Author Topic: Kept getting blocked/redirected on internet explorer (Read 28952 times)

shag · « **on:** February 12, 2011, 01:40:02 AM »

Help! A couple of days ago I began noticing my internet misbehaving (google links getting redirected, malware fighting sites being blocked), so I figured I'm in virus town.

Proceeding to the "before you post" checklist, I got a MBAM scan done with a log at the end of this post. (I had to use a proxy server to be able to download updates.) I ran CCleaner without issue. I could not get Super Anti-spyware to update, so with year-old defs, I ran a scan and had no detections. I'm having difficulties getting to that log and/or updating java--read on.

My real trouble began when I downloaded Online Armor and installed it. After the restart my computer froze during OA's "learning mode" and it hasn't been stable since. It displays a "Generic Host Process has failed" message once windows starts up with frequent "svchost not responding" messages as well. I've been able to start the computer in safe mode, but no internet.

Looking back on the "before you post" list, I'm realizing I did things out of order. If that has made your job more difficult, my apologies. I'm not at peak mental form due to working night shift.

I've got a HJT log after running the scan in safe mode (the MBAM log predates my time of troubles).

MBAM:

shag · « **Reply #1 on:** February 12, 2011, 01:41:41 AM »

(oops fat-fingered tab and enter)

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5363

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2/10/2011 8:00:20 PM
mbam-log-2011-02-10 (20-00-20).txt

Scan type: Quick scan
Objects scanned: 149661
Time elapsed: 6 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 6
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.TryMedia) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Bad: (93.188.163.104,93.188.160.34) Good: () -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{00F5091E-F1E0-49FF-9B81-443BBD47DC7E}\NameServer (Trojan.DNSChanger) -> Bad: (93.188.163.104,93.188.160.34) Good: () -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{21ED3D5D-AA5B-4204-B1DE-22879B5C3AB3}\NameServer (Trojan.DNSChanger) -> Bad: (93.188.163.104,93.188.160.34) Good: () -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:07:52 PM, on 2/11/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Chris\Desktop\New Folder\Scorpion.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: vShare Plugin - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: BellSouth Toolbar - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\PROGRA~1\BLSTOO~1\BLSTOO~1.DLL
O3 - Toolbar: vShare Plugin - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ECenter] "c:\dell\E-Center\gtb.exe"
O4 - HKLM\..\Run: [BellSouthWCC_McciTrayApp] C:\Program Files\BellSouthWCC\McciTrayApp.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\RunOnce: [gi378124597] "C:\DOCUME~1\Chris\LOCALS~1\Temp\gi558SLP.exe" /resume:"C:\DOCUME~1\Chris\LOCALS~1\Temp\3C558MHT" /exename:"C:\Downloaded Stuff\here's where the packed files go\SolveigMM_Video_Splitter_v2.1.804.20\SolveigMM Video Splitter v2.1.804.20\SolveigMM Video Splitter 2.1.804.20.exe"
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: PHOTOfunSTUDIO.lnk = C:\Program Files\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://www.facebook.com
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games – Texas Holdem Poker) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab79352.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files\vShare\vshare_toolbar.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildTangent\Apps\Dell Game Console\GameConsoleService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 11671 bytes

SuperDave · « **Reply #2 on:** February 13, 2011, 01:19:53 PM »

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
******************************************************
Let's try this:
Reboot in Safe Mode and run the MBAM scan. Then, reboot in Normal Mode and run the scan again and post the log. Then, we'll go from there.

Please download Malwarebytes Anti-Malware from here.
Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Full Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
Please save the log to a location you will remember.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
*****************************************************
Your HJT is running from the wrong place. Please delete it, download and install HJT in the default location and post a new log.NOTE. Please try to run this in Normal Mode.

Please download: HiJackThis to your Desktop.

Double Click the HijackThis icon, located on your Desktop.
By Default, it will install to: C:\Program Files\Trend Micro\HijackThis
Accept the license agreement.
Click the Open the Misc Tools section button.
Click Do a System Scan and Save a Logfile. Or, if you see a white screen, click Scan.
Please post the log in your next reply.

shag · « **Reply #3 on:** February 15, 2011, 12:28:34 AM »

MBAM log with windows running in Normal mode. One note: Used msconfig and unchecked three startup items; seems to have improved stability while in normal mode. Internet still not functional though.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5363

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2/14/2011 9:08:24 PM
mbam-log-2011-02-14 (21-08-24).txt

Scan type: Full scan (C:\|F:\|)
Objects scanned: 216177
Time elapsed: 54 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

I de-selected "selective startup" in msconfig and rebooted after MBAM ran. Ran HJT and here's the log.

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 9:16:33 PM, on 2/14/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\Quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\BellSouthWCC\McciTrayApp.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: vShare Plugin - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: BellSouth Toolbar - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\PROGRA~1\BLSTOO~1\BLSTOO~1.DLL
O3 - Toolbar: vShare Plugin - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ECenter] "c:\dell\E-Center\gtb.exe"
O4 - HKLM\..\Run: [BellSouthWCC_McciTrayApp] C:\Program Files\BellSouthWCC\McciTrayApp.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\RunOnce: [gi378124597] "C:\DOCUME~1\Chris\LOCALS~1\Temp\gi558SLP.exe" /resume:"C:\DOCUME~1\Chris\LOCALS~1\Temp\3C558MHT" /exename:"C:\Downloaded Stuff\here's where the packed files go\SolveigMM_Video_Splitter_v2.1.804.20\SolveigMM Video Splitter v2.1.804.20\SolveigMM Video Splitter 2.1.804.20.exe"
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: PHOTOfunSTUDIO.lnk = C:\Program Files\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://www.facebook.com
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games – Texas Holdem Poker) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab79352.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files\vShare\vshare_toolbar.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildTangent\Apps\Dell Game Console\GameConsoleService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 14300 bytes

SuperDave · « **Reply #4 on:** February 15, 2011, 01:03:29 PM »

Please read here for more information about WildTangent. Your choice if you want to remove it or not.

If you choose to follow my advice, please follow these instructions.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

•WildTangent Web Driveror anything related to WildTangent.
********************************************************
Download Disable/Remove Windows Messenger to the desktop to remove Windows Messenger.

Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Unzip the file on the desktop. Open the MessengerDisable.exe and choose the bottom box - Uninstall Windows Messenger and click Apply.

Exit out of MessengerDisable then delete the two files that were put on the desktop.
*****************************************************
Add or Remove Programs

1. Click on the Windows Start button and click on the Control Panel
2. In the Control Panel window, double-click Add or Remove Programs icon.
3. When the Add or Remove Programs window has fully populated, check for vShare and uninstall it. It is malicious.
*********************************************************
Open HijackThis and select Do a system scan only

Place a check mark next to the following entries: (if there)

O2 - BHO: vShare Plugin - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll
O3 - Toolbar: vShare Plugin - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
Internet Explorer's security is based upon a set of zones. Each zone has different security in terms of what scripts and applications can be run from a site that is in that zone. There is a security zone called the Trusted Zone. This zone has the lowest security and allows scripts and applications from sites in this zone to run without your knowledge. It is therefore a popular setting for malware sites to use so that future infections can be easily done on your computer without your knowledge as these sites will be in the Trusted Zone. Therefore, I recommend that nothing be allowed in the trusted zone. If you agree, please do the following.Please place a check mark next to this/these line/lines.
O15 - Trusted Zone: http://www.facebook.com
O18 - Protocol: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files\vShare\vshare_toolbar.dll
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)

Important: Close all open windows except for HijackThis and then click Fix checked.

Once completed, exit HijackThis.
*****************************************

SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!

Download SuperAntispyware Free Edition (SAS)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
•Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
****************************************
Please download ComboFix

from BleepingComputer.com

Alternate link: GeeksToGo.com

and save it to your Desktop.
If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
Double click ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

If you have problems with ComboFix usage, see How to use ComboFix

shag · « **Reply #5 on:** February 16, 2011, 12:12:36 AM »

Alright, now we've gotten somewhere. The internet on my laptop is now working (making all this WAY more convenient). I'll restart without msconfig's selective startup and see if things are stable, but it seems it would be wise to go ahead and post my logs now.

--Removed WildTangent, Windows Messenger, vShare.
--Followed your "trusted zone" on IE advice.

--Ran SASW successfully but w/o any detections--log posted.
--Ran Combofix successfully--log posted.

SASW:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/17/2010 at 07:26 PM

Application Version : 4.22.1014

Core Rules Database Version : 4597
Trace Rules Database Version: 2409

Scan type : Complete Scan
Total Scan Time : 02:11:38

Memory items scanned : 595
Memory threats detected : 0
Registry items scanned : 6484
Registry threats detected : 0
File items scanned : 87882
File threats detected : 281

Adware.Tracking Cookie
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@myroitracking[2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@ero-advertising[1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@yieldmanager[1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@admarketplace[1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@adlegend[1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][4].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@eyewonder[1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@tacoda[2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@burstnet[1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@rambler[1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@adecn[1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@yadro[1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@insightexpressai[1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@clicksor[2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][4].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][3].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@webpower[2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@clickcash[1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][3].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@burstbeacon[1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@invitemedia[1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][3].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@sexyshare[2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@statcounter[1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@trafficregenerator[2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@revsci[1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@crackle[2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@theclickcheck[2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@collective-media[1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@traffic-tracker[1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@roiservice[1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@adbureau[1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@realmedia[2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@clickbank[1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@traffic1[1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@chitika[2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@thefind[2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@fuckingmotherfucker[1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@hookedmediagroup[2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@adultswim[1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@adtechus[1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@partypoker[2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@lucidmedia[2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][5].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@adult[1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@openstat[1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@dmtracker[1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@cracked[2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@zanox[1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@zanox-affiliate[2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][3].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@kontera[2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@media6degrees[2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@businessfind[1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@gostats[1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@intermundomedia[2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@list[1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@interclick[1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@hitstats[2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@shinystat[1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@game-advertising-online[1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@lockedonmedia[1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][3].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][4].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@adprotraffic[1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@trackleady[1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@naiadsystems[2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@mywebsearch[1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@shopica[2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@webmasterplan[2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@cracksearchengine[2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@99counters[1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@enhance[2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@validclick[1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@xiti[1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][3].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@warezforum[2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@toplist[1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@euros4click[1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@adultdvdtalk[1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@azjmp[1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@adinterax[2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@kanoodle[2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@fortunecity[1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@findfreegraphics[1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@clickarrows[1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@slaysbanner691[1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@bizrate[2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt

Combofix:

ComboFix 11-02-15.02 - Chris 02/16/2011 0:27.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.623 [GMT -6:00]
Running from: c:\documents and settings\Chris\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

F:\Autorun.inf

c:\windows\regedit.exe . . . is infected!!

.
((((((((((((((((((((((((( Files Created from 2011-01-16 to 2011-02-16 )))))))))))))))))))))))))))))))
.

2011-02-15 03:24 . 2011-02-15 03:24   --------   d-----w-   c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2011-02-15 03:20 . 2011-02-15 03:20   --------   d-----w-   c:\documents and settings\Chris\Local Settings\Application Data\Mozilla
2011-02-15 03:15 . 2011-02-15 03:15   388096   ----a-r-   c:\documents and settings\Chris\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2011-02-15 02:11 . 2011-02-15 02:11   --------   d-----w-   c:\program files\TrendMicro
2011-02-11 01:49 . 2010-12-21 00:09   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-11 01:49 . 2010-12-21 00:08   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-02-11 01:42 . 2011-02-11 01:42   --------   d-----w-   c:\program files\CCleaner

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-29 23:38 . 2010-11-29 23:38   94208   ----a-w-   c:\windows\system32\QuickTimeVR.qtx
2010-11-29 23:38 . 2010-11-29 23:38   69632   ----a-w-   c:\windows\system32\QuickTime.qts
2010-11-18 18:12 . 2004-08-11 22:12   81920   ----a-w-   c:\windows\system32\isign32.dll
.

------- Sigcheck -------

[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys
[-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys
[-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys

[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\asyncmac.sys
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys
[-] 2004-08-04 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\asyncmac.sys

[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kbdclass.sys
[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys
[-] 2004-08-04 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\kbdclass.sys

[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ndis.sys
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys
[-] 2004-08-04 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ndis.sys

[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntfs.sys
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys
[-] 2007-02-09 . 05AB81909514BFD69CBB1F2C147CF6B9 . 574976 . . [5.1.2600.3081] . . c:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys
[-] 2007-02-09 . 19A811EF5F1ED5C926A028CE107FF1AF . 574464 . . [5.1.2600.3081] . . c:\windows\$NtServicePackUninstall$\ntfs.sys
[-] 2004-08-04 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB930916$\ntfs.sys

[-] 2004-08-04 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys

[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[-] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys
[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB941644$\tcpip.sys
[-] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB917953$\tcpip.sys

[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\browser.dll
[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\browser.dll
[-] 2004-08-04 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\browser.dll

[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lsass.exe
[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe
[-] 2004-08-04 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lsass.exe

[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netman.dll
[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll
[-] 2005-08-22 . 36739B39267914BA69AD0610A0299732 . 197632 . . [5.1.2600.2743] . . c:\windows\$NtServicePackUninstall$\netman.dll
[-] 2005-08-22 . 3516D8A18B36784B1005B950B84232E1 . 197632 . . [5.1.2600.2743] . . c:\windows\$hf_mig$\KB905414\SP2QFE\netman.dll
[-] 2004-08-04 . DAB9E6C7105D2EF49876FE92C524F565 . 198144 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB905414$\netman.dll

[-] 2008-04-14 00:11 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\ServicePackFiles\i386\comres.dll
[-] 2008-04-14 00:11 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
[-] 2004-08-04 10:00 . 6728270CB7DBB776ED086F5AC4C82310 . 792064 . . [2001.12.4414.258] . . c:\windows\$NtServicePackUninstall$\comres.dll

[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\ServicePackFiles\i386\qmgr.dll
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\bits\qmgr.dll
[-] 2004-08-04 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\windows\$NtServicePackUninstall$\qmgr.dll

[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll
[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll
[-] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[-] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\rpcss.dll
[-] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rpcss.dll
[-] 2005-07-26 . CE94A2BD25E3E9F4D46A7373FF455C6D . 397824 . . [5.1.2600.2726] . . c:\windows\$NtServicePackUninstall$\rpcss.dll
[-] 2005-07-26 . C369DF215D352B6F3A0B8C3469AA34F8 . 398336 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2QFE\rpcss.dll
[-] 2005-04-28 . DA383FB39A6F1C445F3AFC94B3EB1248 . 396288 . . [5.1.2600.2665] . . c:\windows\$hf_mig$\KB894391\SP2QFE\rpcss.dll
[-] 2005-04-28 . C8061F289E000703E7672916B7FE1571 . 395776 . . [5.1.2600.2665] . . c:\windows\$NtUninstallKB902400$\rpcss.dll
[-] 2004-08-04 . 5C83A4408604F737717AB96371201680 . 395776 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB894391$\rpcss.dll

[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\services.exe
[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\services.exe
[-] 2009-02-06 . 020CEAAEDC8EB655B6506B8C70D53BB6 . 110592 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[-] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\services.exe
[-] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\services.exe
[-] 2004-08-04 . C6CE6EEC82F187615D1002BB3BB50ED4 . 108032 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\services.exe

[-] 2010-08-17 . 258DD5D4283FD9F9A7166BE9AE45CE73 . 58880 . . [5.1.2600.6024] . . c:\windows\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe
[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\spoolsv.exe
[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\dllcache\spoolsv.exe
[-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB2347290$\spoolsv.exe
[-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\spoolsv.exe
[-] 2005-06-11 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\$NtServicePackUninstall$\spoolsv.exe

[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2004-08-04 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe

[-] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll
[-] 2010-08-23 . 736B12B725AEB2B07F0241A9F680CB10 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
[-] 2008-04-14 . BD38D1EBE24A46BD3EDA059560AFBA12 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
[-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\$NtUninstallKB2296011$\comctl32.dll
[-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll
[-] 2006-08-25 . B0124CB21D28B1C9F678B566B6B57D92 . 617472 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll
[-] 2006-08-25 . C4E80875C1CF1222FC5EFD0314AE5C01 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
[-] 2004-08-04 . A77DFB85FAEE49D66C74DA6024EBC69B . 611328 . . [5.82] . . c:\windows\$NtUninstallKB923191$\comctl32.dll
[-] 2004-08-04 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[-] 2004-08-04 . 5AF68A5E44734A082442668E9C787743 . 1050624 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\cryptsvc.dll
[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll
[-] 2004-08-04 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\cryptsvc.dll

[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll
[-] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
[-] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\$NtUninstallKB950974$\es.dll
[-] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\ServicePackFiles\i386\es.dll
[-] 2005-07-26 04:39 . 34BBD9ACC1538818F2C878898C64E793 . 243200 . . [2001.12.4414.308] . . c:\windows\$NtServicePackUninstall$\es.dll
[-] 2005-07-26 04:20 . 95F5FEA4C6DE2C3F28784D0DCC8F0DD3 . 243200 . . [2001.12.4414.308] . . c:\windows\$hf_mig$\KB902400\SP2QFE\es.dll
[-] 2004-08-04 10:00 . ACD36A2DD7D1E9D8A060AA651DC07E63 . 243200 . . [2001.12.4414.258] . . c:\windows\$NtUninstallKB902400$\es.dll

[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\imm32.dll
[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll
[-] 2004-08-04 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\imm32.dll

[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\system32\kernel32.dll
[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\system32\dllcache\kernel32.dll
[-] 2009-03-21 . DA11D9D6ECBDF0F93436A4B7C13F7BEC . 991744 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[-] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB959426$\kernel32.dll
[-] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kernel32.dll
[-] 2007-04-16 . 09F7CB3687F86EDAA4CA081F7AB66C03 . 986112 . . [5.1.2600.3119] . . c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[-] 2007-04-16 . A01F9CA902A88F7CED06884174D6419D . 984576 . . [5.1.2600.3119] . . c:\windows\$NtServicePackUninstall$\kernel32.dll
[-] 2006-07-05 . 0FDD84928A5DDE2510761B7EC76CCEC9 . 985088 . . [5.1.2600.2945] . . c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll
[-] 2006-07-05 . D8DB5397DE07577C1CB50BA6D23B3AD4 . 984064 . . [5.1.2600.2945] . . c:\windows\$NtUninstallKB935839$\kernel32.dll
[-] 2004-08-04 . 888190E31455FAD793312F8D087146EB . 983552 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB917422$\kernel32.dll

[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\linkinfo.dll
[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll
[-] 2005-09-01 . 648BF0B4DDE4F7A1156DAE7174D36EFA . 19968 . . [5.1.2600.2751] . . c:\windows\$hf_mig$\KB900725\SP2QFE\linkinfo.dll
[-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . . c:\windows\$NtServicePackUninstall$\linkinfo.dll
[-] 2004-08-04 . C2BBD044C741EA4292016C36F718D2E4 . 18944 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB900725$\linkinfo.dll

[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lpk.dll
[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll
[-] 2004-08-04 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lpk.dll

