Virus, Not Sure Where :-(

[paulwilko10]

Hiya

Thought I had the Conficker Virus, but not so sure now !

Symptoms are:

Multiple Firefox Sesssions
Excel and Word Files Trying to be opened
Can Not access microsoft or any Anti Virus Websites

Attached is my Malware Bytes and Hijack This Log and hope that you can help me get this sorted

Many Thanks

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6110

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

20/03/2011 21:50:23
mbam-log-2011-03-20 (21-50-23).txt

Scan type: Full scan (C:\|)
Objects scanned: 397099
Time elapsed: 3 hour(s), 8 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\paul and jane\Desktop\userinit.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.


Hijack this Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:55:53, on 20/03/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\SYSTEM32\astsrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\Program Files\NDAS\System\ndassvc.exe
E:\Nero 8\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
e:\ProShowProducer\ScsiAccess.exe
e:\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
E:\TVersity Media Server\Media Server\MediaServer.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\DynDNS Updater\DynUpSvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
E:\Active Sync\wcescomm.exe
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,C:\Program Files\wadwupun\fgujfsee.exe,
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [UnlockerAssistant] "E:\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [IObit Security 360] "C:\Program Files\IObit\IObit Security 360\IS360tray.exe" /autostart
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "E:\Active Sync\wcescomm.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-2052111302-1614895754-839522115-1005\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-21-2052111302-1614895754-839522115-1005\..\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe" (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - E:\ACTIVE~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\ACTIVE~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\ACTIVE~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Microgaming\Poker\ladbrokesMPP\MPPoker.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} (PhotoboxPhotowaysUploader5 Control) - http://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20100902142450
O16 - DPF: {195538FD-1C39-44B1-A7C3-5D7137A8A8F1} (OPSWAT AntiViruses Class) - https://access.easyjetairline.com/vdesk/terminal/f5opswati.cab#Version=7000,2010,517,1206
O16 - DPF: {2A0B9B82-D5C8-4D3D-8338-AD55B23662B1} (F5 Networks CacheCleaner) - https://access.easyjetairline.com/vdesk/cachecleaner.cab#version=6031,2010,0617,2001
O16 - DPF: {30CF9713-6614-4556-B5F5-66F8C7F9DEF1} (OPSWAT FireWalls Class) - https://access.easyjetairline.com/vdesk/terminal/f5opswati.cab#Version=7000,2010,517,1206
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} (F5 Networks Auto Update) - https://access.easyjetairline.com/vdesk/terminal/InstallerControl.cab#version=6031,2010,0617,2017
O16 - DPF: {49EC7987-E331-44E3-B170-748B58A268B9} (OPSWAT ProcessesScanner Class) - https://access.easyjetairline.com/vdesk/terminal/f5opswati.cab#Version=7000,2010,517,1206
O16 - DPF: {4A026B12-94F3-4D2F-A468-96AA55DE20A5} (NetCamPlayerWeb11g Control) - http://192.168.1.104/img/NetCamPlayerWeb11g.ocx
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} (F5 Networks Policy Agent Host Class) - https://access.easyjetairline.com/vdesk/terminal/f5InspectionHost.cab#version=6031,2009,1204,1603
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6886.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1292425996265
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1292425990234
O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} (MSN Games – Hearts) - http://zone.msn.com/bingame/zpagames/zpa_hrtz.cab67031.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {EBDC91CB-F23F-477D-B152-3F7243760D04} (F5 Networks OPSWAT Helper Control) - https://access.easyjetairline.com/vdesk/terminal/f5opswati.cab#Version=7000,2010,517,1206
O16 - DPF: {FD0EBBED-0C42-4D0F-82DA-44399B5C420A} (VM_1.VM_Control) - http://downloads.virginmedia.com/CST/ver1/xp_mail.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{31C9E71F-BD77-4217-A073-2B0D7E5EFF10}: NameServer = 208.67.222.222 208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\..\{C380CE11-9A83-4782-86FB-28CE0B0787E6}: NameServer = 194.168.4.100,194.168.8.100
O17 - HKLM\System\CS1\Services\Tcpip\..\{31C9E71F-BD77-4217-A073-2B0D7E5EFF10}: NameServer = 208.67.222.222 208.67.220.220
O20 - Winlogon Notify: !SASWinLogon - E:\Super AntiSpyware\SASWINLO.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\WINDOWS\SYSTEM32\astsrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: DynDNS Updater - Dynamic Network Services, Inc. - C:\Program Files\DynDNS Updater\DynUpSvc.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c9aded739d4b74) (gupdate1c9aded739d4b74) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IS360service - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: NDAS Service (ndassvc) - XIMETA, Inc. - C:\Program Files\NDAS\System\ndassvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - E:\Nero 8\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: ScsiAccess - Unknown owner - e:\ProShowProducer\ScsiAccess.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - e:\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: TVersityMediaServer - Unknown owner - E:\TVersity Media Server\Media Server\MediaServer.exe
O23 - Service: wampapache - Apache Software Foundation - e:\wampserver\bin\apache\apache2.2.8\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - e:\wampserver\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe

--
End of file - 16876 bytes

I have tried many different programs

SuperAntiSpyware, this has not got the latest definition as the pc wont allow it
Malwarebytes
Mcafee Virus Scan 8.5
IOBit Security

All of the above fnd things but never sort my issue out

Thanks for your help

Paul

[SuperDave]

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
**************************************************
Do you know what this is? C:\Program Files\wadwupun. If not, please uninstall it.

* Go to Start > Run and type mrt.exe then press Enter on the keyboard).
* (Vista and Windows 7 users go to Start and type mrt.exe in the search box then press Enter on the keyboard.
* Click Next.
* Choose Full Scan and click Next.
* Once the scan is finished click View detailed results of the scan.

Look through the list and let me know if anything was found infected.
********************************************************
Please download ComboFix from BleepingComputer.com

Alternate link: GeeksToGo.com

and save it to your Desktop.
If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
Double click ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you.  Please include the contents of C:\ComboFix.txt in your next reply.

If you have problems with ComboFix usage, see How to use ComboFix

[paulwilko10]

Hiya Dave, many thanks for taking the time to help me out.

A little more info for you.

Before I asked for your help, I tried a little self help.

I used the online tool on here and did the Hijack This and it asked me to delete the wadwupun folder but when I try, it won't let me saying the folder is not empty. However, when I open the folder there is nothing there. i have tried the different viewing options i.e Hidden files etc etc but no luck.
I do suspect this folder / file is at the bottom of my issues. It will let me move and rename, but on reboot it reappears

Ok, onto what you have asked me to do.

MRT returned no issues
Combofix solves my immediate issues but on reboot they start again.

