[sethji2]

Please help me with virus/malaware infection on Win XP SP3 Laptop.

Suddenly I observed that Task Manager and Registry Editor are disabled. So I executed MBAM and SuperAntiSpyware which were showing Trojan/Gen-Virut, Trojan/Gen and Rootkit in the Doc&Settings\user\Local Settings\Temp\ and C:\Windows\Temp\ folder - they were some exe files.
After the MBAM and SuperAntiSpyware sacn mentioned that it cleaned the virus, I managed to see the task manager and regedit option enabled.

However, when I go to the task manager, it shows up for a split second and the window closes automatically. The RegEditor window also behaves same way - it automatically closes immediately after opening.

So I again run "MBAM & SuperAntiSpyware " and this time no malware is detected by them, but TskMgr and RegEdit are still closing in split second.

Then I try to install CCLeaner, it installs properly, but when I run it, it closes automatically.
Then I try to install free version of avast and avira antivirus, the installation terminates immediately.

However, I was successful in installing AVG Free Antivirus. When I run that, it shows me multiple instances of Tanatos.M and Heur viruses, associated with multiple exe file names like igfxtray.exe, hkcmd.exe, etc and process names are shown as MsMpEng.exe as infected ones.
The longer I allow AVG to run, the longer list of affected files it shows.

So I've now run 3 AV's - MBAM, SuperAntiSpyware and AVG and none of it is able to fix the problem. The virus or malaware seems to be continously infecting many more files.

I dont have any spare computer to connect my infected hard disk to, so will truely appreciate any help which can enable cleaning up of my only laptop.

Thanks a lot in advance -will really need help here...

[Advertisements]

Hello sethji2

welcome to geekstogo

lets get some upto date logs for me to analyse. could you post the ark and OTL logs (instructions are below if you need to re-run them).


====STEP 1====
go to http://www.geekstogo...uide-t2852.html and run GMER Rootkit Scanner in Step Four: Rootkit Detection



====STEP 2====
from the same page, go to Step Five: Post an OTL Log and run the OTL log, include the custom scan as explained on that page.


In your next reply could i see:
1. the GMER log
2. the OTL log (it may only have one log this time)

The text from these files may exceed the maximum post length for this forum. Hence, you may need to post the information over 2 or more posts.

andrewuk

[andrewuk]

Hello sethji2

welcome to geekstogo

lets get some upto date logs for me to analyse. could you post the ark and OTL logs (instructions are below if you need to re-run them).


====STEP 1====
go to http://www.geekstogo...uide-t2852.html and run GMER Rootkit Scanner in Step Four: Rootkit Detection



====STEP 2====
from the same page, go to Step Five: Post an OTL Log and run the OTL log, include the custom scan as explained on that page.


In your next reply could i see:
1. the GMER log
2. the OTL log (it may only have one log this time)

The text from these files may exceed the maximum post length for this forum. Hence, you may need to post the information over 2 or more posts.

andrewuk

[sethji2]

Hello Andrew,

Thanks for your help.
I have not followed the instructions mentioned in your post, because the Situation has changed a bit since I posted that thread. However, the problem is still there.

Please see through the following status and let me know your thoughts and further
instructions which I will follow.

This is what I did:
After posting that problem on this site, I observed that the so called Heur and Tanatos were being reported by AVG free AV and were spreading like anything to all other applications.

And within a few minutes, nothing on my machine was working, no firefox, no explorer, no IE....each application I attempted to start would refuse to come up.

The only thing that I could start was the AVG. So I suspected some false alarms and decided to uninstall AVG completely....and .... the moment AVG was gone, everything was back to normal...
All the applications started again, no more problems with any Tanatos or Heur reported.

However, the actual issue of Task Manager closing in a split second and same wtih Regedit continues.

I again upgraded to latest updates of MBAM and SuperANtiSpyware and here are the logs for them:

MBAM Quickscan Log:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4124

Windows 5.1.2600 Service Pack 3, v.3264
Internet Explorer 7.0.5730.11

21/05/2010 20:40:59
mbam-log-2010-05-21 (20-40-59).txt

Scan type: Quick scan
Objects scanned: 146775
Time elapsed: 10 minute(s), 21 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
C:\WINDOWS\Temp\winawirye.exe (Trojan.Downloader) -> Failed to unload process.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\Temp\winawirye.exe (Trojan.Downloader) -> Delete on reboot.

I rebooted the machine after MBAM Qucik Scan

SuperAntiSPyware is not reporting any malware

Here is the current HijackThis Log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:08:41, on 21/05/2010
Platform: Windows XP SP3, v.3264 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\Explorer.EXE
C:\My Downloads\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://us.rd.yahoo.c...xt/search/searc

h.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://us.rd.yahoo.c...xt/search/searc

h.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =

http://us.rd.yahoo.c...//www.yahoo.com
O4 - HKLM\..\Run: [SoundMam] C:\WINDOWS\system32\SVOHOST.exe
O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -

startup
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3

\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

http://update.micros.../wuweb_site.cab?

1266060310562
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

http://www.update.mi.../muweb_site.cab?

1199566695222
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program

Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program

Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program

Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program

Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program

Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program

Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program

Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 4735 bytes


Please let me know if you want me to install and run anything else.
Please allow me some time to reply as sometimes the connection on my machine is not proper.
Thanks a lot

[andrewuk]

yes, you still have a trojan infection on your machine and i suspect others. in any event, i will need you to run the scans i requested in my prior log for me to start to remove it/them.

also, could you turn off wordwrap on your notepad please, makes the logs easier to read.

[sethji2]

GMER LOG
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-23 11:39:35
Windows 5.1.2600 Service Pack 3, v.3264
Running: gmer.exe; Driver: C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\pwdyapow.sys


---- Kernel code sections - GMER 1.0.15 ----

? C:\WINDOWS\system32\drivers\emhtks.sys The system cannot find the file specified. !

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Fastfat \Fat ED255D20

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@LoadAppInit_DLLs 1

---- EOF - GMER 1.0.15 ----



OTL.TXT LOG
OTL logfile created on: 23/05/2010 11:44:51 - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\My Downloads
Windows XP Home Edition Service Pack 3, v.3264 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,022.00 Mb Total Physical Memory | 669.00 Mb Available Physical Memory | 65.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.17 Gb Total Space | 5.90 Gb Free Space | 17.25% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LIONKING
Current User Name: Seth
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/05/23 11:40:38 | 000,016,384 | ---- | M] () -- C:\WINDOWS\Temp\vtduac.exe
PRC - [2010/05/23 10:27:52 | 000,016,384 | ---- | M] () -- C:\WINDOWS\Temp\dupuk.exe
PRC - [2010/05/23 10:26:46 | 000,011,264 | ---- | M] () -- C:\WINDOWS\Temp\gclay.exe
PRC - [2010/05/22 22:31:27 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\My Downloads\OTL.exe
PRC - [2007/12/01 00:26:26 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2004/09/07 20:42:32 | 000,225,353 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
PRC - [2004/09/07 20:38:02 | 000,389,120 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2004/09/07 20:35:10 | 000,360,521 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2004/09/07 20:32:40 | 000,086,016 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2004/09/07 20:32:04 | 000,139,264 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2003/10/29 06:36:00 | 000,024,576 | R--- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe


========== Modules (SafeList) ==========

MOD - [2010/05/22 22:31:27 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\My Downloads\OTL.exe
MOD - [2007/12/01 00:27:12 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.3264_x-ww_d751ffbf\comctl32.dll
MOD - [2007/12/01 00:23:22 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (Windows Log)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2005/10/06 21:42:30 | 000,929,280 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS)
SRV - [2004/09/07 20:42:32 | 000,225,353 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER)
SRV - [2004/09/07 20:35:10 | 000,360,521 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor)
SRV - [2004/09/07 20:32:40 | 000,086,016 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng)
SRV - [2004/09/07 20:32:04 | 000,139,264 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (asc3360pr)
DRV - [2010/04/27 17:30:10 | 000,061,440 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 11:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2008/09/24 15:59:25 | 000,029,184 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VClone.sys -- (VClone)
DRV - [2008/07/21 17:41:58 | 000,024,392 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2007/11/30 17:31:08 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2007/11/30 17:31:08 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2006/02/20 17:59:36 | 000,083,344 | R--- | M] (MCCI) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w810obex.sys -- (w810obex)
DRV - [2006/02/20 17:59:34 | 000,094,064 | R--- | M] (MCCI) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w810mdm.sys -- (w810mdm)
DRV - [2006/02/20 17:59:34 | 000,085,408 | R--- | M] (MCCI) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w810mgmt.sys -- (w810mgmt) Sony Ericsson W810 USB WMC Device Management Drivers (WDM)
DRV - [2006/02/20 17:59:32 | 000,008,336 | R--- | M] (MCCI) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w810mdfl.sys -- (w810mdfl)
DRV - [2006/02/20 17:59:28 | 000,058,288 | R--- | M] (MCCI) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w810bus.sys -- (w810bus) Sony Ericsson W810 Driver driver (WDM)
DRV - [2005/06/27 12:44:35 | 000,066,560 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x)
DRV - [2005/06/21 18:21:04 | 000,090,568 | R--- | M] (VM) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbVM31b.sys -- (ZSMC302)
DRV - [2005/05/17 18:18:21 | 000,050,176 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2005/05/16 18:50:39 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2004/11/16 20:33:52 | 000,108,791 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2004/11/16 02:07:52 | 000,264,440 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\stac97.sys -- (STAC97) Audio Driver (WDM)
DRV - [2004/10/22 01:26:04 | 003,210,496 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel®
DRV - [2004/08/31 13:23:04 | 000,011,354 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2004/08/18 19:23:54 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2004/08/12 13:14:04 | 000,234,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iwca.sys -- (IWCA)
DRV - [2004/08/04 02:59:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/03/02 21:07:50 | 000,125,184 | ---- | M] (Ahead Software AG) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\imagesrv.sys -- (imagesrv)
DRV - [2004/03/02 21:07:48 | 000,005,504 | ---- | M] (Ahead Software AG) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\imagedrv.sys -- (imagedrv)
DRV - [2004/02/13 21:16:00 | 000,017,153 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)
DRV - [2003/11/14 04:51:16 | 000,197,120 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2003/11/14 04:48:36 | 000,679,808 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/14 04:47:00 | 001,042,816 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2001/08/17 18:37:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 18:37:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 18:37:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 18:37:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 18:37:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 18:22:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 18:22:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 18:22:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 18:22:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 18:22:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 18:22:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 18:22:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 18:21:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 18:21:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 18:21:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: ""

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/17 18:17:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/17 18:17:13 | 000,000,000 | ---D | M]

[2010/04/17 18:17:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Seth\Application Data\Mozilla\Extensions
[2008/06/06 18:49:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Seth\Application Data\Mozilla\Firefox\Profiles\75wf4m2u.default\extensions
[2010/05/22 11:39:54 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/01/06 21:21:03 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2007/12/30 15:44:50 | 000,251,392 | ---- | M] (SpeedBit Ltd.) -- C:\Program Files\Mozilla Firefox\plugins\npdap.dll

