Author Topic: PAGE REDIRECT VIRUS??? (Read 11338 times)

paries669 · « **on:** February 08, 2010, 10:38:05 PM »

I keep getting redirected when I'm on internet explorer when using yahoo or google engines. I have AOL installed also and there seems to be no problem with that browser only ie Explorer I've ran a system restore that did not fix it and I have run Malbytes and Mcaffe. Mcaffe is what ive been using for two years ,but I had my settings off while playing a video game (reduce lag) and forgot to turn it all back on and went web surfing and POW contracted this virus that i dont know the name to and cant seem to get rid of. I have also run hijack this I read it another thread somewhere and tried a few other things. If anyone can help I would greatly appreciate it.

Dr Jay · « **Reply #1 on:** February 09, 2010, 07:42:31 AM »

Please visit this webpage for a tutorial on downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

See the area: Using ComboFix, and when done, post the log back here.

paries669 · « **Reply #2 on:** February 09, 2010, 10:18:35 PM »

Sorry it took so long to post I got called into work here is the log for combofix

[Saving space, attachment deleted by admin]

Dr Jay · « **Reply #3 on:** February 10, 2010, 08:06:59 AM »

Hi again. Please do these steps in order.

1. Please download TFC by OldTimer to your desktop

Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
It will close all programs when run, so make sure you have saved all your work before you begin.
Click the Start
button to begin the process. Depending on how often you clean temp
files, execution time should be anywhere from a few seconds to a minute
or two. Let it run uninterrupted to completion.
Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

2.

Please download Malwarebytes Anti-Malware from Malwarebytes.org.
Alternate link: BleepingComputer.com.
(Note: if you already have the program installed, just follow the directions. No need to re-download or re-install!)

Double Click mbam-setup.exe to install the application.

(Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as instructed below!)

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Full Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
Please save the log to a location you will remember.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

3. Please visit this webpage for instructions for downloading and running SUPERAntiSpyware (SAS) to scan and remove malware from your computer:

http://www.bleepingcomputer.com/virus-removal/how-to-use-superantispyware-tutorial

Post the log from SUPERAntiSpyware when you've accomplished that.

4. Please run a free online scan with the ESET Online Scanner

Tick the box next to YES, I accept the Terms of Use
Click Start
When asked, allow the ActiveX control to install
Click Start
Make sure that the options Remove found threats and the option Scan unwanted applications is checked
Click Scan (This scan can take several hours, so please be patient)
Once the scan is completed, you may close the window
Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic

5. Post the following in your next reply:

MBAM log
SAS log
ESET log

And, please tell me how your computer is doing.

paries669 · « **Reply #4 on:** February 10, 2010, 11:24:41 AM »

Sup man, I Scanned my comp with everything that was asked and Internet Explorer is still acting up

, on yahoo and google I haven't tried any other engines justs cause I think it will be more of the same. I get my results on a search from the engines and I still get redirected, but if I hit the back button a couple times to get back to my search page results and click on the exact same result then I can go the page I want. The problem doesnt seem as bad as some other people that I read about cause I can download and my speed is fine, but I am locked out of WINDOWS DEFENDER and can't access it either

[Saving space, attachment deleted by admin]

Dr Jay · « **Reply #5 on:** February 10, 2010, 08:33:36 PM »

Download [color="#FF0000"]OTL.exe[/color][/url] by OldTimer to your Desktop.

Close all windows and double click OTL.exe.
Click Run Scan and let the program run uninterrupted.
It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
You may need to use two posts to get it all.

paries669 · « **Reply #6 on:** February 10, 2010, 11:06:33 PM »

Thanks man here is the log
-----------------------------------
OTL logfile created on: 2/11/2010 12:58:09 AM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Users\J-BIRD\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18865)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

765.00 Mb Total Physical Memory | 335.00 Mb Available Physical Memory | 44.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 48.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 155.78 Gb Free Space | 66.89% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 968.50 Mb Total Space | 936.09 Mb Free Space | 96.65% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: J-BIRD-PC
Current User Name: J-BIRD
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/02/11 00:56:44 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\J-BIRD\Desktop\OTL.exe
PRC - [2010/01/11 15:21:52 | 000,246,504 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe
PRC - [2009/10/29 06:54:44 | 001,218,008 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2009/10/27 11:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2009/09/16 09:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2009/09/16 08:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/07/09 23:26:20 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2009/07/08 10:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 18:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009/05/22 16:30:56 | 000,080,384 | ---- | M] () -- C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
PRC - [2009/04/11 01:28:08 | 000,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/30 03:25:26 | 043,010,392 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
PRC - [2008/11/06 06:42:59 | 000,054,568 | ---- | M] (AOL, LLC.) -- C:\Program Files\AOL 9.1\shellmon.exe
PRC - [2008/11/06 06:42:59 | 000,039,208 | ---- | M] (AOL, LLC.) -- C:\Program Files\AOL 9.1\waol.exe
PRC - [2008/07/10 02:49:44 | 000,098,840 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008/06/03 02:33:18 | 000,684,032 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\Ati2evxx.exe
PRC - [2008/01/18 22:33:42 | 000,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFHost.exe
PRC - [2008/01/18 22:33:40 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2007/12/06 17:12:58 | 000,095,528 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
PRC - [2007/12/06 17:12:44 | 001,029,416 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2007/07/27 11:49:42 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\stacsv.exe
PRC - [2007/07/27 11:48:28 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\Windows\sttray.exe
PRC - [2007/05/25 12:16:08 | 000,042,032 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\aol\1253746154\ee\aolsoftware.exe
PRC - [2006/10/23 07:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\aol\acs\AOLacsd.exe

========== Modules (SafeList) ==========

MOD - [2010/02/11 00:56:44 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\J-BIRD\Desktop\OTL.exe
MOD - [2009/04/11 01:28:21 | 002,241,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msi.dll
MOD - [2009/04/11 01:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/18 22:36:26 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sfc_os.dll
MOD - [2006/11/02 04:46:13 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sfc.dll
MOD - [2006/11/02 04:46:07 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msiltcfg.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (URRB)
SRV - File not found [On_Demand | Stopped] -- -- (NZSCXJXN)
SRV - File not found [On_Demand | Stopped] -- -- (KEA)
SRV - [2009/10/27 11:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/10/20 13:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2009/09/24 20:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/09/16 10:23:32 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/09/16 09:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/09/16 08:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/07/09 23:26:20 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2009/07/08 10:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 18:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2009/05/22 16:30:56 | 000,080,384 | ---- | M] () [Auto | Running] -- C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe -- (NvtlService)
SRV - [2009/03/30 03:25:26 | 043,010,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS)
SRV - [2009/03/30 03:23:32 | 000,254,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2009/03/30 03:23:24 | 000,366,936 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE -- (SQLAgent$SQLEXPRESS) SQL Server Agent (SQLEXPRESS)
SRV - [2008/07/10 19:28:04 | 000,047,128 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE -- (MSSQLServerADHelper100)
SRV - [2008/07/10 02:49:44 | 000,098,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008/06/03 02:33:18 | 000,684,032 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\Windows\System32\Ati2evxx.exe -- (Ati External Event Utility)
SRV - [2008/01/18 22:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/07/27 11:49:42 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv.exe -- (STacSV)
SRV - [2006/11/02 07:35:29 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2006/10/23 07:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
SRV - [2003/07/28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