This is the log

ComboFix 11-03-21.02 - Paul and Jane 22/03/2011   8:01.5.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2045.1460 [GMT 0:00]
Running from: c:\documents and settings\Paul and Jane\Desktop\ComboFix.exe
AV: McAfee VirusScan Enterprise *Disabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
.
.
(((((((((((((((((((((((((   Files Created from 2011-02-22 to 2011-03-22  )))))))))))))))))))))))))))))))
.
.
2011-03-21 17:22 . 2011-03-21 21:42   --------   d-----w-   C:\QUARANTINE
2011-03-21 17:12 . 2011-03-21 17:12   --------   d-----w-   c:\program files\ophcrack
2011-03-21 17:02 . 2011-03-21 22:56   --------   d-----w-   c:\program files\wadwupun
2011-03-20 12:16 . 2011-03-20 12:16   --------   d-----w-   c:\documents and settings\Paul and Jane\Application Data\IObit
2011-03-20 12:16 . 2011-03-20 12:16   --------   d-----w-   c:\documents and settings\All Users\Application Data\IObit
2011-03-20 12:16 . 2011-03-20 12:16   --------   d-----w-   c:\program files\IObit
2011-03-20 11:32 . 2011-03-20 11:32   --------   d-----w-   c:\program files\Bing Bar Installer
2011-03-20 11:32 . 2011-03-20 11:39   --------   d-----w-   c:\program files\Unlocker
2011-03-20 09:29 . 2011-03-20 09:29   --------   d-----w-   c:\program files\Trend Micro
2011-03-19 10:49 . 2011-03-19 10:49   --------   d-----w-   c:\documents and settings\Paul and Jane\Application Data\SUPERAntiSpyware.com
2011-03-19 10:49 . 2011-03-19 10:49   --------   d-----w-   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-03-18 14:18 . 2011-03-18 15:49   53248   ----a-w-   c:\windows\system32\drivers\rk_remover.sys
2011-03-18 10:06 . 2011-03-18 10:08   --------   d-----w-   c:\program files\Windows Live Safety Center
2011-03-17 21:54 . 2011-03-21 21:42   233977   ----a-r-   c:\documents and settings\Paul and Jane\Application Data\Microsoft\Installer\{2c557f98-ef74-4a1e-a856-9df2f633b41f}\gui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2011-03-17 21:54 . 2011-03-21 21:42   233894   ----a-r-   c:\documents and settings\Paul and Jane\Application Data\Microsoft\Installer\{2c557f98-ef74-4a1e-a856-9df2f633b41f}\ARPPRODUCTICON.exe
2011-03-17 21:54 . 2011-03-21 21:42   233854   ----a-r-   c:\documents and settings\Paul and Jane\Application Data\Microsoft\Installer\{2c557f98-ef74-4a1e-a856-9df2f633b41f}\gui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2011-03-17 21:54 . 2011-03-17 21:54   --------   d-----w-   c:\program files\Sophos
2011-03-17 19:54 . 2011-03-17 19:54   --------   d-----w-   c:\documents and settings\Pauls Iphone\Application Data\Malwarebytes
2011-03-17 19:50 . 2011-03-17 19:50   --------   d-----w-   c:\documents and settings\Pauls Iphone\Local Settings\Application Data\Adobe
2011-03-17 19:02 . 2011-03-17 19:02   --------   d-----w-   c:\documents and settings\Pauls Iphone\Local Settings\Application Data\TomTom
2011-03-17 19:02 . 2011-03-17 19:02   --------   d-----w-   c:\documents and settings\Pauls Iphone\Application Data\TomTom
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-21 21:42 . 2007-12-13 18:48   209384   ----a-r-   c:\documents and settings\Paul and Jane\Application Data\Microsoft\Installer\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}\WinDlg.exe_0AB76F69E7614CFAB9B0A1906B4E9E4B_3.exe
.
.
(((((((((((((((((((((((((((((   SnapShot@2011-03-21_18.08.52   )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-03-22 07:52 . 2011-03-22 07:52   16384              c:\windows\Temp\Perflib_Perfdata_c00.dat
+ 2011-03-22 07:52 . 2011-03-22 07:52   16384              c:\windows\Temp\Perflib_Perfdata_9a4.dat
- 2004-08-04 10:00 . 2011-03-21 17:57   80884              c:\windows\system32\perfc009.dat
+ 2004-08-04 10:00 . 2011-03-22 07:56   80884              c:\windows\system32\perfc009.dat
- 2010-12-15 15:40 . 2010-12-15 15:40   49152              c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2010-12-15 15:40 . 2011-03-21 18:36   49152              c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2005-03-21 11:00 . 2005-03-21 11:00   4096              c:\windows\system32\sabprocenum.sys
- 2004-08-04 10:00 . 2011-03-21 17:57   467240              c:\windows\system32\perfh009.dat
+ 2004-08-04 10:00 . 2011-03-22 07:56   467240              c:\windows\system32\perfh009.dat
+ 2009-05-14 15:41 . 2009-05-14 15:41   380144              c:\windows\Downloaded Program Files\sabspx.dll
+ 2007-08-12 13:22 . 2011-03-02 19:56   37943240              c:\windows\system32\MRT.exe
+ 2011-03-21 18:36 . 2011-03-21 18:36   20304384              c:\windows\Installer\13319e.msp
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="e:\super anti spyware\SUPERAntiSpyware.exe" [2011-03-16 2423752]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-15 13680640]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "e:\super anti spyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21   548352   ----a-w-   e:\super anti spyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2010-09-29 18:09   87424   ----a-w-   c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk]
backup=c:\windows\pss\Adobe Acrobat Synchronizer.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DynDNS Updater Tray Icon.lnk]
backup=c:\windows\pss\DynDNS Updater Tray Icon.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Giganews Accelerator.lnk]
backup=c:\windows\pss\Giganews Accelerator.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NDAS Device Management.lnk]
backup=c:\windows\pss\NDAS Device Management.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TabUserW.lnk]
backup=c:\windows\pss\TabUserW.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk]
backup=c:\windows\pss\Windows Desktop Search.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Paul and Jane^Start Menu^Programs^Startup^fgujfsee.exe]
path=c:\documents and settings\Paul and Jane\Start Menu\Programs\Startup\fgujfsee.exe
backup=c:\windows\pss\fgujfsee.exeStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Paul and Jane^Start Menu^Programs^Startup^VQ4.0.lnk]
backup=c:\windows\pss\VQ4.0.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2009-09-12 15:31   357384   ----a-w-   c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2007-05-11 02:06   40048   ----a-w-   c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 06:58   611712   ----a-w-   c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-10-23 14:18   202024   ----a-w-   c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJCFD]
2003-01-27 16:16   376912   ----a-w-   c:\program files\BroadJump\Client Foundation\CFD.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12   15360   ----a-w-   c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
2006-08-17 10:32   17920   ----a-w-   c:\windows\CTHELPER.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
2006-03-02 11:00   18944   ----a-w-   c:\windows\system32\CTXFIHLP.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16   357696   ----a-w-   c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX6000 Series]
2006-02-13 04:00   131072   ----a-w-   c:\windows\system32\spool\drivers\w32x86\3\E_FATIBIE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2011-03-20 14:25   3739648   ----a-w-   c:\program files\Google\Google Talk\googletalk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 11:44   31072   ------w-   c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2006-11-13 12:39   1289000   ------w-   e:\active sync\wcescomm.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2011-03-20 14:25   241664   ----a-w-   c:\program files\HP\hpcoretech\hpcmpmgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2005-07-08 04:55   176128   ----a-w-   c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon05]
2005-07-08 04:55   491520   ----a-w-   c:\windows\system32\hphmon05.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IObit Security 360]
2010-06-11 18:14   1280344   ----a-w-   c:\program files\IObit\IObit Security 360\is360tray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-07-21 14:53   141608   ----a-w-   e:\i tunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2008-12-20 07:50   2656528   ----a-w-   c:\program files\Logitech\QuickCam\Quickcam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
2008-07-24 17:46   63048   ----a-w-   c:\program files\LogMeIn\x86\LogMeInSystray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfeeUpdaterUI]
2006-12-19 10:27   136768   ----a-w-   c:\program files\McAfee\Common Framework\UdaterUI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12   1695232   ------w-   c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-16 22:12   3872080   ----a-w-   c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2007-09-20 08:51   1836328   ----a-w-   e:\nero 8\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 14:57   153136   ----a-w-   c:\program files\Common Files\Nero\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2009-01-15 08:19   13680640   ----a-w-   c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2009-01-15 08:19   86016   ----a-w-   c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2009-01-15 08:19   1657376   ----a-w-   c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-03-20 18:06   421888   ----a-w-   e:\quicktime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]
2009-10-14 14:43   3217368   ----a-w-   e:\registry mechanic\RegMech.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShStatEXE]
2007-02-22 19:50   112216   ----a-w-   c:\program files\McAfee\VirusScan Enterprise\shstat.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 13:11   25623336   ----a-r-   c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-04-19 20:18   1217872   ----a-w-   e:\steam\steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 11:44   248552   ----a-w-   c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-03-26 08:32   39408   ----a-w-   c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2007-08-17 20:14   185632   ----a-w-   c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2011-03-09 12:30   247728   ----a-w-   e:\tomtom home 2\TomTomHOMERunner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
2009-09-12 15:30   5048488   ----a-w-   e:\acronis\TrueImageMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2011-03-20 18:34   17408   ----a-w-   e:\unlocker\UnlockerAssistant.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\wizdxp\\wizd.exe"=
"e:\active sync\rapimgr.exe"= e:\active sync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"e:\active sync\wcescomm.exe"= e:\active sync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"e:\active sync\WCESMgr.exe"= e:\active sync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"e:\\Studio 11\\programs\\RM.exe"=
"e:\\Studio 11\\programs\\Studio.exe"=
"e:\\Studio 11\\programs\\PMSRegisterFile.exe"=
"e:\\Studio 11\\programs\\umi.exe"=
"e:\\Steam\\steam.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"e:\\Flight Simulator X\\fsx.exe"=
"e:\\Dreamweaver\\Adobe Dreamweaver CS3\\Dreamweaver.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"e:\\I Tunes\\iTunes.exe"=
"e:\\Sam Broadcaster\\SAMBC.exe"=
"c:\\Program Files\\NSVtools\\nsvscsrc.exe"=
"e:\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\TVersity\\Media Server\\MediaServer.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"8010:TCP"= 8010:TCP:shoutcast
"1172:TCP"= 1172:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R0 tdrpman251;Acronis Try&Decide and Restore Points filter (build 251);c:\windows\system32\drivers\tdrpm251.sys [23/04/2010 12:34 902432]
R1 SASDIFSV;SASDIFSV;e:\super anti spyware\sasdifsv.sys [17/02/2010 18:25 12872]
R1 SASKUTIL;SASKUTIL;e:\super anti spyware\SASKUTIL.SYS [10/05/2010 18:41 67656]
R2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [23/04/2010 12:34 2326920]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [04/08/2004 10:00 14336]
R2 DynDNS Updater;DynDNS Updater;c:\program files\DynDNS Updater\DynUpSvc.exe [16/04/2010 16:19 103800]
R2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\is360srv.exe [20/03/2011 12:16 312152]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [05/10/2010 17:38 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [24/07/2008 17:46 12856]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [23/04/2010 12:34 159168]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [01/12/2009 18:11 25704]
R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [01/12/2009 18:11 25704]
R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [01/12/2009 18:12 25704]
R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [01/12/2009 18:12 25704]
R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [01/12/2009 18:12 25704]
S0 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
S2 gupdate1c9aded739d4b74;Google Update Service (gupdate1c9aded739d4b74);c:\program files\Google\Update\GoogleUpdate.exe [26/03/2009 08:32 133104]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe --> c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [?]
S3 imhidusb;Immersion's HID USB Driver;c:\windows\system32\drivers\imhidusb.sys [14/10/2007 12:02 30984]
S3 PLCNDIS5;PLCNDIS5 NDIS Protocol Driver;c:\windows\system32\PLCNDIS5.SYS [26/04/2004 17:11 17280]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [14/12/2010 21:55 27064]
S3 rk_remover-boot;rk_remover-boot;c:\windows\system32\drivers\rk_remover.sys [18/03/2011 14:18 53248]
S3 XE104Sp50;XE104Sp50 NDIS Protocol Driver;c:\windows\system32\drivers\XE104Sp50.sys [28/11/2006 20:46 27072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai   REG_MULTI_SZ      Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-07-25 12:34]
.
2011-03-22 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-04-07 08:32]
.
2011-03-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-26 08:32]
.
2011-03-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-26 08:32]
.
2011-03-20 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2010-05-19 23:20]
.
2011-01-02 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2010-05-19 23:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyServer = http=asfd-cache-1.server.ntli.net
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: easyjetairline.com\access
TCP: {C380CE11-9A83-4782-86FB-28CE0B0787E6} = 194.168.4.100,194.168.8.100
DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} - hxxp://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20100902142450
DPF: {195538FD-1C39-44B1-A7C3-5D7137A8A8F1} - hxxps://access.easyjetairline.com/vdesk/terminal/f5opswati.cab#Version=7000,2010,517,1206
DPF: {30CF9713-6614-4556-B5F5-66F8C7F9DEF1} - hxxps://access.easyjetairline.com/vdesk/terminal/f5opswati.cab#Version=7000,2010,517,1206
DPF: {49EC7987-E331-44E3-B170-748B58A268B9} - hxxps://access.easyjetairline.com/vdesk/terminal/f5opswati.cab#Version=7000,2010,517,1206
DPF: {4A026B12-94F3-4D2F-A468-96AA55DE20A5} - hxxp://192.168.1.104/img/NetCamPlayerWeb11g.ocx
DPF: {EBDC91CB-F23F-477D-B152-3F7243760D04} - hxxps://access.easyjetairline.com/vdesk/terminal/f5opswati.cab#Version=7000,2010,517,1206
DPF: {FD0EBBED-0C42-4D0F-82DA-44399B5C420A} - hxxp://downloads.virginmedia.com/CST/ver1/xp_mail.cab
FF - ProfilePath - c:\documents and settings\Paul and Jane\Application Data\Mozilla\Firefox\Profiles\qddxd76b.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=&query=
FF - prefs.js: browser.search.selectedEngine - Winamp Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=&query=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension for Firefox: {B13721C7-F507-4982-B2E5-502A71474FED} - c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: LocalLink: {15756614-ffb8-498b-b961-bce537ea94fe} - %profile%\extensions\{15756614-ffb8-498b-b961-bce537ea94fe}
FF - Ext: LogMeIn, Inc. Remote Access Plugin: [email protected] - %profile%\extensions\[email protected]
FF - Ext: SHOUTcast Radio Toolbar: {12e4c684-c03e-4e4d-85bc-0c065e7a9489} - %profile%\extensions\{12e4c684-c03e-4e4d-85bc-0c065e7a9489}
FF - Ext: CyberShadow's Bejeweled Blitz 3 Cheat: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: XULRunner: {0F32F055-1A7C-493F-871C-B31C822A43A8} - c:\documents and settings\Paul and Jane\Local Settings\Application Data\{0F32F055-1A7C-493F-871C-B31C822A43A8}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: capability.policy.policynames - localfilelinks
FF - user.js: capability.policy.localfilelinks.sites - hxxp://s1.travian.com http://s2.travian.com http://s3.travian.com http://s4.travian.com http://s5.travian.com http://s6.travian.com http://s7.travian.com http://s8.travian.com http://s9.travian.com http://s10.travian.com http://speed.travian.com http://s1.travian.us http://s2.travian.us http://s3.travian.us http://s4.travian.us http://s5.travian.us http://s6.travian.us http://s7.travian.us http://s8.travian.us http://s9.travian.us http://s10.travian.us http://speed.travian.us http://s1.travian.co.uk http://s2.travian.co.uk http://s3.travian.co.uk http://s4.travian.co.uk http://s5.travian.co.uk http://s6.travian.co.uk http://s7.travian.co.uk http://s8.travian.co.uk http://s9.travian.co.uk http://s10.travian.co.uk http://speed.travian.co.uk
FF - user.js: capability.policy.localfilelinks.checkl oaduri.enabled - allAccess
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-22 08:06
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwQueryDirectoryFile
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
.
c:\documents and settings\Paul and Jane\Start Menu\Programs\Startup\fgujfsee.exe 164199 bytes executable
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2052111302-1614895754-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{142CD2CF-756C-381E-759D-20FC7E2F111E}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"abehjcdkbnfajfgdfiiomepmfiljnhooln"=hex:65,62,65,68,63,65,64,6d,64,65,62,62,
   63,68,6a,62,6c,63,6e,62,69,65,61,6a,67,66,6c,61,6c,63,68,62,68,65,6a,6a,66,\
"bbehjcdkbnfajfgdfihohincaleghhekpfol"=hex:61,62,64,62,64,6c,69,70,6b,6c,6e,6d,
   64,66,6e,6c,6a,6c,70,6d,6f,6a,68,6b,6b,6e,6f,65,66,61,70,69,66,65,00,6a
.
[HKEY_USERS\S-1-5-21-2052111302-1614895754-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8F011243-2BF9-227A-A86C-B3C19DB5E2C4}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iabdoenbheaognkbme"=hex:6a,61,66,6d,68,6f,63,70,6e,62,6b,61,6a,66,6b,65,6a,66,
   69,6a,00,00
"halndhddfkcbdame"=hex:6b,61,66,6d,63,6f,6a,6f,67,65,6a,6e,68,66,6d,61,6f,65,
   61,69,63,6e,00,00
"iafcfikbniidmfemlf"=hex:63,61,64,6d,6f,6f,00,7c
.
[HKEY_USERS\S-1-5-21-2052111302-1614895754-839522115-1003\Software\Sony Creative Software\M*e*d*i*a* *M*a*n*a*g*e*r* *f*o*r* *P*S*P*"!\3.0]
"Percents"=""
"Increment"=".000213"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:e3,ff,fb,3e,89,b9,34,c0,0e,9e,24,b4,a2,21,68,88,0a,3c,f1,03,f1,
   04,45,20,0a,31,25,a5,ed,70,67,aa,ea,c0,1f,fb,fb,5e,f8,db,5e,ba,51,a4,9e,1c,\
.
[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:e3,ff,fb,3e,89,b9,34,c0,0e,9e,24,b4,a2,21,68,88,0a,3c,f1,03,f1,
   04,45,20,0a,31,25,a5,ed,70,67,aa,ea,c0,1f,fb,fb,5e,f8,db,5e,ba,51,a4,9e,1c,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(944)
e:\super anti spyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\LMIinit.dll
.
- - - - - - - > 'explorer.exe'(4080)
c:\windows\system32\WININET.dll
c:\windows\system32\tabhook.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\program files\Common Files\Nero\Lib\NeroDigitalExt.dll
c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80.DLL
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\windows\system32\LMIRfsClientNP.dll
.
Completion time: 2011-03-22  08:09:23
ComboFix-quarantined-files.txt  2011-03-22 08:09
ComboFix2.txt  2011-03-21 19:01
ComboFix3.txt  2011-03-21 18:33
ComboFix4.txt  2011-03-21 18:11
.
Pre-Run: 21,401,432,064 bytes free
Post-Run: 21,487,849,472 bytes free
.
Current=1 Default=1 Failed=0 LastKnownGood=6 Sets=1,2,3,4,5,6
- - End Of File - - 39323A2ACA7B5DBD4BBF340FF5C78B74


