Author Topic: Sniper Log (Read 11437 times)

terryb · « **on:** September 21, 2009, 02:11:18 PM »

Can someone please help now? Have done everything in the list of things to o and the sniper log is below, what do I do now? Thanks

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:02:44, on 21/09/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {774FE9E1-A8F8-4A40-9706-8F673D8DB6ED} (UNYKContactsFinderOCX.main) - http://www.unyk.com/Diffusion/ActiveX/UNYKContactsFinder.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\System32\DDEML32.dll,C:\WINDOWS\System32\dplayx32.dll ,C:\WINDOWS\System32\DESKADP32.dll C:\WINDOWS\system32\guard32.dll,C:\WINDOWS\System32\DESKADP32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: 64b8c927517 - C:\WINDOWS\
O20 - Winlogon Notify: 64b8c927530 - C:\WINDOWS\
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

--
End of file - 6528 bytes

harry 48 · « **Reply #1 on:** September 21, 2009, 02:56:44 PM »

http://www.computerhope.com/forum/index.php/topic,46313.0.html

go above and post the other 2 logs and complete the rest for thr expert

terryb · « **Reply #2 on:** September 22, 2009, 07:17:42 AM »

Sorry it turns out my wife had downloaded a programme from Limewire which changes your ip address to watch something on UK tv which is only available in the UK, it only gave her a USA change of address so removed the programme, i suspect this is where it came from!!!! Below are the other two logs!!! Sorry.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/21/2009 at 02:30 PM

Application Version : 4.29.1002

Core Rules Database Version : 4114
Trace Rules Database Version: 2054

Scan type : Complete Scan
Total Scan Time : 01:18:08

Memory items scanned : 502
Memory threats detected : 1
Registry items scanned : 5871
Registry threats detected : 1
File items scanned : 51889
File threats detected : 1

Trojan.Agent/Gen-FakeAlert[X32]
   C:\WINDOWS\SYSTEM32\DESKADP32.DLL
   C:\WINDOWS\SYSTEM32\DESKADP32.DLL
   Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\64b8c927669

Malwarebytes log
Malwarebytes' Anti-Malware 1.41
Database version: 2837
Windows 5.1.2600 Service Pack 3

21/09/2009 15:21:52
mbam-log-2009-09-21 (15-21-52).txt

Scan type: Quick Scan
Objects scanned: 99401
Time elapsed: 19 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 3
Files Infected: 33

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Nvchost (Trojan.Goldun) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\WINDOWS\SYSTEM32\GroupPolicyManifest (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\LocalService (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\LocalService32 (Worm.Archive) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\SYSTEM32\GroupPolicyManifest\32.crack.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\GroupPolicyManifest\32.crack.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\GroupPolicyManifest\33.video.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\GroupPolicyManifest\33.video.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\GroupPolicyManifest\34.setup.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\GroupPolicyManifest\34.setup.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\GroupPolicyManifest\35.unpack.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\GroupPolicyManifest\35.unpack.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\GroupPolicyManifest\36.keygen.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\GroupPolicyManifest\36.keygen.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\GroupPolicyManifest\37.serial.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\GroupPolicyManifest\37.serial.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\GroupPolicyManifest\39.music.mp3 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\GroupPolicyManifest\39.music.mp3.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\GroupPolicyManifest\40.mpgvideo.mpg (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\GroupPolicyManifest\40.mpgvideo.mpg.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\LocalService\293.crack.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\LocalService\293.crack.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\LocalService\294.keygen.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\LocalService\294.keygen.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\LocalService\295.serial.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\LocalService\295.serial.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\LocalService\296.setup.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\LocalService\296.setup.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\LocalService\301.music.au (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\LocalService\301.music.au.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\LocalService\302.music2.au (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\LocalService\302.music2.au.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\LocalService\303.music3.au (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\LocalService\303.music3.au.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\LocalService\304.music4.au (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\LocalService\304.music4.au.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\GroupPolicy000.dat (Malware.Trace) -> Quarantined and deleted successfully.

Kind regards
Terry

evilfantasy · « **Reply #3 on:** September 22, 2009, 08:34:39 AM »

Download DDS from |HERE| or |HERE| or |HERE| and save it to your desktop.

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.

1) DDS.txt
2) Attach.txt

* Save both logs to your desktop.
* Please copy and paste the entire contents of both logs in your next reply.

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copy and pasting it into the reply.

terryb · « **Reply #4 on:** September 22, 2009, 08:54:28 AM »

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-07-30.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 08/01/2009 10:06:09
System Uptime: 22/09/2009 08:16:06 (2 hours ago)

Motherboard: Dell Computer Corp. | | 0N6381
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | Microprocessor | 2793/533mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 34 GiB total, 18.288 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is Removable

==== Disabled Device Manager Items =============

Class GUID:
Description: PCI Modem
Device ID: PCI\VEN_1057&DEV_3052&SUBSYS_30201057&REV_04\4&1C660DD6&0&10F0
Manufacturer:
Name: PCI Modem
PNP Device ID: PCI\VEN_1057&DEV_3052&SUBSYS_30201057&REV_04\4&1C660DD6&0&10F0
Service:

==== System Restore Points ===================

RP353: 20/09/2009 16:53:58 - Software Distribution Service 3.0
RP354: 21/09/2009 09:03:18 - Software Distribution Service 3.0
RP355: 21/09/2009 13:06:37 - Installed SUPERAntiSpyware Free Edition
RP356: 21/09/2009 15:30:13 - Removed TuneUp Utilities 2009
RP357: 21/09/2009 18:26:55 - Software Distribution Service 3.0
RP358: 22/09/2009 09:01:30 - Software Distribution Service 3.0

==== Installed Programs ======================

7-Zip 4.57
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1.3
Apple Mobile Device Support
Apple Software Update
aspi
avast! Antivirus
Brother MFL-Pro Suite
CCHelp
CCleaner (remove only)
CCScore
COMODO Internet Security
Compatibility Pack for the 2007 Office system
Cool Edit Pro 2.0
CR2
Critical Update for Windows Media Player 11 (KB959772)
Dell Driver Reset Tool
Dell Support 5.0.0 (630)
Dell System Restore
Digital Line Detect
ESSAdpt
ESSANUP
ESSBrwr
ESSCAM
ESSCDBK
ESScore
ESSgui
ESShelp
ESSini
ESSPCD
ESSTUTOR
ESSvpaht
ESSvpot
Free Window Registry Repair
Global Radio News
Google Updater
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Intel(R) Extreme Graphics 2 Driver
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet for Wired Connections
iTunes
Java(TM) 6 Update 13
Java(TM) 6 Update 16
Kodak EasyShare software
KSU
Labtec WebCam
Labtec® WebCam Driver
LimeWire 5.2.12
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Publisher 2002
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works 7.0
Modem Helper
Mozilla Firefox (3.5.3)
MSN
MSXML 4.0 SP2 (KB954430)
Music Store
NetWaiting
Notifier
Olympus Digital Wave Player
OpenOffice.org 3.1
OTtBP
overland
PaperPort
PCDLNCH
PowerDVD 5.3
QuickTime
RealPlayer
SAM Party DJ (remove only)
Samsung Mobile USB Modem Software
Samsung PC Studio II 2.0 Image Editor
Samsung PC Studio II 2.0 Internet Access
Samsung PC Studio II 2.0 PIMS & File Manager
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
SFR
SFR2
Skype™ 4.0
Sonic DLA
Sonic RecordNow!
Sonic Update Manager
SoundMAX
SUPERAntiSpyware Free Edition
Unyk Syncro
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
VC 9.0 Runtime
VCW VicMan's Photo Editor 8.1
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Web Photo Album 1.1
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows XP Service Pack 3

==== Event Viewer Messages From Past Week ========

21/09/2009 09:19:02, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Update for Microsoft Office Outlook 2003 Junk Email Filter (KB973515).
21/09/2009 09:19:02, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Microsoft Office Web Components (KB947319).
21/09/2009 09:19:02, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Microsoft Office Excel 2003 (KB969681).
21/09/2009 09:19:01, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Microsoft Office Word 2003 (KB969603).
20/09/2009 11:21:42, error: Service Control Manager [7000] - The TuneUp Theme Extension service failed to start due to the following error: The executable program that this service is configured to run in does not implement the service.
20/09/2009 09:22:11, error: Service Control Manager [7034] - The avast! Web Scanner service terminated unexpectedly. It has done this 1 time(s).
20/09/2009 09:19:45, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the avast! Web Scanner service to connect.
20/09/2009 09:19:45, error: Service Control Manager [7000] - The avast! Web Scanner service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
19/09/2009 14:19:20, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
18/09/2009 09:13:48, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office Web Components (KB947319).
18/09/2009 09:06:15, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Office Outlook 2003 Junk Email Filter (KB973515).
18/09/2009 09:05:14, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office Excel 2003 (KB969681).
18/09/2009 09:03:27, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office Word 2003 (KB969603).
17/09/2009 08:07:47, error: Dhcp [1002] - The IP address lease 192.168.254.2 for the Network Card with network address 00111198AB56 has been denied by the DHCP server 192.168.254.254 (The DHCP Server sent a DHCPNACK message).