[-] 2010-11-06 . 864E69F32656A7121444BA0193D7B64B . 5960704 . . [8.00.6001.23091] . . c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\mshtml.dll
[-] 2010-11-06 . D7CCA87057901C87ED8CC40DDCC7FA1B . 5959168 . . [8.00.6001.18999] . . c:\windows\system32\mshtml.dll
[-] 2010-11-06 . D7CCA87057901C87ED8CC40DDCC7FA1B . 5959168 . . [8.00.6001.18999] . . c:\windows\system32\dllcache\mshtml.dll
[-] 2010-09-10 . DE41132DA8E5A3CD57201C6F2175EC05 . 5957120 . . [8.00.6001.18975] . . c:\windows\ie8updates\KB2416400-IE8\mshtml.dll
[-] 2010-09-10 . 8A03CC037E6B7D1796192815231B0C3F . 5958656 . . [8.00.6001.23067] . . c:\windows\$hf_mig$\KB2360131-IE8\SP3QFE\mshtml.dll
[-] 2010-06-24 . 94DC7E938C57F3C3D1BC4A0F68FC5830 . 5954560 . . [8.00.6001.23037] . . c:\windows\$hf_mig$\KB2183461-IE8\SP3QFE\mshtml.dll
[-] 2010-06-24 . 4D7EF94795384CD2BBAAB078B7929FEA . 5951488 . . [8.00.6001.18939] . . c:\windows\ie8updates\KB2360131-IE8\mshtml.dll
[-] 2010-05-06 . C7B7A88CC7D7ABA5C395145BF92F46F7 . 5950976 . . [8.00.6001.18928] . . c:\windows\ie8updates\KB2183461-IE8\mshtml.dll
[-] 2010-05-06 . 9BE28F749A7FE7F8F177C6AA2E9DA609 . 5953024 . . [8.00.6001.23019] . . c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\mshtml.dll
[-] 2010-02-25 . 7054F6ADC9B670887659F1561603B0D0 . 5944832 . . [8.00.6001.18904] . . c:\windows\ie8updates\KB982381-IE8\mshtml.dll
[-] 2010-02-25 . 974772C74DA7C7A8E7C813A9908A845F . 5946880 . . [8.00.6001.22995] . . c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\mshtml.dll
[-] 2009-12-21 . BE6EEBEF636773A8E7A82214E81C563A . 5942784 . . [8.00.6001.18876] . . c:\windows\ie8updates\KB980182-IE8\mshtml.dll
[-] 2009-12-21 . E6B64C6C729BBC38AB7CC92CE33F97A5 . 5945856 . . [8.00.6001.22967] . . c:\windows\$hf_mig$\KB978207-IE8\SP3QFE\mshtml.dll
[-] 2009-10-29 . 89A9658515A18E673034369E043FAB01 . 3598336 . . [7.00.6000.16945] . . c:\windows\ie8\mshtml.dll
[-] 2009-10-29 . 8B48737260C273C9B0DACA84EA1CCDBD . 3602432 . . [7.00.6000.21148] . . c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\mshtml.dll
[-] 2009-10-29 . C0F9AC6FAB2C788FFEE3E69585A0E93F . 5944320 . . [8.00.6001.22945] . . c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\mshtml.dll
[-] 2009-10-29 . CBB1EF54B86EDB78649909DD1699E5CA . 5940736 . . [8.00.6001.18854] . . c:\windows\ie8updates\KB978207-IE8\mshtml.dll
[-] 2009-10-21 . 36145D2D908FB8A24772F04842366918 . 3598336 . . [7.00.6000.16939] . . c:\windows\ie7updates\KB976325-IE7\mshtml.dll
[-] 2009-10-21 . E6453EE08B283419171889786D057A75 . 3602432 . . [7.00.6000.21142] . . c:\windows\$hf_mig$\KB976749-IE7\SP3QFE\mshtml.dll
[-] 2009-08-29 . E52A845DCE011D56B12B8F3F4606F956 . 3598336 . . [7.00.6000.16915] . . c:\windows\ie7updates\KB976749-IE7\mshtml.dll
[-] 2009-08-29 . EDAD55105DDD067AE3906011F297267C . 3600384 . . [7.00.6000.21115] . . c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\mshtml.dll
[-] 2009-07-19 . 758C8BEDAB7CE5F9070C85E2E57CBD80 . 3597824 . . [7.00.6000.16890] . . c:\windows\ie7updates\KB974455-IE7\mshtml.dll
[-] 2009-07-19 . F6098CC1B1C3858D53F20F3CB5774F3B . 3600384 . . [7.00.6000.21089] . . c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\mshtml.dll
[-] 2009-04-29 . 2B4315EC9E3124408A2A5074C4B97700 . 3596288 . . [7.00.6000.16850] . . c:\windows\ie7updates\KB972260-IE7\mshtml.dll
[-] 2009-04-29 . C6FD770D518FB024245A0EE217D72BC1 . 3598336 . . [7.00.6000.21045] . . c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\mshtml.dll
[-] 2009-03-08 . D469A0EBA2EF5C6BEE8065B7E3196E5E . 5937152 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB976325-IE8\mshtml.dll
[-] 2009-02-21 . 1BB754AB47B327DE8DBF2FA18C36357C . 3596800 . . [7.00.6000.21015] . . c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\mshtml.dll
[-] 2009-02-20 . C7C3E41CC2F6EB4A629FE2184136C098 . 3595264 . . [7.00.6000.16825] . . c:\windows\ie7updates\KB969897-IE7\mshtml.dll
[-] 2009-01-17 . 3B413267DA8AE71C20E5EF3E54F74728 . 3594752 . . [7.00.6000.16809] . . c:\windows\ie7updates\KB963027-IE7\mshtml.dll
[-] 2009-01-16 . CC9D001B7370B292C35B366CA05B12B4 . 3596288 . . [7.00.6000.20996] . . c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\mshtml.dll
[-] 2008-12-13 . 121EC39A64D64205A88C2C45B034B455 . 3593216 . . [7.00.6000.16788] . . c:\windows\ie7updates\KB961260-IE7\mshtml.dll
[-] 2008-12-13 . C79FAD61CD4A26ED5AA8C16D991C6FBD . 3594752 . . [7.00.6000.20973] . . c:\windows\$hf_mig$\KB960714-IE7\SP2QFE\mshtml.dll
[-] 2008-10-17 . EACAEDEF6FA2A969DE5B36190D45396F . 3593216 . . [7.00.6000.16762] . . c:\windows\ie7updates\KB960714-IE7\mshtml.dll
[-] 2008-10-16 . B74F31A4BD83797D7A083F922169287D . 3595264 . . [7.00.6000.20935] . . c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\mshtml.dll
[-] 2008-08-27 . 1AD035E04A7068EC2820B055A3131ED8 . 3593216 . . [7.00.6000.16735] . . c:\windows\ie7updates\KB958215-IE7\mshtml.dll
[-] 2008-08-26 . 25CC085720EE3617FD1F8AB9E2F7CAB2 . 3594752 . . [7.00.6000.20900] . . c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\mshtml.dll
[-] 2008-06-24 . EC936148284F557F19C333178768109B . 3592192 . . [7.00.6000.16705] . . c:\windows\ie7updates\KB956390-IE7\mshtml.dll
[-] 2008-06-23 . 28B8231CA8D55FC85E027A57C90F5C88 . 3594240 . . [7.00.6000.20861] . . c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\mshtml.dll
[-] 2008-04-24 . 8976CAB317105F7431B08EA32AB73C65 . 3591680 . . [7.00.6000.16674] . . c:\windows\ie7updates\KB953838-IE7\mshtml.dll
[-] 2008-04-23 . 4D612FF5D3B7EEF200595AE6F95D5E68 . 3593728 . . [7.00.6000.20815] . . c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\mshtml.dll
[-] 2008-04-14 . A706E122B398FE1AB85CB9B75D044223 . 3066880 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\mshtml.dll
[-] 2008-03-01 . AB2C88167D78D71D93558ACECB24CC7A . 3591680 . . [7.00.6000.16640] . . c:\windows\ie7updates\KB950759-IE7\mshtml.dll
[-] 2008-03-01 . 4EE273E2B09317C1217EF0DB91F93534 . 3593216 . . [7.00.6000.20772] . . c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\mshtml.dll
[-] 2007-12-08 . A097C36412455F0C7E42377FAF8809B7 . 3592192 . . [7.00.6000.16608] . . c:\windows\ie7updates\KB947864-IE7\mshtml.dll
[-] 2007-12-07 . 976C46ED4A75FC66D9C596778898CE1E . 3593216 . . [7.00.6000.20733] . . c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\mshtml.dll
[-] 2007-10-30 . 54D8B404F17AA74C666F7F3AEF2AE459 . 3593216 . . [7.00.6000.20710] . . c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\mshtml.dll
[-] 2007-10-30 . 8AB7ECF59D6EBBE986277B65ED4A40A1 . 3590656 . . [7.00.6000.16587] . . c:\windows\ie7updates\KB944533-IE7\mshtml.dll
[-] 2007-08-20 . E267EE248CDA7667C19001C069DE867B . 3584512 . . [7.00.6000.16544] . . c:\windows\ie7updates\KB942615-IE7\mshtml.dll
[-] 2007-08-20 . AA8A4BD78D24FCDB96DDAEE3756AA372 . 3592192 . . [7.00.6000.20661] . . c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\mshtml.dll
[-] 2007-07-19 . BD609A26B683332A0E0E1445C5724851 . 3583488 . . [7.00.6000.16525] . . c:\windows\ie7updates\KB939653-IE7\mshtml.dll
[-] 2007-07-18 . 7CE243CFD47AD0DC431586CB8C542A11 . 3584000 . . [7.00.6000.20641] . . c:\windows\$hf_mig$\KB937143-IE7\SP2QFE\mshtml.dll
[-] 2007-06-15 . 53F3FD772C010622346C39284C4A863B . 3064320 . . [6.00.2900.3157] . . c:\windows\ie7\mshtml.dll
[-] 2007-05-04 . 00ADCB32832A10ED9419493BCEA97526 . 3064320 . . [6.00.2900.3132] . . c:\windows\$NtUninstallKB937143$\mshtml.dll
[-] 2007-02-20 . 2991727809C7AC3A33E4178CC73244D8 . 3063296 . . [6.00.2900.3086] . . c:\windows\$NtUninstallKB933566$\mshtml.dll
[-] 2007-01-04 . 1C45525574EF206346FBAFCAAC7CC4A5 . 3062272 . . [6.00.2900.3059] . . c:\windows\$NtUninstallKB931768$\mshtml.dll
[-] 2006-11-08 . CBF04597F9CF7739E572276A2698FDD3 . 3577856 . . [7.00.5730.11] . . c:\windows\ie7updates\KB937143-IE7\mshtml.dll
[-] 2006-10-23 . 88E1C15BB1A9ED3CBA4D6F2F408D5010 . 3061248 . . [6.00.2900.3020] . . c:\windows\$NtUninstallKB928090$\mshtml.dll
[-] 2006-09-14 . CEFEA1C301139A817931BE132F0359FE . 3058688 . . [6.00.2900.2995] . . c:\windows\$NtUninstallKB925454$\mshtml.dll
[-] 2006-07-28 . D251679BD9EF0250201FB899EC40FD32 . 3058176 . . [6.00.2900.2963] . . c:\windows\$NtUninstallKB922760$\mshtml.dll
[-] 2005-11-24 . 5E7A39950EA133BB54719A6E08C544A7 . 3015680 . . [6.00.2900.2802] . . c:\windows\$NtUninstallKB918899$\mshtml.dll
[-] 2005-11-23 . D3F037F5DA702AE9DDD7663EC9D78BA7 . 3018240 . . [6.00.2900.2802] . . c:\windows\$hf_mig$\KB905915\SP2QFE\mshtml.dll

[-] 2008-04-14 . D7075E95AA599EE77B7A89D39296BD3D . 343040 . . [7.0.2600.5512] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll
[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\ServicePackFiles\i386\msvcrt.dll
[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll
[-] 2004-08-04 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . c:\windows\$NtServicePackUninstall$\msvcrt.dll
[-] 2004-08-04 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll
[-] 2004-08-04 . 98EC447E00229AFD88D5161A25D065DA . 343040 . . [7.0.2600.2180] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll

[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\mswsock.dll
[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\mswsock.dll
[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\mswsock.dll
[-] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
[-] 2008-06-20 . 097722F235A1FB698BF9234E01B52637 . 245248 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\mswsock.dll
[-] 2008-06-20 . 1DFCA7713EA5A70D5D93B436AEA0317A . 245248 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\mswsock.dll
[-] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\mswsock.dll
[-] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\mswsock.dll
[-] 2004-08-04 . 4E74AF063C3271FBEA20DD940CFD1184 . 245248 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748_0$\mswsock.dll

[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netlogon.dll
[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll
[-] 2004-08-04 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\netlogon.dll

[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\powrprof.dll
[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll
[-] 2004-08-04 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\powrprof.dll

[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\scecli.dll
[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll
[-] 2004-08-04 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\scecli.dll

[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfc.dll
[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll
[-] 2004-08-04 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfc.dll

[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\svchost.exe
[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe
[-] 2004-08-04 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\svchost.exe

[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tapisrv.dll
[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll
[-] 2005-07-08 . 1418A3A6E76E5A2E3F5E43866E793A8B . 249344 . . [5.1.2600.2716] . . c:\windows\$hf_mig$\KB893756\SP2QFE\tapisrv.dll
[-] 2005-07-08 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716] . . c:\windows\$NtServicePackUninstall$\tapisrv.dll
[-] 2004-08-04 . EB4A4187D74A8EFDCBEA3EA2CB1BDFBD . 246272 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893756$\tapisrv.dll

[-] 2008-11-26 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\user32.dll
[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[-] 2007-03-08 . 7AA4F6C00405DFC4B70ED4214E7D687B . 578048 . . [5.1.2600.3099] . . c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2007-03-08 . B409909F6E2E8A7067076ED748ABF1E7 . 577536 . . [5.1.2600.3099] . . c:\windows\$NtServicePackUninstall$\user32.dll
[-] 2005-03-02 . 1800F293BCCC8EDE8A70E12B88D80036 . 577024 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2005-03-02 . DE2DB164BBB35DB061AF0997E4499054 . 577024 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB925902$\user32.dll
[-] 2004-08-04 . C72661F8552ACE7C5C85E16A3CF505C4 . 577024 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\user32.dll

[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe
[-] 2004-08-04 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\userinit.exe

[-] 2010-11-06 . 9357C4249F4810FB0E49C13387A8A77C . 919552 . . [8.00.6001.23084] . . c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\wininet.dll
[-] 2010-11-06 . 306A2B05EA9846278113964DC6E2C940 . 916480 . . [8.00.6001.18992] . . c:\windows\system32\wininet.dll
[-] 2010-11-06 . 306A2B05EA9846278113964DC6E2C940 . 916480 . . [8.00.6001.18992] . . c:\windows\system32\dllcache\wininet.dll
[-] 2010-09-10 . 36FE8ABC59AAFBE20CBE54BC372F9429 . 916480 . . [8.00.6001.18968] . . c:\windows\ie8updates\KB2416400-IE8\wininet.dll
[-] 2010-09-10 . 0555E190DCD06B8998E6DDCA42DAEB82 . 919552 . . [8.00.6001.23060] . . c:\windows\$hf_mig$\KB2360131-IE8\SP3QFE\wininet.dll
[-] 2010-06-24 . 60237E50D575FBA9BEC9BC043F157149 . 919040 . . [8.00.6001.23037] . . c:\windows\$hf_mig$\KB2183461-IE8\SP3QFE\wininet.dll
[-] 2010-06-24 . D3DEB6B2B424AC93DE3801EAEB21A9A5 . 916480 . . [8.00.6001.18939] . . c:\windows\ie8updates\KB2360131-IE8\wininet.dll
[-] 2010-05-06 . 2D9C7B010409372C34F725DA5CCED083 . 916480 . . [8.00.6001.18923] . . c:\windows\ie8updates\KB2183461-IE8\wininet.dll
[-] 2010-05-06 . C1490F68B44AF8B781F52F12F564625D . 919040 . . [8.00.6001.23014] . . c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\wininet.dll
[-] 2010-02-25 . 7A42CFED96CDA7F2FB1A26D1F9F65775 . 916480 . . [8.00.6001.18904] . . c:\windows\ie8updates\KB982381-IE8\wininet.dll
[-] 2010-02-25 . 4458D59F2B0369F4D3B137541D284041 . 919040 . . [8.00.6001.22995] . . c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\wininet.dll
[-] 2009-12-21 . FF4241C74E0C0A5AFFFE05F584213ECB . 916480 . . [8.00.6001.18876] . . c:\windows\ie8updates\KB980182-IE8\wininet.dll
[-] 2009-12-21 . 5E1F666B8955FD77E65D65C4C4D882A3 . 916480 . . [8.00.6001.22967] . . c:\windows\$hf_mig$\KB978207-IE8\SP3QFE\wininet.dll
[-] 2009-10-29 . 7C599DEC022BEF6E3C9F4DB4FC164E8B . 832512 . . [7.00.6000.16945] . . c:\windows\ie8\wininet.dll
[-] 2009-10-29 . 6AF52998B90F72FF2325D84D90EDA1CC . 916480 . . [8.00.6001.22945] . . c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\wininet.dll
[-] 2009-10-29 . CA5CB4F174592090FBECFEAD9B51BB90 . 841216 . . [7.00.6000.21148] . . c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\wininet.dll
[-] 2009-10-29 . 75240F6EDBCE7B85DF66874407D38A4F . 916480 . . [8.00.6001.18854] . . c:\windows\ie8updates\KB978207-IE8\wininet.dll
[-] 2009-08-29 . DB111200015F08DDDB8857E11C6A80E3 . 832512 . . [7.00.6000.16915] . . c:\windows\ie7updates\KB976325-IE7\wininet.dll
[-] 2009-08-29 . A5885AF9BFBD942B828E6020AD326517 . 840704 . .

SuperDave · « **Reply #6 on:** February 16, 2011, 12:49:09 PM »

The ComboFix log looks incomplete. Please make sure that you alway copy the complete log when responding.

Please download SystemLook from one of the links below and save it to your desktop.

Link # 1
Link # 2

Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Double-click SystemLook.exe to run it.

Copy the contents of the following codebox into the main textfield.

Code: [Select]

:filefind
regedit.exe

Click the Look button to start the scan.

Note: The scan may take some time so please just let it do its work and be patient (or do something else unrelated to the computer).

When finished, a notepad window will open with the results of the scan. Please post the log. The log can also be found on your desktop entitled SystemLook.txt

shag · « **Reply #7 on:** February 17, 2011, 07:57:46 AM »

I've come down from my earlier optimism--windows hasn't been very stable for me since rebooting after combofix. no internet.

speaking of combofix, if you need to see the part of that log that got cut off, let me know.

system look log:

SystemLook 04.09.10 by jpshortstuff
Log created at 08:52 on 17/02/2011 by Chris
Administrator - Elevation successful

========== filefind ==========

Searching for "regedit.exe"
C:\i386\REGEDIT.EXE   --a---- 146432 bytes   [21:49 11/08/2004]   [10:00 04/08/2004] 783AFC80383C176B22DBF8333343992D
C:\WINDOWS\regedit.exe   ------- 146432 bytes   [22:00 11/08/2004]   [00:12 14/04/2008] 058710B720282CA82B909912D3EF28DB
C:\WINDOWS\$NtServicePackUninstall$\regedit.exe   -----c- 146432 bytes   [21:57 10/08/2008]   [10:00 04/08/2004] 783AFC80383C176B22DBF8333343992D
C:\WINDOWS\ServicePackFiles\i386\regedit.exe   ------- 146432 bytes   [21:38 10/08/2008]   [00:12 14/04/2008] 058710B720282CA82B909912D3EF28DB

-= EOF =-

SuperDave · « **Reply #8 on:** February 17, 2011, 12:57:25 PM »

Re-running ComboFix to remove infections:

Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open notepad and copy/paste the text in the quotebox below into it:
Quote
KillAll::

FCopy::
C:\WINDOWS\$NtServicePackUninstall$\regedit.exe | c:\windows\regedit.exe

MBR::
Save this as CFScript.txt, in the same location as ComboFix.exe
Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt
Please post the contents of the log in your next reply.

*****************************************************
Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Unzip SecurityCheck.zip and a folder named Security Check should appear.
* Open the Security Check folder and double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

shag · « **Reply #9 on:** February 17, 2011, 08:15:49 PM »

combofix log:

ComboFix 11-02-15.02 - Chris 02/17/2011 19:33:10.5.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.666 [GMT -6:00]
Running from: c:\documents and settings\Chris\Desktop\Latest Problems\ComboFix.exe
Command switches used :: c:\documents and settings\Chris\Desktop\Latest Problems\CFScript.txt
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

Infected copy of c:\windows\system32\Drivers\sptd.sys was found and disinfected
Restored copy from - Kitty ate it :p
.
--------------- FCopy ---------------

c:\windows\$NtServicePackUninstall$\regedit.exe --> c:\windows\regedit.exe
.
((((((((((((((((((((((((( Files Created from 2011-01-18 to 2011-02-18 )))))))))))))))))))))))))))))))
.

2011-02-15 03:24 . 2011-02-15 03:24   --------   d-----w-   c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2011-02-15 03:20 . 2011-02-15 03:20   --------   d-----w-   c:\documents and settings\Chris\Local Settings\Application Data\Mozilla
2011-02-15 03:15 . 2011-02-15 03:15   388096   ----a-r-   c:\documents and settings\Chris\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2011-02-15 02:11 . 2011-02-15 02:11   --------   d-----w-   c:\program files\TrendMicro
2011-02-11 01:49 . 2010-12-21 00:09   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-11 01:49 . 2010-12-21 00:08   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-02-11 01:42 . 2011-02-11 01:42   --------   d-----w-   c:\program files\CCleaner
2011-01-21 14:44 . 2011-01-21 14:44   439296   ------w-   c:\windows\system32\dllcache\shimgvw.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-21 14:44 . 2004-08-11 22:00   439296   ----a-w-   c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2004-08-11 22:00   290048   ----a-w-   c:\windows\system32\atmfd.dll
2010-12-31 13:10 . 2004-08-11 22:00   1854976   ----a-w-   c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2004-08-11 22:00   301568   ----a-w-   c:\windows\system32\kerberos.dll
2010-12-20 17:26 . 2004-08-11 22:00   730112   ----a-w-   c:\windows\system32\lsasrv.dll
2010-12-09 15:15 . 2004-08-11 22:00   718336   ----a-w-   c:\windows\system32\ntdll.dll
2010-12-09 14:30 . 2004-08-11 22:00   33280   ----a-w-   c:\windows\system32\csrsrv.dll
2010-12-09 13:42 . 2004-08-11 22:00   2148864   ----a-w-   c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07 . 2004-08-04 03:59   2027008   ----a-w-   c:\windows\system32\ntkrnlpa.exe
2010-11-29 23:38 . 2010-11-29 23:38   94208   ----a-w-   c:\windows\system32\QuickTimeVR.qtx
2010-11-29 23:38 . 2010-11-29 23:38   69632   ----a-w-   c:\windows\system32\QuickTime.qts
.

((((((((((((((((((((((((((((( SnapShot@2011-02-16_06.44.24 )))))))))))))))))))))))))))))))))))))))))
.
- 2004-08-11 22:00 . 2011-02-16 06:29   73052 c:\windows\system32\perfc009.dat
+ 2004-08-11 22:00 . 2011-02-18 01:44   73052 c:\windows\system32\perfc009.dat
- 2009-12-14 07:08 . 2009-12-14 07:08   33280 c:\windows\system32\dllcache\csrsrv.dll
+ 2009-12-14 07:08 . 2010-12-09 14:30   33280 c:\windows\system32\dllcache\csrsrv.dll
- 2004-08-11 22:00 . 2011-02-16 06:29   443914 c:\windows\system32\perfh009.dat
+ 2004-08-11 22:00 . 2011-02-18 01:44   443914 c:\windows\system32\perfh009.dat
+ 2004-08-11 22:06 . 2011-02-16 11:34   138056 c:\windows\system32\FNTCACHE.DAT
- 2004-08-11 22:06 . 2010-12-16 19:12   138056 c:\windows\system32\FNTCACHE.DAT
+ 2008-01-18 04:43 . 2008-01-18 16:43   716272 c:\windows\system32\drivers\sptd.sys
- 2008-01-18 04:43 . 2008-01-18 10:43   716272 c:\windows\system32\drivers\sptd.sys
+ 2004-08-11 22:00 . 2004-08-04 10:00   146432 c:\windows\system32\dllcache\regedit.exe
+ 2009-04-18 04:29 . 2010-12-09 15:15   718336 c:\windows\system32\dllcache\ntdll.dll
- 2009-04-18 04:29 . 2009-06-25 08:25   730112 c:\windows\system32\dllcache\lsasrv.dll
+ 2009-04-18 04:29 . 2010-12-20 17:26   730112 c:\windows\system32\dllcache\lsasrv.dll
+ 2009-06-25 08:25 . 2010-12-22 12:34   301568 c:\windows\system32\dllcache\kerberos.dll
- 2009-06-25 08:25 . 2009-06-25 08:25   301568 c:\windows\system32\dllcache\kerberos.dll
- 2010-04-20 05:30 . 2010-10-28 13:13   290048 c:\windows\system32\dllcache\atmfd.dll
+ 2010-04-20 05:30 . 2011-01-07 14:09   290048 c:\windows\system32\dllcache\atmfd.dll
- 2004-08-11 22:00 . 2010-07-27 06:30   8462336 c:\windows\system32\shell32.dll
+ 2004-08-11 22:00 . 2011-01-21 14:44   8462336 c:\windows\system32\shell32.dll
+ 2008-10-16 20:33 . 2010-12-31 13:10   1854976 c:\windows\system32\dllcache\win32k.sys
+ 2008-06-17 19:02 . 2011-01-21 14:44   8462336 c:\windows\system32\dllcache\shell32.dll
- 2008-06-17 19:02 . 2010-07-27 06:30   8462336 c:\windows\system32\dllcache\shell32.dll
+ 2008-10-16 20:33 . 2010-12-09 13:38   2192768 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2008-10-16 20:33 . 2010-12-09 13:07   2027008 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2008-10-16 20:33 . 2010-12-09 13:07   2069376 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2008-10-16 20:33 . 2010-12-09 13:42   2148864 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2008-10-16 20:33 . 2010-12-09 13:38   2192768 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2008-10-16 20:33 . 2010-12-09 13:07   2027008 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2008-10-16 20:33 . 2010-12-09 13:07   2069376 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2008-10-16 20:33 . 2010-12-09 13:42   2148864 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2006-10-05 17:54 . 2011-02-16 09:01   37443528 c:\windows\system32\MRT.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-01-03 15028104]
"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-01-17 486856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-29 761947]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"SigmatelSysTrayApp"="stsystra.exe" [2005-11-17 397312]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-10-18 802816]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-10-18 696320]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-19 98304]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-19 118784]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-19 77824]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"Dell QuickSet"="c:\program files\Dell\QuickSet\Quickset.exe" [2005-12-15 839680]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2009-09-13 103768]
"BellSouthWCC_McciTrayApp"="c:\program files\BellSouthWCC\McciTrayApp.exe" [2005-11-17 543232]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2008-07-04 109056]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
America Online 9.0 Tray Icon.lnk - c:\program files\America Online 9.0\aoltray.exe [2006-4-5 156784]
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2005-6-16 49152]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-4-5 24576]
dlbcserv.lnk - c:\program files\Dell Photo Printer 720\dlbcserv.exe [2007-3-8 315392]
NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2008-3-3 118784]
PHOTOfunSTUDIO.lnk - c:\program files\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe [2010-1-18 44176]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"GameConsoleService"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Games HQ\\Unreal Tournament\\System\\UnrealTournament.exe"=
"c:\\Program Files\\Games HQ\\Age of Empires II\\age2_x1\\age2_x1.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=