========== Driver Services (SafeList) ==========

DRV - [2010/01/10 00:40:46 | 000,023,456 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DrvAgent32.sys -- (DrvAgent32)
DRV - [2010/01/05 07:56:06 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Running] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/01/05 07:56:04 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/01/05 07:56:02 | 000,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/12/20 10:53:32 | 000,234,016 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009/10/20 13:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2009/09/16 09:22:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/09/16 09:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/09/16 09:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 09:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/09/16 09:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/07/16 11:32:26 | 000,130,424 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\Mpfp.sys -- (MPFP)
DRV - [2009/06/10 04:52:58 | 000,347,648 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8187B.sys -- (RTL8187B)
DRV - [2009/05/22 16:31:44 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2009/05/15 13:34:30 | 000,174,720 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwvmser2.sys -- (NWVMPort2)
DRV - [2009/05/15 13:34:30 | 000,174,720 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwvmser.sys -- (NWVMPort)
DRV - [2009/05/15 13:34:30 | 000,174,720 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwvmmdm.sys -- (NWVMModem)
DRV - [2009/03/30 03:09:28 | 000,239,336 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0103.sys -- (RsFx0103)
DRV - [2009/03/26 07:00:02 | 000,064,000 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTSTOR.sys -- (RTSTOR)
DRV - [2008/06/03 05:22:56 | 003,695,104 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/02/29 10:13:48 | 000,028,944 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2007/12/06 17:12:48 | 000,196,400 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2007/07/27 11:50:22 | 000,329,728 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/05/23 16:37:40 | 000,011,776 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2006/11/29 17:24:57 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2006/11/02 04:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 04:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 04:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 04:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 04:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 04:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 04:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 04:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 04:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 04:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 04:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 04:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 04:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 04:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 04:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 04:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 04:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 04:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 04:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 04:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 04:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 03:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 03:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 03:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 02:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 02:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006/11/02 01:37:21 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)
DRV - [2005/03/21 11:00:24 | 000,004,096 | ---- | M] (SuperAdBlocker.com) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\sabprocenum.sys -- (SABProcEnum)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

O1 HOSTS File: ([2010/02/08 21:59:38 | 000,378,514 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1   www.007guard.com
O1 - Hosts: 127.0.0.1   007guard.com
O1 - Hosts: 127.0.0.1   008i.com
O1 - Hosts: 127.0.0.1   www.008k.com
O1 - Hosts: 127.0.0.1   008k.com
O1 - Hosts: 127.0.0.1   www.00hq.com
O1 - Hosts: 127.0.0.1   00hq.com
O1 - Hosts: 127.0.0.1   010402.com
O1 - Hosts: 127.0.0.1   www.032439.com
O1 - Hosts: 127.0.0.1   032439.com
O1 - Hosts: 127.0.0.1   www.0scan.com
O1 - Hosts: 127.0.0.1   0scan.com
O1 - Hosts: 127.0.0.1   www.1000gratisproben.com
O1 - Hosts: 127.0.0.1   1000gratisproben.com
O1 - Hosts: 127.0.0.1   www.1001namen.com
O1 - Hosts: 127.0.0.1   1001namen.com
O1 - Hosts: 127.0.0.1   www.100888290cs.com
O1 - Hosts: 127.0.0.1   100888290cs.com
O1 - Hosts: 127.0.0.1   www.100sexlinks.com
O1 - Hosts: 127.0.0.1   100sexlinks.com
O1 - Hosts: 127.0.0.1   10sek.com
O1 - Hosts: 127.0.0.1   www.10sek.com
O1 - Hosts: 127.0.0.1   1-2005-search.com
O1 - Hosts: 13045 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AOL Toolbar Loader) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Windows\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [AOL Fast Start] C:\Program Files\AOL 9.1\AOL.EXE (AOL, LLC.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKLM\..Trusted Domains: 63 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: 64 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 192.168.1.254
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Users\J-BIRD\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\J-BIRD\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/02/11 00:56:41 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Users\J-BIRD\Desktop\OTL.exe
[2010/02/10 11:44:22 | 000,000,000 | ---D | C] -- C:\Users\J-BIRD\AppData\Roaming\SUPERAntiSpyware.com
[2010/02/10 11:43:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/02/10 10:37:13 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/02/10 10:18:36 | 000,439,808 | ---- | C] (OldTimer Tools) -- C:\Users\J-BIRD\Desktop\TFC.exe
[2010/02/10 00:01:47 | 000,000,000 | ---D | C] -- C:\Users\J-BIRD\AppData\Local\temp
[2010/02/09 23:59:56 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/02/09 23:29:31 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/02/09 01:16:39 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/02/09 01:16:20 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/02/09 01:14:37 | 000,000,000 | ---D | C] -- C:\Program Files\MetaStream
[2010/02/09 01:14:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Viewpoint
[2010/02/08 23:43:39 | 000,000,000 | ---D | C] -- C:\Users\J-BIRD\Documents\RegRun2
[2010/02/08 23:08:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2010/02/08 22:20:45 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/02/08 21:18:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/02/08 20:28:30 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/02/08 20:28:30 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/02/08 20:28:30 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/02/08 20:28:19 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/02/08 20:20:54 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/02/08 15:22:13 | 000,000,000 | ---D | C] -- C:\Users\J-BIRD\AppData\Roaming\Malwarebytes
[2010/02/08 15:22:05 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/02/08 15:22:03 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/02/08 15:22:03 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/02/08 15:22:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/02/08 13:45:20 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2010/02/03 11:34:01 | 000,000,000 | ---D | C] -- C:\Users\J-BIRD\AppData\Roaming\mIRC
[2010/02/03 11:34:00 | 000,000,000 | ---D | C] -- C:\Program Files\mIRC
[2010/02/03 01:57:17 | 000,000,000 | ---D | C] -- C:\Fraps
[2010/02/02 19:32:18 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2010/02/02 19:29:52 | 000,000,000 | ---D | C] -- C:\ProgramData\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/02/02 19:25:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010/02/02 19:18:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/02/02 18:46:56 | 000,000,000 | ---D | C] -- C:\Users\J-BIRD\Documents\ACC
[2010/01/27 17:24:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/01/27 17:24:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/01/27 17:23:41 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/01/27 17:23:41 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/01/27 17:23:41 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/01/19 19:43:01 | 000,000,000 | ---D | C] -- C:\Program Files\iCall
[2010/01/16 09:09:46 | 000,000,000 | ---D | C] -- C:\Program Files\TeamSpeak 3 Client
[2010/01/15 16:49:14 | 000,000,000 | ---D | C] -- C:\Users\J-BIRD\AppData\Local\Apps
[2010/01/15 14:24:49 | 000,000,000 | ---D | C] -- C:\Users\J-BIRD\AppData\Roaming\TS3Client
[2010/01/12 03:02:37 | 000,092,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SQSRVRES.DLL

