\drivers\mcstrm.sys (RealNetworks, Inc.)
DRV - (MODEMCSA [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (OMCI [System | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS (Dell Computer Corporation)
DRV - (P16X [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\P16X.sys (Creative Technology Ltd.)
DRV - (PfModNT [Auto | Running]) -- C:\WINDOWS\System32\PfModNT.sys (Creative Technology Ltd.)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (rtl8139 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\RTL8139.SYS (Realtek Semiconductor Corporation)
DRV - (sasdifsv [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (sasenum [On_Demand | Stopped]) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (saskutil [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (sdcplh [System | Running]) -- C:\WINDOWS\System32\drivers\sdcplh.sys ()
DRV - (Secdrv [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SYMDNS [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS (Symantec Corporation)
DRV - (SymEvent [On_Demand | Running]) -- C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Corporation)
DRV - (SYMFW [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\SYMFW.SYS (Symantec Corporation)
DRV - (SYMIDS [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS (Symantec Corporation)
DRV - (SYMNDIS [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS (Symantec Corporation)
DRV - (SYMREDRV [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (SYMTDI [System | Running]) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (USBAAPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple, Inc.)
DRV - (wanatw [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys (America Online, Inc.)
DRV - (WinUSB [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\WinUSB.sys (Microsoft Corporation)
DRV - (xusb21 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\xusb21.sys (Microsoft Corporation)
DRV - (zumbus [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\zumbus.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - Reg Error: Key error. File not found
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/?src=toolbar
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