==== End Of File ===========================

DDS (Ver_09-07-30.01) - NTFSx86
Run by Terry Bent at 10:50:22.32 on 22/09/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.254.45 [GMT -4:00]

AV: avast! antivirus 4.8.1351 [VPS 090921-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Terry Bent\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
uDefault_Page_URL = hxxp://www.dell.com
mStart Page = hxxp://www.google.com
mWindow Title =
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
uRun: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [PaperPort PTD] c:\program files\scansoft\paperport\pptd40nt.exe
mRun: [IndexSearch] c:\program files\scansoft\paperport\IndexSearch.exe
mRun: [SetDefPrt] c:\program files\brother\brmfl06a\BrStDvPt.exe
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {53F6FCCD-9E22-4d71-86EA-6E43136192AB}
IE: {925DAB62-F9AC-4221-806A-057BFB1014AA}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {774FE9E1-A8F8-4A40-9706-8F673D8DB6ED} - hxxp://www.unyk.com/Diffusion/ActiveX/UNYKContactsFinder.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\windows\system32\ddeml32.dll,c:\windows\system32\dplayx32.dll ,c:\windows\system32\deskadp32.dll c:\windows\system32\guard32.dll,c:\windows\system32\DESKADP32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\terryb~1\applic~1\mozilla\firefox\profiles\jke6s4j4.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\google\google updater\2.4.1636.7222\npCIDetect13.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default _setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_pa ge", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_ enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-1-29 114768]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-8-18 132296]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-8-18 25160]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-9-15 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-9-15 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-1-29 20560]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-9-15 7408]
S3 tap0801;Smarthide TAP driver;c:\windows\system32\drivers\tap0801.sys [2007-10-12 55808]

=============== Created Last 30 ================

2009-09-21 16:01   <DIR>   --d-----   c:\program files\Trend Micro
2009-09-21 13:07   <DIR>   --d-----   c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-09-21 13:06   <DIR>   --d-----   c:\program files\SUPERAntiSpyware
2009-09-21 13:06   <DIR>   --d-----   c:\docume~1\terryb~1\applic~1\SUPERAntiSpyware.com
2009-09-21 13:05   <DIR>   --d-----   c:\program files\common files\Wise Installation Wizard
2009-09-21 12:37   <DIR>   --d-----   c:\program files\CCleaner
2009-09-21 10:14   <DIR>   --d-----   C:\e04d35a4b1bff03a60
2009-09-21 09:57   <DIR>   --d-----   c:\program files\Ace Utilities
2009-09-20 11:21   604,488   a-------   c:\windows\system32\TUProgSt.exe
2009-09-20 11:20   <DIR>   --d-----   c:\docume~1\terryb~1\applic~1\TuneUp Software
2009-09-20 11:18   <DIR>   --d-----   c:\docume~1\alluse~1\applic~1\TuneUp Software
2009-09-20 11:18   <DIR>   --d-----   c:\program files\TuneUp Utilities 2009
2009-09-20 11:17   <DIR>   --dsh---   c:\docume~1\alluse~1\applic~1\{55A29068-F2CE-456C-9148-C869879E2357}
2009-09-19 11:41   0   a-------   C:\Custom.dic
2009-09-18 14:58   22   a-------   c:\windows\kodakpcd.Terry Bent.ini
2009-09-16 10:28   615   a-------   c:\windows\system32\puaB6lr.vbs
2009-09-16 10:27   615   a-------   c:\windows\system32\WSjCbgaGG4fhN8N.vbs
2009-09-16 10:27   0   a-------   c:\windows\system32\18C.tmp
2009-09-16 10:27   615   a-------   c:\windows\system32\RIxS9VW6iU5Wx.vbs
2009-09-16 10:12   <DIR>   --d-----   c:\documents and settings\terry bent\Incomplete
2009-09-13 08:14   130   a-------   c:\windows\cfplogvw.INI

==================== Find3M ====================

2009-09-19 13:13   179,792   a-------   c:\windows\system32\guard32.dll
2009-09-19 13:13   25,160   a-------   c:\windows\system32\drivers\cmdhlp.sys
2009-09-19 13:13   132,296   a-------   c:\windows\system32\drivers\cmdguard.sys
2009-09-10 14:54   38,224   a-------   c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 14:53   19,160   a-------   c:\windows\system32\drivers\mbam.sys
2009-08-17 09:20   294,912   a-------   c:\windows\uninst.exe
2009-08-13 11:16   512,000   --------   c:\windows\system32\dllcache\jscript.dll
2009-08-05 05:01   204,800   a-------   c:\windows\system32\mswebdvd.dll
2009-08-05 05:01   204,800   --------   c:\windows\system32\dllcache\mswebdvd.dll
2009-07-31 15:23   411,368   a-------   c:\windows\system32\deploytk.dll
2009-07-19 09:33   3,597,824   --------   c:\windows\system32\dllcache\mshtml.dll
2009-07-19 09:32   6,067,200   --------   c:\windows\system32\dllcache\ieframe.dll
2009-07-17 15:01   58,880   a-------   c:\windows\system32\atl.dll
2009-07-17 15:01   58,880   --------   c:\windows\system32\dllcache\atl.dll
2009-07-13 23:43   10,841,088   a-------   c:\windows\system32\dllcache\wmp.dll
2009-07-13 23:43   286,208   a-------   c:\windows\system32\wmpdxm.dll
2009-07-13 23:43   286,208   a-------   c:\windows\system32\dllcache\wmpdxm.dll
2009-07-10 09:27   1,315,328   --------   c:\windows\system32\dllcache\msoe.dll
2009-06-29 07:07   13,824   --------   c:\windows\system32\dllcache\ieudinit.exe
2009-06-29 07:07   70,656   --------   c:\windows\system32\dllcache\ie4uinit.exe
2009-06-29 04:35   634,632   --------   c:\windows\system32\dllcache\iexplore.exe
2009-06-29 04:33   2,452,872   --------   c:\windows\system32\dllcache\ieapfltr.dat
2009-06-29 04:33   161,792   --------   c:\windows\system32\dllcache\ieakui.dll
2009-06-25 04:25   730,112   a-------   c:\windows\system32\lsasrv.dll
2009-06-25 04:25   301,568   a-------   c:\windows\system32\kerberos.dll
2009-06-25 04:25   147,456   a-------   c:\windows\system32\schannel.dll
2009-06-25 04:25   136,192   a-------   c:\windows\system32\msv1_0.dll
2009-06-25 04:25   56,832   a-------   c:\windows\system32\secur32.dll
2009-06-25 04:25   54,272   a-------   c:\windows\system32\wdigest.dll
2009-06-25 04:25   730,112   --------   c:\windows\system32\dllcache\lsasrv.dll
2009-06-25 04:25   301,568   --------   c:\windows\system32\dllcache\kerberos.dll
2009-06-25 04:25   147,456   --------   c:\windows\system32\dllcache\schannel.dll
2009-06-25 04:25   136,192   --------   c:\windows\system32\dllcache\msv1_0.dll
2009-06-25 04:25   56,832   --------   c:\windows\system32\dllcache\secur32.dll
2009-06-25 04:25   54,272   --------   c:\windows\system32\dllcache\wdigest.dll

============= FINISH: 10:51:33.07 ===============

evilfantasy · « **Reply #5 on:** September 22, 2009, 10:48:46 AM »

Go to Add or Remove Programs and uninstall:

- Java(TM) 6 Update 13

----------

If you already have ComboFix be sure to delete it and download a new copy.

Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.

Link #1
Link #2

**Note: It is important that it is saved directly to your Desktop

DO NOT run it yet!

Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system

Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code: [Select]

KillAll::

DDS::
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
IE: {53F6FCCD-9E22-4d71-86EA-6E43136192AB}
IE: {925DAB62-F9AC-4221-806A-057BFB1014AA}

File::
c:\windows\system32\puaB6lr.vbs
c:\windows\system32\WSjCbgaGG4fhN8N.vbs
c:\windows\system32\18C.tmp
c:\windows\system32\RIxS9VW6iU5Wx.vbs

3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!

ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze

terryb · « **Reply #6 on:** September 22, 2009, 11:08:08 AM »

Hi
Just tried to do as you said, BUT, it will not allow me to uninstall Java 6 update 13, it says a fatal error occured during installation. I tried to uninstall it with CC Cleaners uninstall page and nothing happens. Yesterday I did run the Java uninstall previous versions file your original post tells you to use as part of the original what to do post.
Terry

evilfantasy · « **Reply #7 on:** September 22, 2009, 11:41:28 AM »

Delete An Uninstall Entry

Start HijackThis
Click on the Open the Misc Tools section
Click on the Open Uninstall Manager button.
Highlight the entry you want to remove.
Click Delete this entry

terryb · « **Reply #8 on:** September 22, 2009, 12:34:09 PM »

Evilfantasy you are a star! Many thanks here is the log report

ComboFix 09-09-22.01 - Terry Bent 22/09/2009 14:11.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.254.97 [GMT -4:00]
Running from: c:\documents and settings\Terry Bent\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1351 [VPS 090921-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Terry Bent\Application Data\0200000007dc7cf8517C.manifest
c:\documents and settings\Terry Bent\Application Data\0200000007dc7cf8517O.manifest
c:\documents and settings\Terry Bent\Application Data\0200000007dc7cf8517P.manifest
c:\documents and settings\Terry Bent\Application Data\0200000007dc7cf8517S.manifest
c:\documents and settings\Terry Bent\Application Data\0200000007dc7cf8530C.manifest
c:\documents and settings\Terry Bent\Application Data\0200000007dc7cf8530O.manifest
c:\documents and settings\Terry Bent\Application Data\0200000007dc7cf8530P.manifest
c:\documents and settings\Terry Bent\Application Data\0200000007dc7cf8530S.manifest
c:\documents and settings\Terry Bent\Application Data\0200000007dc7cf8669C.manifest
c:\documents and settings\Terry Bent\Application Data\0200000007dc7cf8669O.manifest
c:\documents and settings\Terry Bent\Application Data\0200000007dc7cf8669P.manifest
c:\documents and settings\Terry Bent\Application Data\0200000007dc7cf8669S.manifest
c:\program files\QUAD Utilities
c:\program files\QUAD Utilities\QUAD Registry Cleaner\Vista Scheduler.dll
c:\windows\Installer\10ee59.msp
c:\windows\Installer\10ee5c.msp
c:\windows\Installer\10ee5f.msp
c:\windows\Installer\123c16.msp
c:\windows\Installer\123c19.msp
c:\windows\Installer\123c1c.msp
c:\windows\Installer\123c1d.msp
c:\windows\Installer\123c20.msp
c:\windows\Installer\13240b.msp
c:\windows\Installer\13240e.msp
c:\windows\Installer\132411.msp
c:\windows\Installer\133d57b.msp
c:\windows\Installer\133d57e.msp
c:\windows\Installer\133d581.msp
c:\windows\Installer\13542e.msp
c:\windows\Installer\13f857c.msp
c:\windows\Installer\13f857f.msp
c:\windows\Installer\13f8582.msp
c:\windows\Installer\14a31f7.msp
c:\windows\Installer\14a31fa.msp
c:\windows\Installer\14a31fd.msp
c:\windows\Installer\150355.msp
c:\windows\Installer\150358.msp
c:\windows\Installer\15035b.msp
c:\windows\Installer\15b58e.msp
c:\windows\Installer\15b591.msp
c:\windows\Installer\15ce56.msp
c:\windows\Installer\15ce59.msp
c:\windows\Installer\15ce5c.msp
c:\windows\Installer\16b871c.msp
c:\windows\Installer\16b871f.msp
c:\windows\Installer\16b8722.msp
c:\windows\Installer\16d7c7.msp
c:\windows\Installer\16d7ca.msp
c:\windows\Installer\16d7cd.msp
c:\windows\Installer\17c3782.msp
c:\windows\Installer\17c3785.msp
c:\windows\Installer\17c3788.msp
c:\windows\Installer\17de88.msp
c:\windows\Installer\17de8b.msp
c:\windows\Installer\17de8e.msp
c:\windows\Installer\1846189.msp
c:\windows\Installer\184618c.msp
c:\windows\Installer\184618f.msp
c:\windows\Installer\18a7a5.msp
c:\windows\Installer\18a7a8.msp
c:\windows\Installer\18a7ab.msp
c:\windows\Installer\18ac87.msp
c:\windows\Installer\18ac8a.msp
c:\windows\Installer\18ac8d.msp
c:\windows\Installer\18ac8e.msp
c:\windows\Installer\18adff3.msp
c:\windows\Installer\18adff6.msp
c:\windows\Installer\18adff9.msp
c:\windows\Installer\195460.msp
c:\windows\Installer\195463.msp
c:\windows\Installer\195466.msp
c:\windows\Installer\1962e1d.msp
c:\windows\Installer\1962e20.msp
c:\windows\Installer\1962e23.msp
c:\windows\Installer\197ccca.msp
c:\windows\Installer\197cccd.msp
c:\windows\Installer\197ccd0.msp
c:\windows\Installer\198ecff.msp
c:\windows\Installer\198ed02.msp
c:\windows\Installer\198ed05.msp
c:\windows\Installer\19ea56.msp
c:\windows\Installer\19ea59.msp
c:\windows\Installer\19ea5c.msp
c:\windows\Installer\19ea5f.msp
c:\windows\Installer\19ea60.msp
c:\windows\Installer\1a237c8.msp
c:\windows\Installer\1a237cb.msp
c:\windows\Installer\1a237ce.msp
c:\windows\Installer\1a28aca.msp
c:\windows\Installer\1a28acd.msp
c:\windows\Installer\1a28ad0.msp
c:\windows\Installer\1a51ccd.msp
c:\windows\Installer\1a51cd0.msp
c:\windows\Installer\1a51d22.msp
c:\windows\Installer\1a6ec8.msp
c:\windows\Installer\1a6ecb.msp
c:\windows\Installer\1a6ece.msp
c:\windows\Installer\1a98559.msp
c:\windows\Installer\1a9855c.msp
c:\windows\Installer\1a9855f.msp
c:\windows\Installer\1aa682.msp
c:\windows\Installer\1aa685.msp
c:\windows\Installer\1aa688.msp
c:\windows\Installer\1aa689.msp
c:\windows\Installer\1aa68c.msp
c:\windows\Installer\1b4911b.msp
c:\windows\Installer\1b4911e.msp
c:\windows\Installer\1b49121.msp
c:\windows\Installer\1b8d87.msp
c:\windows\Installer\1b8d8a.msp
c:\windows\Installer\1b8d8d.msp
c:\windows\Installer\1b99c00.msp
c:\windows\Installer\1b99c03.msp
c:\windows\Installer\1b99c06.msp
c:\windows\Installer\1bb3eb.msp
c:\windows\Installer\1bb3ee.msp
c:\windows\Installer\1bb3f1.msp
c:\windows\Installer\1c1dcea.msp
c:\windows\Installer\1c1dced.msp
c:\windows\Installer\1c1dcf0.msp
c:\windows\Installer\1c24605.msp
c:\windows\Installer\1c24608.msp
c:\windows\Installer\1c2460b.msp
c:\windows\Installer\1c9756.msp
c:\windows\Installer\1c9759.msp
c:\windows\Installer\1c975c.msp
c:\windows\Installer\1c975f.msp
c:\windows\Installer\1c9760.msp
c:\windows\Installer\1cd154a.msp
c:\windows\Installer\1cd154d.msp
c:\windows\Installer\1cd1550.msp
c:\windows\Installer\1cff418.msp
c:\windows\Installer\1cff41b.msp
c:\windows\Installer\1cff41e.msp
c:\windows\Installer\1d6fe3.msp
c:\windows\Installer\1d6fe6.msp
c:\windows\Installer\1d6fe9.msp
c:\windows\Installer\1da77fd.msp
c:\windows\Installer\1da7800.msp
c:\windows\Installer\1da7803.msp
c:\windows\Installer\1e0af9a.msp
c:\windows\Installer\1e0af9d.msp
c:\windows\Installer\1e0afa0.msp
c:\windows\Installer\1e95662.msp
c:\windows\Installer\1e95665.msp
c:\windows\Installer\1e95668.msp
c:\windows\Installer\1ecccfb.msp
c:\windows\Installer\1eccd40.msp
c:\windows\Installer\1eccd43.msp
c:\windows\Installer\1f00d42.msp
c:\windows\Installer\1f00d45.msp
c:\windows\Installer\1f00d48.msp
c:\windows\Installer\1f2b148.msp
c:\windows\Installer\1f2b14b.msp
c:\windows\Installer\1f2b14e.msp
c:\windows\Installer\1f5c02e.msp
c:\windows\Installer\1f5c031.msp
c:\windows\Installer\1f5c034.msp
c:\windows\Installer\1ff0d1.msp
c:\windows\Installer\204f658.msp
c:\windows\Installer\204f65b.msp
c:\windows\Installer\204f65e.msp
c:\windows\Installer\2064c05.msp
c:\windows\Installer\2064c08.msp
c:\windows\Installer\2064c0b.msp
c:\windows\Installer\206dea0.msp
c:\windows\Installer\206dea3.msp
c:\windows\Installer\206dea6.msp
c:\windows\Installer\20c807.msp
c:\windows\Installer\20c80a.msp
c:\windows\Installer\20c80d.msp
c:\windows\Installer\20e109b.msp
c:\windows\Installer\20e109e.msp
c:\windows\Installer\20e10a1.msp
c:\windows\Installer\2169fe4.msp
c:\windows\Installer\2169fe7.msp
c:\windows\Installer\2169fea.msp
c:\windows\Installer\21a0ff5.msp
c:\windows\Installer\21a0ff8.msp
c:\windows\Installer\21a0ffb.msp
c:\windows\Installer\21fd5ec.msp
c:\windows\Installer\21fd5ef.msp
c:\windows\Installer\21fd5f2.msp
c:\windows\Installer\2217fa4.msp
c:\windows\Installer\2217fa7.msp
c:\windows\Installer\2217faa.msp
c:\windows\Installer\224fff.msp
c:\windows\Installer\225002.msp
c:\windows\Installer\225005.msp
c:\windows\Installer\2268a3b.msp
c:\windows\Installer\2268a3e.msp
c:\windows\Installer\2268a41.msp
c:\windows\Installer\2283e0.msp
c:\windows\Installer\2283e3.msp
c:\windows\Installer\2283e6.msp
c:\windows\Installer\229946e.msp
c:\windows\Installer\2299471.msp
c:\windows\Installer\2299474.msp
c:\windows\Installer\22a2a3.msp
c:\windows\Installer\22a2a6.msp
c:\windows\Installer\22d7df4.msp
c:\windows\Installer\22d7df7.msp
c:\windows\Installer\22d7dfa.msp
c:\windows\Installer\2305dac.msp
c:\windows\Installer\2305daf.msp
c:\windows\Installer\2305db2.msp
c:\windows\Installer\23b5e8.msp
c:\windows\Installer\23b5eb.msp
c:\windows\Installer\23b5ee.msp
c:\windows\Installer\2452958.msp
c:\windows\Installer\245295b.msp
c:\windows\Installer\245295e.msp
c:\windows\Installer\24c99a.msp
c:\windows\Installer\24c99d.msp
c:\windows\Installer\24c9a0.msp
c:\windows\Installer\251c98.msp
c:\windows\Installer\251c9b.msp
c:\windows\Installer\251c9c.msp
c:\windows\Installer\251c9f.msp
c:\windows\Installer\263b6a.msp
c:\windows\Installer\263b6d.msp
c:\windows\Installer\263b70.msp
c:\windows\Installer\263e0a.msp
c:\windows\Installer\263e0d.msp
c:\windows\Installer\263e10.msp
c:\windows\Installer\266b34.msp
c:\windows\Installer\272fbd.msp
c:\windows\Installer\272fc0.msp
c:\windows\Installer\272fc3.msp
c:\windows\Installer\276236.msp
c:\windows\Installer\276239.msp
c:\windows\Installer\27623c.msp
c:\windows\Installer\27623f.msp
c:\windows\Installer\276240.msp
c:\windows\Installer\27aceb.msp
c:\windows\Installer\27acee.msp
c:\windows\Installer\27acf1.msp
c:\windows\Installer\27acf2.msp
c:\windows\Installer\27acf5.msp
c:\windows\Installer\284e8a.msp
c:\windows\Installer\284e8d.msp
