Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Removed Vundo, I think, but automatic updates and the firewall automat

Started by alcatraz543 , Mar 29 2009 12:02 PM

  • This topic is locked This topic is locked

#1
alcatraz543
Posted 29 March 2009 - 12:02 PM

alcatraz543

    Member

  • Member
  • PipPip
  • 20 posts
Hi all,

Recently I was infected with a bunch of malware but with the help of my friends, SuperAntiSpyware, and MalWareBytes I think I was able to get rid of most of it. However, my automatic updates will not turn on as well as my firewall. Also, my background is a pure gray screen and not my usual background. Below are my rooter and OldTimer logs. Could someone please point me in the right direction. Thanks!!!!!

Microsoft Windows XP Professional (5.1.2600) Service Pack 3

C:\ [Fixed] - NTFS - (Total:109638 Mo/Free:3909 Mo)
D:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)

Sun 03/29/2009|13:54

----------------------\\ Processes..

--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\Ati2evxx.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\Ati2evxx.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\WINDOWS\eHome\ehRecvr.exe
---------- C:\WINDOWS\eHome\ehSched.exe
---------- C:\WINDOWS\system32\LxrSII1s.exe
---------- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
---------- C:\WINDOWS\eHome\ehRec.exe
---------- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
---------- C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\ehome\mcrdsvc.exe
---------- C:\WINDOWS\system32\wbem\wmiprvse.exe
---------- C:\WINDOWS\system32\wscntfy.exe
---------- C:\WINDOWS\system32\ctfmon.exe
---------- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
---------- C:\WINDOWS\stsystra.exe
---------- C:\Program Files\iTunes\iTunesHelper.exe
---------- C:\WINDOWS\ehome\ehtray.exe
---------- C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
---------- C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
---------- C:\WINDOWS\eHome\ehmsas.exe
---------- C:\Documents and Settings\Blake\Local Settings\Application Data\Lexar Media\LxrAutorun.exe
---------- C:\Program Files\Dell Support\DSAgnt.exe
---------- C:\Program Files\iPod\bin\iPodService.exe
---------- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\explorer.exe
---------- C:\Program Files\Mozilla Firefox\firefox.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Rooter$\RK.exe

----------------------\\ Search..

----------------------\\ ROOTKIT !!



1 - "C:\Rooter$\Rooter_1.txt" - Sat 03/28/2009|22:42
2 - "C:\Rooter$\Rooter_2.txt" - Sat 03/28/2009|22:44
3 - "C:\Rooter$\Rooter_3.txt" - Sun 03/29/2009| 1:09
4 - "C:\Rooter$\Rooter_4.txt" - Sun 03/29/2009|12:19
5 - "C:\Rooter$\Rooter_5.txt" - Sun 03/29/2009|13:54

----------------------\\ Scan completed at 13:54


Old Timer Log..

OTListIt logfile created on: 3/29/2009 1:54:47 PM - Run 4
OTListIt2 by OldTimer - Version 2.0.7.2 Folder = C:\Documents and Settings\Blake\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

893.98 Mb Total Physical Memory | 407.78 Mb Available Physical Memory | 45.61% Memory free
2.12 Gb Paging File | 1.75 Gb Available in Paging File | 82.80% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 107.07 Gb Total Space | 87.82 Gb Free Space | 82.02% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DCY278C1
Current User Name: Blake
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2006/10/11 21:37:24 | 00,430,080 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe
PRC - [2006/10/11 21:37:24 | 00,430,080 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe
PRC - [2009/02/12 06:12:12 | 00,390,536 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
PRC - [2006/10/09 18:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe
PRC - [2005/08/05 15:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe
PRC - [2007/03/07 10:51:52 | 00,049,152 | ---- | M] () -- C:\WINDOWS\system32\LxrSII1s.exe
PRC - [2003/06/20 01:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2008/04/13 20:12:18 | 00,136,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRec.exe
PRC - [2008/12/18 11:47:08 | 09,158,656 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
PRC - [2006/08/23 18:13:28 | 00,380,928 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
PRC - [2005/08/05 15:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe
PRC - [2008/04/13 20:12:40 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [2008/04/13 20:12:41 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2006/09/22 13:47:54 | 00,761,947 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2006/09/22 13:06:26 | 00,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2009/03/12 20:56:58 | 00,342,312 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2005/09/29 16:01:14 | 00,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehtray.exe
PRC - [2005/12/09 22:29:52 | 00,049,152 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
PRC - [2006/01/02 17:41:22 | 00,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
PRC - [2005/08/05 15:56:28 | 00,046,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehmsas.exe
PRC - [2007/03/07 10:51:52 | 00,024,576 | ---- | M] () -- C:\Documents and Settings\Blake\Local Settings\Application Data\Lexar Media\LxrAutorun.exe
PRC - [2006/08/28 23:57:12 | 00,395,776 | ---- | M] (Gteko Ltd.) -- C:\Program Files\Dell Support\DSAgnt.exe
PRC - [2009/03/12 20:56:52 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2005/05/04 00:07:32 | 00,081,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
PRC - [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2009/03/09 16:08:55 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/03/29 13:54:41 | 00,498,688 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Blake\Desktop\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/03/06 00:04:30 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (apple mobile device [Auto | Stopped])
SRV - [2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2006/10/11 21:37:24 | 00,430,080 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Stopped])
SRV - [2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2006/10/09 18:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe -- (ehRecvr [Auto | Running])
SRV - [2005/08/05 15:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe -- (ehSched [Auto | Running])
SRV - [2006/12/14 00:41:11 | 00,086,528 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe -- (GoogleDesktopManager [On_Demand | Stopped])
SRV - [2008/04/13 20:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2009/03/12 20:56:52 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (ipod service [On_Demand | Running])
SRV - [2009/02/12 06:12:12 | 00,390,536 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (iswsvc [Auto | Running])
SRV - File not found -- -- (IYXRDSOSDMQW [Disabled | Stopped])
SRV - [2007/03/07 10:51:52 | 00,049,152 | ---- | M] () -- C:\WINDOWS\system32\LxrSII1s.exe -- (LxrSII1s [Auto | Running])
SRV - [2005/08/05 15:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe -- (McrdSvc [Auto | Running])
SRV - [2003/06/20 01:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
SRV - [2004/08/10 06:11:50 | 00,085,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mhn.dll -- (MHN [On_Demand | Stopped])
SRV - [2008/12/18 11:47:08 | 09,158,656 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe -- (MSSQL$MICROSOFTSMLBIZ [Auto | Running])
SRV - [2005/05/04 00:50:28 | 00,073,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe -- (MSSQLServerADHelper [On_Demand | Stopped])
SRV - [2006/08/23 18:13:28 | 00,380,928 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe -- (NICCONFIGSVC [Auto | Running])
SRV - [2007/08/24 03:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2005/05/03 23:42:56 | 00,323,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE -- (SQLAgent$MICROSOFTSMLBIZ [On_Demand | Stopped])
SRV - [2009/02/15 23:10:22 | 02,402,184 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- (vsmon [Auto | Stopped])
SRV - [2006/10/18 22:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2001/08/17 15:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde [Disabled | Stopped])
DRV - [2008/04/13 14:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp [Disabled | Stopped])
DRV - [2005/08/12 19:50:46 | 00,016,128 | ---- | M] (Dell Inc) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV [System | Running])
DRV - [2001/08/17 15:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc [Disabled | Stopped])
DRV - [2001/08/17 15:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550 [Disabled | Stopped])
DRV - [2006/10/11 21:43:56 | 01,777,152 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
DRV - [2006/09/13 18:41:46 | 00,003,456 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\DRIVERS\atiide.sys -- (atiide [Boot | Running])
DRV - [2005/11/02 21:24:34 | 00,424,320 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\DRIVERS\bcmwl5.sys -- (BCM43XX [On_Demand | Running])
DRV - [2006/11/21 04:25:44 | 00,045,568 | R--- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp [On_Demand | Running])
DRV - [2001/08/17 15:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde [Disabled | Stopped])
DRV - [2001/08/17 15:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
DRV - [2006/01/10 13:07:58 | 00,004,864 | ---- | M] (GTek Technologies Ltd.) -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct [On_Demand | Running])
DRV - [2001/08/17 14:12:10 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Stopped])
DRV - [2009/01/15 12:19:36 | 00,023,848 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2008/04/13 12:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2005/12/01 09:40:56 | 00,936,960 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys -- (HSF_DPV [On_Demand | Running])
DRV - [2005/12/01 09:40:12 | 00,192,512 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys -- (HSXHWAZL [On_Demand | Running])
DRV - [2009/02/12 06:11:48 | 00,054,928 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\AK\icsak.sys -- (icsak [On_Demand | Running])
DRV - [2009/02/12 06:12:18 | 00,021,136 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (iswkl [Auto | Running])
DRV - [2008/12/11 22:32:42 | 00,148,496 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\DRIVERS\klif.sys -- (klif [System | Running])
DRV - [2007/03/07 10:51:52 | 00,072,672 | ---- | M] () -- C:\WINDOWS\system32\Drivers\LxrSII1d.sys -- (LxrSII1d [Auto | Running])
DRV - [2005/10/05 06:57:08 | 00,012,544 | ---- | M] (Conexant) -- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
DRV - [2001/08/17 15:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x [Disabled | Stopped])
DRV - [2004/08/04 00:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Stopped])
DRV - [2004/08/10 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2006/08/24 14:33:36 | 00,036,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2001/08/17 15:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080 [Disabled | Stopped])
DRV - [2001/08/17 15:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160 [Disabled | Stopped])
DRV - [2001/08/17 15:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280 [Disabled | Stopped])
DRV - [2006/11/15 00:16:24 | 00,032,256 | ---- | M] (REDC) -- C:\WINDOWS\system32\DRIVERS\rimmptsk.sys -- (rimmptsk [Auto | Running])
DRV - [2009/03/23 14:07:26 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (sasdifsv [System | Running])
DRV - [2009/03/23 14:07:28 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (sasenum [On_Demand | Running])
DRV - [2009/03/23 14:07:26 | 00,072,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys -- (saskutil [System | Running])
DRV - [2007/11/13 06:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2008/04/13 14:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp [Disabled | Stopped])
DRV - [2001/08/17 16:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow [Disabled | Stopped])
DRV - [2008/11/17 02:24:00 | 00,051,688 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\srescan.sys -- (srescan [Boot | Running])
DRV - [2006/09/22 13:06:26 | 01,171,464 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA [On_Demand | Running])
DRV - [2001/08/17 16:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810 [Disabled | Stopped])
DRV - [2001/08/17 16:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx [Disabled | Stopped])
DRV - [2006/12/14 00:38:58 | 00,010,344 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd [Auto | Running])
DRV - [2001/08/17 16:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi [Disabled | Stopped])
DRV - [2001/08/17 16:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
DRV - [2006/03/08 12:35:10 | 00,191,872 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\DRIVERS\SynTP.sys -- (SynTP [On_Demand | Running])
DRV - [2001/08/17 15:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra [Disabled | Stopped])
DRV - [2009/02/15 23:10:26 | 00,353,672 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdatant.sys -- (vsdatant [System | Running])
DRV - [2005/12/01 09:40:08 | 00,669,696 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys -- (winachsf [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...&ar=msnhome
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.3.130.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.7

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/03/27 13:44:16 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/03/28 15:03:51 | 00,000,000 | ---D | M]