O1 HOSTS File: (56 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (Viewpoint Toolbar) - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.9.0\IEViewBar.dll (Viewpoint Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &AOL Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnote...ad/mnviewer.cab (Musicnotes Viewer)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo.walgree...eensActivia.cab (Snapfish Activia)
O16 - DPF: {6E704581-CCAE-46D2-9C64-20D724B3624E} http://radaol-prod-w...agi3.0.84.2.cab (UnagiAx Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...ows-i586-jc.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius....tiveXPlugin.cab (ScorchPlugin Class)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!saswinlogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/06/12 16:31:01 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[7 C:\WINDOWS\*.tmp files]
[5 C:\Documents and Settings\KENT WIRGES\My Documents\*.tmp files]
[2009/05/11 16:26:41 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/05/11 16:26:35 | 00,000,000 | ---D | C] -- C:\_OTListIt
[2009/05/11 15:15:17 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009/05/08 17:05:27 | 03,019,457 | R--- | C] () -- C:\Documents and Settings\KENT WIRGES\Desktop\ComboFix.exe
[2009/05/08 16:05:41 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/05/08 16:05:36 | 00,502,272 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\KENT WIRGES\Desktop\OTListIt2.exe
[2009/05/08 16:05:36 | 00,267,612 | ---- | C] () -- C:\Documents and Settings\KENT WIRGES\Desktop\Rooter.exe
[2009/05/08 15:31:11 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2009/05/08 15:28:12 | 00,000,000 | ---D | C] -- C:\SDFix
[2009/05/08 15:28:06 | 01,529,241 | ---- | C] () -- C:\Documents and Settings\KENT WIRGES\Desktop\SDFix.exe
[2009/05/08 15:04:47 | 00,096,978 | ---- | C] (Business Information Solutions) -- C:\Documents and Settings\KENT WIRGES\Desktop\VirtumundoBeGone.exe
[2009/05/08 14:53:25 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\KENT WIRGES\Desktop\HijackThis.lnk
[2009/05/08 14:53:25 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/05/07 13:16:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/05/07 13:16:08 | 00,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/05/07 13:16:06 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/05/07 13:16:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\KENT WIRGES\Application Data\SUPERAntiSpyware.com
[2009/05/07 13:15:36 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009/05/07 13:15:32 | 06,325,280 | ---- | C] () -- C:\Documents and Settings\KENT WIRGES\Desktop\SUPERAntiSpyware.exe
[2009/05/06 17:07:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\KENT WIRGES\Local Settings\temp
[2009/05/06 16:16:01 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2009/05/06 16:15:32 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\KENT WIRGES\Desktop\HJTInstall.exe
[2009/05/05 17:55:11 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2009/05/05 17:43:33 | 00,000,398 | ---- | C] () -- C:\Boot.bak
[2009/05/05 17:43:29 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/05/05 17:43:27 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/05/05 17:42:33 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/05/05 17:42:33 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/05/05 17:42:33 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/05/05 17:42:33 | 00,117,248 | ---- | C] () -- C:\WINDOWS\vFind.exe
[2009/05/05 17:42:33 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/05/05 17:42:33 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/05/05 17:42:33 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/05/05 17:42:33 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/05/05 17:02:53 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\secedit.exe
[2009/05/05 17:00:18 | 01,056,768 | ---- | C] () -- C:\WINDOWS\sectest.db
[2009/05/05 16:56:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\KENT WIRGES\Desktop\Dial-a-fix-v0.60.0.24
[2009/05/05 16:56:25 | 00,335,992 | ---- | C] () -- C:\Documents and Settings\KENT WIRGES\Desktop\Dial-a-fix-v0.60.0.24.zip
[2009/05/04 17:45:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/05/04 17:45:01 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/05/01 16:45:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2009/05/01 14:38:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\KENT WIRGES\Application Data\Malwarebytes
[2009/05/01 14:38:37 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/05/01 14:38:36 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/05/01 14:38:33 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/05/01 14:38:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/05/01 14:38:27 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/04/29 15:17:58 | 00,578,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2009/04/27 22:01:08 | 00,064,407 | ---- | C] () -- C:\Documents and Settings\KENT WIRGES\My Documents\Statement150_from_OMAHA_CHR.pdf
[2009/04/26 15:10:11 | 00,182,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndis.sys
[2009/04/24 17:22:05 | 00,860,754 | ---- | C] () -- C:\Documents and Settings\KENT WIRGES\My Documents\NewsandNotes090424.pdf
[2009/04/24 12:29:45 | 00,000,000 | ---D | C] -- C:\Program Files\SymNetDrv
[2009/04/24 07:02:19 | 00,124,016 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2009/04/24 07:02:19 | 00,091,904 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2009/04/24 07:02:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\KENT WIRGES\Application Data\Symantec
[2009/04/24 07:02:02 | 00,466,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\capicom.dll
[2009/04/24 07:02:01 | 00,000,000 | ---D | C] -- C:\Program Files\Symantec
[2009/04/24 07:02:01 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2009/04/24 07:01:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2009/04/23 22:42:10 | 00,000,000 | ---D | C] -- C:\Program Files\Angle Interactive
[2009/04/23 22:14:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\KENT WIRGES\Application Data\Logs
[2009/04/23 22:09:44 | 00,000,000 | ---D | C] -- C:\My Downloads
[2009/04/23 22:09:33 | 00,000,000 | ---D | C] -- C:\Program Files\QuickDownloadPack
[2009/04/22 08:37:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\KENT WIRGES\My Documents\BladeTrainCarr001
[2009/04/22 08:37:46 | 00,156,575 | ---- | C] () -- C:\Documents and Settings\KENT WIRGES\My Documents\BladeTrainCarr001.zip
[2009/04/20 00:19:58 | 00,024,064 | ---- | C] () -- C:\Documents and Settings\KENT WIRGES\My Documents\garretts.doc
[2009/04/18 14:54:27 | 00,461,841 | ---- | C] () -- C:\Documents and Settings\KENT WIRGES\My Documents\NewsandNotes090417.pdf
[2009/04/15 17:05:26 | 00,473,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009/04/15 17:05:26 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009/04/15 17:05:26 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll
[2009/04/15 17:05:26 | 00,284,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll
[2009/04/15 17:05:26 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009/04/15 17:05:26 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009/04/15 17:05:25 | 00,729,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2009/04/15 17:05:25 | 00,714,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll
[2009/04/15 17:05:25 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll
[2009/04/15 17:01:55 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe
[2009/04/15 17:01:55 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp4res.dll
[2009/04/15 13:11:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\KENT WIRGES\My Documents\postcard_1
[2009/04/15 12:41:59 | 00,699,201 | ---- | C] () -- C:\Documents and Settings\KENT WIRGES\My Documents\100_3859.zip
[2009/04/15 12:36:04 | 01,405,773 | ---- | C] () -- C:\Documents and Settings\KENT WIRGES\My Documents\postcard_1.zip
[2009/04/14 08:06:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\KENT WIRGES\My Documents\R_U_Ready_Video
[2009/04/14 08:05:50 | 07,692,193 | ---- | C] () -- C:\Documents and Settings\KENT WIRGES\My Documents\R_U_Ready_Video.zip
[2009/04/13 10:13:23 | 00,331,956 | -H-- | C] () -- C:\Documents and Settings\KENT WIRGES\My Documents\ZbThumbnail.info