R?2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [9/9/2009 7:37 PM 108289]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1/17/2008 10:43 PM 716272]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [9/8/2009 5:13 PM 65584]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 12:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 12:41 PM 67656]
S0 haqaugev;haqaugev;c:\windows\system32\drivers\jhyedcun.sys --> c:\windows\system32\drivers\jhyedcun.sys [?]
S3 BW2NDIS5;BW2NDIS5;c:\windows\system32\Drivers\BW2NDIS5.sys --> c:\windows\system32\Drivers\BW2NDIS5.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2011-02-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
FF - ProfilePath - c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\khnidukr.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-17 19:55
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-763208294-2166686365-2200820826-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4AE46BEE-309A-D118-EEF6-0B629E101924}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iandjebeamjplkkima"=hex:6a,61,6f,6d,70,67,70,6a,61,6e,6d,62,65,6b,62,6a,67,66,
67,6d,00,f2
"haddpfckmafepble"=hex:6b,61,69,6d,61,6a,63,62,61,63,6c,6a,67,6e,6a,6c,6c,70,
6e,62,69,61,00,00

[HKEY_USERS\S-1-5-21-763208294-2166686365-2200820826-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C4FF9455-D2D0-B2C0-5236-97D1CE5D2B9A}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iaifkpmhmcpabcapeb"=hex:6a,61,6a,6f,63,67,6c,63,66,6b,6a,65,6b,64,68,61,67,68,
6e,6e,00,f1
"hacgbhgnolebgoia"=hex:6a,61,6a,6f,63,67,6c,63,66,6b,6a,65,6b,64,68,61,67,68,
6e,6e,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(712)
c:\windows\system32\wininet.dll
c:\program files\SUPERAntiSpyware\SASWINLO.DLL

- - - - - - - > 'lsass.exe'(772)
c:\windows\system32\wininet.dll

- - - - - - - > 'explorer.exe'(3628)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\windows\system32\igfxsrvc.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\Citrix\ICA Client\wfcrun32.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
.
**************************************************************************
.
Completion time: 2011-02-17 20:02:36 - machine was rebooted
ComboFix-quarantined-files.txt 2011-02-18 02:02
ComboFix2.txt 2011-02-16 06:53

Pre-Run: 53,704,626,176 bytes free
Post-Run: 53,674,139,648 bytes free

Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - A16E56CB17A9083941F3FC3B475C996F

systemcheck:

Results of screen317's Security Check version 0.99.8
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Security Center service is not running! This report may not be accurate!
Avira AntiVir Personal - Free Antivirus
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner
Java(TM) 6 Update 22
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Out of date Java installed!
Adobe Flash Player
Adobe Reader 8.1.4
Out of date Adobe Reader installed!
Mozilla Firefox (3.6.13)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
``````````End of Log````````````

SuperDave · « **Reply #10 on:** February 18, 2011, 11:47:26 AM »

Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.

First Verify your Java Version

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the Sun Java Runtime Environment.

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download JavaRa and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.
4. Run CCleaner.

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
*****************************************************
Please download the newest version of Adobe Acrobat Reader from Adobe.com

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.
****************************************************
SysProt Antirootkit

Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).

http://sites.google.com/site/sysprotantirootkit/

Unzip it into a folder on your desktop.

Double click Sysprot.exe to start the program.
Click on the Log tab.
In the Write to log box select the following items.

Process << Selected
Kernel Modules << Selected
SSDT << Selected
Kernel Hooks << Selected
IRP Hooks << NOT Selected
Ports << NOT Selected
Hidden Files << Selected

At the bottom of the page

Hidden Objects Only << Selected

Click on the Create Log button on the bottom right.
After a few seconds a new window should appear.
Select Scan Root Drive. Click on the Start button.
When it is complete a new window will appear to indicate that the scan is finished.
The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.

shag · « **Reply #11 on:** February 18, 2011, 07:50:42 PM »

javara produced a log as well, but i'm assuming you don't need to see it.

sysprot log:

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

No Hidden Processes found

******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwCreateKey
Address: F1767706
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwCreateThread
Address: F17676FC
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwDeleteKey
Address: F176770B
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwDeleteValueKey
Address: F1767715
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwEnumerateKey
Address: F739DCA2
Driver Base: F737F000
Driver End: F747C000
Driver Name: spds.sys

Function Name: ZwEnumerateValueKey
Address: F739E030
Driver Base: F737F000
Driver End: F747C000
Driver Name: spds.sys

Function Name: ZwLoadKey
Address: F176771A
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwOpenKey
Address: F73800C0
Driver Base: F737F000
Driver End: F747C000
Driver Name: spds.sys

Function Name: ZwOpenProcess
Address: F17676E8
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwOpenThread
Address: F17676ED
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwQueryKey
Address: F739E108
Driver Base: F737F000
Driver End: F747C000
Driver Name: spds.sys

Function Name: ZwQueryValueKey
Address: F739DF88
Driver Base: F737F000
Driver End: F747C000
Driver Name: spds.sys

Function Name: ZwReplaceKey
Address: F1767724
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwRestoreKey
Address: F176771F
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwSetValueKey
Address: F1767710
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwTerminateProcess
Address: F17676F7
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: C:\Qoobox\BackEnv\AppData.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Cache.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Cookies.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Desktop.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Favorites.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\History.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\LocalAppData.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\LocalSettings.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Music.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\NetHood.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Personal.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Pictures.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\PrintHood.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Profiles.Folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Profiles.Folder.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Programs.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Recent.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SendTo.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SetPath.bat
Status: Access denied

Object: C:\Qoobox\BackEnv\StartMenu.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\StartUp.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SysPath.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Templates.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\VikPev00
Status: Access denied

SuperDave · « **Reply #12 on:** February 19, 2011, 12:08:58 PM »

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the

button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

Click on to download the ESET Smart Installer. Save it to your desktop.
Double click on the icon on your desktop.

•Check

•Click the

button.
•Accept any security warnings from your browser.
•Check

•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push

•Push

, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the

button.
•Push

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

shag · « **Reply #13 on:** February 19, 2011, 05:24:49 PM »

I have to use another machine for all my internet doings--the laptop's internet does not work. Therefore the online scanner isn't going to work, at least to my knowledge. I looked into ESET's offerings and found "ESET NOD32 Antivirus 4" which can be fully downloaded and installed on a computer. I had to uninstall Avira on my laptop before installing ESET--I'll re-install Avira later.

ESET's website gave a one-sentence answer as to how to configure the NOD32 thinger to make it equivalent to ESET's online scan, but I couldn't really follow it. The best I could do is run NOD32's standard scan and hope you can get what you need out of it. Here's that scan's log.

Scan Log
Version of virus signature database: 5782 (20110112)
Date: 2/19/2011 Time: 4:29:24 PM
Scanned disks, folders and files: Operating memory;C:\Boot sector;C:\
Operating memory - Win32/Olmarik trojan - action selection postponed until scan completion
C:\hiberfil.sys - error opening [4]
C:\pagefile.sys - error opening [4]
C:\Documents and Settings\All Users\Application Data\Citrix\Citrix online plug-in - web\ICAWebWrapper.msi » MSI » ICAWebWrapper.cab » CAB » License.txt.2F4FD4D8_836F_4C36_8D77_AFB 7434D6D2A » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users\Application Data\Citrix\Citrix online plug-in - web\ICAWebWrapper.msi » MSI » ICAWebWrapper.cab » CAB » License.txt.DB843BBC_6F1C_44D6_977F_609 2DC2A4DF8 » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users\Application Data\MCA74.tmp\agentins.ui » ZIP » agentins.ini - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCA74.tmp\agentins.ui » ZIP » agntcons.vbs - incorrect CRC checksum, the file may be damaged
C:\Documents and Settings\All Users\Application Data\MCA74.tmp\agentins.ui » ZIP » agntinst.htm - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCA74.tmp\agentins.ui » ZIP » agntinst.vbs - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCA74.tmp\agentins.ui » ZIP » agntlang.vbs - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCA74.tmp\agentins.ui » ZIP » default.htm - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCA74.tmp\agentins.ui » ZIP » header.vbs - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCA74.tmp\agentins.ui » ZIP » HtmlUtil.vbs - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCA74.tmp\agentins.ui » ZIP » images/bg_left_1x314.gif - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCA74.tmp\agentins.ui » ZIP » images/bg_left_MSC_165x314.gif - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCA74.tmp\agentins.ui » ZIP » images/icon_info_16x16.gif - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCA74.tmp\agentins.ui » ZIP » images/icon_mcafee_61x61.gif - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCA74.tmp\agentins.ui » ZIP » images/icon_progress_checked_13x13.gif - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCA74.tmp\agentins.ui » ZIP » images/icon_progress_hot_13x13.gif - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCA74.tmp\agentins.ui » ZIP » images/icon_progress_unchecked_13x13.gif - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCA74.tmp\agentins.ui » ZIP » InstUtil.vbs - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCA74.tmp\agentins.ui » ZIP » instwiz.css - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCA74.tmp\agentins.ui » ZIP » instxp.css - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCA74.tmp\agentins.ui » ZIP » mcccom.lpk - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCA74.tmp\agentins.ui » ZIP » pbar.vbs - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCA74.tmp\agentins.ui » ZIP » setcss.vbs - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCA74.tmp\agentins.ui » ZIP » SubInfoData.vbs - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCA74.tmp\vsoins.ui » ZIP » common_utils.js - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCA74.tmp\vsoins.ui » ZIP » countries.js - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCA74.tmp\vsoins.ui » ZIP » default.htm - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCA74.tmp\vsoins.ui » ZIP » default.vbs - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCA74.tmp\vsoins.ui » ZIP » HtmlUtil.vbs - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCA74.tmp\vsoins.ui » ZIP » install.htm - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCA74.tmp\vsoins.ui » ZIP » install.vbs - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCA74.tmp\vsoins.ui » ZIP » instwiz.css - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCA74.tmp\vsoins.ui » ZIP » instxp.css - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCA74.tmp\vsoins.ui » ZIP » lang_common.vbs - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCA74.tmp\vsoins.ui » ZIP » mcccom.lpk - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCA74.tmp\vsoins.ui » ZIP » pbar.vbs - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCA74.tmp\vsoins.ui » ZIP » setcss.vbs - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCA74.tmp\vsoins.ui » ZIP » strids_brandables.js - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCA74.tmp\vsoins.ui » ZIP » strids_common.js - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCA74.tmp\vsoins.ui » ZIP » strids_vsinstaller.js - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCA74.tmp\vsoins.ui » ZIP » vmap_reporting.css - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCA74.tmp\vsoins.ui » ZIP » VsoConst.vbs - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCA74.tmp\vsoins.ui » ZIP » vsoins.ini - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCA74.tmp\vsoins.ui » ZIP » VSOPropConst.vbs - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCAB4.tmp\agentins.ui » ZIP » agentins.ini - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCAB4.tmp\agentins.ui » ZIP » agntcons.vbs - incorrect CRC checksum, the file may be damaged
C:\Documents and Settings\All Users\Application Data\MCAB4.tmp\agentins.ui » ZIP » agntinst.htm - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCAB4.tmp\agentins.ui » ZIP » agntinst.vbs - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCAB4.tmp\agentins.ui » ZIP » agntlang.vbs - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCAB4.tmp\agentins.ui » ZIP » default.htm - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCAB4.tmp\agentins.ui » ZIP » header.vbs - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCAB4.tmp\agentins.ui » ZIP » HtmlUtil.vbs - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCAB4.tmp\agentins.ui » ZIP » images/bg_left_1x314.gif - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCAB4.tmp\agentins.ui » ZIP » images/bg_left_MSC_165x314.gif - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCAB4.tmp\agentins.ui » ZIP » images/icon_info_16x16.gif - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCAB4.tmp\agentins.ui » ZIP » images/icon_mcafee_61x61.gif - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCAB4.tmp\agentins.ui » ZIP » images/icon_progress_checked_13x13.gif - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCAB4.tmp\agentins.ui » ZIP » images/icon_progress_hot_13x13.gif - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCAB4.tmp\agentins.ui » ZIP » images/icon_progress_unchecked_13x13.gif - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCAB4.tmp\agentins.ui » ZIP » InstUtil.vbs - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCAB4.tmp\agentins.ui » ZIP » instwiz.css - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCAB4.tmp\agentins.ui » ZIP » instxp.css - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCAB4.tmp\agentins.ui » ZIP » mcccom.lpk - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCAB4.tmp\agentins.ui » ZIP » pbar.vbs - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCAB4.tmp\agentins.ui » ZIP » setcss.vbs - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCAB4.tmp\agentins.ui » ZIP » SubInfoData.vbs - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCAB4.tmp\vsoins.ui » ZIP » common_utils.js - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCAB4.tmp\vsoins.ui » ZIP » countries.js - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCAB4.tmp\vsoins.ui » ZIP » default.htm - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCAB4.tmp\vsoins.ui » ZIP » default.vbs - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCAB4.tmp\vsoins.ui » ZIP » HtmlUtil.vbs - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCAB4.tmp\vsoins.ui » ZIP » install.htm - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCAB4.tmp\vsoins.ui » ZIP » install.vbs - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCAB4.tmp\vsoins.ui » ZIP » instwiz.css - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCAB4.tmp\vsoins.ui » ZIP » instxp.css - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCAB4.tmp\vsoins.ui » ZIP » lang_common.vbs - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCAB4.tmp\vsoins.ui » ZIP » mcccom.lpk - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCAB4.tmp\vsoins.ui » ZIP » pbar.vbs - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCAB4.tmp\vsoins.ui » ZIP » setcss.vbs - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCAB4.tmp\vsoins.ui » ZIP » strids_brandables.js - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCAB4.tmp\vsoins.ui » ZIP » strids_common.js - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCAB4.tmp\vsoins.ui » ZIP » strids_vsinstaller.js - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCAB4.tmp\vsoins.ui » ZIP » vmap_reporting.css - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCAB4.tmp\vsoins.ui » ZIP » VsoConst.vbs - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCAB4.tmp\vsoins.ui » ZIP » vsoins.ini - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCAB4.tmp\vsoins.ui » ZIP » VSOPropConst.vbs - error - password-protected file
C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\News\valert.ui » ZIP » CmnIds.vbs - error - password-protected file
C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\News\valert.ui » ZIP » images/arrow_right.gif - error - password-protected file
C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\News\valert.ui » ZIP » images/btn_signup_52x20.gif - error - password-protected file
C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\News\valert.ui » ZIP » images/more_info.gif - error - password-protected file
C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\News\valert.ui » ZIP » images/sidetable_bottom.gif - error - password-protected file
C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\News\valert.ui » ZIP » images/sidetable_bottom_red.gif - error - password-protected file
C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\News\valert.ui » ZIP » images/sidetable_top.gif - error - password-protected file
C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\News\valert.ui » ZIP » images/sidetable_top_red.gif - error - password-protected file
C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\News\valert.ui » ZIP » images/transpix.gif - error - password-protected file
C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\News\valert.ui » ZIP » images/watermark_mys_150x130.gif - error - password-protected file
C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\News\valert.ui » ZIP » oemcfg.vbs - error - password-protected file
C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\News\valert.ui » ZIP » OEMIds.vbs - error - password-protected file
C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\News\valert.ui » ZIP » valert.htm - error - password-protected file
C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\News\valert.ui » ZIP » valert_old.htm - error - password-protected file
C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\News\valert.ui » ZIP » hs~valert.htm - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ad391678a806ec4d691e83aaa393b6f_50e417e0-e461-474b-96e2-077b80325612 - error opening [4]
C:\Documents and Settings\Chris\Application Data\Sun\Java\jre1.6.0_24\Data1.cab » CAB » core.zip » ZIP » lib/resources.jar » ZIP » com/sun/org/apache/xerces/internal/impl/msg/XIncludeMessages.properties » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris\Application Data\Sun\Java\jre1.6.0_24\Data1.cab » CAB » core.zip » ZIP » lib/resources.jar » ZIP » com/sun/xml/internal/fastinfoset/resources/ResourceBundle.properties » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris\Application Data\Sun\Java\jre1.6.0_24\Data1.cab » CAB » core.zip » ZIP » lib/resources.jar » ZIP » javax/xml/bind/Messages.properties » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-10-2011 - 21-47-43.SBU » ZIP » {55929B8A-5F51-43F5-8C7E-F9DE70AFCC5F} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-10-2011 - 21-47-43.SBU » ZIP » {B4FADD22-F5BC-4AEA-BA61-F0402D7CCEA7} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-10-2011 - 21-47-43.SBU » ZIP » backup.db - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {00C40D3C-38B4-4A58-8D6C-093FD90FB241} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {02AA20AC-17A0-47E0-8706-82284D283F3C} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {031B335F-B9F9-41B0-B10B-6928C5AB208E} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {03BE28BF-C32F-4A2D-847C-9534EEE72A7A} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {04F18500-326A-4B7C-9A33-6DE1E0EED294} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {05E9EE21-65EA-4806-9939-64A5F59615E0} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {05F4B5C8-E004-4806-817D-C69C5283CAD5} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {082AE6DA-A6E4-41A9-A69C-14710F7CFFB8} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {0887439C-9767-4D86-B974-63A3EA148988} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {08A0789B-19E7-4FA3-A451-64ED286DFFCD} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {08C79A27-E7ED-431E-8385-797DC14E535C} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {08D06C4B-0C77-4B5E-A453-485F5E25017D} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {0A41754E-7CFC-4974-BECC-D80E207292DE} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {0B3CCF37-AEA1-4691-978D-73C582EA08FA} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {0CC940A6-B402-4951-A0FA-337383887B55} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {0E3FBE73-81C5-4449-88DA-7CB019712083} - incorrect CRC checksum, the file may be damaged
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {0E938A1A-8EB9-4C77-BFDE-437FA1D2D23D} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {0F3AA6DD-8708-4746-8604-4846C89F067F} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {0F9FF551-034E-49D4-BCC7-E734B820F237} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {1129EA17-E5C2-4CA6-94BB-003AB7A69E60} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {11B7CF1F-4A13-4A7C-A5A8-7623BDD595CE} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {1333C80D-2BF6-499B-A75F-510DC8B7F1CE} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {1390F1F2-118E-48C6-A2FF-AD2E752E7A49} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {13ECA295-2C7F-4D1F-84F4-672B4B56AFD4} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {1A442C13-82CE-4EDB-8D70-5480BF2721D1} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {1C414319-F321-46CB-92F2-CFAE1894E41D} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {1C98FA55-6B2A-4679-8D79-69D858873ED8} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {1CBD67A3-7FE9-415B-9098-C7848E62AC29} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {1D246B8D-0367-415F-BB6E-06D95D642CF5} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {1D608230-D9CA-4A74-AE3D-C73C41F39473} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {1F7CEF5E-7812-441C-A5F6-3DD9EF9645E4} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {216A21AA-9D50-4C9D-9332-DAFC88419807} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {222AE173-CFFF-4BF1-B28A-F4EBE1CF44C4} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {2347D7DE-B5DE-4401-ADE0-0C5906BB0EF1} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {23C144E2-040F-487C-9FFE-AF8D97774CC8} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {23D25364-A748-43DA-9253-5CFEDBCE0C90} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {247F85FE-2A3E-4DC6-8E0A-98F0A944473A} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {24A07F5C-0039-4FFF-9BEF-417C440E5DE2} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {24AFCE56-71B2-4C6E-A25A-4245325563F0} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {24D78C26-F3C8-4145-A0A5-6169B2583ECA} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {25C592CC-78B4-48F5-AAA3-1A9690B9FDCC} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {2645DE5A-953D-4B11-A9F6-D1A5E91C77A9} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {26805C5B-AC08-47D3-AA37-E2FE28DE137D} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {27694FAA-7974-4F0E-B7E9-6E64A97B4E48} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {284DFE0D-5D94-4123-9D61-4C9A57A4D895} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {28AB3B4B-578B-428D-89DA-3B90A4BAEB27} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {292055FF-A462-4A0F-A5DD-007490DDB965} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {29C9B59F-CFFE-49C6-8A5B-104E0B3DEDFB} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {2CE583E4-FBDA-4616-9B6A-E979127B13B6} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {2CEBFE60-5C3C-40F2-ADBF-85FEFD0B43CA} - incorrect CRC checksum, the file may be damaged
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {2D1913B0-F2DA-4C6A-BE9B-787B14813ECE} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {2DC708A6-F9BE-4F79-BCC5-1A987FEF49B6} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {2DCE0F8C-140A-4CB0-BD59-5D548F7C3B9F} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {2EF5D504-42AD-4C84-934C-FFE325BB77C3} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {321D7C62-0D0B-40C8-B10B-53FE76A0A066} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {332B8299-F879-4245-AF93-6C91515AC6D8} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {33B9F56A-DAB2-4D6C-A711-BCADE5D8DAD6} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {33CB592D-17F4-4883-8955-E53FE5C5E951} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {342ACF29-0343-4736-B84C-69D0A73089E5} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {34DA9799-5A7A-4B3C-B30E-BFDB320C18D6} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {35334384-5138-4CCA-9656-967498C60F36} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {376DFB5F-9FBD-416E-B694-7731B2765AF4} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {37F3D95F-E19E-4638-9B23-E70C19FB8DA6} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {3853014E-A5C0-4640-B176-B46CFF4EDF64} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {3904A88C-6026-4253-8CC3-D7D8DFA8FAA6} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {3913F586-849D-4DDB-9315-43380C08A3D1} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {3957FC50-8A3B-4751-90D9-1EC2838FE287} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {39B5BAB5-A85F-4DE9-8B06-9E6BDF954B77} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {3AE8336C-A988-40AE-97A0-8F32A7F23F9C} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {3B242D17-5EC4-476A-827D-BB411978E63C} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {3B517073-0AB9-49FC-90CA-EFD0AEFAF468} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {3D191FC7-C06F-4BB0-A5BF-537A79C7F59F} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {3D1AFBBB-6962-41D4-97AF-B1180850BC46} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {3FFEBDA8-5534-4576-AC53-481B500163B7} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {407F8613-E044-48AE-B8F9-60EC7DA53818} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {415906A0-27B7-40A8-885E-B44AF3C22AD7} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {41F183AD-94A7-4EC6-8743-E51425E02876} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {430C9FC8-8208-4431-8885-AC09C71FFC61} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {43F1BD22-AE01-40E0-8E87-D08ACEC37750} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {448E3A17-DEC0-4B70-86BE-963EB059F197} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {4544942E-E356-4E3E-A5BA-D9294C0DA75E} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {45B19782-AD82-4F25-80EC-60FD14A5AED1} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {465CD16F-B8EE-43EC-BABF-6D55BE07A2B7} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {4A5A17BA-3957-4C73-9875-F0ABFAABDDAA} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {4AC89079-6BD7-4E13-A89F-09CC2174E8EA} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {4AEB3CAA-F707-45AE-A605-2DED64A05A1F} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {4D775C3C-8B5A-431B-91A2-B8F7AB91F434} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {4F5A42FA-8225-4561-A4AA-44D448D074C0} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {4FD6F733-A26B-489E-910B-87E6238C6795} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {517EB01A-5F30-4B04-BFC9-76CD12D2EEDD} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {51C29C24-B853-4DA8-8641-BE6B2B871581} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {5245C43D-D609-46E2-90C2-318D1DA357A7} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {5306AA4C-C1C1-4B78-9F7E-B448246C1E9A} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {545471DD-FB51-4B68-8809-281F5E56BE55} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {54BE22B7-394B-4A51-9C57-AFB9D7302A3B} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {553F9867-5892-442B-8C11-5256046FB817} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {578A9AC3-AC14-4C16-8943-C5DAF077D238} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {591B4C68-62BF-4A7D-AD32-A6A1BDC3CF5E} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {59877F48-D6F6-4685-83ED-7CFA1A6C6801} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {5A61B40F-0F7E-42B6-8BF8-EF27CFB7513A} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {5A7D4E46-BCD2-41D2-A077-122B04F10817} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {5AD79385-B645-4A1E-B24A-53B583FF8C0A} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {5E01EA0B-F538-47F1-A925-830F583C6D9B} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {5FB82319-00DF-47D8-8ECA-E0D9358CC0F2} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {5FBD36E7-B4F1-4A0D-A8FE-35C51F2AF21B} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {605F5AE0-FC86-4A5F-BB2D-A8387A9D571E} - incorrect CRC checksum, the file may be damaged
