Author Topic: Your system is infected! (Please help if you can) (Read 56495 times)

KayleyBug · « **on:** February 16, 2010, 02:24:48 AM »

My laptop suddenly acquired a virus which I think I got when my friend used it and opened a song attached to an email she had. Many programs won't open or run, for example Pain won't work but Word will open.
Some sites make the internet close itself, for example AVG, and sometimes when I try to download anti-virus programs they won't load.
I have tried the 6 steps advised, however I was unable to do some as the virus won't let me.

Superantispyware, for example, won't install or open (it starts to load and then just disappears), and it won't let me update Java.

The background of my desktop is permanently green with the message 'YOUR SYSTEM IS INFECTED! System has been stopped due to a serious malfunction. Spyware activity has been detected. It is recommended to use spyware removal tool to prevent data loss. Do not use the computer before all spyware removed.'
The poor grammar gives it away as being fake. Also an icon appeared in my toolbar (I think that's what it's called? next to the battery symbol on the bottom right) that was round and red with a white X, that kept popping up and warning me that I had a trojan and to click it for anti-spyware. That was also part of the virus, I believe, and has stopped popping up since running some of the recommended programs, but the background is still the same.

I will post the two logs I do have:

Malwarebytes' Anti-Malware 1.44
Database version: 3510
Windows 5.1.2600 Service Pack 2 (Safe Mode)
Internet Explorer 7.0.5730.13

15/02/2010 23:13:56
mbam-log-2010-02-15 (23-13-56).txt

Scan type: Quick Scan
Objects scanned: 119792
Time elapsed: 4 minute(s), 12 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 5
Registry Data Items Infected: 11
Folders Infected: 1
Files Infected: 17

Memory Processes Infected:
C:\WINDOWS\system32\smss32.exe (Trojan.FakeAlert) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\z1jipsibfe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smss32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smss32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\naprav2 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\uid (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: sprecf.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: c:\windows\system32\winlogon32.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: system32\winlogon32.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\winlogon32.exe) Good: (userinit.exe) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\WINDOWS\system32\lowsec (Stolen.data) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\sprecf.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Documents and Settings\All Users\Application Data\rspgjclg\nmjgvydu.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\51.tmp (Trojan.Waledac) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\52.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\wpv771266066426.exe (Trojan.Waledac) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lowsec\local.ds (Stolen.data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lowsec\user.ds (Stolen.data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lowsec\user.ds.lll (Stolen.data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\smss32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\helper32.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Winlogon32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\lyesys32.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\wiaserva.log (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\wpv231266168394.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\wpv421265883176.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\wpv851265213601.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\41.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

******************************************************************

Symantec W32.Netsky FixTool 1.13.0

C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{E93D9B0A-9E3D-07AC-6A4B-33F3AED6B808}\01\11-{E93D9B0A-9E3D-07AC-6A4B-33F3AED6B808}-v1-{E4B48C66-6217-4F8A-B588-32CD3169E251}-v11-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{E93D9B0A-9E3D-07AC-6A4B-33F3AED6B808}\12\25-{913F0070-4EE3-4BBC-A6AD-A44D8290110C}-v12-{E4B48C66-6217-4F8A-B588-32CD3169E251}-v25-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{E93D9B0A-9E3D-07AC-6A4B-33F3AED6B808}\13\13-{913F0070-4EE3-4BBC-A6AD-A44D8290110C}-v13-{913F0070-4EE3-4BBC-A6AD-A44D8290110C}-v13-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{E93D9B0A-9E3D-07AC-6A4B-33F3AED6B808}\14\14-{913F0070-4EE3-4BBC-A6AD-A44D8290110C}-v14-{913F0070-4EE3-4BBC-A6AD-A44D8290110C}-v14-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{E93D9B0A-9E3D-07AC-6A4B-33F3AED6B808}\15\15-{913F0070-4EE3-4BBC-A6AD-A44D8290110C}-v15-{913F0070-4EE3-4BBC-A6AD-A44D8290110C}-v15-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{E93D9B0A-9E3D-07AC-6A4B-33F3AED6B808}\16\16-{913F0070-4EE3-4BBC-A6AD-A44D8290110C}-v16-{913F0070-4EE3-4BBC-A6AD-A44D8290110C}-v16-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{E93D9B0A-9E3D-07AC-6A4B-33F3AED6B808}\17\17-{913F0070-4EE3-4BBC-A6AD-A44D8290110C}-v17-{913F0070-4EE3-4BBC-A6AD-A44D8290110C}-v17-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{E93D9B0A-9E3D-07AC-6A4B-33F3AED6B808}\18\18-{913F0070-4EE3-4BBC-A6AD-A44D8290110C}-v18-{913F0070-4EE3-4BBC-A6AD-A44D8290110C}-v18-Partial.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\Administrator\My Documents\My Music\iTunes\iTunes Music\SCANDAL\BEST?SCANDAL: (not scanned)
C:\Documents and Settings\Administrator\My Documents\My Music\iTunes\iTunes Music\??: (not scanned)
C:\Program Files\Crayon Physics Deluxe: (not scanned)
C:\Program Files\Deskshare: (not scanned)
C:\RECYCLER\S-1-5-21-893622875-1752805829-1147589580-500\Dc192\boards\standard: (not scanned)
C:\RECYCLER\S-1-5-21-893622875-1752805829-1147589580-500\Dc192\mus: (not scanned)
C:\RECYCLER\S-1-5-21-893622875-1752805829-1147589580-500\Dc192\sfx: (not scanned)
C:\RECYCLER\S-1-5-21-893622875-1752805829-1147589580-500\Dc193: (not scanned)
C:\RECYCLER\S-1-5-21-893622875-1752805829-1147589580-500\Dc194: (not scanned)
C:\RECYCLER\S-1-5-21-893622875-1752805829-1147589580-500\Dc195: (not scanned)
C:\RECYCLER\S-1-5-21-893622875-1752805829-1147589580-500\Dc196: (not scanned)
C:\RECYCLER\S-1-5-21-893622875-1752805829-1147589580-500\Dc197: (not scanned)
C:\RECYCLER\S-1-5-21-893622875-1752805829-1147589580-500\Dc198: (not scanned)
C:\RECYCLER\S-1-5-21-893622875-1752805829-1147589580-500\Dc199: (not scanned)
C:\RECYCLER\S-1-5-21-893622875-1752805829-1147589580-500\Dc200: (not scanned)
C:\RECYCLER\S-1-5-21-893622875-1752805829-1147589580-500\Dc201: (not scanned)
C:\RECYCLER\S-1-5-21-893622875-1752805829-1147589580-500\Dc202: (not scanned)
C:\System Recovery: (not scanned)
C:\System Volume Information: (not scanned)
E:\System Volume Information: (not scanned)
W32.Netsky has not been found on your computer.

Any help you can give me would be genuinely appreciated, I really need my laptop for uni and it's a nightmare at the moment because I can't do any work or use the internet as I'm scared it will steal my passwords! If there's anything on my laptop you're not happy about me having (e.g. something I've downloaded in the past and forgotten about so it's floating about somewhere) then I'll be happy to delete it immediately. Thank you so much in advance for your help.

Kayley

KayleyBug · « **Reply #1 on:** February 16, 2010, 09:50:52 AM »

I managed to get to my SUPERAntiSpyware log in Safe Mode (I realised that I'd managed to get it to do a scan last night, but since re-booting after the scan, it will no longer let me open the program.)

I also attempted to install the new version of Java in Safe Mode. It tried to install and would have been successful but unfortunately it can't fully install when the computer is in Safe Mode. (As mentioned above, Java will not open or install or do anything when my laptop is in Normal mode.) $:-\$

Here's my SAS scan log, hopefully with all 3 logs you'll now be better equipped to spot any problems. Let me know if you need any further information, of course I understand that going through the logs will take up your time, and that you also have real life to be getting on with, so I appreciate that it will be a few hours/days before I get a response.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/16/2010 at 00:42 AM

Application Version : 4.33.1000

Core Rules Database Version : 4446
Trace Rules Database Version: 1978

Scan type : Complete Scan
Total Scan Time : 01:13:47

Memory items scanned : 529
Memory threats detected : 0
Registry items scanned : 6045
Registry threats detected : 3
File items scanned : 81982
File threats detected : 1

Browser Hijacker.Internet Explorer Zone Hijack
   HKU\S-1-5-21-893622875-1752805829-1147589580-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\is-software-download25.com
   HKU\S-1-5-21-893622875-1752805829-1147589580-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\is-software-download25.com#http

Adware.Tracking Cookie
   C:\Documents and Settings\Administrator\Cookies\kayley_e_r@atdmt[2].txt

Trojan.DNSChanger-Codec
   HKU\S-1-5-21-893622875-1752805829-1147589580-500\Software\uninstall

evilfantasy · « **Reply #2 on:** February 17, 2010, 03:59:38 PM »

If you already have ComboFix be sure to delete it and download a new copy.

Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.

Link #1
Link #2

**Note: It is important that it is saved directly to your Desktop

Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Double click combofix.exe & follow the prompts.
Vista users Right-Click on ComboFix.exe and select Run as administrator (you will receive a UAC prompt, please allow it)
When finished ComboFix will produce a log for you.
Post the ComboFix log in your next reply.

Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.

If you have problems with ComboFix usage, see How to use ComboFix

KayleyBug · « **Reply #3 on:** February 17, 2010, 04:40:28 PM »

Thank you so much for getting back to me.

Combofix wanted to download/install the 'Microsoft Windows recovery console' and I clicked yes but it didn't work, stating that I wasn't connected to the internet. However, I definitely was connected to the internet. $:-\$
I've done the scan, results below. Since using Combofix my desktop background is back to normal. I'm guessing the virus is still around though?
I will leave my laptop on for now, and then set it to hibernate if I haven't heard back from you before I go to bed (in case I mess anything up before your next reply).

ComboFix 10-02-12.01 - Kayley E R 17/02/2010 23:16:00.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.895.379 [GMT 0:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\ADMINI~1\LOCALS~1\Temp\21303429133.nls
c:\documents and settings\Administrator\Application Data\Microsoft\Windows\import.ocx
c:\documents and settings\Administrator\Application Data\Microsoft\Windows\jsdb.dll
c:\documents and settings\Administrator\Application Data\Microsoft\Windows\mfximport.exe
c:\documents and settings\Administrator\Local Settings\Application Data\{1E6CC85C-AE83-4676-9C1C-B03438E4FBC4}
c:\documents and settings\Administrator\Local Settings\Application Data\{1E6CC85C-AE83-4676-9C1C-B03438E4FBC4}\chrome.manifest
c:\documents and settings\Administrator\Local Settings\Application Data\{1E6CC85C-AE83-4676-9C1C-B03438E4FBC4}\chrome\content\_cfg.js
c:\documents and settings\Administrator\Local Settings\Application Data\{1E6CC85C-AE83-4676-9C1C-B03438E4FBC4}\chrome\content\overlay.xul
c:\documents and settings\Administrator\Local Settings\Application Data\{1E6CC85C-AE83-4676-9C1C-B03438E4FBC4}\install.rdf
c:\documents and settings\Administrator\Local Settings\Temp\21303429133.nls
c:\recycler\S-1-5-21-1340307497-2614723990-4250122306-500
c:\recycler\S-1-5-21-1708537768-602609370-725345543-500
c:\recycler\S-1-5-21-893622875-1752805829-1147589580-1014
c:\windows\msacm32.drv
c:\windows\rasqervy.dll
c:\windows\sdfinacs.dll
c:\windows\sdfixwcs.dll
c:\windows\system32\11478.exe
c:\windows\system32\15724.exe
c:\windows\system32\18467.exe
c:\windows\system32\19169.exe
c:\windows\system32\23281.exe
c:\windows\system32\24464.exe
c:\windows\system32\26500.exe
c:\windows\system32\26962.exe
c:\windows\system32\28145.exe
c:\windows\system32\29358.exe
c:\windows\system32\5705.exe
c:\windows\system32\6334.exe
c:\windows\system32\IS15.exe
c:\windows\system32\warning.html
c:\windows\TEMP\21303429133.nls
c:\windows\ubaxaroyuyevev.dll
c:\windows\wuasirvy.dll

.
((((((((((((((((((((((((( Files Created from 2010-01-17 to 2010-02-17 )))))))))))))))))))))))))))))))
.

2010-02-15 23:25 . 2010-02-15 23:25   --------   d-----w-   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-02-15 23:25 . 2010-02-15 23:25   --------   d-----w-   c:\program files\SUPERAntiSpyware
2010-02-15 23:25 . 2010-02-15 23:25   --------   d-----w-   c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2010-02-15 22:38 . 2010-02-15 22:38   --------   d-----w-   c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-02-15 22:37 . 2010-01-07 16:07   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-15 22:37 . 2010-02-15 22:37   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
2010-02-15 22:37 . 2010-01-07 16:07   19160   ----a-w-   c:\windows\system32\drivers\mbam.sys
2010-02-15 22:37 . 2010-02-15 22:38   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2010-02-15 22:23 . 2010-02-15 22:23   --------   d-----w-   c:\program files\Trend Micro
2010-02-15 19:28 . 2010-02-15 19:28   552   ----a-w-   c:\windows\system32\d3d8caps.dat
2010-02-15 18:13 . 2010-02-15 18:13   --------   d-----w-   c:\documents and settings\Administrator\Application Data\AVG8
2010-02-04 11:54 . 2010-02-17 23:04   120   ----a-w-   c:\windows\Byipelozu.dat
2010-02-04 11:54 . 2010-02-17 23:04   0   ----a-w-   c:\windows\Esuloso.bin

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-17 23:25 . 2007-05-28 20:32   9517290   ----a-w-   c:\windows\Internet Logs\tvDebug.zip
2010-02-16 16:25 . 2010-02-16 16:27   3221504   ----a-w-   c:\windows\Internet Logs\xDB3.tmp
2010-02-16 00:16 . 2009-05-17 14:44   --------   d-----w-   c:\program files\Xvid
2010-02-16 00:16 . 2007-12-03 15:32   --------   d-----w-   c:\program files\USB Disk Win98 Driver
2010-02-16 00:16 . 2006-07-11 06:12   --------   d-----w-   c:\program files\Windows Media Connect
2010-02-15 23:26 . 2010-02-15 23:26   52224   ----a-w-   c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-02-15 23:26 . 2010-02-15 23:26   117760   ----a-w-   c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-02-15 23:24 . 2010-01-17 12:44   --------   d-----w-   c:\program files\Common Files\Wise Installation Wizard
2010-02-15 23:13 . 2008-10-05 14:53   --------   d-----w-   c:\documents and settings\All Users\Application Data\rspgjclg
2010-02-12 11:42 . 2009-08-09 14:42   0   ----a-w-   c:\documents and settings\Administrator\Local Settings\Application Data\prvlcl.dat
2010-02-10 14:52 . 2007-01-09 11:46   --------   d-----w-   c:\program files\Lx_cats
2010-01-17 12:46 . 2010-01-17 12:46   4   --sh--r-   c:\documents and settings\All Users\Application Data\sysqcl1129139270.dat
2010-01-14 11:12 . 2009-10-04 16:01   181120   ------w-   c:\windows\system32\MpSigStub.exe
2010-01-09 19:53 . 2008-07-31 11:38   --------   d-----w-   c:\program files\Windows Live Safety Center
2009-05-01 21:02 . 2009-05-01 21:02   1044480   ----a-w-   c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02   200704   ----a-w-   c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
"Kbdgui"="c:\documents and settings\Administrator\Application Data\Adobe\Update\traykbd.dat" [2010-02-16 123392]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2006-03-31 184320]
"LXCFCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll" [2005-07-20 73728]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-03-28 593920]
"USB Storage Toolbox"="c:\windows\UMStor\Res.EXE" [2005-09-14 65536]
"ACQTMOUSE"="c:\program files\Multi-Direction Opitcal Mouse\Multi-Direction Opitcal Mouse\2.0\ACQTMAPP.exe" [2006-12-27 489984]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-03-28 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-04-01 1932568]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"TrayServer"="c:\program files\MAGIX\Movie_Edit_Pro_15_Download_version\TrayServer.exe" [2008-11-13 90112]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-04 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
AOL 9.0 Tray Icon.lnk - c:\program files\AOL 9.0a\aoltray.exe [2007-2-4 156784]
DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2006-10-4 184320]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-04-01 11:34   10520   ----a-w-   c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IfxWlxEN]
2006-03-03 15:08   434176   ----a-w-   c:\windows\system32\IfxWlxEN.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2005-07-25 18:41   40960   ----a-w-   c:\program files\HPQ\IAM\Bin\AsWlnPkg.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\WINDOWS\\SMINST\\Scheduler.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"c:\\Program Files\\AOL\\RC\\regClient.exe"=
"c:\\Program Files\\AOL 9.0a\\waol.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [01/04/2009 11:34 325640]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [01/04/2009 11:34 108552]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [29/11/2005 16:56 36768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [05/01/2010 07:56 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [05/01/2010 07:56 74480]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [04/08/2004 08:00 14336]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [01/04/2009 11:33 298264]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 18:19 13592]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [21/10/2005 11:19 36352]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [16/05/2009 15:03 1527900]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [05/01/2010 07:56 7408]
S3 z520bus;Sony Ericsson 520 driver (WDM);c:\windows\system32\drivers\z520bus.sys [26/07/2005 10:13 57648]
S3 z520mdfl;Sony Ericsson 520 USB WMC Modem Filter;c:\windows\system32\drivers\z520mdfl.sys [26/09/2007 13:34 8336]
S3 z520mdm;Sony Ericsson 520 USB WMC Modem Drivers;c:\windows\system32\drivers\z520mdm.sys [26/09/2007 13:34 93488]
S3 z520mgmt;Sony Ericsson 520 USB WMC Device Management Drivers;c:\windows\system32\drivers\z520mgmt.sys [26/09/2007 13:35 84928]
S3 z520obex;Sony Ericsson 520 USB WMC OBEX Interface Drivers;c:\windows\system32\drivers\z520obex.sys [26/09/2007 13:34 82864]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance   REG_MULTI_SZ     ASChannel
.
Contents of the 'Scheduled Tasks' folder

2010-02-17 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.hp.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/
uInternet Settings,ProxyServer = 127.0.0.1:8080
uInternet Settings,ProxyOverride = local;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: buy-internetsecurity10.com
Trusted Zone: buy-is2010.com
Trusted Zone: is-software-download.com
Trusted Zone: is10-soft-download.com
Trusted Zone: buy-internetsecurity10.com
Trusted Zone: buy-is2010.com
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dlbu8v23.default\
FF - plugin: c:\program files\Common Files\ParallelGraphics\Cortona\npCortona.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Ymigabobituyi - c:\windows\ubaxaroyuyevev.dll
HKU-Default-RunOnce-RunNarrator - Narrator.exe
AddRemove-Bonus Pack for Super DX-Ball Deluxe_is1 - c:\program files\Super DX-Ball Deluxe\unins001.exe
AddRemove-CDisplay_is1 - c:\program files\CDisplay\unins000.exe
AddRemove-Crayon Physics Deluxe_is1 - c:\program files\Crayon Physics Deluxe\unins000.exe
AddRemove-Digital Media Converter_is1 - c:\program files\Deskshare\Digital Media Converter\unins000.exe
AddRemove-Guitar Pro 4.0 - c:\progra~1\GUITAR~1\UNWISE.EXE
AddRemove-Guitar Pro 5_is1 - c:\program files\Guitar Pro 5\unins000.exe
AddRemove-HijackThis - c:\program files\Trend Micro\HijackThis\HijackThis.exe
AddRemove-LimeWire - c:\program files\LimeWire\uninstall.exe
AddRemove-Pocket Tanks_is1 - c:\program files\Pocket Tanks\unins000.exe
AddRemove-SpeedFan - c:\program files\SpeedFan\uninstall.exe
AddRemove-Super DX-Ball Deluxe_is1 - c:\program files\Super DX-Ball Deluxe\unins000.exe
AddRemove-Super DX-Ball_is1 - c:\program files\Super DX-Ball\unins000.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-17 23:26
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCFCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16?