[2009/04/11 19:12:23 | 00,031,744 | ---- | C] () -- C:\Documents and Settings\KENT WIRGES\My Documents\1989 supra theft deterant system.doc
[2008/05/03 11:59:57 | 00,000,078 | ---- | C] () -- C:\WINDOWS\TONKA.INI
[2007/12/25 14:53:11 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2007/08/22 18:20:20 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2007/08/22 18:18:35 | 00,225,280 | ---- | C] () -- C:\WINDOWS\System32\nvwrsda.dll
[2007/08/16 19:28:05 | 00,000,139 | ---- | C] () -- C:\WINDOWS\chmpchss.INI
[2007/07/29 10:39:02 | 00,000,960 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/06/09 18:47:53 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/05/03 17:26:18 | 00,000,151 | ---- | C] () -- C:\WINDOWS\Flash32.INI
[2007/05/03 17:25:09 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2007/04/21 17:00:02 | 00,001,179 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2006/11/23 14:16:54 | 00,163,840 | ---- | C] () -- C:\WINDOWS\System32\Cpl4811.dll
[2006/10/22 12:22:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/10/22 12:22:00 | 00,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/10/22 12:22:00 | 00,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/10/22 12:22:00 | 00,027,136 | ---- | C] () -- C:\WINDOWS\System32\nvcod.dll
[2006/07/21 20:59:25 | 00,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2006/07/20 20:23:48 | 00,040,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\sdcplh.sys
[2006/07/03 19:33:43 | 00,027,764 | ---- | C] () -- C:\WINDOWS\MiniCarRacing.ini
[2006/07/03 13:32:52 | 00,000,144 | ---- | C] () -- C:\WINDOWS\ka.ini
[2006/06/23 12:25:15 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2006/06/21 13:01:51 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Game.INI
[2006/06/21 11:27:32 | 00,000,900 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/06/12 18:16:24 | 00,000,045 | ---- | C] () -- C:\WINDOWS\EPSP825.ini
[2006/06/12 18:05:18 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/06/12 16:41:49 | 00,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2006/06/12 16:41:11 | 00,002,092 | ---- | C] () -- C:\WINDOWS\System32\P16X.ini
[2006/06/12 16:41:11 | 00,000,026 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2006/06/12 16:41:10 | 00,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[2006/06/12 16:41:10 | 00,039,936 | ---- | C] () -- C:\WINDOWS\System32\P16X.dll
[2006/06/12 16:41:08 | 00,006,175 | ---- | C] () -- C:\WINDOWS\MIXDEF.INI
[2006/06/12 16:41:08 | 00,005,917 | ---- | C] () -- C:\WINDOWS\SBMIXDEF.INI
[2006/06/12 16:41:07 | 00,000,064 | ---- | C] () -- C:\WINDOWS\P16x.ini
[2006/06/12 16:40:17 | 00,000,245 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2002/11/14 23:01:34 | 00,001,024 | ---- | C] () -- C:\WINDOWS\System32\atsdrve.dll
[2002/06/25 16:50:00 | 00,001,959 | ---- | C] () -- C:\WINDOWS\win.ini
[2002/06/25 16:48:54 | 00,144,384 | ---- | C] () -- C:\WINDOWS\uyahanof.dll
[2002/06/25 16:47:50 | 00,000,243 | ---- | C] () -- C:\WINDOWS\system.ini
[2002/06/25 16:43:40 | 00,103,424 | ---- | C] () -- C:\WINDOWS\System32\wwgrnyb.dll
[2000/09/08 15:53:50 | 00,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll
[1997/06/13 20:56:08 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[7 C:\WINDOWS\*.tmp files]
[5 C:\Documents and Settings\KENT WIRGES\My Documents\*.tmp files]
[2009/05/11 16:30:08 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/11 16:30:07 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\KENT WIRGES\Local Settings\desktop.ini
[2009/05/11 16:30:04 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/05/11 16:26:35 | 00,000,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2009/05/11 15:07:31 | 00,000,243 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/05/11 14:58:27 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/05/08 17:00:28 | 03,019,457 | R--- | M] () -- C:\Documents and Settings\KENT WIRGES\Desktop\ComboFix.exe
[2009/05/08 15:55:30 | 00,502,272 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\KENT WIRGES\Desktop\OTListIt2.exe
[2009/05/08 15:55:04 | 00,267,612 | ---- | M] () -- C:\Documents and Settings\KENT WIRGES\Desktop\Rooter.exe
[2009/05/08 15:25:52 | 01,529,241 | ---- | M] () -- C:\Documents and Settings\KENT WIRGES\Desktop\SDFix.exe
[2009/05/08 15:02:40 | 00,096,978 | ---- | M] (Business Information Solutions) -- C:\Documents and Settings\KENT WIRGES\Desktop\VirtumundoBeGone.exe
[2009/05/08 14:53:26 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\KENT WIRGES\Desktop\HijackThis.lnk
[2009/05/07 13:16:08 | 00,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/05/07 13:11:08 | 06,325,280 | ---- | M] () -- C:\Documents and Settings\KENT WIRGES\Desktop\SUPERAntiSpyware.exe
[2009/05/06 16:06:48 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\KENT WIRGES\Desktop\HJTInstall.exe
[2009/05/05 17:55:01 | 00,290,888 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/05/05 17:52:35 | 00,578,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\user32.dll
[2009/05/05 17:52:35 | 00,578,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2009/05/05 17:43:33 | 00,000,468 | RHS- | M] () -- C:\boot.ini
[2009/05/05 17:33:12 | 01,056,768 | ---- | M] () -- C:\WINDOWS\sectest.db
[2009/05/05 16:49:18 | 00,335,992 | ---- | M] () -- C:\Documents and Settings\KENT WIRGES\Desktop\Dial-a-fix-v0.60.0.24.zip
[2009/05/05 16:34:25 | 00,001,959 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/05/05 16:34:25 | 00,000,398 | ---- | M] () -- C:\Boot.bak
[2009/05/01 21:32:51 | 00,182,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndis.sys
[2009/05/01 16:34:40 | 00,006,456 | -H-- | M] () -- C:\WINDOWS\System32\tapuginu
[2009/05/01 15:36:46 | 00,117,248 | ---- | M] () -- C:\WINDOWS\vFind.exe
[2009/05/01 14:38:37 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/05/01 14:34:24 | 00,078,822 | ---- | M] () -- C:\VETlog.dmp
[2009/04/29 16:21:31 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/04/29 14:50:14 | 00,182,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ndis.sys
[2009/04/29 13:40:58 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/04/27 22:01:13 | 00,064,407 | ---- | M] () -- C:\Documents and Settings\KENT WIRGES\My Documents\Statement150_from_OMAHA_CHR.pdf
[2009/04/27 09:47:34 | 00,002,483 | ---- | M] () -- C:\Documents and Settings\KENT WIRGES\Desktop\Microsoft Word.lnk
[2009/04/24 17:22:12 | 00,860,754 | ---- | M] () -- C:\Documents and Settings\KENT WIRGES\My Documents\NewsandNotes090424.pdf
[2009/04/22 20:38:16 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/04/22 08:37:47 | 00,156,575 | ---- | M] () -- C:\Documents and Settings\KENT WIRGES\My Documents\BladeTrainCarr001.zip
[2009/04/20 12:56:28 | 00,031,232 | ---- | M] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/04/20 00:19:59 | 00,024,064 | ---- | M] () -- C:\Documents and Settings\KENT WIRGES\My Documents\garretts.doc
[2009/04/18 14:54:31 | 00,461,841 | ---- | M] () -- C:\Documents and Settings\KENT WIRGES\My Documents\NewsandNotes090417.pdf
[2009/04/17 19:58:38 | 00,369,152 | -HS- | M] () -- C:\Documents and Settings\KENT WIRGES\My Documents\Thumbs.db
[2009/04/16 12:45:58 | 00,000,654 | ---- | M] () -- C:\Documents and Settings\KENT WIRGES\My Documents\Shortcut to Dalton's space cover.lnk
[2009/04/16 12:45:58 | 00,000,394 | ---- | M] () -- C:\Documents and Settings\KENT WIRGES\My Documents\Shortcut to Shared Documents.lnk
[2009/04/15 21:37:48 | 00,406,328 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/04/15 21:37:47 | 00,063,528 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/04/15 21:37:46 | 00,477,846 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/15 21:21:02 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/04/15 12:42:04 | 00,699,201 | ---- | M] () -- C:\Documents and Settings\KENT WIRGES\My Documents\100_3859.zip
[2009/04/15 12:36:16 | 01,405,773 | ---- | M] () -- C:\Documents and Settings\KENT WIRGES\My Documents\postcard_1.zip
[2009/04/14 08:06:42 | 07,692,193 | ---- | M] () -- C:\Documents and Settings\KENT WIRGES\My Documents\R_U_Ready_Video.zip
[2009/04/13 10:33:15 | 00,331,956 | -H-- | M] () -- C:\Documents and Settings\KENT WIRGES\My Documents\ZbThumbnail.info
[2009/04/11 19:12:24 | 00,031,744 | ---- | M] () -- C:\Documents and Settings\KENT WIRGES\My Documents\1989 supra theft deterant system.doc
< End of report >

