Author Topic: Re: CID Pop-ups ?? (Read 8969 times)

evilfantasy · « **Reply #15 on:** April 30, 2009, 04:27:10 PM »

Disable your antivirus and antimalware programs so they do not interfere with the running of Lop S&D.

Double click LopSD.exe - If you are using Windows Vista, right-click on the LopSD icon and select Run as administrator to perform this scan.

Choose the language by typing of the corresponding letter and press Enter
Click OK at the informative window.
Type 2 to choose Option 2 (Delete with Hosts File Restore), then press Enter
Wait until the end of the scan.
A report will be generated, post the contents of it in your next reply.

----------

Trisha · « **Reply #16 on:** April 30, 2009, 04:45:34 PM »

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : AMD Athlon(tm)64 X2 Dual Core Processor 4400+ )
BIOS : BIOS Date: 10/26/06 18:30:08 Ver: 08.00.12
USER : Andy ( Administrator )
BOOT : Normal boot
Antivirus : AVG Anti-Virus Free 8.0 (Activated)
C:\ (Local Disk) - NTFS - Total:74 Go (Free:9 Go)
D:\ (CD or DVD)
E:\ (Local Disk) - NTFS - Total:232 Go (Free:177 Go)
J:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [2] ( Thu 04/30/2009|17:48 )

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ FIX

Deleted! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\INTERNET SPAM SUPPORT AUDIO\BLUE INFO.dat
Deleted! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\INTERNET SPAM SUPPORT AUDIO\BLUE INFO.exe
Deleted! - C:\WINDOWS\Tasks\8069061C808AB104.job
Deleted! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\INTERNET SPAM SUPPORT AUDIO
Deleted! - C:\Program Files\signba~1
-
[ Hosts file ] .. Restored!

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

Deleted! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

--------------------\\ Listing folders in APPLIC~1

[04/13/2009|11:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> {7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
[10/31/2008|10:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> {D5ABFFAD-D592-4F98-B02B-587125B4801F}
[12/27/2008|12:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> acccore
[01/09/2009|10:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe
[07/20/2008|09:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Ahead
[12/27/2008|12:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AIM Toolbar
[12/27/2008|12:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL
[12/27/2008|12:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL OCP
[07/11/2008|11:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple
[07/11/2008|11:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple Computer
[03/02/2009|12:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Autodesk
[01/31/2009|09:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Avg8
[10/31/2008|09:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AVS4YOU
[02/06/2009|11:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> BufferZone
[07/20/2008|11:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> CyberLink
[02/06/2009|11:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> DassaultSystemes
[10/31/2008|10:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> DriverScanner
[01/09/2009|10:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> FLEXnet
[04/27/2009|12:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> FloodLightGames
[11/27/2008|09:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Google
[04/30/2009|11:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Google Updater
[11/27/2008|12:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> IM
[11/27/2008|12:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> IncrediMail
[08/27/2008|09:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> InstallShield
[12/11/2008|01:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> InterAction studios
[12/11/2008|02:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> iWin Games
[07/11/2008|11:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Lavasoft
[08/27/2008|07:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> LightScribe
[03/26/2009|10:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> LogiShrd
[03/26/2009|10:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Logitech
[12/28/2008|05:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Macrovision
[04/30/2009|03:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Malwarebytes
[03/14/2009|01:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft
[11/12/2008|04:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> NeoEdge Networks
[07/20/2008|09:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Nero
[07/20/2008|08:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> nView_Profiles
[08/03/2008|01:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> PC Drivers HeadQuarters
[04/27/2009|03:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> PlayFirst
[04/27/2009|03:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> RealArcade
[08/27/2008|09:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Roxio
[08/27/2008|09:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Sonic
[10/29/2008|10:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SonyPicturesGames
[04/15/2009|01:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Spybot - Search & Destroy
[04/30/2009|12:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SUPERAntiSpyware.com
[04/28/2009|06:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> TEMP
[07/29/2008|03:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Trymedia
[07/11/2008|11:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage
[02/10/2009|02:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Yahoo!
[01/19/2009|03:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Yahoo! Companion

[12/27/2008|12:57] C:\DOCUME~1\Andy\APPLIC~1\<DIR> acccore
[01/10/2009|09:07] C:\DOCUME~1\Andy\APPLIC~1\<DIR> Adobe
[01/15/2009|04:09] C:\DOCUME~1\Andy\APPLIC~1\<DIR> Ahead
[08/06/2008|08:22] C:\DOCUME~1\Andy\APPLIC~1\<DIR> Apple Computer
[07/12/2008|01:33] C:\DOCUME~1\Andy\APPLIC~1\<DIR> Auslogics
[03/02/2009|12:47] C:\DOCUME~1\Andy\APPLIC~1\<DIR> Autodesk
[10/31/2008|09:34] C:\DOCUME~1\Andy\APPLIC~1\<DIR> AVS4YOU
[07/11/2008|11:50] C:\DOCUME~1\Andy\APPLIC~1\<DIR> Camtech
[01/03/2009|08:50] C:\DOCUME~1\Andy\APPLIC~1\<DIR> com.adobe.mauby.4875E02D9FB21EE389F73B8 D1702B320485DF8CE.1
[07/21/2008|12:23] C:\DOCUME~1\Andy\APPLIC~1\<DIR> CyberLink
[02/06/2009|11:52] C:\DOCUME~1\Andy\APPLIC~1\<DIR> DassaultSystemes
[07/30/2008|06:57] C:\DOCUME~1\Andy\APPLIC~1\<DIR> DivX
[03/16/2009|10:56] C:\DOCUME~1\Andy\APPLIC~1\<DIR> dvdcss
[02/06/2009|11:52] C:\DOCUME~1\Andy\APPLIC~1\<DIR> EDrawings
[04/27/2009|12:32] C:\DOCUME~1\Andy\APPLIC~1\<DIR> FloodLightGames
[07/22/2008|10:12] C:\DOCUME~1\Andy\APPLIC~1\<DIR> Google
[01/01/2009|10:31] C:\DOCUME~1\Andy\APPLIC~1\<DIR> Help
[07/11/2008|10:04] C:\DOCUME~1\Andy\APPLIC~1\<DIR> Identities
[03/26/2009|10:16] C:\DOCUME~1\Andy\APPLIC~1\<DIR> InstallShield
[04/15/2009|12:32] C:\DOCUME~1\Andy\APPLIC~1\<DIR> Joost
[03/26/2009|10:17] C:\DOCUME~1\Andy\APPLIC~1\<DIR> Logitech
[11/12/2008|04:15] C:\DOCUME~1\Andy\APPLIC~1\<DIR> Macromedia
[04/30/2009|03:04] C:\DOCUME~1\Andy\APPLIC~1\<DIR> Malwarebytes
[10/31/2008|09:45] C:\DOCUME~1\Andy\APPLIC~1\<DIR> Media Player Classic
[01/18/2009|12:36] C:\DOCUME~1\Andy\APPLIC~1\<DIR> Microsoft
[10/17/2008|10:32] C:\DOCUME~1\Andy\APPLIC~1\<DIR> Move Networks
[07/11/2008|11:37] C:\DOCUME~1\Andy\APPLIC~1\<DIR> Mozilla
[04/30/2009|05:36] C:\DOCUME~1\Andy\APPLIC~1\<DIR> OpenOffice.org2
[04/27/2009|03:48] C:\DOCUME~1\Andy\APPLIC~1\<DIR> PlayFirst
[03/20/2009|12:41] C:\DOCUME~1\Andy\APPLIC~1\<DIR> Roxio
[07/11/2008|11:19] C:\DOCUME~1\Andy\APPLIC~1\<DIR> Sun
[04/30/2009|12:28] C:\DOCUME~1\Andy\APPLIC~1\<DIR> SUPERAntiSpyware.com
[04/22/2009|10:19] C:\DOCUME~1\Andy\APPLIC~1\<DIR> U3
[10/31/2008|10:05] C:\DOCUME~1\Andy\APPLIC~1\<DIR> Uniblue
[04/13/2009|02:31] C:\DOCUME~1\Andy\APPLIC~1\<DIR> vlc
[12/06/2008|10:54] C:\DOCUME~1\Andy\APPLIC~1\<DIR> Vso
[10/30/2008|09:42] C:\DOCUME~1\Andy\APPLIC~1\<DIR> Yahoo!