O1 HOSTS File: ([2010/05/22 21:39:50 | 000,607,013 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 fr.a2dfp.net
O1 - Hosts: 127.0.0.1 m.fr.a2dfp.net
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 adserver.abv.bg
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com
O1 - Hosts: 127.0.0.1 accuserveadsystem.com
O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1 achmedia.com
O1 - Hosts: 127.0.0.1 aconti.net
O1 - Hosts: 127.0.0.1 secure.aconti.net
O1 - Hosts: 127.0.0.1 www.aconti.net #[Dialer.Aconti]
O1 - Hosts: 127.0.0.1 ads.active.com
O1 - Hosts: 127.0.0.1 am1.activemeter.com
O1 - Hosts: 127.0.0.1 www.activemeter.com #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ads.activepower.net
O1 - Hosts: 127.0.0.1 stat.active24stats.nl #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ad2games.com
O1 - Hosts: 127.0.0.1 cms.ad2click.nl
O1 - Hosts: 127.0.0.1 ads.ad2games.com
O1 - Hosts: 127.0.0.1 content.ad20.net
O1 - Hosts: 16041 more lines...
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe File not found
O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SoundMam] C:\WINDOWS\System32\SVOHOST.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: hx-1 = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1266060310562 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1199566695222 (MUWebControl Class)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\IntelWireless: DllName - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll (Intel Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 17:34:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/09/05 17:39:55 | 000,000,043 | ---- | M] () - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2006/09/08 16:02:11 | 000,002,292 | ---- | M] () - C:\autorun.PNF -- [ NTFS ]
O33 - MountPoints2\{43fb6e51-3db7-11db-8dad-0013ce2cfbad}\Shell - "" = AutoRun
O33 - MountPoints2\{43fb6e51-3db7-11db-8dad-0013ce2cfbad}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{43fb6e51-3db7-11db-8dad-0013ce2cfbad}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{5bf16e0c-9269-11db-8dbc-0015c51080b9}\Shell - "" = AutoRun
O33 - MountPoints2\{5bf16e0c-9269-11db-8dbc-0015c51080b9}\Shell\Auto\command - "" = sxs.exe
O33 - MountPoints2\{5bf16e0c-9269-11db-8dbc-0015c51080b9}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5bf16e0d-9269-11db-8dbc-0015c51080b9}\Shell - "" = AutoRun
O33 - MountPoints2\{5bf16e0d-9269-11db-8dbc-0015c51080b9}\Shell\Auto\command - "" = sxs.exe
O33 - MountPoints2\{5bf16e0d-9269-11db-8dbc-0015c51080b9}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d6c33844-ce3c-11db-8dc3-0015c51080b9}\Shell - "" = AutoRun
O33 - MountPoints2\{d6c33844-ce3c-11db-8dc3-0015c51080b9}\Shell\Auto\command - "" = E:\sxs.exe -- File not found
O33 - MountPoints2\{d6c33844-ce3c-11db-8dc3-0015c51080b9}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d784ac24-bd15-11db-8dbd-0015c51080b9}\Shell - "" = AutoRun
O33 - MountPoints2\{d784ac24-bd15-11db-8dbd-0015c51080b9}\Shell\Auto\command - "" = G:\MicrosoftPowerPoint.exe -- File not found
O33 - MountPoints2\{d784ac24-bd15-11db-8dbd-0015c51080b9}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\C\Shell\AutoRun\command - "" = C:\WINDOWS\System32\setup.exe -- [2007/12/01 00:26:48 | 000,023,040 | ---- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2004/08/10 17:22:56 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17183584330711040)

========== Files/Folders - Created Within 90 Days ==========

[2010/05/22 10:53:46 | 000,000,000 | ---D | C] -- C:\Games
[2010/05/21 20:06:30 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/05/21 20:06:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\setup.pss
[2010/05/20 22:29:00 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/05/20 22:29:00 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/05/20 22:29:00 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/05/20 22:29:00 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/05/20 22:28:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/05/20 22:28:21 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/05/20 22:00:24 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010/05/20 22:00:24 | 000,000,000 | ---D | C] -- C:\rsit
[2010/05/19 22:54:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg8
[2010/05/19 22:44:16 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/05/08 13:48:28 | 000,000,000 | ---D | C] -- C:\AV-CLS
[2010/05/07 22:27:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Seth\Application Data\Malwarebytes
[2010/05/07 22:27:08 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/05/07 22:27:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/05/07 22:27:05 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/05/07 22:27:05 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/06 21:42:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/05/06 21:41:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Seth\Application Data\SUPERAntiSpyware.com
[2010/05/06 21:41:34 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/05/03 15:14:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2010/04/18 14:27:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Seth\Local Settings\Application Data\PCHealth
[2010/04/18 14:02:42 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Defender
[2010/04/18 12:03:04 | 000,000,000 | ---D | C] -- C:\Program Files\Grisoft
[2010/04/17 19:11:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Seth\Desktop\Fixes
[2010/04/17 19:05:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Seth\My Documents\Downloads
[2010/04/02 18:13:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Real
[2010/03/07 22:21:15 | 000,000,000 | ---D | C] -- C:\USB
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/05/23 10:21:15 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/05/23 09:49:58 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/23 09:48:33 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/23 09:48:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/23 09:48:27 | 1071,935,488 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/23 09:45:14 | 008,912,896 | ---- | M] () -- C:\Documents and Settings\Seth\ntuser.dat
[2010/05/23 09:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/05/22 22:34:56 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\Seth\Desktop\Download OTL to your Desktop.doc
[2010/05/22 21:39:50 | 000,607,013 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/05/21 20:43:32 | 000,047,680 | ---- | M] () -- C:\Documents and Settings\Seth\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/05/21 20:41:51 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Seth\ntuser.ini
[2010/05/21 20:08:55 | 000,034,304 | ---- | M] () -- C:\Documents and Settings\Seth\Desktop\MS Recovery Console.doc
[2010/05/21 20:06:49 | 000,000,282 | RHS- | M] () -- C:\boot.ini
[2010/05/20 22:26:47 | 003,685,315 | ---- | M] () -- C:\Documents and Settings\Seth\Desktop\ComboFix.zip
[2010/05/20 19:56:47 | 000,546,094 | ---- | M] () -- C:\Documents and Settings\Seth\Desktop\hosts.zip
[2010/05/20 15:11:58 | 000,607,011 | ---- | M] () -- C:\Documents and Settings\Seth\Desktop\hosts
[2010/05/20 14:47:50 | 000,898,409 | ---- | M] () -- C:\Documents and Settings\Seth\Desktop\RSIT.exe
[2010/05/20 14:35:26 | 003,769,824 | R--- | M] () -- C:\Documents and Settings\Seth\Desktop\ComboFix.exe
[2010/05/19 22:50:54 | 000,000,789 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/05/19 22:50:54 | 000,000,266 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/05/19 22:44:17 | 000,001,557 | ---- | M] () -- C:\Documents and Settings\Seth\Desktop\CCleaner.lnk
[2010/05/19 22:04:17 | 002,641,126 | -H-- | M] () -- C:\Documents and Settings\Seth\Local Settings\Application Data\IconCache.db
[2010/05/19 21:11:22 | 000,000,789 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/05/15 14:08:41 | 000,004,174 | ---- | M] () -- C:\Documents and Settings\Seth\a1.t
[2010/05/15 13:38:09 | 000,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts-latest-bak
[2010/05/12 22:03:42 | 000,037,490 | ---- | M] () -- C:\Documents and Settings\Seth\Desktop\MBAM-Scan-12-may.JPG
[2010/05/08 12:48:49 | 000,053,213 | ---- | M] () -- C:\processes-dw.JPG
[2010/05/08 12:48:19 | 000,054,030 | ---- | M] () -- C:\processes-up.JPG
[2010/05/07 22:27:11 | 000,000,705 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/06 20:08:09 | 000,000,553 | ---- | M] () -- C:\Documents and Settings\Seth\Desktop\regtmcmdrestore.vbs
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010/04/17 17:22:38 | 000,479,298 | ---- | M] (Stardock.Net, Inc) -- C:\WINDOWS\System32\wbocx.ocx
[2010/04/17 17:22:38 | 000,172,032 | ---- | M] (Jin Hui E-mail: [email protected] Web: http://www.jcomsoft.com) -- C:\WINDOWS\System32\AniGIF.ocx
[2010/04/17 17:22:38 | 000,050,688 | ---- | M] (Stardock.Net, Inc) -- C:\WINDOWS\System32\wbhelp2.dll
[2010/04/17 16:26:05 | 000,000,194 | ---- | M] () -- C:\Documents and Settings\Seth\Desktop\1.html
[2010/03/01 16:54:20 | 000,015,963 | ---- | M] () -- C:\Documents and Settings\Seth\Desktop\mdh-logo.png
[2010/03/01 16:46:14 | 000,033,518 | ---- | M] () -- C:\Documents and Settings\Seth\Desktop\MHD.html
[2010/03/01 15:47:28 | 000,035,433 | ---- | M] () -- C:\Documents and Settings\Seth\Desktop\fod.html
[2010/03/01 14:32:44 | 000,032,619 | ---- | M] () -- C:\Documents and Settings\Seth\Desktop\FTT-orig.html
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/22 22:34:55 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\Seth\Desktop\Download OTL to your Desktop.doc
[2010/05/21 20:08:55 | 000,034,304 | ---- | C] () -- C:\Documents and Settings\Seth\Desktop\MS Recovery Console.doc
[2010/05/21 20:06:45 | 000,260,288 | RHS- | C] () -- C:\cmldr
[2010/05/20 22:29:00 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/05/20 22:29:00 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/05/20 22:29:00 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/05/20 22:29:00 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/05/20 22:29:00 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/05/20 22:27:36 | 003,769,824 | R--- | C] () -- C:\Documents and Settings\Seth\Desktop\ComboFix.exe
[2010/05/20 22:07:10 | 003,685,315 | ---- | C] () -- C:\Documents and Settings\Seth\Desktop\ComboFix.zip
[2010/05/20 19:57:22 | 000,898,409 | ---- | C] () -- C:\Documents and Settings\Seth\Desktop\RSIT.exe
[2010/05/20 19:57:22 | 000,607,011 | ---- | C] () -- C:\Documents and Settings\Seth\Desktop\hosts
[2010/05/20 19:56:46 | 000,546,094 | ---- | C] () -- C:\Documents and Settings\Seth\Desktop\hosts.zip
[2010/05/19 22:44:17 | 000,001,557 | ---- | C] () -- C:\Documents and Settings\Seth\Desktop\CCleaner.lnk
[2010/05/15 14:08:41 | 000,004,174 | ---- | C] () -- C:\Documents and Settings\Seth\a1.t
[2010/05/12 22:03:42 | 000,037,490 | ---- | C] () -- C:\Documents and Settings\Seth\Desktop\MBAM-Scan-12-may.JPG
[2010/05/08 12:48:49 | 000,053,213 | ---- | C] () -- C:\processes-dw.JPG
[2010/05/08 12:48:19 | 000,054,030 | ---- | C] () -- C:\processes-up.JPG
[2010/05/07 22:27:11 | 000,000,705 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/06 21:41:36 | 000,000,789 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/05/06 20:08:09 | 000,000,553 | ---- | C] () -- C:\Documents and Settings\Seth\Desktop\regtmcmdrestore.vbs
[2010/04/18 14:05:52 | 000,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/04/17 16:10:23 | 000,000,194 | ---- | C] () -- C:\Documents and Settings\Seth\Desktop\1.html
[2010/03/01 16:54:19 | 000,015,963 | ---- | C] () -- C:\Documents and Settings\Seth\Desktop\mdh-logo.png
[2010/03/01 16:46:08 | 000,033,518 | ---- | C] () -- C:\Documents and Settings\Seth\Desktop\MHD.html
[2010/03/01 15:47:28 | 000,035,433 | ---- | C] () -- C:\Documents and Settings\Seth\Desktop\fod.html
[2010/03/01 13:32:40 | 000,032,619 | ---- | C] () -- C:\Documents and Settings\Seth\Desktop\FTT-orig.html
[2010/02/13 19:05:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\mngui.INI
[2008/01/15 04:59:16 | 263,540,935 | ---- | C] () -- C:\WINDOWS\System32\flv3.sys
[2008/01/15 04:53:22 | 302,458,489 | ---- | C] () -- C:\WINDOWS\System32\flv2.sys
[2008/01/15 04:49:27 | 250,263,720 | ---- | C] () -- C:\WINDOWS\System32\flv1.sys
[2008/01/07 19:28:22 | 000,000,272 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2008/01/06 20:09:50 | 000,001,015 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/11/27 14:09:04 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\RunSetup.dll
[2006/09/08 16:14:45 | 000,000,126 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2006/09/04 20:18:03 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2006/06/05 19:35:48 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/06/02 03:40:25 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2006/06/02 03:36:32 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2006/05/30 13:15:44 | 000,000,811 | ---- | C] () -- C:\WINDOWS\AppRun.ini
[2006/02/01 18:14:34 | 000,140,288 | ---- | C] () -- C:\WINDOWS\System32\dg150.dll
[2005/12/23 18:02:30 | 000,000,032 | ---- | C] () -- C:\WINDOWS\WININIT.INI.BAK
[2005/11/24 19:41:10 | 000,000,011 | ---- | C] () -- C:\WINDOWS\OSA.INI
[2005/11/19 03:43:13 | 000,140,288 | ---- | C] () -- C:\WINDOWS\System32\dg151.dll
[2005/10/15 23:44:26 | 000,000,075 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005/10/10 22:49:39 | 000,000,941 | ---- | C] () -- C:\WINDOWS\EViews32.ini
[2005/10/01 01:31:09 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A6W.INI
[2005/09/23 20:52:22 | 000,000,636 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/09/20 08:40:58 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/09/20 08:04:24 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2005/09/20 08:03:56 | 000,000,400 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/12 13:14:10 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\iwca.dll
[2004/08/10 17:42:05 | 000,000,893 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 17:31:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[1999/01/27 18:09:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1998/04/24 03:30:00 | 000,000,218 | ---- | C] () -- C:\WINDOWS\FRONTPG.INI
[1997/06/13 21:26:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