========== OTLISTIT ==========
Process explorer.exe killed successfully!
========== FILES ==========
c:\program files\delete.exe moved successfully.
c:\documents and settings\KENT WIRGES\Application Data\grhsbstt\Profiles\h9ko636u.default\extensions moved successfully.
c:\documents and settings\KENT WIRGES\Application Data\grhsbstt\Profiles\h9ko636u.default moved successfully.
c:\documents and settings\KENT WIRGES\Application Data\grhsbstt\Profiles moved successfully.
c:\documents and settings\KENT WIRGES\Application Data\grhsbstt moved successfully.
c:\documents and settings\KENT WIRGES\Local Settings\Application Data\grhsbstt\Profiles\h9ko636u.default moved successfully.
c:\documents and settings\KENT WIRGES\Local Settings\Application Data\grhsbstt\Profiles moved successfully.
c:\documents and settings\KENT WIRGES\Local Settings\Application Data\grhsbstt moved successfully.
c:\windows\system32\drivers\aihumihe.sys moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
File delete failed. C:\Documents and Settings\KENT WIRGES\Local Settings\temp\hpodvd09.log scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\KENT WIRGES\Local Settings\temp\me_DQsbgtpLEzSxzcc scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\KENT WIRGES\Local Settings\temp\me_Kf7NCWqUfhNL9Fj scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\KENT WIRGES\Local Settings\temp\me_lzCaNOnLh4M3rxz scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\KENT WIRGES\Local Settings\temp\me_V9j6uwNMrcfmbAC scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\KENT WIRGES\Local Settings\temp\~DFEF72.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.
Explorer started successfully

OTListIt2 by OldTimer - Version 2.0.15.4 log created on 05112009_162635

Files moved on Reboot...
C:\Documents and Settings\KENT WIRGES\Local Settings\temp\hpodvd09.log moved successfully.
File C:\Documents and Settings\KENT WIRGES\Local Settings\temp\me_DQsbgtpLEzSxzcc not found!
File C:\Documents and Settings\KENT WIRGES\Local Settings\temp\me_Kf7NCWqUfhNL9Fj not found!
File C:\Documents and Settings\KENT WIRGES\Local Settings\temp\me_lzCaNOnLh4M3rxz not found!
File C:\Documents and Settings\KENT WIRGES\Local Settings\temp\me_V9j6uwNMrcfmbAC not found!
File C:\Documents and Settings\KENT WIRGES\Local Settings\temp\~DFEF72.tmp not found!