========== Files - Modified Within 30 Days ==========

[2010/02/11 00:59:59 | 006,553,600 | -HS- | M] () -- C:\Users\J-BIRD\ntuser.dat
[2010/02/11 00:56:44 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\J-BIRD\Desktop\OTL.exe
[2010/02/11 00:38:38 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/02/11 00:38:38 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/02/10 23:31:28 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{7B7886CB-F69B-46D3-802C-6198EA461B1C}.job
[2010/02/10 21:57:13 | 000,000,345 | ---- | M] () -- C:\Windows\win.ini
[2010/02/10 16:38:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/02/10 11:44:25 | 000,000,862 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/02/10 10:24:35 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/02/10 10:24:17 | 801,271,808 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/10 10:22:54 | 000,005,506 | ---- | M] () -- C:\Windows\System32\Config.MPF
[2010/02/10 10:22:46 | 000,065,536 | -HS- | M] () -- C:\Users\J-BIRD\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/02/10 10:22:45 | 000,524,288 | -HS- | M] () -- C:\Users\J-BIRD\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/02/10 10:18:47 | 000,439,808 | ---- | M] (OldTimer Tools) -- C:\Users\J-BIRD\Desktop\TFC.exe
[2010/02/10 09:34:00 | 002,564,811 | -H-- | M] () -- C:\Users\J-BIRD\AppData\Local\IconCache.db
[2010/02/09 23:53:34 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/02/08 23:44:12 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010/02/08 23:44:12 | 000,001,688 | ---- | M] () -- C:\Windows\System32\autoexec.nt
[2010/02/08 23:44:12 | 000,000,002 | RHS- | M] () -- C:\Windows\winstart.bat
[2010/02/08 23:13:58 | 000,000,262 | ---- | M] () -- C:\Windows\System32\.crusader
[2010/02/08 22:20:45 | 000,001,834 | ---- | M] () -- C:\Users\J-BIRD\Desktop\HijackThis.lnk
[2010/02/08 21:59:38 | 000,378,514 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/02/08 15:22:08 | 000,000,778 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/03 11:34:01 | 000,000,708 | ---- | M] () -- C:\Users\Public\Desktop\mIRC.lnk
[2010/02/03 02:23:16 | 000,007,680 | ---- | M] () -- C:\Users\J-BIRD\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/03 01:57:18 | 000,000,514 | ---- | M] () -- C:\Users\J-BIRD\Desktop\Fraps.lnk
[2010/02/02 21:00:33 | 000,782,796 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/02/02 21:00:33 | 000,660,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/02/02 21:00:33 | 000,125,752 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/02/01 01:16:33 | 000,000,320 | ---- | M] () -- C:\Windows\tasks\McQcTask.job
[2010/01/30 19:13:24 | 000,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/01/20 10:17:37 | 000,000,760 | ---- | M] () -- C:\Users\J-BIRD\Desktop\iCall Internet Phone.lnk
[2010/01/16 09:09:53 | 000,000,959 | ---- | M] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2010/01/14 11:12:06 | 000,181,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe

========== Files Created - No Company Name ==========

[2010/02/10 11:44:25 | 000,000,862 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/02/09 23:17:19 | 801,271,808 | -HS- | C] () -- C:\hiberfil.sys
[2010/02/08 23:44:12 | 000,000,002 | RHS- | C] () -- C:\Windows\winstart.bat
[2010/02/08 23:13:58 | 000,000,262 | ---- | C] () -- C:\Windows\System32\.crusader
[2010/02/08 22:20:45 | 000,001,834 | ---- | C] () -- C:\Users\J-BIRD\Desktop\HijackThis.lnk
[2010/02/08 20:28:30 | 000,261,632 | ---- | C] () -- C:\Windows\PEV.exe
[2010/02/08 20:28:30 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/02/08 20:28:30 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/02/08 20:28:30 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/02/08 20:28:30 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/02/08 15:22:08 | 000,000,778 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/03 11:34:01 | 000,000,708 | ---- | C] () -- C:\Users\Public\Desktop\mIRC.lnk
[2010/02/03 01:57:18 | 000,000,514 | ---- | C] () -- C:\Users\J-BIRD\Desktop\Fraps.lnk
[2010/01/30 19:13:24 | 000,001,887 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/01/27 13:11:38 | 000,000,424 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{7B7886CB-F69B-46D3-802C-6198EA461B1C}.job
[2010/01/20 10:17:37 | 000,000,760 | ---- | C] () -- C:\Users\J-BIRD\Desktop\iCall Internet Phone.lnk
[2010/01/16 09:09:53 | 000,000,959 | ---- | C] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2010/01/10 02:10:31 | 000,000,031 | ---- | C] () -- C:\Windows\MCDB.ini
[2010/01/10 02:09:57 | 000,000,045 | ---- | C] () -- C:\Windows\System32\DVDCD.dll
[2010/01/04 00:22:30 | 000,000,067 | ---- | C] () -- C:\Windows\Dll2Lib.INI
[2009/12/23 12:03:20 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/12/22 18:16:28 | 000,000,120 | ---- | C] () -- C:\Users\J-BIRD\AppData\Local\Abakebicitaqun.dat
[2009/12/22 18:16:28 | 000,000,000 | ---- | C] () -- C:\Users\J-BIRD\AppData\Local\Mzagezipahalaf.bin
[2009/12/03 09:27:28 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/11/12 12:12:54 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009/10/26 01:20:07 | 000,007,680 | ---- | C] () -- C:\Users\J-BIRD\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/20 13:19:30 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2009/09/17 16:37:57 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/12 22:00:38 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2009/09/12 17:39:56 | 000,000,680 | ---- | C] () -- C:\Users\J-BIRD\AppData\Local\d3d9caps.dat
[2008/06/03 02:35:18 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
< End of report >

paries669 · « **Reply #7 on:** February 10, 2010, 11:09:04 PM »

AND here i s the extra
--------------------------------------------
OTL Extras logfile created on: 2/11/2010 12:58:10 AM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Users\J-BIRD\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18865)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

765.00 Mb Total Physical Memory | 335.00 Mb Available Physical Memory | 44.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 48.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 155.78 Gb Free Space | 66.89% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 968.50 Mb Total Space | 936.09 Mb Free Space | 96.65% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: J-BIRD-PC
Current User Name: J-BIRD
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "c:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-4169688170-2307295415-4118402380-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\iCall\iCall.exe" = C:\Program Files\iCall\iCall.exe:*:Enabled:iCall -- ()

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2B325D0D-C5FF-4D28-9230-DF1E38B965DC}" = protocol=6 | dir=in | app=c:\program files\aol 9.1\waol.exe |
"{32AD559C-71E7-4E08-9384-FB256703CC2C}" = protocol=17 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{54D38820-B0F8-4764-8430-483C1C2B3004}" = protocol=6 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"{59C8ED16-5BB7-4B03-9B86-F0206C25647E}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{67852468-EAF9-4965-B808-184739D7E366}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{6D5BB9FE-CAC9-4E22-B692-F341372D0A45}" = protocol=17 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"{7DDD73AA-6C39-415C-873F-CF7800465078}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{9658B5E8-551D-4869-BD0E-8A2BB1C54115}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{98742487-EE32-4521-AF4A-D2A4F0AB1B05}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{9AC2F6D7-B6C3-4317-ABF6-FDF8665FB10E}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{A37A66D4-A870-4188-B702-FA4E50E736D1}" = protocol=6 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{ADF903CB-1BDD-44C4-B609-2392A65153ED}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{B49D9A43-4C15-4F75-9ADD-F6441AC53FF1}" = protocol=17 | dir=in | app=c:\program files\aol 9.1\waol.exe |
"{CB10E9CC-CD8C-4FF7-A5A6-1B995CF84ABB}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{D8721B05-12B9-44D7-8412-FA50D6A40F76}" = protocol=6 | dir=in | app=c:\program files\common files\aol\1253746154\ee\aolsoftware.exe |
"{DDE12FB9-4083-46BC-B678-A1892C076662}" = protocol=17 | dir=in | app=c:\program files\common files\aol\1253746154\ee\aolsoftware.exe |
"{DFB1F406-95C8-407F-A236-0484E93CD839}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"TCP Query User{AEFCA462-1C3D-4410-AF5D-77B13B6BCB74}C:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\mirc\mirc.exe |
"UDP Query User{D7072B61-064A-4F53-95FC-D5815C30F943}C:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\mirc\mirc.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{07D8511D-C9FE-4A93-933F-EAA5C8F20095}" = IDT Audio
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 18
"{33AE9E89-47C9-4A0D-9E9D-BDD6966A3804}" = Microsoft SQL Server 2008 RsFx Driver
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{39098402-3F7A-4257-A4AE-FC1181D1B40B}" = Camera Assistant Software for Gateway
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{44CDBD1B-89FB-4E02-8319-2A4C550F664A}" = RTC Client API v1.2
"{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4F44B5AE-82A6-4A8A-A3E3-E24D489728E3}" = Microsoft SQL Server 2008 Native Client
"{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = Microsoft SQL Server 2008 Database Engine Services
"{5BE1E709-30E4-3D6D-A708-96CE8D5E5E8D}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
"{66D6F3BD-CA23-41A4-9FA3-96B26B32528C}" = Command & Conquer The First Decade
"{6B9C32DB-DBCD-45A8-B901-3A92A99A2474}" = InstallVC90Support
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90D5CD2B-0CD7-492D-80CC-2E874FBF52C1}_is1" = AAC Converter v3.1 build 709
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2C904FA-DB34-47A3-B8D6-50F4E7AC5808}" = Virgin Mobile Broadband Modem Drivers
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}" = Microsoft SQL Server VSS Writer
"{BA4DA261-CB60-4690-B202-44998DFC6986}" = Microsoft SQL Server 2008 Setup Support Files
"{C39B7B95-5009-4C64-B25B-B1AD6BDD9E8F}" = Broadband2Go
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{D8087907-E255-3A41-A46D-D0F798709C71}" = Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
"{F226C1DA-66D7-4ABC-86B5-3F978A660EBF}" = AOL Mail and AIM Gadget
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AOL Emergency Connect Utility 1.0" = Uninstall AOL Emergency Connect Utility 1.0
"AOL Toolbar" = AOL Toolbar
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"Broadband2Go" = Broadband2Go
"com.adobe.mauby.4875E02D9FB21EE389F73B8 D1702B320485DF8CE.1" = Acrobat.com
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DriverAgent.exe" = DriverAgent by eSupport.com
"ESET Online Scanner" = ESET Online Scanner v3
"Fraps" = Fraps (remove only)
"GameSpy Arcade" = GameSpy Arcade
"G-Force" = G-Force
"HijackThis" = HijackThis 2.0.2
"iCall_is1" = iCall
"LimeWire" = LimeWire 4.18.8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Maniac Mansion Deluxe" = Maniac Mansion Deluxe
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft Visual C++ 2008 Express Edition with SP1 - ENU" = Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
"mIRC" = mIRC
"MSC" = McAfee SecurityCenter
"RealPlayer 12.0" = RealPlayer
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WhiteCap" = WhiteCap
"WinPcapInst" = WinPcap 4.1.1
"WinRAR archiver" = WinRAR archiver
"Wireshark" = Wireshark 1.2.5