[07/11/2008|09:58] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft

[01/18/2009|12:36] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft
[08/27/2008|09:28] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Roxio

[01/18/2009|12:36] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[04/27/2009 11:48 PM][--a------] C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[04/30/2009 05:20 PM][--a------] C:\WINDOWS\tasks\Google Software Updater.job
[04/30/2009 01:40 AM][--a------] C:\WINDOWS\tasks\Norton Security Scan for Andy.job
[04/30/2009 05:22 PM][--ah-----] C:\WINDOWS\tasks\MP Scheduled Scan.job
[04/30/2009 05:19 PM][--ah-----] C:\WINDOWS\tasks\SA.DAT
[08/04/2004 07:00 AM][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Program Files

[01/09/2009|10:24] C:\Program Files\<DIR> Adobe
[12/27/2008|12:57] C:\Program Files\<DIR> AIM Toolbar
[12/27/2008|12:57] C:\Program Files\<DIR> AIM6
[07/11/2008|10:56] C:\Program Files\<DIR> Analog Devices
[04/13/2009|11:43] C:\Program Files\<DIR> Angle Interactive
[03/02/2009|12:47] C:\Program Files\<DIR> AnswerWorks 4.0
[07/11/2008|11:40] C:\Program Files\<DIR> Apple Software Update
[07/23/2008|10:09] C:\Program Files\<DIR> Ares
[07/11/2008|11:49] C:\Program Files\<DIR> Auslogics
[03/02/2009|12:00] C:\Program Files\<DIR> AutoCAD 2004
[03/02/2009|12:49] C:\Program Files\<DIR> Autodesk
[07/11/2008|11:11] C:\Program Files\<DIR> AVG
[01/18/2009|12:07] C:\Program Files\<DIR> AVS4YOU
[07/11/2008|11:41] C:\Program Files\<DIR> Bonjour
[07/11/2008|11:50] C:\Program Files\<DIR> Camtech
[07/11/2008|11:43] C:\Program Files\<DIR> CCleaner
[04/30/2009|02:51] C:\Program Files\<DIR> Common Files
[07/11/2008|09:55] C:\Program Files\<DIR> ComPlus Applications
[07/20/2008|11:07] C:\Program Files\<DIR> CyberLink
[11/02/2008|11:53] C:\Program Files\<DIR> DIFX
[04/12/2009|04:48] C:\Program Files\<DIR> DivX
[01/14/2009|09:17] C:\Program Files\<DIR> dvd43
[11/19/2008|03:43] C:\Program Files\<DIR> DVDFab 5
[01/03/2009|08:42] C:\Program Files\<DIR> ElcomSoft
[04/30/2009|12:12] C:\Program Files\<DIR> EsetOnlineScanner
[11/27/2008|09:40] C:\Program Files\<DIR> Google
[03/26/2009|10:16] C:\Program Files\<DIR> InstallShield Installation Information
[03/27/2009|09:52] C:\Program Files\<DIR> Intel Desktop Board
[08/27/2008|09:28] C:\Program Files\<DIR> InterActual
[04/30/2009|09:15] C:\Program Files\<DIR> Internet Explorer
[07/11/2008|11:50] C:\Program Files\<DIR> IObit
[07/11/2008|11:41] C:\Program Files\<DIR> iPod
[07/11/2008|11:41] C:\Program Files\<DIR> iTunes
[04/30/2009|03:41] C:\Program Files\<DIR> Java
[07/20/2008|11:31] C:\Program Files\<DIR> Joost
[11/09/2008|12:01] C:\Program Files\<DIR> JoshMadison
[04/13/2009|11:42] C:\Program Files\<DIR> Lavasoft
[03/26/2009|10:16] C:\Program Files\<DIR> Logitech
[11/02/2008|11:55] C:\Program Files\<DIR> LogWorks3
[04/30/2009|03:03] C:\Program Files\<DIR> Malwarebytes' Anti-Malware
[08/14/2008|07:43] C:\Program Files\<DIR> Messenger
[03/14/2009|01:48] C:\Program Files\<DIR> Microsoft
[07/11/2008|09:58] C:\Program Files\<DIR> microsoft frontpage
[12/27/2008|02:01] C:\Program Files\<DIR> Microsoft Office
[04/21/2009|03:47] C:\Program Files\<DIR> Microsoft Silverlight
[07/11/2008|10:41] C:\Program Files\<DIR> Movie Maker
[04/29/2009|08:06] C:\Program Files\<DIR> Mozilla Firefox
[04/30/2009|09:18] C:\Program Files\<DIR> MSBuild
[11/09/2008|10:10] C:\Program Files\<DIR> MSECache
[03/14/2009|01:47] C:\Program Files\<DIR> MSN
[07/11/2008|09:55] C:\Program Files\<DIR> MSN Gaming Zone
[07/21/2008|08:40] C:\Program Files\<DIR> MSXML 4.0
[07/12/2008|07:45] C:\Program Files\<DIR> Nero
[08/24/2008|01:09] C:\Program Files\<DIR> NETGEAR
[07/11/2008|10:40] C:\Program Files\<DIR> NetMeeting
[04/30/2009|05:19] C:\Program Files\<DIR> NoAdware
[04/29/2009|10:00] C:\Program Files\<DIR> Norton Security Scan
[04/28/2009|06:14] C:\Program Files\<DIR> Oberon Media
[07/11/2008|09:55] C:\Program Files\<DIR> Online Services
[11/02/2008|11:52] C:\Program Files\<DIR> OpenECU
[07/11/2008|11:42] C:\Program Files\<DIR> OpenOffice.org 2.4
[07/11/2008|10:40] C:\Program Files\<DIR> Outlook Express
[12/27/2008|12:48] C:\Program Files\<DIR> OU-VPN
[03/26/2009|09:56] C:\Program Files\<DIR> PC Drivers HeadQuarters
[07/11/2008|11:40] C:\Program Files\<DIR> QuickTime
[04/27/2009|04:51] C:\Program Files\<DIR> RealArcade
[04/30/2009|09:18] C:\Program Files\<DIR> Reference Assemblies
[11/02/2008|11:49] C:\Program Files\<DIR> RomRaider
[08/27/2008|09:06] C:\Program Files\<DIR> Roxio
[08/27/2008|09:05] C:\Program Files\<DIR> SightSpeed
[07/11/2008|11:44] C:\Program Files\<DIR> Spybot - Search & Destroy
[08/04/2008|07:49] C:\Program Files\<DIR> Super DVD Creator 8.5
[04/30/2009|12:28] C:\Program Files\<DIR> SUPERAntiSpyware
[08/05/2008|11:19] C:\Program Files\<DIR> SystemRequirementsLab
[04/30/2009|03:58] C:\Program Files\<DIR> Trend Micro
[07/21/2008|11:15] C:\Program Files\<DIR> TVAnts
[10/31/2008|10:05] C:\Program Files\<DIR> Uniblue
[03/27/2009|09:54] C:\Program Files\<DIR> Unibrain
[12/27/2008|02:06] C:\Program Files\<DIR> Uninstall Information
[10/31/2008|12:22] C:\Program Files\<DIR> VideoLAN
[04/30/2009|05:48] C:\Program Files\<DIR> Viewpoint
[07/11/2008|11:54] C:\Program Files\<DIR> Windows Defender
[07/12/2008|12:45] C:\Program Files\<DIR> Windows Media Connect 2
[07/12/2008|12:45] C:\Program Files\<DIR> Windows Media Player
[07/11/2008|10:40] C:\Program Files\<DIR> Windows NT
[07/11/2008|09:57] C:\Program Files\<DIR> WindowsUpdate
[08/29/2008|07:39] C:\Program Files\<DIR> WMPCI54G WLAN Monitor
[07/11/2008|09:58] C:\Program Files\<DIR> xerox
[08/27/2008|09:05] C:\Program Files\<DIR> Xingtone
[10/31/2008|09:44] C:\Program Files\<DIR> XP Codec Pack
[04/13/2009|01:10] C:\Program Files\<DIR> XtalViD-Codec
[04/13/2009|02:21] C:\Program Files\<DIR> Xvid
[04/13/2009|12:51] C:\Program Files\<DIR> Xvid Decoder
[02/10/2009|02:27] C:\Program Files\<DIR> Yahoo!