Registry entries deleted on Reboot...

Ran ATFCleaner

Running updated MBAM right now.

Edited by amd256, 11 May 2009 - 03:46 PM.

#11
amd256

Posted 13 May 2009 - 02:09 PM

Member

Topic Starter
Member
10 posts

Since its been a couple days im going to post and updated OTListIT log

1. OTListIT log:

OTListIt logfile created on: 5/13/2009 3:04:09 PM - Run 6
OTListIt2 by OldTimer - Version 2.0.15.4 Folder = C:\Documents and Settings\KENT WIRGES\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.01 Mb Total Physical Memory | 195.97 Mb Available Physical Memory | 38.35% Memory free
1.22 Gb Paging File | 0.72 Gb Available in Paging File | 58.95% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 24.20 Gb Free Space | 32.49% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 244.44 Mb Total Space | 229.55 Mb Free Space | 93.91% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: WIRGESCOMPUTER
Current User Name: KENT WIRGES
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Program Files\Ahead\InCD\InCDsrv.exe (Nero AG)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (AOL LLC)
PRC - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\WINDOWS\System32\CTsvcCDA.exe (Creative Technology Ltd)
PRC - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe (SEIKO EPSON CORPORATION)
PRC - C:\WINDOWS\system32\drivers\KodakCCS.exe (Eastman Kodak Company)
PRC - C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\WINDOWS\system32\RioMSC.exe (Digital Networks North America, Inc.)
PRC - C:\WINDOWS\system32\ScsiAccess.EXE ()
PRC - C:\WINDOWS\wanmpsvc.exe (America Online, Inc.)
PRC - C:\WINDOWS\System32\MsPMSPSv.exe (Microsoft Corporation)
PRC - c:\WINDOWS\system32\ZuneBusEnum.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
PRC - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe ()
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
PRC - c:\program files\aol toolbar\AolTbServer.exe (AOL LLC)
PRC - C:\Program Files\Java\jre6\bin\java.exe (Sun Microsystems, Inc.)
PRC - C:\Documents and Settings\KENT WIRGES\Local Settings\temp\jkos-KENT WIRGES\binaries\ScanningProcess.exe (Kaspersky Lab.)
PRC - C:\Documents and Settings\KENT WIRGES\Desktop\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (AOL ACS [Auto | Stopped]) -- C:\Program Files\Common Files\AOL\ACS\acsd.exe (AOL LLC)
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Automatic LiveUpdate Scheduler [Auto | Running]) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Creative Service for CDROM Access [Auto | Running]) -- C:\WINDOWS\System32\CTsvcCDA.exe (Creative Technology Ltd)
SRV - (EPSONStatusAgent2 [Auto | Running]) -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe (SEIKO EPSON CORPORATION)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (InCDsrvR [Auto | Running]) -- C:\Program Files\Ahead\InCD\InCDsrv.exe (Nero AG)
SRV - (iPod Service [On_Demand | Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (KodakCCS [Auto | Running]) -- C:\WINDOWS\system32\drivers\KodakCCS.exe (Eastman Kodak Company)
SRV - (LiveUpdate [On_Demand | Stopped]) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE (Symantec Corporation)
SRV - (NVSvc [Auto | Running]) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
SRV - (Pml Driver HPZ12 [Auto | Stopped]) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (RioMSC [Auto | Running]) -- C:\WINDOWS\system32\RioMSC.exe (Digital Networks North America, Inc.)
SRV - (ScsiAccess [Auto | Running]) -- C:\WINDOWS\system32\ScsiAccess.EXE ()
SRV - (SNDSrvc [On_Demand | Stopped]) -- File not found
SRV - (Viewpoint Manager Service [Disabled | Stopped]) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (vundofixsvc [On_Demand | Stopped]) -- C:\WINDOWS\system32\VundoFixSVC.exe (Atribune.org)
SRV - (WANMiniportService [Auto | Running]) -- C:\WINDOWS\wanmpsvc.exe (America Online, Inc.)
SRV - (WMDM PMSP Service [Auto | Running]) -- C:\WINDOWS\System32\MsPMSPSv.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
SRV - (ZuneBusEnum [Auto | Running]) -- c:\WINDOWS\system32\ZuneBusEnum.exe (Microsoft Corporation)
SRV - (ZuneNetworkSvc [Auto | Stopped]) -- c:\Program Files\Zune\ZuneNss.exe (Microsoft Corporation)
SRV - (ZuneWlanCfgSvc [On_Demand | Stopped]) -- c:\WINDOWS\system32\ZuneWlanCfgSvc.exe (Microsoft Corporation)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (gusvc [On_Demand | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)

========== Driver Services (SafeList) ==========

DRV - ($sys$cor [Boot | Running]) -- C:\WINDOWS\System32\Drivers\$sys$cor.sys (First 4 Internet)
DRV - ($sys$crater [System | Running]) -- C:\WINDOWS\system32\$sys$filesystem\crater.sys (First 4 Internet)
DRV - (ASCTRM [Auto | Running]) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows ® 2000 DDK provider)
DRV - (BCMModem [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\BCMSM.sys (Broadcom Corporation)
DRV - (DcCam [System | Running]) -- C:\WINDOWS\system32\DRIVERS\DcCam.sys (Eastman Kodak Company)
DRV - (DcFpoint [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\DcFpoint.sys (Eastman Kodak Company)
DRV - (DCFS2K [Auto | Running]) -- C:\WINDOWS\system32\drivers\dcfs2k.sys (Eastman Kodak Company)
DRV - (DcLps [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\DcLps.sys (Eastman Kodak Company)
DRV - (DcPTP [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\DcPTP.sys (Eastman Kodak Company)
DRV - (Exportit [System | Stopped]) -- C:\WINDOWS\system32\DRIVERS\exportit.sys (Eastman Kodak Company)
DRV - (gameenum [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\gameenum.sys (Microsoft Corporation)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HPZid412 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZid412.sys (HP)
DRV - (HPZipr12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZipr12.sys (HP)
DRV - (HPZius12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZius12.sys (HP)
DRV - (InCDfs [Disabled | Running]) -- C:\WINDOWS\System32\drivers\InCDfs.sys (Nero AG)
DRV - (InCDPass [System | Running]) -- C:\WINDOWS\System32\DRIVERS\InCDPass.sys (Nero AG)
DRV - (incdrm [System | Running]) -- C:\WINDOWS\System32\drivers\InCDrm.sys (Nero AG)
DRV - (MCSTRM [Auto | Running]) -- C:\WINDOWS\System32\drivers\mcstrm.sys (RealNetworks, Inc.)
DRV - (MODEMCSA [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (OMCI [System | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS (Dell Computer Corporation)
DRV - (P16X [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\P16X.sys (Creative Technology Ltd.)
DRV - (PfModNT [Auto | Running]) -- C:\WINDOWS\System32\PfModNT.sys (Creative Technology Ltd.)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (rtl8139 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\RTL8139.SYS (Realtek Semiconductor Corporation)
DRV - (sasdifsv [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (sasenum [On_Demand | Stopped]) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (saskutil [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (sdcplh [System | Running]) -- C:\WINDOWS\System32\drivers\sdcplh.sys ()
DRV - (Secdrv [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SYMDNS [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS (Symantec Corporation)
DRV - (SymEvent [On_Demand | Running]) -- C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Corporation)
DRV - (SYMFW [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\SYMFW.SYS (Symantec Corporation)
DRV - (SYMIDS [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS (Symantec Corporation)
DRV - (SYMNDIS [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS (Symantec Corporation)
DRV - (SYMREDRV [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (SYMTDI [System | Running]) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (USBAAPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple, Inc.)
DRV - (wanatw [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys (America Online, Inc.)
DRV - (WinUSB [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\WinUSB.sys (Microsoft Corporation)
DRV - (xusb21 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\xusb21.sys (Microsoft Corporation)
DRV - (zumbus [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\zumbus.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - Reg Error: Key error. File not found
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/?src=toolbar
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