Thanks

Paul

[SuperDave]

Re-running ComboFix to remove infections:

• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Open notepad and copy/paste the text in the quotebox below into it:
  

  KillAll::
  DDS::
  Trusted Zone: easyjetairline.com\access
  
  Folder::
  c:\program files\wadwupun
  
  MBR::
  
  
• Save this as CFScript.txt, in the same location as ComboFix.exe
  
  
  
  
• Referring to the picture above, drag CFScript into ComboFix.exe
• When finished, it shall produce a log for you at C:\ComboFix.txt
  
• Please post the contents of the log in your next reply.

****************************************************
Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Unzip SecurityCheck.zip and a folder named Security Check should appear.
* Open the Security Check folder and double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
*******************************************************
P2P - I see you have P2P software installed on your machine (uTorrent). We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It is certainly contributing to your current situation.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.
******************************************************
Registry cleaners are extremely powerful applications and their potential for harming your OS far outweighs any small potential for improving your computer's performance.
RegCure
There are a number of them available and some are more safe than others. Keep in mind that no two registry cleaners work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad" entry. One cleaner may find entries on your system that will not cause a problem when removed, another may not find the same entries, and still another may want to remove entries required for a program to work. Without research into what the registry entry selected for deletion is, a registry cleaner can end up being an automated method to cause problems with the registry.

For routine use by those not familiar with the registry, the benefits to your computer are negligible while the potential risks are great.

Further reading: XP Fixes Myth #1: Registry Cleaners
******************************************************
Please go to Jotti's malware scan
(If more than one file needs scanned they must be done separately and links posted for each one)

* Copy the file path in the below Code box:

Code: [Select]

c:\documents and settings\Paul and Jane\Start Menu\Programs\Startup\fgujfsee.exe 
* At the upload site, click once inside the window next to Browse.
* Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.
* Next click Submit file
* Your file will possibly be entered into a queue which normally takes less than a minute to clear.
* This will perform a scan across multiple different virus scanning engines.
* Important: Wait for all of the scanning engines to complete.
* Once the scan is finished, Copy and then Paste the link in the address bar into your next reply.

[paulwilko10]

Thanks Dave

A slight issue with what you asked me to do
Starting Combofix with the txt file makes combofix restart the pc after trying to delete wadwupun but unfortunately it reapears and the virus is still there on reboot which stops me downloading the other file you asked me to do.