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {60CB4E03-73A1-4C89-A98D-40736388AC9F} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {61194CDD-23BD-4000-A92E-AABE1298DEED} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {632A3726-B969-4978-B841-6D9ACCC94F3A} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {6348F146-5444-41A6-9B35-203AFAD1C3B1} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {63CE12AF-238D-40AF-A31B-AFD5ED42D7B6} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {64123022-CCAE-4B32-8056-30C4BC7D3DC6} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {67335A1C-C5A1-417D-8D15-69E4DC08CF6D} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {67ED0CA4-4491-43C2-BB6F-EF578F7A940A} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {6962EEF1-BA2C-4D33-AA1C-F2F4B9EC672C} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {69E058C8-756D-436F-A31A-3060A7533A6E} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {6ABE9428-2720-4FC5-92CE-81250DC8B9E0} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {6B3C0B35-1439-4527-92EE-35E7412C651D} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {6B8FF064-AAA7-4E6E-9C1C-79C5CCF02BDE} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {6BDE4D0A-1DB0-4F68-94ED-3D7E1A499CB9} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {6C396967-F56E-42EF-8FF8-6A4A2D96E05D} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {6D06BBFA-9B05-43E6-B5E5-5F99EDD420A2} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {6D59C3F5-2A2D-4BF2-8CC0-31A789F27DDC} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {6EE0CCA4-AF89-4DF5-8966-E02C804D8391} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {708A81B0-31ED-4034-B95D-DB4AA4990193} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {70B3F9E5-4E33-4530-891A-C25642B96B32} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {7133A92B-E48D-4B24-932C-26CDC48DBEF6} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {74292806-0728-46CF-BC3C-60AAA475771B} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {74BB136C-2959-4084-BB14-8304DF03821D} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {74C551D3-416C-41EC-9EED-1EAE32B6C0A3} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {74E59527-D652-4E1A-BD22-163813806A18} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {7605A931-7630-44BC-9A9F-6AEA0F5A494C} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {78C202E5-B441-4CD1-B77F-FE54F76AC968} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {79F822B0-B078-481E-A405-BE632477A328} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {7A1C7852-4C71-4B13-BC2D-EBD6DE21A3F5} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {7A5536E2-BD9C-495E-91DF-6E15B350E71F} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {7AB02CE6-AEE7-48D9-A5FA-E49C32D9BF63} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {7C637A65-C027-4D53-AF55-38B6E2C2345F} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {7D86196C-D299-4745-B2B8-D78DC6E01801} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {7DE3BBA3-E088-4CEC-ABA1-CC315395E25A} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {7E89C55A-247F-40AE-A1A2-BD50B9D83C66} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {7F4E0AD4-E76A-465F-8CFB-E4A5347AB0DE} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {7FA8B5FA-F836-4624-A7E0-48B9400AF83E} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {81DF4652-3D7C-4BD6-83DE-7C9A17FA2C88} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {82DA9FDB-10DF-469D-948E-73C9976AFE70} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {84F90937-167C-4908-9E6A-F54F9441A0CA} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {8667EA8E-6806-4673-ABB1-08C2473D8124} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {86BD60E7-07D8-4AE5-8E65-9E4280DF3975} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {885D1C20-677B-47C3-A5D6-D7F507A1C68B} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {8919CA84-30F1-4627-8F5E-46E3E7868B00} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {8AA6A559-B563-4C57-B1CE-4262C9B9DAEF} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {8CCF3CBA-6820-4C8C-813A-BD9FCD57808D} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {8D40434D-E39C-4D5A-828C-30B9C6E9324A} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {8D4BE094-79D7-4DA9-A157-9A9649BDD965} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {8DE5280A-35D8-4075-8C55-2138748CA8EF} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {8E951FA5-0DB7-439E-8EF2-D013F5FEB445} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {8F93D8C9-CF33-4FFA-84CE-C1A8C1EC641E} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {9073D8DE-3FE1-4825-A607-6B191FC57ACE} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {91CBB92C-DBD5-4EB6-A4F0-E76044E6302D} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {92F5B52E-51A5-4069-964D-DA61C1DD5511} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {93888257-62D2-449B-9ADD-FDB35A89EB67} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {93C632F0-5C59-452C-A29A-A92323B856C9} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {93DE119E-112A-4ACD-A798-7A033453C865} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {9406309F-E70B-4D05-BCF7-33F93A4BB91A} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {94848595-60F1-4536-93D5-262DB5AEA553} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {94A4136D-0989-4482-80E9-AED62A2F5355} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {9697133B-8459-4AD2-AEDD-DBF5B920EF5E} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {983C59CC-A224-4EAA-9BA4-A40224D8049D} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {99F56417-3F38-4273-9E16-50F7A6040438} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {9AF4CD62-E6D3-4DAA-9BE0-867D7238B819} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {9B48C736-848F-4529-ACE2-49F3AE11FDC9} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {9BB9C52C-1689-4910-A3B2-0B6864567900} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {9C0B971D-6DDD-4ABA-A209-5D931989A7A9} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {9CB3CAD0-4CA5-467F-8B9D-BECC109083B2} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {9E00DE87-ECFB-4962-8F33-D55915631A3E} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {9F6ADCF9-591C-4A64-A3A5-39B3B5F750AF} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {A15C0164-B7CF-4CD6-82A5-5C274C8F47F5} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {A161969E-1C74-40A5-A742-ACA37F0EA1BE} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {A1683BD4-CD50-4AD9-BA2F-7887744F90F7} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {A2BD0F8C-9566-47D1-BF86-11D4EEF95FD8} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {A2E5532D-ED82-40C6-A2C2-80DDC5CE4F7E} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {A35FD421-48D2-4D49-8008-CA44A2855F14} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {A3D77743-B5A8-462D-8B54-18CABD53494D} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {A4A7C8DA-CB06-4256-8451-B00884879C4B} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {A5CC78C0-CEF4-4BCF-A7DF-7DEF9F96490F} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {A5F297D7-1E90-42CA-A04A-2647F8F3AF7D} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {A89F2529-DE7C-4BE7-A148-6EC403F90FCA} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {A9463072-3BD1-4BE8-A53D-1614C1C19210} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {A9BFBE5E-2E44-41EC-8F80-4882B0D52CE2} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {AB47BEFF-32E9-49D1-A09F-3AF6C20A7473} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {AC29A704-E9EB-474F-A88B-1FBDC8B0AC3F} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {AF790608-5D6F-4667-8F53-31650FDFF003} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {AFCAD67C-25B3-45C5-BC0D-BB5B54939BF5} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {B042D87A-1FC2-4E33-8445-003DD3528B87} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {B222207B-480C-44F7-AE08-D32332C0D92A} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {B2A39B37-2054-44B7-B680-60F0523F25F7} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {B2D324CD-8C17-4E61-9F19-ACBCF189EDF4} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {B2D6C763-E783-4950-80D1-67D4E7672C77} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {B3105D16-BA11-4AFB-ABBA-6FBDEC0C73AA} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {B36C6966-754D-4617-9EC7-F19ECA5C25C3} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {B4C4CE51-D8B2-453C-9840-2036031BE36F} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {B5EC9DC8-F710-41F2-A636-203030754C7C} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {B606E073-EFD3-45D1-BC5E-E896815639A6} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {B6114F28-3922-41F3-BE5F-8D2BACD79538} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {B795A618-CB92-4DDE-A9BC-179FCAE46AAA} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {B7B40E52-C5D3-4D35-A9EA-53B655C4CBE3} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {B7D626B4-DCC2-4336-AB56-EB360FA80FF7} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {B7E44C0C-60B5-4E7F-B07E-39979906EB6D} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {B86A6EAA-289C-47D1-A826-A21A9F6548A3} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {B93D1F2D-126A-48E0-94AC-586B0177FC12} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {B9AC5529-4174-4D6E-AB2E-6C0212E665A4} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {B9B09CF7-072D-4D07-9831-84000901E7A3} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {BAA6B8B4-C585-4BC7-A189-EEBC30696A4F} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {BC442FF8-88CA-4D00-BBFD-D550C480A893} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {BD4D5057-79C3-4F9C-A43B-490F2BCA077C} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {BD6CDE79-34E4-4A61-A477-4A642F9835BA} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {C0FC5A89-9E4F-4D2B-AFB5-E4BFBF163962} - error - password-protected file
C:\Documents and Settings\Chris\App

SuperDave · « **Reply #14 on:** February 20, 2011, 11:21:37 AM »

Download TDSSKiller and save it to your Desktop.
Extract its contents to your desktop.
Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
Click the Report button and copy/paste the contents of it into your next reply

Note:It will also create a log in the C:\ directory..

shag · « **Reply #15 on:** February 20, 2011, 02:03:02 PM »

ok.

2011/02/20 14:41:45.0250 3268   TDSS rootkit removing tool 2.4.17.0 Feb 10 2011 11:07:20
2011/02/20 14:41:45.0343 3268   ================================================================================
2011/02/20 14:41:45.0343 3268   SystemInfo:
2011/02/20 14:41:45.0343 3268
2011/02/20 14:41:45.0343 3268   OS Version: 5.1.2600 ServicePack: 3.0
2011/02/20 14:41:45.0343 3268   Product type: Workstation
2011/02/20 14:41:45.0343 3268   ComputerName: LEACH
2011/02/20 14:41:45.0343 3268   UserName: Chris
2011/02/20 14:41:45.0343 3268   Windows directory: C:\WINDOWS
2011/02/20 14:41:45.0343 3268   System windows directory: C:\WINDOWS
2011/02/20 14:41:45.0343 3268   Processor architecture: Intel x86
2011/02/20 14:41:45.0343 3268   Number of processors: 2
2011/02/20 14:41:45.0343 3268   Page size: 0x1000
2011/02/20 14:41:45.0343 3268   Boot type: Normal boot
2011/02/20 14:41:45.0343 3268   ================================================================================
2011/02/20 14:41:46.0406 3268   Initialize success
2011/02/20 14:41:56.0406 3688   ================================================================================
2011/02/20 14:41:56.0406 3688   Scan started
2011/02/20 14:41:56.0421 3688   Mode: Manual;
2011/02/20 14:41:56.0421 3688   ================================================================================
2011/02/20 14:41:56.0968 3688   abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/02/20 14:41:57.0031 3688   ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/02/20 14:41:57.0062 3688   ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/02/20 14:41:57.0109 3688   adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/02/20 14:41:57.0156 3688   aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/02/20 14:41:57.0203 3688   AegisP (375eb0b97e3950adef3633c27a82438b) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2011/02/20 14:41:57.0281 3688   Afc (a7b8a3a79d35215d798a300df49ed23f) C:\WINDOWS\system32\drivers\Afc.sys
2011/02/20 14:41:57.0343 3688   AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/02/20 14:41:57.0406 3688   agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/02/20 14:41:57.0437 3688   agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/02/20 14:41:57.0484 3688   Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/02/20 14:41:57.0515 3688   aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/02/20 14:41:57.0546 3688   aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/02/20 14:41:57.0625 3688   AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/02/20 14:41:57.0656 3688   alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/02/20 14:41:57.0734 3688   amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/02/20 14:41:57.0812 3688   amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/02/20 14:41:57.0875 3688   APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
2011/02/20 14:41:57.0937 3688   Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/02/20 14:41:57.0984 3688   asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/02/20 14:41:58.0015 3688   asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/02/20 14:41:58.0046 3688   asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/02/20 14:41:58.0109 3688   AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/02/20 14:41:58.0140 3688   atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/02/20 14:41:58.0187 3688   Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/02/20 14:41:58.0234 3688   audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/02/20 14:41:58.0265 3688   bcm4sbxp (c768c8a463d32c219ce291645a0621a4) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
2011/02/20 14:41:58.0359 3688   cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/02/20 14:41:58.0375 3688   cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/02/20 14:41:58.0421 3688   CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/02/20 14:41:58.0453 3688   cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/02/20 14:41:58.0484 3688   Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/02/20 14:41:58.0515 3688   Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/02/20 14:41:58.0546 3688   Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/02/20 14:41:58.0687 3688   CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/02/20 14:41:58.0765 3688   CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/02/20 14:41:58.0812 3688   Compbatt (0686fd8f51116b50672952d6f26f6f11) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/02/20 14:41:58.0812 3688   Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\compbatt.sys. Real md5: 0686fd8f51116b50672952d6f26f6f11, Fake md5: 6e4c9f21f0fae8940661144f41b13203
2011/02/20 14:41:58.0828 3688   Compbatt - detected Rootkit.Win32.TDSS.tdl3 (0)
2011/02/20 14:41:58.0875 3688   Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/02/20 14:41:58.0953 3688   ctxusbm (cb6ff7012bb5d59d7c12350db795ce1f) C:\WINDOWS\system32\DRIVERS\ctxusbm.sys
2011/02/20 14:41:59.0000 3688   dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/02/20 14:41:59.0015 3688   dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/02/20 14:41:59.0062 3688   Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/02/20 14:41:59.0125 3688   dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/02/20 14:41:59.0218 3688   dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/02/20 14:41:59.0265 3688   dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/02/20 14:41:59.0296 3688   DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/02/20 14:41:59.0343 3688   dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/02/20 14:41:59.0406 3688   drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/02/20 14:41:59.0437 3688   drvmcdb (e814854e6b246ccf498874839ab64d77) C:\WINDOWS\system32\drivers\drvmcdb.sys
2011/02/20 14:41:59.0468 3688   drvnddm (ee83a4ebae70bc93cf14879d062f548b) C:\WINDOWS\system32\drivers\drvnddm.sys
2011/02/20 14:41:59.0625 3688   DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
2011/02/20 14:41:59.0765 3688   dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
2011/02/20 14:41:59.0843 3688   E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/02/20 14:41:59.0921 3688   eamon (d42dd9021acd47683b33adf21bca49aa) C:\WINDOWS\system32\DRIVERS\eamon.sys
2011/02/20 14:41:59.0953 3688   ehdrv (fe7824239d132ad9ebd8645fe1199b30) C:\WINDOWS\system32\DRIVERS\ehdrv.sys
2011/02/20 14:42:00.0000 3688   epfwtdir (aa0667eb9a92414abb784c101a6c7fec) C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
2011/02/20 14:42:00.0062 3688   Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/02/20 14:42:00.0109 3688   Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/02/20 14:42:00.0187 3688   FilterService (b73ec688c29f81f9da0fcf63682b3ecb) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
2011/02/20 14:42:00.0218 3688   Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/02/20 14:42:00.0250 3688   Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/02/20 14:42:00.0296 3688   FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/02/20 14:42:00.0343 3688   Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/02/20 14:42:00.0375 3688   Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/02/20 14:42:00.0406 3688   Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/02/20 14:42:00.0468 3688   HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/02/20 14:42:00.0578 3688   HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/02/20 14:42:00.0718 3688   hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/02/20 14:42:00.0812 3688   HSF_DPV (e8ec1767ea315a39a0dd8989952ca0e9) C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys
2011/02/20 14:42:00.0859 3688   HSXHWAZL (61478fa42ee04562e7f11f4dca87e9c8) C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys
2011/02/20 14:42:00.0937 3688   HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/02/20 14:42:01.0000 3688   i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/02/20 14:42:01.0031 3688   i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/02/20 14:42:01.0062 3688   i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/02/20 14:42:01.0156 3688   ialm (93aa9660aacb82f73d854180afd9817e) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/02/20 14:42:01.0234 3688   Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/02/20 14:42:01.0328 3688   ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/02/20 14:42:01.0390 3688   IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/02/20 14:42:01.0437 3688   intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/02/20 14:42:01.0484 3688   Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/02/20 14:42:01.0531 3688   IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/02/20 14:42:01.0578 3688   IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/02/20 14:42:01.0625 3688   IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/02/20 14:42:01.0656 3688   IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/02/20 14:42:01.0671 3688   IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/02/20 14:42:01.0703 3688   isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/02/20 14:42:01.0750 3688   Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/02/20 14:42:01.0812 3688   kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/02/20 14:42:01.0843 3688   KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/02/20 14:42:01.0937 3688   lvpopflt (9fb982de1c8dd769f8ed681dd878b12f) C:\WINDOWS\system32\DRIVERS\lvpopflt.sys
2011/02/20 14:42:02.0000 3688   LVPr2Mon (1a7db7a00a4b0d8da24cd691a4547291) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
2011/02/20 14:42:02.0046 3688   LVRS (37072ec9299e825f4335cc554b6fac6a) C:\WINDOWS\system32\DRIVERS\lvrs.sys
2011/02/20 14:42:02.0390 3688   LVUVC (a240e42a7402e927a71b6e8aa4629b13) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
2011/02/20 14:42:02.0765 3688   mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/02/20 14:42:02.0843 3688   mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/02/20 14:42:02.0906 3688   Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/02/20 14:42:02.0953 3688   Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/02/20 14:42:03.0015 3688   mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/02/20 14:42:03.0062 3688   MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/02/20 14:42:03.0109 3688   mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/02/20 14:42:03.0328 3688   MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
2011/02/20 14:42:03.0390 3688   MRENDIS5 (594b9d8194e3f4ecbf0325bd10bbeb05) C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS
2011/02/20 14:42:03.0406 3688   MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
2011/02/20 14:42:03.0578 3688   MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/02/20 14:42:03.0625 3688   MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/02/20 14:42:03.0656 3688   Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/02/20 14:42:03.0718 3688   MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/02/20 14:42:03.0734 3688   MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/02/20 14:42:03.0765 3688   MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/02/20 14:42:03.0828 3688   mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/02/20 14:42:03.0875 3688   MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/02/20 14:42:03.0937 3688   Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/02/20 14:42:04.0000 3688   NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/02/20 14:42:04.0031 3688   NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/02/20 14:42:04.0093 3688   NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/02/20 14:42:04.0140 3688   NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/02/20 14:42:04.0171 3688   Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/02/20 14:42:04.0187 3688   NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/02/20 14:42:04.0265 3688   NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/02/20 14:42:04.0296 3688   NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/02/20 14:42:04.0328 3688   NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/02/20 14:42:04.0484 3688   NETw3x32 (71371ed9086a3d65f43967c89634e9a9) C:\WINDOWS\system32\DRIVERS\NETw3x32.sys
2011/02/20 14:42:04.0640 3688   NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/02/20 14:42:04.0671 3688   Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/02/20 14:42:04.0718 3688   Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/02/20 14:42:04.0781 3688   Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/02/20 14:42:04.0921 3688   nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/02/20 14:42:05.0000 3688   NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/02/20 14:42:05.0031 3688   NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/02/20 14:42:05.0062 3688   ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/02/20 14:42:05.0125 3688   omci (b17228142cec9b3c222239fd935a37ca) C:\WINDOWS\system32\DRIVERS\omci.sys
2011/02/20 14:42:05.0171 3688   Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/02/20 14:42:05.0187 3688   PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/02/20 14:42:05.0218 3688   ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/02/20 14:42:05.0265 3688   PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/02/20 14:42:05.0296 3688   PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/02/20 14:42:05.0343 3688   Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/02/20 14:42:05.0453 3688   perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/02/20 14:42:05.0531 3688   perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/02/20 14:42:05.0656 3688   PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/02/20 14:42:05.0718 3688   Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/02/20 14:42:05.0765 3688   PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/02/20 14:42:05.0796 3688   ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/02/20 14:42:05.0812 3688   Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/02/20 14:42:05.0843 3688   ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/02/20 14:42:05.0875 3688   ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/02/20 14:42:05.0906 3688   ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/02/20 14:42:05.0937 3688   RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/02/20 14:42:05.0968 3688   Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/02/20 14:42:06.0000 3688   RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/02/20 14:42:06.0015 3688   Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/02/20 14:42:06.0078 3688   Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/02/20 14:42:06.0109 3688   RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/02/20 14:42:06.0140 3688   rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/02/20 14:42:06.0187 3688   RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/02/20 14:42:06.0218 3688   redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/02/20 14:42:06.0281 3688   rimmptsk (24ed7af20651f9fa1f249482e7c1f165) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
2011/02/20 14:42:06.0312 3688   rimsptsk (1bdba2d2d402415a78a4ba766dfe0f7b) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
2011/02/20 14:42:06.0343 3688   rismxdp (f774ecd11a064f0debb2d4395418153c) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
2011/02/20 14:42:06.0421 3688   s24trans (daef68fc328342d219de928c8ee610b2) C:\WINDOWS\system32\DRIVERS\s24trans.sys
2011/02/20 14:42:06.0562 3688   SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/02/20 14:42:06.0578 3688   SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/02/20 14:42:06.0734 3688   sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2011/02/20 14:42:06.0781 3688   Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/02/20 14:42:06.0828 3688   serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/02/20 14:42:06.0859 3688   Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/02/20 14:42:06.0906 3688   sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
2011/02/20 14:42:06.0921 3688   sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
2011/02/20 14:42:06.0953 3688   Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/02/20 14:42:07.0000 3688   sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/02/20 14:42:07.0062 3688   SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/02/20 14:42:07.0093 3688   Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/02/20 14:42:07.0156 3688   splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/02/20 14:42:07.0281 3688   sptd (7f1b7c4d446cd3f926af45b8c48bd593) C:\WINDOWS\system32\Drivers\sptd.sys
2011/02/20 14:42:07.0281 3688   Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 7f1b7c4d446cd3f926af45b8c48bd593
2011/02/20 14:42:07.0296 3688   sptd - detected Locked file (1)
2011/02/20 14:42:07.0328 3688   sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/02/20 14:42:07.0390 3688   Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/02/20 14:42:07.0437 3688   sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys
2011/02/20 14:42:07.0453 3688   ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys
2011/02/20 14:42:07.0546 3688   STHDA (2a2dc39623adef8ab3703ab9fac4b440) C:\WINDOWS\system32\drivers\sthda.sys
2011/02/20 14:42:07.0718 3688   streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/02/20 14:42:07.0765 3688   swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/02/20 14:42:07.0812 3688   swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/02/20 14:42:07.0859 3688   symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/02/20 14:42:07.0921 3688   symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/02/20 14:42:07.0953 3688   sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/02/20 14:42:07.0968 3688   sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/02/20 14:42:08.0031 3688   SynTP (35d5b3632e0bcebe27b391157de05996) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2011/02/20 14:42:08.0093 3688   sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/02/20 14:42:08.0171 3688   Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/02/20 14:42:08.0218 3688   TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/02/20 14:42:08.0437 3688   TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/02/20 14:42:08.0625 3688   TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/02/20 14:42:08.0843 3688   tfsnboio (30698355067d07da5f9eb81132c9fdd6) C:\WINDOWS\system32\dla\tfsnboio.sys
2011/02/20 14:42:09.0171 3688   tfsncofs (fb9d825bb4a2abdf24600f7505050e2b) C:\WINDOWS\system32\dla\tfsncofs.sys
2011/02/20 14:42:09.0234 3688   tfsndrct (cafd8cca11aa1e8b6d2ea1ba8f70ec33) C:\WINDOWS\system32\dla\tfsndrct.sys
2011/02/20 14:42:09.0265 3688   tfsndres (8db1e78fbf7c426d8ec3d8f1a33d6485) C:\WINDOWS\system32\dla\tfsndres.sys
2011/02/20 14:42:09.0328 3688   tfsnifs (b92f67a71cc8176f331b8aa8d9f555ad) C:\WINDOWS\system32\dla\tfsnifs.sys
2011/02/20 14:42:09.0359 3688   tfsnopio (85985faa9a71e2358fcc2edefc2a3c5c) C:\WINDOWS\system32\dla\tfsnopio.sys
2011/02/20 14:42:09.0375 3688   tfsnpool (bba22094f0f7c210567efdaf11f64495) C:\WINDOWS\system32\dla\tfsnpool.sys
2011/02/20 14:42:09.0421 3688   tfsnudf (81340bef80b9811e98ce64611e67e3ff) C:\WINDOWS\system32\dla\tfsnudf.sys
2011/02/20 14:42:09.0515 3688   tfsnudfa (c035fd116224ccc8325f384776b6a8bb) C:\WINDOWS\system32\dla\tfsnudfa.sys
2011/02/20 14:42:09.0578 3688   TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/02/20 14:42:09.0625 3688   Tosrfbd (37a7d0d105110aafac6e982a2c49b8b6) C:\WINDOWS\system32\Drivers\tosrfbd.sys
2011/02/20 14:42:09.0671 3688   Tosrfcom (5ba1ca3b3cddb1ddc67df473f05d1ec2) C:\WINDOWS\system32\drivers\Tosrfcom.sys
2011/02/20 14:42:09.0703 3688   Tosrfhid (f4e4795528d17ff8d1d6d98ebbb92655) C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys
2011/02/20 14:42:09.0734 3688   Tosrfusb (1d19323d5bc7309d9df65dad5635005c) C:\WINDOWS\system32\Drivers\tosrfusb.sys
2011/02/20 14:42:09.0781 3688   Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/02/20 14:42:09.0843 3688   ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/02/20 14:42:09.0906 3688   Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/02/20 14:42:10.0000 3688   usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/02/20 14:42:10.0046 3688   usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/02/20 14:42:10.0078 3688   usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/02/20 14:42:10.0125 3688   usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/02/20 14:42:10.0156 3688   usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/02/20 14:42:10.0234 3688   usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/02/20 14:42:10.0265 3688   USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/02/20 14:42:10.0281 3688   usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/02/20 14:42:10.0328 3688   usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2011/02/20 14:42:10.0437 3688   VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/02/20 14:42:10.0500 3688   viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/02/20 14:42:10.0531 3688   ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/02/20 14:42:10.0578 3688   VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/02/20 14:42:10.0671 3688   w39n51 (b1f126e7e28877106d60e6ff3998d033) C:\WINDOWS\system32\DRIVERS\w39n51.sys
2011/02/20 14:42:10.0812 3688   Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/02/20 14:42:10.0875 3688   wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
2011/02/20 14:42:10.0921 3688   wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/02/20 14:42:11.0015 3688   winachsf (ba6b6fb242a6ba4068c8b763063beb63) C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
2011/02/20 14:42:11.0109 3688   WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/02/20 14:42:11.0140 3688   WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/02/20 14:42:11.0218 3688   WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/02/20 14:42:11.0312 3688   WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/02/20 14:42:11.0343 3688   WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/02/20 14:42:11.0421 3688   ================================================================================
2011/02/20 14:42:11.0421 3688   Scan finished
2011/02/20 14:42:11.0421 3688   ================================================================================
2011/02/20 14:42:11.0421 3692   Detected object count: 2
2011/02/20 14:48:06.0203 3692   Compbatt (0686fd8f51116b50672952d6f26f6f11) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/02/20 14:48:06.0203 3692   Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\compbatt.sys. Real md5: 0686fd8f51116b50672952d6f26f6f11, Fake md5: 6e4c9f21f0fae8940661144f41b13203
2011/02/20 14:48:14.0859 3692   Backup copy found, using it..
2011/02/20 14:48:14.0875 3692   C:\WINDOWS\system32\DRIVERS\compbatt.sys - will be cured after reboot
2011/02/20 14:48:14.0875 3692   Rootkit.Win32.TDSS.tdl3(Compbatt) - User select action: Cure