FF - HKLM\software\mozilla\firefox\extensions\\[email protected]: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/05/12 15:16:25 | 00,000,000 | ---D | M]

O1 HOSTS File: (56 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (Viewpoint Toolbar) - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.9.0\IEViewBar.dll (Viewpoint Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &AOL Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnote...ad/mnviewer.cab (Musicnotes Viewer)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo.walgree...eensActivia.cab (Snapfish Activia)
O16 - DPF: {6E704581-CCAE-46D2-9C64-20D724B3624E} http://radaol-prod-w...agi3.0.84.2.cab (UnagiAx Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius....tiveXPlugin.cab (ScorchPlugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - x-sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!saswinlogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/06/12 16:31:01 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[7 C:\WINDOWS\*.tmp files]
[5 C:\Documents and Settings\KENT WIRGES\My Documents\*.tmp files]
[2009/05/13 15:01:54 | 00,009,126 | ---- | C] () -- C:\Documents and Settings\KENT WIRGES\Desktop\kaspersky log.html
[2009/05/13 03:00:39 | 24,699,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/05/12 15:14:59 | 16,283,032 | ---- | C] () -- C:\Documents and Settings\KENT WIRGES\Desktop\jre-6u13-windows-i586-p.exe
[2009/05/12 15:13:56 | 00,001,261 | ---- | C] () -- C:\Documents and Settings\KENT WIRGES\Desktop\1242159245726-integrated.jnlp
[2009/05/12 15:04:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\KENT WIRGES\Desktop\JavaRa
[2009/05/12 15:04:41 | 00,069,512 | ---- | C] () -- C:\Documents and Settings\KENT WIRGES\Desktop\JavaRa.zip
[2009/05/11 16:26:41 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/05/11 16:26:35 | 00,000,000 | ---D | C] -- C:\_OTListIt
[2009/05/11 15:15:17 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009/05/08 17:05:27 | 03,019,457 | R--- | C] () -- C:\Documents and Settings\KENT WIRGES\Desktop\ComboFix.exe
[2009/05/08 16:05:41 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/05/08 16:05:36 | 00,502,272 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\KENT WIRGES\Desktop\OTListIt2.exe
[2009/05/08 16:05:36 | 00,267,612 | ---- | C] () -- C:\Documents and Settings\KENT WIRGES\Desktop\Rooter.exe
[2009/05/08 15:31:11 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2009/05/08 15:28:12 | 00,000,000 | ---D | C] -- C:\SDFix
[2009/05/08 15:28:06 | 01,529,241 | ---- | C] () -- C:\Documents and Settings\KENT WIRGES\Desktop\SDFix.exe
[2009/05/08 15:04:47 | 00,096,978 | ---- | C] (Business Information Solutions) -- C:\Documents and Settings\KENT WIRGES\Desktop\VirtumundoBeGone.exe
[2009/05/08 14:53:25 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\KENT WIRGES\Desktop\HijackThis.lnk
[2009/05/08 14:53:25 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/05/07 13:16:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/05/07 13:16:08 | 00,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/05/07 13:16:06 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/05/07 13:16:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\KENT WIRGES\Application Data\SUPERAntiSpyware.com
[2009/05/07 13:15:36 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009/05/07 13:15:32 | 06,325,280 | ---- | C] () -- C:\Documents and Settings\KENT WIRGES\Desktop\SUPERAntiSpyware.exe
[2009/05/06 17:07:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\KENT WIRGES\Local Settings\temp
[2009/05/06 16:16:01 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2009/05/06 16:15:32 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\KENT WIRGES\Desktop\HJTInstall.exe
[2009/05/05 17:55:11 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2009/05/05 17:43:33 | 00,000,398 | ---- | C] () -- C:\Boot.bak
[2009/05/05 17:43:29 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/05/05 17:43:27 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/05/05 17:42:33 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/05/05 17:42:33 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/05/05 17:42:33 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/05/05 17:42:33 | 00,117,248 | ---- | C] () -- C:\WINDOWS\vFind.exe
[2009/05/05 17:42:33 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/05/05 17:42:33 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/05/05 17:42:33 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/05/05 17:42:33 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/05/05 17:02:53 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\secedit.exe
[2009/05/05 17:00:18 | 01,056,768 | ---- | C] () -- C:\WINDOWS\sectest.db
[2009/05/05 16:56:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\KENT WIRGES\Desktop\Dial-a-fix-v0.60.0.24
[2009/05/05 16:56:25 | 00,335,992 | ---- | C] () -- C:\Documents and Settings\KENT WIRGES\Desktop\Dial-a-fix-v0.60.0.24.zip
[2009/05/04 17:45:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/05/04 17:45:01 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/05/01 16:45:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2009/05/01 14:38:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\KENT WIRGES\Application Data\Malwarebytes
[2009/05/01 14:38:37 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/05/01 14:38:36 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/05/01 14:38:33 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/05/01 14:38:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/05/01 14:38:27 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/04/29 15:17:58 | 00,578,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2009/04/27 22:01:08 | 00,064,407 | ---- | C] () -- C:\Documents and Settings\KENT WIRGES\My Documents\Statement150_from_OMAHA_CHR.pdf
[2009/04/26 15:10:11 | 00,182,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndis.sys
[2009/04/24 17:22:05 | 00,860,754 | ---- | C] () -- C:\Documents and Settings\KENT WIRGES\My Documents\NewsandNotes090424.pdf
[2009/04/24 12:29:45 | 00,000,000 | ---D | C] -- C:\Program Files\SymNetDrv
[2009/04/24 07:02:19 | 00,124,016 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2009/04/24 07:02:19 | 00,091,904 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2009/04/24 07:02:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\KENT WIRGES\Application Data\Symantec
[2009/04/24 07:02:02 | 00,466,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\capicom.dll
[2009/04/24 07:02:01 | 00,000,000 | ---D | C] -- C:\Program Files\Symantec
[2009/04/24 07:02:01 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2009/04/24 07:01:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2009/04/23 22:42:10 | 00,000,000 | ---D | C] -- C:\Program Files\Angle Interactive
[2009/04/23 22:14:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\KENT WIRGES\Application Data\Logs
[2009/04/23 22:09:44 | 00,000,000 | ---D | C] -- C:\My Downloads
[2009/04/23 22:09:33 | 00,000,000 | ---D | C] -- C:\Program Files\QuickDownloadPack
[2009/04/22 08:37:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\KENT WIRGES\My Documents\BladeTrainCarr001
[2009/04/22 08:37:46 | 00,156,575 | ---- | C] () -- C:\Documents and Settings\KENT WIRGES\My Documents\BladeTrainCarr001.zip
[2009/04/20 00:19:58 | 00,024,064 | ---- | C] () -- C:\Documents and Settings\KENT WIRGES\My Documents\garretts.doc
[2009/04/18 14:54:27 | 00,461,841 | ---- | C] () -- C:\Documents and Settings\KENT WIRGES\My Documents\NewsandNotes090417.pdf
[2009/04/15 17:05:26 | 00,473,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009/04/15 17:05:26 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009/04/15 17:05:26 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll
[2009/04/15 17:05:26 | 00,284,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll
[2009/04/15 17:05:26 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009/04/15 17:05:26 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009/04/15 17:05:25 | 00,729,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2009/04/15 17:05:25 | 00,714,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll
[2009/04/15 17:05:25 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll
[2009/04/15 17:01:55 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe
[2009/04/15 17:01:55 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp4res.dll
[2009/04/15 13:11:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\KENT WIRGES\My Documents\postcard_1
[2009/04/15 12:41:59 | 00,699,201 | ---- | C] () -- C:\Documents and Settings\KENT WIRGES\My Documents\100_3859.zip
[2009/04/15 12:36:04 | 01,405,773 | ---- | C] () -- C:\Documents and Settings\KENT WIRGES\My Documents\postcard_1.zip