?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(928)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
c:\program files\HPQ\IAM\Bin\AsWlnPkg.dll
c:\windows\system32\IfxWlxEN.dll
c:\program files\HPQ\IAM\Bin\ASChnl.dll
c:\program files\HPQ\IAM\Bin\ItMsg.dll

- - - - - - - > 'explorer.exe'(1632)
c:\program files\HPQ\IAM\Bin\SFSShell.dll
c:\program files\HPQ\IAM\bin\ItMsg.dll
c:\windows\system32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\DllHost.exe
c:\windows\system32\msdtc.exe
c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\IFXSPMGT.exe
c:\windows\system32\IFXTCS.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\ProtectTools\Embedded Security Software\PSDsrvc.EXE
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\mqsvc.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\ProtectTools\Embedded Security Software\PSDrt.exe
c:\program files\HPQ\IAM\bin\asghost.exe
c:\windows\system32\mqtgsvc.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Teleca Shared\Generic.exe
c:\program files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
.
**************************************************************************
.
Completion time: 2010-02-17 23:32:55 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-17 23:32

Pre-Run: 20,770,365,440 bytes free
Post-Run: 20,662,919,168 bytes free

- - End Of File - - 9BCEE55D3BE4497A670308AA97C4A00D

evilfantasy · « **Reply #4 on:** February 17, 2010, 05:18:47 PM »

Don't worry about the Recovery Console. You can skip that.

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code: [Select]

KillAll::

DDS::
Trusted Zone: buy-internetsecurity10.com
Trusted Zone: buy-is2010.com
Trusted Zone: is-software-download.com
Trusted Zone: is10-soft-download.com
Trusted Zone: buy-internetsecurity10.com
Trusted Zone: buy-is2010.com

Firefox::
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

File::
c:\windows\Byipelozu.dat
c:\windows\Esuloso.bin

Folder::
c:\program files\Viewpoint

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kbdgui"=

3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!

ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze

----------

Please go to Start > Run and copy/paste the following blue text, then press Enter:

C:\QooBox\Add-Remove Programs.txt

A text file should open. Please post the contents of that file in your next reply.

KayleyBug · « **Reply #5 on:** February 17, 2010, 05:50:23 PM »

New ComboFix log:

ComboFix 10-02-12.01 - Kayley E R 18/02/2010 0:31.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.895.345 [GMT 0:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
"c:\windows\Byipelozu.dat"
"c:\windows\Esuloso.bin"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Viewpoint
c:\program files\Viewpoint\Viewpoint Experience Technology\AxMetaStream.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\AxMetaStream_0305000D.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\ClassIDs.ini
c:\program files\Viewpoint\Viewpoint Experience Technology\ComponentMgr_0305001C.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\ComponentRegistry.ini
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\AOLArt.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\AOLShell.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\AOLUserShell.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\Cursors.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\DataTracking.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\GifReader.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\JpegReader.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\LensFlares.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\Mts3Reader.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\ObjectMovie.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\SceneComponent.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\ServiceComponent.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\SreeDMMX.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\SWFView.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\VectorView.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\VMPAudio.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\VMPExtras.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\VMPSpeech.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\VMPVideo.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\WaveletReader.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\ZoomView.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\DownLoadHist.ini
c:\program files\Viewpoint\Viewpoint Experience Technology\HostRegistry.ini
c:\program files\Viewpoint\Viewpoint Experience Technology\MetaStreamConfig.ini
c:\program files\Viewpoint\Viewpoint Experience Technology\MetaStreamID.ini
c:\program files\Viewpoint\Viewpoint Experience Technology\MtsAxInstaller.exe
c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.xpt
c:\windows\Byipelozu.dat
c:\windows\Esuloso.bin

.
((((((((((((((((((((((((( Files Created from 2010-01-18 to 2010-02-18 )))))))))))))))))))))))))))))))
.

2010-02-15 23:25 . 2010-02-15 23:25   --------   d-----w-   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-02-15 23:25 . 2010-02-15 23:25   --------   d-----w-   c:\program files\SUPERAntiSpyware
2010-02-15 23:25 . 2010-02-15 23:25   --------   d-----w-   c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2010-02-15 22:38 . 2010-02-15 22:38   --------   d-----w-   c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-02-15 22:37 . 2010-01-07 16:07   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-15 22:37 . 2010-02-15 22:37   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
2010-02-15 22:37 . 2010-01-07 16:07   19160   ----a-w-   c:\windows\system32\drivers\mbam.sys
2010-02-15 22:37 . 2010-02-15 22:38   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2010-02-15 22:23 . 2010-02-15 22:23   --------   d-----w-   c:\program files\Trend Micro
2010-02-15 19:28 . 2010-02-15 19:28   552   ----a-w-   c:\windows\system32\d3d8caps.dat
2010-02-15 18:13 . 2010-02-15 18:13   --------   d-----w-   c:\documents and settings\Administrator\Application Data\AVG8

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-17 23:25 . 2007-05-28 20:32   9517290   ----a-w-   c:\windows\Internet Logs\tvDebug.zip
2010-02-16 16:25 . 2010-02-16 16:27   3221504   ----a-w-   c:\windows\Internet Logs\xDB3.tmp
2010-02-16 00:16 . 2009-05-17 14:44   --------   d-----w-   c:\program files\Xvid
2010-02-16 00:16 . 2007-12-03 15:32   --------   d-----w-   c:\program files\USB Disk Win98 Driver
2010-02-16 00:16 . 2006-07-11 06:12   --------   d-----w-   c:\program files\Windows Media Connect
2010-02-15 23:26 . 2010-02-15 23:26   52224   ----a-w-   c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-02-15 23:26 . 2010-02-15 23:26   117760   ----a-w-   c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-02-15 23:24 . 2010-01-17 12:44   --------   d-----w-   c:\program files\Common Files\Wise Installation Wizard
2010-02-15 23:13 . 2008-10-05 14:53   --------   d-----w-   c:\documents and settings\All Users\Application Data\rspgjclg
2010-02-12 11:42 . 2009-08-09 14:42   0   ----a-w-   c:\documents and settings\Administrator\Local Settings\Application Data\prvlcl.dat
2010-02-10 14:52 . 2007-01-09 11:46   --------   d-----w-   c:\program files\Lx_cats
2010-01-17 12:46 . 2010-01-17 12:46   4   --sh--r-   c:\documents and settings\All Users\Application Data\sysqcl1129139270.dat
2010-01-14 11:12 . 2009-10-04 16:01   181120   ------w-   c:\windows\system32\MpSigStub.exe
2010-01-09 19:53 . 2008-07-31 11:38   --------   d-----w-   c:\program files\Windows Live Safety Center
2009-05-01 21:02 . 2009-05-01 21:02   1044480   ----a-w-   c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02   200704   ----a-w-   c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
"Kbdgui"="c:\documents and settings\Administrator\Application Data\Adobe\Update\traykbd.dat" [2010-02-16 123392]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2006-03-31 184320]
"LXCFCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll" [2005-07-20 73728]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-03-28 593920]
"USB Storage Toolbox"="c:\windows\UMStor\Res.EXE" [2005-09-14 65536]
"ACQTMOUSE"="c:\program files\Multi-Direction Opitcal Mouse\Multi-Direction Opitcal Mouse\2.0\ACQTMAPP.exe" [2006-12-27 489984]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-03-28 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-04-01 1932568]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"TrayServer"="c:\program files\MAGIX\Movie_Edit_Pro_15_Download_version\TrayServer.exe" [2008-11-13 90112]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-04 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
AOL 9.0 Tray Icon.lnk - c:\program files\AOL 9.0a\aoltray.exe [2007-2-4 156784]
DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2006-10-4 184320]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-04-01 11:34   10520   ----a-w-   c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IfxWlxEN]
2006-03-03 15:08   434176   ----a-w-   c:\windows\system32\IfxWlxEN.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2005-07-25 18:41   40960   ----a-w-   c:\program files\HPQ\IAM\Bin\AsWlnPkg.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\WINDOWS\\SMINST\\Scheduler.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"c:\\Program Files\\AOL\\RC\\regClient.exe"=
"c:\\Program Files\\AOL 9.0a\\waol.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [01/04/2009 11:34 325640]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [01/04/2009 11:34 108552]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [29/11/2005 16:56 36768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [05/01/2010 07:56 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [05/01/2010 07:56 74480]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [04/08/2004 08:00 14336]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [01/04/2009 11:33 298264]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 18:19 13592]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [21/10/2005 11:19 36352]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [16/05/2009 15:03 1527900]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [05/01/2010 07:56 7408]
S3 z520bus;Sony Ericsson 520 driver (WDM);c:\windows\system32\drivers\z520bus.sys [26/07/2005 10:13 57648]
S3 z520mdfl;Sony Ericsson 520 USB WMC Modem Filter;c:\windows\system32\drivers\z520mdfl.sys [26/09/2007 13:34 8336]
S3 z520mdm;Sony Ericsson 520 USB WMC Modem Drivers;c:\windows\system32\drivers\z520mdm.sys [26/09/2007 13:34 93488]
S3 z520mgmt;Sony Ericsson 520 USB WMC Device Management Drivers;c:\windows\system32\drivers\z520mgmt.sys [26/09/2007 13:35 84928]
S3 z520obex;Sony Ericsson 520 USB WMC OBEX Interface Drivers;c:\windows\system32\drivers\z520obex.sys [26/09/2007 13:34 82864]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance   REG_MULTI_SZ     ASChannel
.
Contents of the 'Scheduled Tasks' folder

2010-02-18 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.hp.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/
uInternet Settings,ProxyServer = 127.0.0.1:8080
uInternet Settings,ProxyOverride = local;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dlbu8v23.default\
FF - plugin: c:\program files\Common Files\ParallelGraphics\Cortona\npCortona.dll
.
- - - - ORPHANS REMOVED - - - -

AddRemove-ViewpointMediaPlayer - c:\program files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-18 00:41
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCFCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16?

?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(924)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
c:\program files\HPQ\IAM\Bin\AsWlnPkg.dll
c:\windows\system32\IfxWlxEN.dll
c:\program files\HPQ\IAM\Bin\ASChnl.dll
c:\program files\HPQ\IAM\Bin\ItMsg.dll

- - - - - - - > 'explorer.exe'(2852)
c:\program files\HPQ\IAM\Bin\SFSShell.dll
c:\program files\HPQ\IAM\bin\ItMsg.dll
c:\windows\system32\msi.dll
c:\docume~1\ADMINI~1\LOCALS~1\Temp\21303429133.nls
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\DllHost.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\HPQ\IAM\bin\asghost.exe
c:\windows\system32\msdtc.exe
c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\IFXSPMGT.exe
c:\windows\system32\IFXTCS.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\ProtectTools\Embedded Security Software\PSDsrvc.EXE
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\mqsvc.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\mqtgsvc.exe
c:\windows\system32\wscntfy.exe
c:\program files\ProtectTools\Embedded Security Software\PSDrt.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Teleca Shared\Generic.exe
c:\program files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
.
**************************************************************************
.
Completion time: 2010-02-18 00:47:24 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-18 00:47
ComboFix2.txt 2010-02-17 23:32

Pre-Run: 20,634,279,936 bytes free
Post-Run: 20,573,704,192 bytes free

- - End Of File - - C9B4B339BA1545B0EE1ED5FEA0FACD2A

************************************************************

Copy and paste blue text results:

Ad-Aware SE Personal
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader 7.0.9
Adobe Shockwave Player
Adobe Stock Photos 1.0
AOL Coach Version 1.0(Build:20040229.1 uk)
AOL Connectivity Services
AOL Registration
AOL Spyware Protection
AOL Toolbar
AOL UK (Choose which version to remove)
AOL You've Got Pictures Screensaver
Apple Mobile Device Support
Apple Software Update
Application Installer 4.00.B6
ATI Catalyst Control Center
ATI Display Driver
Atomic Cannon Demo
Audacity 1.2.6
AVG 8.5
Bonjour
CCleaner (remove only)
Comic Life
Compatibility Pack for the 2007 Office system
Cortona® VRML Client
Disc2Phone
DivX Web Player
Firebird SQL Server - MAGIX Edition
HDAUDIO Soft Data Fax Modem with SmartCP
Hotfix for Windows XP (KB896243)
Hotfix for Windows XP (KB896256)
Hotfix for Windows XP (KB909095)
Hotfix for Windows XP (KB910728)
Hotfix for Windows XP (KB912436)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915326)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB918005)
HP Backup and Recovery Manager Installer
HP BIOS Configuration for ProtectTools 2.00 G1
HP Credential Manager for ProtectTools
HP Embedded Security for ProtectTools
HP Help and Support
HP Notebook Accessories Product Tour
HP ProtectTools Security Manager 2.00 C3
HP Quick Launch Buttons 6.00 G2
HP Update
HP User Guides 0022
HP Wireless Assistant 2.00 F1
HpSdpAppCoreApp
InterVideo DVD Check
InterVideo WinDVD
IrfanView (remove only)
iTunes
Learn2 Player (Uninstall Only)
Lexmark 730 Series
LightScribe 1.4.84.1
MAGIX 3D Maker (embeded)
MAGIX Movie Edit Pro 15 Download version 8.5.0.30 (UK)
MAGIX Screenshare 4.3.6.1987 (UK)
MAGIX Xtreme PhotoStory on CD & DVD 8 deluxe Download version 8.0.3.2 (UK)
Malwarebytes' Anti-Malware
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003
Microsoft Speech SDK 5.1
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.5.7)
MSVCRT
MSXML 4.0 SP2 (KB927978)
Multi-Direction Opitcal Mouse 2.0
Power Tab Editor 1.7
QuickTime
RealPlayer
Safari
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB929969)
Segoe UI
Sonic Audio Module
Sonic Copy Module
Sonic Data Module
Sonic DLA
Sonic Express Labeler
Sonic MyDVD Plus
Sonic Update Manager
Sony Ericsson PC Suite
SoundMAX
Spybot - Search & Destroy 1.4
SUPERAntiSpyware Free Edition
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515/xx12 drivers.
TIPCI
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB912945)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
USB Disk Win98 Driver
VC80CRTRedist - 8.0.50727.762
VideoLAN VLC media player 0.8.6a
Viewpoint Media Player
WebFldrs XP
Windows Defender
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Installer Clean Up
Windows Internet Explorer 7
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Connect
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB884575
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885295
Windows XP Hotfix - KB885464
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885855
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888239
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB888402
Windows XP Hotfix - KB889673
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB892559
WinRAR archiver
WinZip
Xvid 1.1.3 final uninstall
ZoneAlarm

evilfantasy · « **Reply #6 on:** February 17, 2010, 05:58:50 PM »

Sorry I missed something. But it's a quick fix.

Go to Start > Run and type notepad.exe then click OK

Copy and paste the below into Notepad and save as fixme.reg to Your Desktop

Code: [Select]

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kbdgui"=-

Locate fixme.reg on your Desktop and double-click it. Answer Yes when prompted to merge with the Registry.

Delete the fixme.reg from the Desktop.

----------

* Click START then RUN - Vista users press the Windows Key and the R keys for the Run box.
* Now type Combofix /Uninstall in the runbox
* Make sure there's a space between Combofix and /Uninstall
* Then hit Enter

* The above procedure will:
* Delete the following:
* ComboFix and its associated files and folders.
* Reset the clock settings.
* Hide file extensions, if required.
* Hide System/Hidden files, if required.
* Set a new, clean Restore Point.

----------

Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.

----------

ESET Online Scan

Scan your computer with the ESET FREE Online Virus Scan

* Click the ESET Online Scanner button.

* For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
* Click on the esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop
* Double click on the esetsmartinstaller_enu.exe icon on your desktop.
* Place a check mark next to YES, I accept the Terms of Use.

* Click the Start button.
* Accept any security warnings from your browser.
* Leave the check mark next to Remove found threats and place a check next to Scan archives.
* Click the Start button.
* ESET will then download updates, install, and begin scanning your computer. Please be patient as this can take some time.
* When the scan completes, click List of found threats.
* Next click Export to text file and save the file to your desktop using a name such as ESETScan. Include the contents of this report in your next reply.
* Click the <<Back button then click Finish.

In your next reply please include the ESET Online Scan Log

KayleyBug · « **Reply #7 on:** February 17, 2010, 06:19:36 PM »

I managed everything else, however when I attempted to run ESET after saving it to desktop a box appears saying:

Can not get update. Is proxy configured?
ESET online scanner installation consists of three steps
1. Component download
2. Component registration
3. Start

Then there's a loading bar that's empty. Below that is a box to check saying 'Use custom proxy settings' and a link saying 'configure'. The Configure asks for my Proxy address, Port, Username and Password.
When I click the start button at the bottom right of the box, the writing saying 'Can not get update. Is proxy configured?' changes to 'Downloading components...' for a split second and then goes back to the above description.

Should I disable AVG? Is that what's blocking it?

evilfantasy · « **Reply #8 on:** February 17, 2010, 06:25:25 PM »

I had something similar when I tried to use the download with Firefox. Try using the Internet Explorer scan.

KayleyBug · « **Reply #9 on:** February 17, 2010, 06:32:41 PM »

Thank you, it worked fine on Internet Explorer.
Unfortunately, I have no scan log show for it because it says 'No Threats Found'.
Should I check 'uninstall application on close'?

evilfantasy · « **Reply #10 on:** February 17, 2010, 06:34:19 PM »

There is no way the scan finished that fast. Did you adjust any of the settings for the scan?

KayleyBug · « **Reply #11 on:** February 17, 2010, 06:38:22 PM »

I didn't change any settings except to check 'scan archives', but I went back to it to do another scan and realised that 'Scan for potentially unsafe applications' is already un-checked. Should I check that? I'm also going to disable Zone Alarm and AVG.

evilfantasy · « **Reply #12 on:** February 17, 2010, 06:40:29 PM »

Let's try another scanner. That was just way too fast.

Scan your computer with Panda ActiveScan

* Once you are on the Panda site click the Scan your PC now button.
* A new window will open...click the Scan Now button.
* If it wants to install an ActiveX component allow it.
* It will start downloading the files it requires for the scan. (Note: It may take a couple of minutes)
* You may get a warning from Internet Explorer that Panda is ready to install, please allow it.
* The scan will begin. Please be patient as it can take an hour or more to complete.
* When the scan completes, if anything malicious is detected, click the Export to: button (looks like a little Notepad).
* Save the ActiveScan.txt to a convenient location like your desktop.
* Note: You do not need to select any of the Disinfect options. We will remove any threats manually.

* Post the contents of the ActiveScan report in your next reply.