[2008/08/30 09:14:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Blake\Application Data\mozilla\Extensions
[2008/08/30 09:14:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Blake\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/03/28 19:48:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Blake\Application Data\mozilla\Firefox\Profiles\wpuafikj.default\extensions
[2008/07/18 19:25:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Blake\Application Data\mozilla\Firefox\Profiles\wpuafikj.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2008/07/17 21:51:17 | 00,001,769 | ---- | M] () -- C:\Documents and Settings\Blake\Application Data\Mozilla\FireFox\Profiles\wpuafikj.default\searchplugins\aim-search.xml
[2008/05/03 10:30:40 | 00,000,998 | ---- | M] () -- C:\Documents and Settings\Blake\Application Data\Mozilla\FireFox\Profiles\wpuafikj.default\searchplugins\aolsearch.gif
[2008/05/03 10:30:40 | 00,000,293 | ---- | M] () -- C:\Documents and Settings\Blake\Application Data\Mozilla\FireFox\Profiles\wpuafikj.default\searchplugins\aolsearch.src
[2008/03/05 19:52:45 | 00,001,877 | ---- | M] () -- C:\Documents and Settings\Blake\Application Data\Mozilla\FireFox\Profiles\wpuafikj.default\searchplugins\aolsearch.xml
[2008/08/30 09:14:32 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/03/09 16:09:03 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/03/09 16:08:54 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/03/09 16:08:54 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/09/29 18:50:57 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/09/29 18:50:57 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/09/29 18:50:57 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/11/15 19:24:29 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/09/29 18:50:57 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/09/29 18:50:57 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/09/29 18:50:57 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (736 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (ForceField Toolbar Registrar) - {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (ForceField Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [aticcc] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" ()
O4 - HKLM..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" (CyberLink Corp.)
O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup (Google)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [syntpenh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [syntplpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup (Gteko Ltd.)
O4 - HKCU..\Run: [LxrAutorun] C:\Documents and Settings\Blake\Local Settings\Application Data\Lexar Media\LxrAutorun.exe ()
O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll (Sun Microsystems, Inc.)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [NWLink IPX/SPX/NetBIOS Compatible Transport Protocol] - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Reg Error: Key error.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.m...ash/swflash.cab (Reg Error: Key error.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!saswinlogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 06:43:04 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2 C:\WINDOWS\*.tmp files]
[2009/03/29 13:54:40 | 00,498,688 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Blake\Desktop\OTListIt2.exe
[2009/03/29 13:43:45 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/03/29 13:43:45 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/03/29 13:43:45 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/03/29 13:43:45 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/03/29 13:43:45 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\WINDOWS\fdsv.exe
[2009/03/29 13:43:45 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/03/29 13:43:45 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/03/29 13:43:45 | 00,049,152 | ---- | C] () -- C:\WINDOWS\VFIND.exe
[2009/03/29 13:43:45 | 00,029,696 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/03/29 13:43:23 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/03/29 13:42:55 | 02,936,847 | R--- | C] () -- C:\Documents and Settings\Blake\Desktop\ComboFix.exe
[2009/03/29 03:55:21 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Blake\Application Data\GTek
[2009/03/29 03:30:39 | 00,001,908 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk
[2009/03/29 03:30:39 | 00,001,757 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
[2009/03/29 03:30:39 | 00,000,493 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
[2009/03/29 03:27:14 | 00,000,000 | ---D | C] -- C:\Program Files\backups
[2009/03/29 02:39:35 | 00,000,209 | ---- | C] () -- C:\Boot.bak
[2009/03/29 02:39:26 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/03/29 02:39:16 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/03/29 02:37:29 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/03/29 02:21:41 | 93,747,2000 | -HS- | C] () -- C:\hiberfil.sys
[2009/03/29 01:58:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/03/29 01:58:22 | 00,000,780 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/03/29 01:58:21 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/03/29 01:58:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Blake\Application Data\SUPERAntiSpyware.com
[2009/03/29 01:57:51 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009/03/29 01:56:42 | 06,237,728 | ---- | C] () -- C:\Documents and Settings\Blake\Desktop\SUPERAntiSpyware.exe
[2009/03/29 01:54:46 | 00,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2009/03/29 01:54:40 | 00,175,504 | ---- | C] () -- C:\Documents and Settings\Blake\Desktop\activescan2_en.exe
[2009/03/29 01:50:07 | 00,396,288 | ---- | C] (Trend Micro Inc.) -- C:\Program Files\HijackThis.exe
[2009/03/29 01:50:07 | 00,001,435 | ---- | C] () -- C:\Documents and Settings\Blake\Desktop\HijackThis.lnk
[2009/03/29 01:41:10 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Blake\Desktop\HJTInstall.exe
[2009/03/29 01:00:28 | 00,009,584 | ---- | C] () -- C:\Documents and Settings\Blake\My Documents\cc_20090329_010026.reg
[2009/03/29 00:59:00 | 01,114,392 | ---- | C] () -- C:\Documents and Settings\Blake\My Documents\cc_20090329_005857.reg
[2009/03/29 00:54:47 | 00,001,486 | ---- | C] () -- C:\Documents and Settings\Blake\Desktop\CCleaner.lnk
[2009/03/29 00:54:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Blake\Desktop\CCleaner
[2009/03/29 00:52:14 | 03,190,688 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Blake\Desktop\ccsetup218.exe
[2009/03/28 22:41:07 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/03/28 22:27:57 | 00,267,612 | ---- | C] () -- C:\Documents and Settings\Blake\Desktop\Rooter.exe
[2009/03/28 19:32:34 | 00,003,157 | ---- | C] () -- C:\rollback.ini
[2009/03/28 19:16:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Blake\Application Data\#ISW.FS#
[2009/03/28 19:16:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Blake\My Documents\ForceField Shared Files
[2009/03/28 19:16:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Blake\Application Data\CheckPoint
[2009/03/28 19:16:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Blake\Application Data\MailFrontier
[2009/03/28 19:14:20 | 83,878,176 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009/03/28 19:14:20 | 01,097,732 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2009/03/28 19:09:24 | 00,000,144 | ---- | C] () -- C:\WINDOWS\System32\pdfl.dat
[2009/03/28 19:09:24 | 00,000,144 | ---- | C] () -- C:\WINDOWS\System32\lkfl.dat
[2009/03/28 19:09:24 | 00,000,080 | ---- | C] () -- C:\WINDOWS\System32\ibfl.dat
[2009/03/28 19:09:15 | 00,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2009/03/28 19:08:53 | 00,148,496 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2009/03/28 19:08:11 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ZoneLabs
[2009/03/28 19:08:11 | 00,000,000 | ---D | C] -- C:\Program Files\Zone Labs
[2009/03/28 19:08:08 | 00,351,219 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml
[2009/03/28 19:02:30 | 00,267,656 | ---- | C] () -- C:\Documents and Settings\Blake\Desktop\ZASPSetup_en.exe
[2009/03/28 17:03:53 | 24,768,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/03/28 17:03:05 | 10,246,088 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Blake\Desktop\windows-kb890830-v2.8.exe
[2009/03/27 13:46:57 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/03/27 13:46:54 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/03/27 13:46:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009/03/27 13:44:51 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009/03/27 13:42:59 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2009/03/27 13:32:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2009/03/27 13:31:34 | 03,063,218 | ---- | C] (Symantec Corporation) -- C:\Documents and Settings\Blake\Desktop\Norton_Removal_Tool.exe
[2009/03/19 17:55:40 | 00,008,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wmiacpi.sys
[2009/03/19 17:55:40 | 00,008,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiacpi.sys
[2009/03/19 17:35:14 | 03,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2009/03/19 17:35:14 | 00,002,096 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativdkxx.vp
[2009/03/19 17:33:20 | 00,000,000 | ---D | C] -- C:\Program Files\Broadcom
[2009/03/19 17:32:32 | 00,000,000 | ---D | C] -- C:\Program Files\DIFX
[2009/03/19 17:26:17 | 00,000,000 | -H-D | C] -- C:\$AVG8.VAULT$
[2009/03/19 17:21:00 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/03/19 17:20:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg8
[2009/03/19 16:09:36 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\userinit.exe
[2009/03/19 16:06:48 | 00,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2009/03/18 20:58:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2009/03/18 20:50:43 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\yxjr.sys
[2009/03/18 20:07:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Blake\Application Data\Malwarebytes
[2009/03/18 20:07:27 | 00,000,696 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/03/18 20:07:26 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/03/18 20:07:24 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/03/18 20:07:23 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/03/18 20:07:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/03/18 20:04:24 | 00,004,128 | ---- | C] () -- C:\INFCACHE.1
[2009/03/18 20:01:42 | 00,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2009/03/14 20:35:25 | 00,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2009/03/14 16:46:55 | 04,790,272 | ---- | C] () -- C:\Documents and Settings\Blake\Desktop\Grad wall athletes prior to 1990 highlighted by Sarah FINAL VERSION.xls
[2009/03/13 14:53:33 | 01,769,472 | ---- | C] () -- C:\Documents and Settings\Blake\Desktop\Original Grad wall athletes prior to 1990 highlighted by Sarah.xls
[2009/03/11 01:09:52 | 00,011,163 | ---- | C] () -- C:\Documents and Settings\Blake\Desktop\Fall Term 2009.docx
[2009/03/11 01:01:15 | 00,029,184 | ---- | C] () -- C:\Documents and Settings\Blake\Desktop\Language Content.doc
[2009/03/06 16:42:03 | 04,758,528 | ---- | C] () -- C:\Documents and Settings\Blake\Desktop\stuhandbook.doc
[2009/03/06 14:13:30 | 00,014,427 | ---- | C] () -- C:\Documents and Settings\Blake\Desktop\NCAA REGULATIONS.docx
[2009/03/04 14:21:42 | 00,587,776 | ---- | C] () -- C:\Documents and Settings\Blake\Desktop\Progress_Report_Coaches_Mar3.xls
[2009/03/02 11:14:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Blake\Desktop\Assignment 2
[2009/03/02 11:05:45 | 00,897,161 | ---- | C] () -- C:\Documents and Settings\Blake\Desktop\Assignment 2.zip
[2009/02/27 16:47:52 | 00,031,232 | ---- | C] () -- C:\Documents and Settings\Blake\Desktop\WSU Outside Competition Approval Form1.doc
[2009/02/27 16:46:53 | 00,039,936 | ---- | C] () -- C:\Documents and Settings\Blake\Desktop\WSU Donation Request Form1.doc