--------------------\\ Listing Folders in C:\Program Files\Common Files

[01/09/2009|10:27] C:\Program Files\Common Files\<DIR> Adobe
[07/19/2008|09:14] C:\Program Files\Common Files\<DIR> Adobe AIR
[07/29/2008|03:48] C:\Program Files\Common Files\<DIR> Ahead
[12/27/2008|12:56] C:\Program Files\Common Files\<DIR> AOL
[07/11/2008|11:40] C:\Program Files\Common Files\<DIR> Apple
[03/02/2009|12:51] C:\Program Files\Common Files\<DIR> Autodesk Shared
[01/18/2009|12:07] C:\Program Files\Common Files\<DIR> AVSMedia
[12/27/2008|02:02] C:\Program Files\Common Files\<DIR> Designer
[12/27/2008|12:48] C:\Program Files\Common Files\<DIR> Deterministic Networks
[04/12/2009|04:47] C:\Program Files\Common Files\<DIR> DivX Shared
[08/27/2008|08:55] C:\Program Files\Common Files\<DIR> InstallShield
[07/11/2008|11:20] C:\Program Files\Common Files\<DIR> Java
[07/19/2008|11:05] C:\Program Files\Common Files\<DIR> LightScribe
[03/27/2009|09:43] C:\Program Files\Common Files\<DIR> Logitech
[03/02/2009|12:00] C:\Program Files\Common Files\<DIR> Macrovision Shared
[12/27/2008|02:02] C:\Program Files\Common Files\<DIR> Microsoft Shared
[07/11/2008|09:56] C:\Program Files\Common Files\<DIR> MSSoap
[07/11/2008|04:48] C:\Program Files\Common Files\<DIR> ODBC
[08/27/2008|08:55] C:\Program Files\Common Files\<DIR> Roxio Shared
[07/11/2008|09:56] C:\Program Files\Common Files\<DIR> Services
[08/27/2008|08:55] C:\Program Files\Common Files\<DIR> SightSpeed
[12/27/2008|12:57] C:\Program Files\Common Files\<DIR> Software Update Utility
[02/06/2009|11:42] C:\Program Files\Common Files\<DIR> SolidWorks Shared
[08/27/2008|09:06] C:\Program Files\Common Files\<DIR> Sonic Shared
[07/11/2008|04:48] C:\Program Files\Common Files\<DIR> SpeechEngines
[08/27/2008|09:06] C:\Program Files\Common Files\<DIR> SureThing Shared
[04/26/2009|10:01] C:\Program Files\Common Files\<DIR> Symantec Shared
[07/11/2008|10:40] C:\Program Files\Common Files\<DIR> System
[04/30/2009|12:27] C:\Program Files\Common Files\<DIR> Wise Installation Wizard

--------------------\\ Process

( 62 Processes )

... OK !

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

No Lop folder found !

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN

--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-30 17:49:18
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Searching for other infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\Andy\My Documents\My Pictures\heads crack.jpg

[F:5][D:2]-> C:\DOCUME~1\Andy\LOCALS~1\Temp
[F:24][D:0]-> C:\DOCUME~1\Andy\Cookies
[F:193][D:7]-> C:\DOCUME~1\Andy\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - Thu 04/30/2009|16:23 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - Thu 04/30/2009|17:50 - Option : [2]

--------------------\\ Scan completed at 17:50:28

Trisha · « **Reply #17 on:** April 30, 2009, 04:49:06 PM »

ok now what ??
when can i just blow this thing (computer) up ?? or is their hope for it yet ??

evilfantasy · « **Reply #18 on:** April 30, 2009, 04:52:11 PM »

It's looking better so far. Hopefully we can finish up in a few more steps.

Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.

Link #1
Link #2

**Note: It is important that it is saved directly to your Desktop

Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Double click combofix.exe & follow the prompts.
When finished ComboFix will produce a log for you.
Post the ComboFix log in your next reply.

Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.

If you have problems with ComboFix usage, see How to use ComboFix

Also let me know if you are still getting the popups and how the computer is running.

Trisha · « **Reply #19 on:** April 30, 2009, 04:56:48 PM »

you are such a blessing thank you
i will let you know
not sure if i still want to kill the computer or the boyfriend just yet

evilfantasy · « **Reply #20 on:** April 30, 2009, 05:01:18 PM »

The computer didn't do it by itself...

Trisha · « **Reply #21 on:** April 30, 2009, 05:44:18 PM »

i know but who ever is doing the downloading of the code stuff i m fixing to put a Knot on his head ha ha any way i have the 2 logs here tComboFix 09-04-30.05 - Andy 04/30/2009 18:41.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1983.1418 [GMT -5:00]
Running from: c:\documents and settings\Andy\Desktop\ComboFix.exe1.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
.

((((((((((((((((((((((((( Files Created from 2009-03-28 to 2009-04-30 )))))))))))))))))))))))))))))))
.