========== LOP Check ==========

[2009/03/07 21:30:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2010/02/13 16:42:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Teleca
[2009/03/07 21:39:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Seth\Application Data\Acronis
[2010/02/13 16:43:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Seth\Application Data\Teleca
[2010/05/23 09:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2010/05/23 10:21:15 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2008/01/09 08:30:16 | 000,000,278 | ---- | M] () -- C:\1.txt
[2010/05/09 14:17:47 | 000,000,000 | ---- | M] () -- C:\AILog.txt
[2006/04/01 21:34:47 | 000,001,708 | ---- | M] () -- C:\aoedoppl.txt
[2006/04/01 21:34:51 | 000,001,480 | ---- | M] () -- C:\aoeWVlog.txt
[2004/08/10 17:34:08 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2006/09/05 17:39:55 | 000,000,043 | ---- | M] () -- C:\autorun.inf
[2006/09/08 16:02:11 | 000,002,292 | ---- | M] () -- C:\autorun.PNF
[2010/05/21 20:06:49 | 000,000,282 | RHS- | M] () -- C:\boot.ini
[2008/11/23 22:16:36 | 000,006,231 | -H-- | M] () -- C:\cache.dmx
[2008/04/14 00:02:08 | 000,260,288 | RHS- | M] () -- C:\cmldr
[2004/08/10 17:34:08 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2005/09/20 08:07:24 | 000,004,071 | RH-- | M] () -- C:\dell.sdr
[2005/08/27 17:59:30 | 000,000,856 | ---- | M] () -- C:\flashplayer.xpt
[2010/05/23 09:48:27 | 1071,935,488 | -HS- | M] () -- C:\hiberfil.sys
[2007/12/28 19:47:21 | 000,003,368 | ---- | M] () -- C:\hst.txt
[2005/12/27 01:56:12 | 000,004,312 | ---- | M] () -- C:\INFCACHE.1
[2004/08/10 17:34:08 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2006/02/18 19:57:38 | 000,000,183 | ---- | M] () -- C:\LogiSetup.log
[2004/08/10 17:34:08 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2008/04/13 22:13:04 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/04/14 00:01:44 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2006/01/31 19:30:41 | 000,001,528 | ---- | M] () -- C:\OpTime-Error-Log.txt
[2010/05/23 09:48:25 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys
[2010/05/08 12:48:49 | 000,053,213 | ---- | M] () -- C:\processes-dw.JPG
[2010/05/08 12:48:19 | 000,054,030 | ---- | M] () -- C:\processes-up.JPG
[2010/05/08 13:48:50 | 000,000,104 | ---- | M] () -- C:\processes.txt
[2008/01/06 20:09:22 | 000,000,146 | ---- | M] () -- C:\YServer.txt

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2007/12/01 00:25:44 | 000,071,680 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msacm32.dll
[7 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004/08/10 17:26:48 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/08/10 17:26:46 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/08/10 17:26:46 | 000,872,448 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /180 >
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
< End of report >

[sethji2]