Anyway, I have done another Combofix without the text file and this is the log

ComboFix 11-03-22.08 - Paul and Jane 23/03/2011   8:50.9.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2045.1504 [GMT 0:00]
Running from: c:\documents and settings\Paul and Jane\Desktop\ComboFix.exe
AV: McAfee VirusScan Enterprise *Disabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
.
.
(((((((((((((((((((((((((   Files Created from 2011-02-23 to 2011-03-23  )))))))))))))))))))))))))))))))
.
.
2011-03-22 23:59 . 2011-03-22 23:59   --------   d-----w-   c:\program files\wadwupun
2011-03-22 22:04 . 2011-03-22 22:04   164199   ----a-w-   c:\program files\Mozilla Firefox\firefoxmgr.exe
2011-03-21 17:22 . 2011-03-22 16:43   --------   d-----w-   C:\QUARANTINE
2011-03-21 17:12 . 2011-03-21 17:12   --------   d-----w-   c:\program files\ophcrack
2011-03-20 12:16 . 2011-03-20 12:16   --------   d-----w-   c:\documents and settings\Paul and Jane\Application Data\IObit
2011-03-20 12:16 . 2011-03-20 12:16   --------   d-----w-   c:\documents and settings\All Users\Application Data\IObit
2011-03-20 12:16 . 2011-03-20 12:16   --------   d-----w-   c:\program files\IObit
2011-03-20 11:32 . 2011-03-20 11:39   --------   d-----w-   c:\program files\Unlocker
2011-03-20 09:29 . 2011-03-20 09:29   --------   d-----w-   c:\program files\Trend Micro
2011-03-19 10:49 . 2011-03-19 10:49   --------   d-----w-   c:\documents and settings\Paul and Jane\Application Data\SUPERAntiSpyware.com
2011-03-19 10:49 . 2011-03-19 10:49   --------   d-----w-   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-03-18 14:18 . 2011-03-18 15:49   53248   ----a-w-   c:\windows\system32\drivers\rk_remover.sys
2011-03-18 10:06 . 2011-03-18 10:08   --------   d-----w-   c:\program files\Windows Live Safety Center
2011-03-17 21:54 . 2011-03-21 21:42   233977   ----a-r-   c:\documents and settings\Paul and Jane\Application Data\Microsoft\Installer\{2c557f98-ef74-4a1e-a856-9df2f633b41f}\gui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2011-03-17 21:54 . 2011-03-21 21:42   233894   ----a-r-   c:\documents and settings\Paul and Jane\Application Data\Microsoft\Installer\{2c557f98-ef74-4a1e-a856-9df2f633b41f}\ARPPRODUCTICON.exe
2011-03-17 21:54 . 2011-03-21 21:42   233854   ----a-r-   c:\documents and settings\Paul and Jane\Application Data\Microsoft\Installer\{2c557f98-ef74-4a1e-a856-9df2f633b41f}\gui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2011-03-17 21:54 . 2011-03-17 21:54   --------   d-----w-   c:\program files\Sophos
2011-03-17 19:54 . 2011-03-17 19:54   --------   d-----w-   c:\documents and settings\Pauls Iphone\Application Data\Malwarebytes
2011-03-17 19:50 . 2011-03-17 19:50   --------   d-----w-   c:\documents and settings\Pauls Iphone\Local Settings\Application Data\Adobe
2011-03-17 19:02 . 2011-03-17 19:02   --------   d-----w-   c:\documents and settings\Pauls Iphone\Local Settings\Application Data\TomTom
2011-03-17 19:02 . 2011-03-17 19:02   --------   d-----w-   c:\documents and settings\Pauls Iphone\Application Data\TomTom
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-21 21:42 . 2007-12-13 18:48   209384   ----a-r-   c:\documents and settings\Paul and Jane\Application Data\Microsoft\Installer\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}\WinDlg.exe_0AB76F69E7614CFAB9B0A1906B4E9E4B_3.exe
.
.
(((((((((((((((((((((((((((((   SnapShot@2011-03-21_18.08.52   )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-03-23 08:39 . 2011-03-23 08:39   16384              c:\windows\Temp\Perflib_Perfdata_aec.dat
+ 2011-03-23 08:39 . 2011-03-23 08:39   16384              c:\windows\Temp\Perflib_Perfdata_234.dat
- 2004-08-04 10:00 . 2011-03-21 17:57   80884              c:\windows\system32\perfc009.dat
+ 2004-08-04 10:00 . 2011-03-23 08:44   80884              c:\windows\system32\perfc009.dat
- 2010-12-15 15:40 . 2010-12-15 15:40   49152              c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2010-12-15 15:40 . 2011-03-21 18:36   49152              c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2005-03-21 11:00 . 2005-03-21 11:00   4096              c:\windows\system32\sabprocenum.sys
- 2004-08-04 10:00 . 2011-03-21 17:57   467240              c:\windows\system32\perfh009.dat
+ 2004-08-04 10:00 . 2011-03-23 08:44   467240              c:\windows\system32\perfh009.dat
+ 2009-05-14 15:41 . 2009-05-14 15:41   380144              c:\windows\Downloaded Program Files\sabspx.dll
+ 2007-08-12 13:22 . 2011-03-02 19:56   37943240              c:\windows\system32\MRT.exe
+ 2011-03-21 18:36 . 2011-03-21 18:36   20304384              c:\windows\Installer\13319e.msp
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="e:\super anti spyware\SUPERAntiSpyware.exe" [2011-03-16 2423752]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-15 13680640]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "e:\super anti spyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21   548352   ----a-w-   e:\super anti spyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2010-09-29 18:09   87424   ----a-w-   c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk]
backup=c:\windows\pss\Adobe Acrobat Synchronizer.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DynDNS Updater Tray Icon.lnk]
backup=c:\windows\pss\DynDNS Updater Tray Icon.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Giganews Accelerator.lnk]
backup=c:\windows\pss\Giganews Accelerator.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NDAS Device Management.lnk]
backup=c:\windows\pss\NDAS Device Management.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TabUserW.lnk]
backup=c:\windows\pss\TabUserW.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk]
backup=c:\windows\pss\Windows Desktop Search.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Paul and Jane^Start Menu^Programs^Startup^VQ4.0.lnk]
backup=c:\windows\pss\VQ4.0.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2009-09-12 15:31   357384   ----a-w-   c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2007-05-11 02:06   40048   ----a-w-   c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 06:58   611712   ----a-w-   c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-10-23 14:18   202024   ----a-w-   c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJCFD]
2003-01-27 16:16   376912   ----a-w-   c:\program files\BroadJump\Client Foundation\CFD.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12   15360   ----a-w-   c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
2006-08-17 10:32   17920   ----a-w-   c:\windows\CTHELPER.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
2006-03-02 11:00   18944   ----a-w-   c:\windows\system32\CTXFIHLP.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16   357696   ----a-w-   c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX6000 Series]
2006-02-13 04:00   131072   ----a-w-   c:\windows\system32\spool\drivers\w32x86\3\E_FATIBIE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2011-03-20 14:25   3739648   ----a-w-   c:\program files\Google\Google Talk\googletalk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 11:44   31072   ------w-   c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2006-11-13 12:39   1289000   ------w-   e:\active sync\wcescomm.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2011-03-20 14:25   241664   ----a-w-   c:\program files\HP\hpcoretech\hpcmpmgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2005-07-08 04:55   176128   ----a-w-   c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon05]
2005-07-08 04:55   491520   ----a-w-   c:\windows\system32\hphmon05.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IObit Security 360]
2010-06-11 18:14   1280344   ----a-w-   c:\program files\IObit\IObit Security 360\is360tray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-07-21 14:53   141608   ----a-w-   e:\i tunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2008-12-20 07:50   2656528   ----a-w-   c:\program files\Logitech\QuickCam\Quickcam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
2008-07-24 17:46   63048   ----a-w-   c:\program files\LogMeIn\x86\LogMeInSystray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfeeUpdaterUI]
2006-12-19 10:27   136768   ----a-w-   c:\program files\McAfee\Common Framework\UdaterUI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12   1695232   ------w-   c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2007-09-20 08:51   1836328   ----a-w-   e:\nero 8\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 14:57   153136   ----a-w-   c:\program files\Common Files\Nero\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2009-01-15 08:19   13680640   ----a-w-   c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2009-01-15 08:19   86016   ----a-w-   c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2009-01-15 08:19   1657376   ----a-w-   c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-03-20 18:06   421888   ----a-w-   e:\quicktime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]
2009-10-14 14:43   3217368   ----a-w-   e:\registry mechanic\RegMech.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShStatEXE]
2007-02-22 19:50   112216   ----a-w-   c:\program files\McAfee\VirusScan Enterprise\shstat.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 13:11   25623336   ----a-r-   c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-04-19 20:18   1217872   ----a-w-   e:\steam\steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 11:44   248552   ----a-w-   c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-03-26 08:32   39408   ----a-w-   c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2007-08-17 20:14   185632   ----a-w-   c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2011-03-09 12:30   247728   ----a-w-   e:\tomtom home 2\TomTomHOMERunner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
2009-09-12 15:30   5048488   ----a-w-   e:\acronis\TrueImageMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2011-03-20 18:34   17408   ----a-w-   e:\unlocker\UnlockerAssistant.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\wizdxp\\wizd.exe"=
"e:\active sync\rapimgr.exe"= e:\active sync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"e:\active sync\wcescomm.exe"= e:\active sync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"e:\active sync\WCESMgr.exe"= e:\active sync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"e:\\Studio 11\\programs\\RM.exe"=
"e:\\Studio 11\\programs\\Studio.exe"=
"e:\\Studio 11\\programs\\PMSRegisterFile.exe"=
"e:\\Studio 11\\programs\\umi.exe"=
"e:\\Steam\\steam.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"e:\\Flight Simulator X\\fsx.exe"=
"e:\\Dreamweaver\\Adobe Dreamweaver CS3\\Dreamweaver.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"e:\\I Tunes\\iTunes.exe"=
"e:\\Sam Broadcaster\\SAMBC.exe"=
"c:\\Program Files\\NSVtools\\nsvscsrc.exe"=
"e:\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\TVersity\\Media Server\\MediaServer.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"8010:TCP"= 8010:TCP:shoutcast
"1132:TCP"= 1132:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R0 tdrpman251;Acronis Try&Decide and Restore Points filter (build 251);c:\windows\system32\drivers\tdrpm251.sys [23/04/2010 12:34 902432]
R1 SASDIFSV;SASDIFSV;e:\super anti spyware\sasdifsv.sys [17/02/2010 18:25 12872]
R1 SASKUTIL;SASKUTIL;e:\super anti spyware\SASKUTIL.SYS [10/05/2010 18:41 67656]
R2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [23/04/2010 12:34 2326920]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [04/08/2004 10:00 14336]
R2 DynDNS Updater;DynDNS Updater;c:\program files\DynDNS Updater\DynUpSvc.exe [16/04/2010 16:19 103800]
R2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\is360srv.exe [20/03/2011 12:16 312152]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [05/10/2010 17:38 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [24/07/2008 17:46 12856]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [23/04/2010 12:34 159168]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [01/12/2009 18:11 25704]
R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [01/12/2009 18:11 25704]
R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [01/12/2009 18:12 25704]
R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [01/12/2009 18:12 25704]
R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [01/12/2009 18:12 25704]
S0 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
S2 gupdate1c9aded739d4b74;Google Update Service (gupdate1c9aded739d4b74);c:\program files\Google\Update\GoogleUpdate.exe [26/03/2009 08:32 133104]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe --> c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [?]
S3 imhidusb;Immersion's HID USB Driver;c:\windows\system32\drivers\imhidusb.sys [14/10/2007 12:02 30984]
S3 PLCNDIS5;PLCNDIS5 NDIS Protocol Driver;c:\windows\system32\PLCNDIS5.SYS [26/04/2004 17:11 17280]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [14/12/2010 21:55 27064]
S3 rk_remover-boot;rk_remover-boot;c:\windows\system32\drivers\rk_remover.sys [18/03/2011 14:18 53248]
S3 XE104Sp50;XE104Sp50 NDIS Protocol Driver;c:\windows\system32\drivers\XE104Sp50.sys [28/11/2006 20:46 27072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai   REG_MULTI_SZ      Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-07-25 12:34]
.
2011-03-23 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-04-07 08:32]
.
2011-03-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-26 08:32]
.
2011-03-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-26 08:32]
.
2011-03-22 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2010-05-19 23:20]
.
2011-01-02 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2010-05-19 23:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyServer = http=asfd-cache-1.server.ntli.net
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {C380CE11-9A83-4782-86FB-28CE0B0787E6} = 194.168.4.100,194.168.8.100
DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} - hxxp://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20100902142450
DPF: {195538FD-1C39-44B1-A7C3-5D7137A8A8F1} - hxxps://access.easyjetairline.com/vdesk/terminal/f5opswati.cab#Version=7000,2010,517,1206
DPF: {30CF9713-6614-4556-B5F5-66F8C7F9DEF1} - hxxps://access.easyjetairline.com/vdesk/terminal/f5opswati.cab#Version=7000,2010,517,1206
DPF: {49EC7987-E331-44E3-B170-748B58A268B9} - hxxps://access.easyjetairline.com/vdesk/terminal/f5opswati.cab#Version=7000,2010,517,1206
DPF: {4A026B12-94F3-4D2F-A468-96AA55DE20A5} - hxxp://192.168.1.104/img/NetCamPlayerWeb11g.ocx
DPF: {EBDC91CB-F23F-477D-B152-3F7243760D04} - hxxps://access.easyjetairline.com/vdesk/terminal/f5opswati.cab#Version=7000,2010,517,1206
DPF: {FD0EBBED-0C42-4D0F-82DA-44399B5C420A} - hxxp://downloads.virginmedia.com/CST/ver1/xp_mail.cab
FF - ProfilePath - c:\documents and settings\Paul and Jane\Application Data\Mozilla\Firefox\Profiles\qddxd76b.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=&query=
FF - prefs.js: browser.search.selectedEngine - Winamp Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=&query=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: LocalLink: {15756614-ffb8-498b-b961-bce537ea94fe} - %profile%\extensions\{15756614-ffb8-498b-b961-bce537ea94fe}
FF - Ext: LogMeIn, Inc. Remote Access Plugin: [email protected] - %profile%\extensions\[email protected]
FF - Ext: SHOUTcast Radio Toolbar: {12e4c684-c03e-4e4d-85bc-0c065e7a9489} - %profile%\extensions\{12e4c684-c03e-4e4d-85bc-0c065e7a9489}
FF - Ext: CyberShadow's Bejeweled Blitz 3 Cheat: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: XULRunner: {0F32F055-1A7C-493F-871C-B31C822A43A8} - c:\documents and settings\Paul and Jane\Local Settings\Application Data\{0F32F055-1A7C-493F-871C-B31C822A43A8}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: capability.policy.policynames - localfilelinks
FF - user.js: capability.policy.localfilelinks.sites - hxxp://s1.travian.com http://s2.travian.com http://s3.travian.com http://s4.travian.com http://s5.travian.com http://s6.travian.com http://s7.travian.com http://s8.travian.com http://s9.travian.com http://s10.travian.com http://speed.travian.com http://s1.travian.us http://s2.travian.us http://s3.travian.us http://s4.travian.us http://s5.travian.us http://s6.travian.us http://s7.travian.us http://s8.travian.us http://s9.travian.us http://s10.travian.us http://speed.travian.us http://s1.travian.co.uk http://s2.travian.co.uk http://s3.travian.co.uk http://s4.travian.co.uk http://s5.travian.co.uk http://s6.travian.co.uk http://s7.travian.co.uk http://s8.travian.co.uk http://s9.travian.co.uk http://s10.travian.co.uk http://speed.travian.co.uk
FF - user.js: capability.policy.localfilelinks.checkl oaduri.enabled - allAccess
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-23 08:55
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwQueryDirectoryFile
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
.
c:\documents and settings\Paul and Jane\Start Menu\Programs\Startup\fgujfsee.exe 164199 bytes executable
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2052111302-1614895754-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{142CD2CF-756C-381E-759D-20FC7E2F111E}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"abehjcdkbnfajfgdfiiomepmfiljnhooln"=hex:65,62,65,68,63,65,64,6d,64,65,62,62,
   63,68,6a,62,6c,63,6e,62,69,65,61,6a,67,66,6c,61,6c,63,68,62,68,65,6a,6a,66,\
"bbehjcdkbnfajfgdfihohincaleghhekpfol"=hex:61,62,64,62,64,6c,69,70,6b,6c,6e,6d,
   64,66,6e,6c,6a,6c,70,6d,6f,6a,68,6b,6b,6e,6f,65,66,61,70,69,66,65,00,6a
.
[HKEY_USERS\S-1-5-21-2052111302-1614895754-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8F011243-2BF9-227A-A86C-B3C19DB5E2C4}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iabdoenbheaognkbme"=hex:6a,61,66,6d,68,6f,63,70,6e,62,6b,61,6a,66,6b,65,6a,66,
   69,6a,00,00
"halndhddfkcbdame"=hex:6b,61,66,6d,63,6f,6a,6f,67,65,6a,6e,68,66,6d,61,6f,65,
   61,69,63,6e,00,00
"iafcfikbniidmfemlf"=hex:63,61,64,6d,6f,6f,00,7c
.
[HKEY_USERS\S-1-5-21-2052111302-1614895754-839522115-1003\Software\Sony Creative Software\M*e*d*i*a* *M*a*n*a*g*e*r* *f*o*r* *P*S*P*"!\3.0]
"Percents"=""
"Increment"=".000213"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:e3,ff,fb,3e,89,b9,34,c0,0e,9e,24,b4,a2,21,68,88,0a,3c,f1,03,f1,
   04,45,20,0a,31,25,a5,ed,70,67,aa,ea,c0,1f,fb,fb,5e,f8,db,5e,ba,51,a4,9e,1c,\
.
[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:e3,ff,fb,3e,89,b9,34,c0,0e,9e,24,b4,a2,21,68,88,0a,3c,f1,03,f1,
   04,45,20,0a,31,25,a5,ed,70,67,aa,ea,c0,1f,fb,fb,5e,f8,db,5e,ba,51,a4,9e,1c,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(944)
e:\super anti spyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\LMIinit.dll
.
- - - - - - - > 'explorer.exe'(3964)
c:\windows\system32\WININET.dll
c:\windows\system32\tabhook.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-03-23  08:58:09
ComboFix-quarantined-files.txt  2011-03-23 08:57
ComboFix2.txt  2011-03-22 17:32
ComboFix3.txt  2011-03-22 16:53
ComboFix4.txt  2011-03-22 08:09
ComboFix5.txt  2011-03-22 23:49
.
Pre-Run: 20,397,699,072 bytes free
Post-Run: 20,453,257,216 bytes free
.
Current=1 Default=1 Failed=0 LastKnownGood=6 Sets=1,2,3,4,5,6
- - End Of File - - 55C57EDF884FECD232DDBB4616B7E5D8


Here is the Security Check Log

 Results of screen317's Security Check version 0.99.9 
 Windows XP Service Pack 3 
 Internet Explorer 8 
``````````````````````````````
Antivirus/Firewall Check:
 Windows Firewall Enabled! 
 McAfee VirusScan Enterprise   
 Antivirus up to date! (On Access scanning disabled!)
```````````````````````````````
Anti-malware/Other Utilities Check:
 Out of date Spybot installed!
 Ad-Aware
 Malwarebytes' Anti-Malware   
 HijackThis 2.0.2   
 Java(TM) 6 Update 22 
 Java(TM) 6 Update 2 
 Java(TM) 6 Update 3 
 Java(TM) 6 Update 5 
 Out of date Java installed!
 Adobe Flash Player    10.1.102.64 
Adobe Reader 8.1.0
Korean Fonts Support For Adobe Reader 8
Out of date Adobe Reader installed!
````````````````````````````````
Process Check: 
objlist.exe by Laurent
 Ad-Aware AAWService.exe
 Ad-Aware AAWTray.exe is disabled!
``````````End of Log````````````


Here is the link to the Scanner you asked for

http://virusscan.jotti.org/en-gb/scanresult/47248e5d687c5cb9b518b41d62b4b9bfd5c5a107

Hope you can help

Paul

[SuperDave]

Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.