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Windows System Scanner" = Windows System Scanner

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/3/2010 3:41:12 PM | Computer Name = J-BIRD-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 8.0.6001.18865 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 14c8 Start Time: 01caa50770fce142 Termination Time: 0

Error - 2/7/2010 7:01:18 PM | Computer Name = J-BIRD-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe_Browser, version 6.0.6001.18000,
time stamp 0x47918b89, faulting module unknown, version 0.0.0.0, time stamp 0x00000000,
exception code 0xc0000005, fault offset 0x44c156e2, process id 0x49c, application
start time 0x01caa7653ec34300.

Error - 2/8/2010 7:01:54 AM | Computer Name = J-BIRD-PC | Source = EventSystem | ID = 4609
Description =

Error - 2/8/2010 3:33:33 PM | Computer Name = J-BIRD-PC | Source = McLogEvent | ID = 5051
Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took
longer than 90000 ms to complete a request. The process will be terminated. Thread
id : 448 (0x1c0) Thread address : 0x77055E74 Thread message : Build VSCORE.14.0.0.435
/ 5301.4018 Object being scanned = \Device\HarddiskVolume1\Users\J-BIRD\Downloads\RENEGADE\UberMapPack.exe

by C:\Windows\Explorer.EXE 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0)

5006(0)(0) 5004(0)(0)

Error - 2/8/2010 5:18:37 PM | Computer Name = J-BIRD-PC | Source = McLogEvent | ID = 5051
Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took
longer than 90000 ms to complete a request. The process will be terminated. Thread
id : 3216 (0xc90) Thread address : 0x774B5E74 Thread message : Build VSCORE.14.0.0.435
/ 5301.4018 Object being scanned = \Device\HarddiskVolume1\Users\J-BIRD\Downloads\RENEGADE\UberMapPack.exe

by C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe 4(0)(0) 4(0)(0) 7200(0)(0)

7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 2/9/2010 12:13:58 AM | Computer Name = J-BIRD-PC | Source = System Restore | ID = 8193
Description =

Error - 2/9/2010 12:48:37 AM | Computer Name = J-BIRD-PC | Source = VSS | ID = 8194
Description =

Error - 2/10/2010 12:15:13 AM | Computer Name = J-BIRD-PC | Source = EventSystem | ID = 4609
Description =

Error - 2/10/2010 3:49:48 AM | Computer Name = J-BIRD-PC | Source = McLogEvent | ID = 5051
Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took
longer than 90000 ms to complete a request. The process will be terminated. Thread
id : 4724 (0x1274) Thread address : 0x77B85E74 Thread message : Build VSCORE.14.0.0.435
/ 5301.4018 Object being scanned = \Device\HarddiskVolume1\Users\J-BIRD\Downloads\RENEGADE\UberMapPack.exe

by C:\Windows\Explorer.EXE 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0)

5006(0)(0) 5004(0)(0)

Error - 2/10/2010 10:31:05 AM | Computer Name = J-BIRD-PC | Source = Application Error | ID = 1000
Description = Faulting application GRJNXTIAU.exe, version 1.71.0.0, time stamp 0x44e255aa,
faulting module GRJNXTIAU.exe, version 1.71.0.0, time stamp 0x44e255aa, exception
code 0xc0000005, fault offset 0x0004f490, process id 0x1404, application start time
0x01caaa5b914d7b2e.

[ Media Center Events ]
Error - 9/13/2009 5:12:22 PM | Computer Name = J-BIRD-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.SqmFlushSession failed; Win32 GetLastError
returned 0D Process: DefaultDomain Object Name: Media Center Guide

Error - 9/13/2009 5:17:22 PM | Computer Name = J-BIRD-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.SqmFlushSession failed; Win32 GetLastError
returned 0D Process: DefaultDomain Object Name: Media Center Guide

[ System Events ]
Error - 9/17/2009 12:55:21 PM | Computer Name = J-BIRD-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1000
Description =

Error - 9/17/2009 12:55:26 PM | Computer Name = J-BIRD-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =

Error - 9/17/2009 1:21:22 PM | Computer Name = J-BIRD-PC | Source = HTTP | ID = 15016
Description =

Error - 9/17/2009 1:21:47 PM | Computer Name = J-BIRD-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 9/17/2009 1:26:24 PM | Computer Name = J-BIRD-PC | Source = Microsoft-Windows-Eventlog | ID = 30
Description =

Error - 9/17/2009 2:41:56 PM | Computer Name = J-BIRD-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 9/17/2009 2:41:56 PM | Computer Name = J-BIRD-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 9/17/2009 3:17:30 PM | Computer Name = J-BIRD-PC | Source = HTTP | ID = 15016
Description =

Error - 9/17/2009 3:18:33 PM | Computer Name = J-BIRD-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 9/17/2009 5:06:54 PM | Computer Name = J-BIRD-PC | Source = BROWSER | ID = 8032
Description =

< End of report >

mario21lv · « **Reply #8 on:** February 11, 2010, 12:15:32 AM »

Hello, your comment has been removed. Please do not post malware advice, or post here in the malware forum, unless you need help. ~ DragonMaster Jay

alphanumeric · « **Reply #9 on:** February 11, 2010, 12:44:25 AM »

<Removed> See here http://www.computerhope.com/forum/index.php/topic,57605.0.html

Dr Jay · « **Reply #10 on:** February 11, 2010, 03:53:55 PM »

Please download ComboFix

from BleepingComputer.com

Alternate link: GeeksToGo.com

Alternate link: Forospyware.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
Click Start then copy paste the following command into the search box & hit enter: "%userprofile%\desktop\commy.exe" /stepdel
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. This will not install in Vista. Just continue scanning, and skip the console install.
When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

paries669 · « **Reply #11 on:** February 11, 2010, 05:37:58 PM »

Here is the log It stopped scanning the first time so repeated the copy and paste into the search bar and ran it with no problems. Never asked to insrall the console
-------------------------------------------------------------------------------------
ComboFix 10-02-11.04 - J-BIRD 02/11/2010 19:00:44.4.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.765.230 [GMT -5:00]
Running from: c:\users\J-BIRD\Desktop\commy.exe
Command switches used :: /stepdel
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2010-01-12 to 2010-02-12 )))))))))))))))))))))))))))))))
.