OTL EXtra LOG

OTL Extras logfile created on: 23/05/2010 11:44:51 - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\My Downloads
Windows XP Home Edition Service Pack 3, v.3264 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,022.00 Mb Total Physical Memory | 669.00 Mb Available Physical Memory | 65.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.17 Gb Total Space | 5.90 Gb Free Space | 17.25% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LIONKING
Current User Name: Seth
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- %1
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\YPager.exe" = C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger -- File not found
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- (Yahoo! Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Computer, Inc.)
"C:\WINDOWS\system32\P2P Networking\P2P Networking.exe" = C:\WINDOWS\system32\P2P Networking\P2P Networking.exe:*:Enabled:P2P Networking -- File not found
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- File not found
"C:\Documents and Settings\All Users\Documents\install.exe" = C:\Documents and Settings\All Users\Documents\install.exe:*:Enabled:Microsoft Update -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\62exmodulba.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\62exmodulba.exe:*:Enabled:Microsoft Update -- File not found
"C:\Program Files\SmartFTP\SmartFTP.exe" = C:\Program Files\SmartFTP\SmartFTP.exe:*:Enabled:SmartFTP -- File not found
"C:\WINDOWS\system\smss.exe" = C:\WINDOWS\system\smss.exe:*:Enabled:Microsoft Update -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\98exmodulbg.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\98exmodulbg.exe:*:Enabled:Microsoft Update -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\66exmodulbg.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\66exmodulbg.exe:*:Enabled:Microsoft Update -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\0exmodulbg.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\0exmodulbg.exe:*:Enabled:Microsoft Update -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\11exmodulbg.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\11exmodulbg.exe:*:Enabled:Microsoft Update -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\31exmodulbh.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\31exmodulbh.exe:*:Enabled:Microsoft Update -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\58exmodulbh.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\58exmodulbh.exe:*:Enabled:Microsoft Update -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\59exmodulbh.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\59exmodulbh.exe:*:Enabled:Microsoft Update -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\85exmodulbi.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\85exmodulbi.exe:*:Enabled:Microsoft Update -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\6exmodulbi.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\6exmodulbi.exe:*:Enabled:Microsoft Update -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\55exmodulbi.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\55exmodulbi.exe:*:Enabled:Microsoft Update -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\73exmodulbi.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\73exmodulbi.exe:*:Enabled:Microsoft Update -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\33exmodulbi.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\33exmodulbi.exe:*:Enabled:Microsoft Update -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\27exmodulbi.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\27exmodulbi.exe:*:Enabled:Microsoft Update -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\22exmodulbi.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\22exmodulbi.exe:*:Enabled:Microsoft Update -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\64exmodulbi.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\64exmodulbi.exe:*:Enabled:Microsoft Update -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\21exmodulbj.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\21exmodulbj.exe:*:Enabled:Microsoft Update -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\40exmodulbj.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\40exmodulbj.exe:*:Enabled:Microsoft Update -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\68exmodulbj.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\68exmodulbj.exe:*:Enabled:Microsoft Update -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\78exmodulbj.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\78exmodulbj.exe:*:Enabled:Microsoft Update -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\54exmodulbj.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\54exmodulbj.exe:*:Enabled:Microsoft Update -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\39exmodulbj.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\39exmodulbj.exe:*:Enabled:Microsoft Update -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\8exmodulbj.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\8exmodulbj.exe:*:Enabled:Microsoft Update -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\33exmodulbk.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\33exmodulbk.exe:*:Enabled:Microsoft Update -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\39exmodulbk.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\39exmodulbk.exe:*:Enabled:Microsoft Update -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\87exmodul32.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\87exmodul32.exe:*:Enabled:Microsoft Update -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\25exmodul32.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\25exmodul32.exe:*:Enabled:Microsoft Update -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\45exmodul32.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\45exmodul32.exe:*:Enabled:Microsoft Update -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\91exmodul32.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\91exmodul32.exe:*:Enabled:Microsoft Update -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\55exmodul32.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\55exmodul32.exe:*:Enabled:Microsoft Update -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\14exmodul32.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\14exmodul32.exe:*:Enabled:Microsoft Update -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\3exmodul32.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\3exmodul32.exe:*:Enabled:Microsoft Update -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\88exmodul32.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\88exmodul32.exe:*:Enabled:Microsoft Update -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\28exmodul32.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\28exmodul32.exe:*:Enabled:Microsoft Update -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\86exmodul32.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\86exmodul32.exe:*:Enabled:Microsoft Update -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\65exmodul32.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\65exmodul32.exe:*:Enabled:Microsoft Update -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\81exmodul32.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\81exmodul32.exe:*:Enabled:Microsoft Update -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\57exmodul32.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\57exmodul32.exe:*:Enabled:Microsoft Update -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\9exmodul32.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\9exmodul32.exe:*:Enabled:Microsoft Update -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\93exmodul32.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\93exmodul32.exe:*:Enabled:Microsoft Update -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\71exmodul32.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\71exmodul32.exe:*:Enabled:Microsoft Update -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\13exmodul32.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\13exmodul32.exe:*:Enabled:Microsoft Update -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\20exmodul32.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\20exmodul32.exe:*:Enabled:Microsoft Update -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\32exmodul32.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\32exmodul32.exe:*:Enabled:Microsoft Update -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\54exmodul32.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\54exmodul32.exe:*:Enabled:Microsoft Update -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\37exmodul32.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\37exmodul32.exe:*:Enabled:Microsoft Update -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\34exmodul32.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\34exmodul32.exe:*:Enabled:Microsoft Update -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\96exmodul32.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\96exmodul32.exe:*:Enabled:Microsoft Update -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\18exmodul32.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\18exmodul32.exe:*:Enabled:Microsoft Update -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\69exmodul32.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\69exmodul32.exe:*:Enabled:Microsoft Update -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\42exmodul32.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\42exmodul32.exe:*:Enabled:Microsoft Update -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\85exmodul32.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\85exmodul32.exe:*:Enabled:Microsoft Update -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\76exmodul32.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\76exmodul32.exe:*:Enabled:Microsoft Update -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\27exmodul32.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\27exmodul32.exe:*:Enabled:Microsoft Update -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\74exmodul32.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\74exmodul32.exe:*:Enabled:Microsoft Update -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\99exmodul32.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\99exmodul32.exe:*:Enabled:Microsoft Update -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\23exmodul32.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\23exmodul32.exe:*:Enabled:Microsoft Update -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\48exmodul32.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\48exmodul32.exe:*:Enabled:Microsoft Update -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\0exmodul32.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\0exmodul32.exe:*:Enabled:Microsoft Update -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\80exmodul32.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\80exmodul32.exe:*:Enabled:Microsoft Update -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\90exmodul32.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\90exmodul32.exe:*:Enabled:Microsoft Update -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\35exmodul32.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\35exmodul32.exe:*:Enabled:Microsoft Update -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\53exmodul32.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\53exmodul32.exe:*:Enabled:Microsoft Update -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\59exmodul32.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\59exmodul32.exe:*:Enabled:Microsoft Update -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\73exmodul32.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\73exmodul32.exe:*:Enabled:Microsoft Update -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\46exmodul32.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\46exmodul32.exe:*:Enabled:Microsoft Update -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\49exmodul32.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\49exmodul32.exe:*:Enabled:Microsoft Update -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\97exmodul32.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\97exmodul32.exe:*:Enabled:Microsoft Update -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\68exmodul32.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\68exmodul32.exe:*:Enabled:Microsoft Update -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\6exmodul32.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\6exmodul32.exe:*:Enabled:Microsoft Update -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\15exmodul32.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\15exmodul32.exe:*:Enabled:Microsoft Update -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\4ex1.modul32.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\4ex1.modul32.exe:*:Enabled:Microsoft Update -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\50ex1.modul32.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\50ex1.modul32.exe:*:Enabled:Microsoft Update -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\99ex1.modul32.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\99ex1.modul32.exe:*:Enabled:Microsoft Update -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\15ex1.modul32.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\15ex1.modul32.exe:*:Enabled:Microsoft Update -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\28ex1.modul32.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\28ex1.modul32.exe:*:Enabled:Microsoft Update -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\82ex1.modul32.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\82ex1.modul32.exe:*:Enabled:Microsoft Update -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\38ex1.modul32.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\38ex1.modul32.exe:*:Enabled:Microsoft Update -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\63ex1.modul32.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\63ex1.modul32.exe:*:Enabled:Microsoft Update -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\64ex1.modul32.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\64ex1.modul32.exe:*:Enabled:Microsoft Update -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\24ex1.modul32.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\24ex1.modul32.exe:*:Enabled:Microsoft Update -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\91ex1.modul32.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\91ex1.modul32.exe:*:Enabled:Microsoft Update -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\68ex1.modul32.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\68ex1.modul32.exe:*:Enabled:Microsoft Update -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\75ex1.modul32.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\75ex1.modul32.exe:*:Enabled:Microsoft Update -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\54ex1.modul32.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\54ex1.modul32.exe:*:Enabled:Microsoft Update -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\19ex1.modul32.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\19ex1.modul32.exe:*:Enabled:Microsoft Update -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\89ex1.modul32.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\89ex1.modul32.exe:*:Enabled:Microsoft Update -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\66ex3.modul32.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\66ex3.modul32.exe:*:Enabled:Microsoft Update -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\16ex3.modul32.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\16ex3.modul32.exe:*:Enabled:Microsoft Update -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\42ex3.modul32.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\42ex3.modul32.exe:*:Enabled:Microsoft Update -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\73ex3.modul32.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\73ex3.modul32.exe:*:Enabled:Microsoft Update -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\65ex3.modul32.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\65ex3.modul32.exe:*:Enabled:Microsoft Update -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\68ex6.modul32.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\68ex6.modul32.exe:*:Enabled:Microsoft Update -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\88ex6.modul32.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\88ex6.modul32.exe:*:Enabled:Microsoft Update -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\39ex7.modul32.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\39ex7.modul32.exe:*:Enabled:Microsoft Update -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\45ex8.modul32.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\45ex8.modul32.exe:*:Enabled:Microsoft Update -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\33ex10.modul32.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\33ex10.modul32.exe:*:Enabled:Microsoft Update -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\17exinjs.3.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\17exinjs.3.exe:*:Enabled:Microsoft Update -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\56exinjs.8.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\56exinjs.8.exe:*:Enabled:Microsoft Update -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\37exinjs.8.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\37exinjs.8.exe:*:Enabled:Microsoft Update -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\20exinjs.8.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\20exinjs.8.exe:*:Enabled:Microsoft Update -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\37exinjs.e.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\37exinjs.e.exe:*:Enabled:Microsoft Update -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\29exinjs.e.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\29exinjs.e.exe:*:Enabled:Microsoft Update -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\93exinjs.l.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\93exinjs.l.exe:*:Enabled:Microsoft Update -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\44exinjs.m.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\44exinjs.m.exe:*:Enabled:Microsoft Update -- File not found
"C:\AV-CLS\WGET.EXE" = C:\AV-CLS\WGET.EXE:*:Enabled:WGET.EXE -- File not found
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- File not found
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found
"C:\Program Files\Microsoft Games\Age of Empires II\empires2.EXE" = C:\Program Files\Microsoft Games\Age of Empires II\empires2.EXE:*:Enabled:Age of Empires II -- (Microsoft Corporation)
"C:\Documents and Settings\Seth\Local Settings\Temp\7zS1.tmp\SymNRT.exe" = C:\Documents and Settings\Seth\Local Settings\Temp\7zS1.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool -- File not found
"G:\uckb.pif" = G:\uckb.pif:*:Enabled:ipsec -- File not found
"C:\WINDOWS\Explorer.EXE" = C:\WINDOWS\Explorer.EXE:*:Enabled:ipsec -- (Microsoft Corporation)
"C:\Program Files\Real\RealPlayer\RealPlay.exe" = C:\Program Files\Real\RealPlayer\RealPlay.exe:*:Enabled:ipsec -- (RealNetworks, Inc.)
"C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe" = C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe:*:Enabled:ipsec -- (Intel Corporation)
"C:\WINDOWS\TEMP\windekm.exe" = C:\WINDOWS\TEMP\windekm.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\winmcvs.exe" = C:\WINDOWS\TEMP\winmcvs.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\winraext.exe" = C:\WINDOWS\TEMP\winraext.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\jqnco.exe" = C:\WINDOWS\TEMP\jqnco.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\winthvbuq.exe" = C:\WINDOWS\TEMP\winthvbuq.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\eakq.exe" = C:\WINDOWS\TEMP\eakq.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\winvdol.exe" = C:\WINDOWS\TEMP\winvdol.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\bcbgm.exe" = C:\WINDOWS\TEMP\bcbgm.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\winlufv.exe" = C:\WINDOWS\TEMP\winlufv.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\winxpvdin.exe" = C:\WINDOWS\TEMP\winxpvdin.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\winbmdgmh.exe" = C:\WINDOWS\TEMP\winbmdgmh.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\winwkskxj.exe" = C:\WINDOWS\TEMP\winwkskxj.exe:*:Enabled:ipsec -- File not found
"C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe" = C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe:*:Enabled:ipsec -- (Teleca Software Solutions AB)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:ipsec -- (Mozilla Corporation)
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\winxqghk.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\winxqghk.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\rdee.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\rdee.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\qyxayo.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\qyxayo.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\nwhd.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\nwhd.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\winhlup.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\winhlup.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\winhpew.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\winhpew.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\winnmqmm.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\winnmqmm.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\winwvyi.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\winwvyi.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\nyyhmd.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\nyyhmd.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\wingvjsl.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\wingvjsl.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\tdqdpo.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\tdqdpo.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\winywcdnw.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\winywcdnw.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\ropo.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\ropo.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\winxrwb.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\winxrwb.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\winmynkkx.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\winmynkkx.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\aabowh.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\aabowh.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\xxvyo.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\xxvyo.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\tjyivk.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\tjyivk.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\vlma.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\vlma.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\wincircb.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\wincircb.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\jphu.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\jphu.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\enyua.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\enyua.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\yxvti.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\yxvti.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\wincofe.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\wincofe.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\winmmmevt.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\winmmmevt.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\wincskt.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\wincskt.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\yopp.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\yopp.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\winkoaxm.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\winkoaxm.exe:*:Enabled:ipsec -- File not found
"C:\AV-CLS\KIX32.EXE" = C:\AV-CLS\KIX32.EXE:*:Enabled:ipsec -- (Ruud van Velsen (Microsoft))
"C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" = C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe:*:Enabled:ipsec -- (Sony Ericsson Mobile Communications AB)
"C:\WINDOWS\TEMP\qlyqo.exe" = C:\WINDOWS\TEMP\qlyqo.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\jgiy.exe" = C:\WINDOWS\TEMP\jgiy.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\winctkj.exe" = C:\WINDOWS\TEMP\winctkj.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\ircq.exe" = C:\WINDOWS\TEMP\ircq.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\ygjx.exe" = C:\WINDOWS\TEMP\ygjx.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\winneqvr.exe" = C:\WINDOWS\TEMP\winneqvr.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\wintrmkmx.exe" = C:\WINDOWS\TEMP\wintrmkmx.exe:*:Enabled:ipsec -- File not found
"C:\PROGRA~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE" = C:\PROGRA~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\winhvikj.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\winhvikj.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\qniiql.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\qniiql.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\winwxhe.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\winwxhe.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\winaotxf.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\winaotxf.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\winejuw.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\winejuw.exe:*:Enabled:ipsec -- File not found
"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" = C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe:*:Enabled:ipsec -- (InstallShield Software Corporation)
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\winkijvx.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\winkijvx.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\jufe.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\jufe.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\winxtcmte.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\winxtcmte.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\oaemj.exe" = C:\WINDOWS\TEMP\oaemj.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\nfyba.exe" = C:\WINDOWS\TEMP\nfyba.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\wingicv.exe" = C:\WINDOWS\TEMP\wingicv.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\cofkyc.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\cofkyc.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\winpmcr.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\winpmcr.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\iqwsmq.exe" = C:\WINDOWS\TEMP\iqwsmq.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\wingdqow.exe" = C:\WINDOWS\TEMP\wingdqow.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\erkqww.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\erkqww.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\mvfqp.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\mvfqp.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\winrvkcc.exe" = C:\WINDOWS\TEMP\winrvkcc.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\winfwtegn.exe" = C:\WINDOWS\TEMP\winfwtegn.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\winyqync.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\winyqync.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\voiye.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\voiye.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\qimth.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\qimth.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\winaddxsi.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\winaddxsi.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\tqyk.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\tqyk.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\winyafju.exe" = C:\WINDOWS\TEMP\winyafju.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\winjxxc.exe" = C:\WINDOWS\TEMP\winjxxc.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\johmx.exe" = C:\WINDOWS\TEMP\johmx.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\winrmgb.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\winrmgb.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\winlstd.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\winlstd.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\wintqocv.exe" = C:\WINDOWS\TEMP\wintqocv.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\gxcjq.exe" = C:\WINDOWS\TEMP\gxcjq.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\fedsx.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\fedsx.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\winwxkdmk.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\winwxkdmk.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\dgcam.exe" = C:\WINDOWS\TEMP\dgcam.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\llguk.exe" = C:\WINDOWS\TEMP\llguk.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\winhsjn.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\winhsjn.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\fjyrej.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\fjyrej.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\winunqh.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\winunqh.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\winpkhsu.exe" = C:\WINDOWS\TEMP\winpkhsu.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\mttrsn.exe" = C:\DOCUME~1\SHOBHI~1\LOCALS~1\Temp\mttrsn.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\apoph.exe" = C:\WINDOWS\TEMP\apoph.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\winjuib.exe" = C:\WINDOWS\TEMP\winjuib.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\winnacj.exe" = C:\WINDOWS\TEMP\winnacj.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\winstho.exe" = C:\WINDOWS\TEMP\winstho.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\winpachva.exe" = C:\WINDOWS\TEMP\winpachva.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\vnmx.exe" = C:\WINDOWS\TEMP\vnmx.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\pdjqsj.exe" = C:\WINDOWS\TEMP\pdjqsj.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\wingvqx.exe" = C:\WINDOWS\TEMP\wingvqx.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\bxlidq.exe" = C:\WINDOWS\TEMP\bxlidq.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\winsylcd.exe" = C:\WINDOWS\TEMP\winsylcd.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\ogfx.exe" = C:\WINDOWS\TEMP\ogfx.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\abjp.exe" = C:\WINDOWS\TEMP\abjp.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\winplvec.exe" = C:\WINDOWS\TEMP\winplvec.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\winpkbot.exe" = C:\WINDOWS\TEMP\winpkbot.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\winlnijy.exe" = C:\WINDOWS\TEMP\winlnijy.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\lkevqf.exe" = C:\WINDOWS\TEMP\lkevqf.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\winmxkyq.exe" = C:\WINDOWS\TEMP\winmxkyq.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\windjisv.exe" = C:\WINDOWS\TEMP\windjisv.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\chmlq.exe" = C:\WINDOWS\TEMP\chmlq.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\qirwk.exe" = C:\WINDOWS\TEMP\qirwk.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\voydp.exe" = C:\WINDOWS\TEMP\voydp.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\winfughoq.exe" = C:\WINDOWS\TEMP\winfughoq.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\winawirye.exe" = C:\WINDOWS\TEMP\winawirye.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\ykbv.exe" = C:\WINDOWS\TEMP\ykbv.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\rypyr.exe" = C:\WINDOWS\TEMP\rypyr.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\hogsn.exe" = C:\WINDOWS\TEMP\hogsn.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\nmcyv.exe" = C:\WINDOWS\TEMP\nmcyv.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\winokhcm.exe" = C:\WINDOWS\TEMP\winokhcm.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\winobtgb.exe" = C:\WINDOWS\TEMP\winobtgb.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\winnoarr.exe" = C:\WINDOWS\TEMP\winnoarr.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\winolewe.exe" = C:\WINDOWS\TEMP\winolewe.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\windeblu.exe" = C:\WINDOWS\TEMP\windeblu.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\hlbfpd.exe" = C:\WINDOWS\TEMP\hlbfpd.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\wincdexxm.exe" = C:\WINDOWS\TEMP\wincdexxm.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\winxokgwp.exe" = C:\WINDOWS\TEMP\winxokgwp.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\owbfo.exe" = C:\WINDOWS\TEMP\owbfo.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\windpck.exe" = C:\WINDOWS\TEMP\windpck.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\winhnosj.exe" = C:\WINDOWS\TEMP\winhnosj.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\tuohs.exe" = C:\WINDOWS\TEMP\tuohs.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\winyymh.exe" = C:\WINDOWS\TEMP\winyymh.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\uclj.exe" = C:\WINDOWS\TEMP\uclj.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\gclay.exe" = C:\WINDOWS\TEMP\gclay.exe:*:Enabled:ipsec -- ()
"C:\WINDOWS\TEMP\dupuk.exe" = C:\WINDOWS\TEMP\dupuk.exe:*:Enabled:ipsec -- ()
"C:\WINDOWS\TEMP\winxgugj.exe" = C:\WINDOWS\TEMP\winxgugj.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\iilr.exe" = C:\WINDOWS\TEMP\iilr.exe:*:Enabled:ipsec -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{0CD7D421-C850-4271-8533-0269A3D39FAA}" = Safari
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{16906D21-0656-4F8B-9A01-C3D24B5401FC}" = Intel® PROSet for Wired Connections
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F528948-0E80-4C96-B455-DE4167CB1DF7}" = Internal Network Card Power Management
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4360BB46-507E-4361-8DCB-4FF9BDC9907B}" = SnagIt 7
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.5
"{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}" = mCore
"{6E65247F-58F9-41CA-BE69-0316F7907170}" = Disc2Phone
"{6FFFE74E-3FBD-4E2E-97F9-5E9A2A077626}" = mIWCA
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78F4DFCE-1336-4027-BCB2-1A00C24A8653}" = iTunes
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 3.81
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C5ADA65A-7828-4D85-B071-ECC52B51F794}" = Sony Ericsson PC Suite 1.20.173
"{CA9BAADB-C262-4E05-B2E2-CEE8CE9809EC}" = mToolkit
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F3666943-0411-41D1-8015-8B572B6E91A7}" = SyncToy 2.0 Beta
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"Age of Empires 2.0" = Microsoft Age of Empires II
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D480 MDC V.9x Modem
"Crimson Editor" = Crimson Editor (remove only)
"GMailFS" = GMail Drive Shell Extension
"Google Desktop" = Google Desktop
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{78F4DFCE-1336-4027-BCB2-1A00C24A8653}" = iTunes
"LiveUpdate" = LiveUpdate 2.7 (Symantec Corporation)
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Picasa2" = Picasa 2
"ProInst" = Intel® PROSet/Wireless Software
"PROSet" = Intel® PRO Network Adapters and Drivers
"RealPlayer 6.0" = RealPlayer
"ShockwaveFlash" = Macromedia Flash Player 8
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 0.9.8a
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMCSetup" = Windows Media Connect
"Yahoo! Messenger" = Yahoo! Messenger