========== Files - Modified Within 30 Days ==========

[2 C:\WINDOWS\*.tmp files]
[2009/03/29 13:54:47 | 83,878,176 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009/03/29 13:54:41 | 00,498,688 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Blake\Desktop\OTListIt2.exe
[2009/03/29 13:50:37 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/03/29 13:48:07 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/03/29 13:43:08 | 02,936,847 | R--- | M] () -- C:\Documents and Settings\Blake\Desktop\ComboFix.exe
[2009/03/29 13:36:02 | 00,000,144 | ---- | M] () -- C:\WINDOWS\System32\pdfl.dat
[2009/03/29 13:34:58 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/03/29 13:34:32 | 00,351,219 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2009/03/29 13:34:08 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/03/29 13:34:04 | 93,747,2000 | -HS- | M] () -- C:\hiberfil.sys
[2009/03/29 13:32:53 | 01,097,732 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2009/03/29 13:32:24 | 05,895,250 | -H-- | M] () -- C:\Documents and Settings\Blake\Local Settings\Application Data\IconCache.db
[2009/03/29 03:30:41 | 00,000,738 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/03/29 03:30:41 | 00,000,279 | RHS- | M] () -- C:\boot.ini
[2009/03/29 01:58:22 | 00,000,780 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/03/29 01:57:03 | 06,237,728 | ---- | M] () -- C:\Documents and Settings\Blake\Desktop\SUPERAntiSpyware.exe
[2009/03/29 01:54:40 | 00,175,504 | ---- | M] () -- C:\Documents and Settings\Blake\Desktop\activescan2_en.exe
[2009/03/29 01:50:07 | 00,001,435 | ---- | M] () -- C:\Documents and Settings\Blake\Desktop\HijackThis.lnk
[2009/03/29 01:44:55 | 00,003,157 | ---- | M] () -- C:\rollback.ini
[2009/03/29 01:41:14 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Blake\Desktop\HJTInstall.exe
[2009/03/29 01:01:24 | 00,009,584 | ---- | M] () -- C:\Documents and Settings\Blake\My Documents\cc_20090329_010026.reg
[2009/03/29 01:00:08 | 01,114,392 | ---- | M] () -- C:\Documents and Settings\Blake\My Documents\cc_20090329_005857.reg
[2009/03/29 00:54:47 | 00,001,486 | ---- | M] () -- C:\Documents and Settings\Blake\Desktop\CCleaner.lnk
[2009/03/29 00:52:20 | 03,190,688 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Blake\Desktop\ccsetup218.exe
[2009/03/28 22:28:08 | 00,267,612 | ---- | M] () -- C:\Documents and Settings\Blake\Desktop\Rooter.exe
[2009/03/28 21:59:46 | 00,000,209 | ---- | M] () -- C:\Boot.bak
[2009/03/28 19:11:17 | 00,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2009/03/28 19:09:24 | 00,000,144 | ---- | M] () -- C:\WINDOWS\System32\lkfl.dat
[2009/03/28 19:09:24 | 00,000,080 | ---- | M] () -- C:\WINDOWS\System32\ibfl.dat
[2009/03/28 19:02:30 | 00,267,656 | ---- | M] () -- C:\Documents and Settings\Blake\Desktop\ZASPSetup_en.exe
[2009/03/28 17:03:39 | 10,246,088 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Blake\Desktop\windows-kb890830-v2.8.exe
[2009/03/27 13:48:21 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/03/27 13:31:54 | 03,063,218 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Blake\Desktop\Norton_Removal_Tool.exe
[2009/03/24 18:42:17 | 00,444,908 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/03/24 18:42:17 | 00,081,712 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/03/24 18:42:17 | 00,003,842 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/03/18 20:50:43 | 00,061,440 | ---- | M] () -- C:\WINDOWS\System32\drivers\yxjr.sys
[2009/03/18 20:09:51 | 00,000,736 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/03/18 20:07:27 | 00,000,696 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/03/18 20:04:24 | 00,004,128 | ---- | M] () -- C:\INFCACHE.1
[2009/03/14 20:52:07 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\buzifupa
[2009/03/14 16:46:57 | 04,790,272 | ---- | M] () -- C:\Documents and Settings\Blake\Desktop\Grad wall athletes prior to 1990 highlighted by Sarah FINAL VERSION.xls
[2009/03/13 14:53:38 | 01,769,472 | ---- | M] () -- C:\Documents and Settings\Blake\Desktop\Original Grad wall athletes prior to 1990 highlighted by Sarah.xls
[2009/03/11 19:16:24 | 00,029,184 | ---- | M] () -- C:\Documents and Settings\Blake\Desktop\Language Content.doc
[2009/03/11 06:58:35 | 00,275,760 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/03/11 01:09:52 | 00,011,163 | ---- | M] () -- C:\Documents and Settings\Blake\Desktop\Fall Term 2009.docx
[2009/03/10 23:37:34 | 00,002,672 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2009/03/10 23:37:25 | 00,000,088 | RHS- | M] () -- C:\WINDOWS\System32\8509F7DFD7.sys
[2009/03/06 16:42:09 | 04,758,528 | ---- | M] () -- C:\Documents and Settings\Blake\Desktop\stuhandbook.doc
[2009/03/06 15:47:04 | 00,014,427 | ---- | M] () -- C:\Documents and Settings\Blake\Desktop\NCAA REGULATIONS.docx
[2009/03/04 16:10:12 | 00,587,776 | ---- | M] () -- C:\Documents and Settings\Blake\Desktop\Progress_Report_Coaches_Mar3.xls
[2009/03/02 11:05:46 | 00,897,161 | ---- | M] () -- C:\Documents and Settings\Blake\Desktop\Assignment 2.zip
[2009/02/27 16:47:52 | 00,031,232 | ---- | M] () -- C:\Documents and Settings\Blake\Desktop\WSU Outside Competition Approval Form1.doc
[2009/02/27 16:47:14 | 00,039,936 | ---- | M] () -- C:\Documents and Settings\Blake\Desktop\WSU Donation Request Form1.doc
< End of report >
  • 0

Advertisements

#2
alcatraz543
Posted 29 March 2009 - 06:27 PM

alcatraz543

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Sorry all, I forgot to post my Malwarebytes Info. Cheers

Malwarebytes' Anti-Malware 1.34
Database version: 1866
Windows 5.1.2600 Service Pack 3

3/29/2009 11:52:35 AM
mbam-log-2009-03-29 (11-52-35).txt

Scan type: Full Scan (C:\|)
Objects scanned: 138827
Time elapsed: 1 hour(s), 51 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#3
heir
Posted 02 April 2009 - 04:18 AM

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts
Hello alcatraz543 !

Welcome to the site! :) My nickname is heir and I'll be helping clean up your computer. :)

Before we proceed to clean your computer from malware, let's go over some points that will help both me and you, and prevent causing damage to your computer:
  • To make sure that you receive an email when I reply to this topic, please click here and check that this topic is listed under Malware Removal and Spyware Removal.
  • Please don't be afraid to ask questions! No question is considered dumb here. It's better to be safe than sorry!
  • When posting logs, please ensure Wordwrap is turned off in Notepad (to check, open Notepad in the menubar click on Format and make sure that Word Wrap is unchecked)
  • Please follow the steps exactly in the same order posted. If you can't perform a certain step, or you're unsure on what to do, please stop and let me know.
  • NEVER fix anything in HijackThis or other programs on your own! This can be very dangerous and cause harm to your system. If you see a certain entry or program you're unsure about, please don't hesitate to ask!
  • Make sure you reply to this thread using the Add Reply button: Posted Image

Please read my posts completely before following the instructions.
It may be easier for you if you copy and paste a post to a new text document or print it for reference later.
This is required when you won't have access to Internet.



Recently I was infected with a bunch of malware but with the help of my friends, SuperAntiSpyware, and MalWareBytes I think I was able to get rid of most of it. However, my automatic updates will not turn on as well as my firewall. Also, my background is a pure gray screen and not my usual background.

Looks as you've used more then those friends.

Using powerful tools like ComboFix unsupervised is not recommended. Doing so might severely cripple your computer.
Can you also please post the content of C:\ComboFix.txt.


What other tools have you used to try to fix this?


Looks as you've run Rooter and OTListIt2 several times.
Can you please post the content of the Extras.txt on your desktop.



Then please run this scan.

Disable resident protections (Antivirus...); you'll re-enable them after the scan

Download Lop S&D < here and save it to the desktop

Double-click Lop S&D.exe
Choose the language, then choose Option 1 (Search)
Wait till the end of the scan
Post the log which is created: (%SystemDrive%\lopR.txt)

I'll be waiting for the three logs (Extras.txt, ComboFix.txt and lopR.txt) and the answer to my question.
  • 0

#4
alcatraz543
Posted 04 April 2009 - 10:02 AM

alcatraz543

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Here is my combofix log...

ComboFix 09-03-28.06 - Blake 2009-03-29 13:44:44.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.894.489 [GMT -4:00]
Running from: c:\documents and settings\Blake\Desktop\ComboFix.exe
AV: ZoneAlarm Extreme Security Antivirus *On-access scanning disabled* (Updated)
FW: ZoneAlarm Extreme Security Firewall *disabled*
.

((((((((((((((((((((((((( Files Created from 2009-02-28 to 2009-03-29 )))))))))))))))))))))))))))))))
.

2009-03-29 03:55 . 2009-03-29 13:48 <DIR> d--h----- c:\documents and settings\Blake\Application Data\GTek
2009-03-29 03:27 . 2009-03-29 13:39 <DIR> d-------- c:\program files\backups
2009-03-29 01:58 . 2009-03-29 01:58 <DIR> d-------- c:\program files\SUPERAntiSpyware
2009-03-29 01:58 . 2009-03-29 01:58 <DIR> d-------- c:\documents and settings\Blake\Application Data\SUPERAntiSpyware.com
2009-03-29 01:58 . 2009-03-29 01:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-03-29 01:57 . 2009-03-29 01:57 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-03-29 01:54 . 2009-03-29 01:54 <DIR> d-------- c:\program files\Panda Security
2009-03-29 01:50 . 2009-03-29 01:50 396,288 --a------ c:\program files\HijackThis.exe
2009-03-28 22:41 . 2009-03-29 12:19 <DIR> d-------- C:\Rooter$
2009-03-28 19:32 . 2009-03-29 01:44 3,157 --a------ C:\rollback.ini
2009-03-28 19:16 . 2009-03-28 19:16 <DIR> d-------- c:\documents and settings\Blake\Application Data\MailFrontier
2009-03-28 19:16 . 2009-03-28 19:16 <DIR> d-------- c:\documents and settings\Blake\Application Data\CheckPoint
2009-03-28 19:16 . 2009-03-29 04:11 <DIR> d-------- c:\documents and settings\Blake\Application Data\#ISW.FS#
2009-03-28 19:14 . 2009-03-29 13:48 83,188,256 --ahs---- c:\windows\system32\drivers\fidbox.dat
2009-03-28 19:14 . 2009-03-29 13:32 1,097,732 --ahs---- c:\windows\system32\drivers\fidbox.idx
2009-03-28 19:09 . 2009-03-28 19:09 <DIR> d-------- c:\program files\CheckPoint
2009-03-28 19:09 . 2009-03-29 13:36 144 --a------ c:\windows\system32\pdfl.dat
2009-03-28 19:09 . 2009-03-28 19:09 144 --a------ c:\windows\system32\lkfl.dat
2009-03-28 19:09 . 2009-03-28 19:09 80 --a------ c:\windows\system32\ibfl.dat
2009-03-28 19:08 . 2009-03-28 19:08 <DIR> d-------- c:\program files\Zone Labs
2009-03-27 13:46 . 2009-03-27 13:47 <DIR> d-------- c:\program files\iTunes
2009-03-27 13:46 . 2009-03-27 13:46 <DIR> d-------- c:\program files\iPod
2009-03-27 13:46 . 2009-03-27 13:47 <DIR> d-------- c:\documents and settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-27 13:44 . 2009-03-27 13:45 <DIR> d-------- c:\program files\QuickTime
2009-03-27 13:42 . 2009-03-27 13:42 <DIR> d-------- c:\program files\Common Files\Apple
2009-03-27 13:32 . 2009-03-27 13:32 <DIR> d-------- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-03-19 17:55 . 2008-04-13 14:36 8,832 --a------ c:\windows\system32\drivers\wmiacpi.sys
2009-03-19 17:55 . 2008-04-13 14:36 8,832 --a------ c:\windows\system32\dllcache\wmiacpi.sys
2009-03-19 17:35 . 2006-10-11 21:26 3,107,788 --a------ c:\windows\system32\ativvaxx.dat
2009-03-19 17:35 . 2006-08-23 17:26 2,096 --a------ c:\windows\system32\drivers\ativdkxx.vp
2009-03-19 17:33 . 2009-03-19 17:33 <DIR> d-------- c:\program files\Broadcom
2009-03-19 17:32 . 2009-03-19 17:32 <DIR> d-------- c:\program files\DIFX
2009-03-19 17:31 . 2006-09-13 18:41 3,456 --a------ c:\windows\system32\drivers\atiide.sys
2009-03-19 17:26 . 2009-03-28 16:09 <DIR> d--h----- C:\$AVG8.VAULT$
2009-03-19 17:21 . 2009-03-19 17:21 <DIR> d-------- c:\program files\AVG
2009-03-19 17:20 . 2009-03-28 19:19 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2009-03-19 16:09 . 2008-04-14 06:42 26,112 --a------ c:\windows\system32\userinit.exe
2009-03-19 16:06 . 2009-03-19 16:06 <DIR> d--hs---- C:\$RECYCLE.BIN
2009-03-18 20:50 . 2009-03-18 20:50 61,440 --a------ c:\windows\system32\drivers\yxjr.sys
2009-03-18 20:07 . 2009-03-18 20:18 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-18 20:07 . 2009-03-18 20:07 <DIR> d-------- c:\documents and settings\Blake\Application Data\Malwarebytes
2009-03-18 20:07 . 2009-03-18 20:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-18 20:07 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-18 20:07 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-18 20:04 . 2009-03-18 20:04 4,128 --a------ C:\INFCACHE.1
2009-03-14 20:35 . 2009-03-14 20:35 <DIR> d--h----- c:\windows\system32\GroupPolicy