KayleyBug · « **Reply #13 on:** February 17, 2010, 06:56:58 PM »

Much more luck with the Panda scan, it's running now.
As it's 2am here in Wales and could be after 3am once it's done, I'm going to set my laptop to hibernate after 2 hours and let it run while I go to sleep.
I'll post the scan results in the morning although it'll be night time for you, so I understand I'm in for another wait

evilfantasy · « **Reply #14 on:** February 17, 2010, 07:12:45 PM »

We can finish up whenever you get the time to.

KayleyBug · « **Reply #15 on:** February 18, 2010, 04:23:08 AM »

Here they are, the active scan results:

;*****************************************************************************
ANALYSIS: 2010-02-18 11:21:33
PROTECTIONS: 1
MALWARE: 4
SUSPECTS: 2
;*****************************************************************************
PROTECTIONS
Description Version Active Updated
;====================================================================
AVG Anti-Virus Free 8.5 No No
;====================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;====================================================================
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\kayley_e_r@atdmt[2].txt
03074964 Trj/CI.A Virus/Trojan No 0 Yes No c:\system volume information\_restore{a80475b6-cf6d-4b3a-bd21-b16c67db5304}\rp8\a0001951.exe
03074964 Trj/CI.A Virus/Trojan No 0 Yes No c:\system volume information\_restore{a80475b6-cf6d-4b3a-bd21-b16c67db5304}\rp6\a0000466.exe
03074964 Trj/CI.A Virus/Trojan No 0 Yes No c:\system volume information\_restore{a80475b6-cf6d-4b3a-bd21-b16c67db5304}\rp10\a0003173.dll
03074964 Trj/CI.A Virus/Trojan No 0 Yes No c:\windows\system32\msls50.dll
05898765 Trj/Nabload.DPS Virus/Trojan No 0 No No c:\system volume information\_restore{a80475b6-cf6d-4b3a-bd21-b16c67db5304}\rp11\a0003505.exe[32788r22fwjfw\catchme.cfxxe]
05977738 Adware/ISecurity2010 Adware No 0 Yes No c:\system volume information\_restore{a80475b6-cf6d-4b3a-bd21-b16c67db5304}\rp5\a0000445.exe
05977738 Adware/ISecurity2010 Adware No 0 Yes No c:\system volume information\_restore{a80475b6-cf6d-4b3a-bd21-b16c67db5304}\rp6\a0000469.exe
05977738 Adware/ISecurity2010 Adware No 0 Yes No c:\system volume information\_restore{a80475b6-cf6d-4b3a-bd21-b16c67db5304}\rp5\a0000424.exe
05977738 Adware/ISecurity2010 Adware No 0 Yes No c:\system volume information\_restore{a80475b6-cf6d-4b3a-bd21-b16c67db5304}\rp7\a0001483.exe
05977738 Adware/ISecurity2010 Adware No 0 Yes No c:\system volume information\_restore{a80475b6-cf6d-4b3a-bd21-b16c67db5304}\rp5\a0000410.exe
05977738 Adware/ISecurity2010 Adware No 0 Yes No c:\system volume information\_restore{a80475b6-cf6d-4b3a-bd21-b16c67db5304}\rp5\a0000366.exe
05977738 Adware/ISecurity2010 Adware No 0 Yes No c:\system volume information\_restore{a80475b6-cf6d-4b3a-bd21-b16c67db5304}\rp7\a0001887.exe
05977738 Adware/ISecurity2010 Adware No 0 Yes No c:\system volume information\_restore{a80475b6-cf6d-4b3a-bd21-b16c67db5304}\rp8\a0001942.exe
05977738 Adware/ISecurity2010 Adware No 0 Yes No c:\system volume information\_restore{a80475b6-cf6d-4b3a-bd21-b16c67db5304}\rp8\a0001950.exe
05977738 Adware/ISecurity2010 Adware No 0 Yes No c:\system volume information\_restore{a80475b6-cf6d-4b3a-bd21-b16c67db5304}\rp5\a0000435.exe
05977738 Adware/ISecurity2010 Adware No 0 Yes No c:\system volume information\_restore{a80475b6-cf6d-4b3a-bd21-b16c67db5304}\rp6\a0001471.exe
;====================================================================
SUSPECTS
Sent Location
;====================================================================
No c:\system volume information\_restore{a80475b6-cf6d-4b3a-bd21-b16c67db5304}\rp7\a0001900.dll
No c:\windows\system32\msls51.dll
;====================================================================
VULNERABILITIES
Id Severity Description
;====================================================================
216839 HIGH MS10-001
215938 HIGH MS09-072
215935 HIGH MS09-069
215048 HIGH MS09-065
214076 HIGH MS09-059
971486 HIGH MS09-058
214074 HIGH MS09-057
214073 HIGH MS09-056
214072 HIGH MS09-055
214071 HIGH MS09-054
213109 HIGH MS09-046
212494 HIGH MS09-042
212493 HIGH MS09-041
212490 HIGH MS09-038
212530 HIGH MS09-034
211784 HIGH MS09-032
211781 HIGH MS09-029
210625 HIGH MS09-026
210624 HIGH MS09-025
210621 HIGH MS09-022
210618 HIGH MS09-019
208380 HIGH MS09-015
208379 HIGH MS09-014
208378 HIGH MS09-013
208377 HIGH MS09-012
206981 HIGH MS09-007
206980 HIGH MS09-006
205735 HIGH MS09-002
204670 HIGH MS09-001
203806 HIGH MS08-078
203508 HIGH MS08-073
203505 HIGH MS08-071
202465 HIGH MS08-068
201683 HIGH MS08-067
201258 HIGH MS08-066
201256 HIGH MS08-064
201255 HIGH MS08-063
201253 HIGH MS08-061
201250 HIGH MS08-058
209275 HIGH MS08-049
209273 HIGH MS08-045
196455 MEDIUM MS08-037
194862 HIGH MS08-032
194860 HIGH MS08-030
191618 HIGH MS08-025
191616 HIGH MS08-023
191614 HIGH MS08-021
191613 HIGH MS08-020
187733 HIGH MS08-008
184380 MEDIUM MS08-002
184379 MEDIUM MS08-001
182046 HIGH MS07-067
179553 HIGH MS07-061
176383 HIGH MS07-058
170911 HIGH MS07-050
170907 HIGH MS07-046
170904 HIGH MS07-043
164915 HIGH MS07-035
164911 HIGH MS07-031
157262 HIGH MS07-022
157261 HIGH MS07-021
157260 HIGH MS07-020
157259 HIGH MS07-019
156477 HIGH MS07-017
150249 HIGH MS07-013
150248 HIGH MS07-012
150247 HIGH MS07-011
150243 HIGH MS07-008
150242 HIGH MS07-007
150241 MEDIUM MS07-006
;====================================================================

evilfantasy · « **Reply #16 on:** February 18, 2010, 11:54:26 AM »

Download OTM by OldTimer to your desktop.

Note: If you are using Vista or Windows 7, right-click on OTM.exe and choose Run As Administrator.

* Save it to your Desktop.
* Double-click OTM.exe to run it.
* Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy)

Code: [Select]

:Processes
explorer.exe

:services

:reg

:files
c:\windows\system32\msls50.dll
c:\windows\system32\msls51.dll

:Commands
[resethosts]
[purity]
[start explorer]
[Reboot]

* Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
* Click the red Moveit! button.
* Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.

* Close OTM

Note: If a file or folder cannot be moved immediately you may be asked to reboot your computer in order to finish the move process. If asked to reboot, choose Yes. If not, reboot anyway.

KayleyBug · « **Reply #17 on:** February 18, 2010, 12:27:50 PM »

I did as instructed, however I couldn't get the results as it rebooted immediately after it finished.
After the re-boot as I kept getting this warning:

userinit.exe - Unable to Locate Component

This application has failed to start because msls51.dll was not found. Re-installing the application may fix this problem.

Now only the desktop background is visible, I can open task manager but that's all, there's no toolbar or desktop icons or anything.

evilfantasy · « **Reply #18 on:** February 18, 2010, 12:53:04 PM »

Manually shut down the computer and then start it again.

KayleyBug · « **Reply #19 on:** February 18, 2010, 12:58:31 PM »

Done. It's still the same, giving the same warning constantly. The background is the only thing there. I can open task manager and that's it.

evilfantasy · « **Reply #20 on:** February 18, 2010, 01:43:43 PM »

Restart the computer. This time as it is loading up tap the F8 key until you get to the boot menu.

Choose Last Known Good Configuration.

Let me know how that goes.

KayleyBug · « **Reply #21 on:** February 18, 2010, 01:52:13 PM »

Didn't go well, it's still the same, same warning about msls51.dll not found.

evilfantasy · « **Reply #22 on:** February 18, 2010, 02:25:09 PM »

Do you have your desktop back?

KayleyBug · « **Reply #23 on:** February 18, 2010, 02:26:19 PM »

Nothing there at all except the background picture. No desktop icons, toolbar, nothing.

evilfantasy · « **Reply #24 on:** February 18, 2010, 02:35:47 PM »

On the Keyboard press (all at the same time) CTRL ALT Delete

When the Task Manager cones up go to File > New Task > then type in explorer.exe and click OK.

Did your desktop come up?

KayleyBug · « **Reply #25 on:** February 18, 2010, 02:38:44 PM »

Explorer appeared briefly in the 'Applications' box of Tast Manager, with writing saying 'unable to locate component', then it dissapeared. My desktop did not come up.
The msls51.dll box came up about 5 more times in the process.

evilfantasy · « **Reply #26 on:** February 18, 2010, 02:46:03 PM »

On the Keyboard press (all at the same time) CTRL ALT Delete

When the Task Manager cones up go to File > New Task > then type in rstrui.exe and click OK.

Do you get the System restore window?

KayleyBug · « **Reply #27 on:** February 18, 2010, 02:48:39 PM »

'Windows cannot find 'rstrui.exe'. Make sure you typed the name correctly, and then try again.'

That's what happens each time I try.

evilfantasy · « **Reply #28 on:** February 18, 2010, 02:50:03 PM »

Do you have your XP CD?

KayleyBug · « **Reply #29 on:** February 18, 2010, 02:53:36 PM »

No, it already had XP installed when I got it (over 3 years ago) and did not come with a backup XP disc.

evilfantasy · « **Reply #30 on:** February 18, 2010, 02:58:34 PM »

I am baffled as to what happened here.

Try booting the computer into safe mode using the F8 method and see if it get's to the desktop.

KayleyBug · « **Reply #31 on:** February 18, 2010, 03:07:45 PM »

The box still keeps coming up -

Explorer.EXE - unable to locate component
This applications has failed to start because msls51.dll was not found. Re-installing the application may fix this problem.

There's a red circle with a white X on the left side of the box that resembles the one the virus put in my task bar at the very start, telling me to install anti-virus.

Now the screen is completely black with Safe Mode written in each corner and "Microsoft (R) Windows XP (R) (Build 2600.xpsp.051011-1528: Service Pack 2)" written at the top.

evilfantasy · « **Reply #32 on:** February 18, 2010, 03:32:07 PM »

msls51.dll is a malicious file.

Can you get explorer or rstrui.exe to run in Safe Mode using the Task Manager?

KayleyBug · « **Reply #33 on:** February 18, 2010, 03:34:52 PM »

Explorer and system restore won't work in Safe Mode either, it's the exact same results as when it was in Normal Mode, which is weird because I thought things were meant to just work when in Safe Mode.

evilfantasy · « **Reply #34 on:** February 18, 2010, 03:39:25 PM »

Can you burn a CD?

On a good computer, download Windows Recovery Console: http://www.thecomputerparamedic.com/files/rc.iso

Next, download, and install free Imgburn: http://www.imgburn.com/index.php?act=download

Using Imgburn, burn rc.iso to a CD.

Put the CD in the infected computer and boot to the CD...let it finish loading.

When the "Welcome to Setup" screen appears, press R to start the Recovery Console.

Follow steps 3 - 14 as described here - http://www.geekstogo.com/forum/Fake-Security-Centre-Alerts-virus-malware-t266741.html&st=15&p=1753604#entry1753604

KayleyBug · « **Reply #35 on:** February 18, 2010, 04:18:06 PM »

I've made the CD and put it in my infected laptop, however I'm having trouble with the 'boot to the CD step'.
Do you mean that I should restart and instead of pressing f8 for Safe Mode I should press f9 for Boot service menu? Or the other option is f10 which is ROM based setup.

In Safe Mode and Normal Mode the CD doesn't do anything so I guess I need to do either the f9 or f10 option.

If it's any help my laptop is a HP compaq nx6325.

evilfantasy · « **Reply #36 on:** February 18, 2010, 04:21:12 PM »

Quote

Do you mean that I should restart and instead of pressing f8 for Safe Mode I should press f9 for Boot service menu? Or the other option is f10 which is ROM based setup.

It will be the F9 or F10 option. You should see the CD that you have in the drive to boot to. If it isn't listed, when the computer first starts to boot, in the lower left screen you should see which key to press to get to the boot menu.

KayleyBug · « **Reply #37 on:** February 18, 2010, 04:42:33 PM »

I've reached step 9 where I am supposed to enter the promt 'cd system~1\_resto~1' but when I try and type the ~ symbol on my UK keyboard a | comes up so I suppose it's set to US style.

The key next to the 1 key, which consists of `and ¬ will make a ~ that is higher up than the one in the prompt/the one I've just demonstrated, would that still work? I've tried every other button and this is the closest it'll get.

evilfantasy · « **Reply #38 on:** February 18, 2010, 05:00:55 PM »

Try this.

cd system32\_restore

KayleyBug · « **Reply #39 on:** February 18, 2010, 05:03:57 PM »

I tried it with the weird high up ~ and it said access is denied so I followed the steps on the site, however after re-booting access was still denied.
I tried cd system32\_restore but it says the system cannot find the file or directory specified.

KayleyBug · « **Reply #40 on:** February 18, 2010, 05:42:15 PM »

Hate to bump myself, but I finally got it to work (just kept doing it over and over, it decided to work eventually) and according to the site, once you type dir
'When you hit enter it will list all the restore points folders like "rp1", "rp2"
well I don't see anything like that, I have a huge huge list (pages and pages) that starts out saying things like

07/11/06 07:29a d--h-c-- 0 $NtUnistallKB873333$

it goes on like this for a while, and nearer the end there are a couple of pages that are more vaired, like:

02/19/10 12:58a -a------ 216 wiadebug.log
08/07/04 01:01p -arh---- 749 WindowsShell.manifest

evilfantasy · « **Reply #41 on:** February 18, 2010, 07:27:18 PM »

I'm not sure that's what you need.

When you were booting up with the CD was there an option to boot to the D drive which should be your recovery partition?

KayleyBug · « **Reply #42 on:** February 19, 2010, 04:13:48 AM »

Ok, well it was worth a try

Yes, I can enter D:\MiniNT if I press 2 instead of 1, I just assumed I needed the C drive because that's what the link you gave was explaining about. The prompt now say says D:\MiniNT>

Let me know what I need to type in after the prompt, as the link you gave is for C drive prompts. Thanks for being so patient with me

evilfantasy · « **Reply #43 on:** February 19, 2010, 08:18:32 AM »

You are going to loose all of your documents and stuff by doing this so be sure there is nothing you need to recover before trying this.

Instructions here. http://www.laptops-drivers.com/miscellaneous/step-by-step-how-to-recover-hp-or-compaq-laptop.html

KayleyBug · « **Reply #44 on:** February 19, 2010, 08:22:07 AM »

Should I do destructive or non-destructive recovery? The link gives instructions for both options.

evilfantasy · « **Reply #45 on:** February 19, 2010, 08:27:33 AM »

Try the non-destructive recovery first.

KayleyBug · « **Reply #46 on:** February 19, 2010, 08:42:15 AM »

F10 doesn't have the same options as the link you gave me said it should, but when starting up my laptop it says Press F11 for Emergency Recovery, should I do that?
Do I need the CD we burned last night for this, or is that not necessary?

evilfantasy · « **Reply #47 on:** February 19, 2010, 08:44:31 AM »

You shouldn't need the CD and use the Emergency Recovery.

KayleyBug · « **Reply #48 on:** February 19, 2010, 08:52:12 AM »

Emergency Recovery just re-starts the computer. I don't see any options under F10 that seem to be for recovery. The only thing I can think of is to use the CD from last night and chose the 'set up Windows XP option', or take it to a computer repair place and ask them to recover it or wipe it for me?

evilfantasy · « **Reply #49 on:** February 19, 2010, 08:54:23 AM »

F10 might be different for your computer. Whatever you used to get to the boot menu.

Do you have a friend you can borrow an install CD from.

KayleyBug · « **Reply #50 on:** February 19, 2010, 09:10:57 AM »

I think if I go to F10 and select File - Restore Defaults it'll do it? Wipe everything clean?
But if I need an XP install CD to complete to process there's not much point, my laptop didn't come with one and everyone I can think of who might have a CD will only have Vista.

MODIFIED: I can't find any way to restore factory settings using F9, F10 or F11.

KayleyBug · « **Reply #51 on:** February 19, 2010, 10:27:54 AM »

Using Task Manager and going to 'New Task' and then 'Browse' I seem to be able to browse through my folders, including C drive. I managed to access System Restore (despite many boxes coming up telling me things like 'wininit.exe - unable to locate component' etc) but the ONLY restore point was for yesterday, when I still had this problem. All my other restore points have vanished.

Is there a way to access 'restory factory settings' this way? F11 is definitely supposed to be emergency recovery and should restore factory settings however nothing happens when I press F11 except that the computer re-boots.

Malawarebytes is the ONLY thing I've managed to open without any error boxs appearing, which seems odd. I'll run it but I can't post the results log obviously.

evilfantasy · « **Reply #52 on:** February 19, 2010, 12:39:04 PM »

Try tapping the esc key and see if it brings up the boot options.

KayleyBug · « **Reply #53 on:** February 19, 2010, 01:14:40 PM »

It's ok my boyfriend tried running sfc /scannow and explorer.exe started without any errors but I don't know yet how permanent it will be.

One thing that is wrong is the theme is the windows classic theme and that is the only available option whereas before I had the choice of Windows XP, Windows classic and Green.

I've created a restore point now so at least I have that to go back to. What should I do next?

evilfantasy · « **Reply #54 on:** February 19, 2010, 01:16:45 PM »

Quote from: KayleyBug on February 19, 2010, 01:14:40 PM

What should I do next?

Go to Microsoft Windows Update and get all critical updates. There will probably be a bunch.

KayleyBug · « **Reply #55 on:** February 19, 2010, 01:29:04 PM »

Critical updates installed. Still no proper XP theme, it all still looks like classic Windows. Should I install Service Pack 3 off the Microsoft site? (I have service pack 2 currently.)

evilfantasy · « **Reply #56 on:** February 19, 2010, 01:45:15 PM »

You may need to go into your settings and adjust the theme.

Yes get SP3.

KayleyBug · « **Reply #57 on:** February 19, 2010, 02:14:39 PM »

The theme's dissapeared, classic is the only option. SP3 is slowly installing, I'll just download a new theme once everything else is sorted. After SP3 has installed what do you want me to do? Hopefully the desktop will still be there after re-booting!

KayleyBug · « **Reply #58 on:** February 19, 2010, 03:47:12 PM »

SP3 has installed, XP theme is back

Should I turn on Automatic Updates or just update periodically when I decide?