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 06/05/2010 10:40:53 | Computer Name = LIONKING | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 06/05/2010 10:41:15 | Computer Name = LIONKING | Source = crypt32 | ID = 131075
Description = Failed auto update retrieval of third-party root list cab from: <http://www.download....uthrootstl.cab>
with error: This operation returned because the timeout period expired.

Error - 07/05/2010 09:52:50 | Computer Name = LIONKING | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 1.1.1593.0,
P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL, P10 NIL.

Error - 07/05/2010 13:24:01 | Computer Name = LIONKING | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.3264, faulting
module , version 0.0.0.0, fault address 0x00000000.

Error - 08/05/2010 05:15:15 | Computer Name = LIONKING | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.3264, faulting
module , version 0.0.0.0, fault address 0x00000000.

Error - 11/05/2010 05:43:26 | Computer Name = LIONKING | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 1.1.1593.0,
P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL, P10 NIL.

Error - 15/05/2010 03:19:22 | Computer Name = LIONKING | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80240016, P2 begininstall, P3 install, P4
1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL,
P10 NIL.

Error - 19/05/2010 12:56:22 | Computer Name = LIONKING | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 1.1.1593.0,
P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL, P10 NIL.

Error - 20/05/2010 11:24:04 | Computer Name = LIONKING | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80240016, P2 begininstall, P3 install, P4
1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL,
P10 NIL.

Error - 23/05/2010 00:51:13 | Computer Name = LIONKING | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 1.1.1593.0,
P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL, P10 NIL.

[ System Events ]
Error - 22/05/2010 01:09:18 | Computer Name = LIONKING | Source = DCOM | ID = 10001
Description = Unable to start a DCOM Server: {58FC39EB-9DBD-4EA7-B7B4-9404CC6ACFAB}
as /. The error: "%2" Happened while starting this command: C:\PROGRA~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE
-s -Embedding

Error - 22/05/2010 02:52:21 | Computer Name = LIONKING | Source = DCOM | ID = 10001
Description = Unable to start a DCOM Server: {58FC39EB-9DBD-4EA7-B7B4-9404CC6ACFAB}
as /. The error: "%2" Happened while starting this command: C:\PROGRA~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE
-s -Embedding

Error - 22/05/2010 12:07:49 | Computer Name = LIONKING | Source = DCOM | ID = 10001
Description = Unable to start a DCOM Server: {58FC39EB-9DBD-4EA7-B7B4-9404CC6ACFAB}
as /. The error: "%2" Happened while starting this command: C:\PROGRA~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE
-s -Embedding

Error - 22/05/2010 12:16:14 | Computer Name = LIONKING | Source = DCOM | ID = 10001
Description = Unable to start a DCOM Server: {58FC39EB-9DBD-4EA7-B7B4-9404CC6ACFAB}
as /. The error: "%2" Happened while starting this command: C:\PROGRA~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE
-s -Embedding

Error - 22/05/2010 12:54:19 | Computer Name = LIONKING | Source = DCOM | ID = 10001
Description = Unable to start a DCOM Server: {58FC39EB-9DBD-4EA7-B7B4-9404CC6ACFAB}
as /. The error: "%2" Happened while starting this command: C:\PROGRA~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE
-s -Embedding

Error - 22/05/2010 23:30:00 | Computer Name = LIONKING | Source = Schedule | ID = 7901
Description = The At1.job command failed to start due to the following error: %%2147942405

Error - 23/05/2010 00:18:33 | Computer Name = LIONKING | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Launch
permission for the COM Server application with CLSID {DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B}

to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be
modified using the Component Services administrative tool.

Error - 23/05/2010 00:18:37 | Computer Name = LIONKING | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Launch
permission for the COM Server application with CLSID {DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B}

to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be
modified using the Component Services administrative tool.

Error - 23/05/2010 00:37:41 | Computer Name = LIONKING | Source = DCOM | ID = 10001
Description = Unable to start a DCOM Server: {58FC39EB-9DBD-4EA7-B7B4-9404CC6ACFAB}
as /. The error: "%2" Happened while starting this command: C:\PROGRA~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE
-s -Embedding

Error - 23/05/2010 00:51:18 | Computer Name = LIONKING | Source = DCOM | ID = 10001
Description = Unable to start a DCOM Server: {58FC39EB-9DBD-4EA7-B7B4-9404CC6ACFAB}
as /. The error: "%2" Happened while starting this command: C:\PROGRA~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE
-s -Embedding


< End of report >

[sethji2]

Hello Andrew,

I've posted GMER and OTL logs as above. please let me know how to proceed further.

Thanks for your help.

[andrewuk]

delete any versions of combofix you have on your machine and then please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.


also:

We will run OTL , but go for a shortened log.

• Close all windows and open it by double clicking on the icon
• we are targetting a selective output, hence:
  • on the left hand side, in the box titled "Processes" select none
  • on the left hand side, in the box titled "Drivers" select none
  • on the left hand side, in the box titled "Extra Registry" select none
  • on the right hand side, in the box titled "Files created within" select none
  • on the right hand side, in the box titled "Files modified within" select none
  • >>>> so, you should only have "Services", "Standard Registry" and "Modules" selected for Use Safelist
  • tick both the boxes marked Purity check and Lop check
• Click Run Scan and let the program run uninterrupted
• It will produce one log for you called OTL.txt. Please post that log here in reply.
• You may need to use two posts to get it all on the forum

andrewuk

[sethji2]

Here is the ComboFix Log

ComboFix 10-05-23.07 - Seth 24/05/2010 19:47:18.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.516 [GMT 5.5:30]
Running from: c:\documents and settings\Seth\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
c:\documents and settings\All Users\documents\setup.exe
c:\documents and settings\Seth\Application Data\DAXAINET.LIB
c:\windows\system32\spool\drivers\setup.exe
c:\windows\system32\system
c:\windows\system32\system\cache.dmx
c:\windows\system32\system\Tmp\Babar\Advent.ppt
c:\windows\system32\system\Tmp\Babar\americasfunniest.WMV
c:\windows\system32\system\Tmp\Babar\english_course.doc
c:\windows\system32\system\Tmp\Babar\fwd_fwd_new.zip
c:\windows\system32\system\Tmp\Babar\LJ.3gp
c:\windows\system32\system\Tmp\Babar\oy[1].ppt
c:\windows\system32\system\Tmp\Babar\ta.3gp
c:\windows\system32\system\Tmp\Babar\abi.3gp
c:\windows\system32\system\Tmp\Babar\a_1_.3gp
c:\windows\system32\system\Tmp\Babar\Thumbs.db
c:\windows\system32\system\Tmp\cache.dmx
c:\windows\system32\system\Tmp\CV.doc
c:\windows\system32\system\Tmp\CV.pdf
c:\windows\system32\system\Tmp\VIDEO_RM\VIDEO_RM.BUP
c:\windows\system32\system\Tmp\VIDEO_RM\VIDEO_RM.DAT
c:\windows\system32\system\Tmp\VIDEO_RM\VIDEO_RM.IFO
c:\windows\system32\system\Tmp\VIDEO_TS\VIDEO_TS.BUP
c:\windows\system32\system\Tmp\VIDEO_TS\VIDEO_TS.IFO
c:\windows\system32\system\Tmp\VIDEO_TS\VIDEO_TS.VOB
c:\windows\system32\system\Tmp\VIDEO_TS\VTS_01_0.BUP
c:\windows\system32\system\Tmp\VIDEO_TS\VTS_01_0.IFO
c:\windows\system32\system\Tmp\VIDEO_TS\VTS_01_1.VOB
c:\windows\system32\system\Tmp\VIDEO_TS\VTS_01_2.VOB

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ASC3360PR
-------\Legacy_WINDOWS_LOG
-------\Service_asc3360pr
-------\Service_Windows Log


((((((((((((((((((((((((( Files Created from 2010-04-24 to 2010-05-24 )))))))))))))))))))))))))))))))
.

2010-05-22 05:23 . 2010-05-23 08:18 -------- d-----w- C:\Games
2010-05-21 15:13 . 2010-05-21 15:13 47680 ----a-w- c:\documents and settings\Seth\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-20 16:30 . 2010-05-20 16:31 -------- d-----w- C:\rsit
2010-05-20 16:30 . 2010-05-20 16:30 -------- d-----w- c:\program files\trend micro
2010-05-19 17:24 . 2010-05-20 14:20 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2010-05-19 17:14 . 2010-05-19 17:14 -------- d-----w- c:\program files\CCleaner
2010-05-15 07:19 . 2010-05-12 05:51 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-12 16:26 . 2010-05-21 15:01 63488 ----a-w- c:\documents and settings\Seth\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-05-08 08:18 . 2010-05-19 18:03 -------- d-----w- C:\AV-CLS
2010-05-07 16:57 . 2010-05-07 16:57 -------- d-----w- c:\documents and settings\Seth\Application Data\Malwarebytes
2010-05-07 16:57 . 2010-04-29 10:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-07 16:57 . 2010-05-07 16:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-05-07 16:57 . 2010-05-07 16:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-07 16:57 . 2010-04-29 10:09 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-06 16:12 . 2010-05-06 16:12 52224 ----a-w- c:\documents and settings\Seth\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-05-06 16:12 . 2010-05-21 15:01 117760 ----a-w- c:\documents and settings\Seth\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-05-06 16:12 . 2010-05-06 16:12 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-05-06 16:11 . 2010-05-19 15:41 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-05-06 16:11 . 2010-05-06 16:11 -------- d-----w- c:\documents and settings\Seth\Application Data\SUPERAntiSpyware.com
2010-05-03 09:44 . 2010-05-03 09:44 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-23 04:18 . 2005-10-15 15:29 -------- d-----w- c:\program files\DAP
2010-05-19 18:01 . 2005-09-20 02:33 233472 ----a-w- c:\windows\system32\igfxtray.exe
2010-05-08 06:20 . 2005-09-20 03:03 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-05-08 06:20 . 2005-09-20 03:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-05-07 17:28 . 2005-09-23 15:57 -------- d-----w- c:\program files\ConTEXT
2010-05-07 17:27 . 2009-03-07 14:04 -------- d-----w- c:\program files\Common Files\Acronis
2010-05-07 13:38 . 2008-05-01 16:27 -------- d-----w- c:\documents and settings\Seth\Application Data\U3
2010-05-06 16:10 . 2008-01-11 21:32 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-04-18 08:32 . 2010-04-18 08:32 -------- d-----w- c:\program files\Windows Defender
2010-04-17 14:30 . 2010-04-02 12:43 517640 ----a-w- c:\documents and settings\Seth\Application Data\Real\Update\setup3.10\setup.exe
2010-04-17 11:52 . 2005-10-15 15:29 50688 ----a-w- c:\windows\system32\wbhelp2.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2007-11-30 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-9-20 24576]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 09:51 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 15:08 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2007-05-10 21:36 113776 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2004-09-13 15:33 237568 ----a-w- c:\program files\Apoint\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDogPath]
2005-06-21 12:51 40960 ----a-w- c:\windows\VM_STI.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2005-02-23 15:19 122880 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2006-02-21 21:45 235520 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22 3817472 ----a-w- c:\program files\Google\Google Talk\googletalk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2005-09-16 06:43 344064 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2007-11-30 18:56 1777152 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
2005-04-14 14:56 2027520 ------w- c:\program files\Ahead\Nero BackItUp\NBJ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2005-10-26 10:47 237568 ----a-r- c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-04-27 11:57 2090224 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2008-01-06 16:50 259624 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
2008-06-29 22:01 52168 ----a-w- c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2006-11-03 13:50 936216 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
2007-08-30 12:13 4740336 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\empires2.EXE"=
"c:\\Program Files\\Real\\RealPlayer\\RealPlay.exe"=
"c:\\Program Files\\Intel\\Wireless\\Bin\\ZcfgSvc.exe"=
"c:\\WINDOWS\\system32\\igfxtray.exe"=
"c:\\Program Files\\Common Files\\Teleca Shared\\CapabilityManager.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Common Files\\Microsoft Shared\\VS7Debug\\mdm.exe"=
"c:\\AV-CLS\\KIX32.EXE"=
"c:\\Program Files\\Sony Ericsson\\Mobile2\\Application Launcher\\Application Launcher.exe"=
"c:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [4/27/2010 5:30 PM 61440]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S3 ZSMC302;VIMICRO USB PC Camera;c:\windows\system32\drivers\usbVM31b.sys [11/27/2006 2:00 PM 90568]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - ASC3360PR
.
Contents of the 'Scheduled Tasks' folder

2010-05-24 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 13:50]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
TCP: {DD3F5A96-5755-40F1-8AAD-7494C67541F0} = 202.56.230.5 202.56.230.6
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Seth\Application Data\Mozilla\Firefox\Profiles\75wf4m2u.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage -
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJPI142_03.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdap.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr
ef", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
HKLM-Run-ISUSPM Startup - c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe
HKU-Default-Run-DWQueuedReporting - c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe
MSConfigStartUp-AVG7_CC - c:\progra~1\Grisoft\AVG7\avgcc.exe
MSConfigStartUp-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe
MSConfigStartUp-DMXLauncher - c:\program files\Dell\Media Experience\DMXLauncher.exe
MSConfigStartUp-DownloadAccelerator - c:\program files\DAP\DAP.EXE
MSConfigStartUp-Friendly Installer - c:\progra~1\AIRTEL\AIRTEL~1\FWINST~1.EXE
MSConfigStartUp-ISUSPM Startup - c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe
MSConfigStartUp-LDM - c:\program files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
MSConfigStartUp-LogitechSoftwareUpdate - c:\program files\Logitech\Video\ManifestEngine.exe
MSConfigStartUp-LogitechVideoRepair - c:\program files\Logitech\Video\ISStart.exe
MSConfigStartUp-LogitechVideoTray - c:\program files\Logitech\Video\LogiTray.exe
MSConfigStartUp-NAV CfgWiz - c:\program files\Norton AntiVirus\CfgWiz.exe
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\qttask.exe
MSConfigStartUp-Skype - c:\program files\Skype\Phone\Skype.exe
MSConfigStartUp-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
MSConfigStartUp-VoiFi - c:\program files\VoiFi\VoiFi.exe
AddRemove-LiveUpdate - c:\program files\Symantec\LiveUpdate\LSETUP.EXE



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-24 19:55
Windows 5.1.2600 Service Pack 3, v.3264 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-834742326-2049410627-1130335356-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(772)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\program files\Intel\Wireless\Bin\LgNotify.dll

- - - - - - - > 'explorer.exe'(1336)
c:\windows\system32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKeeper.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Intel\Wireless\Bin\ZcfgSvc.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-05-24 20:01:41 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-24 14:31