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-29 17:39 6,441 ----a-w c:\program files\hijackthis.log
2009-03-29 16:40 --------- d-----w c:\program files\PokerStars
2009-03-29 04:42 --------- d-----w c:\documents and settings\Blake\Application Data\Ruckus Network
2009-03-28 21:43 --------- d-----w c:\program files\Full Tilt Poker
2009-03-28 19:13 --------- d-----w c:\program files\Common Files\AOL
2009-03-28 19:13 --------- d-----w c:\documents and settings\All Users\Application Data\AOL
2009-03-28 19:12 --------- d-----w c:\program files\AIM
2009-03-28 19:12 --------- d-----w c:\documents and settings\Blake\Application Data\Aim
2009-03-28 19:04 --------- d-----w c:\program files\Yahoo!
2009-03-28 19:02 --------- d-----w c:\program files\Viewpoint
2009-03-28 19:02 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2009-03-28 19:01 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-28 19:00 --------- d-----w c:\program files\Dell
2009-03-27 17:48 --------- d-----w c:\program files\Apple Software Update
2009-03-27 17:45 --------- d-----w c:\program files\Bonjour
2009-03-27 17:33 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-03-19 21:41 --------- d-----w c:\program files\ATI Technologies
2009-03-11 03:37 2,672 --sha-w c:\windows\system32\KGyGaAvL.sys
2009-03-11 03:37 --------- d-----w c:\documents and settings\Blake\Application Data\Corel
2009-02-27 18:07 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-16 03:10 72,584 ----a-w c:\windows\zllsputility.exe
2009-02-16 03:10 1,221,512 ----a-w c:\windows\system32\zpeng25.dll
2009-02-09 11:13 1,846,784 ----a-w c:\windows\system32\win32k.sys
2009-02-09 11:13 1,846,784 ------w c:\windows\system32\dllcache\win32k.sys
2009-02-08 22:19 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-01-17 02:35 3,594,752 ----a-w c:\windows\system32\dllcache\mshtml.dll
2008-02-20 05:27 682 -c--a-w c:\documents and settings\Blake\Application Data\wklnhst.dat
2008-09-02 22:31 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008090220080903\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-03-23 1830128]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"LxrAutorun"="c:\documents and settings\Blake\Local Settings\Application Data\Lexar Media\LxrAutorun.exe" [2007-03-07 24576]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-08-28 395776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-15 981384]
"syntplpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2006-03-08 82011]
"syntpenh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-09-22 761947]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-12 342312]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-12-14 236544]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 49152]
"aticcc"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"SigmatelSysTrayApp"="stsystra.exe" [2006-09-22 c:\windows\stsystra.exe]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!saswinlogon]
2008-12-22 12:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\icmpsettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [2009-03-19 3456]
R1 sasdifsv;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-03-23 9968]
R1 saskutil;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-03-23 72944]
R2 iswkl;ForceField ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2009-02-12 21136]
R2 iswsvc;ForceField IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [2009-02-12 390536]
R2 LxrSII1d;Secure II Driver;c:\windows\system32\drivers\LxrSII1d.sys [2009-02-25 72672]
R3 icsak;icsak;c:\program files\CheckPoint\ZAForceField\AK\icsak.sys [2009-02-12 54928]
R3 sasenum;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-03-23 7408]
S2 boaqi;boaqi;c:\windows\System32\svchost.exe -k netsvcs [2005-08-16 14336]
S4 IYXRDSOSDMQW;IYXRDSOSDMQW;c:\docume~1\Blake\LOCALS~1\Temp\IYXRDSOSDMQW.exe --> c:\docume~1\Blake\LOCALS~1\Temp\IYXRDSOSDMQW.exe [?]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
boaqi

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe
.
Contents of the 'Scheduled Tasks' folder

2009-03-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5061213
FF - ProfilePath - c:\documents and settings\Blake\Application Data\Mozilla\Firefox\Profiles\wpuafikj.default\
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-29 13:48:04
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(684)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\program files\CheckPoint\ZAForceField\AK\icsak.dll

- - - - - - - > 'lsass.exe'(740)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\program files\CheckPoint\ZAForceField\AK\icsak.dll
.
Completion time: 2009-03-29 13:50:35
ComboFix-quarantined-files.txt 2009-03-29 17:50:31

Pre-Run: 94,179,663,872 bytes free
Post-Run: 94,275,657,728 bytes free

183 --- E O F --- 2009-03-11 05:16:58

Here is my extras log...

OTListIt Extras logfile created on: 4/4/2009 11:51:52 AM - Run 5
OTListIt2 by OldTimer - Version 2.0.7.2 Folder = C:\Documents and Settings\Blake\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

893.98 Mb Total Physical Memory | 567.18 Mb Available Physical Memory | 63.45% Memory free
2.12 Gb Paging File | 1.67 Gb Available in Paging File | 78.96% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 107.07 Gb Total Space | 86.13 Gb Free Space | 80.44% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DCY278C1
Current User Name: Blake
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = SafariHTML] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 0
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2009/02/11 10:19:32 | 01,273,488 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware
[2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2009/03/12 20:56:54 | 13,498,664 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02e89efc-7b07-4d5a-aa03-9ec0902914ee}" = VC 9.0 Runtime
"{07287123-b8ac-41ce-8346-3d777245c35b}" = Bonjour
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{162b71b8-8464-4680-a086-601d555b331d}" = Apple Mobile Device Support
"{216ab108-2ae1-4130-b3d5-20b2c4c80f8f}" = QuickTime
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{56DF5C9E-6392-46D3-B366-297B14E1DAAF}" = Bonjour Core for Windows
"{5E68BB65-4059-4FE5-AAC4-0CD1D79BBDE2}" = EarthLink Setup Files
"{612b9183-67a9-4b44-9877-2f059e35b86a}" = Broadcom 440x 10/100 Integrated Controller
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.7
"{6956856f-b6b3-4be0-ba0b-8f495be32033}" = Apple Software Update
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{7ADE3A47-B425-45E9-8FF6-11BE2B775645}" = Corel Snapfire Plus
"{7F34A21F-2DEB-4598-BB19-611D6BD24271}" = Managed DirectX (0900)
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90A50409-7000-11D3-8CFE-0150048383C9}" = Microsoft SharePoint Migration Tool 2003
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91CA0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{BA68600E-96D9-4E92-80F2-26B9681B5A63}" = Microsoft Office Outlook 2003 with Business Contact Manager Update
"{c26b06a9-27bb-45b0-9873-9c623ec2ba38}" = iTunes
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{cddcbbf1-2703-46bc-938b-bcc81a1eeaaa}" = SUPERAntiSpyware Free Edition
"{CEE2252C-4035-4B27-8EC6-0B085DD3A413}" = Dell Support 3.2.1
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{DF15059E-A356-47B2-B14B-6380ED32AB68}" = Microsoft Baseline Security Analyzer 1.2.1
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ)
"{ef40bac3-372b-46f4-a32d-b37cf4217ce7}" = ATI Catalyst Control Center
"4569969e1360d2854474c661ef9b4d54f143eb16" = Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04)
"adobe flash player plugin" = Adobe Flash Player 10 Plugin
"all ati software" = ATI - Software Uninstall Utility
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"ATI Display Driver" = ATI Display Driver
"cayahooantispy" = CA Yahoo! Anti-Spy (remove only)
"ccleaner" = CCleaner (remove only)
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"EmeraldQFE2" = Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
"Google Desktop" = Google Desktop
"hijackthis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.0.8)" = Mozilla Firefox (3.0.8)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PokerRoom.com" = PokerRoom.com (remove only)
"PokerStars" = PokerStars
"Ruckus Player" = Ruckus Player
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"zonealarm extreme security" = ZoneAlarm Extreme Security

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/24/2009 6:42:13 PM | Computer Name = DCY278C1 | Source = LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. BaseIndex value from Performance
registry
is the first DWORD in Data section, LastCounter value is the second DWORD in Data
section, and LastHelp value is the third DWORD in Data section.

Error - 3/24/2009 6:42:13 PM | Computer Name = DCY278C1 | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The Error code is the first DWORD in Data section.

Error - 3/27/2009 12:12:38 PM | Computer Name = DCY278C1 | Source = Application Error | ID = 1000
Description = Faulting application symlcsvc.exe, version 1.9.1.1255, faulting module
symlcnet.dll, version 1.9.1.1255, fault address 0x00010d44.

Error - 3/28/2009 8:05:21 PM | Computer Name = DCY278C1 | Source = Media Center Extender Services | ID = 36865
Description = ERROR: Device Service Listener - UDP networking failed. Error code
0x8007271D.

Error - 3/28/2009 10:28:44 PM | Computer Name = DCY278C1 | Source = Application Error | ID = 1000
Description = Faulting application find.exe, version 5.1.2600.0, faulting module
ulib.dll, version 5.1.2600.5512, fault address 0x0000c3a4.

Error - 3/29/2009 2:52:30 AM | Computer Name = DCY278C1 | Source = Application Error | ID = 1000
Description = Faulting application ehrec.exe, version 5.1.2600.5512, faulting module
ehrec.exe, version 5.1.2600.5512, fault address 0x00005f67.

Error - 3/29/2009 12:36:13 PM | Computer Name = DCY278C1 | Source = Application Hang | ID = 1002
Description = Hanging application OTListIt2.exe, version 2.0.7.2, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 3/29/2009 1:22:49 PM | Computer Name = DCY278C1 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3334, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 3/29/2009 8:35:03 PM | Computer Name = DCY278C1 | Source = Application Hang | ID = 1002
Description = Hanging application OTListIt2.exe, version 2.0.7.2, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 4/4/2009 11:51:35 AM | Computer Name = DCY278C1 | Source = Application Hang | ID = 1002
Description = Hanging application OTListIt2.exe, version 2.0.7.2, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ OSession Events ]
Error - 4/1/2008 8:20:50 PM | Computer Name = DCY278C1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 21310
seconds with 1860 seconds of active time. This session ended with a crash.

Error - 2/18/2009 2:54:11 PM | Computer Name = DCY278C1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 108345
seconds with 240 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 4/1/2009 1:38:22 PM | Computer Name = DCY278C1 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 30 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 4/1/2009 1:38:22 PM | Computer Name = DCY278C1 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 29 minutes. NtpClient has no source of accurate
time.

Error - 4/1/2009 2:08:22 PM | Computer Name = DCY278C1 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 60 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 4/1/2009 2:08:22 PM | Computer Name = DCY278C1 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 59 minutes. NtpClient has no source of accurate
time.