2010-02-12 00:11 . 2010-02-12 00:12   --------   d-----w-   c:\users\J-BIRD\AppData\Local\temp
2010-02-12 00:11 . 2010-02-12 00:11   --------   d-----w-   c:\users\Public\AppData\Local\temp
2010-02-12 00:11 . 2010-02-12 00:11   --------   d-----w-   c:\users\Default\AppData\Local\temp
2010-02-10 16:46 . 2010-02-10 16:46   52224   ----a-w-   c:\users\J-BIRD\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-02-10 16:46 . 2010-02-10 16:46   117760   ----a-w-   c:\users\J-BIRD\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-02-10 16:44 . 2010-02-10 16:44   --------   d-----w-   c:\users\J-BIRD\AppData\Roaming\SUPERAntiSpyware.com
2010-02-10 16:43 . 2010-02-10 16:43   --------   d-----w-   c:\program files\Common Files\Wise Installation Wizard
2010-02-10 15:37 . 2010-02-10 15:37   --------   d-----w-   c:\program files\ESET
2010-02-09 06:16 . 2010-02-09 06:16   --------   d-----w-   c:\programdata\SUPERAntiSpyware.com
2010-02-09 06:16 . 2010-02-10 16:44   --------   d-----w-   c:\program files\SUPERAntiSpyware
2010-02-09 06:14 . 2010-02-09 06:14   --------   d-----w-   c:\program files\MetaStream
2010-02-09 06:14 . 2010-02-09 06:14   --------   d-----w-   c:\programdata\Viewpoint
2010-02-09 04:44 . 2010-02-09 04:44   2   --shatr-   c:\windows\winstart.bat
2010-02-09 04:08 . 2010-02-09 04:13   --------   d-----w-   c:\programdata\Hitman Pro
2010-02-09 03:20 . 2010-02-09 03:20   --------   d-----w-   c:\program files\Trend Micro
2010-02-09 02:18 . 2010-02-09 03:02   --------   d-----w-   c:\programdata\Spybot - Search & Destroy
2010-02-08 20:22 . 2010-02-08 20:22   --------   d-----w-   c:\users\J-BIRD\AppData\Roaming\Malwarebytes
2010-02-08 20:22 . 2010-01-07 21:07   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-08 20:22 . 2010-02-08 20:22   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2010-02-08 20:22 . 2010-02-08 20:22   --------   d-----w-   c:\programdata\Malwarebytes
2010-02-08 20:22 . 2010-01-07 21:07   19160   ----a-w-   c:\windows\system32\drivers\mbam.sys
2010-02-08 18:45 . 2010-02-10 15:05   --------   d-----w-   c:\program files\Windows Live Safety Center
2010-02-03 16:34 . 2010-02-06 01:39   --------   d-----w-   c:\users\J-BIRD\AppData\Roaming\mIRC
2010-02-03 16:34 . 2010-02-06 01:39   --------   d-----w-   c:\program files\mIRC
2010-02-03 06:57 . 2010-02-08 09:26   --------   d-----w-   C:\Fraps
2010-02-03 00:32 . 2010-02-03 00:57   --------   dc----w-   c:\windows\system32\DRVSTORE
2010-02-03 00:29 . 2010-02-03 00:32   --------   d-----w-   c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-02-03 00:25 . 2010-02-03 01:02   --------   d-----w-   c:\programdata\Apple Computer
2010-02-03 00:18 . 2010-02-03 01:09   --------   d-----w-   c:\program files\Common Files\Apple
2010-01-27 22:24 . 2010-01-27 22:24   --------   d-----w-   c:\program files\Common Files\Java
2010-01-20 00:43 . 2010-01-22 21:41   --------   d-----w-   c:\program files\iCall
2010-01-16 14:09 . 2010-02-05 05:53   --------   d-----w-   c:\program files\TeamSpeak 3 Client
2010-01-15 21:49 . 2010-01-15 21:49   --------   d-----w-   c:\users\J-BIRD\AppData\Local\Apps
2010-01-15 19:24 . 2010-01-16 14:10   --------   d-----w-   c:\users\J-BIRD\AppData\Roaming\TS3Client