First Verify your Java Version

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the Sun Java Runtime Environment.

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download JavaRa and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.
4. Run CCleaner.

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
*******************************************
Please download the newest version of Adobe Acrobat Reader from Adobe.com

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.
**************************************************
The Security Check shows that your AV is up-to-date but disabled. Please enable it.

Click Start, Search, select All Files and Folders. Copy and paste

Code: [Select]

c:\documents and settings\Paul and Jane\Start Menu\Programs\Startup\fgujfsee.exe and click search. Delete this file.

************************************************
Delete An Uninstall Entry

•Start HijackThis

•Click on the Open the Misc Tools section

•Click on the Open Uninstall Manager button.

•Highlight the entry you want to remove. (wadwupun)

•Click Delete this entry

[paulwilko10]

Hiya Dave

Not getting anywhere here at all

I run a combofix just so I can get to certain sites and programs can update but after a while, the virus kicks in again.

I can not update Jave because of the above reason as it comes back with an error "download failed"

I can not find that file fgujfsee.exe using the search

I can not delete the folder wadwupun using hijackthis

I am on the verge of a re install of the OS to be honest as I think my PC needs a clean up anyway unless you can come up with something else ?

I really do apprecaite your time on this but it seems to be a real tricky one :-(

Any thoughts please ?

Paul

[SuperDave]

What happens when you try to delete that folder using Unlocker?

[paulwilko10]

It says object is deleted but it actually doesnt delete at all :-(

[SuperDave]

• Download TDSSKiller and save it to your Desktop.
  
• Extract its contents to your desktop.
• Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  
• If an infected file is detected, the default action will be Cure, click on Continue.
  
• If a suspicious file is detected, the default action will be Skip, click on Continue.
  
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  
• Click the Report button and copy/paste the contents of it into your next reply
  

Note:It will also create a log in the C:\ directory..

[paulwilko10]

No threats found :-(

Here is the report

2011/03/24 18:43:54.0546 5308   TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/03/24 18:43:55.0718 5308   ================================================================================
2011/03/24 18:43:55.0718 5308   SystemInfo:
2011/03/24 18:43:55.0718 5308   
2011/03/24 18:43:55.0718 5308   OS Version: 5.1.2600 ServicePack: 3.0
2011/03/24 18:43:55.0718 5308   Product type: Workstation
2011/03/24 18:43:55.0718 5308   ComputerName: MAINPC
2011/03/24 18:43:55.0718 5308   UserName: Paul and Jane
2011/03/24 18:43:55.0718 5308   Windows directory: C:\WINDOWS
2011/03/24 18:43:55.0718 5308   System windows directory: C:\WINDOWS
2011/03/24 18:43:55.0718 5308   Processor architecture: Intel x86
2011/03/24 18:43:55.0718 5308   Number of processors: 2
2011/03/24 18:43:55.0718 5308   Page size: 0x1000
2011/03/24 18:43:55.0718 5308   Boot type: Normal boot
2011/03/24 18:43:55.0718 5308   ================================================================================
2011/03/24 18:43:56.0140 5308   Initialize success
2011/03/24 18:43:58.0765 5424   ================================================================================
2011/03/24 18:43:58.0765 5424   Scan started
2011/03/24 18:43:58.0765 5424   Mode: Manual;
2011/03/24 18:43:58.0765 5424   ================================================================================
2011/03/24 18:43:58.0968 5424   61883           (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys
2011/03/24 18:43:59.0031 5424   ACPI            (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/03/24 18:43:59.0062 5424   ACPIEC          (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/03/24 18:43:59.0109 5424   adfs            (6d7f09cd92a9fef3a8efce66231fdd79) C:\WINDOWS\system32\drivers\adfs.sys
2011/03/24 18:43:59.0156 5424   aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/03/24 18:43:59.0187 5424   afcdp           (f132d0bfde7c5ea1ab42325c5694a969) C:\WINDOWS\system32\DRIVERS\afcdp.sys
2011/03/24 18:43:59.0218 5424   AFD             (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/03/24 18:43:59.0328 5424   Arp1394         (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/03/24 18:43:59.0406 5424   Aspi32          (54ab078660e536da72b21a27f56b035b) C:\WINDOWS\system32\drivers\aspi32.sys
2011/03/24 18:43:59.0453 5424   AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/03/24 18:43:59.0468 5424   atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/03/24 18:43:59.0500 5424   Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/03/24 18:43:59.0562 5424   audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/03/24 18:43:59.0593 5424   Avc             (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys
2011/03/24 18:43:59.0625 5424   b57w2k          (8c0403aa21029804f31d869e6b0adedf) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
2011/03/24 18:43:59.0656 5424   Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/03/24 18:43:59.0734 5424   cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/03/24 18:43:59.0781 5424   CCDECODE        (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/03/24 18:43:59.0843 5424   Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/03/24 18:43:59.0890 5424   Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/03/24 18:43:59.0906 5424   Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/03/24 18:43:59.0921 5424   cercsr6         (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
2011/03/24 18:44:00.0046 5424   ctac32k         (b48945add6acb51d0b2aafc558664d1d) C:\WINDOWS\system32\drivers\ctac32k.sys
2011/03/24 18:44:00.0078 5424   ctaud2k         (def704dfad0b702919c2e460309bcb98) C:\WINDOWS\system32\drivers\ctaud2k.sys
2011/03/24 18:44:00.0109 5424   ctdvda2k        (f02e5e05ad79111f3b975e2a654aa050) C:\WINDOWS\system32\drivers\ctdvda2k.sys
2011/03/24 18:44:00.0125 5424   ctprxy2k        (377dc83c79358c20897df8d4742db7b0) C:\WINDOWS\system32\drivers\ctprxy2k.sys
2011/03/24 18:44:00.0140 5424   ctsfm2k         (1967653517d663c8c4b39c622988b910) C:\WINDOWS\system32\drivers\ctsfm2k.sys
2011/03/24 18:44:00.0171 5424   Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/03/24 18:44:00.0250 5424   dmboot          (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/03/24 18:44:00.0328 5424   dmio            (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\DRIVERS\dmio.sys
2011/03/24 18:44:00.0359 5424   dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/03/24 18:44:00.0390 5424   DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/03/24 18:44:00.0437 5424   drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/03/24 18:44:00.0484 5424   emupia          (94cea5c33ede311a193008518b4e7723) C:\WINDOWS\system32\drivers\emupia2k.sys
2011/03/24 18:44:00.0531 5424   Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/03/24 18:44:00.0562 5424   Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/03/24 18:44:00.0593 5424   FilterService   (50104c5f1ee1e295781caf9521ca2e56) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
2011/03/24 18:44:00.0625 5424   Fips            (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/03/24 18:44:00.0656 5424   Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/03/24 18:44:00.0703 5424   FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/03/24 18:44:00.0734 5424   Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/03/24 18:44:00.0765 5424   Ftdisk          (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/03/24 18:44:00.0812 5424   GcKernel        (72fe2bea6863d4eb93442a1c4fb5ca48) C:\WINDOWS\system32\DRIVERS\GcKernel.sys
2011/03/24 18:44:00.0984 5424   GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2011/03/24 18:44:01.0125 5424   Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/03/24 18:44:01.0437 5424   ha20x2k         (278482909b1d3c4d9d300261cde4c385) C:\WINDOWS\system32\drivers\ha20x2k.sys
2011/03/24 18:44:01.0578 5424   hamachi         (7929a161f9951d173ca9900fe7067391) C:\WINDOWS\system32\DRIVERS\hamachi.sys
2011/03/24 18:44:01.0640 5424   HIDSwvd         (bd205320308fb41c88a4049a2d1764b4) C:\WINDOWS\system32\DRIVERS\HIDSwvd.sys
2011/03/24 18:44:01.0687 5424   hidusb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/03/24 18:44:01.0906 5424   HPZid412        (5faba4775d4c61e55ec669d643ffc71f) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/03/24 18:44:02.0046 5424   HPZipr12        (a3c43980ee1f1beac778b44ea65dbdd4) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/03/24 18:44:02.0187 5424   HPZius12        (2906949bd4e206f2bb0dd1896ce9f66f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/03/24 18:44:02.0406 5424   HTTP            (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/03/24 18:44:02.0968 5424   i8042prt        (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/03/24 18:44:03.0015 5424   Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/03/24 18:44:03.0062 5424   imhidusb        (0836f03aa73ee78f1c884c4e9211aa72) C:\WINDOWS\system32\DRIVERS\imhidusb.sys
2011/03/24 18:44:03.0140 5424   intelppm        (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/03/24 18:44:03.0171 5424   Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/03/24 18:44:03.0218 5424   IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/03/24 18:44:03.0265 5424   IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/03/24 18:44:03.0312 5424   IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/03/24 18:44:03.0359 5424   IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/03/24 18:44:03.0421 5424   IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/03/24 18:44:03.0531 5424   isapnp          (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/03/24 18:44:03.0703 5424   Kbdclass        (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/03/24 18:44:03.0843 5424   kbdhid          (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/03/24 18:44:04.0140 5424   kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/03/24 18:44:04.0218 5424   KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/03/24 18:44:04.0281 5424   lfsfilt         (1f7366d04e5e32a656e3971b271a63a0) C:\WINDOWS\system32\DRIVERS\lfsfilt.sys
2011/03/24 18:44:04.0437 5424   LMIInfo         (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys
2011/03/24 18:44:04.0484 5424   lmimirr         (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\lmimirr.sys
2011/03/24 18:44:04.0531 5424   LMIRfsDriver    (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
2011/03/24 18:44:04.0562 5424   lpx             (ed8277d9182ffa0f9e6c75acb6dbdb5b) C:\WINDOWS\system32\DRIVERS\lpx.sys
2011/03/24 18:44:04.0625 5424   lvpopflt        (6d994fa3d541b63eaccf4f2b3f42b2e1) C:\WINDOWS\system32\DRIVERS\lvpopflt.sys
2011/03/24 18:44:04.0656 5424   LVPr2Mon        (f96cfb47903854f228baaf3e2d41a0a3) C:\WINDOWS\system32\Drivers\LVPr2Mon.sys
2011/03/24 18:44:04.0750 5424   LVRS            (b895839b8743e400d7c7dae156f74e7e) C:\WINDOWS\system32\DRIVERS\lvrs.sys
2011/03/24 18:44:04.0937 5424   LVUSBSta        (23f8ef78bb9553e465a476f3cee5ca18) C:\WINDOWS\system32\drivers\LVUSBSta.sys
2011/03/24 18:44:05.0421 5424   LVUVC           (8bc0d5f6e3898f465a94c6d03afb5a20) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
2011/03/24 18:44:05.0781 5424   MarvinBus       (a3e700d78eec390f1208098cdca5c6b6) C:\WINDOWS\system32\DRIVERS\MarvinBus.sys
2011/03/24 18:44:05.0875 5424   mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/03/24 18:44:05.0921 5424   Modem           (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/03/24 18:44:05.0953 5424   Mouclass        (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/03/24 18:44:05.0984 5424   mouhid          (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/03/24 18:44:06.0031 5424   MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/03/24 18:44:06.0093 5424   MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/03/24 18:44:06.0171 5424   MRxSmb          (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/03/24 18:44:06.0234 5424   MSDV            (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys
2011/03/24 18:44:06.0265 5424   Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/03/24 18:44:06.0328 5424   MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/03/24 18:44:06.0359 5424   MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/03/24 18:44:06.0406 5424   MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/03/24 18:44:06.0437 5424   mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/03/24 18:44:06.0500 5424   MSTEE           (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/03/24 18:44:06.0546 5424   Mup             (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/03/24 18:44:06.0703 5424   NABTSFEC        (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/03/24 18:44:06.0843 5424   ndasbus         (fe173cd26277ab2f91a2b9e22e0efca4) C:\WINDOWS\system32\DRIVERS\ndasbus.sys
2011/03/24 18:44:06.0953 5424   ndasscsi        (063d278d1ff1231d2280a42eea20640c) C:\WINDOWS\system32\DRIVERS\ndasscsi.sys
2011/03/24 18:44:07.0062 5424   NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/03/24 18:44:07.0328 5424   NdisIP          (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/03/24 18:44:07.0406 5424   NdisTapi        (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/03/24 18:44:07.0421 5424   Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/03/24 18:44:07.0421 5424   NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/03/24 18:44:07.0468 5424   NDProxy         (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/03/24 18:44:07.0515 5424   NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/03/24 18:44:07.0531 5424   NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/03/24 18:44:07.0562 5424   NetworkX        (b8f9384e04d1fdc135d3f67281e1d2c6) C:\WINDOWS\system32\ckldrv.sys
2011/03/24 18:44:07.0656 5424   NIC1394         (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/03/24 18:44:07.0718 5424   nm              (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
2011/03/24 18:44:07.0765 5424   Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/03/24 18:44:07.0812 5424   Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/03/24 18:44:07.0843 5424   Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/03/24 18:44:08.0031 5424   nv              (9e143fb3ef13b7ec1c1dd06529debadd) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/03/24 18:44:08.0250 5424   nvatabus        (b7fb72492b753930ec70a0f49d04f12f) C:\WINDOWS\system32\DRIVERS\nvatabus.sys
2011/03/24 18:44:08.0281 5424   NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/03/24 18:44:08.0312 5424   NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/03/24 18:44:08.0343 5424   ohci1394        (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/03/24 18:44:08.0421 5424   ossrv           (8a347decf8a4bbcad4501528546b4fad) C:\WINDOWS\system32\drivers\ctoss2k.sys
2011/03/24 18:44:08.0453 5424   Parport         (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2011/03/24 18:44:08.0484 5424   PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/03/24 18:44:08.0609 5424   ParVdm          (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/03/24 18:44:08.0625 5424   PCI             (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/03/24 18:44:08.0656 5424   PCIIde          (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/03/24 18:44:08.0687 5424   Pcmcia          (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/03/24 18:44:08.0734 5424   pcouffin        (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
2011/03/24 18:44:08.0843 5424   PenClass        (4a108cc9cc0e0605e68cce7021479879) C:\WINDOWS\system32\Drivers\PenClass.sys
2011/03/24 18:44:08.0906 5424   PLCNDIS5        (2aba2f545b35f9c6cc2cfc4e1d539a80) C:\WINDOWS\system32\PLCNDIS5.SYS
2011/03/24 18:44:08.0984 5424   PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/03/24 18:44:09.0031 5424   PQNTDrv         (04f3971b70a7855f04d351aa4bee7799) C:\WINDOWS\system32\drivers\PQNTDrv.sys
2011/03/24 18:44:09.0046 5424   prodrv06        (6d3b2fc5dec2f59b28fe5fa17250a7b0) C:\WINDOWS\System32\drivers\prodrv06.sys
2011/03/24 18:44:09.0062 5424   prohlp02        (c5f47b7ec2ec906847d5f80ba779a5bd) C:\WINDOWS\system32\drivers\prohlp02.sys
2011/03/24 18:44:09.0078 5424   prosync1        (f3471e7971ee62420451d958da635064) C:\WINDOWS\system32\drivers\prosync1.sys
2011/03/24 18:44:09.0140 5424   Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/03/24 18:44:09.0187 5424   PxHelp20        (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/03/24 18:44:09.0250 5424   RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/03/24 18:44:09.0281 5424   Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/03/24 18:44:09.0281 5424   RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/03/24 18:44:09.0312 5424   Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/03/24 18:44:09.0343 5424   Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/03/24 18:44:09.0359 5424   RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/03/24 18:44:09.0375 5424   rdpdr           (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/03/24 18:44:09.0406 5424   RDPWD           (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/03/24 18:44:09.0421 5424   redbook         (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/03/24 18:44:09.0468 5424   Revoflt         (8b5b8a11306190c6963d3473f052d3c8) C:\WINDOWS\system32\DRIVERS\revoflt.sys
2011/03/24 18:44:09.0500 5424   RimVSerPort     (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
2011/03/24 18:44:09.0515 5424   rk_remover-boot (8cdcdcf155482090c0251f75ce63b443) C:\WINDOWS\system32\drivers\rk_remover.sys
2011/03/24 18:44:09.0531 5424   ROOTMODEM       (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2011/03/24 18:44:09.0578 5424   s217bus         (0266151de3f36429f6ac3c4b28085061) C:\WINDOWS\system32\DRIVERS\s217bus.sys
2011/03/24 18:44:09.0625 5424   s217mdfl        (a43c0af0e46be7ef0c7e8ccf0f058600) C:\WINDOWS\system32\DRIVERS\s217mdfl.sys
2011/03/24 18:44:09.0640 5424   s217mdm         (005f5ded1ed8f8a9d2399d765ead20f1) C:\WINDOWS\system32\DRIVERS\s217mdm.sys
2011/03/24 18:44:09.0687 5424   s217mgmt        (de9562ad0c91e1857d11f65a91ee1a47) C:\WINDOWS\system32\DRIVERS\s217mgmt.sys
2011/03/24 18:44:09.0703 5424   s217obex        (0f9f4045799afb66b85eef999d0609ec) C:\WINDOWS\system32\DRIVERS\s217obex.sys
2011/03/24 18:44:09.0750 5424   s217unic        (1c91e1023f07b6407d84b5a43537d984) C:\WINDOWS\system32\DRIVERS\s217unic.sys
2011/03/24 18:44:09.0812 5424   SaiNtHid        (a007103ef0e50fb0e0ed08b511d721d7) C:\WINDOWS\system32\DRIVERS\SaiNtHid.sys
2011/03/24 18:44:09.0859 5424   SASDIFSV        (a3281aec37e0720a2bc28034c2df2a56) E:\Super Anti Spyware\SASDIFSV.SYS
2011/03/24 18:44:09.0875 5424   SASKUTIL        (61db0d0756a99506207fd724e3692b25) E:\Super Anti Spyware\SASKUTIL.SYS
2011/03/24 18:44:09.0921 5424   sbp2port        (b244960e5a1db8e9d5d17086de37c1e4) C:\WINDOWS\system32\DRIVERS\sbp2port.sys
2011/03/24 18:44:10.0000 5424   Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/03/24 18:44:10.0031 5424   serenum         (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/03/24 18:44:10.0078 5424   Serial          (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/03/24 18:44:10.0125 5424   sfdrv01         (4c0d673281178cb496011a2e28571fc8) C:\WINDOWS\system32\drivers\sfdrv01.sys
2011/03/24 18:44:10.0140 5424   sfhlp01         (462aee0ea0481ea8bd45cac876a4ccc4) C:\WINDOWS\system32\drivers\sfhlp01.sys
2011/03/24 18:44:10.0171 5424   sfhlp02         (15be2b5e4dc5b8623cf167720682abc9) C:\WINDOWS\system32\drivers\sfhlp02.sys
2011/03/24 18:44:10.0203 5424   Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/03/24 18:44:10.0218 5424   sfvfs02         (d5a7e09d2c6a702809e49190d52adc9f) C:\WINDOWS\system32\drivers\sfvfs02.sys
2011/03/24 18:44:10.0250 5424   SLIP            (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/03/24 18:44:10.0296 5424   snapman         (ffd9b64db2cd7b74b766c3a8452a5816) C:\WINDOWS\system32\DRIVERS\snapman.sys
2011/03/24 18:44:10.0343 5424   splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/03/24 18:44:10.0359 5424   sr              (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/03/24 18:44:10.0437 5424   Srv             (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/03/24 18:44:10.0500 5424   streamip        (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/03/24 18:44:10.0515 5424   swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/03/24 18:44:10.0531 5424   swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/03/24 18:44:10.0625 5424   sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/03/24 18:44:10.0656 5424   Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/03/24 18:44:10.0703 5424   TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/03/24 18:44:10.0750 5424   tdrpman251      (3630f5b8181554deecfe2e4252bc4c4c) C:\WINDOWS\system32\DRIVERS\tdrpm251.sys
2011/03/24 18:44:10.0781 5424   TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/03/24 18:44:10.0828 5424   TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/03/24 18:44:10.0843 5424   timounter       (c820bfc70feb25ec877c49e81cd477c1) C:\WINDOWS\system32\DRIVERS\timntr.sys
2011/03/24 18:44:10.0890 5424   Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/03/24 18:44:10.0953 5424   Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/03/24 18:44:11.0000 5424   USBAAPL         (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/03/24 18:44:11.0046 5424   usbaudio        (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/03/24 18:44:11.0062 5424   usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/03/24 18:44:11.0093 5424   usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/03/24 18:44:11.0109 5424   usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/03/24 18:44:11.0156 5424   usbohci         (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/03/24 18:44:11.0187 5424   usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/03/24 18:44:11.0234 5424   usbscan         (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/03/24 18:44:11.0281 5424   usbstor         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/03/24 18:44:11.0312 5424   usbvideo        (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2011/03/24 18:44:11.0343 5424   VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/03/24 18:44:11.0390 5424   VolSnap         (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/03/24 18:44:11.0453 5424   Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/03/24 18:44:11.0484 5424   Wdf01000        (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
2011/03/24 18:44:11.0531 5424   wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/03/24 18:44:11.0562 5424   WinDriver6      (94e4312d546048bf31604a8b2ad13fc0) C:\WINDOWS\system32\drivers\windrvr6.sys
2011/03/24 18:44:11.0625 5424   WmBEnum         (c8a3f4b7d6ec50a428101ac8c9ff973c) C:\WINDOWS\system32\drivers\WmBEnum.sys
2011/03/24 18:44:11.0640 5424   WmFilter        (10a7b8281210f5cbd5a0d978ac547fa6) C:\WINDOWS\system32\drivers\WmFilter.sys
2011/03/24 18:44:11.0671 5424   WmHidLo         (baef5220c34238fce2921aaeb9bb21ff) C:\WINDOWS\system32\drivers\WmHidLo.sys
2011/03/24 18:44:11.0687 5424   WmVirHid        (a12f19c9234836c66e109513d5be636b) C:\WINDOWS\system32\drivers\WmVirHid.sys
2011/03/24 18:44:11.0703 5424   WmXlCore        (79755654f4845b7a5ddd35e68899a44d) C:\WINDOWS\system32\drivers\WmXlCore.sys
2011/03/24 18:44:11.0734 5424   WpdUsb          (1385e5aa9c9821790d33a9563b8d2dd0) C:\WINDOWS\system32\Drivers\wpdusb.sys
2011/03/24 18:44:11.0765 5424   WsAudio_DeviceS(1) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(1).sys
2011/03/24 18:44:11.0781 5424   WsAudio_DeviceS(2) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(2).sys
2011/03/24 18:44:11.0812 5424   WsAudio_DeviceS(3) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(3).sys
2011/03/24 18:44:11.0828 5424   WsAudio_DeviceS(4) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(4).sys
2011/03/24 18:44:11.0843 5424   WsAudio_DeviceS(5) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(5).sys
2011/03/24 18:44:11.0890 5424   WSTCODEC        (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/03/24 18:44:11.0906 5424   WudfPf          (50eb9e21963b4f06fd010d007d54351b) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/03/24 18:44:11.0953 5424   WudfRd          (6e209664bdea8a15b5e8e480d6c607c2) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/03/24 18:44:11.0984 5424   XE104Sp50       (1961590aa191b6b7dcf18a6a693af7b8) C:\WINDOWS\system32\Drivers\XE104Sp50.sys
2011/03/24 18:44:12.0078 5424   ================================================================================
2011/03/24 18:44:12.0078 5424   Scan finished
2011/03/24 18:44:12.0078 5424   ================================================================================

[SuperDave]

Ok. Let's try another method.

Copy and paste the text in the code box below into Notepad.

Code: [Select]

@echo off
del c:\program files\wadwupun

del blackpudding.bat
exit
Then click File > Save as
Save to the Desktop as blackpudding.bat
And Save as type: All Files.

Double-click on blackpudding.bat to run it.

[paulwilko10]

wadwupun still there after running blackpudding.bat :-(

[SuperDave]

Copy and paste the text in the code box below into Notepad.

Code: [Select]

@echo off
del c:\documents and settings\Paul and Jane\Start Menu\Programs\Startup\fgujfsee.exe "
del blackpudding.bat
exit
Then click File > Save as
Save to the Desktop as blackpudding.bat
And Save as type: All Files.