Error - 4/1/2009 3:08:23 PM | Computer Name = DCY278C1 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 120 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 4/1/2009 3:08:23 PM | Computer Name = DCY278C1 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 119 minutes. NtpClient has no source of accurate
time.

Error - 4/1/2009 5:08:26 PM | Computer Name = DCY278C1 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 240 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 4/1/2009 5:08:26 PM | Computer Name = DCY278C1 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 239 minutes. NtpClient has no source of accurate
time.

Error - 4/1/2009 7:15:08 PM | Computer Name = DCY278C1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 4/1/2009 7:15:10 PM | Computer Name = DCY278C1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}


< End of report >

Here is my Lopr.txt log.


--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : AMD Turion™ 64 Mobile Technology MK-36 )
BIOS : BIOS Version 2.6.3
USER : Blake ( Administrator )
BOOT : Normal boot
Antivirus : ZoneAlarm Extreme Security Antivirus 8.0.298.000 (Not Activated)
Firewall : ZoneAlarm Extreme Security Firewall 8.0.298.000 (Not Activated)
C:\ (Local Disk) - NTFS - Total:107 Go (Free:86 Go)
D:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( Sat 04/04/2009|11:56 )

--------------------\\ Listing folders in APPLIC~1

[05/22/2008|09:37] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> AOL
[12/14/2006|12:31] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> ATI
[12/14/2006|12:46] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> GTek
[08/16/2005|06:50] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Identities
[12/14/2006|12:42] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> InstallShield
[03/28/2009|07:18] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Microsoft

[03/27/2009|01:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> {00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[03/28/2009|03:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL
[03/05/2008|10:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL Downloads
[01/22/2007|04:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL OCP
[07/10/2007|09:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple
[01/31/2007|01:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple Computer
[03/28/2009|07:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> avg8
[12/14/2006|12:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Corel
[12/27/2007|03:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Dell
[12/21/2006|09:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Google
[12/14/2006|12:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> GTek
[11/24/2007|07:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Intuit
[03/17/2008|02:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> MailFrontier
[03/18/2009|08:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Malwarebytes
[09/06/2008|10:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft
[02/08/2009|06:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft Help
[03/27/2009|01:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> NortonInstaller
[02/19/2008|12:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Office Genuine Advantage
[12/14/2006|12:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> QuickTime
[03/29/2009|01:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SUPERAntiSpyware.com
[05/22/2008|07:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> TEMP
[08/05/2007|06:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Trymedia
[03/28/2009|03:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Viewpoint
[01/20/2007|05:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage
[05/22/2008|09:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> YAHOO

[04/04/2009|11:46] C:\DOCUME~1\Blake\APPLIC~1\<DIR> #ISW.FS#
[05/08/2008|12:50] C:\DOCUME~1\Blake\APPLIC~1\<DIR> Adobe
[05/15/2008|09:33] C:\DOCUME~1\Blake\APPLIC~1\<DIR> AdobeUM
[03/28/2009|03:12] C:\DOCUME~1\Blake\APPLIC~1\<DIR> Aim
[05/22/2008|09:37] C:\DOCUME~1\Blake\APPLIC~1\<DIR> AOL
[09/16/2008|03:20] C:\DOCUME~1\Blake\APPLIC~1\<DIR> Apple Computer
[12/14/2006|12:31] C:\DOCUME~1\Blake\APPLIC~1\<DIR> ATI
[03/28/2009|07:16] C:\DOCUME~1\Blake\APPLIC~1\<DIR> CheckPoint
[01/20/2007|05:21] C:\DOCUME~1\Blake\APPLIC~1\<DIR> CiscoCAA
[03/10/2009|11:37] C:\DOCUME~1\Blake\APPLIC~1\<DIR> Corel
[09/15/2007|10:56] C:\DOCUME~1\Blake\APPLIC~1\<DIR> CyberLink
[12/21/2006|09:55] C:\DOCUME~1\Blake\APPLIC~1\<DIR> Google
[10/09/2008|06:52] C:\DOCUME~1\Blake\APPLIC~1\<DIR> goombah
[03/29/2009|01:48] C:\DOCUME~1\Blake\APPLIC~1\<DIR> GTek
[10/29/2007|12:01] C:\DOCUME~1\Blake\APPLIC~1\<DIR> Help
[08/16/2005|06:50] C:\DOCUME~1\Blake\APPLIC~1\<DIR> Identities
[12/14/2006|12:42] C:\DOCUME~1\Blake\APPLIC~1\<DIR> InstallShield
[11/24/2007|07:17] C:\DOCUME~1\Blake\APPLIC~1\<DIR> Intuit
[05/08/2008|05:57] C:\DOCUME~1\Blake\APPLIC~1\<DIR> iWin
[10/11/2008|10:27] C:\DOCUME~1\Blake\APPLIC~1\<DIR> Macromedia
[03/28/2009|07:16] C:\DOCUME~1\Blake\APPLIC~1\<DIR> MailFrontier
[03/18/2009|08:07] C:\DOCUME~1\Blake\APPLIC~1\<DIR> Malwarebytes
[02/27/2009|03:07] C:\DOCUME~1\Blake\APPLIC~1\<DIR> Microsoft
[01/22/2007|08:12] C:\DOCUME~1\Blake\APPLIC~1\<DIR> Mozilla
[05/22/2008|09:41] C:\DOCUME~1\Blake\APPLIC~1\<DIR> Real
[03/29/2009|12:42] C:\DOCUME~1\Blake\APPLIC~1\<DIR> Ruckus Network
[01/22/2007|10:59] C:\DOCUME~1\Blake\APPLIC~1\<DIR> Sun
[03/29/2009|01:58] C:\DOCUME~1\Blake\APPLIC~1\<DIR> SUPERAntiSpyware.com
[08/02/2007|10:25] C:\DOCUME~1\Blake\APPLIC~1\<DIR> Template
[08/05/2007|07:46] C:\DOCUME~1\Blake\APPLIC~1\<DIR> Yahoo!

[05/22/2008|09:37] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> AOL
[12/14/2006|12:31] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> ATI
[12/14/2006|12:46] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Gtek
[08/16/2005|06:50] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Identities
[12/14/2006|12:42] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> InstallShield
[08/16/2005|06:30] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft

[03/28/2009|07:18] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft
[08/28/2007|11:12] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Yahoo!

[03/28/2009|07:18] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[03/31/2009 11:25 PM][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[03/29/2009 01:50 PM][--ah-----] C:\WINDOWS\tasks\SA.DAT
[08/10/2004 07:00 AM][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Program Files

[12/14/2006|12:43] C:\Program Files\<DIR> Adobe
[03/28/2009|03:12] C:\Program Files\<DIR> AIM
[04/14/2007|10:45] C:\Program Files\<DIR> America Online 9.0
[02/06/2007|05:33] C:\Program Files\<DIR> AOD
[12/14/2006|12:36] C:\Program Files\<DIR> AOL Companion
[03/27/2009|01:48] C:\Program Files\<DIR> Apple Software Update
[03/19/2009|05:41] C:\Program Files\<DIR> ATI Technologies
[03/19/2009|05:21] C:\Program Files\<DIR> AVG
[03/29/2009|01:39] C:\Program Files\<DIR> backups
[12/14/2006|12:41] C:\Program Files\<DIR> BAE
[05/08/2007|10:34] C:\Program Files\<DIR> Bodog Poker
[03/27/2009|01:45] C:\Program Files\<DIR> Bonjour
[03/19/2009|05:33] C:\Program Files\<DIR> Broadcom
[05/22/2008|09:13] C:\Program Files\<DIR> CA Yahoo! Anti-Spy
[03/28/2009|07:09] C:\Program Files\<DIR> CheckPoint
[03/29/2009|01:46] C:\Program Files\<DIR> Common Files
[08/16/2005|06:38] C:\Program Files\<DIR> ComPlus Applications
[12/14/2006|12:29] C:\Program Files\<DIR> CONEXANT
[12/14/2006|12:33] C:\Program Files\<DIR> Corel
[12/14/2006|12:32] C:\Program Files\<DIR> CyberLink
[03/28/2009|03:00] C:\Program Files\<DIR> Dell
[12/14/2006|12:45] C:\Program Files\<DIR> Dell Support
[03/19/2009|05:32] C:\Program Files\<DIR> DIFX
[12/14/2006|12:46] C:\Program Files\<DIR> EarthLink Setup
[04/01/2008|02:18] C:\Program Files\<DIR> Emergent Music LLC
[04/01/2009|09:03] C:\Program Files\<DIR> Full Tilt Poker
[12/21/2006|10:07] C:\Program Files\<DIR> Google
[03/28/2009|03:01] C:\Program Files\<DIR> InstallShield Installation Information
[02/17/2009|12:48] C:\Program Files\<DIR> Internet Explorer
[03/27/2009|01:46] C:\Program Files\<DIR> iPod
[03/27/2009|01:47] C:\Program Files\<DIR> iTunes
[12/14/2006|12:22] C:\Program Files\<DIR> Java
[03/18/2009|08:18] C:\Program Files\<DIR> Malwarebytes' Anti-Malware
[09/02/2008|06:28] C:\Program Files\<DIR> Messenger
[12/14/2006|12:44] C:\Program Files\<DIR> Microsoft ActiveSync
[01/21/2007|10:57] C:\Program Files\<DIR> Microsoft Baseline Security Analyzer
[05/09/2007|12:15] C:\Program Files\<DIR> Microsoft CAPICOM 2.1.0.2
[08/16/2005|06:43] C:\Program Files\<DIR> microsoft frontpage
[09/04/2007|10:12] C:\Program Files\<DIR> Microsoft Office
[12/14/2006|12:35] C:\Program Files\<DIR> Microsoft Plus! Digital Media Edition
[12/14/2006|12:35] C:\Program Files\<DIR> Microsoft Plus! Photo Story 2 LE
[02/27/2009|02:07] C:\Program Files\<DIR> Microsoft Silverlight
[12/14/2006|12:50] C:\Program Files\<DIR> Microsoft Small Business
[12/14/2006|12:50] C:\Program Files\<DIR> Microsoft SQL Server
[12/14/2006|12:44] C:\Program Files\<DIR> Microsoft Visual Studio
[12/14/2006|12:50] C:\Program Files\<DIR> Microsoft Visual Studio .NET 2003
[09/10/2008|03:01] C:\Program Files\<DIR> Microsoft Works
[12/14/2006|12:44] C:\Program Files\<DIR> Microsoft.NET
[09/02/2008|06:22] C:\Program Files\<DIR> Movie Maker
[04/04/2009|11:53] C:\Program Files\<DIR> Mozilla Firefox
[08/16/2005|06:37] C:\Program Files\<DIR> MSN
[08/16/2005|06:37] C:\Program Files\<DIR> MSN Gaming Zone
[12/21/2006|10:38] C:\Program Files\<DIR> MSXML 4.0
[12/14/2006|12:34] C:\Program Files\<DIR> MUSICMATCH
[09/02/2008|06:18] C:\Program Files\<DIR> NetMeeting
[08/16/2005|06:38] C:\Program Files\<DIR> Online Services
[09/02/2008|06:18] C:\Program Files\<DIR> Outlook Express
[03/29/2009|01:54] C:\Program Files\<DIR> Panda Security
[08/24/2008|03:48] C:\Program Files\<DIR> PokerRoom.com
[04/01/2009|06:55] C:\Program Files\<DIR> PokerStars
[03/27/2009|01:45] C:\Program Files\<DIR> QuickTime
[08/16/2005|10:58] C:\Program Files\<DIR> RGB
[04/01/2008|06:22] C:\Program Files\<DIR> Ruckus Player
[05/22/2008|09:40] C:\Program Files\<DIR> Shockwave.com
[12/14/2006|12:29] C:\Program Files\<DIR> Sigmatel
[03/29/2009|01:58] C:\Program Files\<DIR> SUPERAntiSpyware
[12/14/2006|12:26] C:\Program Files\<DIR> Synaptics
[12/07/2008|06:44] C:\Program Files\<DIR> Tourney Trax
[11/24/2007|07:14] C:\Program Files\<DIR> TurboTax
[08/16/2005|06:50] C:\Program Files\<DIR> Uninstall Information
[03/28/2009|03:02] C:\Program Files\<DIR> Viewpoint
[05/22/2008|09:43] C:\Program Files\<DIR> WildTangent
[08/17/2007|09:12] C:\Program Files\<DIR> Windows Media Connect 2
[05/23/2008|08:39] C:\Program Files\<DIR> Windows Media Player
[09/02/2008|06:18] C:\Program Files\<DIR> Windows NT
[08/16/2005|06:37] C:\Program Files\<DIR> Windows Plus
[01/21/2007|09:21] C:\Program Files\<DIR> WindowsUpdate
[08/16/2005|06:43] C:\Program Files\<DIR> xerox
[03/28/2009|03:04] C:\Program Files\<DIR> Yahoo!
[03/28/2009|07:08] C:\Program Files\<DIR> Zone Labs