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-08 07:52 . 2009-11-10 19:21   --------   d-----w-   c:\program files\Common Files\Adobe
2010-02-06 03:27 . 2009-10-08 04:32   --------   d-----w-   c:\users\J-BIRD\AppData\Roaming\SoundSpectrum
2010-02-06 03:27 . 2009-10-08 04:25   --------   d-----w-   c:\program files\SoundSpectrum
2010-02-06 01:40 . 2009-09-13 20:41   --------   d-----w-   c:\users\J-BIRD\AppData\Roaming\LimeWire
2010-02-04 08:45 . 2009-09-14 00:37   --------   d-----w-   c:\program files\Full Tilt Poker
2010-01-28 03:07 . 2009-11-10 19:15   --------   d-----w-   c:\programdata\NOS
2010-01-27 22:23 . 2009-09-13 20:38   --------   d-----w-   c:\program files\Java
2010-01-14 16:28 . 2009-09-13 21:48   --------   d--h--w-   c:\program files\InstallShield Installation Information
2010-01-14 16:20 . 2009-09-13 21:44   --------   d-----w-   c:\program files\Common Files\InstallShield
2010-01-14 16:12 . 2009-10-04 23:31   181120   ------w-   c:\windows\system32\MpSigStub.exe
2010-01-12 07:59 . 2009-12-23 16:59   --------   d-----w-   c:\program files\Microsoft.NET
2010-01-12 07:57 . 2009-12-31 05:52   --------   d-----w-   c:\program files\Microsoft SQL Server
2010-01-10 05:40 . 2010-01-10 05:40   23456   ----a-w-   c:\windows\system32\drivers\DrvAgent32.sys
2010-01-05 10:30 . 2010-01-05 10:30   --------   d-----w-   c:\users\J-BIRD\AppData\Roaming\Wireshark
2010-01-05 10:27 . 2010-01-05 10:26   --------   d-----w-   c:\program files\Wireshark
2010-01-05 10:27 . 2010-01-05 10:27   --------   d-----w-   c:\program files\WinPcap
2010-01-05 10:22 . 2010-01-05 09:16   --------   d-----w-   c:\program files\GameSpy Arcade
2010-01-02 22:00 . 2010-01-02 22:00   --------   d-----w-   c:\program files\HooTech
2009-12-31 06:03 . 2009-09-12 22:40   56496   ----a-w-   c:\users\J-BIRD\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-31 05:52 . 2009-12-31 05:47   --------   d-----w-   c:\programdata\Microsoft Help
2009-12-31 05:51 . 2009-12-31 05:51   112640   ----a-w-   c:\programdata\Microsoft\VCExpress\9.0\1033\ResourceCache.dll
2009-12-31 05:51 . 2009-12-31 05:51   416   ----a-w-   c:\programdata\Microsoft\MSDN\9.0\1033\ResourceCache.dll
2009-12-31 05:49 . 2009-12-31 05:47   --------   d-----w-   c:\program files\Microsoft Visual Studio 9.0
2009-12-31 05:48 . 2009-12-31 05:47   --------   d-----w-   c:\program files\Common Files\Merge Modules
2009-12-31 05:45 . 2009-12-31 05:45   --------   d-----w-   c:\program files\Microsoft SDKs
2009-12-27 06:48 . 2009-12-27 06:48   --------   d-----w-   c:\program files\EA Games
2009-12-23 17:28 . 2009-12-23 00:48   --------   d-----w-   c:\program files\Common Files\EasyInfo
2009-12-23 17:24 . 2009-12-23 17:00   --------   d-----w-   c:\program files\Microsoft Works
2009-12-23 17:12 . 2009-12-23 17:12   --------   d-----w-   c:\programdata\MSScanAppDataDir
2009-12-23 17:01 . 2009-12-23 17:01   --------   d-----w-   c:\program files\Common Files\L&H
2009-12-23 17:01 . 2009-12-23 17:01   --------   d-----w-   c:\program files\Microsoft ActiveSync
2009-12-23 16:34 . 2006-11-02 11:18   --------   d-----w-   c:\program files\Windows Mail
2009-12-23 16:33 . 2009-12-23 16:33   0   ---ha-w-   c:\windows\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
2009-12-22 23:16 . 2009-12-22 23:16   120   ----a-w-   c:\users\J-BIRD\AppData\Local\Abakebicitaqun.dat
2009-12-22 23:16 . 2009-12-22 23:16   0   ----a-w-   c:\users\J-BIRD\AppData\Local\Mzagezipahalaf.bin
2009-12-20 15:53 . 2009-12-20 15:53   234016   ----a-w-   c:\windows\system32\drivers\Rtlh86.sys
2009-12-17 22:14 . 2009-09-13 20:39   411368   ----a-w-   c:\windows\system32\deploytk.dll
2009-12-16 18:13 . 2009-12-16 18:13   --------   d-----w-   c:\program files\LucasFan Games
2009-12-03 14:27 . 2009-12-03 14:27   80416   ----a-w-   c:\windows\system32\RtNicProp32.dll
2009-12-03 14:27 . 2009-07-22 14:24   100896   ----a-w-   c:\windows\system32\RTNUninst32.dll
2009-11-21 06:40 . 2009-12-23 16:22   916480   ----a-w-   c:\windows\system32\wininet.dll
2009-11-21 06:34 . 2009-12-23 16:22   71680   ----a-w-   c:\windows\system32\iesetup.dll
2009-11-21 06:34 . 2009-12-23 16:22   109056   ----a-w-   c:\windows\system32\iesysprep.dll
2009-11-21 04:59 . 2009-12-23 16:22   133632   ----a-w-   c:\windows\system32\ieUnatt.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"AOL Fast Start"="c:\program files\AOL 9.1\AOL.EXE" [2008-11-06 50472]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-01-05 2002160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"SigmatelSysTrayApp"="sttray.exe" [2007-07-27 405504]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 20:57   948672   ----a-r-   c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 06:57   35760   ----a-w-   c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
2008-11-06 11:42   50472   ----a-w-   c:\program files\AOL 9.1\aol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Assistant Software]
2007-09-13 18:09   638976   ----a-w-   c:\program files\Camera Assistant Software for Gateway\traybar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2007-05-25 17:16   42032   ----a-w-   c:\program files\Common Files\aol\1253746154\ee\aolsoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iCall Internet Phone]
2008-12-18 20:44   1587576   ----a-w-   c:\program files\iCall\iCall.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-11-12 17:10   198160   ----a-w-   c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 03:38   1008184   ----a-w-   c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 03:33   202240   ----a-w-   c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):ee,55,1e,50,e5,37,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4169688170-2307295415-4118402380-1000]
"EnableNotificationsRef"=dword:00000001

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [1/5/2010 7:56 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/5/2010 7:56 AM 74480]
R2 NvtlService;NovaCore SDK Service;c:\program files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe [5/22/2009 4:30 PM 80384]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\System32\drivers\RTL8187B.sys [6/10/2009 4:52 AM 347648]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/5/2010 7:56 AM 7408]
S3 DrvAgent32;DrvAgent32;c:\windows\System32\drivers\DrvAgent32.sys [1/10/2010 12:40 AM 23456]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [9/17/2009 11:15 AM 21504]
S3 KEA;KEA;c:\users\J-BIRD\AppData\Local\Temp\KEA.exe --> c:\users\J-BIRD\AppData\Local\Temp\KEA.exe [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\System32\drivers\npf.sys [10/20/2009 1:19 PM 50704]
S3 NWVMModem;Virgin Mobile USB Modem Driver;c:\windows\System32\drivers\nwvmmdm.sys [5/15/2009 1:34 PM 174720]
S3 NWVMPort;Virgin Mobile USB Status Port Driver;c:\windows\System32\drivers\nwvmser.sys [5/15/2009 1:34 PM 174720]
S3 NWVMPort2;Virgin Mobile USB Status2 Port Driver;c:\windows\System32\drivers\nwvmser2.sys [5/15/2009 1:34 PM 174720]
S3 NZSCXJXN;NZSCXJXN;c:\users\J-BIRD\AppData\Local\Temp\NZSCXJXN.exe --> c:\users\J-BIRD\AppData\Local\Temp\NZSCXJXN.exe [?]
S3 URRB;URRB;c:\users\J-BIRD\AppData\Local\Temp\URRB.exe --> c:\users\J-BIRD\AppData\Local\Temp\URRB.exe [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [7/10/2008 7:28 PM 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\System32\drivers\RsFx0103.sys [3/30/2009 3:09 AM 239336]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [3/30/2009 3:23 AM 366936]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - SASDIFSV
*NewlyCreated* - SASENUM

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation   REG_MULTI_SZ     FontCache
.
Contents of the 'Scheduled Tasks' folder

2009-11-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-21 16:22]

2010-02-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-21 16:22]

2010-02-11 c:\windows\Tasks\User_Feed_Synchronization-{7B7886CB-F69B-46D3-802C-6198EA461B1C}.job
- c:\windows\system32\msfeedssync.exe [2009-12-23 04:59]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-11 19:12
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll atapi.sys >>UNKNOWN [0x856D58C8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x829a4d24
\Driver\ACPI -> acpi.sys @ 0x80615d68
\Driver\atapi -> atapi.sys @ 0x807279b0
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-02-11 19:19:31
ComboFix-quarantined-files.txt 2010-02-12 00:19
ComboFix2.txt 2010-02-10 05:01

Pre-Run: 164,328,722,432 bytes free
Post-Run: 164,337,328,128 bytes free

- - End Of File - - 44D739D389288DE444B7797E095F9F86

Dr Jay · « **Reply #12 on:** February 12, 2010, 12:13:38 PM »

Re-running ComboFix to remove infections:

Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open notepad and copy/paste the text in the quotebox below into it:
Quote
File::
c:\windows\winstart.bat
c:\users\J-BIRD\AppData\Local\Abakebicitaqun.dat
c:\users\J-BIRD\AppData\Local\Mzagezipahalaf.bin
c:\users\J-BIRD\AppData\Local\Temp\URRB.exe

DirLook::
c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}

NetSvc::
URRB

RegLockDel::
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}]
Save this as CFScript.txt, in the same location as ComboFix.exe
Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt
Please post the contents of the log in your next reply.

paries669 · « **Reply #13 on:** February 12, 2010, 01:12:34 PM »

Do I drag it to the one you had me rename as commy.exe

paries669 · « **Reply #14 on:** February 12, 2010, 02:28:06 PM »

Here is the combofix log I also found a malwarebytes log from before I made this topic n a quickscan I'll attach it don't know if it matters.
-------------------------------------------------------------------------------------------------------------
ComboFix 10-02-11.04 - J-BIRD 02/12/2010 15:46:32.6.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.765.233 [GMT -5:00]
Running from: c:\users\J-BIRD\Desktop\COMMY.EXE
Command switches used :: c:\users\J-BIRD\Desktop\CFScript.txt
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2010-01-12 to 2010-02-12 )))))))))))))))))))))))))))))))
.