Double-click on blackpudding.bat to run it.

Please run ComboFix after doing the above and post the log.

[paulwilko10]

Did as you asked and here is the log

I cant say whether your BAT file worked as i can never see that file anyway

ComboFix 11-03-24.06 - Paul and Jane 25/03/2011  19:06:21.15.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2045.1495 [GMT 0:00]
Running from: c:\documents and settings\Paul and Jane\Desktop\ComboFix.exe
.
.
(((((((((((((((((((((((((   Files Created from 2011-02-25 to 2011-03-25  )))))))))))))))))))))))))))))))
.
.
2011-03-23 12:35 . 2011-03-18 17:57   781272   ------w-   c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-03-23 12:35 . 2011-03-18 17:57   728024   ----a-w-   c:\program files\Mozilla Firefox\libGLESv2.dll
2011-03-23 12:35 . 2011-03-18 17:57   1975768   ----a-w-   c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-03-23 12:35 . 2011-03-18 17:57   1893336   ----a-w-   c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-03-23 12:35 . 2011-03-18 17:57   1874904   ------w-   c:\program files\Mozilla Firefox\mozjs.dll
2011-03-23 12:35 . 2011-03-18 17:57   15832   ------w-   c:\program files\Mozilla Firefox\mozalloc.dll
2011-03-23 12:35 . 2011-03-18 17:57   142296   ----a-w-   c:\program files\Mozilla Firefox\libEGL.dll
2011-03-23 12:35 . 2011-03-18 17:57   142296   ------w-   c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-03-23 12:30 . 2011-03-24 17:57   --------   d-----w-   c:\program files\wadwupun
2011-03-23 12:07 . 2011-03-23 12:07   --------   d-----w-   C:\$AVG
2011-03-23 11:56 . 2011-03-23 11:56   --------   d-----w-   c:\documents and settings\Paul and Jane\Application Data\AVG10
2011-03-23 11:56 . 2011-03-23 11:56   --------   d--h--w-   c:\documents and settings\All Users\Application Data\Common Files
2011-03-23 11:55 . 2011-03-23 13:26   --------   d-----w-   c:\documents and settings\All Users\Application Data\AVG10
2011-03-23 11:55 . 2011-03-23 11:55   --------   d-----w-   c:\program files\AVG
2011-03-23 11:53 . 2011-03-24 18:48   --------   d-----w-   c:\documents and settings\All Users\Application Data\MFAData
2011-03-22 22:04 . 2011-03-24 17:57   164199   ----a-w-   c:\program files\Mozilla Firefox\firefoxmgr.exe
2011-03-21 17:22 . 2011-03-22 16:43   --------   d-----w-   C:\QUARANTINE
2011-03-21 17:12 . 2011-03-21 17:12   --------   d-----w-   c:\program files\ophcrack
2011-03-20 12:16 . 2011-03-20 12:16   --------   d-----w-   c:\documents and settings\Paul and Jane\Application Data\IObit
2011-03-20 12:16 . 2011-03-20 12:16   --------   d-----w-   c:\documents and settings\All Users\Application Data\IObit
2011-03-20 12:16 . 2011-03-20 12:16   --------   d-----w-   c:\program files\IObit
2011-03-20 11:46 . 2011-03-20 11:46   --------   d-----w-   C:\1
2011-03-20 11:32 . 2011-03-20 11:39   --------   d-----w-   c:\program files\Unlocker
2011-03-20 09:29 . 2011-03-20 09:29   --------   d-----w-   c:\program files\Trend Micro
2011-03-19 10:49 . 2011-03-19 10:49   --------   d-----w-   c:\documents and settings\Paul and Jane\Application Data\SUPERAntiSpyware.com
2011-03-19 10:49 . 2011-03-19 10:49   --------   d-----w-   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-03-18 14:18 . 2011-03-18 15:49   53248   ----a-w-   c:\windows\system32\drivers\rk_remover.sys
2011-03-18 10:06 . 2011-03-18 10:08   --------   d-----w-   c:\program files\Windows Live Safety Center
2011-03-17 21:54 . 2011-03-21 21:42   233977   ----a-r-   c:\documents and settings\Paul and Jane\Application Data\Microsoft\Installer\{2c557f98-ef74-4a1e-a856-9df2f633b41f}\gui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2011-03-17 21:54 . 2011-03-21 21:42   233894   ----a-r-   c:\documents and settings\Paul and Jane\Application Data\Microsoft\Installer\{2c557f98-ef74-4a1e-a856-9df2f633b41f}\ARPPRODUCTICON.exe
2011-03-17 21:54 . 2011-03-21 21:42   233854   ----a-r-   c:\documents and settings\Paul and Jane\Application Data\Microsoft\Installer\{2c557f98-ef74-4a1e-a856-9df2f633b41f}\gui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2011-03-17 21:54 . 2011-03-17 21:54   --------   d-----w-   c:\program files\Sophos
2011-03-17 19:54 . 2011-03-17 19:54   --------   d-----w-   c:\documents and settings\Pauls Iphone\Application Data\Malwarebytes
2011-03-17 19:50 . 2011-03-17 19:50   --------   d-----w-   c:\documents and settings\Pauls Iphone\Local Settings\Application Data\Adobe
2011-03-17 19:02 . 2011-03-17 19:02   --------   d-----w-   c:\documents and settings\Pauls Iphone\Local Settings\Application Data\TomTom
2011-03-17 19:02 . 2011-03-17 19:02   --------   d-----w-   c:\documents and settings\Pauls Iphone\Application Data\TomTom
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-21 21:42 . 2007-12-13 18:48   209384   ----a-r-   c:\documents and settings\Paul and Jane\Application Data\Microsoft\Installer\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}\WinDlg.exe_0AB76F69E7614CFAB9B0A1906B4E9E4B_3.exe
2011-03-18 17:57 . 2011-03-23 12:35   142296   ------w-   c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((   SnapShot@2011-03-21_18.08.52   )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-12 00:02 . 2009-07-12 00:02   51008              c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
+ 2009-07-12 00:02 . 2009-07-12 00:02   59728              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
+ 2009-07-12 00:02 . 2009-07-12 00:02   42832              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
+ 2009-07-12 00:02 . 2009-07-12 00:02   43344              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
+ 2009-07-12 00:02 . 2009-07-12 00:02   61264              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
+ 2009-07-12 00:02 . 2009-07-12 00:02   62800              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
+ 2009-07-12 00:02 . 2009-07-12 00:02   61760              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
+ 2009-07-12 00:02 . 2009-07-12 00:02   61776              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
+ 2009-07-12 00:02 . 2009-07-12 00:02   53568              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
+ 2009-07-12 00:02 . 2009-07-12 00:02   63296              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
+ 2009-07-12 00:02 . 2009-07-12 00:02   36688              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
+ 2009-07-12 00:02 . 2009-07-12 00:02   35648              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
+ 2009-07-12 00:05 . 2009-07-12 00:05   59904              c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
+ 2009-07-12 00:05 . 2009-07-12 00:05   59904              c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
+ 2011-03-25 18:58 . 2011-03-25 18:58   16384              c:\windows\Temp\Perflib_Perfdata_78c.dat
- 2004-08-04 10:00 . 2011-03-21 17:57   80884              c:\windows\system32\perfc009.dat
+ 2004-08-04 10:00 . 2011-03-25 19:02   80884              c:\windows\system32\perfc009.dat
- 2010-12-15 15:40 . 2010-12-15 15:40   49152              c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2010-12-15 15:40 . 2011-03-21 18:36   49152              c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2005-03-21 11:00 . 2005-03-21 11:00   4096              c:\windows\system32\sabprocenum.sys
+ 2009-07-12 00:02 . 2009-07-12 00:02   653120              c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
+ 2009-07-12 00:02 . 2009-07-12 00:02   569664              c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
+ 2009-07-12 00:05 . 2009-07-12 00:05   225280              c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
+ 2004-08-04 10:00 . 2011-03-25 19:02   467240              c:\windows\system32\perfh009.dat
- 2004-08-04 10:00 . 2011-03-21 17:57   467240              c:\windows\system32\perfh009.dat
+ 2004-08-04 10:00 . 2008-04-14 00:11   640000              c:\windows\system32\dllcache\dbghelp.dll
+ 2011-03-23 11:54 . 2011-03-23 11:54   219648              c:\windows\Installer\b031b0.msi
+ 2009-05-14 15:41 . 2009-05-14 15:41   380144              c:\windows\Downloaded Program Files\sabspx.dll
+ 2009-07-12 00:02 . 2009-07-12 00:02   3780424              c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
+ 2009-07-12 00:02 . 2009-07-12 00:02   3765048              c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
+ 2007-08-12 13:22 . 2011-03-02 19:56   37943240              c:\windows\system32\MRT.exe
+ 2011-03-21 18:36 . 2011-03-21 18:36   20304384              c:\windows\Installer\13319e.msp
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="e:\super anti spyware\SUPERAntiSpyware.exe" [2011-03-16 2423752]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-15 13680640]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "e:\super anti spyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21   548352   ----a-w-   e:\super anti spyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2010-09-29 18:09   87424   ----a-w-   c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk]
backup=c:\windows\pss\Adobe Acrobat Synchronizer.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DynDNS Updater Tray Icon.lnk]
backup=c:\windows\pss\DynDNS Updater Tray Icon.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Giganews Accelerator.lnk]
backup=c:\windows\pss\Giganews Accelerator.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NDAS Device Management.lnk]
backup=c:\windows\pss\NDAS Device Management.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TabUserW.lnk]
backup=c:\windows\pss\TabUserW.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk]
backup=c:\windows\pss\Windows Desktop Search.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Paul and Jane^Start Menu^Programs^Startup^VQ4.0.lnk]
backup=c:\windows\pss\VQ4.0.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2009-09-12 15:31   357384   ----a-w-   c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2007-05-11 02:06   40048   ----a-w-   c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 06:58   611712   ----a-w-   c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-10-23 14:18   202024   ----a-w-   c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJCFD]
2003-01-27 16:16   376912   ----a-w-   c:\program files\BroadJump\Client Foundation\CFD.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12   15360   ----a-w-   c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
2006-08-17 10:32   17920   ----a-w-   c:\windows\CTHELPER.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
2006-03-02 11:00   18944   ----a-w-   c:\windows\system32\CTXFIHLP.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16   357696   ----a-w-   c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX6000 Series]
2006-02-13 04:00   131072   ----a-w-   c:\windows\system32\spool\drivers\w32x86\3\E_FATIBIE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2011-03-20 14:25   3907957   ------w-   c:\program files\Google\Google Talk\googletalk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 11:44   31072   ------w-   c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2006-11-13 12:39   1289000   ------w-   e:\active sync\wcescomm.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2011-03-20 14:25   410025   ----a-w-   c:\program files\HP\hpcoretech\hpcmpmgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2005-07-08 04:55   176128   ----a-w-   c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon05]
2005-07-08 04:55   491520   ----a-w-   c:\windows\system32\hphmon05.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IObit Security 360]
2010-06-11 18:14   1280344   ----a-w-   c:\program files\IObit\IObit Security 360\is360tray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-07-21 14:53   141608   ----a-w-   e:\i tunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2008-12-20 07:50   2656528   ----a-w-   c:\program files\Logitech\QuickCam\Quickcam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
2008-07-24 17:46   63048   ----a-w-   c:\program files\LogMeIn\x86\LogMeInSystray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12   1695232   ------w-   c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2007-09-20 08:51   1836328   ----a-w-   e:\nero 8\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 14:57   153136   ----a-w-   c:\program files\Common Files\Nero\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2009-01-15 08:19   13680640   ----a-w-   c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2009-01-15 08:19   86016   ----a-w-   c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2009-01-15 08:19   1657376   ----a-w-   c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-03-20 18:06   421888   ----a-w-   e:\quicktime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]
2009-10-14 14:43   3217368   ----a-w-   e:\registry mechanic\RegMech.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 13:11   25623336   ----a-r-   c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-04-19 20:18   1217872   ----a-w-   e:\steam\steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 11:44   248552   ----a-w-   c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-03-26 08:32   39408   ----a-w-   c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2007-08-17 20:14   185632   ----a-w-   c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2011-03-09 12:30   247728   ----a-w-   e:\tomtom home 2\TomTomHOMERunner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
2009-09-12 15:30   5048488   ----a-w-   e:\acronis\TrueImageMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2011-03-20 18:34   17408   ----a-w-   e:\unlocker\UnlockerAssistant.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\wizdxp\\wizd.exe"=
"e:\active sync\rapimgr.exe"= e:\active sync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"e:\active sync\wcescomm.exe"= e:\active sync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"e:\active sync\WCESMgr.exe"= e:\active sync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"e:\\Studio 11\\programs\\RM.exe"=
"e:\\Studio 11\\programs\\Studio.exe"=
"e:\\Studio 11\\programs\\PMSRegisterFile.exe"=
"e:\\Studio 11\\programs\\umi.exe"=
"e:\\Steam\\steam.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"e:\\Flight Simulator X\\fsx.exe"=
"e:\\Dreamweaver\\Adobe Dreamweaver CS3\\Dreamweaver.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"e:\\I Tunes\\iTunes.exe"=
"e:\\Sam Broadcaster\\SAMBC.exe"=
"c:\\Program Files\\NSVtools\\nsvscsrc.exe"=
"c:\\Program Files\\TVersity\\Media Server\\MediaServer.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"8010:TCP"= 8010:TCP:shoutcast
"3436:TCP"= 3436:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R0 tdrpman251;Acronis Try&Decide and Restore Points filter (build 251);c:\windows\system32\drivers\tdrpm251.sys [23/04/2010 12:34 902432]
R1 SASDIFSV;SASDIFSV;e:\super anti spyware\sasdifsv.sys [17/02/2010 18:25 12872]
R1 SASKUTIL;SASKUTIL;e:\super anti spyware\SASKUTIL.SYS [10/05/2010 18:41 67656]
R2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [23/04/2010 12:34 2326920]
R2 DynDNS Updater;DynDNS Updater;c:\program files\DynDNS Updater\DynUpSvc.exe [16/04/2010 16:19 103800]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [05/10/2010 17:38 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [24/07/2008 17:46 12856]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [23/04/2010 12:34 159168]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [01/12/2009 18:11 25704]
R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [01/12/2009 18:11 25704]
R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [01/12/2009 18:12 25704]
R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [01/12/2009 18:12 25704]
R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [01/12/2009 18:12 25704]
S0 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
S2 gupdate1c9aded739d4b74;Google Update Service (gupdate1c9aded739d4b74);c:\program files\Google\Update\GoogleUpdate.exe [26/03/2009 08:32 133104]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe --> c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [?]
S3 imhidusb;Immersion's HID USB Driver;c:\windows\system32\drivers\imhidusb.sys [14/10/2007 12:02 30984]
S3 IS360service;IS360service;c:\program files\IObit\IObit Security 360\is360srv.exe [20/03/2011 12:16 312152]
S3 PLCNDIS5;PLCNDIS5 NDIS Protocol Driver;c:\windows\system32\PLCNDIS5.SYS [26/04/2004 17:11 17280]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [14/12/2010 21:55 27064]
S3 rk_remover-boot;rk_remover-boot;c:\windows\system32\drivers\rk_remover.sys [18/03/2011 14:18 53248]
S3 XE104Sp50;XE104Sp50 NDIS Protocol Driver;c:\windows\system32\drivers\XE104Sp50.sys [28/11/2006 20:46 27072]
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-07-25 12:34]
.
2011-03-25 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-04-07 08:32]
.
2011-03-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-26 08:32]
.
2011-03-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-26 08:32]
.
2011-03-23 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2010-05-19 23:20]
.
2011-01-02 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2010-05-19 23:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyServer = http=asfd-cache-1.server.ntli.net
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {C380CE11-9A83-4782-86FB-28CE0B0787E6} = 194.168.4.100,194.168.8.100
DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} - hxxp://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20100902142450
DPF: {195538FD-1C39-44B1-A7C3-5D7137A8A8F1} - hxxps://access.easyjetairline.com/vdesk/terminal/f5opswati.cab#Version=7000,2010,517,1206
DPF: {30CF9713-6614-4556-B5F5-66F8C7F9DEF1} - hxxps://access.easyjetairline.com/vdesk/terminal/f5opswati.cab#Version=7000,2010,517,1206
DPF: {49EC7987-E331-44E3-B170-748B58A268B9} - hxxps://access.easyjetairline.com/vdesk/terminal/f5opswati.cab#Version=7000,2010,517,1206
DPF: {4A026B12-94F3-4D2F-A468-96AA55DE20A5} - hxxp://192.168.1.104/img/NetCamPlayerWeb11g.ocx
DPF: {EBDC91CB-F23F-477D-B152-3F7243760D04} - hxxps://access.easyjetairline.com/vdesk/terminal/f5opswati.cab#Version=7000,2010,517,1206
DPF: {FD0EBBED-0C42-4D0F-82DA-44399B5C420A} - hxxp://downloads.virginmedia.com/CST/ver1/xp_mail.cab
FF - ProfilePath - c:\documents and settings\Paul and Jane\Application Data\Mozilla\Firefox\Profiles\qddxd76b.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=&query=
FF - prefs.js: browser.search.selectedEngine - Winamp Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=&query=
FF - user.js: capability.policy.policynames - localfilelinks
FF - user.js: capability.policy.localfilelinks.sites - hxxp://s1.travian.com http://s2.travian.com http://s3.travian.com http://s4.travian.com http://s5.travian.com http://s6.travian.com http://s7.travian.com http://s8.travian.com http://s9.travian.com http://s10.travian.com http://speed.travian.com http://s1.travian.us http://s2.travian.us http://s3.travian.us http://s4.travian.us http://s5.travian.us http://s6.travian.us http://s7.travian.us http://s8.travian.us http://s9.travian.us http://s10.travian.us http://speed.travian.us http://s1.travian.co.uk http://s2.travian.co.uk http://s3.travian.co.uk http://s4.travian.co.uk http://s5.travian.co.uk http://s6.travian.co.uk http://s7.travian.co.uk http://s8.travian.co.uk http://s9.travian.co.uk http://s10.travian.co.uk http://speed.travian.co.uk
FF - user.js: capability.policy.localfilelinks.checkl oaduri.enabled - allAccess
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-25 19:11
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwQueryDirectoryFile
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
.
c:\documents and settings\Paul and Jane\Start Menu\Programs\Startup\fgujfsee.exe 164199 bytes executable
C:\fgujfsee.exe 164199 bytes executable
.
scan completed successfully
hidden files: 2
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2052111302-1614895754-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{142CD2CF-756C-381E-759D-20FC7E2F111E}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"abehjcdkbnfajfgdfiiomepmfiljnhooln"=hex:65,62,65,68,63,65,64,6d,64,65,62,62,
   63,68,6a,62,6c,63,6e,62,69,65,61,6a,67,66,6c,61,6c,63,68,62,68,65,6a,6a,66,\
"bbehjcdkbnfajfgdfihohincaleghhekpfol"=hex:61,62,64,62,64,6c,69,70,6b,6c,6e,6d,
   64,66,6e,6c,6a,6c,70,6d,6f,6a,68,6b,6b,6e,6f,65,66,61,70,69,66,65,00,6a
.
[HKEY_USERS\S-1-5-21-2052111302-1614895754-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8F011243-2BF9-227A-A86C-B3C19DB5E2C4}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iabdoenbheaognkbme"=hex:6a,61,66,6d,68,6f,63,70,6e,62,6b,61,6a,66,6b,65,6a,66,
   69,6a,00,00
"halndhddfkcbdame"=hex:6b,61,66,6d,63,6f,6a,6f,67,65,6a,6e,68,66,6d,61,6f,65,
   61,69,63,6e,00,00
"iafcfikbniidmfemlf"=hex:63,61,64,6d,6f,6f,00,7c
.
[HKEY_USERS\S-1-5-21-2052111302-1614895754-839522115-1003\Software\Sony Creative Software\M*e*d*i*a* *M*a*n*a*g*e*r* *f*o*r* *P*S*P*"!\3.0]
"Percents"=""
"Increment"=".000213"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:e3,ff,fb,3e,89,b9,34,c0,0e,9e,24,b4,a2,21,68,88,0a,3c,f1,03,f1,
   04,45,20,0a,31,25,a5,ed,70,67,aa,ea,c0,1f,fb,fb,5e,f8,db,5e,ba,51,a4,9e,1c,\
.
[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:e3,ff,fb,3e,89,b9,34,c0,0e,9e,24,b4,a2,21,68,88,0a,3c,f1,03,f1,
   04,45,20,0a,31,25,a5,ed,70,67,aa,ea,c0,1f,fb,fb,5e,f8,db,5e,ba,51,a4,9e,1c,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(940)
e:\super anti spyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\LMIinit.dll
.
- - - - - - - > 'explorer.exe'(340)
c:\windows\system32\WININET.dll
c:\windows\system32\tabhook.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\windows\system32\LMIRfsClientNP.dll
.
Completion time: 2011-03-25  19:14:24
ComboFix-quarantined-files.txt  2011-03-25 19:14
ComboFix2.txt  2011-03-24 17:57
ComboFix3.txt  2011-03-23 19:47
ComboFix4.txt  2011-03-23 17:10
ComboFix5.txt  2011-03-25 19:03
.
Pre-Run: 19,861,852,160 bytes free
Post-Run: 19,872,595,968 bytes free
.
Current=1 Default=1 Failed=0 LastKnownGood=6 Sets=1,2,3,4,5,6
- - End Of File - - 5F77D3E82EC762B48E2366BC33B68BFC

[SuperDave]

Re-running ComboFix to remove infections:

• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Open notepad and copy/paste the text in the quotebox below into it:
  

  KillAll::
  
  File::
  c:\documents and settings\Paul and Jane\Start Menu\Programs\Startup\fgujfsee.exe
  C:\fgujfsee.exe
  
  Folder::
  C:\Program Files\wadwupun
  
  RegNULL::
  [HKEY_USERS\S-1-5-21-2052111302-1614895754-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{142CD2CF-756C-381E-759D-20FC7E2F111E}*]
  @Allowed: (Read) (RestrictedCode)
  @Allowed: (Read) (RestrictedCode)
  "abehjcdkbnfajfgdfiiomepmfiljnhooln"=hex:65,62,65,68,63,65,64,6d,64,65,62,62,
     63,68,6a,62,6c,63,6e,62,69,65,61,6a,67,66,6c,61,6c,63,68,62,68,65,6a,6a,66,\
  "bbehjcdkbnfajfgdfihohincaleghhekpfol"=hex:61,62,64,62,64,6c,69,70,6b,6c,6e,6d,
     64,66,6e,6c,6a,6c,70,6d,6f,6a,68,6b,6b,6e,6f,65,66,61,70,69,66,65,00,6a
  .
  [HKEY_USERS\S-1-5-21-2052111302-1614895754-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8F011243-2BF9-227A-A86C-B3C19DB5E2C4}*]
  @Allowed: (Read) (RestrictedCode)
  @Allowed: (Read) (RestrictedCode)
  "iabdoenbheaognkbme"=hex:6a,61,66,6d,68,6f,63,70,6e,62,6b,61,6a,66,6b,65,6a,66,
     69,6a,00,00
  "halndhddfkcbdame"=hex:6b,61,66,6d,63,6f,6a,6f,67,65,6a,6e,68,66,6d,61,6f,65,
     61,69,63,6e,00,00
  "iafcfikbniidmfemlf"=hex:63,61,64,6d,6f,6f,00,7c
  
  
• Save this as CFScript.txt, in the same location as ComboFix.exe
  
  
  
  
• Referring to the picture above, drag CFScript into ComboFix.exe
• When finished, it shall produce a log for you at C:\ComboFix.txt
  
• Please post the contents of the log in your next reply.

[paulwilko10]

Hiya Dave

Just to let you know that I decided to rebuild my pc.

I have wanted to do that for a while now and the way we were struggling to solve this issue, thought now was as good a time as any.

Just like to say thx for all your help and if i have any such issues again, would not hesitate to ask for your help

Once again

Thanks

Paul

[SuperDave]

Ok Paul. If that is your wish. I will lock this thread. If you need it re-opened, please send me a pm.