--------------------\\ Listing Folders in C:\Program Files\Common Files

[11/24/2007|07:16] C:\Program Files\Common Files\<DIR> AnswerWorks 4.0
[03/28/2009|03:13] C:\Program Files\Common Files\<DIR> AOL
[05/08/2007|10:33] C:\Program Files\Common Files\<DIR> aolshare
[03/27/2009|01:42] C:\Program Files\Common Files\<DIR> Apple
[12/14/2006|12:34] C:\Program Files\Common Files\<DIR> Corel
[12/14/2006|12:50] C:\Program Files\Common Files\<DIR> Crystal Decisions
[12/14/2006|12:44] C:\Program Files\Common Files\<DIR> DESIGNER
[12/14/2006|12:26] C:\Program Files\Common Files\<DIR> InstallShield
[11/24/2007|07:15] C:\Program Files\Common Files\<DIR> Intuit
[12/14/2006|12:22] C:\Program Files\Common Files\<DIR> Java
[12/14/2006|12:44] C:\Program Files\Common Files\<DIR> L&H
[03/19/2009|05:20] C:\Program Files\Common Files\<DIR> Microsoft Shared
[08/16/2005|06:40] C:\Program Files\Common Files\<DIR> MSSoap
[12/14/2006|12:36] C:\Program Files\Common Files\<DIR> Nullsoft
[08/16/2005|06:33] C:\Program Files\Common Files\<DIR> ODBC
[05/22/2008|09:41] C:\Program Files\Common Files\<DIR> Real
[05/22/2008|09:11] C:\Program Files\Common Files\<DIR> Scanner
[08/16/2005|06:40] C:\Program Files\Common Files\<DIR> Services
[08/16/2005|06:33] C:\Program Files\Common Files\<DIR> SpeechEngines
[03/27/2009|01:33] C:\Program Files\Common Files\<DIR> Symantec Shared
[09/02/2008|06:18] C:\Program Files\Common Files\<DIR> System
[08/28/2007|11:12] C:\Program Files\Common Files\<DIR> Viewpoint
[03/29/2009|01:57] C:\Program Files\Common Files\<DIR> Wise Installation Wizard

--------------------\\ Process

( 48 Processes )

... OK !

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

No Lop folder found !

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-04 11:58:18
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Searching for other infections


No other infections found !

[F:867][D:32]-> C:\DOCUME~1\Blake\LOCALS~1\Temp
[F:6][D:0]-> C:\DOCUME~1\Blake\Cookies
[F:93][D:4]-> C:\DOCUME~1\Blake\LOCALS~1\TEMPOR~1\content.IE5
[F:3][D:1]-> C:\$Recycle.Bin

1 - "C:\Lop SD\LopR_1.txt" - Sat 04/04/2009|11:59 - Option : [1]

--------------------\\ Scan completed at 11:59:48

As for ComboFix and what have you. My techy friends were the ones using that. I don't even know what it is. I think they also used CCleaner. If you have any more questions let me know.
  • 0

#5
heir
Posted 04 April 2009 - 01:26 PM

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts

If you have any more questions let me know.

Not for now.

Let's start then.

Step 1.
Filescan:

  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan"box on the top of the page:

    • C:\WINDOWS\System32\drivers\yxjr.sys
  • Click on the Upload button
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.

Do the same with this file:
  • C:\WINDOWS\System32\buzifupa

Step 2.
OTL-fix:

Run OTListIt2.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTLI
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
SRV - File not found -- -- (IYXRDSOSDMQW [Disabled | Stopped])
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe -- File not found
:Files
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
C:\Program Files\Viewpoint
C:\Program Files\WildTangent
C:\Program Files\Common Files\Viewpoint
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post the OTL2 fixlog


Step 3.
Things I would like to see in your reply:

  • The results from the filescan in step 1.
  • The content of the fixlog from OTL2 in step 2.

  • 0

#6
alcatraz543
Posted 04 April 2009 - 02:44 PM

alcatraz543

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
File information
File Name : jnhstwmq.sys
File Size : 61440 byte
File Type : PE32 executable for MS Windows (native) Intel 80386 32-bit
MD5 : 589312a3b46721c5a751e4d5222a89be
SHA1 : 3a497d3968a4f6e3c648d196da38e5f98e75ec30

Scanner results
Scanner results : 5% Scanner(2/37) found malware!
Time : 2009/03/27 17:00:08 (EDT)
Scanner ↓ Engine Ver Sig Ver Sig Date Scan result Time
a-squared 4.0.0.32 20090326052159 2009-03-26
-
40.127
AhnLab V3 2009.03.28.01 2009.03.28 2009-03-28
-
40.128
AntiVir 7.9.0.129 7.1.2.228 2009-03-27
-
2.057
Antiy 2.0.18 20090327.2244355 2009-03-27
-
0.119
Authentium 5.1.1 200903271653 2009-03-27
-
1.695
AVAST! 3.0.1 090327-0 2009-03-27
-
0.008
AVG 7.5.52.442 270.11.30/2026 2009-03-27
-
2.048
BitDefender 7.81008.2815731 7.24448 2009-03-28
-
2.672
CA (VET) 9.0.0.143 31.6.6420 2009-03-27
-
40.126
ClamAV 0.94.2 9175 2009-03-27
-
0.015
Comodo 3.8 1086 2009-03-27
-
40.130
CP Secure 1.1.0.715 2009.03.28 2009-03-28
Malware.W32.Agent.fu
7.662
Dr.Web 4.44.0.9170 2009.03.27 2009-03-27
-
4.276
F-Prot 4.4.4.56 20090327 2009-03-27
-
1.660
F-Secure 5.51.6100 2009.03.27.09 2009-03-27
-
5.020
Fortinet 2.81-3.117 10.209 2009-03-27
-
40.128
GData 19.4264/19.278 20090327 2009-03-27
-
40.126
Ikarus T3.1.01.48 2009.03.27.72487 2009-03-27
-
2.894
JiangMin 11.0.706 2009.03.27 2009-03-27
-
40.127
Kaspersky 5.5.10 2009.03.27 2009-03-27
-
0.045
KingSoft 2009.2.5.15 2009.3.27.10 2009-03-27
-
43.128
McAfee 5.3.00 5565 2009-03-26
-
2.683
Microsoft 1.4502 2009.03.27 2009-03-27
-
40.128
mks_vir 2.01 2009.03.27 2009-03-27
-
2.825
Norman 6.00.06 6.00.00 2009-03-27
W32/Agent.HHSF
8.010
nProtect 20090327.02 3381591 2009-03-27
-
40.126
Panda 9.05.01 2009.03.26 2009-03-26
-
40.127
Quick Heal 10.00 2009.03.26 2009-03-26
-
40.127
Rising 20.0 21.22.42.00 2009-03-27
-
40.128
Sophos 2.85.0 4.40 2009-03-28
-
2.108
Sunbelt 5062 5062 2009-03-26
-
40.127
Symantec 1.3.0.24 20090327.005 2009-03-27
-
0.247
The Hacker 6.3.3.7 v00292 2009-03-26
-
40.127
Trend Micro 8.700-1004 5.926.12 2009-03-27
-
0.026
VBA32 3.12.10.1 20090326.1408 2009-03-26
-
1.779
ViRobot 20090327 2009.03.27 2009-03-27
-
40.142
VirusBuster 4.5.11.10 10.102.25/1054288 2009-03-27
-
1.301

I apologize for the poor formatting, but I can't seem to get it to work. 2 of the virus scanners found a problem.

Here is the other one...

File Name : buzifupa
File Size : 11168 byte
File Type :
MD5 : c636f84c5359ebb7a4e23f4120931764
SHA1 : 008f07042aa63e3139a085aa45ea3a7e39f24600

Scanner results
Scanner results : All Scanners reported not find malware!
Time : 2009/04/04 16:26:18 (EDT)
Scanner ↓ Engine Ver Sig Ver Sig Date Scan result Time
a-squared 4.0.0.32 20090404223124 2009-04-04
-
3.208
AhnLab V3 2009.04.05.00 2009.04.05 2009-04-05
-
0.597
AntiVir 7.9.0.138 7.1.3.13 2009-04-03
-
1.963
Antiy 2.0.18 20090404.2276042 2009-04-04
-
0.120
Authentium 5.1.1 200904031911 2009-04-03
-
1.110
AVAST! 3.0.1 090404-0 2009-04-04
-
0.003
AVG 7.5.52.442 270.11.41/2041 2009-04-04
-
2.012
BitDefender 7.81008.2828809 7.24606 2009-04-05
-
2.616
CA (VET) 9.0.0.143 31.6.6435 2009-04-04
-
8.329
ClamAV 0.95 9203 2009-04-04
-
0.005
Comodo 3.8 1099 2009-04-04
-
0.573
CP Secure 1.1.0.715 2009.04.04 2009-04-04
-
7.864
Dr.Web 4.44.0.9170 2009.04.04 2009-04-04
-
4.289
F-Prot 4.4.4.56 20090403 2009-04-03
-
1.095
F-Secure 5.51.6100 2009.04.04.01 2009-04-04
-
5.040
Fortinet 2.81-3.117 10.244 2009-04-04
-
0.226
GData 19.4408/19.288 20090404 2009-04-04
-
4.529
Ikarus T3.1.01.49 2009.04.04.72524 2009-04-04
-
2.971
JiangMin 11.0.706 2009.04.05 2009-04-05
-
1.672
Kaspersky 5.5.10 2009.04.04 2009-04-04
-
0.020
KingSoft 2009.2.5.15 2009.4.4.21 2009-04-04
-
0.576
McAfee 5.3.00 5574 2009-04-04
-
2.690
Microsoft 1.4502 2009.04.04 2009-04-04
-
4.523
mks_vir 2.01 2009.04.04 2009-04-04
-
2.810
Norman 6.00.06 6.00.00 2009-04-03
-
10.010
nProtect 20090404.01 3419489 2009-04-04
-
4.285
Panda 9.05.01 2009.04.04 2009-04-04
-
1.622
Quick Heal 10.00 2009.04.04 2009-04-04
-
1.056
Rising 20.0 21.23.40.00 2009-04-03
-
0.238
Sophos 2.85.0 4.40 2009-04-05
-
1.994
Sunbelt 5077 5077 2009-04-03
-
0.574
Symantec 1.3.0.24 20090403.004 2009-04-03
-
0.232
The Hacker 6.3.4.0 v00302 2009-04-04
-
0.531
Trend Micro 8.700-1004 5.944.02 2009-04-03
-
0.023
VBA32 3.12.10.2 20090403.1044 2009-04-03
-
1.793
ViRobot 20090403 2009.04.03 2009-04-03
-
0.412
VirusBuster 4.5.11.10 10.102.33/1210066 2009-04-04
-
1.461

That one says the 2nd file is clean.