Pre-Run: 5,613,195,264 bytes free
Post-Run: 5,445,541,888 bytes free

- - End Of File - - 1144065C6E6D89450CD0C0F2FB82C5E4

And Here is the OTL Log

OTL logfile created on: 24/05/2010 20:09:20 - Run 2
OTL by OldTimer - Version 3.2.5.0 Folder = C:\My Downloads
Windows XP Home Edition Service Pack 3, v.3264 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,022.00 Mb Total Physical Memory | 673.00 Mb Available Physical Memory | 66.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.17 Gb Total Space | 5.11 Gb Free Space | 14.94% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LIONKING
Current User Name: Seth
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Modules (SafeList) ==========

MOD - [2010/05/22 22:31:27 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\My Downloads\OTL.exe
MOD - [2007/12/01 00:27:12 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.3264_x-ww_d751ffbf\comctl32.dll
MOD - [2007/12/01 00:23:22 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2005/10/06 21:42:30 | 000,929,280 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS)
SRV - [2004/09/07 20:42:32 | 000,225,353 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER)
SRV - [2004/09/07 20:35:10 | 000,360,521 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor)
SRV - [2004/09/07 20:32:40 | 000,086,016 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng)
SRV - [2004/09/07 20:32:04 | 000,139,264 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: ""

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/17 18:17:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/17 18:17:13 | 000,000,000 | ---D | M]

[2010/04/17 18:17:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Seth\Application Data\Mozilla\Extensions
[2008/06/06 18:49:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Seth\Application Data\Mozilla\Firefox\Profiles\75wf4m2u.default\extensions
[2010/05/23 12:14:19 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/01/06 21:21:03 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2007/12/30 15:44:50 | 000,251,392 | ---- | M] (SpeedBit Ltd.) -- C:\Program Files\Mozilla Firefox\plugins\npdap.dll

O1 HOSTS File: ([2010/05/24 19:55:41 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1266060310562 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1199566695222 (MUWebControl Class)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\IntelWireless: DllName - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 17:34:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/09/08 16:02:11 | 000,002,292 | ---- | M] () - C:\autorun.PNF -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== LOP Check ==========

[2009/03/07 21:30:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2010/02/13 16:42:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Teleca
[2009/03/07 21:39:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Seth\Application Data\Acronis
[2010/02/13 16:43:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Seth\Application Data\Teleca
[2010/05/24 19:58:16 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========


< End of report >

[sethji2]

Hi Andrew,

I've posted the OTL and Combofix logs.

Just to notify you, even after Combofix, the TaskMgr is still closing automatically.
Let me know how would you like me to proceed.
Thanks,

[andrewuk]

i am guessing you no longer have an antivirus program on your machine since you took off that version of AVG?

also, is this your ISP or company?
Bharti Airtel Limited,
Class A ISP in INDIA,
234 OKHLA PHASE III,
NEW DELHI,
INDIA.


====STEP 1====
1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Registry::
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=-
"DisableRegistryTools"=-
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}"=-
"{C4069E3A-68F1-403E-B40E-20066696354B}"=-
"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}"=-
"{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}"=-

Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.




====STEP 2====
We will run OTL , but go for a shortened log.

• Close all windows and open it by double clicking on the icon
• we are targetting a selective output, hence:
  • on the left hand side, in the box titled "Processes" select none
  • on the left hand side, in the box titled "Drivers" select none
  • on the left hand side, in the box titled "Extra Registry" select none
  • on the right hand side, in the box titled "Files created within" select none
  • on the right hand side, in the box titled "Files modified within" select none
  • >>>> so, you should only have "Services", "Standard Registry" and "Modules" selected for Use Safelist
  • tick both the boxes marked Purity check and Lop check
• Click Run Scan and let the program run uninterrupted
• It will produce one log for you called OTL.txt. Please post that log here in reply.
• You may need to use two posts to get it all on the forum

In your next reply could i see:
1. the answer to the top to questions
2. the combofix log
3. the OTL log

The text from these files may exceed the maximum post length for this forum. Hence, you may need to post the information over 2 or more posts.

andrewuk

[sethji2]

OTL Log:

OTL logfile created on: 25/05/2010 20:58:01 - Run 3
OTL by OldTimer - Version 3.2.5.0 Folder = C:\My Downloads
Windows XP Home Edition Service Pack 3, v.3264 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,022.00 Mb Total Physical Memory | 612.00 Mb Available Physical Memory | 60.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.17 Gb Total Space | 4.30 Gb Free Space | 12.59% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LIONKING
Current User Name: Seth
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Modules (SafeList) ==========

MOD - [2010/05/22 22:31:27 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\My Downloads\OTL.exe
MOD - [2007/12/01 00:27:12 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.3264_x-ww_d751ffbf\comctl32.dll
MOD - [2007/12/01 00:23:22 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2005/10/06 21:42:30 | 000,929,280 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS)
SRV - [2004/09/07 20:42:32 | 000,225,353 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER)
SRV - [2004/09/07 20:35:10 | 000,360,521 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor)
SRV - [2004/09/07 20:32:40 | 000,086,016 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng)
SRV - [2004/09/07 20:32:04 | 000,139,264 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: ""

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/17 18:17:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/17 18:17:13 | 000,000,000 | ---D | M]

[2010/04/17 18:17:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Seth\Application Data\Mozilla\Extensions
[2008/06/06 18:49:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Seth\Application Data\Mozilla\Firefox\Profiles\75wf4m2u.default\extensions
[2010/05/24 20:21:31 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/01/06 21:21:03 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2007/12/30 15:44:50 | 000,251,392 | ---- | M] (SpeedBit Ltd.) -- C:\Program Files\Mozilla Firefox\plugins\npdap.dll

O1 HOSTS File: ([2010/05/25 20:43:14 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1266060310562 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1199566695222 (MUWebControl Class)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\IntelWireless: DllName - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 17:34:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/09/08 16:02:11 | 000,002,292 | ---- | M] () - C:\autorun.PNF -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== LOP Check ==========

[2009/03/07 21:30:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2010/02/13 16:42:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Teleca
[2009/03/07 21:39:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Seth\Application Data\Acronis
[2010/02/13 16:43:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Seth\Application Data\Teleca
[2010/05/25 20:44:17 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========


< End of report >
==================================

Combofix Log:

ComboFix 10-05-24.07 - Seth 25/05/2010 20:33:04.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.628 [GMT 5.5:30]
Running from: c:\documents and settings\Seth\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Seth\Desktop\CFScript.txt
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ASC3360PR


((((((((((((((((((((((((( Files Created from 2010-04-25 to 2010-05-25 )))))))))))))))))))))))))))))))
.

2010-05-22 05:23 . 2010-05-23 08:18 -------- d-----w- C:\Games
2010-05-21 15:13 . 2010-05-21 15:13 47680 ----a-w- c:\documents and settings\Seth\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-20 16:30 . 2010-05-20 16:31 -------- d-----w- C:\rsit
2010-05-20 16:30 . 2010-05-20 16:30 -------- d-----w- c:\program files\trend micro
2010-05-19 17:24 . 2010-05-20 14:20 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2010-05-19 17:14 . 2010-05-19 17:14 -------- d-----w- c:\program files\CCleaner
2010-05-15 07:19 . 2010-05-12 05:51 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-12 16:26 . 2010-05-21 15:01 63488 ----a-w- c:\documents and settings\Seth\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-05-08 08:18 . 2010-05-19 18:03 -------- d-----w- C:\AV-CLS
2010-05-07 16:57 . 2010-05-07 16:57 -------- d-----w- c:\documents and settings\Seth\Application Data\Malwarebytes
2010-05-07 16:57 . 2010-04-29 10:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-07 16:57 . 2010-05-07 16:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-05-07 16:57 . 2010-05-07 16:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-07 16:57 . 2010-04-29 10:09 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-06 16:12 . 2010-05-06 16:12 52224 ----a-w- c:\documents and settings\Seth\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-05-06 16:12 . 2010-05-21 15:01 117760 ----a-w- c:\documents and settings\Seth\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-05-06 16:12 . 2010-05-06 16:12 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-05-06 16:11 . 2010-05-19 15:41 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-05-06 16:11 . 2010-05-06 16:11 -------- d-----w- c:\documents and settings\Seth\Application Data\SUPERAntiSpyware.com
2010-05-03 09:44 . 2010-05-03 09:44 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-23 04:18 . 2005-10-15 15:29 -------- d-----w- c:\program files\DAP
2010-05-19 18:01 . 2005-09-20 02:33 233472 ----a-w- c:\windows\system32\igfxtray.exe
2010-05-08 06:20 . 2005-09-20 03:03 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-05-08 06:20 . 2005-09-20 03:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-05-07 17:28 . 2005-09-23 15:57 -------- d-----w- c:\program files\ConTEXT
2010-05-07 17:27 . 2009-03-07 14:04 -------- d-----w- c:\program files\Common Files\Acronis
2010-05-07 13:38 . 2008-05-01 16:27 -------- d-----w- c:\documents and settings\Seth\Application Data\U3
2010-05-06 16:10 . 2008-01-11 21:32 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-04-18 08:32 . 2010-04-18 08:32 -------- d-----w- c:\program files\Windows Defender
2010-04-17 14:30 . 2010-04-02 12:43 517640 ----a-w- c:\documents and settings\Seth\Application Data\Real\Update\setup3.10\setup.exe
2010-04-17 11:52 . 2005-10-15 15:29 50688 ----a-w- c:\windows\system32\wbhelp2.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2007-11-30 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-9-20 24576]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 09:51 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 15:08 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2007-05-10 21:36 113776 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2004-09-13 15:33 237568 ----a-w- c:\program files\Apoint\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDogPath]
2005-06-21 12:51 40960 ----a-w- c:\windows\VM_STI.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2005-02-23 15:19 122880 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2006-02-21 21:45 235520 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22 3817472 ----a-w- c:\program files\Google\Google Talk\googletalk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2005-09-16 06:43 344064 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2007-11-30 18:56 1777152 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
2005-04-14 14:56 2027520 ------w- c:\program files\Ahead\Nero BackItUp\NBJ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2005-10-26 10:47 237568 ----a-r- c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-04-27 11:57 2090224 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2008-01-06 16:50 259624 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
2008-06-29 22:01 52168 ----a-w- c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2006-11-03 13:50 936216 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
2007-08-30 12:13 4740336 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\empires2.EXE"=
"c:\\Program Files\\Real\\RealPlayer\\RealPlay.exe"=
"c:\\Program Files\\Intel\\Wireless\\Bin\\ZcfgSvc.exe"=
"c:\\WINDOWS\\system32\\igfxtray.exe"=
"c:\\Program Files\\Common Files\\Teleca Shared\\CapabilityManager.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Common Files\\Microsoft Shared\\VS7Debug\\mdm.exe"=
"c:\\AV-CLS\\KIX32.EXE"=
"c:\\Program Files\\Sony Ericsson\\Mobile2\\Application Launcher\\Application Launcher.exe"=
"c:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [4/27/2010 5:30 PM 61440]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R3 asc3360pr;asc3360pr;\??\c:\windows\system32\drivers\emhtks.sys --> c:\windows\system32\drivers\emhtks.sys [?]
S3 ZSMC302;VIMICRO USB PC Camera;c:\windows\system32\drivers\usbVM31b.sys [11/27/2006 2:00 PM 90568]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - ASC3360PR
.
Contents of the 'Scheduled Tasks' folder

2010-05-25 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 13:50]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
TCP: {DD3F5A96-5755-40F1-8AAD-7494C67541F0} = 202.56.230.5 202.56.230.6
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Seth\Application Data\Mozilla\Firefox\Profiles\75wf4m2u.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage -
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJPI142_03.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdap.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr
ef", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-25 20:43
Windows 5.1.2600 Service Pack 3, v.3264 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-834742326-2049410627-1130335356-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(764)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\program files\Intel\Wireless\Bin\LgNotify.dll

- - - - - - - > 'explorer.exe'(1620)
c:\windows\system32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKeeper.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Intel\Wireless\Bin\ZcfgSvc.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-05-25 20:48:44 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-25 15:18

Pre-Run: 4,763,914,240 bytes free
Post-Run: 4,609,560,576 bytes free

- - End Of File - - 9047AF976FCFE187A26DCBF7CE61E31C

[sethji2]

To answer your questions:

No Antivirus is running on my PC

Airtel is an ISP

Logs are included in above post..