c:\windows\Installer\284e90.msp
c:\windows\Installer\28dcd0.msp
c:\windows\Installer\28dcd3.msp
c:\windows\Installer\28dcd6.msp
c:\windows\Installer\2975a9a.msp
c:\windows\Installer\2975a9d.msp
c:\windows\Installer\2975aa0.msp
c:\windows\Installer\2990bf.msp
c:\windows\Installer\2990c2.msp
c:\windows\Installer\2990c5.msp
c:\windows\Installer\2a61ca.msp
c:\windows\Installer\2a61cd.msp
c:\windows\Installer\2a61d0.msp
c:\windows\Installer\2a61d3.msp
c:\windows\Installer\2a61d4.msp
c:\windows\Installer\2a6cc7.msp
c:\windows\Installer\2a6cca.msp
c:\windows\Installer\2a6ccd.msp
c:\windows\Installer\2a6cce.msp
c:\windows\Installer\2a6cd1.msp
c:\windows\Installer\2ab048a.msp
c:\windows\Installer\2ab048d.msp
c:\windows\Installer\2ab0490.msp
c:\windows\Installer\2b3883.msp
c:\windows\Installer\2b3886.msp
c:\windows\Installer\2b3889.msp
c:\windows\Installer\2b388a.msp
c:\windows\Installer\2b388d.msp
c:\windows\Installer\2c20e0.msp
c:\windows\Installer\2c20e3.msp
c:\windows\Installer\2c20e6.msp
c:\windows\Installer\2d7498.msp
c:\windows\Installer\2d749b.msp
c:\windows\Installer\2d749e.msp
c:\windows\Installer\2e38f2.msp
c:\windows\Installer\2e38f5.msp
c:\windows\Installer\2e38f8.msp
c:\windows\Installer\2e38f9.msp
c:\windows\Installer\2e38fc.msp
c:\windows\Installer\2e7bc7.msp
c:\windows\Installer\2e7bca.msp
c:\windows\Installer\2e7bd4.msp
c:\windows\Installer\2f9fc5.msp
c:\windows\Installer\2f9fc8.msp
c:\windows\Installer\2f9fcb.msp
c:\windows\Installer\2ff25a.msp
c:\windows\Installer\300c5a.msp
c:\windows\Installer\300c5d.msp
c:\windows\Installer\300c60.msp
c:\windows\Installer\30489c6.msp
c:\windows\Installer\30489c9.msp
c:\windows\Installer\30489cc.msp
c:\windows\Installer\30a9f2.msp
c:\windows\Installer\30a9f5.msp
c:\windows\Installer\30a9f8.msp
c:\windows\Installer\31e521.msp
c:\windows\Installer\31e524.msp
c:\windows\Installer\31e527.msp
c:\windows\Installer\31e52a.msp
c:\windows\Installer\31e52b.msp
c:\windows\Installer\326cef.msp
c:\windows\Installer\326cf2.msp
c:\windows\Installer\326cf5.msp
c:\windows\Installer\326cf8.msp
c:\windows\Installer\326cf9.msp
c:\windows\Installer\32b7e3.msp
c:\windows\Installer\32b7e6.msp
c:\windows\Installer\32b7e9.msp
c:\windows\Installer\32b7ea.msp
c:\windows\Installer\32b7ed.msp
c:\windows\Installer\335df6.msp
c:\windows\Installer\335df9.msp
c:\windows\Installer\335dfc.msp
c:\windows\Installer\335dff.msp
c:\windows\Installer\335e00.msp
c:\windows\Installer\33da6a.msp
c:\windows\Installer\33da6d.msp
c:\windows\Installer\33da70.msp
c:\windows\Installer\345e20.msp
c:\windows\Installer\345e23.msp
c:\windows\Installer\345e26.msp
c:\windows\Installer\3730d8.msp
c:\windows\Installer\3730e5.msp
c:\windows\Installer\3730e8.msp
c:\windows\Installer\3730e9.msp
c:\windows\Installer\3730ec.msp
c:\windows\Installer\3793f7.msp
c:\windows\Installer\3793fa.msp
c:\windows\Installer\3793fd.msp
c:\windows\Installer\37efc3.msp
c:\windows\Installer\37efc6.msp
c:\windows\Installer\37efc7.msp
c:\windows\Installer\37efca.msp
c:\windows\Installer\38032c.msp
c:\windows\Installer\38032f.msp
c:\windows\Installer\380332.msp
c:\windows\Installer\380335.msp
c:\windows\Installer\380336.msp
c:\windows\Installer\386cf2.msp
c:\windows\Installer\386cf5.msp
c:\windows\Installer\386cf8.msp
c:\windows\Installer\3b83c7.msp
c:\windows\Installer\3b83ca.msp
c:\windows\Installer\3b83cd.msp
c:\windows\Installer\3c9d07.msp
c:\windows\Installer\3c9d0a.msp
c:\windows\Installer\3c9d0d.msp
c:\windows\Installer\3d5ff9.msp
c:\windows\Installer\3d5ffc.msp
c:\windows\Installer\3d5fff.msp
c:\windows\Installer\3d6000.msp
c:\windows\Installer\3d6003.msp
c:\windows\Installer\3e43b2.msp
c:\windows\Installer\3e43b5.msp
c:\windows\Installer\3e43b8.msp
c:\windows\Installer\3e43bb.msp
c:\windows\Installer\3e43bc.msp
c:\windows\Installer\3eba49.msp
c:\windows\Installer\3eba4c.msp
c:\windows\Installer\3eba55.msp
c:\windows\Installer\3eea43.msp
c:\windows\Installer\3eea46.msp
c:\windows\Installer\3eea49.msp
c:\windows\Installer\3eea4a.msp
c:\windows\Installer\3eea4d.msp
c:\windows\Installer\3f5fff.msp
c:\windows\Installer\3f6002.msp
c:\windows\Installer\3f6005.msp
c:\windows\Installer\3f6006.msp
c:\windows\Installer\3f6009.msp
c:\windows\Installer\4244b8.msp
c:\windows\Installer\4244bb.msp
c:\windows\Installer\4244be.msp
c:\windows\Installer\4244c1.msp
c:\windows\Installer\4244c2.msp
c:\windows\Installer\428bf3.msp
c:\windows\Installer\428bf6.msp
c:\windows\Installer\428bf9.msp
c:\windows\Installer\4300b5.msp
c:\windows\Installer\4300b8.msp
c:\windows\Installer\4300bb.msp
c:\windows\Installer\43aa49d.msp
c:\windows\Installer\43aa49e.msp
c:\windows\Installer\43aa49f.msp
c:\windows\Installer\43aa4a0.msp
c:\windows\Installer\43aa4a1.msp
c:\windows\Installer\45e8ba.msp
c:\windows\Installer\45e8bd.msp
c:\windows\Installer\45e8c0.msp
c:\windows\Installer\45e8c1.msp
c:\windows\Installer\45e8c4.msp
c:\windows\Installer\4607bc.msp
c:\windows\Installer\4607bf.msp
c:\windows\Installer\4607c2.msp
c:\windows\Installer\4623ee.msp
c:\windows\Installer\4623f1.msp
c:\windows\Installer\4623f4.msp
c:\windows\Installer\482f7e.msp
c:\windows\Installer\482f81.msp
c:\windows\Installer\482f84.msp
c:\windows\Installer\482f87.msp
c:\windows\Installer\482f88.msp
c:\windows\Installer\493804.msp
c:\windows\Installer\493807.msp
c:\windows\Installer\49380a.msp
c:\windows\Installer\49380b.msp
c:\windows\Installer\49380e.msp
c:\windows\Installer\495e2a.msp
c:\windows\Installer\495e2d.msp
c:\windows\Installer\495e30.msp
c:\windows\Installer\49fc2f.msp
c:\windows\Installer\49fc32.msp
c:\windows\Installer\49fc35.msp
c:\windows\Installer\4bf31d.msp
c:\windows\Installer\4bf320.msp
c:\windows\Installer\4bf323.msp
c:\windows\Installer\4bf324.msp
c:\windows\Installer\4bf327.msp
c:\windows\Installer\4cf664.msp
c:\windows\Installer\4cf667.msp
c:\windows\Installer\4cf66a.msp
c:\windows\Installer\4dccbf.msp
c:\windows\Installer\4dccc2.msp
c:\windows\Installer\4dccc5.msp
c:\windows\Installer\4dff87.msp
c:\windows\Installer\4dff8a.msp
c:\windows\Installer\4dff8d.msp
c:\windows\Installer\4fbb8f.msp
c:\windows\Installer\4fbb92.msp
c:\windows\Installer\4fbb95.msp
c:\windows\Installer\4fbb98.msp
c:\windows\Installer\4fbb99.msp
c:\windows\Installer\509768.msp
c:\windows\Installer\50976b.msp
c:\windows\Installer\50976e.msp
c:\windows\Installer\51d334.msp
c:\windows\Installer\51d337.msp
c:\windows\Installer\51d33a.msp
c:\windows\Installer\51d33b.msp
c:\windows\Installer\51d33e.msp
c:\windows\Installer\51ec69.msp
c:\windows\Installer\51ec6c.msp
c:\windows\Installer\51ec6f.msp
c:\windows\Installer\51ec72.msp
c:\windows\Installer\51ec73.msp
c:\windows\Installer\53bdbe.msp
c:\windows\Installer\53bdc1.msp
c:\windows\Installer\53bdc4.msp
c:\windows\Installer\53bdc5.msp
c:\windows\Installer\53bdc8.msp
c:\windows\Installer\571584.msp
c:\windows\Installer\571587.msp
c:\windows\Installer\57158a.msp
c:\windows\Installer\57158b.msp
c:\windows\Installer\57158e.msp
c:\windows\Installer\57a9f4.msp
c:\windows\Installer\57a9f7.msp
c:\windows\Installer\57a9fa.msp
c:\windows\Installer\57a9fb.msp
c:\windows\Installer\57a9fe.msp
c:\windows\Installer\5a6b66.msp
c:\windows\Installer\5a6b69.msp
c:\windows\Installer\5a6b6c.msp
c:\windows\Installer\5cd66b.msp
c:\windows\Installer\5f69d7.msp
c:\windows\Installer\5f69da.msp
c:\windows\Installer\5f69dd.msp
c:\windows\Installer\5f69de.msp
c:\windows\Installer\5f69e1.msp
c:\windows\Installer\60df41.msp
c:\windows\Installer\60df44.msp
c:\windows\Installer\60df47.msp
c:\windows\Installer\60df48.msp
c:\windows\Installer\60df4b.msp
c:\windows\Installer\611db1.msp
c:\windows\Installer\611db4.msp
c:\windows\Installer\611db7.msp
c:\windows\Installer\611db8.msp
c:\windows\Installer\611dbb.msp
c:\windows\Installer\63e6b5.msp
c:\windows\Installer\63e6b8.msp
c:\windows\Installer\63e6bb.msp
c:\windows\Installer\63fb17.msp
c:\windows\Installer\63fb1a.msp
c:\windows\Installer\63fb1d.msp
c:\windows\Installer\63fb1e.msp
c:\windows\Installer\63fb21.msp
c:\windows\Installer\664e9c.msp
c:\windows\Installer\664e9f.msp
c:\windows\Installer\664ea2.msp
c:\windows\Installer\664ea3.msp
c:\windows\Installer\664ea6.msp
c:\windows\Installer\6d34e8.msp
c:\windows\Installer\6d34eb.msp
c:\windows\Installer\6d34ee.msp
c:\windows\Installer\7646a0.msp
c:\windows\Installer\7646a3.msp
c:\windows\Installer\7646a6.msp
c:\windows\Installer\86e255.msp
c:\windows\Installer\86e258.msp
c:\windows\Installer\86e25b.msp
c:\windows\Installer\883f74.msp
c:\windows\Installer\883f77.msp
c:\windows\Installer\883f7a.msp
c:\windows\Installer\8b9f0a.msp
c:\windows\Installer\8b9f0d.msp
c:\windows\Installer\8b9f10.msp
c:\windows\Installer\90e1a9.msp
c:\windows\Installer\90e1ac.msp
c:\windows\Installer\90e1af.msp
c:\windows\Installer\90e1b0.msp
c:\windows\Installer\90e1b3.msp
c:\windows\Installer\91c63c.msp
c:\windows\Installer\91c63f.msp
c:\windows\Installer\a4a1d0.msp
c:\windows\Installer\a4a1d3.msp
c:\windows\Installer\a4a1d6.msp
c:\windows\Installer\a8414d.msp
c:\windows\Installer\a84150.msp
c:\windows\Installer\a84153.msp
c:\windows\Installer\a84156.msp
c:\windows\Installer\a84157.msp
c:\windows\Installer\b5f6b3.msp
c:\windows\Installer\b5f6b6.msp
c:\windows\Installer\b5f6b9.msp
c:\windows\Installer\b5f6ba.msp
c:\windows\Installer\b5f6bd.msp
c:\windows\Installer\bd8a7.msp
c:\windows\Installer\bd8aa.msp
c:\windows\Installer\bd8ad.msp
c:\windows\Installer\bf320b.msp
c:\windows\Installer\bf320e.msp
c:\windows\Installer\bf3211.msp
c:\windows\Installer\e6194.msp
c:\windows\Installer\e6197.msp
c:\windows\Installer\e619a.msp
c:\windows\Installer\f206.msi
c:\windows\system32\puaB6lr.vbs
c:\windows\system32\RIxS9VW6iU5Wx.vbs
c:\windows\system32\WSjCbgaGG4fhN8N.vbs

.
((((((((((((((((((((((((( Files Created from 2009-08-22 to 2009-09-22 )))))))))))))))))))))))))))))))
.

2009-09-21 20:01 . 2009-09-21 20:01   --------   d-----w-   c:\program files\Trend Micro
2009-09-21 17:07 . 2009-09-21 17:07   --------   d-----w-   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-09-21 17:06 . 2009-09-21 17:06   --------   d-----w-   c:\program files\SUPERAntiSpyware
2009-09-21 17:06 . 2009-09-21 17:06   --------   d-----w-   c:\documents and settings\Terry Bent\Application Data\SUPERAntiSpyware.com
2009-09-21 17:05 . 2009-09-21 17:05   --------   d-----w-   c:\program files\Common Files\Wise Installation Wizard
2009-09-21 16:37 . 2009-09-21 16:38   --------   d-----w-   c:\program files\CCleaner
2009-09-21 14:14 . 2009-09-21 14:17   --------   d-----w-   C:\e04d35a4b1bff03a60
2009-09-21 13:57 . 2009-09-21 14:04   --------   d-----w-   c:\program files\Ace Utilities
2009-09-20 15:21 . 2009-09-20 15:21   604488   ----a-w-   c:\windows\system32\TUProgSt.exe
2009-09-20 15:20 . 2009-09-20 15:20   --------   d-----w-   c:\documents and settings\Terry Bent\Application Data\TuneUp Software
2009-09-20 15:18 . 2009-09-20 15:18   --------   d-----w-   c:\documents and settings\All Users\Application Data\TuneUp Software
2009-09-20 15:18 . 2009-09-21 19:31   --------   d-----w-   c:\program files\TuneUp Utilities 2009
2009-09-20 15:17 . 2009-09-20 15:17   --------   d-sh--w-   c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-09-19 16:47 . 2009-09-19 16:47   --------   d-----w-   c:\documents and settings\Terry Bent\Local Settings\Application Data\Opera
2009-09-19 16:45 . 2009-09-19 18:19   --------   d-----w-   c:\program files\Opera
2009-09-16 14:12 . 2009-09-21 13:54   --------   d-----w-   c:\documents and settings\Terry Bent\Incomplete

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-21 19:57 . 2004-12-21 05:06   --------   d-----w-   c:\program files\Java
2009-09-21 14:04 . 2009-08-08 15:55   --------   d---a-w-   c:\documents and settings\All Users\Application Data\TEMP
2009-09-21 13:55 . 2009-01-22 18:35   --------   d-----w-   c:\documents and settings\Terry Bent\Application Data\LimeWire
2009-09-19 17:13 . 2009-08-18 14:09   179792   ----a-w-   c:\windows\system32\guard32.dll
2009-09-19 17:13 . 2009-08-18 14:09   87104   ----a-w-   c:\windows\system32\drivers\inspect.sys
2009-09-19 17:13 . 2009-08-18 14:09   25160   ----a-w-   c:\windows\system32\drivers\cmdhlp.sys
2009-09-19 17:13 . 2009-08-18 14:09   132296   ----a-w-   c:\windows\system32\drivers\cmdguard.sys
2009-09-17 14:09 . 2009-01-08 15:56   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2009-09-16 14:27 . 2009-09-16 14:27   0   ----a-w-   c:\windows\system32\18C.tmp
2009-09-10 18:54 . 2009-01-08 15:56   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 18:53 . 2009-01-08 15:56   19160   ----a-w-   c:\windows\system32\drivers\mbam.sys
2009-08-23 21:38 . 2009-01-08 18:55   74824   ----a-w-   c:\documents and settings\Terry Bent\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-19 15:18 . 2009-08-19 15:00   --------   d-----w-   c:\program files\Password Solutions
2009-08-19 15:00 . 2009-08-19 15:00   --------   d-----w-   c:\documents and settings\Terry Bent\Application Data\Password Solutions
2009-08-18 16:52 . 2009-08-18 16:50   --------   d-----w-   c:\program files\iTunes
2009-08-18 16:51 . 2009-08-18 16:51   --------   d-----w-   c:\program files\iPod
2009-08-18 16:51 . 2009-04-07 20:09   --------   d-----w-   c:\program files\Common Files\Apple
2009-08-18 15:26 . 2009-08-18 14:09   --------   d-----w-   c:\documents and settings\All Users\Application Data\Comodo
2009-08-18 14:08 . 2009-08-18 14:08   --------   d-----w-   c:\program files\COMODO
2009-08-18 13:05 . 2009-08-18 13:05   --------   d-----w-   c:\program files\MSBuild
2009-08-18 13:05 . 2009-08-18 13:05   --------   d-----w-   c:\program files\Reference Assemblies
2009-08-17 16:10 . 2009-01-29 13:17   1279456   ----a-w-   c:\windows\system32\aswBoot.exe
2009-08-17 16:06 . 2009-01-29 13:18   93392   ----a-w-   c:\windows\system32\drivers\aswmon.sys
2009-08-17 16:06 . 2009-01-29 13:18   94160   ----a-w-   c:\windows\system32\drivers\aswmon2.sys
2009-08-17 16:05 . 2009-01-29 13:18   114768   ----a-w-   c:\windows\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2009-01-29 13:18   20560   ----a-w-   c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 16:04 . 2009-01-29 13:18   51376   ----a-w-   c:\windows\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2009-01-29 13:18   23152   ----a-w-   c:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:03 . 2009-01-29 13:18   26944   ----a-w-   c:\windows\system32\drivers\aavmker4.sys
2009-08-17 16:02 . 2009-01-29 13:18   97480   ----a-w-   c:\windows\system32\AvastSS.scr
2009-08-17 13:20 . 2009-05-09 13:49   294912   ----a-w-   c:\windows\uninst.exe
2009-08-16 16:04 . 2009-08-16 16:04   --------   d-----w-   c:\program files\MySQL
2009-08-13 13:38 . 2009-08-13 13:38   --------   d-----w-   c:\documents and settings\Terry Bent\Application Data\Unyk
2009-08-13 13:38 . 2009-08-13 13:36   --------   d-----w-   c:\program files\Unyk Syncro
2009-08-12 14:13 . 2009-08-08 14:47   --------   d-----w-   c:\program files\Lavasoft
2009-08-12 14:13 . 2009-08-08 14:47   --------   d-----w-   c:\documents and settings\All Users\Application Data\Lavasoft
2009-08-08 16:54 . 2009-08-08 16:54   --------   d-----r-   c:\program files\Skype
2009-08-08 16:54 . 2009-01-09 15:25   --------   d-----w-   c:\documents and settings\All Users\Application Data\Skype
2009-08-08 16:54 . 2009-08-08 16:54   --------   d-----w-   c:\program files\Common Files\Skype
2009-08-08 15:44 . 2009-08-08 15:43   --------   d-----w-   c:\documents and settings\All Users\Application Data\Google Updater
2009-08-08 15:43 . 2009-08-08 15:43   --------   d-----w-   c:\program files\Google
2009-08-05 09:01 . 2004-08-04 11:00   204800   ----a-w-   c:\windows\system32\mswebdvd.dll
2009-08-04 14:12 . 2009-08-04 14:11   --------   d-----w-   c:\program files\Analog Devices
2009-08-04 14:11 . 2004-12-21 05:07   --------   d--h--w-   c:\program files\InstallShield Installation Information
2009-08-03 18:52 . 2009-08-03 18:44   --------   d-----w-   c:\program files\Driver Checker
2009-07-31 19:23 . 2009-01-22 18:32   411368   ----a-w-   c:\windows\system32\deploytk.dll
2009-07-31 16:14 . 2009-01-09 18:23   --------   d-----w-   c:\program files\Microsoft ActiveSync
2009-07-31 13:58 . 2009-01-22 18:20   --------   d-----w-   c:\program files\LimeWire
2009-07-29 12:32 . 2009-07-29 12:32   --------   d-----w-   c:\documents and settings\Terry Bent\Application Data\iolo
2009-07-29 12:32 . 2009-07-29 12:32   --------   d-----w-   c:\documents and settings\All Users\Application Data\iolo
2009-07-25 15:18 . 2009-07-02 14:07   --------   d-----w-   c:\documents and settings\Terry Bent\Application Data\Facebook
2009-07-17 19:01 . 2004-08-04 11:00   58880   ----a-w-   c:\windows\system32\atl.dll
2009-07-14 03:43 . 2004-08-04 11:00   286208   ----a-w-   c:\windows\system32\wmpdxm.dll
2009-06-29 16:12 . 2004-08-04 11:00   827392   ----a-w-   c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2004-08-04 11:00   78336   ----a-w-   c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2004-08-04 11:00   17408   ----a-w-   c:\windows\system32\corpol.dll
2009-06-25 08:25 . 2004-08-04 11:00   730112   ----a-w-   c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2004-08-04 11:00   56832   ----a-w-   c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2004-08-04 11:00   54272   ----a-w-   c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2004-08-04 11:00   301568   ----a-w-   c:\windows\system32\kerberos.dll
2009-06-25 08:25 . 2004-08-04 11:00   147456   ----a-w-   c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2004-08-04 11:00   136192   ----a-w-   c:\windows\system32\msv1_0.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2004-07-19 306688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-13 122939]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960]
"SetDefPrt"="c:\program files\Brother\Brmfl06a\BrStDvPt.exe" [2005-01-26 49152]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-04-10 61440]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2009-09-19 1799952]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-31 149280]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SYSTEM32\guard32.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
backup=c:\windows\pss\KODAK Software Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Terry Bent^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"swg"=c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"LogitechVideoRepair"=c:\program files\Logitech\Video\ISStart.exe
"LogitechVideoTray"=c:\program files\Logitech\Video\LogiTray.exe
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" /r
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"BrMfcWnd"=c:\program files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 aswSP;avast! Self Protection;c:\windows\SYSTEM32\DRIVERS\aswSP.sys [29/01/2009 09:18 114768]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\SYSTEM32\DRIVERS\cmdguard.sys [18/08/2009 10:09 132296]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\SYSTEM32\DRIVERS\cmdhlp.sys [18/08/2009 10:09 25160]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [15/09/2009 11:42 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [15/09/2009 11:42 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\SYSTEM32\DRIVERS\aswFsBlk.sys [29/01/2009 09:18 20560]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [15/09/2009 11:42 7408]
S3 tap0801;Smarthide TAP driver;c:\windows\SYSTEM32\DRIVERS\tap0801.sys [12/10/2007 09:07 55808]
.
Contents of the 'Scheduled Tasks' folder

2009-09-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-09-22 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-08 15:43]

2009-09-22 c:\windows\Tasks\Unyk Outlook Sync Client - Terry Bent.job
- c:\program files\Unyk Syncro\OutlookPlugin.exe [2009-07-20 14:42]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
mStart Page = hxxp://www.google.com
mWindow Title =
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
DPF: {774FE9E1-A8F8-4A40-9706-8F673D8DB6ED} - hxxp://www.unyk.com/Diffusion/ActiveX/UNYKContactsFinder.cab
FF - ProfilePath - c:\documents and settings\Terry Bent\Application Data\Mozilla\Firefox\Profiles\jke6s4j4.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - ORPHANS REMOVED - - - -

Notify-64b8c927517 - (no file)
Notify-64b8c927530 - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-22 14:20
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•A~*]
"AB141C35E9F4BF344B9FC010BB17F68A"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(884)
c:\windows\system32\guard32.dll
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'lsass.exe'(956)
c:\windows\system32\guard32.dll
.
Completion time: 2009-09-22 14:23
ComboFix-quarantined-files.txt 2009-09-22 18:23

Pre-Run: 19,539,779,584 bytes free
Post-Run: 19,594,760,192 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

762   --- E O F ---   2009-09-22 13:07

evilfantasy · « **Reply #9 on:** September 22, 2009, 06:10:40 PM »

Well that found more than I though it would. Still another one to deal with...

Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code: [Select]

KillAll::

RegLock::
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•A~*]

3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!

ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze

terryb · « **Reply #10 on:** September 23, 2009, 07:46:50 AM »

I am not sure if this completed properly! The whole thing just dissapeared after being on the screen saying preparing a log and nothing happenning for 45 mins, so had to press button on tower to turn off, as nothing on the monitor! Anyway here goes I found this log in the files!!!!!

ComboFix 09-09-22.03 - Terry Bent 23/09/2009 8:48:31.2.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.254.93 [GMT -4:00]
Running from: C:\Documents and Settings\Terry Bent\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Terry Bent\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1351 [VPS 090922-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.

((((((((((((((((((((((((( Files Created from 2009-08-23 to 2009-09-23 )))))))))))))))))))))))))))))))
.

2009-09-21 20:01:45 . 2009-09-21 20:01:45   0   d-----w-   C:\Program Files\Trend Micro
2009-09-21 17:07:01 . 2009-09-21 17:07:01   0   d-----w-   C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2009-09-21 17:06:40 . 2009-09-21 17:06:46   0   d-----w-   C:\Program Files\SUPERAntiSpyware
2009-09-21 17:06:40 . 2009-09-21 17:06:40   0   d-----w-   C:\Documents and Settings\Terry Bent\Application Data\SUPERAntiSpyware.com
2009-09-21 17:05:39 . 2009-09-21 17:05:39   0   d-----w-   C:\Program Files\Common Files\Wise Installation Wizard
2009-09-21 16:37:39 . 2009-09-21 16:38:12   0   d-----w-   C:\Program Files\CCleaner
2009-09-21 14:14:04 . 2009-09-21 14:17:01   0   d-----w-   C:\e04d35a4b1bff03a60
2009-09-21 13:57:58 . 2009-09-21 14:04:44   0   d-----w-   C:\Program Files\Ace Utilities
2009-09-20 15:21:42 . 2009-09-20 15:21:42   604488   ----a-w-   C:\WINDOWS\system32\TUProgSt.exe
2009-09-20 15:20:31 . 2009-09-20 15:20:31   0   d-----w-   C:\Documents and Settings\Terry Bent\Application Data\TuneUp Software
2009-09-20 15:18:59 . 2009-09-20 15:18:59   0   d-----w-   C:\Documents and Settings\All Users\Application Data\TuneUp Software
2009-09-20 15:18:46 . 2009-09-21 19:31:35   0   d-----w-   C:\Program Files\TuneUp Utilities 2009
2009-09-20 15:17:59 . 2009-09-20 15:17:59   0   d-sh--w-   C:\Documents and Settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-09-19 16:47:14 . 2009-09-19 16:47:14   0   d-----w-   C:\Documents and Settings\Terry Bent\Local Settings\Application Data\Opera
2009-09-19 16:45:51 . 2009-09-19 18:19:19   0   d-----w-   C:\Program Files\Opera
2009-09-16 14:12:01 . 2009-09-21 13:54:16   0   d-----w-   C:\Documents and Settings\Terry Bent\Incomplete

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-21 19:57:00 . 2004-12-21 05:06:53   0   d-----w-   C:\Program Files\Java
2009-09-21 14:04:00 . 2009-08-08 15:55:08   0   d---a-w-   C:\Documents and Settings\All Users\Application Data\TEMP
2009-09-21 13:55:41 . 2009-01-22 18:35:37   0   d-----w-   C:\Documents and Settings\Terry Bent\Application Data\LimeWire
2009-09-19 17:13:16 . 2009-08-18 14:09:04   179792   ----a-w-   C:\WINDOWS\system32\guard32.dll
2009-09-19 17:13:13 . 2009-08-18 14:09:04   87104   ----a-w-   C:\WINDOWS\system32\drivers\inspect.sys
2009-09-19 17:13:11 . 2009-08-18 14:09:04   25160   ----a-w-   C:\WINDOWS\system32\drivers\cmdhlp.sys
2009-09-19 17:13:09 . 2009-08-18 14:09:03   132296   ----a-w-   C:\WINDOWS\system32\drivers\cmdguard.sys
2009-09-17 14:09:49 . 2009-01-08 15:56:14   0   d-----w-   C:\Program Files\Malwarebytes' Anti-Malware
2009-09-16 14:27:35 . 2009-09-16 14:27:35   0   ----a-w-   C:\WINDOWS\system32\18C.tmp
2009-09-10 18:54:06 . 2009-01-08 15:56:16   38224   ----a-w-   C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2009-09-10 18:53:50 . 2009-01-08 15:56:19   19160   ----a-w-   C:\WINDOWS\system32\drivers\mbam.sys
2009-08-23 21:38:30 . 2009-01-08 18:55:21   74824   ----a-w-   C:\Documents and Settings\Terry Bent\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-19 15:18:14 . 2009-08-19 15:00:11   0   d-----w-   C:\Program Files\Password Solutions
2009-08-19 15:00:11 . 2009-08-19 15:00:11   0   d-----w-   C:\Documents and Settings\Terry Bent\Application Data\Password Solutions
2009-08-18 16:52:00 . 2009-08-18 16:50:40   0   d-----w-   C:\Program Files\iTunes
2009-08-18 16:51:08 . 2009-08-18 16:51:08   0   d-----w-   C:\Program Files\iPod
2009-08-18 16:51:07 . 2009-04-07 20:09:37   0   d-----w-   C:\Program Files\Common Files\Apple
2009-08-18 15:26:44 . 2009-08-18 14:09:16   0   d-----w-   C:\Documents and Settings\All Users\Application Data\Comodo
2009-08-18 14:08:32 . 2009-08-18 14:08:32   0   d-----w-   C:\Program Files\COMODO
2009-08-18 13:05:55 . 2009-08-18 13:05:55   0   d-----w-   C:\Program Files\MSBuild
2009-08-18 13:05:44 . 2009-08-18 13:05:44   0   d-----w-   C:\Program Files\Reference Assemblies
2009-08-17 16:10:20 . 2009-01-29 13:17:44   1279456   ----a-w-   C:\WINDOWS\system32\aswBoot.exe
2009-08-17 16:06:54 . 2009-01-29 13:18:05   93392   ----a-w-   C:\WINDOWS\system32\drivers\aswmon.sys
2009-08-17 16:06:43 . 2009-01-29 13:18:05   94160   ----a-w-   C:\WINDOWS\system32\drivers\aswmon2.sys
2009-08-17 16:05:52 . 2009-01-29 13:18:05   114768   ----a-w-   C:\WINDOWS\system32\drivers\aswSP.sys
2009-08-17 16:05:37 . 2009-01-29 13:18:05   20560   ----a-w-   C:\WINDOWS\system32\drivers\aswFsBlk.sys
2009-08-17 16:04:40 . 2009-01-29 13:18:09   51376   ----a-w-   C:\WINDOWS\system32\drivers\aswTdi.sys
2009-08-17 16:04:29 . 2009-01-29 13:18:09   23152   ----a-w-   C:\WINDOWS\system32\drivers\aswRdr.sys
2009-08-17 16:03:21 . 2009-01-29 13:18:08   26944   ----a-w-   C:\WINDOWS\system32\drivers\aavmker4.sys
2009-08-17 16:02:50 . 2009-01-29 13:18:06   97480   ----a-w-   C:\WINDOWS\system32\AvastSS.scr
2009-08-17 13:20:31 . 2009-05-09 13:49:25   294912   ----a-w-   C:\WINDOWS\uninst.exe
2009-08-16 16:04:56 . 2009-08-16 16:04:56   0   d-----w-   C:\Program Files\MySQL
2009-08-13 13:38:03 . 2009-08-13 13:38:03   0   d-----w-   C:\Documents and Settings\Terry Bent\Application Data\Unyk
2009-08-13 13:38:03 . 2009-08-13 13:36:20   0   d-----w-   C:\Program Files\Unyk Syncro
2009-08-12 14:13:12 . 2009-08-08 14:47:51   0   d-----w-   C:\Program Files\Lavasoft
2009-08-12 14:13:11 . 2009-08-08 14:47:51   0   d-----w-   C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-08-08 16:54:58 . 2009-08-08 16:54:50   0   d-----r-   C:\Program Files\Skype
2009-08-08 16:54:58 . 2009-01-09 15:25:48   0   d-----w-   C:\Documents and Settings\All Users\Application Data\Skype
2009-08-08 16:54:57 . 2009-08-08 16:54:57   0   d-----w-   C:\Program Files\Common Files\Skype
2009-08-08 15:44:37 . 2009-08-08 15:43:44   0   d-----w-   C:\Documents and Settings\All Users\Application Data\Google Updater
2009-08-08 15:43:57 . 2009-08-08 15:43:35   0   d-----w-   C:\Program Files\Google
2009-08-05 09:01:48 . 2004-08-04 11:00:00   204800   ----a-w-   C:\WINDOWS\system32\mswebdvd.dll
2009-08-04 14:12:12 . 2009-08-04 14:11:46   0   d-----w-   C:\Program Files\Analog Devices
2009-08-04 14:11:43 . 2004-12-21 05:07:17   0   d--h--w-   C:\Program Files\InstallShield Installation Information
2009-08-03 18:52:13 . 2009-08-03 18:44:31   0   d-----w-   C:\Program Files\Driver Checker
2009-07-31 19:23:10 . 2009-01-22 18:32:14   411368   ----a-w-   C:\WINDOWS\system32\deploytk.dll
2009-07-31 16:14:11 . 2009-01-09 18:23:54   0   d-----w-   C:\Program Files\Microsoft ActiveSync
2009-07-31 13:58:42 . 2009-01-22 18:20:03   0   d-----w-   C:\Program Files\LimeWire
2009-07-29 12:32:25 . 2009-07-29 12:32:25   0   d-----w-   C:\Documents and Settings\Terry Bent\Application Data\iolo
2009-07-29 12:32:25 . 2009-07-29 12:32:25   0   d-----w-   C:\Documents and Settings\All Users\Application Data\iolo
2009-07-25 15:18:48 . 2009-07-02 14:07:51   0   d-----w-   C:\Documents and Settings\Terry Bent\Application Data\Facebook
2009-07-17 19:01:06 . 2004-08-04 11:00:00   58880   ----a-w-   C:\WINDOWS\system32\atl.dll
2009-07-14 03:43:24 . 2004-08-04 11:00:00   286208   ----a-w-   C:\WINDOWS\system32\wmpdxm.dll
2009-06-29 16:12:20 . 2004-08-04 11:00:00   827392   ------w-   C:\WINDOWS\system32\wininet.dll
2009-06-29 16:12:14 . 2004-08-04 11:00:00   78336   ----a-w-   C:\WINDOWS\system32\ieencode.dll
2009-06-29 16:12:14 . 2004-08-04 11:00:00   17408   ----a-w-   C:\WINDOWS\system32\corpol.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-09-22_18.20.20 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-09-23 12:57:32 . 2009-09-23 12:57:32   16384 C:\WINDOWS\Temp\Perflib_Perfdata_324.dat
+ 2009-09-23 12:01:42 . 2009-09-23 12:01:42   16384 C:\WINDOWS\Temp\Perflib_Perfdata_2b4.dat
+ 2009-09-23 12:56:53 . 2009-09-23 12:56:53   16384 C:\WINDOWS\Temp\Perflib_Perfdata_124.dat
+ 2004-12-21 04:57:12 . 2009-09-22 18:34:05   72576 C:\WINDOWS\SYSTEM32\PERFC009.DAT
- 2004-12-21 04:57:12 . 2009-09-21 12:45:24   72576 C:\WINDOWS\SYSTEM32\PERFC009.DAT
+ 2004-12-21 04:57:12 . 2009-09-22 18:34:05   445370 C:\WINDOWS\SYSTEM32\PERFH009.DAT
- 2004-12-21 04:57:12 . 2009-09-21 12:45:24   445370 C:\WINDOWS\SYSTEM32\PERFH009.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" [2004-07-19 13:51:24 306688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-08-13 07:05:00 122939]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 13:35:40 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 13:32:24 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 13:36:20 114688]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 18:25:54 57393]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 18:45:52 40960]
"SetDefPrt"="C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe" [2005-01-26 22:02:22 49152]
"ControlCenter3"="C:\Program Files\Brother\ControlCenter3\brctrcen.exe" [2006-04-10 18:58:06 61440]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 16:07:23 81000]
"COMODO Internet Security"="C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" [2009-09-19 17:11:05 1799952]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2009-07-31 19:23:21 149280]
"Malwarebytes Anti-Malware (reboot)"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 18:53:56 1312080]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 14:13:36 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21:42   548352   ----a-w-   C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\WINDOWS\SYSTEM32\guard32.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
backup=C:\WINDOWS\pss\KODAK Software Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Terry Bent^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
backup=C:\WINDOWS\pss\OpenOffice.org 3.1.lnkStartup

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"LogitechVideoRepair"=C:\Program Files\Logitech\Video\ISStart.exe
"LogitechVideoTray"=C:\Program Files\Logitech\Video\LogiTray.exe
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe"
"BrMfcWnd"=C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R3 SASENUM;SASENUM;C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [2009-09-15 15:42:48 7408]
R3 tap0801;Smarthide TAP driver;C:\WINDOWS\system32\DRIVERS\tap0801.sys [2007-10-12 13:07:10 55808]
S1 aswSP;avast! Self Protection;

S1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2009-09-19 17:13:09 132296]
S1 cmdHlp;COMODO Internet Security Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2009-09-19 17:13:11 25160]
S1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2009-09-15 15:42:46 9968]
S1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [2009-09-15 15:42:44 74480]
S2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-08-17 16:05:37 20560]

.
Contents of the 'Scheduled Tasks' folder

2009-09-22 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34:12 . 2008-07-30 16:34:12]

2009-09-23 C:\WINDOWS\Tasks\Google Software Updater.job
- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-08 15:43:35 . 2009-08-08 15:43:35]

2009-09-22 C:\WINDOWS\Tasks\Unyk Outlook Sync Client - Terry Bent.job
- C:\Program Files\Unyk Syncro\OutlookPlugin.exe [2009-07-20 14:42:58 . 2009-07-20 14:42:58]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
mStart Page = hxxp://www.google.com
mWindow Title =
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
DPF: {774FE9E1-A8F8-4A40-9706-8F673D8DB6ED} - hxxp://www.unyk.com/Diffusion/ActiveX/UNYKContactsFinder.cab
FF - ProfilePath - C:\Documents and Settings\Terry Bent\Application Data\Mozilla\Firefox\Profiles\jke6s4j4.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk
FF - prefs.js: network.proxy.type - 4
FF - component: C:\Program Files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: C:\Program Files\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-23 08:57:16
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•A~*]
"AB141C35E9F4BF344B9FC010BB17F68A"=""
.

Sets=
202

evilfantasy · « **Reply #11 on:** September 23, 2009, 03:57:23 PM »

I didn't think that would work.

* Click START then RUN - Vista users press the Windows Key and the R keys for the Run box.
* Now type Combofix /u in the runbox
* Make sure there's a space between Combofix and /u
* Then hit Enter

* The above procedure will:
* Delete the following:
* ComboFix and its associated files and folders.
* Reset the clock settings.
* Hide file extensions, if required.
* Hide System/Hidden files, if required.
* Set a new, clean Restore Point.

----------

Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.

----------

ESET Online Scan

Scan your computer with the ESET FREE Online Virus Scan

* Click the ESET Online Scanner button.

* For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
* Click on the esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop
* Double click on the esetsmartinstaller_enu.exe icon on your desktop.
* Place a check mark next to YES, I accept the Terms of Use.

* Click the Start button.
* Accept any security warnings from your browser.
* Leave the check mark next to Remove found threats and place a check next to Scan archives.
* Click the Start button.
* ESET will then download updates, install, and begin scanning your computer. Please be patient as this can take some time.
* When the scan completes, click List of found threats.
* Next click Export to text file and save the file to your desktop using a name such as ESETScan. Include the contents of this report in your next reply.
* Click the <<Back button then click Finish.

In your next reply please include the ESET Online Scan Log

terryb · « **Reply #12 on:** September 24, 2009, 07:52:24 AM »

Good Morning, you must be really fed up with me by now! But Thank You your help is appreciated!
I have done as you said and did not get a log file from the ESET programme as it said that no threats were found! Is this good news???

evilfantasy · « **Reply #13 on:** September 24, 2009, 08:53:51 AM »

Yes that's good news.

Final suggestions...

Use the Secunia Software Inspector to check for out of date software.

Click Start Now
Check the box next to Enable thorough system inspection.
Click Start
Allow the scan to finish and scroll down to see if any updates are needed.
Update anything listed.

.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.

terryb · « **Reply #14 on:** September 24, 2009, 11:55:07 AM »

There were two out of date softwares, both have been updated.
I have downloaded all of the malware/spyware you suggest.
I guess that solves my problems? Thank you very much for your help and understanding you have been brilliant, once again Thank You.
regards
Terry

evilfantasy · « **Reply #15 on:** September 24, 2009, 01:17:42 PM »

Yes you should be good to go now.

Safe surfing..

Computer Hope Forum

News:

Author Topic: Sniper Log (Read 11437 times)

terryb

Sniper Log

harry 48

Re: Sniper Log

terryb

Re: Sniper Log

evilfantasy

Re: Sniper Log

terryb

Re: Sniper Log

evilfantasy

Re: Sniper Log

terryb

Re: Sniper Log

evilfantasy

Re: Sniper Log

terryb

Re: Sniper Log

evilfantasy

Re: Sniper Log

terryb

Re: Sniper Log

evilfantasy

Re: Sniper Log

terryb

Re: Sniper Log

evilfantasy

Re: Sniper Log

terryb

Re: Sniper Log

evilfantasy

Re: Sniper Log