Here is the OTListFix Log:

========== OTLISTIT ==========
Process explorer.exe killed successfully!

Service\Driver IYXRDSOSDMQW deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{361ac05d-0e0d-11da-9aa9-806d6172696f}\ not found.
File not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{361ac05d-0e0d-11da-9aa9-806d6172696f}\ not found.
File not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{361ac05d-0e0d-11da-9aa9-806d6172696f}\ not found.
File E:\setup.exe not found.
========== FILES ==========
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint\Viewpoint Toolbar moved successfully.
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint\Toolbar Runtime moved successfully.
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint\AxMetaStream_Win moved successfully.
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint moved successfully.
C:\Program Files\Viewpoint\Viewpoint Toolbar moved successfully.
C:\Program Files\Viewpoint moved successfully.
C:\Program Files\WildTangent\LicenseStores\WT moved successfully.
C:\Program Files\WildTangent\LicenseStores moved successfully.
C:\Program Files\WildTangent\Apps\GameChannel\Games\26D2C2C3-CF14-4ED7-B1FC-0BE64AFBA3B3 moved successfully.
C:\Program Files\WildTangent\Apps\GameChannel\Games moved successfully.
C:\Program Files\WildTangent\Apps\GameChannel moved successfully.
C:\Program Files\WildTangent\Apps moved successfully.
C:\Program Files\WildTangent moved successfully.
C:\Program Files\Common Files\Viewpoint\Toolbar Runtime moved successfully.
C:\Program Files\Common Files\Viewpoint moved successfully.
========== COMMANDS ==========
File delete failed. C:\Documents and Settings\Blake\Local Settings\Temp\IswTmp\Logs\AK_DLL.swl scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Blake\Local Settings\Temp\IswTmp\Logs\ISWSHEX.swl scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Blake\Local Settings\Temp\etilqs_umcYQ7jaduaxpu0sWXxZ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Blake\Local Settings\Temp\Perflib_Perfdata_c38.dat scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\IswTmp\Logs\AK_DLL.swl scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\IswTmp\Logs\ISWSHEX.swl scheduled to be deleted on reboot.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\IswTmp\Logs\ISWSVC.swl scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_764.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Blake\Local Settings\Application Data\Mozilla\Firefox\Profiles\wpuafikj.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Blake\Local Settings\Application Data\Mozilla\Firefox\Profiles\wpuafikj.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Blake\Local Settings\Application Data\Mozilla\Firefox\Profiles\wpuafikj.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Blake\Local Settings\Application Data\Mozilla\Firefox\Profiles\wpuafikj.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Blake\Local Settings\Application Data\Mozilla\Firefox\Profiles\wpuafikj.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Blake\Local Settings\Application Data\Mozilla\Firefox\Profiles\wpuafikj.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTListIt2 by OldTimer - Version 2.0.7.2 log created on 04042009_163130

Files moved on Reboot...
C:\Documents and Settings\Blake\Local Settings\Temp\IswTmp\Logs\AK_DLL.swl moved successfully.
C:\Documents and Settings\Blake\Local Settings\Temp\IswTmp\Logs\ISWSHEX.swl moved successfully.
File C:\Documents and Settings\Blake\Local Settings\Temp\etilqs_umcYQ7jaduaxpu0sWXxZ not found!
File C:\Documents and Settings\Blake\Local Settings\Temp\Perflib_Perfdata_c38.dat not found!
C:\Documents and Settings\LocalService\Local Settings\Temp\IswTmp\Logs\AK_DLL.swl moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temp\IswTmp\Logs\ISWSHEX.swl moved successfully.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\IswTmp\Logs\ISWSVC.swl scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_764.dat not found!
C:\Documents and Settings\Blake\Local Settings\Application Data\Mozilla\Firefox\Profiles\wpuafikj.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Blake\Local Settings\Application Data\Mozilla\Firefox\Profiles\wpuafikj.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Blake\Local Settings\Application Data\Mozilla\Firefox\Profiles\wpuafikj.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Blake\Local Settings\Application Data\Mozilla\Firefox\Profiles\wpuafikj.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Blake\Local Settings\Application Data\Mozilla\Firefox\Profiles\wpuafikj.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Blake\Local Settings\Application Data\Mozilla\Firefox\Profiles\wpuafikj.default\XUL.mfl moved successfully.

Registry entries deleted on Reboot...

Let me know what you think. Thanks!
  • 0

#7
heir
Posted 05 April 2009 - 01:45 AM

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts
I need to have a look at another log.

Goto Start -> Run...

Copy the following line

C:\Qoobox\ComboFix-quarantined-files.txt

Paste it in the textbox and click OK.

A notepad window will open with that log.
Please copy and paste it's content in your reply.
  • 0

#8
alcatraz543
Posted 05 April 2009 - 12:40 PM

alcatraz543

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
2009-03-29 13:43:29 A------- 58 C:\Qoobox\Quarantine\catchme.log
2009-03-29 13:47:24 A------- 7,506 C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
  • 0

#9
heir
Posted 05 April 2009 - 02:25 PM

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts
Let's follow up with an online scan.


Step 1.
Clean temp locations:

Please download ATF Cleaner by Atribune.
Caution: This program is for Windows 2000, XP and Vista onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Step 2.
Scan with Kaspersky Online Scanner:

Please do an online scan with Kaspersky Online Scanner

Kaspersky online scanner uses JAVA tecnology to perform the scan. If you do not have the latest JAVA version, follow the instrutions below under Upgrading Java, to download and install the latest vesion.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure the following is checked.
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.

Upgrading Java:

Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

Upgrading Java:
  • Download the latest version of Java SE Runtime Environment (JRE)JRE 6 Update 13.
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u13-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u13-windows-i586-p.exe and select "Run as an Administrator.")

Step 3.
Things I would like to see in your reply:

  • The content of the report from Kaspersky Online Scanner from Step 2.
  • Information on how your computer is running now.

  • 0

#10
alcatraz543
Posted 05 April 2009 - 04:49 PM

alcatraz543

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, April 5, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, April 05, 2009 21:15:20
Records in database: 2015819
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area My Computer
C:\
D:\
Scan statistics
Files scanned 69399
Threat name 0
Infected objects 0
Suspicious objects 0
Duration of the scan 01:43:29

No malware has been detected. The scan area is clean.
The selected area was scanned.

I updated my java and ran this scan but automatic updates still can't be turned on. Should I delete the yxjr driver? That was flagged by two of the antivirus programs. Thanks!
  • 0

Advertisements

#11
heir
Posted 06 April 2009 - 01:55 AM

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts
Yes let's remove it!

Run OTListIt2.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTLI
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
:Files
C:\WINDOWS\System32\drivers\yxjr.sys
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post the OTL2 fixlog

Are you still not able to turn on Windows automatic update?
  • 0

#12
alcatraz543
Posted 06 April 2009 - 04:12 PM

alcatraz543

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
========== OTLISTIT ==========
Process explorer.exe killed successfully!
========== FILES ==========
File/Folder C:\WINDOWS\System32\drivers\yxjr.sys not found.
========== COMMANDS ==========
File delete failed. C:\Documents and Settings\Blake\Local Settings\Temp\IswTmp\Logs\AK_DLL.swl scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Blake\Local Settings\Temp\IswTmp\Logs\ISWSHEX.swl scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Blake\Local Settings\Temp\etilqs_LLuAvoByqORur0x06lgR scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Blake\Local Settings\Temp\Perflib_Perfdata_eb8.dat scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\IswTmp\Logs\AK_DLL.swl scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\IswTmp\Logs\ISWSHEX.swl scheduled to be deleted on reboot.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\IswTmp\Logs\AK_DLL.swl scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\IswTmp\Logs\ISWSHEX.swl scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\IswTmp\Logs\ISWSVC.swl scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_1c8.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_b8.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ZLT01f07.TMP scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Blake\Local Settings\Application Data\Mozilla\Firefox\Profiles\wpuafikj.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Blake\Local Settings\Application Data\Mozilla\Firefox\Profiles\wpuafikj.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Blake\Local Settings\Application Data\Mozilla\Firefox\Profiles\wpuafikj.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Blake\Local Settings\Application Data\Mozilla\Firefox\Profiles\wpuafikj.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Blake\Local Settings\Application Data\Mozilla\Firefox\Profiles\wpuafikj.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTListIt2 by OldTimer - Version 2.0.7.2 log created on 04062009_180304

Files moved on Reboot...
C:\Documents and Settings\Blake\Local Settings\Temp\IswTmp\Logs\AK_DLL.swl moved successfully.
C:\Documents and Settings\Blake\Local Settings\Temp\IswTmp\Logs\ISWSHEX.swl moved successfully.
File C:\Documents and Settings\Blake\Local Settings\Temp\etilqs_LLuAvoByqORur0x06lgR not found!
File C:\Documents and Settings\Blake\Local Settings\Temp\Perflib_Perfdata_eb8.dat not found!
C:\Documents and Settings\LocalService\Local Settings\Temp\IswTmp\Logs\AK_DLL.swl moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temp\IswTmp\Logs\ISWSHEX.swl moved successfully.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
C:\WINDOWS\temp\IswTmp\Logs\AK_DLL.swl moved successfully.
C:\WINDOWS\temp\IswTmp\Logs\ISWSHEX.swl moved successfully.
File move failed. C:\WINDOWS\temp\IswTmp\Logs\ISWSVC.swl scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_1c8.dat not found!
File C:\WINDOWS\temp\Perflib_Perfdata_b8.dat not found!
File C:\WINDOWS\temp\ZLT01f07.TMP not found!
C:\Documents and Settings\Blake\Local Settings\Application Data\Mozilla\Firefox\Profiles\wpuafikj.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Blake\Local Settings\Application Data\Mozilla\Firefox\Profiles\wpuafikj.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Blake\Local Settings\Application Data\Mozilla\Firefox\Profiles\wpuafikj.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Blake\Local Settings\Application Data\Mozilla\Firefox\Profiles\wpuafikj.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Blake\Local Settings\Application Data\Mozilla\Firefox\Profiles\wpuafikj.default\urlclassifier3.sqlite moved successfully.

Registry entries deleted on Reboot....


What's really weird now is that I can't delete any of my browser history. Also, everytime I restart, I get prompted to use the system restore point or just go ahead as normal. No, I still can't turn my automatic updates on. Do I need to go into my registry and flag that to yes. Also do you need to see another OTList or HiJack this log? Let me know. Thanks for all of your help on this.
  • 0

#13
alcatraz543
Posted 06 April 2009 - 04:41 PM

alcatraz543

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
I also think I found something else...

I went into services.msc and looked at her path to executable for her BITS properties and it directs her to C:\Windows\System32\svchost.exe -k netsvcs

My computer is directing me to %fystemRoot%\system32\svchost.exe -k netsvcs, which looks totally insane to me.

Let me know what you think of this as well.
  • 0

#14
heir
Posted 07 April 2009 - 01:20 AM

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts
Thanks for this information. Good help for me.

%fystemRoot%\system32\svchost.exe -k netsvcs

Are you sure that it was an f there and not an s or S?