[andrewuk]

this may prove to be a tricky infection to shift. try this first, though i suspect we will be deploying other tools:

====STEP 1====
1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KillAll::

Rootkit::
c:\windows\system32\drivers\emhtks.sys

Driver::
asc3360pr

Registry::
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=-
"DisableRegistryTools"=-

Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.




====STEP 2====
We will run OTL , but go for a shortened log.

• Close all windows and open it by double clicking on the icon
• we are targetting a selective output, hence:
  • on the left hand side, in the box titled "Processes" select none
  • on the left hand side, in the box titled "Drivers" select none
  • on the left hand side, in the box titled "Extra Registry" select none
  • on the right hand side, in the box titled "Files created within" select none
  • on the right hand side, in the box titled "Files modified within" select none
  • >>>> so, you should only have "Services", "Standard Registry" and "Modules" selected for Use Safelist
  • tick both the boxes marked Purity check and Lop check
• Click Run Scan and let the program run uninterrupted
• It will produce one log for you called OTL.txt. Please post that log here in reply.
• You may need to use two posts to get it all on the forum

In your next reply could i see:
1. the combofix log
2. the OTL log

The text from these files may exceed the maximum post length for this forum. Hence, you may need to post the information over 2 or more posts.

andrewuk

[sethji2]

Here is the ComboFix Log:

ComboFix 10-05-27.03 - Seth 28/05/2010 20:14:18.4.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.656 [GMT 5.5:30]
Running from: c:\documents and settings\Seth\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Seth\Desktop\CFScript.txt
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ASC3360PR
-------\Service_asc3360pr
-------\Legacy_ASC3360PR


((((((((((((((((((((((((( Files Created from 2010-04-28 to 2010-05-28 )))))))))))))))))))))))))))))))
.

2010-05-22 05:23 . 2010-05-23 08:18 -------- d-----w- C:\Games
2010-05-21 15:13 . 2010-05-21 15:13 47680 ----a-w- c:\documents and settings\Seth\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-20 16:30 . 2010-05-20 16:31 -------- d-----w- C:\rsit
2010-05-20 16:30 . 2010-05-20 16:30 -------- d-----w- c:\program files\trend micro
2010-05-19 17:24 . 2010-05-20 14:20 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2010-05-19 17:14 . 2010-05-19 17:14 -------- d-----w- c:\program files\CCleaner
2010-05-15 07:19 . 2010-05-12 05:51 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-08 08:18 . 2010-05-19 18:03 -------- d-----w- C:\AV-CLS
2010-05-07 16:57 . 2010-05-07 16:57 -------- d-----w- c:\documents and settings\Seth\Application Data\Malwarebytes
2010-05-07 16:57 . 2010-04-29 10:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-07 16:57 . 2010-05-07 16:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-05-07 16:57 . 2010-05-07 16:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-07 16:57 . 2010-04-29 10:09 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-06 16:12 . 2010-05-06 16:12 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-05-06 16:11 . 2010-05-19 15:41 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-05-06 16:11 . 2010-05-06 16:11 -------- d-----w- c:\documents and settings\Seth\Application Data\SUPERAntiSpyware.com
2010-05-03 09:44 . 2010-05-03 09:44 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-23 04:18 . 2005-10-15 15:29 -------- d-----w- c:\program files\DAP
2010-05-21 15:01 . 2010-05-12 16:26 63488 ----a-w- c:\documents and settings\Seth\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-05-21 15:01 . 2010-05-06 16:12 117760 ----a-w- c:\documents and settings\Seth\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-05-19 18:01 . 2005-09-20 02:33 233472 ----a-w- c:\windows\system32\igfxtray.exe
2010-05-08 06:20 . 2005-09-20 03:03 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-05-08 06:20 . 2005-09-20 03:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-05-07 17:28 . 2005-09-23 15:57 -------- d-----w- c:\program files\ConTEXT
2010-05-07 17:27 . 2009-03-07 14:04 -------- d-----w- c:\program files\Common Files\Acronis
2010-05-07 13:38 . 2008-05-01 16:27 -------- d-----w- c:\documents and settings\Seth\Application Data\U3
2010-05-06 16:12 . 2010-05-06 16:12 52224 ----a-w- c:\documents and settings\Seth\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-05-06 16:10 . 2008-01-11 21:32 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-04-18 08:32 . 2010-04-18 08:32 -------- d-----w- c:\program files\Windows Defender
2010-04-17 14:30 . 2010-04-02 12:43 517640 ----a-w- c:\documents and settings\Seth\Application Data\Real\Update\setup3.10\setup.exe
2010-04-17 11:52 . 2005-10-15 15:29 50688 ----a-w- c:\windows\system32\wbhelp2.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2007-11-30 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-9-20 24576]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 09:51 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 15:08 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2007-05-10 21:36 113776 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2004-09-13 15:33 237568 ----a-w- c:\program files\Apoint\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDogPath]
2005-06-21 12:51 40960 ----a-w- c:\windows\VM_STI.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2005-02-23 15:19 122880 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2006-02-21 21:45 235520 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22 3817472 ----a-w- c:\program files\Google\Google Talk\googletalk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2005-09-16 06:43 344064 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2007-11-30 18:56 1777152 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
2005-04-14 14:56 2027520 ------w- c:\program files\Ahead\Nero BackItUp\NBJ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2005-10-26 10:47 237568 ----a-r- c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-04-27 11:57 2090224 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2008-01-06 16:50 259624 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
2008-06-29 22:01 52168 ----a-w- c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2006-11-03 13:50 936216 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
2007-08-30 12:13 4740336 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\empires2.EXE"=
"c:\\Program Files\\Real\\RealPlayer\\RealPlay.exe"=
"c:\\Program Files\\Intel\\Wireless\\Bin\\ZcfgSvc.exe"=
"c:\\WINDOWS\\system32\\igfxtray.exe"=
"c:\\Program Files\\Common Files\\Teleca Shared\\CapabilityManager.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Common Files\\Microsoft Shared\\VS7Debug\\mdm.exe"=
"c:\\AV-CLS\\KIX32.EXE"=
"c:\\Program Files\\Sony Ericsson\\Mobile2\\Application Launcher\\Application Launcher.exe"=
"c:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe"=
"c:\\WINDOWS\\system32\\wscntfy.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [4/27/2010 5:30 PM 61440]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R3 asc3360pr;asc3360pr;\??\c:\windows\system32\drivers\emhtks.sys --> c:\windows\system32\drivers\emhtks.sys [?]
S3 ZSMC302;VIMICRO USB PC Camera;c:\windows\system32\drivers\usbVM31b.sys [11/27/2006 2:00 PM 90568]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - ASC3360PR
.
Contents of the 'Scheduled Tasks' folder

2010-05-28 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 13:50]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
TCP: {DD3F5A96-5755-40F1-8AAD-7494C67541F0} = 202.56.230.5 202.56.230.6
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Seth\Application Data\Mozilla\Firefox\Profiles\75wf4m2u.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage -
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJPI142_03.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdap.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr
ef", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-28 20:22
Windows 5.1.2600 Service Pack 3, v.3264 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-834742326-2049410627-1130335356-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(772)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\program files\Intel\Wireless\Bin\LgNotify.dll

- - - - - - - > 'explorer.exe'(3716)
c:\windows\system32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKeeper.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Intel\Wireless\Bin\ZcfgSvc.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-05-28 20:28:26 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-28 14:58
ComboFix2.txt 2010-05-25 15:18

Pre-Run: 4,412,362,752 bytes free
Post-Run: 4,239,192,064 bytes free

- - End Of File - - C696D4DFC1244057A622DFC77BF5B6C1


Here is the OTL Log:

OTL logfile created on: 28/05/2010 20:31:00 - Run 4
OTL by OldTimer - Version 3.2.5.0 Folder = C:\My Downloads
Windows XP Home Edition Service Pack 3, v.3264 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,022.00 Mb Total Physical Memory | 677.00 Mb Available Physical Memory | 66.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.17 Gb Total Space | 3.97 Gb Free Space | 11.62% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LIONKING
Current User Name: Seth
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Modules (SafeList) ==========

MOD - [2010/05/22 22:31:27 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\My Downloads\OTL.exe
MOD - [2007/12/01 00:27:12 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.3264_x-ww_d751ffbf\comctl32.dll
MOD - [2007/12/01 00:23:22 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2005/10/06 21:42:30 | 000,929,280 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS)
SRV - [2004/09/07 20:42:32 | 000,225,353 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER)
SRV - [2004/09/07 20:35:10 | 000,360,521 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor)
SRV - [2004/09/07 20:32:40 | 000,086,016 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng)
SRV - [2004/09/07 20:32:04 | 000,139,264 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: ""

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/17 18:17:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/17 18:17:13 | 000,000,000 | ---D | M]

[2010/04/17 18:17:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Seth\Application Data\Mozilla\Extensions
[2008/06/06 18:49:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Seth\Application Data\Mozilla\Firefox\Profiles\75wf4m2u.default\extensions
[2010/05/24 20:21:31 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/01/06 21:21:03 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2007/12/30 15:44:50 | 000,251,392 | ---- | M] (SpeedBit Ltd.) -- C:\Program Files\Mozilla Firefox\plugins\npdap.dll

O1 HOSTS File: ([2010/05/28 20:22:24 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1266060310562 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1199566695222 (MUWebControl Class)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\IntelWireless: DllName - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 17:34:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/09/08 16:02:11 | 000,002,292 | ---- | M] () - C:\autorun.PNF -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== LOP Check ==========

[2009/03/07 21:30:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2010/02/13 16:42:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Teleca
[2009/03/07 21:39:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Seth\Application Data\Acronis
[2010/02/13 16:43:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Seth\Application Data\Teleca
[2010/05/28 20:25:21 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========


< End of report >