2010-02-12 20:57 . 2010-02-12 20:57   --------   d-----w-   c:\users\J-BIRD\AppData\Local\temp
2010-02-12 20:57 . 2010-02-12 20:57   --------   d-----w-   c:\users\Public\AppData\Local\temp
2010-02-12 20:57 . 2010-02-12 20:57   --------   d-----w-   c:\users\Default\AppData\Local\temp
2010-02-11 23:58 . 2010-02-12 00:19   --------   d-----w-   C:\commy
2010-02-10 16:46 . 2010-02-10 16:46   52224   ----a-w-   c:\users\J-BIRD\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-02-10 16:46 . 2010-02-10 16:46   117760   ----a-w-   c:\users\J-BIRD\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-02-10 16:44 . 2010-02-10 16:44   --------   d-----w-   c:\users\J-BIRD\AppData\Roaming\SUPERAntiSpyware.com
2010-02-10 16:43 . 2010-02-10 16:43   --------   d-----w-   c:\program files\Common Files\Wise Installation Wizard
2010-02-10 15:37 . 2010-02-10 15:37   --------   d-----w-   c:\program files\ESET
2010-02-09 06:16 . 2010-02-09 06:16   --------   d-----w-   c:\programdata\SUPERAntiSpyware.com
2010-02-09 06:16 . 2010-02-10 16:44   --------   d-----w-   c:\program files\SUPERAntiSpyware
2010-02-09 06:14 . 2010-02-09 06:14   --------   d-----w-   c:\program files\MetaStream
2010-02-09 06:14 . 2010-02-09 06:14   --------   d-----w-   c:\programdata\Viewpoint
2010-02-09 04:44 . 2010-02-09 04:44   2   --shatr-   c:\windows\winstart.bat
2010-02-09 03:20 . 2010-02-09 03:20   --------   d-----w-   c:\program files\Trend Micro
2010-02-09 02:18 . 2010-02-09 03:02   --------   d-----w-   c:\programdata\Spybot - Search & Destroy
2010-02-08 20:22 . 2010-02-08 20:22   --------   d-----w-   c:\users\J-BIRD\AppData\Roaming\Malwarebytes
2010-02-08 20:22 . 2010-01-07 21:07   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-08 20:22 . 2010-02-08 20:22   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2010-02-08 20:22 . 2010-02-08 20:22   --------   d-----w-   c:\programdata\Malwarebytes
2010-02-08 20:22 . 2010-01-07 21:07   19160   ----a-w-   c:\windows\system32\drivers\mbam.sys
2010-02-08 18:45 . 2010-02-10 15:05   --------   d-----w-   c:\program files\Windows Live Safety Center
2010-02-03 16:34 . 2010-02-06 01:39   --------   d-----w-   c:\users\J-BIRD\AppData\Roaming\mIRC
2010-02-03 16:34 . 2010-02-06 01:39   --------   d-----w-   c:\program files\mIRC
2010-02-03 06:57 . 2010-02-08 09:26   --------   d-----w-   C:\Fraps
2010-02-03 00:32 . 2010-02-03 00:57   --------   dc----w-   c:\windows\system32\DRVSTORE
2010-02-03 00:29 . 2010-02-03 00:32   --------   d-----w-   c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-02-03 00:25 . 2010-02-03 01:02   --------   d-----w-   c:\programdata\Apple Computer
2010-02-03 00:18 . 2010-02-03 01:09   --------   d-----w-   c:\program files\Common Files\Apple
2010-01-27 22:24 . 2010-01-27 22:24   --------   d-----w-   c:\program files\Common Files\Java
2010-01-20 00:43 . 2010-01-22 21:41   --------   d-----w-   c:\program files\iCall
2010-01-16 14:09 . 2010-02-12 03:56   --------   d-----w-   c:\program files\TeamSpeak 3 Client
2010-01-15 21:49 . 2010-01-15 21:49   --------   d-----w-   c:\users\J-BIRD\AppData\Local\Apps
2010-01-15 19:24 . 2010-01-16 14:10   --------   d-----w-   c:\users\J-BIRD\AppData\Roaming\TS3Client

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-12 08:14 . 2009-09-14 00:37   --------   d-----w-   c:\program files\Full Tilt Poker
2010-02-12 06:46 . 2009-09-13 20:41   --------   d-----w-   c:\users\J-BIRD\AppData\Roaming\LimeWire
2010-02-08 07:52 . 2009-11-10 19:21   --------   d-----w-   c:\program files\Common Files\Adobe
2010-02-06 03:27 . 2009-10-08 04:32   --------   d-----w-   c:\users\J-BIRD\AppData\Roaming\SoundSpectrum
2010-02-06 03:27 . 2009-10-08 04:25   --------   d-----w-   c:\program files\SoundSpectrum
2010-01-28 03:07 . 2009-11-10 19:15   --------   d-----w-   c:\programdata\NOS
2010-01-27 22:23 . 2009-09-13 20:38   --------   d-----w-   c:\program files\Java
2010-01-14 16:28 . 2009-09-13 21:48   --------   d--h--w-   c:\program files\InstallShield Installation Information
2010-01-14 16:20 . 2009-09-13 21:44   --------   d-----w-   c:\program files\Common Files\InstallShield
2010-01-14 16:12 . 2009-10-04 23:31   181120   ------w-   c:\windows\system32\MpSigStub.exe
2010-01-12 07:59 . 2009-12-23 16:59   --------   d-----w-   c:\program files\Microsoft.NET
2010-01-12 07:57 . 2009-12-31 05:52   --------   d-----w-   c:\program files\Microsoft SQL Server
2010-01-10 05:40 . 2010-01-10 05:40   23456   ----a-w-   c:\windows\system32\drivers\DrvAgent32.sys
2010-01-05 10:30 . 2010-01-05 10:30   --------   d-----w-   c:\users\J-BIRD\AppData\Roaming\Wireshark
2010-01-05 10:27 . 2010-01-05 10:26   --------   d-----w-   c:\program files\Wireshark
2010-01-05 10:27 . 2010-01-05 10:27   --------   d-----w-   c:\program files\WinPcap
2010-01-05 10:22 . 2010-01-05 09:16   --------   d-----w-   c:\program files\GameSpy Arcade
2010-01-02 22:00 . 2010-01-02 22:00   --------   d-----w-   c:\program files\HooTech
2009-12-31 06:03 . 2009-09-12 22:40   56496   ----a-w-   c:\users\J-BIRD\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-31 05:52 . 2009-12-31 05:47   --------   d-----w-   c:\programdata\Microsoft Help
2009-12-31 05:51 . 2009-12-31 05:51   112640   ----a-w-   c:\programdata\Microsoft\VCExpress\9.0\1033\ResourceCache.dll
2009-12-31 05:51 . 2009-12-31 05:51   416   ----a-w-   c:\programdata\Microsoft\MSDN\9.0\1033\ResourceCache.dll
2009-12-31 05:49 . 2009-12-31 05:47   --------   d-----w-   c:\program files\Microsoft Visual Studio 9.0
2009-12-31 05:48 . 2009-12-31 05:47   --------   d-----w-   c:\program files\Common Files\Merge Modules
2009-12-31 05:45 . 2009-12-31 05:45   --------   d-----w-   c:\program files\Microsoft SDKs
2009-12-27 06:48 . 2009-12-27 06:48   --------   d-----w-   c:\program files\EA Games
2009-12-23 17:28 . 2009-12-23 00:48   --------   d-----w-   c:\program files\Common Files\EasyInfo
2009-12-23 17:24 . 2009-12-23 17:00   --------   d-----w-   c:\program files\Microsoft Works
2009-12-23 17:12 . 2009-12-23 17:12   --------   d-----w-   c:\programdata\MSScanAppDataDir
2009-12-23 17:01 . 2009-12-23 17:01   --------   d-----w-   c:\program files\Common Files\L&H
2009-12-23 17:01 . 2009-12-23 17:01   --------   d-----w-   c:\program files\Microsoft ActiveSync
2009-12-23 16:34 . 2006-11-02 11:18   --------   d-----w-   c:\program files\Windows Mail
2009-12-23 16:33 . 2009-12-23 16:33   0   ---ha-w-   c:\windows\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
2009-12-22 23:16 . 2009-12-22 23:16   120   ----a-w-   c:\users\J-BIRD\AppData\Local\Abakebicitaqun.dat
2009-12-22 23:16 . 2009-12-22 23:16   0   ----a-w-   c:\users\J-BIRD\AppData\Local\Mzagezipahalaf.bin
2009-12-20 15:53 . 2009-12-20 15:53   234016   ----a-w-   c:\windows\system32\drivers\Rtlh86.sys
2009-12-17 22:14 . 2009-09-13 20:39   411368   ----a-w-   c:\windows\system32\deploytk.dll
2009-12-16 18:13 . 2009-12-16 18:13   --------   d-----w-   c:\program files\LucasFan Games
2009-12-03 14:27 . 2009-12-03 14:27   80416   ----a-w-   c:\windows\system32\RtNicProp32.dll
2009-12-03 14:27 . 2009-07-22 14:24   100896   ----a-w-   c:\windows\system32\RTNUninst32.dll
2009-11-21 06:40 . 2009-12-23 16:22   916480   ----a-w-   c:\windows\system32\wininet.dll
2009-11-21 06:34 . 2009-12-23 16:22   71680   ----a-w-   c:\windows\system32\iesetup.dll
2009-11-21 06:34 . 2009-12-23 16:22   109056   ----a-w-   c:\windows\system32\iesysprep.dll
2009-11-21 04:59 . 2009-12-23 16:22   133632   ----a-w-   c:\windows\system32\ieUnatt.exe
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD} ----