2009-04-30 22:08 . 2009-04-30 22:08   --------   d-----w   C:\_OTMoveIt
2009-04-30 21:19 . 2009-04-30 22:50   --------   d-----w   C:\Lop SD
2009-04-30 20:49 . 2009-04-30 20:58   --------   d-----w   c:\program files\Trend Micro
2009-04-30 20:04 . 2009-04-30 20:04   --------   d-----w   c:\documents and settings\Andy\Application Data\Malwarebytes
2009-04-30 20:03 . 2009-04-06 20:32   15504   ----a-w   c:\windows\system32\drivers\mbam.sys
2009-04-30 20:03 . 2009-04-06 20:32   38496   ----a-w   c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-30 20:03 . 2009-04-30 20:03   --------   d-----w   c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-30 20:03 . 2009-04-30 20:03   --------   d-----w   c:\program files\Malwarebytes' Anti-Malware
2009-04-30 19:41 . 2009-04-30 22:19   --------   d-----w   c:\program files\NoAdware
2009-04-30 17:28 . 2009-04-30 17:28   --------   d-----w   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-04-30 17:28 . 2009-04-30 17:28   --------   d-----w   c:\program files\SUPERAntiSpyware
2009-04-30 17:28 . 2009-04-30 17:28   --------   d-----w   c:\documents and settings\Andy\Application Data\SUPERAntiSpyware.com
2009-04-30 17:27 . 2009-04-30 17:27   --------   d-----w   c:\program files\Common Files\Wise Installation Wizard
2009-04-30 15:31 . 2009-04-30 17:12   --------   d-----w   c:\program files\EsetOnlineScanner
2009-04-30 14:19 . 2009-04-30 14:19   --------   d-----w   c:\windows\system32\XPSViewer
2009-04-30 14:18 . 2009-04-30 14:18   --------   d-----w   c:\program files\MSBuild
2009-04-30 14:18 . 2009-04-30 14:18   --------   d-----w   c:\program files\Reference Assemblies
2009-04-30 14:18 . 2008-07-06 12:06   117760   ------w   c:\windows\system32\prntvpt.dll
2009-04-30 14:18 . 2008-07-06 12:06   89088   -c----w   c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-04-30 14:18 . 2008-07-06 10:50   597504   -c----w   c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-04-30 14:18 . 2008-07-06 12:06   575488   -c----w   c:\windows\system32\dllcache\xpsshhdr.dll
2009-04-30 14:18 . 2008-07-06 12:06   575488   ------w   c:\windows\system32\xpsshhdr.dll
2009-04-30 14:18 . 2008-07-06 12:06   1676288   -c----w   c:\windows\system32\dllcache\xpssvcs.dll
2009-04-30 14:18 . 2008-07-06 12:06   1676288   ------w   c:\windows\system32\xpssvcs.dll
2009-04-30 14:18 . 2009-04-30 14:21   --------   d-----w   c:\windows\SxsCaPendDel
2009-04-27 20:48 . 2009-04-27 20:48   --------   d-----w   c:\documents and settings\Andy\Application Data\PlayFirst
2009-04-27 20:48 . 2009-04-27 20:48   --------   d-----w   c:\documents and settings\All Users\Application Data\PlayFirst
2009-04-27 20:47 . 2009-04-27 21:51   --------   d-----w   C:\My Games
2009-04-27 20:47 . 2009-04-27 20:47   --------   d-----w   c:\documents and settings\All Users\Application Data\RealArcade
2009-04-27 20:47 . 2009-04-27 20:47   --------   d-----w   C:\users
2009-04-27 20:46 . 2009-04-27 21:51   --------   d-----w   c:\program files\RealArcade
2009-04-27 17:32 . 2009-04-27 17:32   --------   d-----w   c:\documents and settings\All Users\Application Data\FloodLightGames
2009-04-27 17:32 . 2009-04-27 17:32   --------   d-----w   c:\documents and settings\Andy\Saved Games
2009-04-27 17:32 . 2009-04-27 17:32   --------   d-----w   c:\documents and settings\Andy\Application Data\FloodLightGames
2009-04-21 04:48 . 2009-04-21 04:48   --------   d-sh--w   c:\documents and settings\NetworkService\IETldCache
2009-04-20 04:28 . 2009-04-20 04:28   --------   d-sh--w   c:\documents and settings\Andy\IECompatCache
2009-04-20 04:22 . 2009-04-20 04:22   --------   d-sh--w   c:\documents and settings\Andy\PrivacIE
2009-04-20 04:19 . 2009-04-20 04:19   --------   d-sh--w   c:\documents and settings\LocalService\IETldCache
2009-04-20 04:19 . 2009-04-20 04:19   --------   d-sh--w   c:\documents and settings\Andy\IETldCache
2009-04-20 04:18 . 2009-04-20 04:18   --------   d-----w   c:\windows\ie8updates
2009-04-20 04:16 . 2009-04-20 04:16   --------   dc-h--w   c:\windows\ie8
2009-04-20 04:14 . 2009-02-28 04:55   105984   -c----w   c:\windows\system32\dllcache\iecompat.dll
2009-04-16 17:04 . 2009-03-06 14:22   284160   -c----w   c:\windows\system32\dllcache\pdh.dll
2009-04-16 17:04 . 2009-02-09 12:10   401408   -c----w   c:\windows\system32\dllcache\rpcss.dll
2009-04-16 17:04 . 2009-02-06 11:11   110592   -c----w   c:\windows\system32\dllcache\services.exe
2009-04-16 17:04 . 2009-02-09 12:10   473600   -c----w   c:\windows\system32\dllcache\fastprox.dll
2009-04-16 17:04 . 2009-02-06 10:10   227840   -c----w   c:\windows\system32\dllcache\wmiprvse.exe
2009-04-16 17:04 . 2009-02-09 12:10   453120   -c----w   c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-16 17:04 . 2009-02-09 12:10   729088   -c----w   c:\windows\system32\dllcache\lsasrv.dll
2009-04-16 17:04 . 2009-02-09 12:10   617472   -c----w   c:\windows\system32\dllcache\advapi32.dll
2009-04-16 17:04 . 2009-02-09 12:10   714752   -c----w   c:\windows\system32\dllcache\ntdll.dll
2009-04-16 17:04 . 2008-05-03 11:55   2560   ------w   c:\windows\system32\xpsp4res.dll
2009-04-16 17:04 . 2008-04-21 12:08   215552   -c----w   c:\windows\system32\dllcache\wordpad.exe
2009-04-15 05:32 . 2009-04-15 05:32   --------   d-----w   c:\documents and settings\Andy\Application Data\Joost
2009-04-15 05:32 . 2009-04-15 05:32   --------   d-----w   c:\documents and settings\Andy\Local Settings\Application Data\Joost
2009-04-14 12:23 . 2009-03-09 19:06   15688   ----a-w   c:\windows\system32\lsdelete.exe
2009-04-14 04:48 . 2009-04-28 04:48   64160   ----a-w   c:\windows\system32\drivers\Lbd.sys
2009-04-14 04:43 . 2009-04-30 22:15   --------   d-----w   C:\ProgramData
2009-04-14 04:43 . 2009-04-14 04:43   --------   d-----w   c:\program files\Angle Interactive
2009-04-14 04:42 . 2009-04-14 04:42   --------   dc-h--w   c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-04-14 04:42 . 2009-04-14 04:42   --------   d-----w   c:\program files\Lavasoft
2009-04-13 07:38 . 2009-04-13 07:38   --------   d-----w   c:\windows\system32\help
2009-04-13 07:21 . 2008-12-05 02:42   815104   ----a-w   c:\windows\system32\xvidcore.dll
2009-04-13 07:21 . 2008-12-05 02:46   180224   ----a-w   c:\windows\system32\xvidvfw.dll
2009-04-13 07:21 . 2009-04-13 07:21   --------   d-----w   c:\program files\Xvid
2009-04-13 07:07 . 2009-04-13 07:31   --------   d-----w   c:\documents and settings\Andy\Application Data\vlc
2009-04-13 06:08 . 2009-04-13 06:10   --------   d-----w   c:\program files\XtalViD-Codec
2009-04-13 05:45 . 2009-04-13 05:51   --------   d-----w   c:\program files\Xvid Decoder
2009-04-12 21:47 . 2009-04-12 21:47   --------   d-----w   c:\program files\Common Files\DivX Shared
2009-04-10 16:39 . 2009-04-28 23:14   --------   d-----w   c:\program files\Oberon Media

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-30 22:48 . 2008-12-27 17:57   --------   d-----w   c:\program files\Viewpoint
2009-04-30 22:22 . 2008-07-12 04:54   67848   ----a-w   c:\documents and settings\Andy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-30 20:41 . 2008-07-12 04:20   --------   d-----w   c:\program files\Java
2009-04-30 03:00 . 2009-02-15 14:52   --------   d-----w   c:\program files\Norton Security Scan
2009-04-27 03:01 . 2009-02-15 14:52   --------   d-----w   c:\program files\Common Files\Symantec Shared
2009-04-21 20:47 . 2008-08-04 04:34   --------   d-----w   c:\program files\Microsoft Silverlight
2009-04-12 21:48 . 2008-07-30 11:49   --------   d-----w   c:\program files\DivX
2009-03-28 02:54 . 2009-03-28 02:54   --------   d-----w   c:\program files\Unibrain
2009-03-28 02:52 . 2009-03-28 02:52   --------   d-----w   c:\program files\Intel Desktop Board
2009-03-28 02:43 . 2009-03-27 03:16   --------   d-----w   c:\program files\Common Files\Logitech
2009-03-27 03:17 . 2009-03-27 03:17   0   ---ha-w   c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2009-03-27 03:17 . 2009-03-27 03:17   0   ---ha-w   c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-03-27 03:16 . 2009-03-27 03:16   --------   d-----w   c:\program files\Logitech
2009-03-27 03:16 . 2008-07-12 03:56   --------   d--h--w   c:\program files\InstallShield Installation Information
2009-03-27 02:56 . 2009-03-27 02:56   --------   d-----w   c:\program files\PC Drivers HeadQuarters
2009-03-14 06:48 . 2009-03-14 06:48   --------   d-----w   c:\program files\Microsoft
2009-03-14 06:47 . 2009-01-18 03:28   410984   ----a-w   c:\windows\system32\deploytk.dll
2009-03-08 09:34 . 2004-08-04 12:00   914944   ----a-w   c:\windows\system32\wininet.dll
2009-03-08 09:34 . 2004-08-04 12:00   43008   ----a-w   c:\windows\system32\licmgr10.dll
2009-03-08 09:33 . 2004-08-04 12:00   18944   ----a-w   c:\windows\system32\corpol.dll
2009-03-08 09:33 . 2004-08-04 12:00   420352   ----a-w   c:\windows\system32\vbscript.dll
2009-03-08 09:32 . 2004-08-04 12:00   72704   ----a-w   c:\windows\system32\admparse.dll
2009-03-08 09:32 . 2004-08-04 12:00   71680   ----a-w   c:\windows\system32\iesetup.dll
2009-03-08 09:31 . 2004-08-04 12:00   34816   ----a-w   c:\windows\system32\imgutil.dll
2009-03-08 09:31 . 2004-08-04 12:00   48128   ----a-w   c:\windows\system32\mshtmler.dll
2009-03-08 09:31 . 2004-08-04 12:00   45568   ----a-w   c:\windows\system32\mshta.exe
2009-03-08 09:22 . 2004-08-04 12:00   156160   ----a-w   c:\windows\system32\msls31.dll
2009-03-06 14:22 . 2004-08-04 12:00   284160   ----a-w   c:\windows\system32\pdh.dll
2009-03-02 05:51 . 2008-12-27 19:05   --------   d-----w   c:\program files\Common Files\Autodesk Shared
2009-03-02 05:49 . 2008-12-27 19:05   --------   d-----w   c:\program files\Autodesk
2009-03-02 05:47 . 2008-12-28 09:42   --------   d-----w   c:\program files\AnswerWorks 4.0
2009-03-02 05:00 . 2008-12-28 09:41   --------   d-----w   c:\program files\AutoCAD 2004
2009-03-02 05:00 . 2009-01-08 04:58   --------   d-----w   c:\program files\Common Files\Macrovision Shared
2009-02-24 19:34 . 2009-02-24 19:34   90112   ----a-w   c:\windows\system32\dpl100.dll
2009-02-24 19:34 . 2009-02-24 19:34   823296   ----a-w   c:\windows\system32\divx_xx0c.dll
2009-02-24 19:34 . 2009-02-24 19:34   823296   ----a-w   c:\windows\system32\divx_xx07.dll
2009-02-24 19:34 . 2009-02-24 19:34   815104   ----a-w   c:\windows\system32\divx_xx0a.dll
2009-02-24 19:34 . 2009-02-24 19:34   802816   ----a-w   c:\windows\system32\divx_xx11.dll
2009-02-24 19:34 . 2009-02-24 19:34   684032   ----a-w   c:\windows\system32\DivX.dll
2009-02-17 04:17 . 2008-07-12 03:52   453152   ----a-w   c:\windows\system32\NVUNINST.EXE
2009-02-09 12:10 . 2004-08-04 12:00   729088   ----a-w   c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2004-08-04 12:00   714752   ----a-w   c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2004-08-04 12:00   617472   ----a-w   c:\windows\system32\advapi32.dll
2009-02-09 12:10 . 2004-08-04 12:00   401408   ----a-w   c:\windows\system32\rpcss.dll
2009-02-09 11:13 . 2004-08-04 12:00   1846784   ----a-w   c:\windows\system32\win32k.sys
2009-02-06 11:11 . 2004-08-04 12:00   110592   ----a-w   c:\windows\system32\services.exe
2009-02-06 11:06 . 2004-08-04 12:00   2145280   ----a-w   c:\windows\system32\ntoskrnl.exe
2009-02-06 10:39 . 2004-08-04 12:00   35328   ----a-w   c:\windows\system32\sc.exe
2009-02-06 10:32 . 2004-08-03 22:59   2023936   ----a-w   c:\windows\system32\ntkrnlpa.exe
2009-02-03 19:59 . 2004-08-04 12:00   56832   ----a-w   c:\windows\system32\secur32.dll
2009-01-31 14:19 . 2009-01-18 17:38   10520   ----a-w   c:\windows\system32\avgrsstx.dll
2009-01-31 14:19 . 2009-01-18 17:38   325128   ----a-w   c:\windows\system32\drivers\avgldx86.sys
2009-01-31 14:18 . 2009-01-18 17:38   107272   ----a-w   c:\windows\system32\drivers\avgtdix.sys
2009-02-24 19:34 . 2009-02-24 19:34   1044480   ----a-w   c:\program files\mozilla firefox\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34   200704   ----a-w   c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-04-30_23.16.36 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-30 23:30 . 2009-04-30 23:30   16384 c:\windows\Temp\Perflib_Perfdata_148.dat
+ 2008-07-11 21:48 . 2009-04-30 23:30   259840 c:\windows\system32\FNTCACHE.DAT
- 2008-07-11 21:48 . 2009-04-30 14:21   259840 c:\windows\system32\FNTCACHE.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2008-01-22 152872]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-02-20 4363504]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-23 68856]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-04-28 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-18 13680640]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-07-12 925696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-03 116040]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-09 289064]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-05-28 570664]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-11-01 32768]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-08-10 221184]
"DMXLauncher"="c:\program files\Roxio\Media Experience\DMXLauncher.exe" [2006-08-14 102400]
"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-07-31 1116920]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2009-02-27 38768]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-02-27 640376]
"dvd43"="c:\program files\dvd43\dvd43_tray.exe" [2008-11-18 827904]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-31 1601304]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-14 148888]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-18 86016]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-04-28 516440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-02-18 1657376]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2007-04-11 56080]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-3-27 692224]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 17:05   356352   ----a-w   c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-01-31 14:19   10520   ----a-w   c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^The University of Oklahoma OU-VPN Client.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\The University of Oklahoma OU-VPN Client.lnk
backup=c:\windows\pss\The University of Oklahoma OU-VPN Client.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Joost\\xulrunner\\tvprunner.exe"=

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-04-28 953168]
R3 AWINDIS5;AWINDIS5 Protocol Driver;c:\windows\system32\AWINDIS5.SYS [2002-04-11 16194]
R3 EraserUtilDrv10910;EraserUtilDrv10910;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10910.sys [2009-04-27 101936]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-04-28 64160]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-01-31 325128]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-01-31 107272]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-04-28 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-04-28 72944]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-01-31 903960]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-31 298264]
S2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
S2 ubsbm;Unibrain 1394 SBM Driver;c:\windows\system32\DRIVERS\ubsbm.sys [2005-07-27 14080]
S2 ubumapi;Unibrain 1394 FireAPI Driver;c:\windows\system32\DRIVERS\ubumapi.sys [2005-07-27 36352]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-04 13592]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-04-28 7408]
S3 ubohci;Unibrain 1394 OHCI Driver;c:\windows\system32\DRIVERS\ubohci.sys [2005-07-27 77056]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
\Shell\AutoRun\command - K:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b8c6579c-598d-11dd-8679-0016b6531647}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-04-28 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 04:48]

2009-04-30 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-07-23 23:00]

2009-04-30 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]

2009-04-30 c:\windows\Tasks\Norton Security Scan for Andy.job
- c:\program files\Norton Security Scan\Nss.exe [2008-09-19 01:20]
.
.
------- Supplementary Scan -------
.
uLocal Page = \blank.htm
uStart Page = hxxp://www.cnn.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: &AIM Toolbar Search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
FF - ProfilePath - c:\documents and settings\Andy\Application Data\Mozilla\Firefox\Profiles\2xnqv335.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=SOLTDF&q=
FF - prefs.js: browser.search.selectedEngine - FireSearch
FF - prefs.js: browser.startup.homepage - hxxp://www2.firesearch.com/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=SOLTDF&q=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-30 18:43
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1040)
c:\program files\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'explorer.exe'(3584)
c:\windows\system32\nview.dll
c:\program files\Common Files\Ahead\Lib\NeroSearchBar.dll
c:\program files\Common Files\Ahead\Lib\MFC71U.DLL
c:\program files\Common Files\Ahead\Lib\BCGCBPRO860un71.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-04-30 18:44
ComboFix-quarantined-files.txt 2009-04-30 23:44
ComboFix2.txt 2009-04-30 23:17

Pre-Run: 9,526,657,024 bytes free
Post-Run: 9,523,359,744 bytes free

296   --- E O F ---   2009-04-30 17:51
hey are ok bu the way the computer is running great at the moment no pop ups so far ComboFix 09-04-30.05 - Andy 04/30/2009 18:41.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1983.1418 [GMT -5:00]
Running from: c:\documents and settings\Andy\Desktop\ComboFix.exe1.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
.

((((((((((((((((((((((((( Files Created from 2009-03-28 to 2009-04-30 )))))))))))))))))))))))))))))))
.

2009-04-30 22:08 . 2009-04-30 22:08   --------   d-----w   C:\_OTMoveIt
2009-04-30 21:19 . 2009-04-30 22:50   --------   d-----w   C:\Lop SD
2009-04-30 20:49 . 2009-04-30 20:58   --------   d-----w   c:\program files\Trend Micro
2009-04-30 20:04 . 2009-04-30 20:04   --------   d-----w   c:\documents and settings\Andy\Application Data\Malwarebytes
2009-04-30 20:03 . 2009-04-06 20:32   15504   ----a-w   c:\windows\system32\drivers\mbam.sys
2009-04-30 20:03 . 2009-04-06 20:32   38496   ----a-w   c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-30 20:03 . 2009-04-30 20:03   --------   d-----w   c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-30 20:03 . 2009-04-30 20:03   --------   d-----w   c:\program files\Malwarebytes' Anti-Malware
2009-04-30 19:41 . 2009-04-30 22:19   --------   d-----w   c:\program files\NoAdware
2009-04-30 17:28 . 2009-04-30 17:28   --------   d-----w   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-04-30 17:28 . 2009-04-30 17:28   --------   d-----w   c:\program files\SUPERAntiSpyware
2009-04-30 17:28 . 2009-04-30 17:28   --------   d-----w   c:\documents and settings\Andy\Application Data\SUPERAntiSpyware.com
2009-04-30 17:27 . 2009-04-30 17:27   --------   d-----w   c:\program files\Common Files\Wise Installation Wizard
2009-04-30 15:31 . 2009-04-30 17:12   --------   d-----w   c:\program files\EsetOnlineScanner
2009-04-30 14:19 . 2009-04-30 14:19   --------   d-----w   c:\windows\system32\XPSViewer
2009-04-30 14:18 . 2009-04-30 14:18   --------   d-----w   c:\program files\MSBuild
2009-04-30 14:18 . 2009-04-30 14:18   --------   d-----w   c:\program files\Reference Assemblies
2009-04-30 14:18 . 2008-07-06 12:06   117760   ------w   c:\windows\system32\prntvpt.dll
2009-04-30 14:18 . 2008-07-06 12:06   89088   -c----w   c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-04-30 14:18 . 2008-07-06 10:50   597504   -c----w   c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-04-30 14:18 . 2008-07-06 12:06   575488   -c----w   c:\windows\system32\dllcache\xpsshhdr.dll
2009-04-30 14:18 . 2008-07-06 12:06   575488   ------w   c:\windows\system32\xpsshhdr.dll
2009-04-30 14:18 . 2008-07-06 12:06   1676288   -c----w   c:\windows\system32\dllcache\xpssvcs.dll
2009-04-30 14:18 . 2008-07-06 12:06   1676288   ------w   c:\windows\system32\xpssvcs.dll
2009-04-30 14:18 . 2009-04-30 14:21   --------   d-----w   c:\windows\SxsCaPendDel
2009-04-27 20:48 . 2009-04-27 20:48   --------   d-----w   c:\documents and settings\Andy\Application Data\PlayFirst
2009-04-27 20:48 . 2009-04-27 20:48   --------   d-----w   c:\documents and settings\All Users\Application Data\PlayFirst
2009-04-27 20:47 . 2009-04-27 21:51   --------   d-----w   C:\My Games
2009-04-27 20:47 . 2009-04-27 20:47   --------   d-----w   c:\documents and settings\All Users\Application Data\RealArcade
2009-04-27 20:47 . 2009-04-27 20:47   --------   d-----w   C:\users
2009-04-27 20:46 . 2009-04-27 21:51   --------   d-----w   c:\program files\RealArcade
2009-04-27 17:32 . 2009-04-27 17:32   --------   d-----w   c:\documents and settings\All Users\Application Data\FloodLightGames
2009-04-27 17:32 . 2009-04-27 17:32   --------   d-----w   c:\documents and settings\Andy\Saved Games
2009-04-27 17:32 . 2009-04-27 17:32   --------   d-----w   c:\documents and settings\Andy\Application Data\FloodLightGames
2009-04-21 04:48 . 2009-04-21 04:48   --------   d-sh--w   c:\documents and settings\NetworkService\IETldCache
2009-04-20 04:28 . 2009-04-20 04:28   --------   d-sh--w   c:\documents and settings\Andy\IECompatCache
2009-04-20 04:22 . 2009-04-20 04:22   --------   d-sh--w   c:\documents and settings\Andy\PrivacIE
2009-04-20 04:19 . 2009-04-20 04:19   --------   d-sh--w   c:\documents and settings\LocalService\IETldCache
2009-04-20 04:19 . 2009-04-20 04:19   --------   d-sh--w   c:\documents and settings\Andy\IETldCache
2009-04-20 04:18 . 2009-04-20 04:18   --------   d-----w   c:\windows\ie8updates
2009-04-20 04:16 . 2009-04-20 04:16   --------   dc-h--w   c:\windows\ie8
2009-04-20 04:14 . 2009-02-28 04:55   105984   -c----w   c:\windows\system32\dllcache\iecompat.dll
2009-04-16 17:04 . 2009-03-06 14:22   284160   -c----w   c:\windows\system32\dllcache\pdh.dll
2009-04-16 17:04 . 2009-02-09 12:10   401408   -c----w   c:\windows\system32\dllcache\rpcss.dll
2009-04-16 17:04 . 2009-02-06 11:11   110592   -c----w   c:\windows\system32\dllcache\services.exe
2009-04-16 17:04 . 2009-02-09 12:10   473600   -c----w   c:\windows\system32\dllcache\fastprox.dll
2009-04-16 17:04 . 2009-02-06 10:10   227840   -c----w   c:\windows\system32\dllcache\wmiprvse.exe
2009-04-16 17:04 . 2009-02-09 12:10   453120   -c----w   c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-16 17:04 . 2009-02-09 12:10   729088   -c----w   c:\windows\system32\dllcache\lsasrv.dll
2009-04-16 17:04 . 2009-02-09 12:10   617472   -c----w   c:\windows\system32\dllcache\advapi32.dll
2009-04-16 17:04 . 2009-02-09 12:10   714752   -c----w   c:\windows\system32\dllcache\ntdll.dll
2009-04-16 17:04 . 2008-05-03 11:55   2560   ------w   c:\windows\system32\xpsp4res.dll
2009-04-16 17:04 . 2008-04-21 12:08   215552   -c----w   c:\windows\system32\dllcache\wordpad.exe
2009-04-15 05:32 . 2009-04-15 05:32   --------   d-----w   c:\documents and settings\Andy\Application Data\Joost
2009-04-15 05:32 . 2009-04-15 05:32   --------   d-----w   c:\documents and settings\Andy\Local Settings\Application Data\Joost
2009-04-14 12:23 . 2009-03-09 19:06   15688   ----a-w   c:\windows\system32\lsdelete.exe
2009-04-14 04:48 . 2009-04-28 04:48   64160   ----a-w   c:\windows\system32\drivers\Lbd.sys
2009-04-14 04:43 . 2009-04-30 22:15   --------   d-----w   C:\ProgramData
2009-04-14 04:43 . 2009-04-14 04:43   --------   d-----w   c:\program files\Angle Interactive
2009-04-14 04:42 . 2009-04-14 04:42   --------   dc-h--w   c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-04-14 04:42 . 2009-04-14 04:42   --------   d-----w   c:\program files\Lavasoft
2009-04-13 07:38 . 2009-04-13 07:38   --------   d-----w   c:\windows\system32\help
2009-04-13 07:21 . 2008-12-05 02:42   815104   ----a-w   c:\windows\system32\xvidcore.dll
2009-04-13 07:21 . 2008-12-05 02:46   180224   ----a-w   c:\windows\system32\xvidvfw.dll
2009-04-13 07:21 . 2009-04-13 07:21   --------   d-----w   c:\program files\Xvid
2009-04-13 07:07 . 2009-04-13 07:31   --------   d-----w   c:\documents and settings\Andy\Application Data\vlc
2009-04-13 06:08 . 2009-04-13 06:10   --------   d-----w   c:\program files\XtalViD-Codec
2009-04-13 05:45 . 2009-04-13 05:51   --------   d-----w   c:\program files\Xvid Decoder
2009-04-12 21:47 . 2009-04-12 21:47   --------   d-----w   c:\program files\Common Files\DivX Shared
2009-04-10 16:39 . 2009-04-28 23:14   --------   d-----w   c:\program files\Oberon Media

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-30 22:48 . 2008-12-27 17:57   --------   d-----w   c:\program files\Viewpoint
2009-04-30 22:22 . 2008-07-12 04:54   67848   ----a-w   c:\documents and settings\Andy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-30 20:41 . 2008-07-12 04:20   --------   d-----w   c:\program files\Java
2009-04-30 03:00 . 2009-02-15 14:52   --------   d-----w   c:\program files\Norton Security Scan
2009-04-27 03:01 . 2009-02-15 14:52   --------   d-----w   c:\program files\Common Files\Symantec Shared
2009-04-21 20:47 . 2008-08-04 04:34   --------   d-----w   c:\program files\Microsoft Silverlight
2009-04-12 21:48 . 2008-07-30 11:49   --------   d-----w   c:\program files\DivX
2009-03-28 02:54 . 2009-03-28 02:54   --------   d-----w   c:\program files\Unibrain
2009-03-28 02:52 . 2009-03-28 02:52   --------   d-----w   c:\program files\Intel Desktop Board
2009-03-28 02:43 . 2009-03-27 03:16   --------   d-----w   c:\program files\Common Files\Logitech
2009-03-27 03:17 . 2009-03-27 03:17   0   ---ha-w   c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2009-03-27 03:17 . 2009-03-27 03:17   0   ---ha-w   c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-03-27 03:16 . 2009-03-27 03:16   --------   d-----w   c:\program files\Logitech
2009-03-27 03:16 . 2008-07-12 03:56   --------   d--h--w   c:\program files\InstallShield Installation Information
2009-03-27 02:56 . 2009-03-27 02:56   --------   d-----w   c:\program files\PC Drivers HeadQuarters
2009-03-14 06:48 . 2009-03-14 06:48   --------   d-----w   c:\program files\Microsoft
2009-03-14 06:47 . 2009-01-18 03:28   410984   ----a-w   c:\windows\system32\deploytk.dll
2009-03-08 09:34 . 2004-08-04 12:00   914944   ----a-w   c:\windows\system32\wininet.dll
2009-03-08 09:34 . 2004-08-04 12:00   43008   ----a-w   c:\windows\system32\licmgr10.dll
2009-03-08 09:33 . 2004-08-04 12:00   18944   ----a-w   c:\windows\system32\corpol.dll
2009-03-08 09:33 . 2004-08-04 12:00   420352   ----a-w   c:\windows\system32\vbscript.dll
2009-03-08 09:32 . 2004-08-04 12:00   72704   ----a-w   c:\windows\system32\admparse.dll
2009-03-08 09:32 . 2004-08-04 12:00   71680   ----a-w   c:\windows\system32\iesetup.dll
2009-03-08 09:31 . 2004-08-04 12:00   34816   ----a-w   c:\windows\system32\imgutil.dll
2009-03-08 09:31 . 2004-08-04 12:00   48128   ----a-w   c:\windows\system32\mshtmler.dll
2009-03-08 09:31 . 2004-08-04 12:00   45568   ----a-w   c:\windows\system32\mshta.exe
2009-03-08 09:22 . 2004-08-04 12:00   156160   ----a-w   c:\windows\system32\msls31.dll
2009-03-06 14:22 . 2004-08-04 12:00   284160   ----a-w   c:\windows\system32\pdh.dll
2009-03-02 05:51 . 2008-12-27 19:05   --------   d-----w   c:\program files\Common Files\Autodesk Shared
2009-03-02 05:49 . 2008-12-27 19:05   --------   d-----w   c:\program files\Autodesk
2009-03-02 05:47 . 2008-12-28 09:42   --------   d-----w   c:\program files\AnswerWorks 4.0
2009-03-02 05:00 . 2008-12-28 09:41   --------   d-----w   c:\program files\AutoCAD 2004
2009-03-02 05:00 . 2009-01-08 04:58   --------   d-----w   c:\program files\Common Files\Macrovision Shared
2009-02-24 19:34 . 2009-02-24 19:34   90112   ----a-w   c:\windows\system32\dpl100.dll
2009-02-24 19:34 . 2009-02-24 19:34   823296   ----a-w   c:\windows\system32\divx_xx0c.dll
2009-02-24 19:34 . 2009-02-24 19:34   823296   ----a-w   c:\windows\system32\divx_xx07.dll
2009-02-24 19:34 . 2009-02-24 19:34   815104   ----a-w   c:\windows\system32\divx_xx0a.dll
2009-02-24 19:34 . 2009-02-24 19:34   802816   ----a-w   c:\windows\system32\divx_xx11.dll
2009-02-24 19:34 . 2009-02-24 19:34   684032   ----a-w   c:\windows\system32\DivX.dll
2009-02-17 04:17 . 2008-07-12 03:52   453152   ----a-w   c:\windows\system32\NVUNINST.EXE
2009-02-09 12:10 . 2004-08-04 12:00   729088   ----a-w   c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2004-08-04 12:00   714752   ----a-w   c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2004-08-04 12:00   617472   ----a-w   c:\windows\system32\advapi32.dll
2009-02-09 12:10 . 2004-08-04 12:00   401408   ----a-w   c:\windows\system32\rpcss.dll
2009-02-09 11:13 . 2004-08-04 12:00   1846784   ----a-w   c:\windows\system32\win32k.sys
2009-02-06 11:11 . 2004-08-04 12:00   110592   ----a-w   c:\windows\system32\services.exe
2009-02-06 11:06 . 2004-08-04 12:00   2145280   ----a-w   c:\windows\system32\ntoskrnl.exe
2009-02-06 10:39 . 2004-08-04 12:00   35328   ----a-w   c:\windows\system32\sc.exe
2009-02-06 10:32 . 2004-08-03 22:59   2023936   ----a-w   c:\windows\system32\ntkrnlpa.exe
2009-02-03 19:59 . 2004-08-04 12:00   56832   ----a-w   c:\windows\system32\secur32.dll
2009-01-31 14:19 . 2009-01-18 17:38   10520   ----a-w   c:\windows\system32\avgrsstx.dll
2009-01-31 14:19 . 2009-01-18 17:38   325128   ----a-w   c:\windows\system32\drivers\avgldx86.sys
2009-01-31 14:18 . 2009-01-18 17:38   107272   ----a-w   c:\windows\system32\drivers\avgtdix.sys
2009-02-24 19:34 . 2009-02-24 19:34   1044480   ----a-w   c:\program files\mozilla firefox\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34   200704   ----a-w   c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-04-30_23.16.36 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-30 23:30 . 2009-04-30 23:30   16384 c:\windows\Temp\Perflib_Perfdata_148.dat
+ 2008-07-11 21:48 . 2009-04-30 23:30   259840 c:\windows\system32\FNTCACHE.DAT
- 2008-07-11 21:48 . 2009-04-30 14:21   259840 c:\windows\system32\FNTCACHE.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2008-01-22 152872]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-02-20 4363504]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-23 68856]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-04-28 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-18 13680640]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-07-12 925696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-03 116040]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-09 289064]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-05-28 570664]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-11-01 32768]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-08-10 221184]
"DMXLauncher"="c:\program files\Roxio\Media Experience\DMXLauncher.exe" [2006-08-14 102400]
"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-07-31 1116920]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2009-02-27 38768]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-02-27 640376]
"dvd43"="c:\program files\dvd43\dvd43_tray.exe" [2008-11-18 827904]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-31 1601304]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-14 148888]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-18 86016]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-04-28 516440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-02-18 1657376]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2007-04-11 56080]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-3-27 692224]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 17:05   356352   ----a-w   c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-01-31 14:19   10520   ----a-w   c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^The University of Oklahoma OU-VPN Client.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\The University of Oklahoma OU-VPN Client.lnk
backup=c:\windows\pss\The University of Oklahoma OU-VPN Client.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Joost\\xulrunner\\tvprunner.exe"=