[2009/04/14 08:06:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\KENT WIRGES\My Documents\R_U_Ready_Video
[2009/04/14 08:05:50 | 07,692,193 | ---- | C] () -- C:\Documents and Settings\KENT WIRGES\My Documents\R_U_Ready_Video.zip
[2008/05/03 11:59:57 | 00,000,078 | ---- | C] () -- C:\WINDOWS\TONKA.INI
[2007/12/25 14:53:11 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2007/08/22 18:20:20 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2007/08/22 18:18:35 | 00,225,280 | ---- | C] () -- C:\WINDOWS\System32\nvwrsda.dll
[2007/08/16 19:28:05 | 00,000,139 | ---- | C] () -- C:\WINDOWS\chmpchss.INI
[2007/07/29 10:39:02 | 00,000,960 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/06/09 18:47:53 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/05/03 17:26:18 | 00,000,151 | ---- | C] () -- C:\WINDOWS\Flash32.INI
[2007/05/03 17:25:09 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2007/04/21 17:00:02 | 00,001,179 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2006/11/23 14:16:54 | 00,163,840 | ---- | C] () -- C:\WINDOWS\System32\Cpl4811.dll
[2006/10/22 12:22:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/10/22 12:22:00 | 00,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/10/22 12:22:00 | 00,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/10/22 12:22:00 | 00,027,136 | ---- | C] () -- C:\WINDOWS\System32\nvcod.dll
[2006/07/21 20:59:25 | 00,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2006/07/20 20:23:48 | 00,040,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\sdcplh.sys
[2006/07/03 19:33:43 | 00,027,764 | ---- | C] () -- C:\WINDOWS\MiniCarRacing.ini
[2006/07/03 13:32:52 | 00,000,144 | ---- | C] () -- C:\WINDOWS\ka.ini
[2006/06/23 12:25:15 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2006/06/21 13:01:51 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Game.INI
[2006/06/21 11:27:32 | 00,000,900 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/06/12 18:16:24 | 00,000,045 | ---- | C] () -- C:\WINDOWS\EPSP825.ini
[2006/06/12 18:05:18 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/06/12 16:41:49 | 00,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2006/06/12 16:41:11 | 00,002,092 | ---- | C] () -- C:\WINDOWS\System32\P16X.ini
[2006/06/12 16:41:11 | 00,000,026 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2006/06/12 16:41:10 | 00,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[2006/06/12 16:41:10 | 00,039,936 | ---- | C] () -- C:\WINDOWS\System32\P16X.dll
[2006/06/12 16:41:08 | 00,006,175 | ---- | C] () -- C:\WINDOWS\MIXDEF.INI
[2006/06/12 16:41:08 | 00,005,917 | ---- | C] () -- C:\WINDOWS\SBMIXDEF.INI
[2006/06/12 16:41:07 | 00,000,064 | ---- | C] () -- C:\WINDOWS\P16x.ini
[2006/06/12 16:40:17 | 00,000,245 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2002/11/14 23:01:34 | 00,001,024 | ---- | C] () -- C:\WINDOWS\System32\atsdrve.dll
[2002/06/25 16:50:00 | 00,001,959 | ---- | C] () -- C:\WINDOWS\win.ini
[2002/06/25 16:48:54 | 00,144,384 | ---- | C] () -- C:\WINDOWS\uyahanof.dll
[2002/06/25 16:47:50 | 00,000,243 | ---- | C] () -- C:\WINDOWS\system.ini
[2002/06/25 16:43:40 | 00,103,424 | ---- | C] () -- C:\WINDOWS\System32\wwgrnyb.dll
[2000/09/08 15:53:50 | 00,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll
[1997/06/13 20:56:08 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[7 C:\WINDOWS\*.tmp files]
[5 C:\Documents and Settings\KENT WIRGES\My Documents\*.tmp files]
[2009/05/13 15:01:54 | 00,009,126 | ---- | M] () -- C:\Documents and Settings\KENT WIRGES\Desktop\kaspersky log.html
[2009/05/12 15:15:21 | 16,283,032 | ---- | M] () -- C:\Documents and Settings\KENT WIRGES\Desktop\jre-6u13-windows-i586-p.exe
[2009/05/12 15:13:59 | 00,001,261 | ---- | M] () -- C:\Documents and Settings\KENT WIRGES\Desktop\1242159245726-integrated.jnlp
[2009/05/12 15:01:46 | 00,069,512 | ---- | M] () -- C:\Documents and Settings\KENT WIRGES\Desktop\JavaRa.zip
[2009/05/11 16:30:08 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/11 16:30:07 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\KENT WIRGES\Local Settings\desktop.ini
[2009/05/11 16:30:04 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/05/11 16:26:35 | 00,000,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2009/05/11 15:07:31 | 00,000,243 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/05/11 14:58:27 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/05/08 17:00:28 | 03,019,457 | R--- | M] () -- C:\Documents and Settings\KENT WIRGES\Desktop\ComboFix.exe
[2009/05/08 15:55:30 | 00,502,272 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\KENT WIRGES\Desktop\OTListIt2.exe
[2009/05/08 15:55:04 | 00,267,612 | ---- | M] () -- C:\Documents and Settings\KENT WIRGES\Desktop\Rooter.exe
[2009/05/08 15:25:52 | 01,529,241 | ---- | M] () -- C:\Documents and Settings\KENT WIRGES\Desktop\SDFix.exe
[2009/05/08 15:02:40 | 00,096,978 | ---- | M] (Business Information Solutions) -- C:\Documents and Settings\KENT WIRGES\Desktop\VirtumundoBeGone.exe
[2009/05/08 14:53:26 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\KENT WIRGES\Desktop\HijackThis.lnk
[2009/05/07 13:16:08 | 00,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/05/07 13:11:08 | 06,325,280 | ---- | M] () -- C:\Documents and Settings\KENT WIRGES\Desktop\SUPERAntiSpyware.exe
[2009/05/07 00:16:30 | 24,699,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/05/06 16:06:48 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\KENT WIRGES\Desktop\HJTInstall.exe
[2009/05/05 17:55:01 | 00,290,888 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/05/05 17:52:35 | 00,578,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\user32.dll
[2009/05/05 17:52:35 | 00,578,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2009/05/05 17:43:33 | 00,000,468 | RHS- | M] () -- C:\boot.ini
[2009/05/05 17:33:12 | 01,056,768 | ---- | M] () -- C:\WINDOWS\sectest.db
[2009/05/05 16:49:18 | 00,335,992 | ---- | M] () -- C:\Documents and Settings\KENT WIRGES\Desktop\Dial-a-fix-v0.60.0.24.zip
[2009/05/05 16:34:25 | 00,001,959 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/05/05 16:34:25 | 00,000,398 | ---- | M] () -- C:\Boot.bak
[2009/05/01 21:32:51 | 00,182,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndis.sys
[2009/05/01 16:34:40 | 00,006,456 | -H-- | M] () -- C:\WINDOWS\System32\tapuginu
[2009/05/01 15:36:46 | 00,117,248 | ---- | M] () -- C:\WINDOWS\vFind.exe
[2009/05/01 14:38:37 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/05/01 14:34:24 | 00,078,822 | ---- | M] () -- C:\VETlog.dmp
[2009/04/29 16:21:31 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/04/29 14:50:14 | 00,182,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ndis.sys
[2009/04/29 13:40:58 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/04/27 22:01:13 | 00,064,407 | ---- | M] () -- C:\Documents and Settings\KENT WIRGES\My Documents\Statement150_from_OMAHA_CHR.pdf
[2009/04/27 09:47:34 | 00,002,483 | ---- | M] () -- C:\Documents and Settings\KENT WIRGES\Desktop\Microsoft Word.lnk
[2009/04/24 17:22:12 | 00,860,754 | ---- | M] () -- C:\Documents and Settings\KENT WIRGES\My Documents\NewsandNotes090424.pdf
[2009/04/22 20:38:16 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/04/22 08:37:47 | 00,156,575 | ---- | M] () -- C:\Documents and Settings\KENT WIRGES\My Documents\BladeTrainCarr001.zip
[2009/04/20 12:56:28 | 00,031,232 | ---- | M] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/04/20 00:19:59 | 00,024,064 | ---- | M] () -- C:\Documents and Settings\KENT WIRGES\My Documents\garretts.doc
[2009/04/18 14:54:31 | 00,461,841 | ---- | M] () -- C:\Documents and Settings\KENT WIRGES\My Documents\NewsandNotes090417.pdf
[2009/04/17 19:58:38 | 00,369,152 | -HS- | M] () -- C:\Documents and Settings\KENT WIRGES\My Documents\Thumbs.db
[2009/04/16 12:45:58 | 00,000,654 | ---- | M] () -- C:\Documents and Settings\KENT WIRGES\My Documents\Shortcut to Dalton's space cover.lnk
[2009/04/16 12:45:58 | 00,000,394 | ---- | M] () -- C:\Documents and Settings\KENT WIRGES\My Documents\Shortcut to Shared Documents.lnk
[2009/04/15 21:37:48 | 00,406,328 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/04/15 21:37:47 | 00,063,528 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/04/15 21:37:46 | 00,477,846 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/15 21:21:02 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/04/15 12:42:04 | 00,699,201 | ---- | M] () -- C:\Documents and Settings\KENT WIRGES\My Documents\100_3859.zip
[2009/04/15 12:36:16 | 01,405,773 | ---- | M] () -- C:\Documents and Settings\KENT WIRGES\My Documents\postcard_1.zip
[2009/04/14 08:06:42 | 07,692,193 | ---- | M] () -- C:\Documents and Settings\KENT WIRGES\My Documents\R_U_Ready_Video.zip
< End of report >