2011/02/20 14:48:14.0875 3692   Locked file(sptd) - User select action: Skip
2011/02/20 14:49:15.0000 0472   Deinitialize success

SuperDave · « **Reply #16 on:** February 20, 2011, 04:03:23 PM »

Ok. Now please run these scans again and post the logs.

SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!

Download SuperAntispyware Free Edition (SAS)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
•Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
*******************************************

Please download Malwarebytes Anti-Malware from here.
Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Full Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
Please save the log to a location you will remember.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

shag · « **Reply #17 on:** February 21, 2011, 01:56:39 PM »

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/21/2011 at 01:09 PM

Application Version : 4.48.1000

Core Rules Database Version : 6411
Trace Rules Database Version: 4223

Scan type : Complete Scan
Total Scan Time : 01:16:26

Memory items scanned : 502
Memory threats detected : 0
Registry items scanned : 7824
Registry threats detected : 0
File items scanned : 70747
File threats detected : 1

Trojan.Agent/Gen-Nullo[Short]
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\DRIVERS\SPTD.SYS.VIR_

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5363

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2/21/2011 2:40:08 PM
mbam-log-2011-02-21 (14-40-08).txt

Scan type: Full scan (C:\|)
Objects scanned: 204810
Time elapsed: 35 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

shag · « **Reply #18 on:** February 21, 2011, 03:04:13 PM »

sorry for making multiple posts...but i've been playing with the laptop a bit. windows is stable in normal mode (no more svchost errors) and my internet is working. my music still won't play from windows media player...i'm seeing what i can do about that.

shag · « **Reply #19 on:** February 22, 2011, 06:25:42 AM »

nix that on the internet--it won't connect this morning and i can't seem to access anything related to network configuration. i also never could do anything about my computer not making sound--sound configuration is equally stymied.

sorry for mult posts

SuperDave · « **Reply #20 on:** February 22, 2011, 12:14:23 PM »

Please run ComboFix again as instructed in Reply # 4 and post the log.

shag · « **Reply #21 on:** February 22, 2011, 04:00:21 PM »

running combofix got me on the internet again...we'll see if it lasts. here's the log.

ComboFix 11-02-22.01 - Chris 02/22/2011 16:29:12.7.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.592 [GMT -6:00]
Running from: c:\documents and settings\Chris\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((( Files Created from 2011-01-22 to 2011-02-22 )))))))))))))))))))))))))))))))
.

2011-02-19 22:48 . 2011-02-19 22:48   --------   d-----w-   c:\documents and settings\Chris\Local Settings\Application Data\ESET
2011-02-19 22:21 . 2011-02-19 22:21   --------   d-----w-   c:\program files\ESET
2011-02-19 22:21 . 2011-02-19 22:21   --------   d-----w-   c:\documents and settings\All Users\Application Data\ESET
2011-02-15 03:24 . 2011-02-15 03:24   --------   d-----w-   c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2011-02-15 03:20 . 2011-02-15 03:20   --------   d-----w-   c:\documents and settings\Chris\Local Settings\Application Data\Mozilla
2011-02-15 03:15 . 2011-02-15 03:15   388096   ----a-r-   c:\documents and settings\Chris\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2011-02-15 02:11 . 2011-02-15 02:11   --------   d-----w-   c:\program files\TrendMicro
2011-02-11 01:49 . 2010-12-21 00:09   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-11 01:49 . 2010-12-21 00:08   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-02-11 01:42 . 2011-02-11 01:42   --------   d-----w-   c:\program files\CCleaner
2011-01-30 15:45 . 2011-01-30 15:45   135568   ----a-w-   c:\program files\Internet Explorer\PLUGINS\nppdf32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-20 20:49 . 2006-04-05 15:42   10240   ----a-w-   c:\windows\system32\drivers\compbatt.sys
2011-02-19 02:11 . 2007-09-15 15:26   73728   ----a-w-   c:\windows\system32\javacpl.cpl
2011-02-19 02:11 . 2010-07-17 01:46   472808   ----a-w-   c:\windows\system32\deployJava1.dll
2011-01-21 14:44 . 2004-08-11 22:00   439296   ----a-w-   c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2004-08-11 22:00   290048   ----a-w-   c:\windows\system32\atmfd.dll
2010-12-31 13:10 . 2004-08-11 22:00   1854976   ----a-w-   c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2004-08-11 22:00   301568   ----a-w-   c:\windows\system32\kerberos.dll
2010-12-21 21:04 . 2010-12-21 21:04   141264   ----a-w-   c:\windows\system32\drivers\eamon.sys
2010-12-21 21:04 . 2010-12-21 21:04   115008   ----a-w-   c:\windows\system32\drivers\ehdrv.sys
2010-12-21 19:47 . 2010-12-21 19:47   94872   ----a-w-   c:\windows\system32\drivers\epfwtdir.sys
2010-12-20 23:59 . 2004-08-11 22:00   916480   ----a-w-   c:\windows\system32\wininet.dll
2010-12-20 23:59 . 2004-08-11 22:00   43520   ----a-w-   c:\windows\system32\licmgr10.dll
2010-12-20 23:59 . 2004-08-11 22:00   1469440   ------w-   c:\windows\system32\inetcpl.cpl
2010-12-20 17:26 . 2004-08-11 22:00   730112   ----a-w-   c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2004-08-11 22:00   385024   ----a-w-   c:\windows\system32\html.iec
2010-12-09 15:15 . 2004-08-11 22:00   718336   ----a-w-   c:\windows\system32\ntdll.dll
2010-12-09 14:30 . 2004-08-11 22:00   33280   ----a-w-   c:\windows\system32\csrsrv.dll
2010-12-09 13:42 . 2004-08-11 22:00   2148864   ----a-w-   c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07 . 2004-08-04 03:59   2027008   ----a-w-   c:\windows\system32\ntkrnlpa.exe
2010-11-29 23:38 . 2010-11-29 23:38   94208   ----a-w-   c:\windows\system32\QuickTimeVR.qtx
2010-11-29 23:38 . 2010-11-29 23:38   69632   ----a-w-   c:\windows\system32\QuickTime.qts
.

((((((((((((((((((((((((((((( SnapShot@2011-02-16_06.44.24 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-02-22 22:19 . 2011-02-22 22:19   16384 c:\windows\temp\Perflib_Perfdata_5cc.dat
+ 2004-08-11 22:00 . 2011-02-22 22:23   73052 c:\windows\system32\perfc009.dat
- 2004-08-11 22:00 . 2011-02-16 06:29   73052 c:\windows\system32\perfc009.dat
- 2004-08-11 22:00 . 2010-11-06 00:26   66560 c:\windows\system32\mshtmled.dll
+ 2004-08-11 22:00 . 2010-12-20 23:59   66560 c:\windows\system32\mshtmled.dll
- 2006-11-08 02:03 . 2010-11-06 00:26   55296 c:\windows\system32\msfeedsbs.dll
+ 2006-11-08 02:03 . 2010-12-20 23:59   55296 c:\windows\system32\msfeedsbs.dll
+ 2004-08-11 22:00 . 2010-12-20 23:59   25600 c:\windows\system32\jsproxy.dll
- 2004-08-11 22:00 . 2010-11-06 00:26   25600 c:\windows\system32\jsproxy.dll
- 2010-01-06 02:23 . 2010-11-06 00:26   12800 c:\windows\system32\dllcache\xpshims.dll
+ 2010-01-06 02:23 . 2010-12-20 23:59   12800 c:\windows\system32\dllcache\xpshims.dll
+ 2006-06-23 11:25 . 2010-12-20 23:59   66560 c:\windows\system32\dllcache\mshtmled.dll
- 2006-06-23 11:25 . 2010-11-06 00:26   66560 c:\windows\system32\dllcache\mshtmled.dll
- 2007-06-27 14:34 . 2010-11-06 00:26   55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2007-06-27 14:34 . 2010-12-20 23:59   55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2006-10-17 17:05 . 2010-12-20 23:59   43520 c:\windows\system32\dllcache\licmgr10.dll
- 2006-10-17 17:05 . 2010-11-06 00:26   43520 c:\windows\system32\dllcache\licmgr10.dll
+ 2006-06-23 11:25 . 2010-12-20 23:59   25600 c:\windows\system32\dllcache\jsproxy.dll
- 2006-06-23 11:25 . 2010-11-06 00:26   25600 c:\windows\system32\dllcache\jsproxy.dll
- 2009-12-14 07:08 . 2009-12-14 07:08   33280 c:\windows\system32\dllcache\csrsrv.dll
+ 2009-12-14 07:08 . 2010-12-09 14:30   33280 c:\windows\system32\dllcache\csrsrv.dll
+ 2011-02-19 22:22 . 2011-02-19 22:22   10134 c:\windows\Installer\{A66242A1-9101-425D-9BE5-D19A50E1D0D8}\callmsi.exe
+ 2010-11-10 18:49 . 2010-11-10 18:49   17304 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\ViewerPS.dll
+ 2010-11-10 18:49 . 2010-11-10 18:49   35736 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\reader_sl.exe
+ 2010-11-10 18:49 . 2010-11-10 18:49   84896 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\PDFPrevHndlr.dll
+ 2010-11-10 18:49 . 2010-11-10 18:49   94608 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\eula.exe
+ 2010-11-10 18:49 . 2010-11-10 18:49   49064 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\acrotextextractor.exe
+ 2010-11-10 18:49 . 2010-11-10 18:49   17824 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AcroRd32Info.exe
+ 2010-11-10 18:49 . 2010-11-10 18:49   62376 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\acroiehelpershim.dll
+ 2010-11-10 18:49 . 2010-11-10 18:49   64928 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AcroIEHelper.dll
+ 2010-11-10 18:49 . 2010-11-10 18:49   63384 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\Acrofx32.dll
+ 2011-02-21 17:46 . 2010-11-06 00:26   12800 c:\windows\ie8updates\KB2482017-IE8\xpshims.dll
+ 2011-02-21 17:46 . 2010-11-06 00:26   66560 c:\windows\ie8updates\KB2482017-IE8\mshtmled.dll
+ 2011-02-21 17:46 . 2010-11-06 00:26   55296 c:\windows\ie8updates\KB2482017-IE8\msfeedsbs.dll
+ 2011-02-21 17:46 . 2010-11-06 00:26   43520 c:\windows\ie8updates\KB2482017-IE8\licmgr10.dll
+ 2011-02-21 17:46 . 2010-11-06 00:26   25600 c:\windows\ie8updates\KB2482017-IE8\jsproxy.dll
- 2004-08-11 22:00 . 2011-02-16 06:29   443914 c:\windows\system32\perfh009.dat
+ 2004-08-11 22:00 . 2011-02-22 22:23   443914 c:\windows\system32\perfh009.dat
- 2004-08-11 22:00 . 2010-11-06 00:26   206848 c:\windows\system32\occache.dll
+ 2004-08-11 22:00 . 2010-12-20 23:59   206848 c:\windows\system32\occache.dll
- 2004-08-11 22:00 . 2010-11-06 00:26   611840 c:\windows\system32\mstime.dll
+ 2004-08-11 22:00 . 2010-12-20 23:59   611840 c:\windows\system32\mstime.dll
+ 2006-11-08 02:03 . 2010-12-20 23:59   602112 c:\windows\system32\msfeeds.dll
- 2006-11-08 02:03 . 2010-11-06 00:26   602112 c:\windows\system32\msfeeds.dll
+ 2011-02-19 02:11 . 2011-02-19 02:11   157472 c:\windows\system32\javaws.exe
+ 2011-02-19 02:11 . 2011-02-19 02:11   145184 c:\windows\system32\javaw.exe
- 2010-11-02 12:44 . 2010-09-15 09:50   145184 c:\windows\system32\javaw.exe
- 2010-11-02 12:44 . 2010-09-15 09:50   145184 c:\windows\system32\java.exe
+ 2011-02-19 02:11 . 2011-02-19 02:11   145184 c:\windows\system32\java.exe
- 2004-08-11 22:00 . 2010-11-06 00:26   184320 c:\windows\system32\iepeers.dll
+ 2004-08-11 22:00 . 2010-12-20 23:59   184320 c:\windows\system32\iepeers.dll
- 2004-08-11 22:00 . 2010-11-06 00:26   387584 c:\windows\system32\iedkcs32.dll
+ 2004-08-11 22:00 . 2010-12-20 23:59   387584 c:\windows\system32\iedkcs32.dll
- 2004-08-11 22:00 . 2010-11-03 12:26   173568 c:\windows\system32\ie4uinit.exe
+ 2004-08-11 22:00 . 2010-12-20 12:55   173568 c:\windows\system32\ie4uinit.exe
+ 2004-08-11 22:06 . 2011-02-16 11:34   138056 c:\windows\system32\FNTCACHE.DAT
- 2004-08-11 22:06 . 2010-12-16 19:12   138056 c:\windows\system32\FNTCACHE.DAT
- 2008-01-18 04:43 . 2008-01-18 10:43   716272 c:\windows\system32\drivers\sptd.sys
+ 2008-01-18 04:43 . 2008-01-18 16:43   716272 c:\windows\system32\drivers\sptd.sys
+ 2006-06-23 11:25 . 2010-12-20 23:59   916480 c:\windows\system32\dllcache\wininet.dll
- 2006-06-23 11:25 . 2010-11-06 00:26   916480 c:\windows\system32\dllcache\wininet.dll
+ 2011-01-21 14:44 . 2011-01-21 14:44   439296 c:\windows\system32\dllcache\shimgvw.dll
+ 2004-08-11 22:00 . 2004-08-04 10:00   146432 c:\windows\system32\dllcache\regedit.exe
+ 2006-10-17 17:04 . 2010-12-20 23:59   206848 c:\windows\system32\dllcache\occache.dll
- 2006-10-17 17:04 . 2010-11-06 00:26   206848 c:\windows\system32\dllcache\occache.dll
+ 2009-04-18 04:29 . 2010-12-09 15:15   718336 c:\windows\system32\dllcache\ntdll.dll
- 2006-06-23 11:25 . 2010-11-06 00:26   611840 c:\windows\system32\dllcache\mstime.dll
+ 2006-06-23 11:25 . 2010-12-20 23:59   611840 c:\windows\system32\dllcache\mstime.dll
- 2007-06-27 14:34 . 2010-11-06 00:26   602112 c:\windows\system32\dllcache\msfeeds.dll
+ 2007-06-27 14:34 . 2010-12-20 23:59   602112 c:\windows\system32\dllcache\msfeeds.dll
- 2009-04-18 04:29 . 2009-06-25 08:25   730112 c:\windows\system32\dllcache\lsasrv.dll
+ 2009-04-18 04:29 . 2010-12-20 17:26   730112 c:\windows\system32\dllcache\lsasrv.dll
- 2009-06-25 08:25 . 2009-06-25 08:25   301568 c:\windows\system32\dllcache\kerberos.dll
+ 2009-06-25 08:25 . 2010-12-22 12:34   301568 c:\windows\system32\dllcache\kerberos.dll
- 2010-01-06 02:23 . 2010-11-06 00:26   247808 c:\windows\system32\dllcache\ieproxy.dll
+ 2010-01-06 02:23 . 2010-12-20 23:59   247808 c:\windows\system32\dllcache\ieproxy.dll
+ 2006-06-23 11:25 . 2010-12-20 23:59   184320 c:\windows\system32\dllcache\iepeers.dll
- 2006-06-23 11:25 . 2010-11-06 00:26   184320 c:\windows\system32\dllcache\iepeers.dll
+ 2010-06-10 00:50 . 2010-12-20 23:59   743424 c:\windows\system32\dllcache\iedvtool.dll
- 2010-06-10 00:50 . 2010-11-06 00:26   743424 c:\windows\system32\dllcache\iedvtool.dll
+ 2006-11-07 08:27 . 2010-12-20 23:59   387584 c:\windows\system32\dllcache\iedkcs32.dll
- 2006-11-07 08:27 . 2010-11-06 00:26   387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2006-11-07 08:26 . 2010-12-20 12:55   173568 c:\windows\system32\dllcache\ie4uinit.exe
- 2006-11-07 08:26 . 2010-11-03 12:26   173568 c:\windows\system32\dllcache\ie4uinit.exe
+ 2010-04-20 05:30 . 2011-01-07 14:09   290048 c:\windows\system32\dllcache\atmfd.dll
- 2010-04-20 05:30 . 2010-10-28 13:13   290048 c:\windows\system32\dllcache\atmfd.dll
+ 2004-08-11 22:00 . 2004-08-04 10:00   146432 c:\windows\regedit.exe
- 2004-08-11 22:00 . 2008-04-14 00:12   146432 c:\windows\regedit.exe
+ 2011-02-19 02:12 . 2011-02-19 02:12   180224 c:\windows\Installer\a9c0f.msi
+ 2011-02-19 02:11 . 2011-02-19 02:11   677376 c:\windows\Installer\a9c01.msi
+ 2011-02-19 22:22 . 2011-02-19 22:22   967680 c:\windows\Installer\46d5f.msi
+ 2011-02-19 22:22 . 2011-02-19 22:22   101504 c:\windows\Installer\{A66242A1-9101-425D-9BE5-D19A50E1D0D8}\egui.exe
+ 2010-11-10 18:49 . 2010-11-10 18:49   390552 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\pdfshell.dll
+ 2010-11-10 18:49 . 2010-11-10 18:49   101288 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\PDFPrevHndlrShim.exe
+ 2010-11-10 18:49 . 2010-11-10 18:49   135568 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\nppdf32.dll
+ 2010-11-10 18:49 . 2010-11-10 18:49   681872 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\JP2KLib.dll
+ 2010-11-10 18:49 . 2010-11-10 18:49   104344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AiodLite.dll
+ 2010-11-10 18:49 . 2010-11-10 18:49   702352 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AcroPDF.dll
+ 2010-11-10 18:49 . 2010-11-10 18:49   294808 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\acrobroker.exe
+ 2010-11-10 18:49 . 2010-11-10 18:49   205720 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\a3dutils.dll
+ 2011-02-21 17:46 . 2010-11-06 00:26   916480 c:\windows\ie8updates\KB2482017-IE8\wininet.dll
+ 2011-02-21 17:46 . 2010-07-05 13:16   382840 c:\windows\ie8updates\KB2482017-IE8\spuninst\updspapi.dll
+ 2011-02-21 17:46 . 2010-07-05 13:15   231288 c:\windows\ie8updates\KB2482017-IE8\spuninst\spuninst.exe
+ 2011-02-21 17:46 . 2010-11-06 00:26   206848 c:\windows\ie8updates\KB2482017-IE8\occache.dll
+ 2011-02-21 17:46 . 2010-11-06 00:26   611840 c:\windows\ie8updates\KB2482017-IE8\mstime.dll
+ 2011-02-21 17:46 . 2010-11-06 00:26   602112 c:\windows\ie8updates\KB2482017-IE8\msfeeds.dll
+ 2011-02-21 17:46 . 2010-11-06 00:26   247808 c:\windows\ie8updates\KB2482017-IE8\ieproxy.dll
+ 2011-02-21 17:46 . 2010-11-06 00:26   184320 c:\windows\ie8updates\KB2482017-IE8\iepeers.dll
+ 2011-02-21 17:46 . 2010-11-06 00:26   743424 c:\windows\ie8updates\KB2482017-IE8\iedvtool.dll
+ 2011-02-21 17:46 . 2010-11-06 00:26   387584 c:\windows\ie8updates\KB2482017-IE8\iedkcs32.dll
+ 2011-02-21 17:46 . 2010-11-03 12:26   173568 c:\windows\ie8updates\KB2482017-IE8\ie4uinit.exe
- 2004-08-11 22:00 . 2010-11-06 00:26   1210880 c:\windows\system32\urlmon.dll
+ 2004-08-11 22:00 . 2010-12-20 23:59   1210880 c:\windows\system32\urlmon.dll
- 2004-08-11 22:00 . 2010-07-27 06:30   8462336 c:\windows\system32\shell32.dll
+ 2004-08-11 22:00 . 2011-01-21 14:44   8462336 c:\windows\system32\shell32.dll
+ 2004-08-11 22:00 . 2010-12-20 23:59   5961216 c:\windows\system32\mshtml.dll
+ 2006-10-17 16:57 . 2010-12-20 23:59   1991680 c:\windows\system32\iertutil.dll
- 2006-10-17 16:57 . 2010-11-06 00:26   1991680 c:\windows\system32\iertutil.dll
+ 2008-10-16 20:33 . 2010-12-31 13:10   1854976 c:\windows\system32\dllcache\win32k.sys
- 2006-07-25 20:42 . 2010-11-06 00:26   1210880 c:\windows\system32\dllcache\urlmon.dll
+ 2006-07-25 20:42 . 2010-12-20 23:59   1210880 c:\windows\system32\dllcache\urlmon.dll
+ 2008-06-17 19:02 . 2011-01-21 14:44   8462336 c:\windows\system32\dllcache\shell32.dll
- 2008-06-17 19:02 . 2010-07-27 06:30   8462336 c:\windows\system32\dllcache\shell32.dll
+ 2008-10-16 20:33 . 2010-12-09 13:38   2192768 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2008-10-16 20:33 . 2010-12-09 13:07   2027008 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2008-10-16 20:33 . 2010-12-09 13:07   2069376 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2008-10-16 20:33 . 2010-12-09 13:42   2148864 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2006-07-28 11:30 . 2010-12-20 23:59   5961216 c:\windows\system32\dllcache\mshtml.dll
- 2007-06-27 14:34 . 2010-11-06 00:26   1991680 c:\windows\system32\dllcache\iertutil.dll
+ 2007-06-27 14:34 . 2010-12-20 23:59   1991680 c:\windows\system32\dllcache\iertutil.dll
+ 2011-02-19 02:26 . 2011-02-19 02:26   2283008 c:\windows\Installer\a9fb0.msi
+ 2010-11-10 18:49 . 2010-11-10 18:49   2207632 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\rt3d.dll
+ 2010-11-10 18:49 . 2010-11-10 18:49   6222744 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\authplay.dll
+ 2010-11-10 18:49 . 2010-11-10 18:49   5503368 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AGM.dll
+ 2010-11-10 18:49 . 2010-11-10 18:49   1216416 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AdobeCollabSync.exe
+ 2010-11-10 18:49 . 2010-11-10 18:49   1289624 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AcroRd32.exe
+ 2011-02-21 17:46 . 2010-11-06 00:26   1210880 c:\windows\ie8updates\KB2482017-IE8\urlmon.dll
+ 2011-02-21 17:46 . 2010-11-06 00:26   5959168 c:\windows\ie8updates\KB2482017-IE8\mshtml.dll
+ 2011-02-21 17:46 . 2010-11-06 00:26   1991680 c:\windows\ie8updates\KB2482017-IE8\iertutil.dll
+ 2008-10-16 20:33 . 2010-12-09 13:38   2192768 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2008-10-16 20:33 . 2010-12-09 13:07   2027008 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2008-10-16 20:33 . 2010-12-09 13:07   2069376 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2008-10-16 20:33 . 2010-12-09 13:42   2148864 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2006-10-05 17:54 . 2011-02-16 09:01   37443528 c:\windows\system32\MRT.exe
+ 2006-11-08 02:03 . 2010-12-21 11:29   11080704 c:\windows\system32\ieframe.dll
- 2006-11-08 02:03 . 2010-11-06 00:26   11080704 c:\windows\system32\ieframe.dll
- 2007-06-27 14:34 . 2010-11-06 00:26   11080704 c:\windows\system32\dllcache\ieframe.dll
+ 2007-06-27 14:34 . 2010-12-21 11:29   11080704 c:\windows\system32\dllcache\ieframe.dll
+ 2011-01-30 20:44 . 2011-01-30 20:44   12425728 c:\windows\Installer\a9fb1.msp
+ 2010-11-10 18:49 . 2010-11-10 18:49   23724952 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AcroRd32.dll
+ 2011-02-21 17:46 . 2010-11-06 00:26   11080704 c:\windows\ie8updates\KB2482017-IE8\ieframe.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-01-17 486856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-29 761947]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"SigmatelSysTrayApp"="stsystra.exe" [2005-11-17 397312]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-10-18 802816]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-10-18 696320]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-19 98304]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-19 118784]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-19 77824]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"Dell QuickSet"="c:\program files\Dell\QuickSet\Quickset.exe" [2005-12-15 839680]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2009-09-13 103768]
"BellSouthWCC_McciTrayApp"="c:\program files\BellSouthWCC\McciTrayApp.exe" [2005-11-17 543232]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2008-07-04 109056]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-01-12 2219184]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
America Online 9.0 Tray Icon.lnk - c:\program files\America Online 9.0\aoltray.exe [2006-4-5 156784]
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2005-6-16 49152]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-4-5 24576]
dlbcserv.lnk - c:\program files\Dell Photo Printer 720\dlbcserv.exe [2007-3-8 315392]
NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2008-3-3 118784]
PHOTOfunSTUDIO.lnk - c:\program files\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe [2010-1-18 44176]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"GameConsoleService"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Games HQ\\Unreal Tournament\\System\\UnrealTournament.exe"=
"c:\\Program Files\\Games HQ\\Age of Empires II\\age2_x1\\age2_x1.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1/17/2008 10:43 PM 716272]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [9/8/2009 5:13 PM 65584]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [12/21/2010 3:04 PM 115008]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [12/21/2010 1:47 PM 94872]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 12:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 12:41 PM 67656]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [1/12/2011 4:41 PM 810144]
S0 haqaugev;haqaugev;c:\windows\system32\drivers\jhyedcun.sys --> c:\windows\system32\drivers\jhyedcun.sys [?]
S3 BW2NDIS5;BW2NDIS5;c:\windows\system32\Drivers\BW2NDIS5.sys --> c:\windows\system32\Drivers\BW2NDIS5.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2011-02-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
FF - ProfilePath - c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\khnidukr.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-22 16:33
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-763208294-2166686365-2200820826-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4AE46BEE-309A-D118-EEF6-0B629E101924}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iandjebeamjplkkima"=hex:6a,61,6f,6d,70,67,70,6a,61,6e,6d,62,65,6b,62,6a,67,66,
67,6d,00,f2
"haddpfckmafepble"=hex:6b,61,69,6d,61,6a,63,62,61,63,6c,6a,67,6e,6a,6c,6c,70,
6e,62,69,61,00,00

[HKEY_USERS\S-1-5-21-763208294-2166686365-2200820826-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C4FF9455-D2D0-B2C0-5236-97D1CE5D2B9A}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iaifkpmhmcpabcapeb"=hex:6a,61,6a,6f,63,67,6c,63,66,6b,6a,65,6b,64,68,61,67,68,
6e,6e,00,f1
"hacgbhgnolebgoia"=hex:6a,61,6a,6f,63,67,6c,63,66,6b,6a,65,6b,64,68,61,67,68,
6e,6e,00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(732)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(1000)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-02-22 16:35:42
ComboFix-quarantined-files.txt 2011-02-22 22:35
ComboFix2.txt 2011-02-22 21:56
ComboFix3.txt 2011-02-18 02:02
ComboFix4.txt 2011-02-16 06:53

Pre-Run: 53,639,651,328 bytes free
Post-Run: 53,621,751,808 bytes free

Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 10675F77863A3BE8BC773F10DBBB7087

SuperDave · « **Reply #22 on:** February 23, 2011, 12:05:24 PM »

Re-running ComboFix to remove infections:

Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open notepad and copy/paste the text in the quotebox below into it:
Quote
KillAll::

File::
c:\windows\system32\drivers\jhyedcun.sys

MBR::

Reglock::
[HKEY_USERS\S-1-5-21-763208294-2166686365-2200820826-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4AE46BEE-309A-D118-EEF6-0B629E101924}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iandjebeamjplkkima"=hex:6a,61,6f,6d,70,67,70,6a,61,6e,6d,62,65,6b,62,6a,67,66,
67,6d,00,f2
"haddpfckmafepble"=hex:6b,61,69,6d,61,6a,63,62,61,63,6c,6a,67,6e,6a,6c,6c,70,
6e,62,69,61,00,00

[HKEY_USERS\S-1-5-21-763208294-2166686365-2200820826-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C4FF9455-D2D0-B2C0-5236-97D1CE5D2B9A}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iaifkpmhmcpabcapeb"=hex:6a,61,6a,6f,63,67,6c,63,66,6b,6a,65,6b,64,68,61,67,68,
6e,6e,00,f1
"hacgbhgnolebgoia"=hex:6a,61,6a,6f,63,67,6c,63,66,6b,6a,65,6b,64,68,61,67,68,
6e,6e,00,00

Driver::
haqaugev
Save this as CFScript.txt, in the same location as ComboFix.exe
Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt
Please post the contents of the log in your next reply.

shag · « **Reply #23 on:** February 23, 2011, 05:12:38 PM »

ComboFix 11-02-23.05 - Chris 02/23/2011 17:22:59.8.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.615 [GMT -6:00]
Running from: c:\documents and settings\Chris\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Chris\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Created a new restore point

FILE ::
"c:\windows\system32\drivers\jhyedcun.sys"
.
   /wow section - STAGE 25
The system cannot find the path specified.
@DO was unexpected at this time.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_haqaugev

((((((((((((((((((((((((( Files Created from 2011-01-23 to 2011-02-23 )))))))))))))))))))))))))))))))
.

2011-02-19 22:48 . 2011-02-19 22:48   --------   d-----w-   c:\documents and settings\Chris\Local Settings\Application Data\ESET
2011-02-19 22:21 . 2011-02-19 22:21   --------   d-----w-   c:\program files\ESET
2011-02-19 22:21 . 2011-02-19 22:21   --------   d-----w-   c:\documents and settings\All Users\Application Data\ESET
2011-02-15 03:24 . 2011-02-15 03:24   --------   d-----w-   c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2011-02-15 03:20 . 2011-02-15 03:20   --------   d-----w-   c:\documents and settings\Chris\Local Settings\Application Data\Mozilla
2011-02-15 03:15 . 2011-02-15 03:15   388096   ----a-r-   c:\documents and settings\Chris\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2011-02-15 02:11 . 2011-02-15 02:11   --------   d-----w-   c:\program files\TrendMicro
2011-02-11 01:49 . 2010-12-21 00:09   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-11 01:49 . 2010-12-21 00:08   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-02-11 01:42 . 2011-02-11 01:42   --------   d-----w-   c:\program files\CCleaner
2011-01-30 15:45 . 2011-01-30 15:45   135568   ----a-w-   c:\program files\Internet Explorer\PLUGINS\nppdf32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-20 20:49 . 2006-04-05 15:42   10240   ----a-w-   c:\windows\system32\drivers\compbatt.sys
2011-02-19 02:11 . 2007-09-15 15:26   73728   ----a-w-   c:\windows\system32\javacpl.cpl
2011-02-19 02:11 . 2010-07-17 01:46   472808   ----a-w-   c:\windows\system32\deployJava1.dll
2011-01-21 14:44 . 2004-08-11 22:00   439296   ----a-w-   c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2004-08-11 22:00   290048   ----a-w-   c:\windows\system32\atmfd.dll
2010-12-31 13:10 . 2004-08-11 22:00   1854976   ----a-w-   c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2004-08-11 22:00   301568   ----a-w-   c:\windows\system32\kerberos.dll
2010-12-21 21:04 . 2010-12-21 21:04   141264   ----a-w-   c:\windows\system32\drivers\eamon.sys
2010-12-21 21:04 . 2010-12-21 21:04   115008   ----a-w-   c:\windows\system32\drivers\ehdrv.sys
2010-12-21 19:47 . 2010-12-21 19:47   94872   ----a-w-   c:\windows\system32\drivers\epfwtdir.sys
2010-12-20 23:59 . 2004-08-11 22:00   916480   ----a-w-   c:\windows\system32\wininet.dll
2010-12-20 23:59 . 2004-08-11 22:00   43520   ----a-w-   c:\windows\system32\licmgr10.dll
2010-12-20 23:59 . 2004-08-11 22:00   1469440   ------w-   c:\windows\system32\inetcpl.cpl
2010-12-20 17:26 . 2004-08-11 22:00   730112   ----a-w-   c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2004-08-11 22:00   385024   ----a-w-   c:\windows\system32\html.iec
2010-12-09 15:15 . 2004-08-11 22:00   718336   ----a-w-   c:\windows\system32\ntdll.dll
2010-12-09 14:30 . 2004-08-11 22:00   33280   ----a-w-   c:\windows\system32\csrsrv.dll
2010-12-09 13:42 . 2004-08-11 22:00   2148864   ----a-w-   c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07 . 2004-08-04 03:59   2027008   ----a-w-   c:\windows\system32\ntkrnlpa.exe
2010-11-29 23:38 . 2010-11-29 23:38   94208   ----a-w-   c:\windows\system32\QuickTimeVR.qtx
2010-11-29 23:38 . 2010-11-29 23:38   69632   ----a-w-   c:\windows\system32\QuickTime.qts
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-01-17 486856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-29 761947]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"SigmatelSysTrayApp"="stsystra.exe" [2005-11-17 397312]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-10-18 802816]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-10-18 696320]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-19 98304]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-19 118784]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-19 77824]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"Dell QuickSet"="c:\program files\Dell\QuickSet\Quickset.exe" [2005-12-15 839680]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2009-09-13 103768]
"BellSouthWCC_McciTrayApp"="c:\program files\BellSouthWCC\McciTrayApp.exe" [2005-11-17 543232]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2008-07-04 109056]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-01-12 2219184]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
America Online 9.0 Tray Icon.lnk - c:\program files\America Online 9.0\aoltray.exe [2006-4-5 156784]
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2005-6-16 49152]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-4-5 24576]
dlbcserv.lnk - c:\program files\Dell Photo Printer 720\dlbcserv.exe [2007-3-8 315392]
NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2008-3-3 118784]
PHOTOfunSTUDIO.lnk - c:\program files\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe [2010-1-18 44176]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"GameConsoleService"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Games HQ\\Unreal Tournament\\System\\UnrealTournament.exe"=
"c:\\Program Files\\Games HQ\\Age of Empires II\\age2_x1\\age2_x1.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1/17/2008 10:43 PM 716272]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [9/8/2009 5:13 PM 65584]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [12/21/2010 3:04 PM 115008]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [12/21/2010 1:47 PM 94872]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 12:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 12:41 PM 67656]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [1/12/2011 4:41 PM 810144]
S3 BW2NDIS5;BW2NDIS5;c:\windows\system32\Drivers\BW2NDIS5.sys --> c:\windows\system32\Drivers\BW2NDIS5.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2011-02-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
FF - ProfilePath - c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\khnidukr.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-23 17:29
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-763208294-2166686365-2200820826-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4AE46BEE-309A-D118-EEF6-0B629E101924}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iandjebeamjplkkima"=hex:6a,61,6f,6d,70,67,70,6a,61,6e,6d,62,65,6b,62,6a,67,66,
67,6d,00,f2
"haddpfckmafepble"=hex:6b,61,69,6d,61,6a,63,62,61,63,6c,6a,67,6e,6a,6c,6c,70,
6e,62,69,61,00,00

[HKEY_USERS\S-1-5-21-763208294-2166686365-2200820826-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C4FF9455-D2D0-B2C0-5236-97D1CE5D2B9A}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iaifkpmhmcpabcapeb"=hex:6a,61,6a,6f,63,67,6c,63,66,6b,6a,65,6b,64,68,61,67,68,
6e,6e,00,f1
"hacgbhgnolebgoia"=hex:6a,61,6a,6f,63,67,6c,63,66,6b,6a,65,6b,64,68,61,67,68,
6e,6e,00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(736)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(1396)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\igfxsrvc.exe
c:\program files\Citrix\ICA Client\wfcrun32.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Completion time: 2011-02-23 17:34:43 - machine was rebooted
ComboFix-quarantined-files.txt 2011-02-23 23:34
ComboFix2.txt 2011-02-22 22:35
ComboFix3.txt 2011-02-22 21:56
ComboFix4.txt 2011-02-18 02:02
ComboFix5.txt 2011-02-23 23:20

Pre-Run: 53,204,619,264 bytes free
Post-Run: 53,349,474,304 bytes free

Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 58837753BADF08FCA8B8CACCD51F2DF4

SuperDave · « **Reply #24 on:** February 24, 2011, 12:51:06 PM »

SysProt Antirootkit

Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).

http://sites.google.com/site/sysprotantirootkit/

Unzip it into a folder on your desktop.

Double click Sysprot.exe to start the program.
Click on the Log tab.
In the Write to log box select the following items.

Process << Selected
Kernel Modules << Selected
SSDT << Selected
Kernel Hooks << Selected
IRP Hooks << NOT Selected
Ports << NOT Selected
Hidden Files << Selected

At the bottom of the page

Hidden Objects Only << Selected

Click on the Create Log button on the bottom right.
After a few seconds a new window should appear.
Select Scan Root Drive. Click on the Start button.
When it is complete a new window will appear to indicate that the scan is finished.
The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.

shag · « **Reply #25 on:** February 24, 2011, 02:59:26 PM »

Alright, here's the log...should I note that we've run this program once before? (I think TDSS killer was our next step)

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

Process:
Name: [System Idle Process]
PID: 0
Hidden: No
Window Visible: No

Name: System
PID: 4
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\smss.exe
PID: 556
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\csrss.exe
PID: 708
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\winlogon.exe
PID: 736
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\services.exe
PID: 784
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\lsass.exe
PID: 796
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1028
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1076
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1116
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1144
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\LEXBCES.EXE
PID: 1176
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\spoolsv.exe
PID: 1196
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\LEXPPS.EXE
PID: 1212
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PID: 1240
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
PID: 1260
Hidden: No
Window Visible: No

Name: C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PID: 1356
Hidden: No
Window Visible: No

Name: C:\Program Files\Java\jre6\bin\jqs.exe
PID: 1476
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\Motive\McciCMService.exe
PID: 1520
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
PID: 1588
Hidden: No
Window Visible: No

Name: C:\WINDOWS\explorer.exe
PID: 1708
Hidden: No
Window Visible: No

Name: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PID: 188
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\Java\Java Update\jusched.exe
PID: 180
Hidden: No
Window Visible: No

Name: C:\Program Files\QuickTime\QTTask.exe
PID: 232
Hidden: No
Window Visible: No

Name: C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
PID: 236
Hidden: No
Window Visible: No

Name: C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PID: 260
Hidden: No
Window Visible: No

Name: C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PID: 364
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\igfxpers.exe
PID: 392
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\igfxsrvc.exe
PID: 412
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\hkcmd.exe
PID: 456
Hidden: No
Window Visible: No

Name: C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
PID: 464
Hidden: No
Window Visible: No

Name: C:\Program Files\Dell\Media Experience\DMXLauncher.exe
PID: 480
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\dla\tfswctrl.exe
PID: 504
Hidden: No
Window Visible: No

Name: C:\Program Files\Dell\QuickSet\quickset.exe
PID: 516
Hidden: No
Window Visible: No

Name: C:\Program Files\Citrix\ICA Client\concentr.exe
PID: 524
Hidden: No
Window Visible: No

Name: C:\Program Files\BellSouthWCC\McciTrayApp.exe
PID: 532
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PID: 580
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\wbem\wmiprvse.exe
PID: 1392
Hidden: No
Window Visible: No

Name: C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PID: 980
Hidden: No
Window Visible: No

Name: C:\Program Files\Citrix\ICA Client\wfcrun32.exe
PID: 1612
Hidden: No
Window Visible: No

Name: C:\Program Files\NetWaiting\netwaiting.exe
PID: 1628
Hidden: No
Window Visible: No

Name: C:\Program Files\DellSupport\DSAgnt.exe
PID: 1488
Hidden: No
Window Visible: No

Name: C:\Program Files\DAEMON Tools Lite\daemon.exe
PID: 1644
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\ctfmon.exe
PID: 588
Hidden: No
Window Visible: No

Name: C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe
PID: 2060
Hidden: No
Window Visible: No

Name: C:\Program Files\Digital Line Detect\DLG.exe
PID: 2108
Hidden: No
Window Visible: No

Name: C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
PID: 2164
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PID: 2400
Hidden: No
Window Visible: No

Name: C:\Program Files\Internet Explorer\iexplore.exe
PID: 1316
Hidden: No
Window Visible: No

Name: C:\Program Files\Internet Explorer\iexplore.exe
PID: 3644
Hidden: No
Window Visible: No

Name: C:\Program Files\Internet Explorer\iexplore.exe
PID: 4076
Hidden: No
Window Visible: No

Name: C:\Documents and Settings\Chris\Desktop\Latest Problems\SysProt\SysProt.exe
PID: 3556
Hidden: No
Window Visible: Yes

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \??\C:\Documents and Settings\Chris\Desktop\Latest Problems\SysProt\SysProtDrv.sys
Service Name: SysProtDrv.sys
Module Base: A9FA3000
Module End: A9FAE000
Hidden: No

Module Name: \WINDOWS\system32\ntkrnlpa.exe
Service Name: ---
Module Base: 804D7000
Module End: 806E5000
Hidden: No

Module Name: \WINDOWS\system32\hal.dll
Service Name: ---
Module Base: 806E5000
Module End: 80705D00
Hidden: No

Module Name: \WINDOWS\system32\KDCOM.DLL
Service Name: ---
Module Base: F7A7D000
Module End: F7A7F000
Hidden: No

Module Name: \WINDOWS\system32\BOOTVID.dll
Service Name: ---
Module Base: F798D000
Module End: F7990000
Hidden: No

Module Name: spgf.sys
Service Name: ---
Module Base: F737F000
Module End: F747C000
Hidden: Yes

Module Name: \WINDOWS\System32\Drivers\WMILIB.SYS
Service Name: ---
Module Base: F7A7F000
Module End: F7A81000
Hidden: No

Module Name: \WINDOWS\System32\Drivers\SCSIPORT.SYS
Service Name: ScsiPort
Module Base: F7367000
Module End: F737F000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ACPI.sys
Service Name: ACPI
Module Base: F7339000
Module End: F7367000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\pci.sys
Service Name: PCI
Module Base: F7328000
Module End: F7339000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\isapnp.sys
Service Name: isapnp
Module Base: F757D000
Module End: F7587000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\compbatt.sys
Service Name: Compbatt
Module Base: F7991000
Module End: F7994000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\BATTC.SYS
Service Name: BattC
Module Base: F7995000
Module End: F7999000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\pciide.sys
Service Name: PCIIde
Module Base: F7B45000
Module End: F7B46000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Service Name: ---
Module Base: F77FD000
Module End: F7804000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\MountMgr.sys
Service Name: MountMgr
Module Base: F758D000
Module End: F7598000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ftdisk.sys
Service Name: Disk
Module Base: F7309000
Module End: F7328000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\dmio.sys
Service Name: dmio
Module Base: F72E3000
Module End: F7309000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\PartMgr.sys
Service Name: PartMgr
Module Base: F7805000
Module End: F780A000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\VolSnap.sys
Service Name: VolSnap
Module Base: F759D000
Module End: F75AA000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\atapi.sys
Service Name: atapi
Module Base: F72CB000
Module End: F72E3000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\disk.sys
Service Name: ---
Module Base: F75AD000
Module End: F75B6000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Service Name: ---
Module Base: F75BD000
Module End: F75CA000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\fltmgr.sys
Service Name: FltMgr
Module Base: F72AB000
Module End: F72CB000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sr.sys
Service Name: sr
Module Base: F7299000
Module End: F72AB000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\drvmcdb.sys
Service Name: drvmcdb
Module Base: F7284000
Module End: F7299000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\PxHelp20.sys
Service Name: PxHelp20
Module Base: F75CD000
Module End: F75D7000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\KSecDD.sys
Service Name: KSecDD
Module Base: F726D000
Module End: F7284000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\Ntfs.sys
Service Name: Ntfs
Module Base: F71E0000
Module End: F726D000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\NDIS.sys
Service Name: NDIS
Module Base: F71B3000
Module End: F71E0000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ohci1394.sys
Service Name: ohci1394
Module Base: F75DD000
Module End: F75ED000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\1394BUS.SYS
Service Name: ---
Module Base: F75ED000
Module End: F75FB000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\Mup.sys
Service Name: Mup
Module Base: F7199000
Module End: F71B3000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\nic1394.sys
Service Name: NIC1394
Module Base: F76CD000
Module End: F76DD000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\intelppm.sys
Service Name: intelppm
Module Base: F6A7F000
Module End: F6A88000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
Service Name: WmiAcpi
Module Base: F6F68000
Module End: F6F6B000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\CmBatt.sys
Service Name: CmBatt
Module Base: F6F64000
Module End: F6F68000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
Service Name: ialm
Module Base: F68B2000
Module End: F69FF000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Service Name: ---
Module Base: F689E000
Module End: F68B2000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
Service Name: HDAudBus
Module Base: F6876000
Module End: F689E000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\NETw3x32.sys
Service Name: NETw3x32
Module Base: F66D4000
Module End: F6876000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Service Name: usbuhci
Module Base: F791D000
Module End: F7923000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS
Service Name: ---
Module Base: F66B0000
Module End: F66D4000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Service Name: usbehci
Module Base: F7925000
Module End: F792D000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
Service Name: bcm4sbxp
Module Base: F6A6F000
Module End: F6A7B000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\sdbus.sys
Service Name: sdbus
Module Base: F669C000
Module End: F66B0000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
Service Name: rimmptsk
Module Base: F792D000
Module End: F7934000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
Service Name: rimsptsk
Module Base: F6A5F000
Module End: F6A6C000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
Service Name: rismxdp
Module Base: F6650000
Module End: F669C000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\i8042prt.sys
Service Name: i8042prt
Module Base: F6A4F000
Module End: F6A5C000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\SynTP.sys
Service Name: SynTP
Module Base: F6621000
Module End: F6650000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\USBD.SYS
Service Name: ---
Module Base: F7ABB000
Module End: F7ABD000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mouclass.sys
Service Name: Mouclass
Module Base: F7935000
Module End: F793B000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Service Name: Kbdclass
Module Base: F793D000
Module End: F7943000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\imapi.sys
Service Name: Imapi
Module Base: F6A3F000
Module End: F6A4A000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\Afc.sys
Service Name: Afc
Module Base: F7945000
Module End: F794D000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sscdbhk5.sys
Service Name: sscdbhk5
Module Base: F7ABD000
Module End: F7ABF000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Service Name: Cdrom
Module Base: F6A2F000
Module End: F6A3F000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\redbook.sys
Service Name: redbook
Module Base: F6A1F000
Module End: F6A2E000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ks.sys
Service Name: ---
Module Base: F65FE000
Module End: F6621000
Hidden: No

Module Name: \SystemRoot\System32\Drivers\ay3i5k4g.SYS
Service Name: ---
Module Base: F6599000
Module End: F65FE000
Hidden: Yes

Module Name: C:\WINDOWS\system32\DRIVERS\audstub.sys
Service Name: audstub
Module Base: F7BAA000
Module End: F7BAB000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Service Name: Rasl2tp
Module Base: F6A0F000
Module End: F6A1C000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Service Name: NdisTapi
Module Base: F7A51000
Module End: F7A54000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Service Name: NdisWan
Module Base: F6560000
Module End: F6577000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Service Name: RasPppoe
Module Base: F69FF000
Module End: F6A0A000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\raspptp.sys
Service Name: PptpMiniport
Module Base: F761D000
Module End: F7629000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\TDI.SYS
Service Name: ---
Module Base: F781D000
Module End: F7822000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ptilink.sys
Service Name: Ptilink
Module Base: F783D000
Module End: F7842000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\raspti.sys
Service Name: Raspti
Module Base: F7885000
Module End: F788A000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\wanatw4.sys
Service Name: wanatw
Module Base: F7845000
Module End: F784B000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rdpdr.sys
Service Name: rdpdr
Module Base: F6530000
Module End: F6560000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\termdd.sys
Service Name: TermDD
Module Base: F762D000
Module End: F7637000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\swenum.sys
Service Name: swenum
Module Base: F7AC9000
Module End: F7ACB000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\update.sys
Service Name: Update
Module Base: F64AA000
Module End: F6508000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Service Name: mssmbios
Module Base: F7A69000
Module End: F7A6D000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\omci.sys
Service Name: omci
Module Base: F784D000
Module End: F7852000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Service Name: NDProxy
Module Base: F764D000
Module End: F7657000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sthda.sys
Service Name: STHDA
Module Base: AA5D5000
Module End: AA6CD000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\portcls.sys
Service Name: ---
Module Base: AA5B1000
Module End: AA5D5000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\drmk.sys
Service Name: ---
Module Base: F76AD000
Module End: F76BC000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys
Service Name: HSXHWAZL
Module Base: AA577000
Module End: AA5B1000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys
Service Name: HSF_DPV
Module Base: AA480000
Module End: AA577000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
Service Name: winachsf
Module Base: AA3CA000
Module End: AA480000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Modem.SYS
Service Name: Modem
Module Base: F786D000
Module End: F7875000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbhub.sys
Service Name: usbhub
Module Base: F76ED000
Module End: F76FC000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\i2omgmt.SYS
Service Name: i2omgmt
Module Base: F7A41000
Module End: F7A44000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Service Name: Fs_Rec
Module Base: F7ADB000
Module End: F7ADD000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Null.SYS
Service Name: Null
Module Base: F7BFE000
Module End: F7BFF000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ssrtln.sys
Service Name: ssrtln
Module Base: F787D000
Module End: F7883000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ehdrv.sys
Service Name: ehdrv
Module Base: AA383000
Module End: AA3A2000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
Service Name: USBSTOR
Module Base: F78AD000
Module End: F78B4000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\vga.sys
Service Name: VgaSave
Module Base: F78BD000
Module End: F78C3000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Service Name: mnmdd
Module Base: F7AEF000
Module End: F7AF1000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Service Name: RDPCDD
Module Base: F7AF1000
Module End: F7AF3000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Msfs.SYS
Service Name: Msfs
Module Base: F78C5000
Module End: F78CA000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Npfs.SYS
Service Name: Npfs
Module Base: F78CD000
Module End: F78D5000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rasacd.sys
Service Name: RasAcd
Module Base: F6520000
Module End: F6523000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ipsec.sys
Service Name: IPSec
Module Base: AA350000
Module End: AA363000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\msgpc.sys
Service Name: Gpc
Module Base: F774D000
Module End: F7756000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Service Name: Tcpip
Module Base: AA2F7000
Module End: AA350000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\tosrfusb.sys
Service Name: Tosrfusb
Module Base: F775D000
Module End: F7767000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\netbt.sys
Service Name: NetBT
Module Base: AA2CF000
Module End: AA2F7000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ipnat.sys
Service Name: IpNat
Module Base: AA2A9000
Module End: AA2CF000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
Service Name: epfwtdir
Module Base: AA291000
Module End: AA2A9000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\wanarp.sys
Service Name: Wanarp
Module Base: F776D000
Module End: F7776000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\ws2ifsl.sys
Service Name: WS2IFSL
Module Base: F651C000
Module End: F651F000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\afd.sys
Service Name: AFD
Module Base: AA26F000
Module End: AA291000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\netbios.sys
Service Name: NetBIOS
Module Base: F777D000
Module End: F7786000
Hidden: No

Module Name: \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
Service Name: SASKUTIL
Module Base: AA24D000
Module End: AA26F000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\arp1394.sys
Service Name: Arp1394
Module Base: F77AD000
Module End: F77BC000
Hidden: No

Module Name: \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
Service Name: SASDIFSV
Module Base: F78DD000
Module End: F78E3000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rdbss.sys
Service Name: Rdbss
Module Base: AA222000
Module End: AA24D000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Service Name: MRxSmb
Module Base: AA1B2000
Module End: AA222000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Fips.SYS
Service Name: Fips
Module Base: F77BD000
Module End: F77C8000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ctxusbm.sys
Service Name: ctxusbm
Module Base: AA0FE000
Module End: AA112000
Hidden: No

Module Name: C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
Service Name: APPDRV
Module Base: F6508000
Module End: F650C000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\tosrfbd.sys
Service Name: Tosrfbd
Module Base: AA0BB000
Module End: AA0D6000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Service Name: Cdfs
Module Base: F77DD000
Module End: F77ED000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys
Service Name: Tosrfhid
Module Base: F765D000
Module End: F766D000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\hidusb.sys
Service Name: HidUsb
Module Base: AA7A0000
Module End: AA7A3000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS
Service Name: ---
Module Base: F766D000
Module End: F7676000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS
Service Name: ---
Module Base: F7975000
Module End: F797C000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mouhid.sys
Service Name: mouhid
Module Base: AA79C000
Module End: AA79F000
Hidden: No

Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
Service Name: ---
Module Base: AA02B000
Module End: AA043000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_WMILIB.SYS
Service Name: ---
Module Base: F7B25000
Module End: F7B27000
Hidden: Yes

Module Name: C:\WINDOWS\System32\drivers\Dxapi.sys
Service Name: ---
Module Base: AA3BA000
Module End: AA3BD000
Hidden: No

Module Name: C:\WINDOWS\System32\watchdog.sys
Service Name: ---
Module Base: F7815000
Module End: F781A000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\dxgthk.sys
Service Name: ---
Module Base: F7C4D000
Module End: F7C4E000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\eamon.sys
Service Name: eamon
Module Base: A9E44000
Module End: A9EEB000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\drvnddm.sys
Service Name: drvnddm
Module Base: AA142000
Module End: AA14C000
Hidden: No

Module Name: C:\WINDOWS\system32\dla\tfsndres.sys
Service Name: tfsndres
Module Base: F7C2D000
Module End: F7C2E000
Hidden: No

Module Name: C:\WINDOWS\system32\dla\tfsnifs.sys
Service Name: tfsnifs
Module Base: A9E2E000
Module End: A9E44000
Hidden: No

Module Name: C:\WINDOWS\system32\dla\tfsnopio.sys
Service Name: tfsnopio
Module Base: A9F5F000
Module End: A9F63000
Hidden: No

Module Name: C:\WINDOWS\system32\dla\tfsnpool.sys
Service Name: tfsnpool
Module Base: F7A89000
Module End: F7A8B000
Hidden: No

Module Name: C:\WINDOWS\system32\dla\tfsnboio.sys
Service Name: tfsnboio
Module Base: F78B5000
Module End: F78BC000
Hidden: No

Module Name: C:\WINDOWS\system32\dla\tfsncofs.sys
Service Name: tfsncofs
Module Base: F77CD000
Module End: F77D6000
Hidden: No

Module Name: C:\WINDOWS\system32\dla\tfsndrct.sys
Service Name: tfsndrct
Module Base: F7C25000
Module End: F7C26000
Hidden: No

Module Name: C:\WINDOWS\system32\dla\tfsnudf.sys
Service Name: tfsnudf
Module Base: A9E15000
Module End: A9E2E000
Hidden: No

Module Name: C:\WINDOWS\system32\dla\tfsnudfa.sys
Service Name: tfsnudfa
Module Base: A9DFC000
Module End: A9E15000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\AegisP.sys
Service Name: AegisP
Module Base: F78ED000
Module End: F78F2000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\s24trans.sys
Service Name: s24trans
Module Base: A9F13000
Module End: A9F17000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
Service Name: dsunidrv
Module Base: F7A9D000
Module End: F7A9F000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Fastfat.SYS
Service Name: Fastfat
Module Base: A9A68000
Module End: A9A8C000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
Service Name: mdmxsdk
Module Base: A9B8C000
Module End: A9B90000
Hidden: No

Module Name: \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS
Service Name: MRENDIS5
Module Base: A9BF4000
Module End: A9BF9000
Hidden: No

Module Name: \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
Service Name: DSproct
Module Base: F7AA9000
Module End: F7AAB000
Hidden: No

******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwAssignProcessToJobObject
Address: AA384610
Driver Base: AA383000
Driver End: AA3A2000
Driver Name: \SystemRoot\system32\DRIVERS\ehdrv.sys

Function Name: ZwCreateKey
Address: F73800E0
Driver Base: F737F000
Driver End: F747C000
Driver Name: spgf.sys

Function Name: ZwDebugActiveProcess
Address: AA384C10
Driver Base: AA383000
Driver End: AA3A2000
Driver Name: \SystemRoot\system32\DRIVERS\ehdrv.sys

Function Name: ZwDuplicateObject
Address: AA384730
Driver Base: AA383000
Driver End: AA3A2000
Driver Name: \SystemRoot\system32\DRIVERS\ehdrv.sys

Function Name: ZwEnumerateKey
Address: F739DCA2
Driver Base: F737F000
Driver End: F747C000
Driver Name: spgf.sys

Function Name: ZwEnumerateValueKey
Address: F739E030
Driver Base: F737F000
Driver End: F747C000
Driver Name: spgf.sys

Function Name: ZwOpenKey
Address: F73800C0
Driver Base: F737F000
Driver End: F747C000
Driver Name: spgf.sys

Function Name: ZwOpenProcess
Address: AA3844B0
Driver Base: AA383000
Driver End: AA3A2000
Driver Name: \SystemRoot\system32\DRIVERS\ehdrv.sys

Function Name: ZwOpenThread
Address: AA384570
Driver Base: AA383000
Driver End: AA3A2000
Driver Name: \SystemRoot\system32\DRIVERS\ehdrv.sys

Function Name: ZwProtectVirtualMemory
Address: AA3846D0
Driver Base: AA383000
Driver End: AA3A2000
Driver Name: \SystemRoot\system32\DRIVERS\ehdrv.sys

Function Name: ZwQueryKey
Address: F739E108
Driver Base: F737F000
Driver End: F747C000
Driver Name: spgf.sys

Function Name: ZwQueryValueKey
Address: F739DF88
Driver Base: F737F000
Driver End: F747C000
Driver Name: spgf.sys

Function Name: ZwQueueApcThread
Address: AA384790
Driver Base: AA383000
Driver End: AA3A2000
Driver Name: \SystemRoot\system32\DRIVERS\ehdrv.sys

Function Name: ZwSetContextThread
Address: AA384690
Driver Base: AA383000
Driver End: AA3A2000
Driver Name: \SystemRoot\system32\DRIVERS\ehdrv.sys

Function Name: ZwSetInformationThread
Address: AA384650
Driver Base: AA383000
Driver End: AA3A2000
Driver Name: \SystemRoot\system32\DRIVERS\ehdrv.sys

Function Name: ZwSetSecurityObject
Address: AA3847D0
Driver Base: AA383000
Driver End: AA3A2000
Driver Name: \SystemRoot\system32\DRIVERS\ehdrv.sys

Function Name: ZwSetValueKey
Address: F739E19A
Driver Base: F737F000
Driver End: F747C000
Driver Name: spgf.sys

Function Name: ZwSuspendProcess
Address: AA384510
Driver Base: AA383000
Driver End: AA3A2000
Driver Name: \SystemRoot\system32\DRIVERS\ehdrv.sys

Function Name: ZwSuspendThread
Address: AA384590
Driver Base: AA383000
Driver End: AA3A2000
Driver Name: \SystemRoot\system32\DRIVERS\ehdrv.sys

Function Name: ZwTerminateProcess
Address: AA3844D0
Driver Base: AA383000
Driver End: AA3A2000
Driver Name: \SystemRoot\system32\DRIVERS\ehdrv.sys

Function Name: ZwTerminateThread
Address: AA3845D0
Driver Base: AA383000
Driver End: AA3A2000
Driver Name: \SystemRoot\system32\DRIVERS\ehdrv.sys

Function Name: ZwWriteVirtualMemory
Address: AA384750
Driver Base: AA383000
Driver End: AA3A2000
Driver Name: \SystemRoot\system32\DRIVERS\ehdrv.sys

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: C:\Qoobox\BackEnv\AppData.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Cache.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Cookies.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Desktop.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Favorites.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\History.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\LocalAppData.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\LocalSettings.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Music.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\NetHood.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Personal.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Pictures.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\PrintHood.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Profiles.Folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Profiles.Folder.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Programs.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Recent.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SendTo.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SetPath.bat
Status: Access denied

Object: C:\Qoobox\BackEnv\StartMenu.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\StartUp.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SysPath.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Templates.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\VikPev00
Status: Access denied

SuperDave · « **Reply #26 on:** February 25, 2011, 12:46:08 PM »

Quote

should I note that we've run this program once before?

You're correct. I didn't check back far enough. Sorry.
Please run the ESET scan again as requested in Reply # 12

shag · « **Reply #27 on:** February 25, 2011, 09:25:05 PM »

alrighty, with the internet currently functional on the laptop, this is what i got.

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6425
# api_version=3.0.2
# EOSSerial=fcd9d6124cc58645a01fda453d900793
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-02-26 02:26:22
# local_time=2011-02-25 08:26:22 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=8199 22379925 100 100 0 5634550 0 0
# scanned=73797
# found=1
# cleaned=0
# scan_time=4387
# nod_component=V3 Build:0x30000000
C:\Documents and Settings\Chris\Application Data\Sun\Java\Deployment\cache\6.0\58\52a2a7ba-16bf8651 a variant of Java/TrojanDownloader.OpenStream.NBF trojan (unable to clean) 00000000000000000000000000000000 I

SuperDave · « **Reply #28 on:** February 26, 2011, 12:39:23 PM »

Copy and paste the text in the code box below into Notepad.

Code: [Select]

@echo off
del C: C:\Documents and Settings\Chris\Application Data\Sun\Java\Deployment\cache\6.0\58\52a2a7ba-16bf8651   

del blackpudding.bat
exit

Then click File > Save as
Save to the Desktop as blackpudding.bat
And Save as type: All Files.

Double-click on blackpudding.bat to run it.

Now, please run the ESET scan again and post the log.

shag · « **Reply #29 on:** February 26, 2011, 10:42:47 PM »

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6425
# api_version=3.0.2
# EOSSerial=fcd9d6124cc58645a01fda453d900793
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-02-26 02:26:22
# local_time=2011-02-25 08:26:22 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=8199 22379925 100 100 0 5634550 0 0
# scanned=73797
# found=1
# cleaned=0
# scan_time=4387
# nod_component=V3 Build:0x30000000
C:\Documents and Settings\Chris\Application Data\Sun\Java\Deployment\cache\6.0\58\52a2a7ba-16bf8651   a variant of Java/TrojanDownloader.OpenStream.NBF trojan (unable to clean)   00000000000000000000000000000000   I
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6425
# api_version=3.0.2
# EOSSerial=fcd9d6124cc58645a01fda453d900793
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-02-26 11:37:11
# local_time=2011-02-26 05:37:11 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=8199 22379925 100 100 0 5709877 0 0
# scanned=90777
# found=2
# cleaned=0
# scan_time=5310
# nod_component=V3 Build:0x30000000
C:\Documents and Settings\Chris\Application Data\Sun\Java\Deployment\cache\6.0\58\52a2a7ba-16bf8651   a variant of Java/TrojanDownloader.OpenStream.NBF trojan (unable to clean)   00000000000000000000000000000000   I
F:\Useful Downloaded Stuff--packed files\SDFix.exe   Win32/PrcView application (unable to clean)   00000000000000000000000000000000   I

SuperDave · « **Reply #30 on:** February 27, 2011, 07:15:17 PM »

Did you run the bat file I suggested in Reply # 28 ?

shag · « **Reply #31 on:** February 28, 2011, 10:07:35 AM »

yes, and just to make sure I've run the .bat a couple more times and run the scan...that trojan keeps coming up in the detections.

SuperDave · « **Reply #32 on:** February 28, 2011, 12:40:49 PM »

Are you sure you're doing it correctly because the file should self-delete once it's run?

shag · « **Reply #33 on:** February 28, 2011, 04:43:41 PM »

yeah, i have to create a new file each time i run the thinger.

SuperDave · « **Reply #34 on:** March 01, 2011, 01:08:02 PM »

Ok. Let's try this:

Click Start, Search, select All Files and Folders. Copy and paste

Code: [Select]

C:\Documents and Settings\Chris\Application Data\Sun\Java\Deployment\cache\6.0\58\52a2a7ba-16bf8651

and click search. Delete this file.

shag · « **Reply #35 on:** March 02, 2011, 11:00:43 AM »

OK, I did that...I deleted the file from the recycle bin and restarted--it hasn't come back. I ran ESET online scan once again and it didn't find that trojan, but it does have a detection (see log below).

My computer still won't let me play sound or access network configuration...yet it will connect to the internet.

i think this log includes results from earlier searches that I stopped once it found the trojan...at the bottom is the win32/prcview application thinger that ESET doesn't like.

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6425
# api_version=3.0.2
# EOSSerial=fcd9d6124cc58645a01fda453d900793
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-02-26 02:26:22
# local_time=2011-02-25 08:26:22 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=8199 22379925 100 100 0 5634550 0 0
# scanned=73797
# found=1
# cleaned=0
# scan_time=4387
# nod_component=V3 Build:0x30000000
C:\Documents and Settings\Chris\Application Data\Sun\Java\Deployment\cache\6.0\58\52a2a7ba-16bf8651   a variant of Java/TrojanDownloader.OpenStream.NBF trojan (unable to clean)   00000000000000000000000000000000   I
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6425
# api_version=3.0.2
# EOSSerial=fcd9d6124cc58645a01fda453d900793
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-02-26 11:37:11
# local_time=2011-02-26 05:37:11 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=8199 22379925 100 100 0 5709877 0 0
# scanned=90777
# found=2
# cleaned=0
# scan_time=5310
# nod_component=V3 Build:0x30000000
C:\Documents and Settings\Chris\Application Data\Sun\Java\Deployment\cache\6.0\58\52a2a7ba-16bf8651   a variant of Java/TrojanDownloader.OpenStream.NBF trojan (unable to clean)   00000000000000000000000000000000   I
F:\Useful Downloaded Stuff--packed files\SDFix.exe   Win32/PrcView application (unable to clean)   00000000000000000000000000000000   I
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6425
# api_version=3.0.2
# EOSSerial=fcd9d6124cc58645a01fda453d900793
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-02-28 05:05:46
# local_time=2011-02-28 11:05:46 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=8199 22379861 100 100 0 5862793 0 0
# scanned=26032
# found=1
# cleaned=0
# scan_time=1710
# nod_component=V3 Build:0x30000000
C:\Documents and Settings\Chris\Application Data\Sun\Java\Deployment\cache\6.0\58\52a2a7ba-16bf8651   a variant of Java/TrojanDownloader.OpenStream.NBF trojan (unable to clean)   00000000000000000000000000000000   I
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6425
# api_version=3.0.2
# EOSSerial=fcd9d6124cc58645a01fda453d900793
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-03-02 07:02:15
# local_time=2011-03-02 01:02:15 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=8199 22379861 100 100 0 5996411 0 0
# scanned=78596
# found=1
# cleaned=0
# scan_time=4680
# nod_component=V3 Build:0x30000000
C:\RECYCLER\S-1-5-21-763208294-2166686365-2200820826-1006\Dc18   a variant of Java/TrojanDownloader.OpenStream.NBF trojan (unable to clean)   00000000000000000000000000000000   I
esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6425
# api_version=3.0.2
# EOSSerial=fcd9d6124cc58645a01fda453d900793
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-03-02 07:19:18
# local_time=2011-03-02 01:19:18 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=8199 22379861 100 100 0 6001294 0 0
# scanned=4985
# found=0
# cleaned=0
# scan_time=821
# nod_component=V3 Build:0x30000000
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6425
# api_version=3.0.2
# EOSSerial=fcd9d6124cc58645a01fda453d900793
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-03-02 05:53:14
# local_time=2011-03-02 11:53:14 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=8199 22379861 100 100 0 6033948 0 0
# scanned=88782
# found=1
# cleaned=0
# scan_time=5458
# nod_component=V3 Build:0x30000000
F:\Useful Downloaded Stuff--packed files\SDFix.exe   Win32/PrcView application (unable to clean)   00000000000000000000000000000000   I

SuperDave · « **Reply #36 on:** March 02, 2011, 11:18:56 AM »

Quote

My computer still won't let me play sound or access network configuration

I believe those are software issues and not malware related.
Let's try this scan.

Download Dr.Web CureIt to the desktop:
DrWebCureIt

Double-click the launch.exe or cureit.exe file and Allow to run the express scan
This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
Once the short scan has finished, just let it cure whatever it finds...

o Now, go to Settings >> Change Settings
o Go to Actions tab >> under Objects section, change the settings to below
Infected objects - Cure
Incurable objects - Report
Suspicious objects - Report
o Don't change any other settings

Start the scan again. This time, choose Complete Scan
Click the green arrow button at the right, and the scan will start.
After the scan finished, click Select all
Click on Cure and choose Report incurable (means take no actions.. Don't "move", or "rename" or "delete")
When the scan has finished, in the menu, click File and choose Save report list
Save the report to your Desktop. The report will be called DrWeb.csv
Post DrWeb.csv in your next reply (Open it as Notepad).. Do NOT reboot the computer yet..

shag · « **Reply #37 on:** March 02, 2011, 12:38:59 PM »

alright, this sucks.

1--i get a message that dr. web's definitions are old and to update I'm linked to a site with cyrillic characters that i can't read.
2--i can't make any of the changes to the settings as you instructed. it runs an express scan, prompts me in several different ways to get the full version, all of which link me to the same unreadable website. if i click "no" to all the various messages, it closes the program without ever letting me back to the settings page.
3--for what its worth, there are no detections from the express scan.

i've more or less instantly decided i hate this program. have you anything equivalent without annoying messages and unreadable websites?

SuperDave · « **Reply #38 on:** March 02, 2011, 04:35:08 PM »

Run the BitDefender Online Scanner.

Agree to the license and then select Scan. DO NOT CHANGE THE OPTIONS TO SHOW ALL FILES SCANNED. That will make your logs huge and we don't need to see clean files.

Once Bitdefender completes the scan:
Click-on the Detected Problems tab.
Then select Click here to export the scan report.

When the window comes up to save the report, change the Save as type: box to:
Text (Tab Delimited) (*.txt) and then in the File name box enter change to bdscan then click Save.

This will save a file named bdscan.txt. I would suggest saving it to the Desktop so you can easily find it. (take notice of where you save it so you can find it later).
This bdcan.txt file will actually contain HTML code that we can easily view later while reviewing your log. All we have to do is rename the file to bdscan.html.

If you do not follow these step, you will have an incorrect log or worse a log summary which is useless to us.

Post the bdscan.txt file as an Attachment.

shag · « **Reply #39 on:** March 03, 2011, 09:51:24 AM »

I couldn't follow your link. I got here: http://www.bitdefender.com/scanner/online/free.html. It looked legit enough, but when I get to the step of updating virus definitions, there's an error, and the scan itself never proceeds.

I gathered there's a free edition of BitDefender that I could install on my computer--would that work as an alternative? I'd have to uninstall ESET NOD32, but my 30 days' trial was going to run out on that pretty soon anyway.

SuperDave · « **Reply #40 on:** March 03, 2011, 12:56:27 PM »

Quote

I couldn't follow your link. I got here: http://www.bitdefender.com/scanner/online/free.html. It looked legit enough, but when I get to the step of updating virus definitions, there's an error, and the scan itself never proceeds.

Sorry about the link. I tested it before I gave it to you and it worked perfectly. Yes. That is the correct site. I tried the scan and it worked very well on my computer. Are you allowing the add-on?

Quote

I'd have to uninstall ESET NOD32, but my 30 days' trial was going to run out on that pretty soon anyway.

Is this your AV program that you're talking about? I can give you a list of free AV programs that you can use.

Download DDS from HERE or HERE and save it to your desktop.

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.

1) DDS.txt
2) Attach.txt

* Save both logs to your desktop.
* Please copy and paste the entire contents of both logs in your next reply.

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copy and pasting it into the reply.

shag · « **Reply #41 on:** March 03, 2011, 03:32:41 PM »

okay, dds worked.

Yes, ESET NOD 32 is my current antivirus--I downloaded a free trial and uninstalled Avira because at the time you wanted me to do an ESET online scan but my internet would not work. I ran the NOD 32 scan as my best attempt to follow your instructions. I was suggesting a similar approach in my last post--since I couldn't run bitdefender's online scan (yes, i'm allowing the add-on), I was offering to download a free version of their standard antivirus program and run a scan from my computer. Let me know if you'd like me to do that.

dds.txt:

DDS (Ver_10-12-12.01) - NTFSx86
Run by Chris at 16:17:12.23 on Thu 03/03/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.597 [GMT -6:00]

AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\QuickSet\Quickset.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Program Files\BellSouthWCC\McciTrayApp.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Documents and Settings\Chris\Desktop\dds.pif

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: BellSouth Toolbar: {4e7bd74f-2b8d-469e-8cbd-fd60bb9aae2e} -
uRun: [ModemOnHold] c:\program files\netwaiting\netWaiting.exe
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\Quickset.exe
mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
mRun: [BellSouthWCC_McciTrayApp] c:\program files\bellsouthwcc\McciTrayApp.exe
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\americ~1.lnk - c:\program files\america online 9.0\aoltray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng1.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dlbcserv.lnk - c:\program files\dell photo printer 720\dlbcserv.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\nkbmon~1.lnk - c:\program files\nikon\pictureproject\NkbMonitor.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\photof~1.lnk - c:\program files\panasonic\photofunstudio\PhAutoRun.exe
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} - hxxp://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} - hxxp://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} - hxxp://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - hxxp://acs.pandasoftware.com/activescan/as5free/asinst.cab
DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} - hxxp://zone.msn.com/bingame/zpagames/zpa_txhe.cab79352.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://www.adobe.com/products/acrobat/nos/gp.cab
DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} - hxxp://zone.msn.com/binframework/v10/StProxy.cab55579.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\chris\applic~1\mozilla\firefox\profiles\khnidukr.default\
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Extension: Java Quick Starter: [email protected] - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\docume~1\chris\applic~1\mozilla\firefox\profiles\khnidukr.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

============= SERVICES / DRIVERS ===============

R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2009-9-8 65584]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-12-21 115008]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2010-12-21 94872]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2011-1-12 810144]
S2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe --> c:\progra~1\mcafee\viruss~1\mcshield.exe [?]
S3 BW2NDIS5;BW2NDIS5;c:\windows\system32\drivers\bw2ndis5.sys --> c:\windows\system32\drivers\BW2NDIS5.sys [?]
S4 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe --> c:\progra~1\mcafee\viruss~1\mcsysmon.exe [?]

=============== Created Last 30 ================

2011-03-02 19:27:05   --------   d-----w-   c:\documents and settings\chris\DoctorWeb
2011-02-26 16:31:53   --------   d-----w-   c:\docume~1\alluse~1\applic~1\Desura
2011-02-22 21:51:52   98816   ----a-w-   c:\windows\sed.exe
2011-02-22 21:51:52   89088   ----a-w-   c:\windows\MBR.exe
2011-02-22 21:51:52   256512   ----a-w-   c:\windows\PEV.exe
2011-02-22 21:51:52   161792   ----a-w-   c:\windows\SWREG.exe
2011-02-19 22:48:37   --------   d-----w-   c:\docume~1\chris\locals~1\applic~1\ESET
2011-02-19 22:21:49   --------   d-----w-   c:\program files\ESET
2011-02-19 02:11:57   472808   ----a-w-   c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2011-02-15 03:15:56   388096   ----a-r-   c:\docume~1\chris\applic~1\microsoft\installer\{0761c9a8-8f3a-4216-b4a7-b7afbf24a24a}\HiJackThis.exe
2011-02-15 02:11:26   --------   d-----w-   c:\program files\TrendMicro
2011-02-11 01:49:12   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-11 01:49:07   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-02-11 01:42:40   --------   d-----w-   c:\program files\CCleaner

==================== Find3M ====================

2011-02-19 02:11:36   73728   ----a-w-   c:\windows\system32\javacpl.cpl
2011-02-19 02:11:35   472808   ----a-w-   c:\windows\system32\deployJava1.dll
2011-01-21 14:44:37   439296   ----a-w-   c:\windows\system32\shimgvw.dll
2011-01-07 14:09:02   290048   ----a-w-   c:\windows\system32\atmfd.dll
2010-12-31 13:10:33   1854976   ----a-w-   c:\windows\system32\win32k.sys
2010-12-22 12:34:28   301568   ----a-w-   c:\windows\system32\kerberos.dll
2010-12-20 23:59:20   916480   ----a-w-   c:\windows\system32\wininet.dll
2010-12-20 23:59:19   43520   ----a-w-   c:\windows\system32\licmgr10.dll
2010-12-20 23:59:19   1469440   ------w-   c:\windows\system32\inetcpl.cpl
2010-12-20 17:26:00   730112   ----a-w-   c:\windows\system32\lsasrv.dll
2010-12-20 12:55:26   385024   ----a-w-   c:\windows\system32\html.iec
2010-12-09 15:15:09   718336   ----a-w-   c:\windows\system32\ntdll.dll
2010-12-09 14:30:22   33280   ----a-w-   c:\windows\system32\csrsrv.dll
2010-12-09 13:42:26   2148864   ----a-w-   c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07:07   2027008   ----a-w-   c:\windows\system32\ntkrnlpa.exe

============= FINISH: 16:18:09.12 ===============

attach.txt:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 6/8/2006 9:01:42 PM
System Uptime: 3/3/2011 4:03:43 PM (0 hours ago)

Motherboard: Dell Inc. | | 0FF049
Processor: Genuine Intel(R) CPU T2300 @ 1.66GHz | Microprocessor | 1664/166mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 88 GiB total, 49.115 GiB free.
D: is CDROM ()
E: is CDROM ()
G: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 2/19/2011 4:18:09 PM - System Checkpoint
RP2: 2/21/2011 11:44:08 AM - Software Distribution Service 3.0
RP3: 2/23/2011 5:21:09 PM - ComboFix created restore point
RP4: 2/27/2011 12:01:41 AM - Software Distribution Service 3.0

==== Installed Programs ======================

Access Drivers
Adobe Flash Player 10 ActiveX
Adobe Reader X (10.0.1)
America Online (Choose which version to remove)
AOL Coach Version 1.0(Build:20040229.1 en)
AOL Connectivity Services
AOLIcon
Apple Application Support
Apple Software Update
ArcSoft Panorama Maker 3
ArcSoft Software Suite
ATT-PRT22
AudioConverter Studio 6.0
Avernum 5
AVS Update Manager 1.0
Battle.net
BellSouth Application Management
BellSouth Toolbar 1.0
BellSouth Wireless Connection Tool
Bluetooth Stack for Windows by Toshiba
Broadcom Management Programs
CCleaner
Citrix online plug-in - web
Citrix online plug-in (DV)
Citrix online plug-in (HDX)
Citrix online plug-in (USB)
Citrix online plug-in (Web)
Command & Conquer Red Alert 2
Command & Conquer Tiberian Sun
Conexant HDA D110 MDC V.92 Modem
Critical Update for Windows Media Player 11 (KB959772)
Dell Digital Jukebox Driver
Dell Media Experience
Dell Photo Printer 720
Dell Photo Printer 720 Logger
Dell System Restore
DellSupport
Digital Content Portal
Digital Line Detect
DivX Version Checker
EducateU
ELIcon
ESET NOD32 Antivirus
ESET Online Scanner v3
FLV Player 2.0 (build 25)
Get High Speed Internet!
getPlus(R)_ocx
Google Toolbar for Internet Explorer
Hero Editor V0.80
High Definition Audio Driver Package - KB835221
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel(R) Graphics Media Accelerator Driver
Intel(R) PROSet/Wireless Software
Internal Network Card Power Management
Java Auto Updater
Java(TM) 6 Update 2
Java(TM) 6 Update 24
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Learn2 Player (Uninstall Only)
Logitech Webcam Software
Logitech Webcam Software Driver Package
Malwarebytes' Anti-Malware
mCore
MCU
mDriver
mDrWiFi
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Basic Edition 2003
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft XML Parser
mIWA
mLogView
mMHouse
Modem Helper
Mozilla Firefox (3.6.13)
mPfMgr
mPfWiz
mProSafe
MS Access 97 SP2
mSSO
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Musicmatch for Windows Media Player
mWlsSafe
mWMI
mXML
mZConfig
NetWaiting
NetZeroInstallers
Nikon Message Center
OpenOffice.org Installer 1.0
Panda ActiveScan
PC Image Editor
Photo Click
PHOTOfunSTUDIO
PictureProject
PictureProject In Touch Downloader 1.0
Pixel Grease
PowerDVD 5.7
Qualxserve Service Agreement
QuickSet
QuickTime
SC3K Map Editor 1.2
Search Assist
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Skype Toolbars
Skype™ 5.1
Sonic DLA
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
SUPERAntiSpyware
Synaptics Pointing Device Driver
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
URL Assistant
Viewpoint Media Player
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows Media Tools 4.1
Windows XP Service Pack 3
WinRAR archiver
WinZip

==== Event Viewer Messages From Past Week ========

2/27/2011 9:57:46 PM, error: Service Control Manager [7001] - The Telephony service depends on the Plug and Play service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
2/27/2011 9:57:46 PM, error: Service Control Manager [7001] - The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error: The dependency service or group failed to start.
2/27/2011 9:52:36 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
2/27/2011 9:52:02 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
2/27/2011 9:51:25 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Beep
2/27/2011 9:51:02 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
2/27/2011 9:50:55 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
2/27/2011 9:50:55 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
2/27/2011 9:50:49 PM, error: Service Control Manager [7001] - The Windows Firewall/Internet Connection Sharing (ICS) service depends on the Network Connections service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
2/27/2011 9:50:49 PM, error: Service Control Manager [7001] - The Windows Audio service depends on the Plug and Play service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
2/27/2011 9:50:49 PM, error: Service Control Manager [7001] - The System Event Notification service depends on the COM+ Event System service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
2/27/2011 9:50:49 PM, error: Service Control Manager [7001] - The Remote Access Auto Connection Manager service depends on the Telephony service which failed to start because of the following error: The dependency service or group failed to start.
2/27/2011 9:50:49 PM, error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
2/27/2011 9:50:49 PM, error: Service Control Manager [7000] - The McAfee Real-time Scanner service failed to start due to the following error: The system cannot find the path specified.
2/25/2011 3:47:21 PM, error: Dhcp [1002] - The IP address lease 192.168.2.3 for the Network Card with network address 0013021B9AE5 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

==== End Of File ===========================

SuperDave · « **Reply #42 on:** March 03, 2011, 04:49:10 PM »

Quote

I was offering to download a free version of their standard antivirus program and run a scan from my computer. Let me know if you'd like me to do that.

You can run it if you wish but at the moment, I'm just trying to get rid of this: F:\Useful Downloaded Stuff--packed files\SDFix.exe Win32/PrcView application (unable to clean) 00000000000000000000000000000000 I
Why is this showing that you have something in the F: drive. The DDS log does not show a F: drive

I prefer MicroSoft Security Essentials. It is not a resource hog, high efficiency. Just install it and forget about it.

Remember to only install one antivirus!

1) Avast! Home Edition
2) AVG Free Edition
3) Avira AntiVir Personal
4) Microsoft Security Essentials for Windows Vista\Windows 7 - 64 bit Download
4-a) Microsoft Security Essentials for Windows XP
5) Comodo Antivirus (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" if you choose this one)
6) PC Tools AntiVirus Free Edition

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time.
********************************************
You have Viewpoint installed.

Viewpoint Media Player/Manager/Toolbar is considered as Foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad".

More information:

* ViewMgr.exe - Useless
* Viewpoint to Plunge Into Adware

It is suggested to remove the program now. Go to Start > Control Panel > Add/Remove Programs - (Vista & Win7 is Programs and Features) and remove the following programs if present.

* Viewpoint
* Viewpoint Manager
* Viewpoint Media Player
* Viewpoint Toolbar
* Viewpoint Experience Technology
While you're there you could also uninstall the programs below.

Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
************************************
* Go to Start > Run and type mrt.exe then press Enter on the keyboard).
* (Vista and Windows 7 users go to Start and type mrt.exe in the search box then press Enter on the keyboard.
* Click Next.
* Choose Full Scan and click Next.
* Once the scan is finished click View detailed results of the scan.

Look through the list and let me know if anything was found infected.

shag · « **Reply #43 on:** March 04, 2011, 12:41:45 PM »

Uninstalled Viewpoint and Java updates 2, 3, 5 (7 wasn't showing in the list).

Ran mrt's full scan without any detections.

As to your SDfix concern, that is a program I was instructed (by a computerhope expert) to download back in 2008 when I was last having an infection problem. I guess I left the installer program on my external hard drive (F:). I think I ran DDS at work last night--in that case, I wouldn't have had the external with me, so it wouldn't have shown an F: drive.

At any rate, if you'd like me to delete SDfix, I could do that. I could run ESET's online scan after that, since I think that was the scan that didn't like SDfix. Just say the word.

SuperDave · « **Reply #44 on:** March 04, 2011, 01:04:17 PM »

Quote

At any rate, if you'd like me to delete SDfix, I could do that. I could run ESET's online scan after that, since I think that was the scan that didn't like SDfix. Just say the word.

Yes, please delete it and run another ESET scan and post the log.

shag · « **Reply #45 on:** March 06, 2011, 10:21:55 PM »

Deleted SDfix and ran ESET w/o any detections.

I forgot to save a log to the desktop, so I found the log file that gets saved in the ESET folder. It looks like each time ESET runs it puts more on the same text file, so I copy and pasted the stuff that came from this most recent ESET scan. I could paste in the whole log file if something's missing.

# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6425
# api_version=3.0.2
# EOSSerial=fcd9d6124cc58645a01fda453d900793
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-03-07 03:24:31
# local_time=2011-03-06 09:24:31 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=8199 22379861 100 100 0 6414700 0 0
# scanned=87073
# found=0
# cleaned=0
# scan_time=5328
# nod_component=V3 Build:0x30000000

SuperDave · « **Reply #46 on:** March 07, 2011, 11:39:52 AM »

The log looks good. Are you still having problems?

shag · « **Reply #47 on:** March 07, 2011, 11:59:38 AM »

Well, my computer's acting like it doesn't have a sound card...or a network adapter. A lot of the USB devices I use don't plug-and-play like they used to--they have to be plugged in before the computer is booted. I'm guessing the drivers for all that hardware must have been lost during this infection. Anyways, that's just a guess--shall I go to the "software" forum to get some help?

And finally, thanks for your help with the malware removal.

SuperDave · « **Reply #48 on:** March 07, 2011, 01:06:35 PM »

Quote

Well, my computer's acting like it doesn't have a sound card...or a network adapter. A lot of the USB devices I use don't plug-and-play like they used to--they have to be plugged in before the computer is booted. I'm guessing the drivers for all that hardware must have been lost during this infection. Anyways, that's just a guess--shall I go to the "software" forum to get some help?

Ok. We'll do some cleanup and you can start another thread in the software forum for the other stuff.

To uninstall ComboFix

Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
In the field, type in ComboFix /uninstall

(Note: Make sure there's a space between the word ComboFix and the forward-slash.)

Then, press Enter, or click OK.
This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.

****************************************************
Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
*****************************************************
Looking over your log it seems you don't have any evidence of a third party firewall.

Firewalls protect against hackers and malicious intruders. You need to download a free firewall from one of these reliable vendors.

Remember only install ONE firewall

1) Comodo Personal Firewall (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one)
2) Online Armor
3) Agnitum Outpost
4) PC Tools Firewall Plus

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.
**********************************************
Use the Secunia Software Inspector to check for out of date software.

•Click Start Now

•Check the box next to Enable thorough system inspection.

•Click Start

•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything listed.
.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!

shag · « **Reply #49 on:** March 08, 2011, 12:09:50 AM »

Alright Dave, I got combofix uninstalled, got Comodo as my firewall, did some updating.

You may recall that I'm having problems with my sound, networking, and usb that suggest missing drivers. That plot may have just thickened. I started a post in the "Drivers" forum and my expert suggested I look into Device Manager (via Control Panel-->System-->Hardware). The Device Manager window pulls up but displays no devices. Not a thing (even when I select "view hidden devices"). I also tried clicking on Add New Hardware. That window never opens.

This seemed a bit fishy to me, so I thought I'd report it to you. If you don't believe its malware-related, I'll continue to pursue a solution in the "Drivers" forum.

SuperDave · « **Reply #50 on:** March 08, 2011, 12:49:54 PM »

No, I don't believe it's malware related. If you still can't get it repaired in the other forum, we may have to re-visit it again. I will lock this thread. If you need it re-opened, please send me a pm.

Computer Hope Forum

News:

Author Topic: Kept getting blocked/redirected on internet explorer (Read 28952 times)

shag

shag

SuperDave

shag

SuperDave

shag

SuperDave

shag

SuperDave

shag

SuperDave

shag

SuperDave

shag

SuperDave

shag

SuperDave

shag

shag

shag

SuperDave

shag

SuperDave

shag

SuperDave

shag

SuperDave

shag

SuperDave

shag

SuperDave

shag

SuperDave

shag

SuperDave

shag

SuperDave

shag

SuperDave

shag

SuperDave

shag

SuperDave

shag

SuperDave

shag

SuperDave

shag

SuperDave

shag

SuperDave