Let me know what you want me to do next.

evilfantasy · « **Reply #59 on:** February 19, 2010, 03:57:00 PM »

I would turn on Automatic Updates.

Run a virus scan.

KayleyBug · « **Reply #60 on:** February 19, 2010, 06:04:55 PM »

I ran a Malwarebytes full scan and it found 0 problems.

New problem: my internet's decided to stop working on my laptop. It's connected, apparently, but says 'limited or no connectivity' and the internet icon at the bottom has an exclamation mark next to it as opposed to a check mark or an X which are the two things it normally uses. Could this be down to SP3? Obviously my internet in general is fine as I'm using the same wireless modem on this laptop.

One thing after another, eh!

Using a USB I got the log from Malwarebytes' scan, in case you need to take a look at that

Malwarebytes' Anti-Malware 1.44
Database version: 3510
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

20/02/2010 00:42:05
mbam-log-2010-02-20 (00-42-05).txt

Scan type: Full Scan (C:\|E:\|)
Objects scanned: 223060
Time elapsed: 1 hour(s), 21 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

evilfantasy · « **Reply #61 on:** February 19, 2010, 06:08:01 PM »

Make sure you have all web browsers closed.

* Go into Control Panel > Network Connections
* Right click on your connection then and click Properties
* On the Properties page, highlight Internet Protocol(TCP/IP)
* Click Properties, this will bring up another page.
* Select Obtain DNS Server Automatically
* Click the OK button. The page will close.
* Press OK on the page in front of you.
* Restart the computer.

Any changes?

KayleyBug · « **Reply #62 on:** February 19, 2010, 06:18:25 PM »

The Obtain DNS Server Automatically option was already selected.
Restarted my laptop anyway - no change except the internet icon at the bottom looks like it's connected, instead of having an exclamation mark, but the internet still doesn't work.

I've also noticed that my laptop takes much longer to start up the desktop after updating to SP3 - all the desktop icons take a long time to show up, is that because I now have so many due to all the anti-virus programs and log files on there?

It could be a while before my next reply as it's 1.17am here and I have work in the morning.
Let me know what needs doing and I'll try and sort it tomorrow.
Thanks again for all your help so far

evilfantasy · « **Reply #63 on:** February 19, 2010, 06:20:52 PM »

No problem. I'll be around tomorrow.

Go Start > Run (Start search in Vista) and type in: cmd

Click OK (in Vista, while holding CTRL, and SHIFT, press Enter).

In the Command Prompt window type in following commands, and press Enter after each one:

Code: [Select]

ipconfig /flushdns

Code: [Select]

ipconfig /registerdns

Code: [Select]

ipconfig /release

Code: [Select]

ipconfig /renew
Note the space before the forward slash /

Restart your computer.

Any luck?

If not I would take a few minutes and call your ISP to see if they can reset it on their end.

KayleyBug · « **Reply #64 on:** February 20, 2010, 03:59:34 AM »

No luck with that sadly. I'm not sure if AOL can help as it's more a problem with my laptop than the internet in general, as 2 other laptops and the computer in my house are managing to connect. So far (using my hit-and-miss Googling skills) I've discovered that one person had the same problem and resolved it by:
uninstalling and reinstalling Client Services by going into Local Area Connection Properties.

One website suggests letting Windows manage my Wireless network adapter by:
1. Click Start - Run and type “services.msc” and press enter.

2. Scroll down to locate “Wireless Zero Configuration”

3. Right-click and select “Start”

Lastly AOL's website suggested Zone Alarm might be blocking it, which I hadn't thought to check.

Once I'm home from work I'll try at least the Zone Alarm option, but I'd rather have your opinion before I start messing around with everything else

KayleyBug · « **Reply #65 on:** February 20, 2010, 11:33:15 AM »

Success! I did a system restore to before I updated to SP3 and now I have my XP theme back (which I didn't have before I installed SP3 so that's weird but cool) and now internet works

My computer's still a little slower than before at loading the desktop, it's just the background pic for a bit and then it flickers to black and then back to the picture, and that's when the icons finally appear.
The Start bar loads straight away though. Is this because I have about 30 desktop icons now, as opposed to the 5 I had before installing everything to it?

evilfantasy · « **Reply #66 on:** February 20, 2010, 02:37:48 PM »

You should run a Malwarebytes scan and see if it turns up anything.

KayleyBug · « **Reply #67 on:** February 20, 2010, 04:27:10 PM »

Malwarebytes' Anti-Malware 1.44
Database version: 3510
Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.13

20/02/2010 23:24:56
mbam-log-2010-02-20 (23-24-56).txt

Scan type: Quick Scan
Objects scanned: 124335
Time elapsed: 7 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

I think I might try de-fragmenting my laptop on Sunday, haven't done that in well over a year so that's probably slowing things down a bit.
Can you recommend a good, user-friendly firewall? I've got ZoneAlarm but I'm not a fan of it, and I know Windows firewall isn't very good on XP.

evilfantasy · « **Reply #68 on:** February 20, 2010, 04:30:00 PM »

Getting rid of ZoneAlarm is probably a good idea. I've never liked it much.

Try this. Online Armor. Be sure to completely uninstall ZA before installing OA.

You can use the built in Windows defrag by clicking Start > Run and then type in dfrg.msc then click OK. Or use a faster FREE program. Defraggler is very effective and easy to use.

Important! Be sure to uncheck Install optional Yahoo! Toolbar during the install process to avoid installing the Yahoo! Toolbar.

Note: Be sure to clean out temp files (run CCleaner) and restart the computer just before beginning a defrag.

KayleyBug · « **Reply #69 on:** February 20, 2010, 04:31:22 PM »

Thanks

Does this mean my laptop is all clear?

evilfantasy · « **Reply #70 on:** February 20, 2010, 04:32:56 PM »

You can post a new HijackThis log for a double check.

KayleyBug · « **Reply #71 on:** February 20, 2010, 04:35:04 PM »

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:35:08, on 20/02/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HPQ\IAM\bin\asghost.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\WINDOWS\UMStor\Res.EXE
C:\Program Files\Multi-Direction Opitcal Mouse\Multi-Direction Opitcal Mouse\2.0\ACQTMAPP.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\IFXSPMGT.exe
C:\WINDOWS\system32\IFXTCS.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\ProtectTools\Embedded Security Software\PSDsrvc.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ProtectTools\Embedded Security Software\PSDrt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\sniper.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;*.local
O1 - Hosts: ÿþ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [LXCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\WINDOWS\UMStor\Res.EXE
O4 - HKLM\..\Run: [ACQTMOUSE] "C:\Program Files\Multi-Direction Opitcal Mouse\Multi-Direction Opitcal Mouse\2.0\ACQTMAPP.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [trayServer] C:\Program Files\MAGIX\Movie_Edit_Pro_15_Download_version\TrayServer.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Kbdgui] rundll32.exe "C:\Documents and Settings\Administrator\Application Data\Adobe\Update\traykbd.dat""
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0a\aoltray.exe
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/mjss/MJSS.cab109791.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by117fd.bay117.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: OneCard - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\WINDOWS\system32\IFXSPMGT.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\WINDOWS\system32\IFXTCS.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxcf_device - - C:\WINDOWS\system32\lxcfcoms.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Program Files\ProtectTools\Embedded Security Software\PSDsrvc.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 11311 bytes

evilfantasy · « **Reply #72 on:** February 20, 2010, 04:48:00 PM »

Quote

Checking: Platform: Windows XP SP2 (WinNT 5.01.2600)

You should get SP3 ASAP. There are many security related updates as well as stability improvements included with SP3.

Something is wrong here. Looks like your HOSTS file is messed up. Might be contributing to your connection issues. Looks like there is indeed an infection also.

If you are going to remove Zone Alarm go ahead and do it now so it does not interfere with the fixes. Wait until we are done to install Online Armour.

Open HijackThis and select Do a system scan only

Place a check mark next to the following entries: (if there)

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;*.local
O1 - Hosts: ÿþ127.0.0.1 localhost
O1 - Hosts: ::1 localhost

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O4 - HKCU\..\Run: [Kbdgui] rundll32.exe \"C:\Documents and Settings\Administrator\Application Data\Adobe\Update\traykbd.dat\"\"

.
Important: Close all open windows except for HijackThis and then click Fix checked.

Once completed, exit HijackThis.

----------

Download HostsXpert and then follow the below steps.

* Unzip HostXpert to your desktop.
* Open up the HostsXpert program.
* (Vista and Windows 7 users right click HostsXpert and choose Run as Administrator)
* Make sure that the "Make Hosts Writable?" button in the upper left corner is enabled (unlocked).
* Click Create Back Up.
* Then click on Restore Microsoft's Host Files.
* Close the HostsXpert program.

Note: if you use SpywareBlaster, Spybot and/or IE-SPYAD, it will be necessary to re-install the protection they afford. For SpywareBlaster, run the program and select Enable all protection. For Spybot run the program and select Immunize. For IE-SPYAD, run the batch file and reinstall the protection.

----------

If you already have ComboFix be sure to delete it and download a new copy.

Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.

Link #1
Link #2

**Note: It is important that it is saved directly to your Desktop

Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Double click combofix.exe & follow the prompts.
Vista users Right-Click on ComboFix.exe and select Run as administrator (you will receive a UAC prompt, please allow it)
When finished ComboFix will produce a log for you.
Post the ComboFix log in your next reply.

Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.

If you have problems with ComboFix usage, see How to use ComboFix

KayleyBug · « **Reply #73 on:** February 20, 2010, 04:55:06 PM »

Can I do all these things before installing SP3?
Installing SP3 is what messed up my internet connection the first time so I want to get all this sorted first if possible, there's no way SP3 will undo these instructions is there? If I install it after?

evilfantasy · « **Reply #74 on:** February 20, 2010, 05:10:38 PM »

Yes it's best to wait until we get done before going to SP3.

KayleyBug · « **Reply #75 on:** February 20, 2010, 05:34:28 PM »

Here's the combofix log.

If it's of any importance, I've noticed that suddenly, each time my computer starts up, a shortcut to Internet Explorer appears on my desktop.
I always delete the shortcut as I use Firefox, but then the next time I start up my laptop, there it is again on the desktop!

ComboFix 10-02-20.03 - Kayley E R 21/02/2010 0:15.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.895.394 [GMT 0:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\ADMINI~1\LOCALS~1\Temp\21303429133.nls
c:\documents and settings\Administrator\Local Settings\temp\21303429133.nls

.
((((((((((((((((((((((((( Files Created from 2010-01-21 to 2010-02-21 )))))))))))))))))))))))))))))))
.

2010-02-20 18:24 . 2010-02-20 18:24   --------   d-----w-   c:\windows\system32\wbem\Repository
2010-02-19 22:30 . 2010-02-19 22:30   --------   d-----w-   c:\windows\system32\scripting
2010-02-19 22:30 . 2010-02-19 22:30   --------   d-----w-   c:\windows\l2schemas
2010-02-19 22:27 . 2010-02-19 22:31   --------   d-----w-   c:\windows\ServicePackFiles
2010-02-19 18:30 . 2004-08-04 00:56   116224   ----a-w-   c:\windows\system32\dllcache\xrxwiadr.dll
2010-02-19 18:30 . 2001-08-17 22:36   23040   ----a-w-   c:\windows\system32\dllcache\xrxwbtmp.dll
2010-02-19 18:30 . 2001-08-17 22:36   17408   ----a-w-   c:\windows\system32\dllcache\xrxscnui.dll
2010-02-19 18:30 . 2001-08-17 22:37   27648   ----a-w-   c:\windows\system32\dllcache\xrxftplt.exe
2010-02-19 18:30 . 2001-08-17 22:37   4608   ----a-w-   c:\windows\system32\dllcache\xrxflnch.exe
2010-02-19 18:29 . 2001-08-17 22:37   99865   ----a-w-   c:\windows\system32\dllcache\xlog.exe
2010-02-19 18:29 . 2001-08-17 12:11   16970   ----a-w-   c:\windows\system32\dllcache\xem336n5.sys
2010-02-19 18:29 . 2004-08-03 22:29   19455   ----a-w-   c:\windows\system32\dllcache\wvchntxx.sys
2010-02-19 18:29 . 2004-08-03 22:29   12063   ----a-w-   c:\windows\system32\dllcache\wsiintxx.sys
2010-02-19 18:29 . 2004-08-03 22:31   154624   ----a-w-   c:\windows\system32\dllcache\wlluc48.sys
2010-02-19 18:29 . 2001-08-17 12:12   34890   ----a-w-   c:\windows\system32\dllcache\wlandrv2.sys
2010-02-19 18:27 . 2001-08-17 12:13   19528   ----a-w-   c:\windows\system32\dllcache\w840nd.sys
2010-02-19 18:26 . 2001-08-17 13:28   793598   ----a-w-   c:\windows\system32\dllcache\usr1806.sys
2010-02-19 18:25 . 2001-08-17 22:36   216064   ----a-w-   c:\windows\system32\dllcache\um34scan.dll
2010-02-19 18:24 . 2001-08-17 14:02   230912   ----a-w-   c:\windows\system32\dllcache\tosdvd03.sys
2010-02-19 18:23 . 2001-08-17 14:07   32640   ----a-w-   c:\windows\system32\dllcache\symc8xx.sys
2010-02-19 18:22 . 2001-08-17 12:11   48736   ----a-w-   c:\windows\system32\dllcache\srwlnd5.sys
2010-02-19 18:21 . 2004-08-04 13:00   40448   ----a-w-   c:\windows\system32\dllcache\snmpthrd.dll
2010-02-19 18:20 . 2001-08-17 12:12   91294   ----a-w-   c:\windows\system32\dllcache\skfpwin.sys
2010-02-19 18:19 . 2001-07-21 14:29   161568   ----a-w-   c:\windows\system32\dllcache\sgsmusb.sys
2010-02-19 18:18 . 2001-08-17 13:51   23936   ----a-w-   c:\windows\system32\dllcache\sccmn50m.sys
2010-02-19 18:17 . 2004-08-04 13:00   79872   ----a-w-   c:\windows\system32\dllcache\rwia330.dll
2010-02-19 18:16 . 2001-08-17 13:28   899146   ----a-w-   c:\windows\system32\dllcache\r2mdkxga.sys
2010-02-19 18:15 . 2001-08-17 13:51   16128   ----a-w-   c:\windows\system32\dllcache\pscr.sys
2010-02-19 18:14 . 2001-08-17 22:36   86016   ----a-w-   c:\windows\system32\dllcache\pctspk.exe
2010-02-19 18:13 . 2001-08-17 14:05   48000   ----a-w-   c:\windows\system32\dllcache\ovcam2.sys
2010-02-19 18:12 . 2001-08-17 12:20   87040   ----a-w-   c:\windows\system32\dllcache\nm6wdm.sys
2010-02-19 18:12 . 2001-08-17 12:20   126080   ----a-w-   c:\windows\system32\dllcache\nm5a2wdm.sys
2010-02-19 18:12 . 2004-08-04 13:00   53248   ----a-w-   c:\windows\system32\dllcache\nextlink.dll
2010-02-19 18:12 . 2001-08-17 12:12   32840   ----a-w-   c:\windows\system32\dllcache\ngrpci.sys
2010-02-19 18:12 . 2004-08-03 22:31   132695   ----a-w-   c:\windows\system32\dllcache\netwlan5.sys
2010-02-19 18:12 . 2001-08-17 12:11   65278   ----a-w-   c:\windows\system32\dllcache\netflx3.sys
2010-02-19 18:12 . 2001-08-17 12:50   39264   ----a-w-   c:\windows\system32\dllcache\neo20xx.sys
2010-02-19 18:12 . 2001-08-17 22:36   60480   ----a-w-   c:\windows\system32\dllcache\neo20xx.dll
2010-02-19 18:12 . 2001-08-17 13:49   15872   ----a-w-   c:\windows\system32\dllcache\ne2000.sys
2010-02-19 18:11 . 2001-08-17 14:56   91488   ----a-w-   c:\windows\system32\dllcache\n9i3disp.dll
2010-02-19 18:11 . 2001-08-17 12:50   27936   ----a-w-   c:\windows\system32\dllcache\n9i3d.sys
2010-02-19 18:11 . 2001-08-17 12:50   33088   ----a-w-   c:\windows\system32\dllcache\n9i128v2.sys
2010-02-19 18:11 . 2001-08-17 22:36   59104   ----a-w-   c:\windows\system32\dllcache\n9i128v2.dll
2010-02-19 18:11 . 2001-08-17 12:50   13664   ----a-w-   c:\windows\system32\dllcache\n9i128.sys
2010-02-19 18:11 . 2001-08-17 14:56   35392   ----a-w-   c:\windows\system32\dllcache\n9i128.dll
2010-02-19 18:11 . 2001-08-17 12:11   128000   ----a-w-   c:\windows\system32\dllcache\n100325.sys
2010-02-19 18:09 . 2001-08-17 14:02   35200   ----a-w-   c:\windows\system32\dllcache\msgame.sys
2010-02-19 18:08 . 2001-08-17 22:36   47616   ----a-w-   c:\windows\system32\dllcache\memgrp.dll
2010-02-19 18:07 . 2001-08-17 12:12   20573   ----a-w-   c:\windows\system32\dllcache\lne100.sys
2010-02-19 18:06 . 2001-08-17 12:12   45632   ----a-w-   c:\windows\system32\dllcache\ip5515.sys
2010-02-19 18:05 . 2001-08-17 22:36   26624   ----a-w-   c:\windows\system32\dllcache\icam3ext.dll
2010-02-19 18:04 . 2001-08-17 13:28   488383   ----a-w-   c:\windows\system32\dllcache\hsf_v124.sys
2010-02-19 18:03 . 2001-08-17 22:36   31232   ----a-w-   c:\windows\system32\dllcache\hpgt42tk.dll
2010-02-19 18:02 . 2001-08-17 12:49   320384   ----a-w-   c:\windows\system32\dllcache\g200m.sys
2010-02-19 18:01 . 2001-08-17 12:12   16074   ----a-w-   c:\windows\system32\dllcache\fa312nd5.sys
2010-02-19 18:00 . 2001-08-17 12:19   283904   ----a-w-   c:\windows\system32\dllcache\emu10k1m.sys
2010-02-19 17:59 . 2001-08-17 12:11   29696   ----a-w-   c:\windows\system32\dllcache\dm9pci5.sys
2010-02-19 17:58 . 2001-08-17 13:52   14720   ----a-w-   c:\windows\system32\dllcache\dac960nt.sys
2010-02-19 17:57 . 2004-08-04 13:00   15872   ----a-w-   c:\windows\system32\dllcache\chgport.exe
2010-02-19 17:56 . 2001-08-17 13:51   13824   ----a-w-   c:\windows\system32\dllcache\bulltlp3.sys
2010-02-19 17:55 . 2004-08-03 22:29   104960   ----a-w-   c:\windows\system32\dllcache\atinrvxx.sys
2010-02-19 17:54 . 2004-08-03 22:32   231552   ----a-w-   c:\windows\system32\dllcache\ac97ali.sys
2010-02-19 17:53 . 2003-03-24 16:52   49210   ----a-w-   c:\windows\system32\dllcache\fp4areg.dll
2010-02-19 17:53 . 2003-03-24 16:52   147513   ----a-w-   c:\windows\system32\dllcache\fp4apws.dll
2010-02-19 17:53 . 2003-03-24 16:52   102509   ----a-w-   c:\windows\system32\dllcache\fp4atxt.dll
2010-02-19 17:53 . 2004-05-13 00:39   184435   ----a-w-   c:\windows\system32\dllcache\fp4amsft.dll
2010-02-19 17:53 . 2003-03-24 16:52   82035   ----a-w-   c:\windows\system32\dllcache\fp4anscp.dll
2010-02-19 17:53 . 2004-08-04 13:00   46592   ----a-w-   c:\windows\system32\dllcache\coadmin.dll
2010-02-19 17:53 . 2003-03-24 16:52   188480   ----a-w-   c:\windows\system32\dllcache\cfgwiz.exe
2010-02-19 17:53 . 2003-03-24 16:52   20540   ----a-w-   c:\windows\system32\dllcache\author.dll
2010-02-19 17:53 . 2003-03-24 16:52   16439   ----a-w-   c:\windows\system32\dllcache\author.exe
2010-02-19 17:53 . 2004-08-04 13:00   43520   ----a-w-   c:\windows\system32\dllcache\admwprox.dll
2010-02-19 17:53 . 2004-08-04 13:00   290816   ----a-w-   c:\windows\system32\dllcache\adsiis51.dll
2010-02-19 17:53 . 2003-03-24 16:52   16439   ----a-w-   c:\windows\system32\dllcache\admin.exe
2010-02-19 17:53 . 2003-03-24 16:52   20540   ----a-w-   c:\windows\system32\dllcache\admin.dll
2010-02-18 19:18 . 2010-02-18 19:18   --------   d-----w-   C:\_OTM
2010-02-18 01:43 . 2009-06-30 09:37   28552   ----a-w-   c:\windows\system32\drivers\pavboot.sys
2010-02-18 01:43 . 2010-02-18 01:43   --------   d-----w-   c:\program files\Panda Security
2010-02-18 01:09 . 2010-02-18 01:09   --------   d-----w-   c:\program files\ESET
2010-02-15 23:25 . 2010-02-15 23:25   --------   d-----w-   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-02-15 23:25 . 2010-02-15 23:25   --------   d-----w-   c:\program files\SUPERAntiSpyware
2010-02-15 23:25 . 2010-02-15 23:25   --------   d-----w-   c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2010-02-15 22:38 . 2010-02-15 22:38   --------   d-----w-   c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-02-15 22:37 . 2010-01-07 16:07   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-15 22:37 . 2010-02-15 22:37   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
2010-02-15 22:37 . 2010-01-07 16:07   19160   ----a-w-   c:\windows\system32\drivers\mbam.sys
2010-02-15 22:37 . 2010-02-15 22:38   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2010-02-15 22:23 . 2010-02-15 22:23   --------   d-----w-   c:\program files\Trend Micro
2010-02-15 19:28 . 2010-02-15 19:28   552   ----a-w-   c:\windows\system32\d3d8caps.dat
2010-02-15 18:13 . 2010-02-15 18:13   --------   d-----w-   c:\documents and settings\Administrator\Application Data\AVG8

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-19 22:36 . 2004-08-07 13:12   91799   ----a-w-   c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-02-19 17:42 . 2009-08-09 14:42   0   ----a-w-   c:\documents and settings\Administrator\Local Settings\Application Data\prvlcl.dat
2010-02-16 00:16 . 2009-05-17 14:44   --------   d-----w-   c:\program files\Xvid
2010-02-16 00:16 . 2007-12-03 15:32   --------   d-----w-   c:\program files\USB Disk Win98 Driver
2010-02-16 00:16 . 2006-07-11 06:12   --------   d-----w-   c:\program files\Windows Media Connect
2010-02-15 23:26 . 2010-02-15 23:26   52224   ----a-w-   c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-02-15 23:26 . 2010-02-15 23:26   117760   ----a-w-   c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-02-15 23:24 . 2010-01-17 12:44   --------   d-----w-   c:\program files\Common Files\Wise Installation Wizard
2010-02-15 23:13 . 2008-10-05 14:53   --------   d-----w-   c:\documents and settings\All Users\Application Data\rspgjclg
2010-02-10 14:52 . 2007-01-09 11:46   --------   d-----w-   c:\program files\Lx_cats
2010-01-17 12:46 . 2010-01-17 12:46   4   --sh--r-   c:\documents and settings\All Users\Application Data\sysqcl1129139270.dat
2010-01-14 11:12 . 2009-10-04 16:01   181120   ------w-   c:\windows\system32\MpSigStub.exe
2010-01-09 19:53 . 2008-07-31 11:38   --------   d-----w-   c:\program files\Windows Live Safety Center
2009-05-01 21:02 . 2009-05-01 21:02   1044480   ----a-w-   c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02   200704   ----a-w-   c:\program files\mozilla firefox\plugins\ssldivx.dll
.

------- Sigcheck -------

[7] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ndis.sys
[7] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\ndis.sys
[-] 2006-01-10 . AA898F84D2B59129FB92E143A2C73434 . 182528 . . [5.1.2600.2824] . . c:\windows\$NtServicePackUninstall$\ndis.sys
[-] 2006-01-10 . AA898F84D2B59129FB92E143A2C73434 . 182528 . . [5.1.2600.2824] . . c:\windows\ERDNT\cache\ndis.sys
[-] 2006-01-10 . AA898F84D2B59129FB92E143A2C73434 . 182528 . . [5.1.2600.2824] . . c:\windows\system32\dllcache\ndis.sys
[-] 2006-01-10 . AA898F84D2B59129FB92E143A2C73434 . 182528 . . [5.1.2600.2824] . . c:\windows\system32\drivers\ndis.sys
[7] 2004-08-04 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB912436$\ndis.sys

[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\tcpip.sys
[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\ERDNT\cache\tcpip.sys
[-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\system32\drivers\tcpip.sys
[-] 2006-01-13 . 5562CC0A47B2AEF06D3417B733F3C195 . 360448 . . [5.1.2600.2827] . . c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[-] 2006-01-13 . 583E063FDC888CA30D05C2724B0D7EF4 . 359808 . . [5.1.2600.2827] . . c:\windows\$NtUninstallKB917953$\tcpip.sys
[-] 2005-05-25 . 63FDFEA54EB53DE2D863EE454937CE1E . 359936 . . [5.1.2600.2685] . . c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[-] 2005-05-25 . 88763A98A4C26C409741B4AA162720C9 . 359808 . . [5.1.2600.2685] . . c:\windows\$NtUninstallKB913446$\tcpip.sys
[7] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893066$\tcpip.sys

[7] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\netman.dll
[7] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\netman.dll
[-] 2005-08-22 . 36739B39267914BA69AD0610A0299732 . 197632 . . [5.1.2600.2743] . . c:\windows\$NtServicePackUninstall$\netman.dll
[-] 2005-08-22 . 36739B39267914BA69AD0610A0299732 . 197632 . . [5.1.2600.2743] . . c:\windows\ERDNT\cache\netman.dll
[-] 2005-08-22 . 36739B39267914BA69AD0610A0299732 . 197632 . . [5.1.2600.2743] . . c:\windows\system32\netman.dll
[-] 2005-08-22 . 36739B39267914BA69AD0610A0299732 . 197632 . . [5.1.2600.2743] . . c:\windows\system32\dllcache\netman.dll
[-] 2005-08-22 . 3516D8A18B36784B1005B950B84232E1 . 197632 . . [5.1.2600.2743] . . c:\windows\$hf_mig$\KB905414\SP2QFE\netman.dll
[7] 2004-08-04 . DAB9E6C7105D2EF49876FE92C524F565 . 198144 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB905414$\netman.dll

[7] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\rpcss.dll
[7] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\rpcss.dll
[-] 2005-07-26 . CE94A2BD25E3E9F4D46A7373FF455C6D . 397824 . . [5.1.2600.2726] . . c:\windows\$NtServicePackUninstall$\rpcss.dll
[-] 2005-07-26 . CE94A2BD25E3E9F4D46A7373FF455C6D . 397824 . . [5.1.2600.2726] . . c:\windows\ERDNT\cache\rpcss.dll
[-] 2005-07-26 . CE94A2BD25E3E9F4D46A7373FF455C6D . 397824 . . [5.1.2600.2726] . . c:\windows\system32\rpcss.dll
[-] 2005-07-26 . CE94A2BD25E3E9F4D46A7373FF455C6D . 397824 . . [5.1.2600.2726] . . c:\windows\system32\dllcache\rpcss.dll
[-] 2005-07-26 . C369DF215D352B6F3A0B8C3469AA34F8 . 398336 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2QFE\rpcss.dll
[-] 2005-04-28 . DA383FB39A6F1C445F3AFC94B3EB1248 . 396288 . . [5.1.2600.2665] . . c:\windows\$hf_mig$\KB894391\SP2QFE\rpcss.dll
[-] 2005-04-28 . C8061F289E000703E7672916B7FE1571 . 395776 . . [5.1.2600.2665] . . c:\windows\$NtUninstallKB902400$\rpcss.dll
[-] 2005-01-14 . 419899803CA479B73B02390318C787C0 . 395776 . . [5.1.2600.2595] . . c:\windows\$NtUninstallKB894391$\rpcss.dll
[-] 2005-01-14 . 94456045BEB4545B5EBE1DCC85951AFA . 395776 . . [5.1.2600.2595] . . c:\windows\$hf_mig$\KB873333\SP2QFE\rpcss.dll
[7] 2004-08-04 . 5C83A4408604F737717AB96371201680 . 395776 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB873333$\rpcss.dll

[7] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\spoolsv.exe
[7] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\spoolsv.exe
[-] 2005-06-11 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\$NtServicePackUninstall$\spoolsv.exe
[-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\ERDNT\cache\spoolsv.exe
[-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\system32\spoolsv.exe
[-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\system32\dllcache\spoolsv.exe
[7] 2004-08-04 . 7435B108B935E42EA92CA94F59C8E717 . 57856 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB896423$\spoolsv.exe

[7] 2008-04-14 . BD38D1EBE24A46BD3EDA059560AFBA12 . 1054208 . . [6.0] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\asms\60\msft\windows\common\controls\comctl32.dll
[7] 2008-04-14 . BD38D1EBE24A46BD3EDA059560AFBA12 . 1054208 . . [6.0] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\asms\60\msft\windows\common\controls\comctl32.dll
[7] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\comctl32.dll
[7] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\comctl32.dll
[-] 2006-08-25 . B0124CB21D28B1C9F678B566B6B57D92 . 617472 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll
[-] 2006-08-25 . B0124CB21D28B1C9F678B566B6B57D92 . 617472 . . [5.82] . . c:\windows\ERDNT\cache\comctl32.dll
[-] 2006-08-25 . B0124CB21D28B1C9F678B566B6B57D92 . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2006-08-25 . B0124CB21D28B1C9F678B566B6B57D92 . 617472 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll
[7] 2004-08-04 . A77DFB85FAEE49D66C74DA6024EBC69B . 611328 . . [5.82] . . c:\windows\$NtUninstallKB923191$\comctl32.dll

[-] 2008-07-07 20:32 . 60D1A6342238378BFB7545C81EE3606C . 253952 . . [2001.12.4414.320] . . c:\windows\SoftwareDistribution\Download\8cac00e8efc87d728c0261686f85c975\sp2gdr\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\SoftwareDistribution\Download\8cac00e8efc87d728c0261686f85c975\sp3gdr\es.dll
[-] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows\SoftwareDistribution\Download\8cac00e8efc87d728c0261686f85c975\sp3qfe\es.dll
[-] 2008-07-07 20:06 . A4AB3DCA4A383F0DF4988ABDEB84F9A4 . 253952 . . [2001.12.4414.320] . . c:\windows\SoftwareDistribution\Download\8cac00e8efc87d728c0261686f85c975\sp2qfe\es.dll
[7] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\es.dll
[7] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\es.dll
[-] 2005-07-26 04:39 . 34BBD9ACC1538818F2C878898C64E793 . 243200 . . [2001.12.4414.308] . . c:\windows\$NtServicePackUninstall$\es.dll
[-] 2005-07-26 04:39 . 34BBD9ACC1538818F2C878898C64E793 . 243200 . . [2001.12.4414.308] . . c:\windows\ERDNT\cache\es.dll
[-] 2005-07-26 04:39 . 34BBD9ACC1538818F2C878898C64E793 . 243200 . . [2001.12.4414.308] . . c:\windows\system32\es.dll
[-] 2005-07-26 04:39 . 34BBD9ACC1538818F2C878898C64E793 . 243200 . . [2001.12.4414.308] . . c:\windows\system32\dllcache\es.dll
[-] 2005-07-26 04:20 . 95F5FEA4C6DE2C3F28784D0DCC8F0DD3 . 243200 . . [2001.12.4414.308] . . c:\windows\$hf_mig$\KB902400\SP2QFE\es.dll
[7] 2004-08-04 08:00 . ACD36A2DD7D1E9D8A060AA651DC07E63 . 243200 . . [2001.12.4414.258] . . c:\windows\$NtUninstallKB902400$\es.dll

[7] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\kernel32.dll
[7] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\kernel32.dll
[-] 2006-07-05 . 0FDD84928A5DDE2510761B7EC76CCEC9 . 985088 . . [5.1.2600.2945] . . c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll
[-] 2006-07-05 . D8DB5397DE07577C1CB50BA6D23B3AD4 . 984064 . . [5.1.2600.2945] . . c:\windows\$NtServicePackUninstall$\kernel32.dll
[-] 2006-07-05 . D8DB5397DE07577C1CB50BA6D23B3AD4 . 984064 . . [5.1.2600.2945] . . c:\windows\ERDNT\cache\kernel32.dll
[-] 2006-07-05 . D8DB5397DE07577C1CB50BA6D23B3AD4 . 984064 . . [5.1.2600.2945] . . c:\windows\SoftwareDistribution\Download\fc75a45b73372bd0c2a61e3a51d766ff\backup\sp2gdr\kernel32.dll
[-] 2006-07-05 . D8DB5397DE07577C1CB50BA6D23B3AD4 . 984064 . . [5.1.2600.2945] . . c:\windows\SoftwareDistribution\Download\fc75a45b73372bd0c2a61e3a51d766ff\backup\sp2qfe\kernel32.dll
[-] 2006-07-05 . D8DB5397DE07577C1CB50BA6D23B3AD4 . 984064 . . [5.1.2600.2945] . . c:\windows\system32\kernel32.dll
[-] 2006-07-05 . D8DB5397DE07577C1CB50BA6D23B3AD4 . 984064 . . [5.1.2600.2945] . . c:\windows\system32\dllcache\kernel32.dll
[7] 2004-08-04 . 888190E31455FAD793312F8D087146EB . 983552 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB917422$\kernel32.dll

[7] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\linkinfo.dll
[7] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\linkinfo.dll
[-] 2005-09-01 . 648BF0B4DDE4F7A1156DAE7174D36EFA . 19968 . . [5.1.2600.2751] . . c:\windows\$hf_mig$\KB900725\SP2QFE\linkinfo.dll
[-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . . c:\windows\$NtServicePackUninstall$\linkinfo.dll
[-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . . c:\windows\ERDNT\cache\linkinfo.dll
[-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . . c:\windows\system32\linkinfo.dll
[-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . . c:\windows\system32\dllcache\linkinfo.dll
[7] 2004-08-04 . C2BBD044C741EA4292016C36F718D2E4 . 18944 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB900725$\linkinfo.dll

[-] 2008-08-14 . 31914172342BFF330063F343AC6958FE . 2189184 . . [5.1.2600.5657] . . c:\windows\SoftwareDistribution\Download\e76b316b6389286fbb342d033e63f1ba\SP3QFE\ntoskrnl.exe
[-] 2008-08-14 . EEAF32F8E15A24F62BECB1BD403BB5C5 . 2189184 . . [5.1.2600.5657] . . c:\windows\SoftwareDistribution\Download\e76b316b6389286fbb342d033e63f1ba\SP3GDR\ntoskrnl.exe
[-] 2008-08-14 . 21C91DA9CB53AA8A37041BA9684A8458 . 2180352 . . [5.1.2600.3427] . . c:\windows\SoftwareDistribution\Download\e76b316b6389286fbb342d033e63f1ba\SP2GDR\ntoskrnl.exe
[-] 2008-08-14 . CE69DBD54221F2D40E49FF6DB77C6507 . 2185984 . . [5.1.2600.3427] . . c:\windows\SoftwareDistribution\Download\e76b316b6389286fbb342d033e63f1ba\SP2QFE\ntoskrnl.exe
[7] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ntoskrnl.exe
[7] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\ntoskrnl.exe
[-] 2005-10-12 . 7B69EA89C7B9966BF552A070D97C5013 . 2180096 . . [5.1.2600.2774] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2005-10-12 . 7B69EA89C7B9966BF552A070D97C5013 . 2180096 . . [5.1.2600.2774] . . c:\windows\system32\dllcache\ntoskrnl.exe
[-] 2005-10-12 . C5290E302241594B668A378D89FD903E . 2136064 . . [5.1.2600.2774] . . c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
[-] 2005-10-12 . C5290E302241594B668A378D89FD903E . 2136064 . . [5.1.2600.2774] . . c:\windows\ERDNT\cache\ntoskrnl.exe
[-] 2005-10-12 . C5290E302241594B668A378D89FD903E . 2136064 . . [5.1.2600.2774] . . c:\windows\system32\ntoskrnl.exe
[-] 2005-09-29 . 25C36DBC46E8EFF2A811769A60715AC5 . 2136064 . . [5.1.2600.2765] . . c:\windows\$NtUninstallKB909095$\ntoskrnl.exe
[-] 2005-03-02 . 28187802B7C368C0D3AEF7D4C382AABB . 2179456 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[7] 2004-08-04 . 626309040459C3915997EF98EC1C8D40 . 2148352 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB896256$\ntoskrnl.exe

[7] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\tapisrv.dll
[7] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\tapisrv.dll
[-] 2005-07-08 . 1418A3A6E76E5A2E3F5E43866E793A8B . 249344 . . [5.1.2600.2716] . . c:\windows\$hf_mig$\KB893756\SP2QFE\tapisrv.dll
[-] 2005-07-08 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716] . . c:\windows\$NtServicePackUninstall$\tapisrv.dll
[-] 2005-07-08 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716] . . c:\windows\ERDNT\cache\tapisrv.dll
[-] 2005-07-08 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716] . . c:\windows\system32\tapisrv.dll
[-] 2005-07-08 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716] . . c:\windows\system32\dllcache\tapisrv.dll
[7] 2004-08-04 . EB4A4187D74A8EFDCBEA3EA2CB1BDFBD . 246272 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893756$\tapisrv.dll

[7] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\user32.dll
[7] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\user32.dll
[-] 2005-03-02 . 1800F293BCCC8EDE8A70E12B88D80036 . 577024 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2005-03-02 . DE2DB164BBB35DB061AF0997E4499054 . 577024 . . [5.1.2600.2622] . . c:\windows\$NtServicePackUninstall$\user32.dll
[-] 2005-03-02 . DE2DB164BBB35DB061AF0997E4499054 . 577024 . . [5.1.2600.2622] . . c:\windows\ERDNT\cache\user32.dll
[-] 2005-03-02 . DE2DB164BBB35DB061AF0997E4499054 . 577024 . . [5.1.2600.2622] . . c:\windows\system32\user32.dll
[-] 2005-03-02 . DE2DB164BBB35DB061AF0997E4499054 . 577024 . . [5.1.2600.2622] . . c:\windows\system32\dllcache\user32.dll
[7] 2004-08-04 . C72661F8552ACE7C5C85E16A3CF505C4 . 577024 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\user32.dll

[7] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\srsvc.dll
[7] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\srsvc.dll
[-] 2004-11-17 . 902CF9595F640E53F33C0F1637F464F9 . 171008 . . [5.1.2600.2567] . . c:\windows\$NtServicePackUninstall$\srsvc.dll
[-] 2004-11-17 . 902CF9595F640E53F33C0F1637F464F9 . 171008 . . [5.1.2600.2567] . . c:\windows\ERDNT\cache\srsvc.dll
[-] 2004-11-17 . 902CF9595F640E53F33C0F1637F464F9 . 171008 . . [5.1.2600.2567] . . c:\windows\system32\srsvc.dll
[-] 2004-11-17 . 902CF9595F640E53F33C0F1637F464F9 . 171008 . . [5.1.2600.2567] . . c:\windows\system32\dllcache\srsvc.dll
[7] 2004-08-04 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB888402$\srsvc.dll

[7] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\aec.sys
[7] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\aec.sys
[-] 2006-02-15 00:30 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$hf_mig$\KB900485\SP2QFE\aec.sys
[-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$NtServicePackUninstall$\aec.sys
[-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\Driver Cache\i386\aec.sys
[-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\ERDNT\cache\aec.sys
[-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\system32\dllcache\aec.sys
[-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\system32\drivers\aec.sys
[7] 2004-08-04 05:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\$NtUninstallKB900485$\aec.sys

[7] 2008-04-14 00:11 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\mfc40u.dll
[7] 2008-04-14 00:11 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\mfc40u.dll
[-] 2004-08-04 08:00 . DDF8D47ACF8FC3FE5F7F2B95C4D4D136 . 924432 . . [4.1.6140] . . c:\windows\$NtServicePackUninstall$\mfc40u.dll
[-] 2004-08-04 08:00 . DDF8D47ACF8FC3FE5F7F2B95C4D4D136 . 924432 . . [4.1.6140] . . c:\windows\ERDNT\cache\mfc40u.dll
[-] 2004-08-04 08:00 . DDF8D47ACF8FC3FE5F7F2B95C4D4D136 . 924432 . . [4.1.6140] . . c:\windows\system32\mfc40u.dll
[-] 2004-08-04 08:00 . DDF8D47ACF8FC3FE5F7F2B95C4D4D136 . 924432 . . [4.1.6140] . . c:\windows\system32\dllcache\mfc40u.dll

[-] 2008-08-14 . A25E9B86EFFB2AF33BF51E676B68BFB0 . 2066048 . . [5.1.2600.5657] . . c:\windows\SoftwareDistribution\Download\e76b316b6389286fbb342d033e63f1ba\SP3QFE\ntkrnlpa.exe
[-] 2008-08-14 . 4AC58F03EB94A72809949D757FC39D80 . 2066048 . . [5.1.2600.5657] . . c:\windows\SoftwareDistribution\Download\e76b316b6389286fbb342d033e63f1ba\SP3GDR\ntkrnlpa.exe
[-] 2008-08-14 . BA002228743B6824D87F0551DBC86D45 . 2057728 . . [5.1.2600.3427] . . c:\windows\SoftwareDistribution\Download\e76b316b6389286fbb342d033e63f1ba\SP2GDR\ntkrnlpa.exe
[-] 2008-08-14 . 63EC865DFF6CCFC7BEF94B5C50297CAD . 2062976 . . [5.1.2600.3427] . . c:\windows\SoftwareDistribution\Download\e76b316b6389286fbb342d033e63f1ba\SP2QFE\ntkrnlpa.exe
[7] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ntkrnlpa.exe
[7] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\ntkrnlpa.exe
[-] 2005-10-11 . 0C691ECAD81707D3A7797512AC932C62 . 2015232 . . [5.1.2600.2774] . . c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
[-] 2005-10-11 . DDBFA4EAE9251712F20193DD47B361BD . 2057344 . . [5.1.2600.2774] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2005-10-11 . 0C691ECAD81707D3A7797512AC932C62 . 2015232 . . [5.1.2600.2774] . . c:\windows\ERDNT\cache\ntkrnlpa.exe
[-] 2005-10-11 . 0C691ECAD81707D3A7797512AC932C62 . 2015232 . . [5.1.2600.2774] . . c:\windows\system32\ntkrnlpa.exe
[-] 2005-10-11 . DDBFA4EAE9251712F20193DD47B361BD . 2057344 . . [5.1.2600.2774] . . c:\windows\system32\dllcache\ntkrnlpa.exe
[-] 2005-09-28 . 48472D224E1703882B4DE0E28E205E9B . 2015744 . . [5.1.2600.2765] . . c:\windows\$NtUninstallKB909095$\ntkrnlpa.exe
[-] 2005-03-02 . D8ABA3EAB509627E707A3B14F00FBB6B . 2056832 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
[7] 2004-08-04 . FB142B7007CA2EEA76966C6C5CC12150 . 2015232 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB896256$\ntkrnlpa.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
"Kbdgui"="c:\documents and settings\Administrator\Application Data\Adobe\Update\traykbd.dat" [2010-02-16 123392]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2006-03-31 184320]
"LXCFCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll" [2005-07-20 73728]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-03-28 593920]
"USB Storage Toolbox"="c:\windows\UMStor\Res.EXE" [2005-09-14 65536]
"ACQTMOUSE"="c:\program files\Multi-Direction Opitcal Mouse\Multi-Direction Opitcal Mouse\2.0\ACQTMAPP.exe" [2006-12-27 489984]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-03-28 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-04-01 1932568]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"TrayServer"="c:\program files\MAGIX\Movie_Edit_Pro_15_Download_version\TrayServer.exe" [2008-11-13 90112]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-04 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
AOL 9.0 Tray Icon.lnk - c:\program files\AOL 9.0a\aoltray.exe [2007-2-4 156784]
DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2006-10-4 184320]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-04-01 11:34   10520   ----a-w-   c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IfxWlxEN]
2006-03-03 15:08   434176   ----a-w-   c:\windows\system32\IfxWlxEN.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2005-07-25 18:41   40960   ----a-w-   c:\program files\HPQ\IAM\Bin\AsWlnPkg.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\WINDOWS\\SMINST\\Scheduler.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"c:\\Program Files\\AOL\\RC\\regClient.exe"=
"c:\\Program Files\\AOL 9.0a\\waol.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [18/02/2010 01:43 28552]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [01/04/2009 11:34 325640]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [01/04/2009 11:34 108552]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [29/11/2005 16:56 36768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [05/01/2010 07:56 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [05/01/2010 07:56 74480]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [04/08/2004 08:00 14336]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [01/04/2009 11:33 298264]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 18:19 13592]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [21/10/2005 11:19 36352]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [16/05/2009 15:03 1527900]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [05/01/2010 07:56 7408]
S3 z520bus;Sony Ericsson 520 driver (WDM);c:\windows\system32\drivers\z520bus.sys [26/07/2005 10:13 57648]
S3 z520mdfl;Sony Ericsson 520 USB WMC Modem Filter;c:\windows\system32\drivers\z520mdfl.sys [26/09/2007 13:34 8336]
S3 z520mdm;Sony Ericsson 520 USB WMC Modem Drivers;c:\windows\system32\drivers\z520mdm.sys [26/09/2007 13:34 93488]
S3 z520mgmt;Sony Ericsson 520 USB WMC Device Management Drivers;c:\windows\system32\drivers\z520mgmt.sys [26/09/2007 13:35 84928]
S3 z520obex;Sony Ericsson 520 USB WMC OBEX Interface Drivers;c:\windows\system32\drivers\z520obex.sys [26/09/2007 13:34 82864]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance   REG_MULTI_SZ     ASChannel
.
Contents of the 'Scheduled Tasks' folder

2010-02-21 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.hp.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/
uInternet Settings,ProxyServer = 127.0.0.1:8080
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dlbu8v23.default\
FF - plugin: c:\program files\Common Files\ParallelGraphics\Cortona\npCortona.dll
.
- - - - ORPHANS REMOVED - - - -

AddRemove-HijackThis - c:\program files\Trend Micro\HijackThis\HijackThis.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-21 00:25
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCFCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16?

?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(896)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
c:\program files\HPQ\IAM\Bin\AsWlnPkg.dll
c:\windows\system32\IfxWlxEN.dll
c:\program files\HPQ\IAM\Bin\ASChnl.dll
c:\program files\HPQ\IAM\Bin\ItMsg.dll

- - - - - - - > 'explorer.exe'(3616)
c:\program files\HPQ\IAM\Bin\SFSShell.dll
c:\program files\HPQ\IAM\bin\ItMsg.dll
c:\windows\system32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\DllHost.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\HPQ\IAM\bin\asghost.exe
c:\windows\system32\msdtc.exe
c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\IFXSPMGT.exe
c:\windows\system32\IFXTCS.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\ProtectTools\Embedded Security Software\PSDsrvc.EXE
c:\windows\system32\wdfmgr.exe
c:\windows\system32\mqsvc.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\mqtgsvc.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\ProtectTools\Embedded Security Software\PSDrt.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\Teleca Shared\Generic.exe
c:\program files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
.
**************************************************************************
.
Completion time: 2010-02-21 00:31:18 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-21 00:31
ComboFix2.txt 2010-02-18 00:47

Pre-Run: 17,715,023,872 bytes free
Post-Run: 17,701,199,872 bytes free

- - End Of File - - CF665D58AC6EB237F728909C10C7FEB3

evilfantasy · « **Reply #76 on:** February 20, 2010, 05:42:04 PM »

Please go to Jotti's malware scan
(If more than one file needs scanned they must be done separately and logs posted for each one)

* Copy the file path in the below Code box:

Code: [Select]

c:\documents and settings\Administrator\Application Data\Adobe\Update\traykbd.dat* At the upload site, click once inside the window next to Browse.
* Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.
* Next click Submit file
* Your file will possibly be entered into a queue which normally takes less than a minute to clear.
* This will perform a scan across multiple different virus scanning engines.
* Important: Wait for all of the scanning engines to complete.
* Once the scan is finished, Copy and then Paste the link in the address bar into your next reply.

evilfantasy · « **Reply #77 on:** February 20, 2010, 05:43:42 PM »

Also do you use any Norton software?

Quote

FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

KayleyBug · « **Reply #78 on:** February 20, 2010, 05:48:25 PM »

No I'm not using any Norton software, I don't think I ever have on this laptop.
(Jotti's malware scan in progress)

KayleyBug · « **Reply #79 on:** February 20, 2010, 05:54:40 PM »

http://virusscan.jotti.org/en-gb/scanresult/fe6a9175644fc67b8bb3c3cf22614ddea05e1c44

Looks like VBA32 found SSCope.Trojan.Agent.084 $:-\$

Checked my add or remove programs, I definitely don't have Norton.

evilfantasy · « **Reply #80 on:** February 20, 2010, 05:57:43 PM »

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code: [Select]

KillAll::

SecCenter::
{990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kbdgui"=-

3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!

ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze

KayleyBug · « **Reply #81 on:** February 20, 2010, 06:17:26 PM »

After re-booting, the IE icon was back on my desktop and IE had made itself the default brower, even though it was definitely set to Firefox before the re-boot! Is this anything to be concerned about?

ComboFix 10-02-20.03 - Kayley E R 21/02/2010 1:01.4.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.895.375 [GMT 0:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2010-01-21 to 2010-02-21 )))))))))))))))))))))))))))))))
.

2010-02-20 18:24 . 2010-02-20 18:24   --------   d-----w-   c:\windows\system32\wbem\Repository
2010-02-19 22:30 . 2010-02-19 22:30   --------   d-----w-   c:\windows\system32\scripting
2010-02-19 22:30 . 2010-02-19 22:30   --------   d-----w-   c:\windows\l2schemas
2010-02-19 22:27 . 2010-02-19 22:31   --------   d-----w-   c:\windows\ServicePackFiles
2010-02-19 18:30 . 2004-08-04 00:56   116224   ----a-w-   c:\windows\system32\dllcache\xrxwiadr.dll
2010-02-19 18:30 . 2001-08-17 22:36   23040   ----a-w-   c:\windows\system32\dllcache\xrxwbtmp.dll
2010-02-19 18:30 . 2001-08-17 22:36   17408   ----a-w-   c:\windows\system32\dllcache\xrxscnui.dll
2010-02-19 18:30 . 2001-08-17 22:37   27648   ----a-w-   c:\windows\system32\dllcache\xrxftplt.exe
2010-02-19 18:30 . 2001-08-17 22:37   4608   ----a-w-   c:\windows\system32\dllcache\xrxflnch.exe
2010-02-19 18:29 . 2001-08-17 22:37   99865   ----a-w-   c:\windows\system32\dllcache\xlog.exe
2010-02-19 18:29 . 2001-08-17 12:11   16970   ----a-w-   c:\windows\system32\dllcache\xem336n5.sys
2010-02-19 18:29 . 2004-08-03 22:29   19455   ----a-w-   c:\windows\system32\dllcache\wvchntxx.sys
2010-02-19 18:29 . 2004-08-03 22:29   12063   ----a-w-   c:\windows\system32\dllcache\wsiintxx.sys
2010-02-19 18:29 . 2004-08-03 22:31   154624   ----a-w-   c:\windows\system32\dllcache\wlluc48.sys
2010-02-19 18:29 . 2001-08-17 12:12   34890   ----a-w-   c:\windows\system32\dllcache\wlandrv2.sys
2010-02-19 18:27 . 2001-08-17 12:13   19528   ----a-w-   c:\windows\system32\dllcache\w840nd.sys
2010-02-19 18:26 . 2001-08-17 13:28   793598   ----a-w-   c:\windows\system32\dllcache\usr1806.sys
2010-02-19 18:25 . 2001-08-17 22:36   216064   ----a-w-   c:\windows\system32\dllcache\um34scan.dll
2010-02-19 18:24 . 2001-08-17 14:02   230912   ----a-w-   c:\windows\system32\dllcache\tosdvd03.sys
2010-02-19 18:23 . 2001-08-17 14:07   32640   ----a-w-   c:\windows\system32\dllcache\symc8xx.sys
2010-02-19 18:22 . 2001-08-17 12:11   48736   ----a-w-   c:\windows\system32\dllcache\srwlnd5.sys
2010-02-19 18:21 . 2004-08-04 13:00   40448   ----a-w-   c:\windows\system32\dllcache\snmpthrd.dll
2010-02-19 18:20 . 2001-08-17 12:12   91294   ----a-w-   c:\windows\system32\dllcache\skfpwin.sys
2010-02-19 18:19 . 2001-07-21 14:29   161568   ----a-w-   c:\windows\system32\dllcache\sgsmusb.sys
2010-02-19 18:18 . 2001-08-17 13:51   23936   ----a-w-   c:\windows\system32\dllcache\sccmn50m.sys
2010-02-19 18:17 . 2004-08-04 13:00   79872   ----a-w-   c:\windows\system32\dllcache\rwia330.dll
2010-02-19 18:16 . 2001-08-17 13:28   899146   ----a-w-   c:\windows\system32\dllcache\r2mdkxga.sys
2010-02-19 18:15 . 2001-08-17 13:51   16128   ----a-w-   c:\windows\system32\dllcache\pscr.sys
2010-02-19 18:14 . 2001-08-17 22:36   86016   ----a-w-   c:\windows\system32\dllcache\pctspk.exe
2010-02-19 18:13 . 2001-08-17 14:05   48000   ----a-w-   c:\windows\system32\dllcache\ovcam2.sys
2010-02-19 18:12 . 2001-08-17 12:20   87040   ----a-w-   c:\windows\system32\dllcache\nm6wdm.sys
2010-02-19 18:12 . 2001-08-17 12:20   126080   ----a-w-   c:\windows\system32\dllcache\nm5a2wdm.sys
2010-02-19 18:12 . 2004-08-04 13:00   53248   ----a-w-   c:\windows\system32\dllcache\nextlink.dll
2010-02-19 18:12 . 2001-08-17 12:12   32840   ----a-w-   c:\windows\system32\dllcache\ngrpci.sys
2010-02-19 18:12 . 2004-08-03 22:31   132695   ----a-w-   c:\windows\system32\dllcache\netwlan5.sys
2010-02-19 18:12 . 2001-08-17 12:11   65278   ----a-w-   c:\windows\system32\dllcache\netflx3.sys
2010-02-19 18:12 . 2001-08-17 12:50   39264   ----a-w-   c:\windows\system32\dllcache\neo20xx.sys
2010-02-19 18:12 . 2001-08-17 22:36   60480   ----a-w-   c:\windows\system32\dllcache\neo20xx.dll
2010-02-19 18:12 . 2001-08-17 13:49   15872   ----a-w-   c:\windows\system32\dllcache\ne2000.sys
2010-02-19 18:11 . 2001-08-17 14:56   91488   ----a-w-   c:\windows\system32\dllcache\n9i3disp.dll
2010-02-19 18:11 . 2001-08-17 12:50   27936   ----a-w-   c:\windows\system32\dllcache\n9i3d.sys
2010-02-19 18:11 . 2001-08-17 12:50   33088   ----a-w-   c:\windows\system32\dllcache\n9i128v2.sys
2010-02-19 18:11 . 2001-08-17 22:36   59104   ----a-w-   c:\windows\system32\dllcache\n9i128v2.dll
2010-02-19 18:11 . 2001-08-17 12:50   13664   ----a-w-   c:\windows\system32\dllcache\n9i128.sys
2010-02-19 18:11 . 2001-08-17 14:56   35392   ----a-w-   c:\windows\system32\dllcache\n9i128.dll
2010-02-19 18:11 . 2001-08-17 12:11   128000   ----a-w-   c:\windows\system32\dllcache\n100325.sys
2010-02-19 18:09 . 2001-08-17 14:02   35200   ----a-w-   c:\windows\system32\dllcache\msgame.sys
2010-02-19 18:08 . 2001-08-17 22:36   47616   ----a-w-   c:\windows\system32\dllcache\memgrp.dll
2010-02-19 18:07 . 2001-08-17 12:12   20573   ----a-w-   c:\windows\system32\dllcache\lne100.sys
2010-02-19 18:06 . 2001-08-17 12:12   45632   ----a-w-   c:\windows\system32\dllcache\ip5515.sys
2010-02-19 18:05 . 2001-08-17 22:36   26624   ----a-w-   c:\windows\system32\dllcache\icam3ext.dll
2010-02-19 18:04 . 2001-08-17 13:28   488383   ----a-w-   c:\windows\system32\dllcache\hsf_v124.sys
2010-02-19 18:03 . 2001-08-17 22:36   31232   ----a-w-   c:\windows\system32\dllcache\hpgt42tk.dll
2010-02-19 18:02 . 2001-08-17 12:49   320384   ----a-w-   c:\windows\system32\dllcache\g200m.sys
2010-02-19 18:01 . 2001-08-17 12:12   16074   ----a-w-   c:\windows\system32\dllcache\fa312nd5.sys
2010-02-19 18:00 . 2001-08-17 12:19   283904   ----a-w-   c:\windows\system32\dllcache\emu10k1m.sys
2010-02-19 17:59 . 2001-08-17 12:11   29696   ----a-w-   c:\windows\system32\dllcache\dm9pci5.sys
2010-02-19 17:58 . 2001-08-17 13:52   14720   ----a-w-   c:\windows\system32\dllcache\dac960nt.sys
2010-02-19 17:57 . 2004-08-04 13:00   15872   ----a-w-   c:\windows\system32\dllcache\chgport.exe
2010-02-19 17:56 . 2001-08-17 13:51   13824   ----a-w-   c:\windows\system32\dllcache\bulltlp3.sys
2010-02-19 17:55 . 2004-08-03 22:29   104960   ----a-w-   c:\windows\system32\dllcache\atinrvxx.sys
2010-02-19 17:54 . 2004-08-03 22:32   231552   ----a-w-   c:\windows\system32\dllcache\ac97ali.sys
2010-02-19 17:53 . 2003-03-24 16:52   49210   ----a-w-   c:\windows\system32\dllcache\fp4areg.dll
2010-02-19 17:53 . 2003-03-24 16:52   147513   ----a-w-   c:\windows\system32\dllcache\fp4apws.dll
2010-02-19 17:53 . 2003-03-24 16:52   102509   ----a-w-   c:\windows\system32\dllcache\fp4atxt.dll
2010-02-19 17:53 . 2004-05-13 00:39   184435   ----a-w-   c:\windows\system32\dllcache\fp4amsft.dll
2010-02-19 17:53 . 2003-03-24 16:52   82035   ----a-w-   c:\windows\system32\dllcache\fp4anscp.dll
2010-02-19 17:53 . 2004-08-04 13:00   46592   ----a-w-   c:\windows\system32\dllcache\coadmin.dll
2010-02-19 17:53 . 2003-03-24 16:52   188480   ----a-w-   c:\windows\system32\dllcache\cfgwiz.exe
2010-02-19 17:53 . 2003-03-24 16:52   20540   ----a-w-   c:\windows\system32\dllcache\author.dll
2010-02-19 17:53 . 2003-03-24 16:52   16439   ----a-w-   c:\windows\system32\dllcache\author.exe
2010-02-19 17:53 . 2004-08-04 13:00   43520   ----a-w-   c:\windows\system32\dllcache\admwprox.dll
2010-02-19 17:53 . 2004-08-04 13:00   290816   ----a-w-   c:\windows\system32\dllcache\adsiis51.dll
2010-02-19 17:53 . 2003-03-24 16:52   16439   ----a-w-   c:\windows\system32\dllcache\admin.exe
2010-02-19 17:53 . 2003-03-24 16:52   20540   ----a-w-   c:\windows\system32\dllcache\admin.dll
2010-02-18 19:18 . 2010-02-18 19:18   --------   d-----w-   C:\_OTM
2010-02-18 01:43 . 2009-06-30 09:37   28552   ----a-w-   c:\windows\system32\drivers\pavboot.sys
2010-02-18 01:43 . 2010-02-18 01:43   --------   d-----w-   c:\program files\Panda Security
2010-02-18 01:09 . 2010-02-18 01:09   --------   d-----w-   c:\program files\ESET
2010-02-15 23:26 . 2010-02-15 23:26   52224   ----a-w-   c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-02-15 23:26 . 2010-02-15 23:26   117760   ----a-w-   c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-02-15 23:25 . 2010-02-15 23:25   --------   d-----w-   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-02-15 23:25 . 2010-02-15 23:25   --------   d-----w-   c:\program files\SUPERAntiSpyware
2010-02-15 23:25 . 2010-02-15 23:25   --------   d-----w-   c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2010-02-15 22:38 . 2010-02-15 22:38   --------   d-----w-   c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-02-15 22:37 . 2010-01-07 16:07   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-15 22:37 . 2010-02-15 22:37   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
2010-02-15 22:37 . 2010-01-07 16:07   19160   ----a-w-   c:\windows\system32\drivers\mbam.sys
2010-02-15 22:37 . 2010-02-15 22:38   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2010-02-15 22:23 . 2010-02-15 22:23   --------   d-----w-   c:\program files\Trend Micro
2010-02-15 19:28 . 2010-02-15 19:28   552   ----a-w-   c:\windows\system32\d3d8caps.dat
2010-02-15 18:13 . 2010-02-15 18:13   --------   d-----w-   c:\documents and settings\Administrator\Application Data\AVG8

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-19 22:36 . 2004-08-07 13:12   91799   ----a-w-   c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-02-19 17:42 . 2009-08-09 14:42   0   ----a-w-   c:\documents and settings\Administrator\Local Settings\Application Data\prvlcl.dat
2010-02-16 00:16 . 2009-05-17 14:44   --------   d-----w-   c:\program files\Xvid
2010-02-16 00:16 . 2007-12-03 15:32   --------   d-----w-   c:\program files\USB Disk Win98 Driver
2010-02-16 00:16 . 2006-07-11 06:12   --------   d-----w-   c:\program files\Windows Media Connect
2010-02-15 23:24 . 2010-01-17 12:44   --------   d-----w-   c:\program files\Common Files\Wise Installation Wizard
2010-02-15 23:13 . 2008-10-05 14:53   --------   d-----w-   c:\documents and settings\All Users\Application Data\rspgjclg
2010-02-10 14:52 . 2007-01-09 11:46   --------   d-----w-   c:\program files\Lx_cats
2010-01-17 12:46 . 2010-01-17 12:46   4   --sh--r-   c:\documents and settings\All Users\Application Data\sysqcl1129139270.dat
2010-01-14 11:12 . 2009-10-04 16:01   181120   ------w-   c:\windows\system32\MpSigStub.exe
2010-01-09 19:53 . 2008-07-31 11:38   --------   d-----w-   c:\program files\Windows Live Safety Center
2009-05-01 21:02 . 2009-05-01 21:02   1044480   ----a-w-   c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02   200704   ----a-w-   c:\program files\mozilla firefox\plugins\ssldivx.dll
.

------- Sigcheck -------

[7] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ndis.sys
[7] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\ndis.sys
[-] 2006-01-10 . AA898F84D2B59129FB92E143A2C73434 . 182528 . . [5.1.2600.2824] . . c:\windows\$NtServicePackUninstall$\ndis.sys
[-] 2006-01-10 . AA898F84D2B59129FB92E143A2C73434 . 182528 . . [5.1.2600.2824] . . c:\windows\ERDNT\cache\ndis.sys
[-] 2006-01-10 . AA898F84D2B59129FB92E143A2C73434 . 182528 . . [5.1.2600.2824] . . c:\windows\system32\dllcache\ndis.sys
[-] 2006-01-10 . AA898F84D2B59129FB92E143A2C73434 . 182528 . . [5.1.2600.2824] . . c:\windows\system32\drivers\ndis.sys
[7] 2004-08-04 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB912436$\ndis.sys

[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\tcpip.sys
[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\ERDNT\cache\tcpip.sys
[-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\system32\drivers\tcpip.sys
[-] 2006-01-13 . 5562CC0A47B2AEF06D3417B733F3C195 . 360448 . . [5.1.2600.2827] . . c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[-] 2006-01-13 . 583E063FDC888CA30D05C2724B0D7EF4 . 359808 . . [5.1.2600.2827] . . c:\windows\$NtUninstallKB917953$\tcpip.sys
[-] 2005-05-25 . 63FDFEA54EB53DE2D863EE454937CE1E . 359936 . . [5.1.2600.2685] . . c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[-] 2005-05-25 . 88763A98A4C26C409741B4AA162720C9 . 359808 . . [5.1.2600.2685] . . c:\windows\$NtUninstallKB913446$\tcpip.sys
[7] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893066$\tcpip.sys

[7] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\netman.dll
[7] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\netman.dll
[-] 2005-08-22 . 36739B39267914BA69AD0610A0299732 . 197632 . . [5.1.2600.2743] . . c:\windows\$NtServicePackUninstall$\netman.dll
[-] 2005-08-22 . 36739B39267914BA69AD0610A0299732 . 197632 . . [5.1.2600.2743] . . c:\windows\ERDNT\cache\netman.dll
[-] 2005-08-22 . 36739B39267914BA69AD0610A0299732 . 197632 . . [5.1.2600.2743] . . c:\windows\system32\netman.dll
[-] 2005-08-22 . 36739B39267914BA69AD0610A0299732 . 197632 . . [5.1.2600.2743] . . c:\windows\system32\dllcache\netman.dll
[-] 2005-08-22 . 3516D8A18B36784B1005B950B84232E1 . 197632 . . [5.1.2600.2743] . . c:\windows\$hf_mig$\KB905414\SP2QFE\netman.dll
[7] 2004-08-04 . DAB9E6C7105D2EF49876FE92C524F565 . 198144 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB905414$\netman.dll

[7] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\rpcss.dll
[7] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\rpcss.dll
[-] 2005-07-26 . CE94A2BD25E3E9F4D46A7373FF455C6D . 397824 . . [5.1.2600.2726] . . c:\windows\$NtServicePackUninstall$\rpcss.dll
[-] 2005-07-26 . CE94A2BD25E3E9F4D46A7373FF455C6D . 397824 . . [5.1.2600.2726] . . c:\windows\ERDNT\cache\rpcss.dll
[-] 2005-07-26 . CE94A2BD25E3E9F4D46A7373FF455C6D . 397824 . . [5.1.2600.2726] . . c:\windows\system32\rpcss.dll
[-] 2005-07-26 . CE94A2BD25E3E9F4D46A7373FF455C6D . 397824 . . [5.1.2600.2726] . . c:\windows\system32\dllcache\rpcss.dll
[-] 2005-07-26 . C369DF215D352B6F3A0B8C3469AA34F8 . 398336 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2QFE\rpcss.dll
[-] 2005-04-28 . DA383FB39A6F1C445F3AFC94B3EB1248 . 396288 . . [5.1.2600.2665] . . c:\windows\$hf_mig$\KB894391\SP2QFE\rpcss.dll
[-] 2005-04-28 . C8061F289E000703E7672916B7FE1571 . 395776 . . [5.1.2600.2665] . . c:\windows\$NtUninstallKB902400$\rpcss.dll
[-] 2005-01-14 . 419899803CA479B73B02390318C787C0 . 395776 . . [5.1.2600.2595] . . c:\windows\$NtUninstallKB894391$\rpcss.dll
[-] 2005-01-14 . 94456045BEB4545B5EBE1DCC85951AFA . 395776 . . [5.1.2600.2595] . . c:\windows\$hf_mig$\KB873333\SP2QFE\rpcss.dll
[7] 2004-08-04 . 5C83A4408604F737717AB96371201680 . 395776 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB873333$\rpcss.dll

[7] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\spoolsv.exe
[7] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\spoolsv.exe
[-] 2005-06-11 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\$NtServicePackUninstall$\spoolsv.exe
[-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\ERDNT\cache\spoolsv.exe
[-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\system32\spoolsv.exe
[-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\system32\dllcache\spoolsv.exe
[7] 2004-08-04 . 7435B108B935E42EA92CA94F59C8E717 . 57856 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB896423$\spoolsv.exe

[7] 2008-04-14 . BD38D1EBE24A46BD3EDA059560AFBA12 . 1054208 . . [6.0] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\asms\60\msft\windows\common\controls\comctl32.dll
[7] 2008-04-14 . BD38D1EBE24A46BD3EDA059560AFBA12 . 1054208 . . [6.0] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\asms\60\msft\windows\common\controls\comctl32.dll
[7] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\comctl32.dll
[7] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\comctl32.dll
[-] 2006-08-25 . B0124CB21D28B1C9F678B566B6B57D92 . 617472 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll
[-] 2006-08-25 . B0124CB21D28B1C9F678B566B6B57D92 . 617472 . . [5.82] . . c:\windows\ERDNT\cache\comctl32.dll
[-] 2006-08-25 . B0124CB21D28B1C9F678B566B6B57D92 . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2006-08-25 . B0124CB21D28B1C9F678B566B6B57D92 . 617472 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll
[7] 2004-08-04 . A77DFB85FAEE49D66C74DA6024EBC69B . 611328 . . [5.82] . . c:\windows\$NtUninstallKB923191$\comctl32.dll

[-] 2008-07-07 20:32 . 60D1A6342238378BFB7545C81EE3606C . 253952 . . [2001.12.4414.320] . . c:\windows\SoftwareDistribution\Download\8cac00e8efc87d728c0261686f85c975\sp2gdr\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\SoftwareDistribution\Download\8cac00e8efc87d728c0261686f85c975\sp3gdr\es.dll
[-] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows\SoftwareDistribution\Download\8cac00e8efc87d728c0261686f85c975\sp3qfe\es.dll
[-] 2008-07-07 20:06 . A4AB3DCA4A383F0DF4988ABDEB84F9A4 . 253952 . . [2001.12.4414.320] . . c:\windows\SoftwareDistribution\Download\8cac00e8efc87d728c0261686f85c975\sp2qfe\es.dll
[7] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\es.dll
[7] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\es.dll
[-] 2005-07-26 04:39 . 34BBD9ACC1538818F2C878898C64E793 . 243200 . . [2001.12.4414.308] . . c:\windows\$NtServicePackUninstall$\es.dll
[-] 2005-07-26 04:39 . 34BBD9ACC1538818F2C878898C64E793 . 243200 . . [2001.12.4414.308] . . c:\windows\ERDNT\cache\es.dll
[-] 2005-07-26 04:39 . 34BBD9ACC1538818F2C878898C64E793 . 243200 . . [2001.12.4414.308] . . c:\windows\system32\es.dll
[-] 2005-07-26 04:39 . 34BBD9ACC1538818F2C878898C64E793 . 243200 . . [2001.12.4414.308] . . c:\windows\system32\dllcache\es.dll
[-] 2005-07-26 04:20 . 95F5FEA4C6DE2C3F28784D0DCC8F0DD3 . 243200 . . [2001.12.4414.308] . . c:\windows\$hf_mig$\KB902400\SP2QFE\es.dll
[7] 2004-08-04 08:00 . ACD36A2DD7D1E9D8A060AA651DC07E63 . 243200 . . [2001.12.4414.258] . . c:\windows\$NtUninstallKB902400$\es.dll

[7] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\kernel32.dll
[7] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\kernel32.dll
[-] 2006-07-05 . 0FDD84928A5DDE2510761B7EC76CCEC9 . 985088 . . [5.1.2600.2945] . . c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll
[-] 2006-07-05 . D8DB5397DE07577C1CB50BA6D23B3AD4 . 984064 . . [5.1.2600.2945] . . c:\windows\$NtServicePackUninstall$\kernel32.dll
[-] 2006-07-05 . D8DB5397DE07577C1CB50BA6D23B3AD4 . 984064 . . [5.1.2600.2945] . . c:\windows\ERDNT\cache\kernel32.dll
[-] 2006-07-05 . D8DB5397DE07577C1CB50BA6D23B3AD4 . 984064 . . [5.1.2600.2945] . . c:\windows\SoftwareDistribution\Download\fc75a45b73372bd0c2a61e3a51d766ff\backup\sp2gdr\kernel32.dll
[-] 2006-07-05 . D8DB5397DE07577C1CB50BA6D23B3AD4 . 984064 . . [5.1.2600.2945] . . c:\windows\SoftwareDistribution\Download\fc75a45b73372bd0c2a61e3a51d766ff\backup\sp2qfe\kernel32.dll
[-] 2006-07-05 . D8DB5397DE07577C1CB50BA6D23B3AD4 . 984064 . . [5.1.2600.2945] . . c:\windows\system32\kernel32.dll
[-] 2006-07-05 . D8DB5397DE07577C1CB50BA6D23B3AD4 . 984064 . . [5.1.2600.2945] . . c:\windows\system32\dllcache\kernel32.dll
[7] 2004-08-04 . 888190E31455FAD793312F8D087146EB . 983552 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB917422$\kernel32.dll

[7] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\linkinfo.dll
[7] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\linkinfo.dll
[-] 2005-09-01 . 648BF0B4DDE4F7A1156DAE7174D36EFA . 19968 . . [5.1.2600.2751] . . c:\windows\$hf_mig$\KB900725\SP2QFE\linkinfo.dll
[-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . . c:\windows\$NtServicePackUninstall$\linkinfo.dll
[-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . . c:\windows\ERDNT\cache\linkinfo.dll
[-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . . c:\windows\system32\linkinfo.dll
[-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . . c:\windows\system32\dllcache\linkinfo.dll
[7] 2004-08-04 . C2BBD044C741EA4292016C36F718D2E4 . 18944 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB900725$\linkinfo.dll

[-] 2008-08-14 . 31914172342BFF330063F343AC6958FE . 2189184 . . [5.1.2600.5657] . . c:\windows\SoftwareDistribution\Download\e76b316b6389286fbb342d033e63f1ba\SP3QFE\ntoskrnl.exe
[-] 2008-08-14 . EEAF32F8E15A24F62BECB1BD403BB5C5 . 2189184 . . [5.1.2600.5657] . . c:\windows\SoftwareDistribution\Download\e76b316b6389286fbb342d033e63f1ba\SP3GDR\ntoskrnl.exe
[-] 2008-08-14 . 21C91DA9CB53AA8A37041BA9684A8458 . 2180352 . . [5.1.2600.3427] . . c:\windows\SoftwareDistribution\Download\e76b316b6389286fbb342d033e63f1ba\SP2GDR\ntoskrnl.exe
[-] 2008-08-14 . CE69DBD54221F2D40E49FF6DB77C6507 . 2185984 . . [5.1.2600.3427] . . c:\windows\SoftwareDistribution\Download\e76b316b6389286fbb342d033e63f1ba\SP2QFE\ntoskrnl.exe
[7] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ntoskrnl.exe
[7] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\ntoskrnl.exe
[-] 2005-10-12 . 7B69EA89C7B9966BF552A070D97C5013 . 2180096 . . [5.1.2600.2774] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2005-10-12 . 7B69EA89C7B9966BF552A070D97C5013 . 2180096 . . [5.1.2600.2774] . . c:\windows\system32\dllcache\ntoskrnl.exe
[-] 2005-10-12 . C5290E302241594B668A378D89FD903E . 2136064 . . [5.1.2600.2774] . . c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
[-] 2005-10-12 . C5290E302241594B668A378D89FD903E . 2136064 . . [5.1.2600.2774] . . c:\windows\ERDNT\cache\ntoskrnl.exe
[-] 2005-10-12 . C5290E302241594B668A378D89FD903E . 2136064 . . [5.1.2600.2774] . . c:\windows\system32\ntoskrnl.exe
[-] 2005-09-29 . 25C36DBC46E8EFF2A811769A60715AC5 . 2136064 . . [5.1.2600.2765] . . c:\windows\$NtUninstallKB909095$\ntoskrnl.exe
[-] 2005-03-02 . 28187802B7C368C0D3AEF7D4C382AABB . 2179456 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[7] 2004-08-04 . 626309040459C3915997EF98EC1C8D40 . 2148352 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB896256$\ntoskrnl.exe

[7] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\tapisrv.dll
[7] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\tapisrv.dll
[-] 2005-07-08 . 1418A3A6E76E5A2E3F5E43866E793A8B . 249344 . . [5.1.2600.2716] . . c:\windows\$hf_mig$\KB893756\SP2QFE\tapisrv.dll
[-] 2005-07-08 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716] . . c:\windows\$NtServicePackUninstall$\tapisrv.dll
[-] 2005-07-08 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716] . . c:\windows\ERDNT\cache\tapisrv.dll
[-] 2005-07-08 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716] . . c:\windows\system32\tapisrv.dll
[-] 2005-07-08 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716] . . c:\windows\system32\dllcache\tapisrv.dll
[7] 2004-08-04 . EB4A4187D74A8EFDCBEA3EA2CB1BDFBD . 246272 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893756$\tapisrv.dll

[7] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\user32.dll
[7] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\user32.dll
[-] 2005-03-02 . 1800F293BCCC8EDE8A70E12B88D80036 . 577024 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2005-03-02 . DE2DB164BBB35DB061AF0997E4499054 . 577024 . . [5.1.2600.2622] . . c:\windows\$NtServicePackUninstall$\user32.dll
[-] 2005-03-02 . DE2DB164BBB35DB061AF0997E4499054 . 577024 . . [5.1.2600.2622] . . c:\windows\ERDNT\cache\user32.dll
[-] 2005-03-02 . DE2DB164BBB35DB061AF0997E4499054 . 577024 . . [5.1.2600.2622] . . c:\windows\system32\user32.dll
[-] 2005-03-02 . DE2DB164BBB35DB061AF0997E4499054 . 577024 . . [5.1.2600.2622] . . c:\windows\system32\dllcache\user32.dll
[7] 2004-08-04 . C72661F8552ACE7C5C85E16A3CF505C4 . 577024 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\user32.dll

[7] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\srsvc.dll
[7] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\srsvc.dll
[-] 2004-11-17 . 902CF9595F640E53F33C0F1637F464F9 . 171008 . . [5.1.2600.2567] . . c:\windows\$NtServicePackUninstall$\srsvc.dll
[-] 2004-11-17 . 902CF9595F640E53F33C0F1637F464F9 . 171008 . . [5.1.2600.2567] . . c:\windows\ERDNT\cache\srsvc.dll
[-] 2004-11-17 . 902CF9595F640E53F33C0F1637F464F9 . 171008 . . [5.1.2600.2567] . . c:\windows\system32\srsvc.dll
[-] 2004-11-17 . 902CF9595F640E53F33C0F1637F464F9 . 171008 . . [5.1.2600.2567] . . c:\windows\system32\dllcache\srsvc.dll
[7] 2004-08-04 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB888402$\srsvc.dll

[7] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\aec.sys
[7] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\aec.sys
[-] 2006-02-15 00:30 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$hf_mig$\KB900485\SP2QFE\aec.sys
[-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$NtServicePackUninstall$\aec.sys
[-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\Driver Cache\i386\aec.sys
[-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\ERDNT\cache\aec.sys
[-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\system32\dllcache\aec.sys
[-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\system32\drivers\aec.sys
[7] 2004-08-04 05:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\$NtUninstallKB900485$\aec.sys

[7] 2008-04-14 00:11 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\mfc40u.dll
[7] 2008-04-14 00:11 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\mfc40u.dll
[-] 2004-08-04 08:00 . DDF8D47ACF8FC3FE5F7F2B95C4D4D136 . 924432 . . [4.1.6140] . . c:\windows\$NtServicePackUninstall$\mfc40u.dll
[-] 2004-08-04 08:00 . DDF8D47ACF8FC3FE5F7F2B95C4D4D136 . 924432 . . [4.1.6140] . . c:\windows\ERDNT\cache\mfc40u.dll
[-] 2004-08-04 08:00 . DDF8D47ACF8FC3FE5F7F2B95C4D4D136 . 924432 . . [4.1.6140] . . c:\windows\system32\mfc40u.dll
[-] 2004-08-04 08:00 . DDF8D47ACF8FC3FE5F7F2B95C4D4D136 . 924432 . . [4.1.6140] . . c:\windows\system32\dllcache\mfc40u.dll

[-] 2008-08-14 . A25E9B86EFFB2AF33BF51E676B68BFB0 . 2066048 . . [5.1.2600.5657] . . c:\windows\SoftwareDistribution\Download\e76b316b6389286fbb342d033e63f1ba\SP3QFE\ntkrnlpa.exe
[-] 2008-08-14 . 4AC58F03EB94A72809949D757FC39D80 . 2066048 . . [5.1.2600.5657] . . c:\windows\SoftwareDistribution\Download\e76b316b6389286fbb342d033e63f1ba\SP3GDR\ntkrnlpa.exe
[-] 2008-08-14 . BA002228743B6824D87F0551DBC86D45 . 2057728 . . [5.1.2600.3427] . . c:\windows\SoftwareDistribution\Download\e76b316b6389286fbb342d033e63f1ba\SP2GDR\ntkrnlpa.exe
[-] 2008-08-14 . 63EC865DFF6CCFC7BEF94B5C50297CAD . 2062976 . . [5.1.2600.3427] . . c:\windows\SoftwareDistribution\Download\e76b316b6389286fbb342d033e63f1ba\SP2QFE\ntkrnlpa.exe
[7] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ntkrnlpa.exe
[7] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\ntkrnlpa.exe
[-] 2005-10-11 . 0C691ECAD81707D3A7797512AC932C62 . 2015232 . . [5.1.2600.2774] . . c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
[-] 2005-10-11 . DDBFA4EAE9251712F20193DD47B361BD . 2057344 . . [5.1.2600.2774] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2005-10-11 . 0C691ECAD81707D3A7797512AC932C62 . 2015232 . . [5.1.2600.2774] . . c:\windows\ERDNT\cache\ntkrnlpa.exe
[-] 2005-10-11 . 0C691ECAD81707D3A7797512AC932C62 . 2015232 . . [5.1.2600.2774] . . c:\windows\system32\ntkrnlpa.exe
[-] 2005-10-11 . DDBFA4EAE9251712F20193DD47B361BD . 2057344 . . [5.1.2600.2774] . . c:\windows\system32\dllcache\ntkrnlpa.exe
[-] 2005-09-28 . 48472D224E1703882B4DE0E28E205E9B . 2015744 . . [5.1.2600.2765] . . c:\windows\$NtUninstallKB909095$\ntkrnlpa.exe
[-] 2005-03-02 . D8ABA3EAB509627E707A3B14F00FBB6B . 2056832 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
[7] 2004-08-04 . FB142B7007CA2EEA76966C6C5CC12150 . 2015232 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB896256$\ntkrnlpa.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2006-03-31 184320]
"LXCFCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll" [2005-07-20 73728]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-03-28 593920]
"USB Storage Toolbox"="c:\windows\UMStor\Res.EXE" [2005-09-14 65536]
"ACQTMOUSE"="c:\program files\Multi-Direction Opitcal Mouse\Multi-Direction Opitcal Mouse\2.0\ACQTMAPP.exe" [2006-12-27 489984]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-03-28 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-04-01 1932568]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"TrayServer"="c:\program files\MAGIX\Movie_Edit_Pro_15_Download_version\TrayServer.exe" [2008-11-13 90112]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-04 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
AOL 9.0 Tray Icon.lnk - c:\program files\AOL 9.0a\aoltray.exe [2007-2-4 156784]
DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2006-10-4 184320]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-04-01 11:34   10520   ----a-w-   c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IfxWlxEN]
2006-03-03 15:08   434176   ----a-w-   c:\windows\system32\IfxWlxEN.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2005-07-25 18:41   40960   ----a-w-   c:\program files\HPQ\IAM\Bin\AsWlnPkg.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\WINDOWS\\SMINST\\Scheduler.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"c:\\Program Files\\AOL\\RC\\regClient.exe"=
"c:\\Program Files\\AOL 9.0a\\waol.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [18/02/2010 01:43 28552]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [01/04/2009 11:34 325640]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [01/04/2009 11:34 108552]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [29/11/2005 16:56 36768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [05/01/2010 07:56 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [05/01/2010 07:56 74480]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [04/08/2004 08:00 14336]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [01/04/2009 11:33 298264]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 18:19 13592]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [21/10/2005 11:19 36352]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [16/05/2009 15:03 1527900]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [05/01/2010 07:56 7408]
S3 z520bus;Sony Ericsson 520 driver (WDM);c:\windows\system32\drivers\z520bus.sys [26/07/2005 10:13 57648]
S3 z520mdfl;Sony Ericsson 520 USB WMC Modem Filter;c:\windows\system32\drivers\z520mdfl.sys [26/09/2007 13:34 8336]
S3 z520mdm;Sony Ericsson 520 USB WMC Modem Drivers;c:\windows\system32\drivers\z520mdm.sys [26/09/2007 13:34 93488]
S3 z520mgmt;Sony Ericsson 520 USB WMC Device Management Drivers;c:\windows\system32\drivers\z520mgmt.sys [26/09/2007 13:35 84928]
S3 z520obex;Sony Ericsson 520 USB WMC OBEX Interface Drivers;c:\windows\system32\drivers\z520obex.sys [26/09/2007 13:34 82864]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance   REG_MULTI_SZ     ASChannel
.
Contents of the 'Scheduled Tasks' folder

2010-02-21 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.hp.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/
uInternet Settings,ProxyServer = 127.0.0.1:8080
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dlbu8v23.default\
FF - plugin: c:\program files\Common Files\ParallelGraphics\Cortona\npCortona.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-21 01:10
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCFCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16?

?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(900)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
c:\program files\HPQ\IAM\Bin\AsWlnPkg.dll
c:\windows\system32\IfxWlxEN.dll
c:\program files\HPQ\IAM\Bin\ASChnl.dll
c:\program files\HPQ\IAM\Bin\ItMsg.dll

- - - - - - - > 'explorer.exe'(432)
c:\program files\HPQ\IAM\Bin\SFSShell.dll
c:\program files\HPQ\IAM\bin\ItMsg.dll
c:\windows\system32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\DllHost.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\HPQ\IAM\bin\asghost.exe
c:\windows\system32\msdtc.exe
c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\IFXSPMGT.exe
c:\windows\system32\IFXTCS.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\ProtectTools\Embedded Security Software\PSDsrvc.EXE
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\mqsvc.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\mqtgsvc.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\ProtectTools\Embedded Security Software\PSDrt.exe
c:\program files\Common Files\Teleca Shared\Generic.exe
c:\program files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
.
**************************************************************************
.
Completion time: 2010-02-21 01:15:42 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-21 01:15
ComboFix2.txt 2010-02-21 00:31
ComboFix3.txt 2010-02-18 00:47

Pre-Run: 17,696,894,976 bytes free
Post-Run: 17,673,748,480 bytes free

- - End Of File - - 464D16A82B2D35E9C2BCA84967086EA8

evilfantasy · « **Reply #82 on:** February 20, 2010, 06:24:53 PM »

Quote

After re-booting, the IE icon was back on my desktop and IE had made itself the default brower, even though it was definitely set to Firefox before the re-boot! Is this anything to be concerned about?

ComboFix sets IE as the default but I don't know why the icon keeps coming back. I don't think I've ever seen that before.

Let's see if it might be something malicious.

ESET Online Scan

Scan your computer with the ESET FREE Online Virus Scan

* Click the ESET Online Scanner button.

* For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
* Click on the esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop
* Double click on the esetsmartinstaller_enu.exe icon on your desktop.
* Place a check mark next to YES, I accept the Terms of Use.

* Click the Start button.
* Accept any security warnings from your browser.
* Leave the check mark next to Remove found threats and place a check next to Scan archives.
* Click the Start button.
* ESET will then download updates, install, and begin scanning your computer. Please be patient as this can take some time.
* When the scan completes, click List of found threats.
* Next click Export to text file and save the file to your desktop using a name such as ESETScan. Include the contents of this report in your next reply.
* Click the <<Back button then click Finish.

In your next reply please include the ESET Online Scan Log

KayleyBug · « **Reply #83 on:** February 20, 2010, 06:52:35 PM »

ESET is running successfully (unlike last time I tried it, quite a few posts ago by now!).

As it's almost 2am here and it looks like the scan's going to take another hour at least, I'm going to set my laptop to hibernate in 3 hours and get the results to you tomorrow morning (about 4am your time).

Thank you so much for all your help and patience so far

evilfantasy · « **Reply #84 on:** February 20, 2010, 06:54:47 PM »

Glad it's running. Things went horribly wrong with the other scanner we used... $:-\$

Post the log whenever you get the time.

See you then.

KayleyBug · « **Reply #85 on:** February 21, 2010, 03:07:55 AM »

Good morning! ESET scanned 100597 files in 1 hour 42 mins - No threats found.

I'm going to update AVG and JAVA, then install OnlineArmor. If that goes well, I'll create a restore point and then get SP3, so I can just do a system restore if I get internet problems with it again.

I'll make sure everything's definitely sorted before de-fragmenting, here's a new Hijackthis log just to be safe

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:07:40, on 21/02/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\HPQ\IAM\bin\asghost.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\IFXSPMGT.exe
C:\WINDOWS\system32\IFXTCS.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\ProtectTools\Embedded Security Software\PSDsrvc.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\WINDOWS\UMStor\Res.EXE
C:\Program Files\Multi-Direction Opitcal Mouse\Multi-Direction Opitcal Mouse\2.0\ACQTMAPP.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ProtectTools\Embedded Security Software\PSDrt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\lxcfcoms.exe
C:\Program Files\AVG\AVG8\avgupd.exe
C:\Program Files\Trend Micro\HijackThis\sniper.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [LXCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\WINDOWS\UMStor\Res.EXE
O4 - HKLM\..\Run: [ACQTMOUSE] "C:\Program Files\Multi-Direction Opitcal Mouse\Multi-Direction Opitcal Mouse\2.0\ACQTMAPP.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [trayServer] C:\Program Files\MAGIX\Movie_Edit_Pro_15_Download_version\TrayServer.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0a\aoltray.exe
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/mjss/MJSS.cab109791.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by117fd.bay117.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: OneCard - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\WINDOWS\system32\IFXSPMGT.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\WINDOWS\system32\IFXTCS.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxcf_device - - C:\WINDOWS\system32\lxcfcoms.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Program Files\ProtectTools\Embedded Security Software\PSDsrvc.EXE

--
End of file - 10661 bytes

KayleyBug · « **Reply #86 on:** February 21, 2010, 05:37:01 AM »

I got as far as installing Online Armor, there are lots of 'unknown' programs its asking me to allow/block, however there is one 'untrusted' that I'm unable to find information about -

ACQTMAPP.exe (which is named Tilt Mouse Program.)

Should I block this?

evilfantasy · « **Reply #87 on:** February 21, 2010, 11:15:45 AM »

Looks like it is not malicious. http://www.threatexpert.com/files/acqtmapp.exe.html

KayleyBug · « **Reply #88 on:** February 21, 2010, 04:06:03 PM »

I've installed SP3 and 85 other Microsoft updates (and turned on automatic updates, so the next instalment should be much smaller!!)

Updated AVG and Java, and got OnlineArmor set up.

Here's a new HijackThis log, incase there's anything still lurking around.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:01:31, on 21/02/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Tall Emu\Online Armor\OAcat.exe
C:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\HPQ\IAM\bin\asghost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\IFXSPMGT.exe
C:\WINDOWS\system32\IFXTCS.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\ProtectTools\Embedded Security Software\PSDsrvc.EXE
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\WINDOWS\UMStor\Res.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Multi-Direction Opitcal Mouse\Multi-Direction Opitcal Mouse\2.0\ACQTMAPP.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\mqsvc.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Tall Emu\Online Armor\oaui.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Tall Emu\Online Armor\OAhlp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ProtectTools\Embedded Security Software\PSDrt.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Trend Micro\HijackThis\sniper.exe.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [LXCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\WINDOWS\UMStor\Res.EXE
O4 - HKLM\..\Run: [ACQTMOUSE] "C:\Program Files\Multi-Direction Opitcal Mouse\Multi-Direction Opitcal Mouse\2.0\ACQTMAPP.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [trayServer] C:\Program Files\MAGIX\Movie_Edit_Pro_15_Download_version\TrayServer.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0a\aoltray.exe
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/mjss/MJSS.cab109791.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by117fd.bay117.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1266759427500
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1266760712406
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: OneCard - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\WINDOWS\system32\IFXSPMGT.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\WINDOWS\system32\IFXTCS.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxcf_device - - C:\WINDOWS\system32\lxcfcoms.exe
O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\OAcat.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Program Files\ProtectTools\Embedded Security Software\PSDsrvc.EXE
O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe

--
End of file - 12175 bytes

evilfantasy · « **Reply #89 on:** February 21, 2010, 04:22:19 PM »

Looks okay. You can cut down on some of your unnecessary startups.

Download StartUp 1.3

* Open StartUp 1.3 and you will see a list of your startups.
* Right click any startup you do not want and choose Remove
* Once complete choose Apply then Exit

----------

If you don't use Voice Input you can turn that off. What is CTFMON.EXE and How Can I Remove It

----------

Also this.

Download Disable/Remove Windows Messenger to the desktop to remove Windows Messenger.

Do not confuse Windows Messenger with MSN Messenger or Windows Live Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Unzip the file on the desktop. Open the MessengerDisable.exe and choose the bottom box - Uninstall Windows Messenger and click Apply.

Exit out of MessengerDisable then delete the two files that were put on the desktop.

KayleyBug · « **Reply #90 on:** February 21, 2010, 04:45:19 PM »

All of the above now completed

Am I done?

Could you recommend which anti-virus I should run in future? Currently I run AdAware and Spybot every month or so and just delete anything they flag, do you recommend I continue this or should I use a different program, bearing in mind that I'll just delete everything they warn me against?

evilfantasy · « **Reply #91 on:** February 21, 2010, 04:49:24 PM »

I would get rid of AdAware and use MBAM and SAS instead. Unless you buy any of them the real-time protection is pretty useless.

AVG should be fine for your antivirus.

KayleyBug · « **Reply #92 on:** February 21, 2010, 04:52:16 PM »

Ok

Wow, thank you so much for all your help, I'm really really grateful for all the time and patience you've put in to helping me! I thought my laptop was done for but now it's saved! I can't thank you enough

evilfantasy · « **Reply #93 on:** February 21, 2010, 04:55:08 PM »

Your welcome.

Computer Hope Forum

News:

Author Topic: Your system is infected! (Please help if you can) (Read 56495 times)

KayleyBug

KayleyBug

evilfantasy

KayleyBug

evilfantasy

KayleyBug

evilfantasy

KayleyBug

evilfantasy

KayleyBug

evilfantasy

KayleyBug

evilfantasy

KayleyBug

evilfantasy

KayleyBug

evilfantasy

KayleyBug

evilfantasy

KayleyBug

evilfantasy

KayleyBug

evilfantasy

KayleyBug

evilfantasy

KayleyBug

evilfantasy

KayleyBug

evilfantasy

KayleyBug

evilfantasy

KayleyBug

evilfantasy

KayleyBug

evilfantasy

KayleyBug

evilfantasy

KayleyBug

evilfantasy

KayleyBug

KayleyBug

evilfantasy

KayleyBug

evilfantasy

KayleyBug

evilfantasy

KayleyBug

evilfantasy

KayleyBug

evilfantasy

KayleyBug

KayleyBug

evilfantasy

KayleyBug

evilfantasy

KayleyBug

evilfantasy

KayleyBug

KayleyBug

evilfantasy

KayleyBug

evilfantasy

KayleyBug

evilfantasy

KayleyBug

KayleyBug

evilfantasy

KayleyBug

evilfantasy

KayleyBug

evilfantasy

KayleyBug

evilfantasy

KayleyBug