MBAM Log:

Malwarebytes' Anti-Malware 1.36
Database version: 2110
Windows 5.1.2600 Service Pack 3

5/12/2009 3:02:01 PM
mbam-log-2009-05-12 (15-02-01).txt

Scan type: Full Scan (C:\|)
Objects scanned: 181120
Time elapsed: 1 hour(s), 35 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

kaspersky log:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Wednesday, May 13, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Tuesday, May 12, 2009 22:43:44
Records in database: 2169442
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\

Scan statistics:
Files scanned: 118636
Threat name: 8
Infected objects: 26
Suspicious objects: 0
Duration of the scan: 02:54:36

File name / Threat name / Threats count
C:\Qoobox\Quarantine\[4]-SUBMIT_2009-05-11_15.01.14.ZIP Infected: Trojan.Win32.BHO.ext 1
C:\System Volume Information\_restore{A4BE560F-CEA3-4F7B-8F18-7CA5549403EC}\RP1108\A0203651.exe Infected: Trojan.Win32.Obfuscated.afji 1
C:\System Volume Information\_restore{A4BE560F-CEA3-4F7B-8F18-7CA5549403EC}\RP1108\A0203674.exe Infected: Trojan.Win32.Obfuscated.afji 1
C:\System Volume Information\_restore{A4BE560F-CEA3-4F7B-8F18-7CA5549403EC}\RP1108\A0203680.exe Infected: Trojan.Win32.Obfuscated.afji 1
C:\System Volume Information\_restore{A4BE560F-CEA3-4F7B-8F18-7CA5549403EC}\RP1108\A0203690.exe Infected: Trojan.Win32.Obfuscated.afji 1
C:\System Volume Information\_restore{A4BE560F-CEA3-4F7B-8F18-7CA5549403EC}\RP1108\A0203697.exe Infected: Trojan.Win32.Obfuscated.afji 1
C:\System Volume Information\_restore{A4BE560F-CEA3-4F7B-8F18-7CA5549403EC}\RP1108\A0203704.exe Infected: Trojan.Win32.Obfuscated.afji 1
C:\System Volume Information\_restore{A4BE560F-CEA3-4F7B-8F18-7CA5549403EC}\RP1108\A0203712.exe Infected: Trojan.Win32.Obfuscated.afji 1
C:\System Volume Information\_restore{A4BE560F-CEA3-4F7B-8F18-7CA5549403EC}\RP1108\A0203716.sys Infected: Rootkit.Win32.Agent.ile 1
C:\System Volume Information\_restore{A4BE560F-CEA3-4F7B-8F18-7CA5549403EC}\RP1108\A0203741.exe Infected: Trojan.Win32.Obfuscated.afji 1
C:\System Volume Information\_restore{A4BE560F-CEA3-4F7B-8F18-7CA5549403EC}\RP1110\A0204963.sys Infected: Rootkit.Win32.Agent.ile 1
C:\System Volume Information\_restore{A4BE560F-CEA3-4F7B-8F18-7CA5549403EC}\RP1110\A0204971.exe Infected: Trojan-Downloader.Win32.Suurch.oa 1
C:\System Volume Information\_restore{A4BE560F-CEA3-4F7B-8F18-7CA5549403EC}\RP1110\A0204973.SYS Infected: Rootkit.Win32.Agent.ile 1
C:\System Volume Information\_restore{A4BE560F-CEA3-4F7B-8F18-7CA5549403EC}\RP1110\A0204976.exe Infected: Trojan-Clicker.Win32.Delf.cfx 1
C:\System Volume Information\_restore{A4BE560F-CEA3-4F7B-8F18-7CA5549403EC}\RP1110\A0204977.exe Infected: Trojan-Clicker.Win32.Delf.cfx 1
C:\System Volume Information\_restore{A4BE560F-CEA3-4F7B-8F18-7CA5549403EC}\RP1110\A0204978.exe Infected: Virus.Win32.Virut.ce 1
C:\System Volume Information\_restore{A4BE560F-CEA3-4F7B-8F18-7CA5549403EC}\RP1110\A0204981.SYS Infected: Rootkit.Win32.Agent.ile 1
C:\System Volume Information\_restore{A4BE560F-CEA3-4F7B-8F18-7CA5549403EC}\RP1110\A0204982.dll Infected: Trojan-Clicker.Win32.Delf.cbe 1
C:\System Volume Information\_restore{A4BE560F-CEA3-4F7B-8F18-7CA5549403EC}\RP1110\A0204983.dll Infected: Trojan-Clicker.Win32.Delf.cbe 1
C:\System Volume Information\_restore{A4BE560F-CEA3-4F7B-8F18-7CA5549403EC}\RP1110\A0204987.dll Infected: Trojan-Clicker.Win32.Delf.cbe 1
C:\System Volume Information\_restore{A4BE560F-CEA3-4F7B-8F18-7CA5549403EC}\RP1110\A0204988.exe Infected: Trojan-Clicker.Win32.Delf.cfx 1
C:\System Volume Information\_restore{A4BE560F-CEA3-4F7B-8F18-7CA5549403EC}\RP1110\A0204989.sys Infected: Rootkit.Win32.Agent.ile 1
C:\System Volume Information\_restore{A4BE560F-CEA3-4F7B-8F18-7CA5549403EC}\RP1110\A0204990.exe Infected: Trojan-Clicker.Win32.Delf.cfx 1
C:\System Volume Information\_restore{A4BE560F-CEA3-4F7B-8F18-7CA5549403EC}\RP1110\A0204991.sys Infected: Rootkit.Win32.Agent.ile 1
C:\System Volume Information\_restore{A4BE560F-CEA3-4F7B-8F18-7CA5549403EC}\RP1110\A0204992.exe Infected: Trojan.Win32.Inject.wil 1
C:\System Volume Information\_restore{A4BE560F-CEA3-4F7B-8F18-7CA5549403EC}\RP1110\A0204993.exe Infected: Virus.Win32.Virut.ce 1

The selected area was scanned.

4. The computer seems to be running better and no longer being flagged as a spammer when the computer is connected to the internet.

#12
andrewuk

Posted 13 May 2009 - 02:16 PM

Trusted Helper

Malware Removal
5,297 posts

Hello amd256

congratulations, your logs are clean and another fix is in the can

the malwarebytes scan was clean and the kaspersky scan only found items safely quarantined or in the system restore, which we will flush now.

in this post we will clear away the fix tools (this is so that should you ever be re-infected, you will download updated versions and it will also remove the quarantined Malware from your computer), reset your restore points (there will be infections lurking in there) and i will leave you with some ideas on how to enhance the protection of your machine against future infection.

====STEP 1====
Follow these steps to uninstall Combofix, the tools used in the removal of malware and to flush your system restore points

Click START then RUN
Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.

====STEP 2====
Double-click OTListIt.exe to run it. (Vista users, please right click on OTListIt.exe and select "Run as an Administrator")

Click the Clean up button and let the program run
when prompted, click Yes to the reboot.

you can also clear away any other tools we used.

====IDEAS TO SPEED UP YOUR MACHINE====
this page http://users.telenet...owcomputer.html gives some good ideas on how to improve the efficiency of your machine and has one or two useful links to help you further.

====AND FINALLY====
The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.

MBAM - Malware Bytes Anti Malware is an excellent tool for anyone's antimalware arsenal. This program should be updated and run often.
SpywareBlaster - Great prevention tool to keep nasties from installing on your system.
SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.
IE-SpyAd - puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
Comodo Firewall - The use of a firewall is a personal preference, but its certainly a good idea. Comodo is free and light. Remember, never install more than 1 firewall. also remember, do not download the comodo antivirus program if you already have an antivirus program on your machine.
Digsby or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
FireFox - Alternate web browser. Open source and quick, Firefox is usually the first thing I install on a new system.
NoScript - Addon for Firefox that stops all scripts from running on websites. Stops malicious software from invading via flash, java, javascript, and many other entry points.

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein

best wishes

andrewuk

#13
amd256

Posted 13 May 2009 - 02:24 PM

Member

Topic Starter
Member
10 posts

Thank you so much Andrewuk for all your help, much appreciated.

Now how do I change topic to add resolved or whatever? Or is it done automatically by a mod?

#14
andrewuk

Posted 13 May 2009 - 02:51 PM

Trusted Helper

Malware Removal
5,297 posts

Now how do I change topic to add resolved or whatever? Or is it done automatically by a mod?

i will do so at a later time.

#15
amd256

Posted 13 May 2009 - 03:35 PM

Member

Topic Starter
Member
10 posts

One more quick question, if I need to restore to a point where the infections were will the virus come back or did we get rid of them when we ran the cleanup and uninstalled combofix?