2010-02-03 00:32 . 2010-02-03 00:32   3274   ----a-w-   c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}\x86\DIFxInstallLog.txt

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"AOL Fast Start"="c:\program files\AOL 9.1\AOL.EXE" [2008-11-06 50472]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-01-05 2002160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"SigmatelSysTrayApp"="sttray.exe" [2007-07-27 405504]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 20:57   948672   ----a-r-   c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 06:57   35760   ----a-w-   c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
2008-11-06 11:42   50472   ----a-w-   c:\program files\AOL 9.1\aol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Assistant Software]
2007-09-13 18:09   638976   ----a-w-   c:\program files\Camera Assistant Software for Gateway\traybar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2007-05-25 17:16   42032   ----a-w-   c:\program files\Common Files\aol\1253746154\ee\aolsoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iCall Internet Phone]
2008-12-18 20:44   1587576   ----a-w-   c:\program files\iCall\iCall.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-11-12 17:10   198160   ----a-w-   c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 03:38   1008184   ----a-w-   c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 03:33   202240   ----a-w-   c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):ee,55,1e,50,e5,37,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4169688170-2307295415-4118402380-1000]
"EnableNotificationsRef"=dword:00000001

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [1/5/2010 7:56 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/5/2010 7:56 AM 74480]
R2 NvtlService;NovaCore SDK Service;c:\program files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe [5/22/2009 4:30 PM 80384]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\System32\drivers\RTL8187B.sys [6/10/2009 4:52 AM 347648]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/5/2010 7:56 AM 7408]
S3 DrvAgent32;DrvAgent32;c:\windows\System32\drivers\DrvAgent32.sys [1/10/2010 12:40 AM 23456]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [9/17/2009 11:15 AM 21504]
S3 KEA;KEA;c:\users\J-BIRD\AppData\Local\Temp\KEA.exe --> c:\users\J-BIRD\AppData\Local\Temp\KEA.exe [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\System32\drivers\npf.sys [10/20/2009 1:19 PM 50704]
S3 NWVMModem;Virgin Mobile USB Modem Driver;c:\windows\System32\drivers\nwvmmdm.sys [5/15/2009 1:34 PM 174720]
S3 NWVMPort;Virgin Mobile USB Status Port Driver;c:\windows\System32\drivers\nwvmser.sys [5/15/2009 1:34 PM 174720]
S3 NWVMPort2;Virgin Mobile USB Status2 Port Driver;c:\windows\System32\drivers\nwvmser2.sys [5/15/2009 1:34 PM 174720]
S3 NZSCXJXN;NZSCXJXN;c:\users\J-BIRD\AppData\Local\Temp\NZSCXJXN.exe --> c:\users\J-BIRD\AppData\Local\Temp\NZSCXJXN.exe [?]
S3 URRB;URRB;c:\users\J-BIRD\AppData\Local\Temp\URRB.exe --> c:\users\J-BIRD\AppData\Local\Temp\URRB.exe [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [7/10/2008 7:28 PM 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\System32\drivers\RsFx0103.sys [3/30/2009 3:09 AM 239336]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [3/30/2009 3:23 AM 366936]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation   REG_MULTI_SZ     FontCache
.
Contents of the 'Scheduled Tasks' folder

2009-11-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-21 16:22]

2010-02-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-21 16:22]

2010-02-12 c:\windows\Tasks\User_Feed_Synchronization-{7B7886CB-F69B-46D3-802C-6198EA461B1C}.job
- c:\windows\system32\msfeedssync.exe [2009-12-23 04:59]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-12 15:57
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll atapi.sys >>UNKNOWN [0x856DF8C8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x829a9d24
\Driver\ACPI -> acpi.sys @ 0x80617d68
\Driver\atapi -> atapi.sys @ 0x807299b0
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->user & kernel MBR OK

**************************************************************************
.
Completion time: 2010-02-12 16:05:27
ComboFix-quarantined-files.txt 2010-02-12 21:05
ComboFix2.txt 2010-02-12 00:19
ComboFix3.txt 2010-02-10 05:01

Pre-Run: 166,891,839,488 bytes free
Post-Run: 166,892,670,976 bytes free

- - End Of File - - B64C7C16662FF342E3AE1A0454DDD811

[Saving space, attachment deleted by admin]

Computer Hope Forum

News:

Author Topic: PAGE REDIRECT VIRUS??? (Read 11338 times)

paries669

PAGE REDIRECT VIRUS???

Dr Jay

Re: PAGE REDIRECT VIRUS???

paries669

Re: PAGE REDIRECT VIRUS???

Dr Jay

Re: PAGE REDIRECT VIRUS???

paries669

Re: PAGE REDIRECT VIRUS???

Dr Jay

Re: PAGE REDIRECT VIRUS???

paries669

Re: PAGE REDIRECT VIRUS???

paries669

Re: PAGE REDIRECT VIRUS???

mario21lv

Re: PAGE REDIRECT VIRUS???

alphanumeric

Re: PAGE REDIRECT VIRUS???

Dr Jay

Re: PAGE REDIRECT VIRUS???

paries669

Re: PAGE REDIRECT VIRUS???

Dr Jay

Re: PAGE REDIRECT VIRUS???

paries669

Re: PAGE REDIRECT VIRUS???

paries669

Re: PAGE REDIRECT VIRUS???