Also do this

Delete ComboFix.exe from your desktop

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Edited by heir, 09 April 2009 - 07:42 AM.

  • 0

#15
alcatraz543
Posted 11 April 2009 - 08:51 AM

alcatraz543

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
ComboFix 09-04-04.01 - Blake 2009-04-11 10:42:00.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.894.418 [GMT -4:00]
Running from: c:\documents and settings\Blake\Desktop\ComboFix.exe
AV: ZoneAlarm Extreme Security Antivirus *On-access scanning disabled* (Updated)
FW: ZoneAlarm Extreme Security Firewall *disabled*
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2009-03-11 to 2009-04-11 )))))))))))))))))))))))))))))))
.

2009-04-05 16:55 . 2009-04-05 16:55 410,984 --a------ c:\windows\system32\deploytk.dll
2009-04-05 16:55 . 2009-04-05 16:55 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-04-04 16:31 . 2009-04-04 16:31 <DIR> d-------- C:\_OTListIt
2009-04-04 11:55 . 2009-04-05 19:36 <DIR> d-------- C:\Lop SD
2009-03-29 03:55 . 2009-03-29 13:48 <DIR> d--h----- c:\documents and settings\Blake\Application Data\GTek
2009-03-29 03:27 . 2009-03-29 13:39 <DIR> d-------- c:\program files\backups
2009-03-29 01:58 . 2009-03-29 01:58 <DIR> d-------- c:\program files\SUPERAntiSpyware
2009-03-29 01:58 . 2009-03-29 01:58 <DIR> d-------- c:\documents and settings\Blake\Application Data\SUPERAntiSpyware.com
2009-03-29 01:58 . 2009-03-29 01:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-03-29 01:57 . 2009-03-29 01:57 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-03-29 01:54 . 2009-03-29 01:54 <DIR> d-------- c:\program files\Panda Security
2009-03-29 01:50 . 2009-03-29 01:50 396,288 --a------ c:\program files\HijackThis.exe
2009-03-28 22:41 . 2009-04-05 19:33 <DIR> d-------- C:\Rooter$
2009-03-28 19:32 . 2009-04-05 19:22 2,870 --a------ C:\rollback.ini
2009-03-28 19:16 . 2009-03-28 19:16 <DIR> d-------- c:\documents and settings\Blake\Application Data\MailFrontier
2009-03-28 19:16 . 2009-03-28 19:16 <DIR> d-------- c:\documents and settings\Blake\Application Data\CheckPoint
2009-03-28 19:16 . 2009-04-06 18:32 <DIR> d-------- c:\documents and settings\Blake\Application Data\#ISW.FS#
2009-03-28 19:14 . 2009-04-11 10:45 112,892,448 --ahs---- c:\windows\system32\drivers\fidbox.dat
2009-03-28 19:14 . 2009-04-11 10:32 1,500,068 --ahs---- c:\windows\system32\drivers\fidbox.idx
2009-03-28 19:09 . 2009-03-28 19:09 <DIR> d-------- c:\program files\CheckPoint
2009-03-28 19:09 . 2009-04-11 10:38 144 --a------ c:\windows\system32\pdfl.dat
2009-03-28 19:09 . 2009-03-28 19:09 144 --a------ c:\windows\system32\lkfl.dat
2009-03-28 19:09 . 2009-03-28 19:09 80 --a------ c:\windows\system32\ibfl.dat
2009-03-28 19:08 . 2009-03-28 19:08 <DIR> d-------- c:\program files\Zone Labs
2009-03-27 13:46 . 2009-03-27 13:47 <DIR> d-------- c:\program files\iTunes
2009-03-27 13:46 . 2009-03-27 13:46 <DIR> d-------- c:\program files\iPod
2009-03-27 13:46 . 2009-03-27 13:47 <DIR> d-------- c:\documents and settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-27 13:44 . 2009-03-27 13:45 <DIR> d-------- c:\program files\QuickTime
2009-03-27 13:42 . 2009-03-27 13:42 <DIR> d-------- c:\program files\Common Files\Apple
2009-03-27 13:32 . 2009-03-27 13:32 <DIR> d-------- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-03-19 17:55 . 2008-04-13 14:36 8,832 --a------ c:\windows\system32\drivers\wmiacpi.sys
2009-03-19 17:55 . 2008-04-13 14:36 8,832 --a------ c:\windows\system32\dllcache\wmiacpi.sys
2009-03-19 17:35 . 2006-10-11 21:26 3,107,788 --a------ c:\windows\system32\ativvaxx.dat
2009-03-19 17:35 . 2006-08-23 17:26 2,096 --a------ c:\windows\system32\drivers\ativdkxx.vp
2009-03-19 17:33 . 2009-03-19 17:33 <DIR> d-------- c:\program files\Broadcom
2009-03-19 17:32 . 2009-03-19 17:32 <DIR> d-------- c:\program files\DIFX
2009-03-19 17:31 . 2006-09-13 18:41 3,456 --a------ c:\windows\system32\drivers\atiide.sys
2009-03-19 17:26 . 2009-03-28 16:09 <DIR> d--h----- C:\$AVG8.VAULT$
2009-03-19 17:21 . 2009-03-19 17:21 <DIR> d-------- c:\program files\AVG
2009-03-19 17:20 . 2009-03-28 19:19 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2009-03-19 16:09 . 2008-04-14 06:42 26,112 --a------ c:\windows\system32\userinit.exe
2009-03-19 16:06 . 2009-03-19 16:06 <DIR> d--hs---- C:\$RECYCLE.BIN
2009-03-18 20:07 . 2009-03-18 20:18 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-18 20:07 . 2009-03-18 20:07 <DIR> d-------- c:\documents and settings\Blake\Application Data\Malwarebytes
2009-03-18 20:07 . 2009-03-18 20:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-18 20:07 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-18 20:07 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-18 20:04 . 2009-03-18 20:04 4,128 --a------ C:\INFCACHE.1
2009-03-14 20:35 . 2009-03-14 20:35 <DIR> d--h----- c:\windows\system32\GroupPolicy

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-06 23:18 5,602 ----a-w c:\program files\hijackthis.log
2009-04-05 22:25 --------- d-----w c:\program files\Full Tilt Poker
2009-04-05 21:00 --------- d-----w c:\program files\PokerStars
2009-04-05 20:55 --------- d-----w c:\program files\Java
2009-03-29 04:42 --------- d-----w c:\documents and settings\Blake\Application Data\Ruckus Network
2009-03-28 19:13 --------- d-----w c:\program files\Common Files\AOL
2009-03-28 19:13 --------- d-----w c:\documents and settings\All Users\Application Data\AOL
2009-03-28 19:12 --------- d-----w c:\program files\AIM
2009-03-28 19:12 --------- d-----w c:\documents and settings\Blake\Application Data\Aim
2009-03-28 19:04 --------- d-----w c:\program files\Yahoo!
2009-03-28 19:01 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-28 19:00 --------- d-----w c:\program files\Dell
2009-03-27 17:48 --------- d-----w c:\program files\Apple Software Update
2009-03-27 17:45 --------- d-----w c:\program files\Bonjour
2009-03-27 17:33 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-03-19 21:41 --------- d-----w c:\program files\ATI Technologies
2009-03-11 03:37 2,672 --sha-w c:\windows\system32\KGyGaAvL.sys
2009-03-11 03:37 --------- d-----w c:\documents and settings\Blake\Application Data\Corel
2009-02-27 18:07 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-16 03:10 72,584 ----a-w c:\windows\zllsputility.exe
2009-02-16 03:10 1,221,512 ----a-w c:\windows\system32\zpeng25.dll
2009-02-09 11:13 1,846,784 ----a-w c:\windows\system32\win32k.sys
2009-02-09 11:13 1,846,784 ------w c:\windows\system32\dllcache\win32k.sys
2009-01-17 02:35 3,594,752 ----a-w c:\windows\system32\dllcache\mshtml.dll
2008-02-20 05:27 682 -c--a-w c:\documents and settings\Blake\Application Data\wklnhst.dat
2008-09-02 22:31 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008090220080903\index.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-03-29_13.49.19.35 )))))))))))))))))))))))))))))))))))))))))
.
- 2005-11-10 17:27:06 49,248 -c--a-w c:\windows\system32\java.exe
+ 2009-04-05 20:55:29 144,792 ----a-w c:\windows\system32\java.exe
- 2005-11-10 17:27:16 49,250 -c--a-w c:\windows\system32\javaw.exe
+ 2009-04-05 20:55:29 144,792 ----a-w c:\windows\system32\javaw.exe
- 2005-11-10 19:03:54 127,078 -c--a-w c:\windows\system32\javaws.exe
+ 2009-04-05 20:55:29 148,888 ----a-w c:\windows\system32\javaws.exe
- 2009-03-28 23:11:17 4,212 ---ha-w c:\windows\system32\zllictbl.dat
+ 2009-04-04 15:42:29 4,212 ---ha-w c:\windows\system32\zllictbl.dat
- 2009-03-29 17:40:09 69,452 ----a-w c:\windows\system32\ZoneLabs\avsys\bases\sfdb.dat
+ 2009-04-11 14:38:16 563,848 ----a-w c:\windows\system32\ZoneLabs\avsys\bases\sfdb.dat
- 2009-03-28 23:33:28 11,588,231 ----a-w c:\windows\system32\ZoneLabs\spyware.dat
+ 2009-04-04 15:49:16 11,650,327 ----a-w c:\windows\system32\ZoneLabs\spyware.dat
+ 2009-04-11 14:36:02 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_21c.dat
+ 2009-04-11 14:35:46 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_88.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-03-23 1830128]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"LxrAutorun"="c:\documents and settings\Blake\Local Settings\Application Data\Lexar Media\LxrAutorun.exe" [2007-03-07 24576]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-08-28 395776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-15 981384]
"syntplpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2006-03-08 82011]
"syntpenh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-09-22 761947]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-12 342312]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-12-14 236544]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 49152]
"aticcc"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-05 148888]
"MSConfig"="c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2008-04-13 169984]
"SigmatelSysTrayApp"="stsystra.exe" [2006-09-22 c:\windows\stsystra.exe]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!saswinlogon]
2008-12-22 12:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk
backup=c:\windows\pss\Service Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\icmpsettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [2009-03-19 3456]
R1 sasdifsv;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-03-23 9968]
R1 saskutil;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-03-23 72944]
R2 iswkl;ForceField ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2009-02-12 21136]
R2 iswsvc;ForceField IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [2009-02-12 390536]
R2 LxrSII1d;Secure II Driver;c:\windows\system32\drivers\LxrSII1d.sys [2009-02-25 72672]
R3 sasenum;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-03-23 7408]
S2 boaqi;boaqi;c:\windows\System32\svchost.exe -k netsvcs [2005-08-16 14336]
S3 icsak;icsak;c:\program files\CheckPoint\ZAForceField\AK\icsak.sys [2009-02-12 54928]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
boaqi
.
Contents of the 'Scheduled Tasks' folder

2009-04-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5061213
FF - ProfilePath - c:\documents and settings\Blake\Application Data\Mozilla\Firefox\Profiles\wpuafikj.default\
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-11 10:45:19
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(852)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-04-11 10:47:41
ComboFix-quarantined-files.txt 2009-04-11 14:47:17
ComboFix2.txt 2009-03-29 17:50:37

Pre-Run: 92,253,376,512 bytes free
Post-Run: 92,244,066,304 bytes free

193 --- E O F --- 2009-03-11 05:16:58

Sorry about the delay. I was out of town on business. Also, the system key I showed you does start with F to fystem. I know that's bad. Also, Malware Bytes flags it as Hijack.Regedit but once I remove it, it still comes back. Let me know what you think and thanks again for all of your help on this.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP