Author Topic: Need of Fake Antivirus Removal (Read 19471 times)

binkow · « **on:** June 24, 2010, 08:02:08 PM »

I've got that fake antivirus thing again and it's really pissing me off. I've got malwarebytes anti-malware and I've got super antispyware and avira. I did scans with the malwarebytes and the super antispyware and they've picked up things and removed them and what not but they keep coming back it's like. I've used hijack this and created a log

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:46:00 PM, on 6/24/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\LogMeIn Hamachi\hamachi-2.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\NetBalancer\SeriousBit.NetBalancer.Service.exe C:\Program Files\Google\Update\1.2.183.29\GoogleCrashHandler.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS C:\WINDOWS\system32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\taskmgr.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\QuickTime\qttask.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\NETGEAR\WN111v2\WN111V2.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5577 O1 - Hosts: ::1 localhost O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVD1.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll O2 - BHO: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHot1.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll O3 - Toolbar: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHot1.dll O3 - Toolbar: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVD1.dll O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [BoM2zLAfOV] C:\Documents and Settings\Owner\Application Data\svchost.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Odegetabejuyoku] rundll32.exe "C:\WINDOWS\ijugirifad.dll",Startup O4 - Startup: scandisk.lnk = ? O4 - Global Startup: NETGEAR WN111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WN111v2\WN111V2.exe O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.systemrequirementslab.com/srl_bin/sysreqlab_srl.cab O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase1140.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://dist.globalgamecdn.com/dist/neffy/NeffyLauncher.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{694EA325-AD70-4673-B043-F53866BD15A3}: NameServer = 93.188.162.52,93.188.161.182 O17 - HKLM\System\CCS\Services\Tcpip\..\{96DEE84C-7E1F-4615-8995-E734F4F70135}: NameServer = 93.188.162.52,93.188.161.182 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 93.188.162.52,93.188.161.182 O17 - HKLM\System\CS2\Services\Tcpip\..\{694EA325-AD70-4673-B043-F53866BD15A3}: NameServer = 93.188.162.52,93.188.161.182 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.162.52,93.188.161.182 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update Service (gupdate1c9a9d8168cc888) (gupdate1c9a9d8168cc888) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\NETGEAR\WN111v2\jswpsapi.exe O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 12242 bytes

Now, I know everything in 017 can't be good and I've tried to fix them numeral times but they keep coming back. Also R1 can't be right? I never use proxies. I'm using firefox right now and this is the computer with the virus of course. I just ran the task manager right when I logged in before all the programs started up and ended all the virus related ones. (the ones with all the spam names: ex: egrerog3jt.exe and it worked)

binkow · « **Reply #1 on:** June 24, 2010, 08:24:21 PM »

Whoops, I thought I posted this in "Virus and spyware removal." Can a mod move it there for me?

SuperDave · « **Reply #2 on:** June 25, 2010, 12:35:57 PM »

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer. I am working under the guidance of one of the specialist of this forum so it may take a bit longer to process your logs.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

You have Viewpoint installed.

Viewpoint Media Player/Manager/Toolbar is considered as Foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad".

More information:

* ViewMgr.exe - Useless
* Viewpoint to Plunge Into Adware

It is suggested to remove the program now. Go to Start > Control Panel > Add/Remove Programs - (Vista & Win7 is Programs and Features) and remove the following programs if present.

* Viewpoint
* Viewpoint Manager
* Viewpoint Media Player
* Viewpoint Toolbar
* Viewpoint Experience Technology

==============================

Download Disable/Remove Windows Messenger to the desktop to remove Windows Messenger.

Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Unzip the file on the desktop. Open the MessengerDisable.exe and choose the bottom box - Uninstall Windows Messenger and click Apply.

Exit out of MessengerDisable then delete the two files that were put on the desktop.

=================================
Open HijackThis and select Do a system scan only

Place a check mark next to the following entries: (if there)

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5577
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [Odegetabejuyoku] rundll32.exe "C:\WINDOWS\ijugirifad.dll",Startup
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

Important: Close all open windows except for HijackThis and then click Fix checked.

Once completed, exit HijackThis.

===============================

Quote

Now, I know everything in 017 can't be good and

They point to this domain. Does it look familiar to you? Is this your Internet Service Provider?

RIPE Network Coordination Centre
OrgID: RIPE
Address: P.O. Box 10096
City: Amsterdam
StateProv:
PostalCode: 1001EB
Country: NL

If the answer to the above questions are No, place a check mark and have them fixed.
=================================

Please run these again and post the logs. I need to see them.

SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!

Download SuperAntispyware Free Edition (SAS)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
•Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.

===================================

Please download Malwarebytes Anti-Malware from here.

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Full Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
Please save the log to a location you will remember.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

====================================

Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Unzip SecurityCheck.zip and a folder named Security Check should appear.
* Open the Security Check folder and double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

binkow · « **Reply #3 on:** June 29, 2010, 09:24:23 AM »

Here's the check up one:

Results of screen317's Security Check version 0.99.4
Windows XP Service Pack 3 (UAC is disabled!)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
Avira AntiVir Personal - Free Antivirus
Avira successfully updated!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
HijackThis 2.0.2
CCleaner (remove only)
Java DB 10.5.3.0
Java(TM) 6 Update 20
Java(TM) 6 Update 6
Java(TM) SE Development Kit 6 Update 18
Java(TM) SE Development Kit 6 Update 20
Out of date Java installed!
Adobe Flash Player 10.0.32.18
Adobe Reader 7.0
Out of date Adobe Reader installed!
Mozilla Firefox (3.5.10) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
````````````````````````````````
DNS Vulnerability Check:

``````````End of Log````````````

[/code]

Here's the super antispyware

[code]SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/19/2010 at 10:03 PM

Application Version : 4.26.1006

Core Rules Database Version : 4058
Trace Rules Database Version: 1972

Scan type : Complete Scan
Total Scan Time : 00:09:51

Memory items scanned : 399
Memory threats detected : 0
Registry items scanned : 7200
Registry threats detected : 26
File items scanned : 6234
File threats detected : 0

Adware.Vundo Variant/Rel
   HKLM\SOFTWARE\Microsoft\MS Optimization
   HKLM\SOFTWARE\Microsoft\MS Optimization\JKWL
   HKLM\SOFTWARE\Microsoft\MS Optimization\JKWL#LU
   HKLM\SOFTWARE\Microsoft\MS Optimization\JKWL#CT
   HKLM\SOFTWARE\Microsoft\MS Optimization\JKWL#LT
   HKLM\SOFTWARE\Microsoft\MS Optimization\JKWL\how+to+get+rid+of+the+xanga+virus
   HKLM\SOFTWARE\Microsoft\MS Optimization\JKWL\how+to+get+rid+of+the+xenga+virus
   HKLM\SOFTWARE\Microsoft\MS Optimization\JKWL\how+to+get+rid+of+the+xenga+virus#LU
   HKLM\SOFTWARE\Microsoft\MS Optimization\JKWL\how+to+get+rid+of+the+xenga+virus#CT
   HKLM\SOFTWARE\Microsoft\MS Optimization\JKWL\how+to+get+rid+of+the+xenga+virus#LT
   HKLM\SOFTWARE\Microsoft\MS Optimization\JKWL\how+to+make+programs+not+run+on+startup
   HKLM\SOFTWARE\Microsoft\MS Optimization\JKWL\how+to+make+programs+not+run+on+startup#LU
   HKLM\SOFTWARE\Microsoft\MS Optimization\JKWL\how+to+make+programs+not+run+on+startup#CT
   HKLM\SOFTWARE\Microsoft\MS Optimization\JKWL\how+to+make+programs+not+run+on+startup#LT
   HKLM\SOFTWARE\Microsoft\MS Optimization\JKWL\how+to+remove+xenga+virus
   HKLM\SOFTWARE\Microsoft\MS Optimization\JKWL\how+to+remove+xenga+virus#LU
   HKLM\SOFTWARE\Microsoft\MS Optimization\JKWL\how+to+remove+xenga+virus#CT
   HKLM\SOFTWARE\Microsoft\MS Optimization\JKWL\how+to+remove+xenga+virus#LT
   HKLM\SOFTWARE\Microsoft\MS Optimization\JKWL\xanga+virus
   HKLM\SOFTWARE\Microsoft\MS Optimization\JKWL\xanga+virus#LU
   HKLM\SOFTWARE\Microsoft\MS Optimization\JKWL\xanga+virus#CT
   HKLM\SOFTWARE\Microsoft\MS Optimization\JKWL\xanga+virus#LT
   HKLM\SOFTWARE\Microsoft\MS Optimization\JKWL\xanga+virus+remove
   HKLM\SOFTWARE\Microsoft\MS Optimization\JKWL\xanga+virus+remove#LU
   HKLM\SOFTWARE\Microsoft\MS Optimization\JKWL\xanga+virus+remove#CT
   HKLM\SOFTWARE\Microsoft\MS Optimization\JKWL\xanga+virus+remove#LT

I'll get you the malwarebytes one soon

binkow · « **Reply #4 on:** June 29, 2010, 09:26:08 AM »

Oh, and I can't do the messenger disable thing because I've got that "server not found" virus thing and there are a bunch of websites I can't go on

I did everything else except the malwarebytes thing

SuperDave · « **Reply #5 on:** June 29, 2010, 11:08:31 AM »

Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.

First Verify your Java Version

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the Sun Java Runtime Environment.

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download JavaRa and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.
4. Run CCleaner.

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.

=============================

Please download the newest version of Adobe Acrobat Reader from Adobe.com

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.

==================================

Quote

Oh, and I can't do the messenger disable thing because I've got that "server not found" virus thing and there are a bunch of websites I can't go on

Ok, just skip the WinMessenger thing until later. Please get me the MBAM log and also do the above afterward.

binkow · « **Reply #6 on:** June 29, 2010, 07:56:44 PM »

have to use a proxy to avoid the "server not found" thing

Code: [Select]

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/29/2010 9:51:33 PM
mbam-log-2010-06-29 (21-51-33).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 393743
Time elapsed: 1 hour(s), 43 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 93.188.162.52,93.188.161.182 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{694ea325-ad70-4673-b043-f53866bd15a3}\NameServer (Trojan.DNSChanger) -> Data: 93.188.162.52,93.188.161.182 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{96dee84c-7e1f-4615-8995-e734f4f70135}\NameServer (Trojan.DNSChanger) -> Data: 93.188.162.52,93.188.161.182 -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

binkow · « **Reply #7 on:** June 29, 2010, 08:08:46 PM »

The virus thing I have doesn't let me go on most websites. It says "server not found." When I try to search on google when it doesn't show that all the links lead to some googleads.com/blahblah and bring me to ads. I can't update the Java thing and I can hardly do anything. This proxy isn't working, my browser is hijacked, and I got a usb thing to transfer files from laptop to pc which I can do.

SuperDave · « **Reply #8 on:** June 30, 2010, 12:50:39 PM »

Quote

The virus thing I have doesn't let me go on most websites. It says "server not found."

Which browser are you using? On a lot of these tools you will need to use Internet Explorer.

Quote

This proxy isn't working, my browser is hijacked, and I got a usb thing to transfer files from laptop to pc which I can do.

If your laptop is infected, you will infect your pc as well.

Please download ComboFix

from BleepingComputer.com

Alternate link: GeeksToGo.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console[/list]

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

If you have problems with ComboFix usage, see How to use ComboFix

binkow · « **Reply #9 on:** June 30, 2010, 01:06:21 PM »

Quote

If your laptop is infected, you will infect your pc as well.

No, my pc is infected. I can't connect to the internet at all now ( server not found ) on my pc so I use my labtop to download/transfer the files on one of those usb storage devices. I'll get you that log ASAP

binkow · « **Reply #10 on:** June 30, 2010, 01:09:29 PM »

How will I be able to update using it when I don't have an internet connection? Is there a file that I can download so that I can transfer it to my pc then install it??

edit:

hang on I think it may actually be able to connect... ill get back to you in a sec

edit 2:

wow it actually installed it -- the windows recovery console thing installed successfully

binkow · « **Reply #11 on:** June 30, 2010, 01:50:43 PM »

okay same old server not found when I try to browse

ComboFix 10-06-29.04 - Owner 06/30/2010 15:28:15.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1483 [GMT -4:00]
Running from: G:\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Owner\Local Settings\Application Data\{CE8B155C-5441-4B09-8D8C-48E0F645D3CC}
c:\documents and settings\Owner\Local Settings\Application Data\{CE8B155C-5441-4B09-8D8C-48E0F645D3CC}\chrome.manifest
c:\documents and settings\Owner\Local Settings\Application Data\{CE8B155C-5441-4B09-8D8C-48E0F645D3CC}\chrome\content\_cfg.js
c:\documents and settings\Owner\Local Settings\Application Data\{CE8B155C-5441-4B09-8D8C-48E0F645D3CC}\chrome\content\overlay.xul
c:\documents and settings\Owner\Local Settings\Application Data\{CE8B155C-5441-4B09-8D8C-48E0F645D3CC}\install.rdf
c:\windows\system32\spool\prtprocs\w32x86\E5a55.dll
c:\windows\system32\spool\prtprocs\w32x86\M3179o1o9.dll
c:\windows\system32\spool\prtprocs\w32x86\MYWSKUOC.dll
.
---- Previous Run -------
.
c:\documents and settings\Owner\Local Settings\Application Data\mjrifhuyc\vynthhatssd.exe
c:\documents and settings\Owner\Local Settings\Application Data\ndqicbwed\hxcvmnctssd.exe
c:\documents and settings\Owner\Recent\randominess.pif
c:\program files\Cheat Engine\dbk32.sys
c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
c:\windows\ijugirifad.dll
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\BReWErS.dll
c:\windows\system32\dumphive.exe
c:\windows\system32\ernel32.dll
c:\windows\system32\GQsvvyxx.ini
c:\windows\system32\GQsvvyxx.ini2
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\spool\prtprocs\w32x86\C1s9e179.dll
c:\windows\system32\spool\prtprocs\w32x86\C93u79i.dll
c:\windows\system32\spool\prtprocs\w32x86\G7iQG7.dll
c:\windows\system32\spool\prtprocs\w32x86\K93g79a.dll
c:\windows\system32\spool\prtprocs\w32x86\O3oC9s17s.dll
c:\windows\system32\spool\prtprocs\w32x86\OC9sK7.dll
c:\windows\system32\spool\prtprocs\w32x86\UO555.dll
c:\windows\system32\spool\prtprocs\w32x86\W5u5m.dll
c:\windows\system32\spool\prtprocs\w32x86\Y1cE3a79.dll
c:\windows\system32\spool\prtprocs\w32x86\Y31oC317y.dll
c:\windows\system32\spool\prtprocs\w32x86\Y5cE5.dll
c:\windows\system32\SrchSTS.exe
c:\windows\system32\Thumbs.db
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
c:\windows\wpe pro.INI
D:\Autorun.inf
H:\Autorun.inf

-- Previous Run --

Infected copy of c:\windows\system32\drivers\compbatt.sys was found and disinfected
Restored copy from - Kitty had a snack :p
c:\windows\system32\proquota.exe was missing
Restored copy from - c:\windows\ServicePackFiles\i386\proquota.exe

--------

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DBKDRVR54
-------\Service_DBKDRVR54

((((((((((((((((((((((((( Files Created from 2010-05-28 to 2010-06-30 )))))))))))))))))))))))))))))))
.

2010-06-29 23:56 . 2010-02-28 00:46   3691384   ----a-w-   c:\documents and settings\Owner\Application Data\Simply Super Software\Trojan Remover\oubA7.exe
2010-06-29 23:40 . 2006-06-19 16:01   69632   ----a-w-   c:\windows\system32\ztvcabinet.dll
2010-06-29 23:40 . 2006-05-25 18:52   162304   ----a-w-   c:\windows\system32\ztvunrar36.dll
2010-06-29 23:40 . 2005-08-26 04:50   77312   ----a-w-   c:\windows\system32\ztvunace26.dll
2010-06-29 23:40 . 2003-02-02 23:06   153088   ----a-w-   c:\windows\system32\UNRAR3.dll
2010-06-29 23:40 . 2002-03-06 04:00   75264   ----a-w-   c:\windows\system32\unacev2.dll
2010-06-29 23:40 . 2010-06-29 23:55   --------   d-----w-   c:\program files\Trojan Remover
2010-06-29 23:40 . 2010-06-29 23:40   --------   d-----w-   c:\documents and settings\Owner\Application Data\Simply Super Software
2010-06-29 23:40 . 2010-06-29 23:40   --------   d-----w-   c:\documents and settings\All Users\Application Data\Simply Super Software
2010-06-29 02:22 . 2008-04-14 00:12   50176   -c--a-w-   c:\windows\system32\dllcache\proquota.exe
2010-06-29 02:22 . 2008-04-14 00:12   50176   ----a-w-   c:\windows\system32\proquota.exe
2010-06-25 21:18 . 2010-06-27 21:56   664   ----a-w-   c:\windows\system32\d3d9caps.dat
2010-06-25 18:14 . 2010-06-25 18:16   --------   d-----w-   c:\documents and settings\LocalService\Application Data\PriceGong
2010-06-25 18:14 . 2010-06-25 18:14   --------   d-----w-   c:\documents and settings\LocalService\Local Settings\Application Data\Conduit
2010-06-25 18:14 . 2010-06-25 18:14   --------   d-----w-   c:\documents and settings\LocalService\Local Settings\Application Data\Hotspot_Shield
2010-06-25 18:14 . 2010-06-25 18:14   --------   d-----w-   c:\documents and settings\LocalService\Local Settings\Application Data\DVDVideoSoftTB
2010-06-25 02:51 . 2010-06-25 02:51   --------   d-----w-   c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2010-06-24 18:58 . 2010-06-24 18:58   --------   d-----w-   C:\spoolerlogs
2010-06-24 18:46 . 2010-06-24 18:46   203968   ----a-w-   c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-06-24 14:29 . 2010-06-24 15:56   --------   d-----w-   c:\documents and settings\Owner\Application Data\Command and Conquer 4
2010-06-24 14:12 . 2010-06-24 14:12   49664   ----a-w-   c:\documents and settings\Owner\Application Data\dbd85940.exe
2010-06-24 13:49 . 2010-06-29 23:08   --------   d-----w-   c:\documents and settings\Owner\Application Data\PriceGong
2010-06-23 09:47 . 2010-06-23 09:47   --------   d-----w-   c:\documents and settings\Owner\Command & Conquer 3 Tiberium Wars
2010-06-23 03:28 . 2010-06-29 22:43   --------   d-----w-   c:\documents and settings\Owner\Local Settings\Application Data\DVDVideoSoftTB
2010-06-23 03:28 . 2010-06-24 13:49   --------   d-----w-   c:\program files\DVDVideoSoftTB
2010-06-23 03:28 . 2010-06-23 03:28   52224   ----a-w-   c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\xxruvh3u.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\FFExternalAlert.dll
2010-06-23 03:28 . 2010-06-23 03:28   101376   ----a-w-   c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\xxruvh3u.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCore.dll
2010-06-21 01:35 . 2010-06-21 01:35   --------   d-----w-   c:\documents and settings\Owner\Local Settings\Application Data\Ironclad Games
2010-06-21 01:35 . 2010-06-21 01:35   --------   d--h--w-   c:\documents and settings\All Users\Application Data\{0E8E33D8-193A-414A-A909-0F101A142D26}
2010-06-21 01:35 . 2008-01-18 20:26   2763784   ----a-w-   c:\documents and settings\All Users\Application Data\{0E8E33D8-193A-414A-A909-0F101A142D26}\setup.exe
2010-06-21 01:29 . 2010-06-21 01:29   --------   d-----w-   c:\program files\Stardock Games
2010-06-21 01:22 . 2010-06-21 01:22   --------   d-----w-   c:\documents and settings\Owner\Local Settings\Application Data\Stardock
2010-06-20 17:53 . 2010-06-20 17:53   --------   d-----w-   c:\program files\Daniusoft
2010-06-20 17:47 . 2003-03-19 02:20   1060864   ----a-w-   c:\windows\system32\MFC71.DLL
2010-06-20 17:47 . 2010-06-20 17:47   --------   d-----w-   c:\documents and settings\Owner\Local Settings\Application Data\Cucusoft
2010-06-20 17:47 . 2009-07-01 19:16   94854   ----a-w-   c:\windows\system32\HKCU_GNU.reg
2010-06-20 17:47 . 2009-02-26 20:34   2004   ----a-w-   c:\windows\system32\HKLM_GNU.reg
2010-06-20 17:47 . 2008-12-18 05:22   57344   ----a-w-   c:\windows\system32\ff_vfw.dll
2010-06-20 17:47 . 2008-06-15 14:01   60273   ----a-w-   c:\windows\system32\pthreadGC2.dll
2010-06-20 17:47 . 2009-08-12 20:48   270336   ----a-w-   c:\windows\system32\cdg.dll
2010-06-20 17:47 . 2006-09-27 21:46   348160   ----a-w-   c:\windows\system32\cdga.dll
2010-06-20 17:47 . 2006-07-18 01:42   14909   ----a-w-   c:\windows\system32\A_reg.reg
2010-06-20 17:47 . 2010-06-20 17:47   --------   d-----w-   c:\program files\Cucusoft
2010-06-20 17:46 . 2010-06-20 17:47   --------   d-----w-   c:\documents and settings\Owner\Application Data\GetRightToGo
2010-06-20 17:14 . 2010-06-20 17:51   --------   d-----w-   c:\documents and settings\Owner\Application Data\Apple Computer
2010-06-20 17:14 . 2009-05-18 17:17   26600   ----a-w-   c:\windows\system32\drivers\GEARAspiWDM.sys
2010-06-19 19:54 . 2010-06-19 19:54   4710   ----a-r-   c:\documents and settings\Owner\Application Data\Microsoft\Installer\{1FEA83F9-7B47-47FF-8297-08E0D07C26F4}\_7fdf717c.exe
2010-06-19 19:54 . 2010-06-19 19:54   4710   ----a-r-   c:\documents and settings\Owner\Application Data\Microsoft\Installer\{1FEA83F9-7B47-47FF-8297-08E0D07C26F4}\_3f947574.exe
2010-06-19 19:54 . 2010-06-19 19:54   4710   ----a-r-   c:\documents and settings\Owner\Application Data\Microsoft\Installer\{1FEA83F9-7B47-47FF-8297-08E0D07C26F4}\_188e3184.exe
2010-06-19 19:54 . 2010-06-19 19:54   1078   ----a-r-   c:\documents and settings\Owner\Application Data\Microsoft\Installer\{1FEA83F9-7B47-47FF-8297-08E0D07C26F4}\_2e8633c1.exe
2010-06-19 19:54 . 2010-06-19 19:54   --------   d-----w-   c:\program files\PAK Explorer
2010-06-19 00:33 . 2010-06-30 19:34   --------   d-----w-   c:\documents and settings\LocalService\Local Settings\Application Data\LogMeIn Hamachi
2010-06-19 00:33 . 2010-06-30 19:19   --------   d-----w-   c:\documents and settings\Owner\Local Settings\Application Data\LogMeIn Hamachi
2010-06-19 00:33 . 2010-06-19 00:33   --------   d-----w-   c:\program files\LogMeIn Hamachi
2010-06-18 14:02 . 2010-06-19 04:27   --------   d-----w-   c:\program files\SpeedFan
2010-06-18 13:49 . 2010-06-18 13:54   --------   d-----w-   c:\program files\CPU Thermometer
2010-06-16 00:01 . 2010-06-16 00:01   72504   ----a-w-   c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
2010-06-15 01:36 . 2010-06-15 01:41   --------   d-----w-   c:\documents and settings\Owner\wurm
2010-06-15 01:35 . 2010-06-15 01:35   61952   ----a-w-   c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\34\f83d062-3122e20d-2.4.2--n\jinput-dx8.dll
2010-06-15 01:35 . 2010-06-15 01:35   59392   ----a-w-   c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\34\f83d062-3122e20d-2.4.2--n\jinput-raw.dll
2010-06-15 01:35 . 2010-06-15 01:35   20480   ----a-w-   c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\30\3ab3ff1e-5d215454-1.1.1--n\jogl_awt.dll
2010-06-15 01:35 . 2010-06-15 01:35   315392   ----a-w-   c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\30\3ab3ff1e-5d215454-1.1.1--n\jogl.dll
2010-06-15 01:35 . 2010-06-15 01:35   20480   ----a-w-   c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\20\68ca514-35036d87-1.0b06--n\gluegen-rt.dll
2010-06-15 01:35 . 2010-06-15 01:35   193024   ----a-w-   c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\34\f83d062-3122e20d-2.4.2--n\lwjgl.dll
2010-06-15 01:35 . 2010-06-15 01:35   114688   ----a-w-   c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\30\3ab3ff1e-5d215454-1.1.1--n\jogl_cg.dll
2010-06-15 01:35 . 2010-06-15 01:35   108032   ----a-w-   c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\34\f83d062-3122e20d-2.4.2--n\OpenAL32.dll
2010-06-13 00:53 . 2010-06-13 00:57   --------   d-----w-   c:\documents and settings\Owner\Local Settings\Application Data\Oblivion
2010-06-09 09:37 . 2010-06-09 09:37   --------   d-----w-   c:\program files\Ubisoft
2010-06-08 02:18 . 2010-06-08 02:18   --------   d-----w-   c:\program files\MegaDev
2010-06-08 02:16 . 2010-06-29 01:19   120   ----a-w-   c:\windows\Ivedetilarejuco.dat
2010-06-08 02:16 . 2010-06-28 12:11   0   ----a-w-   c:\windows\Xsuyo.bin
2010-06-08 02:15 . 2010-06-08 02:15   --------   d-----w-   c:\windows\system32\msapps
2010-06-06 12:30 . 2010-06-06 12:30   --------   d-----w-   c:\documents and settings\All Users\Application Data\Solidshield
2010-06-06 11:32 . 2010-06-06 11:32   --------   d-----w-   c:\program files\GameSpy
2010-06-06 04:35 . 2010-06-06 04:35   503808   ----a-w-   c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7514f039-n\msvcp71.dll
2010-06-06 04:35 . 2010-06-06 04:35   499712   ----a-w-   c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7514f039-n\jmc.dll
2010-06-06 04:35 . 2010-06-06 04:35   348160   ----a-w-   c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7514f039-n\msvcr71.dll
2010-06-06 04:35 . 2010-06-06 04:35   12800   ----a-w-   c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-404cc129-n\decora-d3d.dll
2010-06-06 04:35 . 2010-06-06 04:35   61440   ----a-w-   c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-404cc129-n\decora-sse.dll
2010-06-06 01:57 . 2010-06-06 12:30   --------   d-----w-   c:\documents and settings\Owner\Application Data\Ubisoft
2010-06-06 01:55 . 2010-06-06 01:55   --------   d-----w-   c:\documents and settings\Owner\Application Data\SeriousBit
2010-06-06 01:54 . 2010-06-06 01:54   --------   d-----w-   C:\SeriousBit
2010-06-06 01:54 . 2010-06-06 01:55   --------   d-----w-   c:\program files\NetBalancer
2010-06-06 01:51 . 2010-05-15 04:04   28776   ----a-w-   c:\windows\system32\drivers\nbdrv.sys
2010-06-06 00:32 . 2010-06-06 00:32   --------   d-----w-   c:\documents and settings\Owner\Application Data\Roaming
2010-06-05 17:48 . 2010-06-05 17:48   --------   d-----w-   c:\documents and settings\All Users\Application Data\hsswpr
2010-06-05 17:38 . 2010-06-24 13:49   --------   d-----w-   c:\documents and settings\Owner\Local Settings\Application Data\Conduit
2010-06-05 17:38 . 2010-06-05 17:49   --------   d-----w-   c:\documents and settings\Owner\Local Settings\Application Data\Hotspot_Shield
2010-06-05 17:38 . 2010-06-05 17:38   --------   d-----w-   c:\program files\Conduit
2010-06-05 17:38 . 2010-06-05 17:49   --------   d-----w-   c:\program files\Hotspot_Shield
2010-06-05 17:36 . 2010-06-05 17:48   --------   d-----w-   C:\Hotspot Shield
2010-06-05 01:09 . 2010-06-05 01:09   411368   ----a-w-   c:\windows\system32\deployJava1.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-30 02:02 . 2006-09-26 18:28   --------   d-----w-   c:\program files\Java
2010-06-30 01:52 . 2009-03-19 11:33   --------   d-----w-   c:\documents and settings\Owner\Application Data\BitTorrent
2010-06-29 23:58 . 2009-01-25 04:49   --------   d---a-w-   c:\documents and settings\All Users\Application Data\TEMP
2010-06-29 13:43 . 2010-03-20 05:05   52224   ----a-w-   c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-06-29 13:43 . 2009-05-31 18:44   117760   ----a-w-   c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-06-29 13:38 . 2006-09-26 18:35   --------   d-----w-   c:\documents and settings\All Users\Application Data\Viewpoint
2010-06-29 02:21 . 2008-11-16 04:07   --------   d-----w-   c:\program files\Cheat Engine
2010-06-28 00:29 . 2006-09-26 18:27   --------   d--h--w-   c:\program files\InstallShield Installation Information
2010-06-24 22:28 . 2009-06-03 01:14   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2010-06-24 13:28 . 2008-01-13 16:48   --------   d-----w-   c:\program files\Electronic Arts
2010-06-23 03:23 . 2010-05-01 02:03   --------   d-----w-   c:\documents and settings\Owner\Application Data\DVDVideoSoftIEHelpers
2010-06-23 03:22 . 2008-12-19 15:19   --------   d-----w-   c:\program files\Common Files\DVDVideoSoft
2010-06-20 17:14 . 2010-06-20 17:13   --------   d-----w-   c:\program files\iTunes
2010-06-20 17:14 . 2010-06-20 17:13   --------   d-----w-   c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-06-20 17:13 . 2010-06-20 17:13   --------   d-----w-   c:\program files\iPod
2010-06-20 17:13 . 2010-06-20 17:10   --------   d-----w-   c:\program files\Common Files\Apple
2010-06-20 17:13 . 2010-06-20 17:11   --------   d-----w-   c:\documents and settings\All Users\Application Data\Apple Computer
2010-06-20 17:12 . 2006-09-26 18:36   --------   d-----w-   c:\program files\QuickTime
2010-06-20 17:11 . 2010-06-20 17:11   --------   d-----w-   c:\program files\Apple Software Update
2010-06-20 17:10 . 2010-06-20 17:10   --------   d-----w-   c:\program files\Bonjour
2010-06-20 17:10 . 2010-06-20 17:10   --------   d-----w-   c:\documents and settings\All Users\Application Data\Apple
2010-06-11 19:00 . 2008-05-08 00:02   --------   d-----w-   c:\program files\Post Nuke 2 D Game
2010-06-10 17:07 . 2008-11-04 21:43   42   ----a-w-   c:\documents and settings\Owner\jagex_runescape_preferences.dat
2010-06-07 19:49 . 2009-09-13 20:08   87   ----a-w-   c:\documents and settings\Owner\jagex_runescape_preferences2.dat
2010-06-06 18:17 . 2007-12-26 00:59   101984   ----a-w-   c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-06 11:33 . 2008-01-02 21:31   107888   ----a-w-   c:\windows\system32\CmdLineExt.dll
2010-06-06 11:31 . 2010-03-27 12:42   22328   ----a-w-   c:\windows\system32\drivers\PnkBstrK.sys
2010-06-06 11:31 . 2009-07-13 20:08   22328   ----a-w-   c:\documents and settings\Owner\Application Data\PnkBstrK.sys
2010-06-06 11:31 . 2009-07-13 20:08   22328   ----a-w-   c:\documents and settings\Owner\Application Data\PnkBstrK.sys
2010-06-06 11:31 . 2008-02-09 20:00   103736   ----a-w-   c:\windows\system32\PnkBstrB.exe
2010-06-06 11:31 . 2008-02-09 20:00   66872   ----a-w-   c:\windows\system32\PnkBstrA.exe
2010-06-06 11:31 . 2009-07-13 20:07   669184   ----a-w-   c:\windows\system32\pbsvc.exe
2010-06-05 01:10 . 2006-09-26 18:28   --------   d-----w-   c:\program files\Common Files\Java
2010-06-05 01:01 . 2010-01-23 05:53   --------   d-----w-   c:\program files\RS2Botv2
2010-05-31 20:19 . 2009-10-19 12:15   0   ----a-w-   c:\documents and settings\Owner\ntuser.tmp
2010-05-30 20:16 . 2008-04-26 15:13   --------   d-----w-   c:\program files\EA GAMES
2010-05-29 15:25 . 2010-01-08 21:51   --------   d-----w-   c:\documents and settings\Owner\Application Data\Tropico 3
2010-05-21 01:07 . 2010-05-21 01:07   --------   d-----w-   c:\documents and settings\Owner\Application Data\ElevatedDiagnostics
2010-05-18 20:35 . 2010-05-18 20:35   91424   ----a-w-   c:\windows\system32\dnssd.dll
2010-05-18 20:35 . 2010-05-18 20:35   75040   ----a-w-   c:\windows\system32\jdns_sd.dll
2010-05-18 20:35 . 2010-05-18 20:35   197920   ----a-w-   c:\windows\system32\dnssdX.dll
2010-05-18 20:35 . 2010-05-18 20:35   107808   ----a-w-   c:\windows\system32\dns-sd.exe
2010-05-13 22:05 . 2010-05-13 22:05   32768   ----a-w-   c:\windows\system32\drivers\taphss.sys
2010-05-13 10:11 . 2009-05-14 13:31   --------   d-----w-   c:\documents and settings\All Users\Application Data\Microsoft Help
2010-05-12 10:22 . 2006-09-26 18:23   --------   d-----w-   c:\program files\Google
2010-05-09 19:12 . 2009-03-19 11:32   --------   d-----w-   c:\documents and settings\Owner\Application Data\DNA
2010-05-06 20:34 . 2009-03-19 11:32   --------   d-----w-   c:\program files\DNA
2010-05-06 01:22 . 2009-03-19 21:19   --------   d-----w-   c:\program files\AV Vcs 6.0 DIAMOND
2010-05-06 00:06 . 2010-05-06 00:06   --------   d-----w-   c:\program files\CPUID
2010-05-04 21:48 . 2008-10-14 02:25   --------   d-----w-   c:\program files\GameSpy Arcade
2010-05-01 15:56 . 2010-05-01 15:56   0   ----a-w-   c:\documents and settings\Owner\jagex__preferences3.dat
2010-04-29 19:39 . 2009-06-03 01:14   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39 . 2009-06-03 01:14   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
2010-04-20 00:47 . 2010-06-20 17:11   3062048   ----a-w-   c:\windows\system32\usbaaplrc.dll
2010-04-20 00:47 . 2010-06-20 17:11   41984   ----a-w-   c:\windows\system32\drivers\usbaapl.sys
2010-04-14 23:56 . 2009-09-04 19:32   25   ----a-w-   c:\windows\popcinfot.dat
2008-10-25 16:38 . 2008-10-25 16:38   13065   ----a-w-   c:\program files\Common Files\ferowe.db
2008-03-20 02:34 . 2008-03-19 23:41   414944   ----a-w-   c:\program files\COMCT332.OCX
2009-05-01 21:02 . 2009-05-01 21:02   1044480   ----a-w-   c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02   200704   ----a-w-   c:\program files\mozilla firefox\plugins\ssldivx.dll
.

------- Sigcheck -------

[-] 2009-05-01 . D24EA301E2B36C4E975FD216CA85D8E7 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\TCPIP.SYS
[-] 2009-05-01 . D24EA301E2B36C4E975FD216CA85D8E7 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\TCPIP.SYS
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\TCPIP.SYS
[-] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys
[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB941644$\tcpip.sys
[-] 2006-01-14 . 5562CC0A47B2AEF06D3417B733F3C195 . 360448 . . [5.1.2600.2827] . . c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[-] 2006-01-13 . 583E063FDC888CA30D05C2724B0D7EF4 . 359808 . . [5.1.2600.2827] . . c:\windows\$NtUninstallKB917953$\tcpip.sys
[-] 2005-05-26 . 63FDFEA54EB53DE2D863EE454937CE1E . 359936 . . [5.1.2600.2685] . . c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[-] 2005-05-26 . 88763A98A4C26C409741B4AA162720C9 . 359808 . . [5.1.2600.2685] . . c:\windows\$NtUninstallKB913446$\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2010-06-24 13:49   2736736   ----a-w-   c:\program files\DVDVideoSoftTB\tbDVD1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]
2010-06-05 17:49   2515552   ----a-w-   c:\program files\Hotspot_Shield\tbHot1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{c95a4e8e-816d-4655-8c79-d736da1adb6d}"= "c:\program files\Hotspot_Shield\tbHot1.dll" [2010-06-05 2515552]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\tbDVD1.dll" [2010-06-24 2736736]

[HKEY_CLASSES_ROOT\clsid\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]

[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}"= "c:\program files\Hotspot_Shield\tbHot1.dll" [2010-06-05 2515552]
"{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\program files\DVDVideoSoftTB\tbDVD1.dll" [2010-06-24 2736736]

[HKEY_CLASSES_ROOT\clsid\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]

[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-07-09 1657376]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-14 13877248]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-07-14 86016]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-11-09 180224]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-19 421888]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2010-03-30 1820040]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2010-02-28 1165192]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
NETGEAR WN111v2 Smart Wizard.lnk - c:\program files\NETGEAR\WN111v2\WN111V2.exe [2008-12-2 1503306]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
backup=c:\windows\pss\BigFix.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress]
NA [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-09-11 07:43   67488   ----a-w-   c:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
2009-07-09 20:07   49968   ----a-w-   c:\program files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 10:43   69632   ----a-w-   c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection]
2004-10-19 00:42   79448   ----a-w-   c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2008-04-17 22:14   98616   ----a-w-   c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2005-08-14 04:05   344064   ----a-w-   c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2010-05-06 20:34   323392   ----a-w-   c:\program files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12   15360   ----a-w-   c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
2009-03-28 21:11   3325952   ----a-w-   c:\program files\Electronic Arts\EADM\Core.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2006-09-26 18:23   169984   ----a-w-   c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 18:44   31072   ----a-w-   c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Portfolio]
2005-08-17 19:41   749568   ----a-w-   c:\program files\Microsoft Works\WksSb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
2000-07-13 20:00   28739   ----a-w-   c:\program files\Microsoft Works\WkDetect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2007-01-19 19:54   5674352   ----a-w-   c:\program files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2009-06-10 15:29   1657376   ----a-w-   c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-19 02:16   421888   ----a-w-   c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
2002-09-14 06:42   212992   -c--a-w-   c:\windows\SMINST\Recguard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
2005-02-26 01:24   966656   ----a-w-   c:\windows\creator\Remind_XP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2005-01-12 10:01   32768   ----a-w-   c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2006-04-17 07:34   16143872   ----a-w-   c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2008-08-30 01:11   61440   ----a-w-   c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-05-30 23:45   68856   ----a-w-   c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2009]
2008-08-26 16:48   2019624   ----a-w-   c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorksFUD]
2000-07-13 20:00   24576   ----a-w-   c:\program files\Microsoft Works\wkfud.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"h:\\Files\\Steam\\Steam.exe"=
"h:\\Files\\Steam\\steamapps\\binkow195\\half-life\\hl.exe"=
"h:\\Files\\Steam\\steamapps\\binkow195\\dedicated server\\hlds.exe"=
"h:\\Files\\Steam\\steamapps\\binkow195\\counter-strike\\hl.exe"=
"h:\\Files\\Steam\\steamapps\\binkow195\\team fortress classic\\hl.exe"=
"h:\\Files\\Steam\\steamapps\\common\\borderlands\\Binaries\\Borderlands.exe"=
"h:\\Files\\Steam\\steamapps\\binkow195\\day of defeat\\hl.exe"=
"h:\\Files\\Steam\\steamapps\\common\\family feud\\FamilyFeud.exe"=
"h:\\Files\\Steam\\steamapps\\common\\cabela's trophy bucks\\Bin\\Ctb.exe"=
"h:\\Files\\Steam\\steamapps\\common\\family feud 2\\FamilyFeud.exe"=
"h:\\Files\\Steam\\steamapps\\binkow195\\opposing force\\hl.exe"=
"h:\\Files\\Steam\\steamapps\\common\\family feud 3\\FamilyFeud3.exe"=
"h:\\Files\\Steam\\steamapps\\binkow195\\ricochet\\hl.exe"=
"h:\\Files\\Steam\\steamapps\\common\\family feud 4\\FamilyFeud4.exe"=
"h:\\Files\\Steam\\steamapps\\common\\battlefield bad company 2\\Support\\EA Help\\Electronic_Arts_Technical_Support.htm"=
"h:\\Files\\Steam\\steamapps\\common\\bioshock\\Builds\\Release\\Bioshock.exe"=
"h:\\Files\\Steam\\steamapps\\common\\world in conflict\\wic.exe"=
"h:\\Files\\Steam\\steamapps\\common\\call of duty 4\\iw3sp.exe"=
"h:\\Files\\Steam\\steamapps\\common\\call of duty 4\\iw3mp.exe"=
"h:\\Files\\Steam\\steamapps\\common\\battlefield bad company 2\\BFBC2Game.exe"=
"h:\\Files\\Steam\\steamapps\\common\\call of duty modern warfare 2\\iw4mp.exe"=
"h:\\Files\\Steam\\steamapps\\common\\defensegridtheawakening\\DefenseGrid.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"h:\\Files\\Steam\\steamapps\\common\\tropico 3\\tropico3.exe"=
"c:\\WINDOWS\\network diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"h:\\Files\\Steam\\steamapps\\common\\dawn of discovery\\tools\\AddonWeb.exe"=
"h:\\Files\\Steam\\steamapps\\common\\dawn of war 2\\DOW2.exe"=
"h:\\Files\\Steam\\steamapps\\binkow195\\zombie panic! source\\hl2.exe"=
"h:\\Files\\Steam\\steamapps\\common\\oblivion\\OblivionLauncher.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Stardock Games\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"=
"h:\\Files\\Steam\\steamapps\\common\\call of duty modern warfare 2\\iw4sp.exe"=
"h:\\Files\\Steam\\steamapps\\common\\left 4 dead 2\\left4dead2.exe"=
"h:\\Files\\Steam\\steamapps\\binkow195\\counter-strike source\\hl2.exe"=
"h:\\Files\\Steam\\steamapps\\common\\crysis\\Bin32\\Crysis.exe"=
"h:\\Files\\Games\\Settlers7\\Data\\Base\\_Dbg\\Bin\\Release\\Settlers7R.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"h:\\Files\\Steam\\steamapps\\common\\men of war\\mow.exe"=
"c:\\Program Files\\Microsoft Games\\Rise of Nations\\thrones.exe"=
"c:\\Program Files\\Microsoft Games\\Rise of Nations\\nations.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"h:\\Files\\Steam\\steamapps\\common\\arma 2\\ArmA2Server.exe"=
"h:\\Files\\Steam\\steamapps\\binkow195\\garrysmod\\hl2.exe"=
"h:\\Files\\Steam\\steamapps\\common\\arma 2\\arma2.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6881:TCP"= 6881:TCP:Downloads

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [5/14/2009 5:22 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/14/2009 5:22 PM 72944]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [6/12/2009 6:42 PM 135336]
R2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [5/5/2010 8:06 PM 20968]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [3/30/2010 11:16 AM 1107336]
R2 NetBalancer Windows Service;NetBalancer Windows Service;c:\program files\NetBalancer\SeriousBit.NetBalancer.Service.exe [6/5/2010 9:54 PM 10752]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [10/1/2008 7:45 PM 57440]
R3 Nbdrv;NetBalancer Service;c:\windows\system32\drivers\nbdrv.sys [6/5/2010 9:51 PM 28776]
S2 gupdate1c9a9d8168cc888;Google Update Service (gupdate1c9a9d8168cc888);c:\program files\Google\Update\GoogleUpdate.exe [3/20/2009 11:49 PM 133104]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [7/24/2003 3:10 PM 17149]
S3 el575nd5;3Com Megahertz 10/100 LAN CardBus PC Card Driver;c:\windows\system32\drivers\el575ND5.sys [7/1/2006 12:44 AM 69692]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\NETGEAR\WN111v2\jswpsapi.exe [2/27/2008 2:54 PM 360547]
S3 Mnmderywwcd;Mnmderywwcd;

S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/14/2009 5:22 PM 7408]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [3/27/2009 5:23 PM 23064]
S3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\drivers\WN111v2.sys [9/30/2008 6:24 AM 453120]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [5/19/2009 6:35 PM 691696]
.
Contents of the 'Scheduled Tasks' folder

2010-06-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]

2010-06-30 c:\windows\Tasks\dbd85940.job
- c:\documents and settings\Owner\Application Data\dbd85940.exe [2010-06-24 14:12]

2010-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-21 03:49]

2010-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-21 03:49]

2007-12-26 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2006-05-07 00:12]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = <local>
DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} - hxxp://dist.globalgamecdn.com/dist/neffy/NeffyLauncher.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\xxruvh3u.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?invocationType=bu10aiminstabie7&sredir=2706&query=
FF - component: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\xxruvh3u.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\xxruvh3u.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCore.dll
FF - component: c:\program files\Common Files\DVDVideoSoft\Dll\FFContextMenuY\components\FFContextMenu.dll
FF - component: c:\program files\Google\Google Gears\Firefox\lib\ff35\gears.dll
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_ everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_a s_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
ShellExecuteHooks-{3ccae3b2-9dc3-4f1f-998d-6f9e21bdaef9} - (no file)
MSConfigStartUp-MCAgentExe - c:\progra~1\mcafee.com\agent\mcagent.exe
MSConfigStartUp-MCUpdateExe - c:\progra~1\mcafee.com\agent\McUpdate.exe
MSConfigStartUp-MPFEXE - c:\progra~1\McAfee.com\PERSON~1\MpfTray.exe
MSConfigStartUp-MSKDetectorExe - c:\progra~1\McAfee\SPAMKI~1\MSKDetct.exe
MSConfigStartUp-OASClnt - c:\program files\McAfee.com\VSO\oasclnt.exe
MSConfigStartUp-Odegetabejuyoku - c:\windows\ijugirifad.dll
MSConfigStartUp-Steam - c:\documents and settings\owner\desktop\steam\steam.exe
MSConfigStartUp-VirusScan Online - c:\progra~1\mcafee.com\vso\mcvsshld.exe
MSConfigStartUp-VSOCheckTask - c:\progra~1\McAfee.com\VSO\mcmnhdlr.exe
AddRemove-ArmA 2 - h:\files\Games\Bohemia Interactive\UnInstall.exe
AddRemove-CrosuS - c:\program files\CrosuS\uninstall.exe
AddRemove-Logon Loader - c:\program files\Logon Loader\uninst.exe
AddRemove-NSSSetupTemp.{3FADAA19-E595-44CA-A072-58B6B0851768} - c:\program files\Common Files\Symantec Shared\NSSSetup\{3FADAA19-E595-44CA-A072-58B6B0851768}_2_0_0\NSSSetup.exe
AddRemove-SSIII Solo Ultratus - c:\program files\SSIII Solo Ultratus\uninst.exe
AddRemove-Steam - c:\docume~1\Owner\Desktop\steam\UNWISE.EXE
AddRemove-Steam App 17500 - c:\documents and settings\owner\desktop\steam\steam.exe
AddRemove-Steam App 205 - c:\documents and settings\Owner\Desktop\steam\steam.exe
AddRemove-Steam App 218 - c:\documents and settings\owner\desktop\steam\steam.exe
AddRemove-Steam App 33900 - c:\documents and settings\Owner\Desktop\steam\steam.exe
AddRemove-Steam App 4000 - c:\documents and settings\Owner\Desktop\steam\steam.exe
AddRemove-Steam App 5 - c:\documents and settings\owner\desktop\steam\steam.exe
AddRemove-Steam App 550 - c:\documents and settings\Owner\Desktop\steam\steam.exe
AddRemove-Steam App 70 - c:\documents and settings\owner\desktop\steam\steam.exe
AddRemove-Wyvern Client - c:\progra~1\Java\JRE15~1.0_0\bin\javaw.exe
AddRemove-Wyvern Map Editor - c:\progra~1\Java\JRE15~1.0_0\bin\javaw.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-30 15:33
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3622105252-4212685542-302905379-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:ee,51,dc,78,11,1e,2d,6e,32,46,b3,96,8a,47,b1,23,24,da,51,8c,e6,d8,a6,
43,44,8d,09,e2,25,b1,e1,2b,09,e2,91,16,b3,16,83,ed,aa,e1,7a,cd,35,e4,a2,fd,\
"??"=hex:d2,8a,3d,7f,d6,ee,ff,ab,38,51,7b,8c,dc,d7,d2,0c

[HKEY_USERS\S-1-5-21-3622105252-4212685542-302905379-1003\Software\SecuROM\License information*]
"datasecu"=hex:79,50,6f,67,d0,1b,76,a1,5c,00,75,9c,a3,1a,39,64,45,51,4b,4e,86,
48,5a,7e,d4,ec,62,74,5f,97,b7,e1,34,15,2e,99,21,b2,24,7a,ae,dd,e0,f1,ed,08,\
"rkeysecu"=hex:7d,40,10,cb,c7,39,e0,67,0a,69,a8,47,07,da,5b,5c

[HKEY_LOCAL_MACHINE\software\Microsoft\MS Optimization\JKWL]
@DACL=(02 0000)
"LU"="http://www.google.com/search?hl=en&q=&rlz=1R2GWYE_en&aq=f&oq="
"CT"=dword:00000001
"LT"=hex:59,35,4e,0e,31,d6,c9,01
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1568)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-06-30 15:42:44
ComboFix-quarantined-files.txt 2010-06-30 19:42

Pre-Run: 24,838,205,440 bytes free
Post-Run: 24,280,346,624 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

Current=2 Default=2 Failed=3 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 3A96BF718C1CFC8BF4B59B073C75F974
]

SuperDave · « **Reply #12 on:** June 30, 2010, 04:39:58 PM »

What browser are you using?

You have Viewpoint installed.

Viewpoint Media Player/Manager/Toolbar is considered as Foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad".

More information:

* ViewMgr.exe - Useless
* Viewpoint to Plunge Into Adware

It is suggested to remove the program now. Go to Start > Control Panel > Add/Remove Programs - (Vista & Win7 is Programs and Features) and remove the following programs if present.

* Viewpoint
* Viewpoint Manager
* Viewpoint Media Player
* Viewpoint Toolbar
* Viewpoint Experience Technology

==========================

P2P - I see you have P2P software installed on your machine. (BitTorrent) We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It is certainly contributing to your current situation.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

==================================

Registry cleaners are extremely powerful applications and their potential for harming your OS far outweighs any small potential for improving your computer's performance.

There are a number of them available and some are more safe than others. Keep in mind that no two registry cleaners work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad" entry. One cleaner may find entries on your system that will not cause a problem when removed, another may not find the same entries, and still another may want to remove entries required for a program to work. Without research into what the registry entry selected for deletion is, a registry cleaner can end up being an automated method to cause problems with the registry.

For routine use by those not familiar with the registry, the benefits to your computer are negligible while the potential risks are great.

Further reading: XP Fixes Myth #1: Registry Cleaners
If you agree, please uninstall RegistryBooster

=================================

Re-running ComboFix to remove infections:

Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open notepad and copy/paste the text in the quotebox below into it:
Quote
KillAll::

File::
c:\windows\Ivedetilarejuco.dat
c:\windows\Xsuyo.bin
c:\windows\popcinfot.dat
c:\windows\Alcmtr.exe

DDS::
uInternet Settings,ProxyOverride = <local>

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
Save this as CFScript.txt, in the same location as ComboFix.exe
Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt
Please post the contents of the log in your next reply.

binkow · « **Reply #13 on:** July 01, 2010, 08:10:26 AM »

I use firefox

There is no viewpoint anything anymore under add/remove programs since I did uninstall it before like you said. I uninstalled registry booster too.

Not to worry, the only reason I even use bit torrent is to be able to download a couple files that could even be opened with that. It was just some photos though and another time it was just some junk.

Here's the log:

Code: [Select]

ComboFix 10-06-29.04 - Owner 07/01/2010   9:37.4.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.2046.1567 [GMT -4:00]
Running from: J:\ComboFix.exe
Command switches used :: J:\CFScript.txt
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

FILE ::
"c:\windows\Alcmtr.exe"
"c:\windows\Ivedetilarejuco.dat"
"c:\windows\popcinfot.dat"
"c:\windows\Xsuyo.bin"
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Alcmtr.exe
c:\windows\Ivedetilarejuco.dat
c:\windows\popcinfot.dat
c:\windows\Xsuyo.bin

.
(((((((((((((((((((((((((   Files Created from 2010-06-01 to 2010-07-01  )))))))))))))))))))))))))))))))
.

2010-07-01 13:46 . 2010-07-01 13:46 49664 ----a-w- c:\windows\system32\ernel32.dll
2010-07-01 13:46 . 2010-06-24 14:12 49664 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\C3sK93gM9.dll
2010-06-29 23:40 . 2006-06-19 16:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2010-06-29 23:40 . 2006-05-25 18:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2010-06-29 23:40 . 2005-08-26 04:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2010-06-29 23:40 . 2003-02-02 23:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2010-06-29 23:40 . 2002-03-06 04:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2010-06-29 23:40 . 2010-06-29 23:55 -------- d-----w- c:\program files\Trojan Remover
2010-06-29 23:40 . 2010-06-29 23:40 -------- d-----w- c:\documents and settings\Owner\Application Data\Simply Super Software
2010-06-29 23:40 . 2010-06-29 23:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software
2010-06-29 02:22 . 2008-04-14 00:12 50176 -c--a-w- c:\windows\system32\dllcache\proquota.exe
2010-06-29 02:22 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2010-06-25 21:18 . 2010-06-27 21:56 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-25 18:14 . 2010-06-25 18:16 -------- d-----w- c:\documents and settings\LocalService\Application Data\PriceGong
2010-06-25 18:14 . 2010-06-25 18:14 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Conduit
2010-06-25 18:14 . 2010-06-25 18:14 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Hotspot_Shield
2010-06-25 18:14 . 2010-06-25 18:14 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\DVDVideoSoftTB
2010-06-25 02:51 . 2010-06-25 02:51 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2010-06-24 18:58 . 2010-06-24 18:58 -------- d-----w- C:\spoolerlogs
2010-06-24 18:46 . 2010-06-24 18:46 203968 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-06-24 14:29 . 2010-06-24 15:56 -------- d-----w- c:\documents and settings\Owner\Application Data\Command and Conquer 4
2010-06-24 13:49 . 2010-06-29 23:08 -------- d-----w- c:\documents and settings\Owner\Application Data\PriceGong
2010-06-23 09:47 . 2010-06-23 09:47 -------- d-----w- c:\documents and settings\Owner\Command & Conquer 3 Tiberium Wars
2010-06-23 03:28 . 2010-06-29 22:43 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\DVDVideoSoftTB
2010-06-23 03:28 . 2010-06-24 13:49 -------- d-----w- c:\program files\DVDVideoSoftTB
2010-06-21 01:35 . 2010-06-21 01:35 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Ironclad Games
2010-06-21 01:35 . 2010-06-21 01:35 -------- d--h--w- c:\documents and settings\All Users\Application Data\{0E8E33D8-193A-414A-A909-0F101A142D26}
2010-06-21 01:29 . 2010-06-21 01:29 -------- d-----w- c:\program files\Stardock Games
2010-06-21 01:22 . 2010-06-21 01:22 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Stardock
2010-06-20 17:53 . 2010-06-20 17:53 -------- d-----w- c:\program files\Daniusoft
2010-06-20 17:47 . 2003-03-19 02:20 1060864 ----a-w- c:\windows\system32\MFC71.DLL
2010-06-20 17:47 . 2010-06-20 17:47 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Cucusoft
2010-06-20 17:47 . 2009-07-01 19:16 94854 ----a-w- c:\windows\system32\HKCU_GNU.reg
2010-06-20 17:47 . 2009-02-26 20:34 2004 ----a-w- c:\windows\system32\HKLM_GNU.reg
2010-06-20 17:47 . 2008-12-18 05:22 57344 ----a-w- c:\windows\system32\ff_vfw.dll
2010-06-20 17:47 . 2008-06-15 14:01 60273 ----a-w- c:\windows\system32\pthreadGC2.dll
2010-06-20 17:47 . 2009-08-12 20:48 270336 ----a-w- c:\windows\system32\cdg.dll
2010-06-20 17:47 . 2006-09-27 21:46 348160 ----a-w- c:\windows\system32\cdga.dll
2010-06-20 17:47 . 2006-07-18 01:42 14909 ----a-w- c:\windows\system32\A_reg.reg
2010-06-20 17:47 . 2010-06-20 17:47 -------- d-----w- c:\program files\Cucusoft
2010-06-20 17:46 . 2010-06-20 17:47 -------- d-----w- c:\documents and settings\Owner\Application Data\GetRightToGo
2010-06-20 17:14 . 2010-06-20 17:51 -------- d-----w- c:\documents and settings\Owner\Application Data\Apple Computer
2010-06-20 17:14 . 2009-05-18 17:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-06-19 19:54 . 2010-06-19 19:54 -------- d-----w- c:\program files\PAK Explorer
2010-06-19 00:33 . 2010-07-01 13:48 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\LogMeIn Hamachi
2010-06-19 00:33 . 2010-07-01 13:48 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\LogMeIn Hamachi
2010-06-19 00:33 . 2010-06-19 00:33 -------- d-----w- c:\program files\LogMeIn Hamachi
2010-06-18 14:02 . 2010-06-19 04:27 -------- d-----w- c:\program files\SpeedFan
2010-06-18 13:49 . 2010-06-18 13:54 -------- d-----w- c:\program files\CPU Thermometer
2010-06-15 01:36 . 2010-06-15 01:41 -------- d-----w- c:\documents and settings\Owner\wurm
2010-06-13 00:53 . 2010-06-13 00:57 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Oblivion
2010-06-09 09:37 . 2010-06-09 09:37 -------- d-----w- c:\program files\Ubisoft
2010-06-08 02:18 . 2010-06-08 02:18 -------- d-----w- c:\program files\MegaDev
2010-06-08 02:15 . 2010-06-08 02:15 -------- d-----w- c:\windows\system32\msapps
2010-06-06 12:30 . 2010-06-06 12:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Solidshield
2010-06-06 11:32 . 2010-06-06 11:32 -------- d-----w- c:\program files\GameSpy
2010-06-06 01:57 . 2010-06-06 12:30 -------- d-----w- c:\documents and settings\Owner\Application Data\Ubisoft
2010-06-06 01:55 . 2010-06-06 01:55 -------- d-----w- c:\documents and settings\Owner\Application Data\SeriousBit
2010-06-06 01:54 . 2010-06-06 01:54 -------- d-----w- C:\SeriousBit
2010-06-06 01:54 . 2010-06-06 01:55 -------- d-----w- c:\program files\NetBalancer
2010-06-06 01:51 . 2010-05-15 04:04 28776 ----a-w- c:\windows\system32\drivers\nbdrv.sys
2010-06-06 00:32 . 2010-06-06 00:32 -------- d-----w- c:\documents and settings\Owner\Application Data\Roaming
2010-06-05 17:48 . 2010-06-05 17:48 -------- d-----w- c:\documents and settings\All Users\Application Data\hsswpr
2010-06-05 17:38 . 2010-06-24 13:49 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Conduit
2010-06-05 17:38 . 2010-06-05 17:49 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Hotspot_Shield
2010-06-05 17:38 . 2010-06-05 17:38 -------- d-----w- c:\program files\Conduit
2010-06-05 17:38 . 2010-06-05 17:49 -------- d-----w- c:\program files\Hotspot_Shield
2010-06-05 17:36 . 2010-06-05 17:48 -------- d-----w- C:\Hotspot Shield
2010-06-05 01:09 . 2010-06-05 01:09 411368 ----a-w- c:\windows\system32\deployJava1.dll

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-30 02:02 . 2006-09-26 18:28 -------- d-----w- c:\program files\Java
2010-06-30 01:52 . 2009-03-19 11:33 -------- d-----w- c:\documents and settings\Owner\Application Data\BitTorrent
2010-06-29 23:58 . 2009-01-25 04:49 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-06-29 13:38 . 2006-09-26 18:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2010-06-29 02:21 . 2008-11-16 04:07 -------- d-----w- c:\program files\Cheat Engine
2010-06-28 00:29 . 2006-09-26 18:27 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-24 22:28 . 2009-06-03 01:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-24 14:12 . 2010-06-24 14:12 49664 ----a-w- c:\documents and settings\Owner\Application Data\dbd85940.exe
2010-06-24 13:28 . 2008-01-13 16:48 -------- d-----w- c:\program files\Electronic Arts
2010-06-23 03:23 . 2010-05-01 02:03 -------- d-----w- c:\documents and settings\Owner\Application Data\DVDVideoSoftIEHelpers
2010-06-23 03:22 . 2008-12-19 15:19 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-06-20 17:14 . 2010-06-20 17:13 -------- d-----w- c:\program files\iTunes
2010-06-20 17:14 . 2010-06-20 17:13 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-06-20 17:13 . 2010-06-20 17:13 -------- d-----w- c:\program files\iPod
2010-06-20 17:13 . 2010-06-20 17:10 -------- d-----w- c:\program files\Common Files\Apple
2010-06-20 17:13 . 2010-06-20 17:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-06-20 17:12 . 2006-09-26 18:36 -------- d-----w- c:\program files\QuickTime
2010-06-20 17:11 . 2010-06-20 17:11 -------- d-----w- c:\program files\Apple Software Update
2010-06-20 17:10 . 2010-06-20 17:10 -------- d-----w- c:\program files\Bonjour
2010-06-20 17:10 . 2010-06-20 17:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-06-11 19:00 . 2008-05-08 00:02 -------- d-----w- c:\program files\Post Nuke 2 D Game
2010-06-10 17:07 . 2008-11-04 21:43 42 ----a-w- c:\documents and settings\Owner\jagex_runescape_preferences.dat
2010-06-07 19:49 . 2009-09-13 20:08 87 ----a-w- c:\documents and settings\Owner\jagex_runescape_preferences2.dat
2010-06-06 18:17 . 2007-12-26 00:59 101984 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-06 11:33 . 2008-01-02 21:31 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-06-06 11:31 . 2010-03-27 12:42 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-06-06 11:31 . 2009-07-13 20:08 22328 ----a-w- c:\documents and settings\Owner\Application Data\PnkBstrK.sys
2010-06-06 11:31 . 2008-02-09 20:00 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-06-06 11:31 . 2008-02-09 20:00 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-06-06 11:31 . 2009-07-13 20:07 669184 ----a-w- c:\windows\system32\pbsvc.exe
2010-06-05 01:10 . 2006-09-26 18:28 -------- d-----w- c:\program files\Common Files\Java
2010-06-05 01:01 . 2010-01-23 05:53 -------- d-----w- c:\program files\RS2Botv2
2010-05-31 20:19 . 2009-10-19 12:15 0 ----a-w- c:\documents and settings\Owner\ntuser.tmp
2010-05-30 20:16 . 2008-04-26 15:13 -------- d-----w- c:\program files\EA GAMES
2010-05-29 15:25 . 2010-01-08 21:51 -------- d-----w- c:\documents and settings\Owner\Application Data\Tropico 3
2010-05-21 01:07 . 2010-05-21 01:07 -------- d-----w- c:\documents and settings\Owner\Application Data\ElevatedDiagnostics
2010-05-18 20:35 . 2010-05-18 20:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 20:35 . 2010-05-18 20:35 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2010-05-18 20:35 . 2010-05-18 20:35 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-05-18 20:35 . 2010-05-18 20:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-13 22:05 . 2010-05-13 22:05 32768 ----a-w- c:\windows\system32\drivers\taphss.sys
2010-05-13 10:11 . 2009-05-14 13:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-05-12 10:22 . 2006-09-26 18:23 -------- d-----w- c:\program files\Google
2010-05-09 19:12 . 2009-03-19 11:32 -------- d-----w- c:\documents and settings\Owner\Application Data\DNA
2010-05-06 20:34 . 2009-03-19 11:32 -------- d-----w- c:\program files\DNA
2010-05-06 01:22 . 2009-03-19 21:19 -------- d-----w- c:\program files\AV Vcs 6.0 DIAMOND
2010-05-06 00:06 . 2010-05-06 00:06 -------- d-----w- c:\program files\CPUID
2010-05-04 21:48 . 2008-10-14 02:25 -------- d-----w- c:\program files\GameSpy Arcade
2010-05-01 15:56 . 2010-05-01 15:56 0 ----a-w- c:\documents and settings\Owner\jagex__preferences3.dat
2010-04-29 19:39 . 2009-06-03 01:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39 . 2009-06-03 01:14 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-20 00:47 . 2010-06-20 17:11 3062048 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-04-20 00:47 . 2010-06-20 17:11 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2008-10-25 16:38 . 2008-10-25 16:38 13065 ----a-w- c:\program files\Common Files\ferowe.db
2008-03-20 02:34 . 2008-03-19 23:41 414944 ----a-w- c:\program files\COMCT332.OCX
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

------- Sigcheck -------

[-] 2009-05-01 . D24EA301E2B36C4E975FD216CA85D8E7 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\TCPIP.SYS
[-] 2009-05-01 . D24EA301E2B36C4E975FD216CA85D8E7 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\TCPIP.SYS
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\TCPIP.SYS
[-] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys
[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB941644$\tcpip.sys
[-] 2006-01-14 . 5562CC0A47B2AEF06D3417B733F3C195 . 360448 . . [5.1.2600.2827] . . c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[-] 2006-01-13 . 583E063FDC888CA30D05C2724B0D7EF4 . 359808 . . [5.1.2600.2827] . . c:\windows\$NtUninstallKB917953$\tcpip.sys
[-] 2005-05-26 . 63FDFEA54EB53DE2D863EE454937CE1E . 359936 . . [5.1.2600.2685] . . c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[-] 2005-05-26 . 88763A98A4C26C409741B4AA162720C9 . 359808 . . [5.1.2600.2685] . . c:\windows\$NtUninstallKB913446$\tcpip.sys
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2010-06-24 13:49 2736736 ----a-w- c:\program files\DVDVideoSoftTB\tbDVD1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]
2010-06-05 17:49 2515552 ----a-w- c:\program files\Hotspot_Shield\tbHot1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{c95a4e8e-816d-4655-8c79-d736da1adb6d}"= "c:\program files\Hotspot_Shield\tbHot1.dll" [2010-06-05 2515552]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\tbDVD1.dll" [2010-06-24 2736736]

[HKEY_CLASSES_ROOT\clsid\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]

[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}"= "c:\program files\Hotspot_Shield\tbHot1.dll" [2010-06-05 2515552]
"{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\program files\DVDVideoSoftTB\tbDVD1.dll" [2010-06-24 2736736]

[HKEY_CLASSES_ROOT\clsid\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]

[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe" [2009-07-18 257440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-07-09 1657376]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-14 13877248]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-07-14 86016]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-11-09 180224]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-19 421888]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2010-03-30 1820040]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2010-02-28 1165192]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
NETGEAR WN111v2 Smart Wizard.lnk - c:\program files\NETGEAR\WN111v2\WN111V2.exe [2008-12-2 1503306]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
backup=c:\windows\pss\BigFix.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress]
NA [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-09-11 07:43 67488 ----a-w- c:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
2009-07-09 20:07 49968 ----a-w- c:\program files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection]
2004-10-19 00:42 79448 ----a-w- c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2008-04-17 22:14 98616 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2005-08-14 04:05 344064 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2010-05-06 20:34 323392 ----a-w- c:\program files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
2009-03-28 21:11 3325952 ----a-w- c:\program files\Electronic Arts\EADM\Core.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2006-09-26 18:23 169984 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 18:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Portfolio]
2005-08-17 19:41 749568 ----a-w- c:\program files\Microsoft Works\WksSb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
2000-07-13 20:00 28739 ----a-w- c:\program files\Microsoft Works\WkDetect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2007-01-19 19:54 5674352 ----a-w- c:\program files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2009-06-10 15:29 1657376 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-19 02:16 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
2002-09-14 06:42 212992 -c--a-w- c:\windows\SMINST\Recguard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
2005-02-26 01:24 966656 ----a-w- c:\windows\creator\Remind_XP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2005-01-12 10:01 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2006-04-17 07:34 16143872 ----a-w- c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2008-08-30 01:11 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-05-30 23:45 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2009]
2008-08-26 16:48 2019624 ----a-w- c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorksFUD]
2000-07-13 20:00 24576 ----a-w- c:\program files\Microsoft Works\wkfud.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"h:\\Files\\Steam\\Steam.exe"=
"h:\\Files\\Steam\\steamapps\\binkow195\\half-life\\hl.exe"=
"h:\\Files\\Steam\\steamapps\\binkow195\\dedicated server\\hlds.exe"=
"h:\\Files\\Steam\\steamapps\\binkow195\\counter-strike\\hl.exe"=
"h:\\Files\\Steam\\steamapps\\binkow195\\team fortress classic\\hl.exe"=
"h:\\Files\\Steam\\steamapps\\common\\borderlands\\Binaries\\Borderlands.exe"=
"h:\\Files\\Steam\\steamapps\\binkow195\\day of defeat\\hl.exe"=
"h:\\Files\\Steam\\steamapps\\common\\family feud\\FamilyFeud.exe"=
"h:\\Files\\Steam\\steamapps\\common\\cabela's trophy bucks\\Bin\\Ctb.exe"=
"h:\\Files\\Steam\\steamapps\\common\\family feud 2\\FamilyFeud.exe"=
"h:\\Files\\Steam\\steamapps\\binkow195\\opposing force\\hl.exe"=
"h:\\Files\\Steam\\steamapps\\common\\family feud 3\\FamilyFeud3.exe"=
"h:\\Files\\Steam\\steamapps\\binkow195\\ricochet\\hl.exe"=
"h:\\Files\\Steam\\steamapps\\common\\family feud 4\\FamilyFeud4.exe"=
"h:\\Files\\Steam\\steamapps\\common\\battlefield bad company 2\\Support\\EA Help\\Electronic_Arts_Technical_Support.htm"=
"h:\\Files\\Steam\\steamapps\\common\\bioshock\\Builds\\Release\\Bioshock.exe"=
"h:\\Files\\Steam\\steamapps\\common\\world in conflict\\wic.exe"=
"h:\\Files\\Steam\\steamapps\\common\\call of duty 4\\iw3sp.exe"=
"h:\\Files\\Steam\\steamapps\\common\\call of duty 4\\iw3mp.exe"=
"h:\\Files\\Steam\\steamapps\\common\\battlefield bad company 2\\BFBC2Game.exe"=
"h:\\Files\\Steam\\steamapps\\common\\call of duty modern warfare 2\\iw4mp.exe"=
"h:\\Files\\Steam\\steamapps\\common\\defensegridtheawakening\\DefenseGrid.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"h:\\Files\\Steam\\steamapps\\common\\tropico 3\\tropico3.exe"=
"c:\\WINDOWS\\network diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"h:\\Files\\Steam\\steamapps\\common\\dawn of discovery\\tools\\AddonWeb.exe"=
"h:\\Files\\Steam\\steamapps\\common\\dawn of war 2\\DOW2.exe"=
"h:\\Files\\Steam\\steamapps\\binkow195\\zombie panic! source\\hl2.exe"=
"h:\\Files\\Steam\\steamapps\\common\\oblivion\\OblivionLauncher.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Stardock Games\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"=
"h:\\Files\\Steam\\steamapps\\common\\call of duty modern warfare 2\\iw4sp.exe"=
"h:\\Files\\Steam\\steamapps\\common\\left 4 dead 2\\left4dead2.exe"=
"h:\\Files\\Steam\\steamapps\\binkow195\\counter-strike source\\hl2.exe"=
"h:\\Files\\Steam\\steamapps\\common\\crysis\\Bin32\\Crysis.exe"=
"h:\\Files\\Games\\Settlers7\\Data\\Base\\_Dbg\\Bin\\Release\\Settlers7R.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"h:\\Files\\Steam\\steamapps\\common\\men of war\\mow.exe"=
"c:\\Program Files\\Microsoft Games\\Rise of Nations\\thrones.exe"=
"c:\\Program Files\\Microsoft Games\\Rise of Nations\\nations.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"h:\\Files\\Steam\\steamapps\\common\\arma 2\\ArmA2Server.exe"=
"h:\\Files\\Steam\\steamapps\\binkow195\\garrysmod\\hl2.exe"=
"h:\\Files\\Steam\\steamapps\\common\\arma 2\\arma2.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6881:TCP"= 6881:TCP:Downloads

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [5/14/2009 5:22 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/14/2009 5:22 PM 72944]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [6/12/2009 6:42 PM 135336]
R2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [5/5/2010 8:06 PM 20968]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [3/30/2010 11:16 AM 1107336]
R2 NetBalancer Windows Service;NetBalancer Windows Service;c:\program files\NetBalancer\SeriousBit.NetBalancer.Service.exe [6/5/2010 9:54 PM 10752]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [10/1/2008 7:45 PM 57440]
R3 Nbdrv;NetBalancer Service;c:\windows\system32\drivers\nbdrv.sys [6/5/2010 9:51 PM 28776]
S2 gupdate1c9a9d8168cc888;Google Update Service (gupdate1c9a9d8168cc888);c:\program files\Google\Update\GoogleUpdate.exe [3/20/2009 11:49 PM 133104]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [7/24/2003 3:10 PM 17149]
S3 el575nd5;3Com Megahertz 10/100 LAN CardBus PC Card Driver;c:\windows\system32\drivers\el575ND5.sys [7/1/2006 12:44 AM 69692]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\NETGEAR\WN111v2\jswpsapi.exe [2/27/2008 2:54 PM 360547]
S3 Mnmderywwcd;Mnmderywwcd; [x]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/14/2009 5:22 PM 7408]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [3/27/2009 5:23 PM 23064]
S3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\drivers\WN111v2.sys [9/30/2008 6:24 AM 453120]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [5/19/2009 6:35 PM 691696]
.
Contents of the 'Scheduled Tasks' folder

2010-06-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]

2010-07-01 c:\windows\Tasks\dbd85940.job
- c:\documents and settings\Owner\Application Data\dbd85940.exe [2010-06-24 14:12]

2010-07-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-21 03:49]

2010-07-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-21 03:49]

2007-12-26 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2006-05-07 00:12]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} - hxxp://dist.globalgamecdn.com/dist/neffy/NeffyLauncher.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\xxruvh3u.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?invocationType=bu10aiminstabie7&sredir=2706&query=
FF - component: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\xxruvh3u.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\xxruvh3u.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCore.dll
FF - component: c:\program files\Common Files\DVDVideoSoft\Dll\FFContextMenuY\components\FFContextMenu.dll
FF - component: c:\program files\Google\Google Gears\Firefox\lib\ff35\gears.dll
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-Alcmtr - ALCMTR.EXE



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-01 09:47
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ... 

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3622105252-4212685542-302905379-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:ee,51,dc,78,11,1e,2d,6e,32,46,b3,96,8a,47,b1,23,24,da,51,8c,e6,d8,a6,
   43,44,8d,09,e2,25,b1,e1,2b,09,e2,91,16,b3,16,83,ed,aa,e1,7a,cd,35,e4,a2,fd,\
"??"=hex:d2,8a,3d,7f,d6,ee,ff,ab,38,51,7b,8c,dc,d7,d2,0c

[HKEY_USERS\S-1-5-21-3622105252-4212685542-302905379-1003\Software\SecuROM\License information*]
"datasecu"=hex:79,50,6f,67,d0,1b,76,a1,5c,00,75,9c,a3,1a,39,64,45,51,4b,4e,86,
   48,5a,7e,d4,ec,62,74,5f,97,b7,e1,34,15,2e,99,21,b2,24,7a,ae,dd,e0,f1,ed,08,\
"rkeysecu"=hex:7d,40,10,cb,c7,39,e0,67,0a,69,a8,47,07,da,5b,5c

[HKEY_LOCAL_MACHINE\software\Microsoft\MS Optimization\JKWL]
@DACL=(02 0000)
"LU"="http://www.google.com/search?hl=en&q=&rlz=1R2GWYE_en&aq=f&oq="
"CT"=dword:00000001
"LT"=hex:59,35,4e,0e,31,d6,c9,01
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1568)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2384)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Common Files\aolshare\aolshcpy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\SUPERAntiSpyware\SASSEH.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Google\Update\1.2.183.29\GoogleCrashHandler.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\windows\system32\RUNDLL32.EXE
c:\windows\System32\vssvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\msdtc.exe
c:\program files\Mozilla Firefox\firefox.exe
.
**************************************************************************
.
Completion time: 2010-07-01  09:59:13 - machine was rebooted
ComboFix-quarantined-files.txt  2010-07-01 13:59
ComboFix2.txt  2010-06-30 19:42

Pre-Run: 24,252,903,424 bytes free
Post-Run: 24,214,573,056 bytes free

Current=2 Default=2 Failed=3 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 695228987AE4B43CF792DC4EC5409686

Also please note, ever since I started removing some of the files I get this error on boot up now

Whenever I'd hit no I'd get the server not found thing but if I hit yes it works fine now

binkow · « **Reply #14 on:** July 01, 2010, 04:29:21 PM »

Never mind, the server not found thing continues

Computer Hope Forum

News:

Author Topic: Need of Fake Antivirus Removal (Read 19471 times)

binkow

Need of Fake Antivirus Removal

binkow

Re: Need of Fake Antivirus Removal

SuperDave

Re: Need of Fake Antivirus Removal

binkow

Re: Need of Fake Antivirus Removal

binkow

Re: Need of Fake Antivirus Removal

SuperDave

Re: Need of Fake Antivirus Removal

binkow

Re: Need of Fake Antivirus Removal

binkow

Re: Need of Fake Antivirus Removal

SuperDave

Re: Need of Fake Antivirus Removal

binkow

Re: Need of Fake Antivirus Removal

binkow

Re: Need of Fake Antivirus Removal

binkow

Re: Need of Fake Antivirus Removal

SuperDave

Re: Need of Fake Antivirus Removal

binkow

Re: Need of Fake Antivirus Removal

binkow

Re: Need of Fake Antivirus Removal