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-04-28 953168]
R3 AWINDIS5;AWINDIS5 Protocol Driver;c:\windows\system32\AWINDIS5.SYS [2002-04-11 16194]
R3 EraserUtilDrv10910;EraserUtilDrv10910;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10910.sys [2009-04-27 101936]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-04-28 64160]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-01-31 325128]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-01-31 107272]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-04-28 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-04-28 72944]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-01-31 903960]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-31 298264]
S2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
S2 ubsbm;Unibrain 1394 SBM Driver;c:\windows\system32\DRIVERS\ubsbm.sys [2005-07-27 14080]
S2 ubumapi;Unibrain 1394 FireAPI Driver;c:\windows\system32\DRIVERS\ubumapi.sys [2005-07-27 36352]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-04 13592]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-04-28 7408]
S3 ubohci;Unibrain 1394 OHCI Driver;c:\windows\system32\DRIVERS\ubohci.sys [2005-07-27 77056]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
\Shell\AutoRun\command - K:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b8c6579c-598d-11dd-8679-0016b6531647}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-04-28 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 04:48]

2009-04-30 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-07-23 23:00]

2009-04-30 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]

2009-04-30 c:\windows\Tasks\Norton Security Scan for Andy.job
- c:\program files\Norton Security Scan\Nss.exe [2008-09-19 01:20]
.
.
------- Supplementary Scan -------
.
uLocal Page = \blank.htm
uStart Page = hxxp://www.cnn.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: &AIM Toolbar Search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
FF - ProfilePath - c:\documents and settings\Andy\Application Data\Mozilla\Firefox\Profiles\2xnqv335.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=SOLTDF&q=
FF - prefs.js: browser.search.selectedEngine - FireSearch
FF - prefs.js: browser.startup.homepage - hxxp://www2.firesearch.com/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=SOLTDF&q=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-30 18:43
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1040)
c:\program files\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'explorer.exe'(3584)
c:\windows\system32\nview.dll
c:\program files\Common Files\Ahead\Lib\NeroSearchBar.dll
c:\program files\Common Files\Ahead\Lib\MFC71U.DLL
c:\program files\Common Files\Ahead\Lib\BCGCBPRO860un71.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-04-30 18:44
ComboFix-quarantined-files.txt 2009-04-30 23:44
ComboFix2.txt 2009-04-30 23:17

Pre-Run: 9,526,657,024 bytes free
Post-Run: 9,523,359,744 bytes free

296   --- E O F ---   2009-04-30 17:51
thank you so much for your time and effort

evilfantasy · « **Reply #22 on:** April 30, 2009, 06:11:29 PM »

Unistall LOP S&D

Click START then RUN
Now type C:\Lop SD\Uninstal.exe in the runbox.

Then click OK.

----------

Click START then RUN
Now type Combofix /u in the runbox
Make sure there's a space between Combofix and /u
Then hit Enter.

The above procedure will:
Delete the following:
ComboFix and its associated files and folders.
Reset the clock settings.
Hide file extensions, if required.
Hide System/Hidden files, if required.
Set a new, clean Restore Point.

.
----------

Download ATF Cleaner by Atribune to your Desktop.

Alternate download link

Note: Vista users must use Run As Administrator

Under Main: Select Files to Delete choose: Select All.
Click the Empty Selected button.
If you use Firefox browser click Firefox at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords click No at the prompt.
If you use Opera browser click Opera at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords click No at the prompt.
Click Exit on the Main menu to close the program.

.
Note that your system will run slower for a reboot or two after having used this tool so don't panic.

----------

Download OTCleanIt.exe and save it to your Desktop.

Double-click OTCleanIt.exe.
Click the CleanUp! button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it yourself.

.
Important: Restart the computer before continuing.

----------

How is everything now?

Trisha · « **Reply #23 on:** April 30, 2009, 06:31:16 PM »

doing great thank you so very Much

evilfantasy · « **Reply #24 on:** April 30, 2009, 06:57:25 PM »

I have one Free SUPERAntiSpyware Professional Edition Lifetime Key I am giving away. If you are interested then visit my blog here: http://evilfantasy.wordpress.com/2009/04/28/free-superantispyware-pro-giveaway/

----------

Use the Secunia Software Inspector to check for out of date software.

Click Start Now
Check the box next to Enable thorough system inspection.
Click Start
Allow the scan to finish and scroll down to see if any updates are needed.
Update anything listed.

.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.

Trisha · « **Reply #25 on:** May 10, 2009, 11:36:00 PM »

Thank you once again
the computer seems to be running Great now

Computer Hope Forum

News:

Author Topic: Re: CID Pop-ups ?? (Read 8969 times)

evilfantasy

Re: Re: CID Pop-ups ??

Trisha

Re: CID Pop-ups ??

Trisha

Re: CID Pop-ups ??

evilfantasy

Re: Re: CID Pop-ups ??

Trisha

Re: CID Pop-ups ??

evilfantasy

Re: Re: CID Pop-ups ??

Trisha

Re: CID Pop-ups ??

evilfantasy

Re: Re: CID Pop-ups ??

Trisha

Re: CID Pop-ups ??

evilfantasy

Re: Re: CID Pop-ups ??

Trisha

Re: CID Pop-ups ??