insufficient system error

[godsize71]

quick synopsis... i had vundo virus but after a bit of *censored* got rid of it, then got another virus that puts up that antivirus soft, try to make you buy that crap...got rid of that...got rid of windows firewall and installed zonealarm..i have malware bytes, iobit 360, superantispy and avira antivirus...now i can sign on to internet..mozilla..aol, but after bout half a day a message pops up when i try to start them again and i have to reboot and its fine for a while...been like this for bout a week or so...the message is...C:\programfiles\java\jre6\lib\deploy\jqs\ffl\..\..\..\..\bin\jqsnotify .exe... and below that says...insufficient system resources exist to complete the requested service, i hope someone can help me reolve this problem..thx...also here is hijack log


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:36:07 PM, on 2/17/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Program Files\IObit\IObit Security 360\IS360srv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\IObit\IObit Security 360\IS360tray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\IObit\IObit Security 360\is360.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=13917&gct=&gc=1&q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=13917&gct=&gc=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirect?o=13917&gct=&gc=1&q=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ZoneAlarm Toolbar Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: ZoneAlarm Toolbar - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [LXBUCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBUtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [IObit Security 360] "C:\Program Files\IObit\IObit Security 360\IS360tray.exe" /autostart
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,77,65,62,5c,72,65,6c-,61,74,65,64,2e,68,74,6d,00 (file missing)
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,77,65,62,5c,72,65,6c-,61,74,65,64,2e,68,74,6d,00 (file missing)
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildTangent\Apps\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate1c9cf3f12870e60) (gupdate1c9cf3f12870e60) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: IS360service - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe
O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxbu_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbucoms.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 9707 bytes

[ale52]

Have you updated your Java lately?

Alan <>< 

PM Sent. EF

[godsize71]

yeah i think i did when i had vundo...ill do it again, but dont think thats it, but ill do it

[evilfantasy]

Open HijackThis and select Do a system scan only

Place a check mark next to the following entries: (if there)

• O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,77,65,62,5c,72,65,6c-,61,74,65,64,2e,68,74,6d,00 (file missing)
• O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,77,65,62,5c,72,65,6c-,61,74,65,64,2e,68,74,6d,00 (file missing)

Important: Close all open windows except for HijackThis and then click Fix checked.

Once completed, exit HijackThis.

----------

Download DDS from |HERE| or |HERE| or |HERE| and save it to your desktop.

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.

1) DDS.txt
2) Attach.txt

* Save both logs to your desktop.
* Please copy and paste the entire contents of both logs in your next reply.

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copy and pasting it into the reply.

[godsize71]

DDS (Ver_09-12-01.01) - NTFSx86 
Run by Compaq_Owner at  8:13:04.43 on Fri 02/19/2010
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.446.58 [GMT -5:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated)   {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Norton Internet Worm Protection *disabled*   {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
FW: ZoneAlarm Firewall *enabled*   {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Program Files\IObit\IObit Security 360\IS360srv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\IObit\IObit Security 360\IS360tray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://yahoo.com/
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
uSearch Bar = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
mDefault_Search_URL = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13917&gct=&gc=1&q=
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13917&gct=&gc=1&q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: ZoneAlarm Toolbar Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: ZoneAlarm Toolbar: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} -
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [AOL Fast Start] "c:\program files\america online 9.0\AOL.EXE" -b
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [LXBUCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXBUtime.dll,_RunDLLEntry@16
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [IObit Security 360] "c:\program files\iobit\iobit security 360\IS360tray.exe" /autostart
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [ISW] "c:\program files\checkpoint\zaforcefield\ForceField.exe" /icon="hidden"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe"  -osboot
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
mPolicies-explorer: NoPopUpsOnBoot = 1 (0x1)
IE: &Search
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
Notify: WRNotifier - WRLogonNTF.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = scecli tayanage.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\compaq~1\applic~1\mozilla\firefox\profiles\gqdahqaj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/?fr=fptb-
FF - component: c:\program files\checkpoint\zaforcefield\trustchecker\components\TrustCheckerMozillaPlugin.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 4095
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 1000000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 1000000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 1000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0

FF - user.js: network.http.pipelining - false
FF - user.js: network.http.proxy.pipelining - false
FF - user.js: network.http.pipelining - false
FF - user.js: network.http.proxy.pipelining - false
FF - user.js: network.http.pipelining - false
FF - user.js: network.http.proxy.pipelining - false
FF - user.js: network.http.pipelining - false
FF - user.js: network.http.proxy.pipelining - falsec:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2010-1-29 28552]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-3-31 11608]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-1-5 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-1-5 74480]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2010-2-10 486280]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-3-31 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-3-31 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-3-31 56816]
R2 IS360service;IS360service;c:\program files\iobit\iobit security 360\is360srv.exe [2010-1-27 311568]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2009-10-14 25208]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2009-10-14 476528]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2009-11-13 92008]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
S2 Ca50xav;Digital Blue DMC2 Video Device;c:\windows\system32\drivers\Ca50xav.sys [2007-12-24 508304]
S2 gupdate1c9cf3f12870e60;Google Update Service (gupdate1c9cf3f12870e60);c:\program files\google\update\GoogleUpdate.exe [2009-5-7 133104]
S2 ioloFileInfoList;iolo FileInfoList Service;

S2 ioloSystemService;iolo System Service;

S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-1-5 7408]

============== File Associations ===============

JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1

=============== Created Last 30 ================

2010-02-19 13:12:51   524288   ----a-w-   C:\dds.scr
2010-02-18 19:28:18   918816   ----a-w-   C:\jxpiinstall.exe
2010-02-17 03:04:29   116224   ----a-w-   c:\windows\system32\dllcache\xrxwiadr.dll
2010-02-17 03:04:25   23040   ----a-w-   c:\windows\system32\dllcache\xrxwbtmp.dll
2010-02-17 03:04:23   18944   ----a-w-   c:\windows\system32\dllcache\xrxscnui.dll
2010-02-17 03:04:19   27648   ----a-w-   c:\windows\system32\dllcache\xrxftplt.exe
2010-02-17 03:04:14   4608   ----a-w-   c:\windows\system32\dllcache\xrxflnch.exe
2010-02-17 03:04:07   99865   ----a-w-   c:\windows\system32\dllcache\xlog.exe
2010-02-17 03:04:00   16970   ----a-w-   c:\windows\system32\dllcache\xem336n5.sys
2010-02-17 03:03:59   19455   ----a-w-   c:\windows\system32\dllcache\wvchntxx.sys
2010-02-17 03:03:54   12063   ----a-w-   c:\windows\system32\dllcache\wsiintxx.sys
2010-02-17 03:03:51   8192   ----a-w-   c:\windows\system32\dllcache\wshirda.dll
2010-02-17 03:03:33   8832   ----a-w-   c:\windows\system32\dllcache\wmiacpi.sys
2010-02-17 03:03:28   154624   ----a-w-   c:\windows\system32\dllcache\wlluc48.sys
2010-02-17 03:03:24   34890   ----a-w-   c:\windows\system32\dllcache\wlandrv2.sys
2010-02-17 03:03:12   771581   ----a-w-   c:\windows\system32\dllcache\winacisa.sys
2010-02-17 03:03:03   53760   ----a-w-   c:\windows\system32\dllcache\wiamsmud.dll
2010-02-17 03:01:59   604253   ----a-w-   c:\windows\system32\dllcache\vmodem.sys
2010-02-17 03:01:55   249402   ----a-w-   c:\windows\system32\dllcache\vinwm.sys
2010-02-17 03:01:48   24576   ----a-w-   c:\windows\system32\dllcache\viairda.sys
2010-02-17 03:01:41   687999   ----a-w-   c:\windows\system32\dllcache\usrwdxjs.sys
2010-02-17 03:01:37   765884   ----a-w-   c:\windows\system32\dllcache\usrti.sys
2010-02-17 03:01:32   113762   ----a-w-   c:\windows\system32\dllcache\usrpda.sys
2010-02-17 03:01:28   7556   ----a-w-   c:\windows\system32\dllcache\usroslba.sys
2010-02-17 03:01:23   224802   ----a-w-   c:\windows\system32\dllcache\usr1807a.sys
2010-02-17 03:01:19   794399   ----a-w-   c:\windows\system32\dllcache\usr1806v.sys
2010-02-17 03:01:15   793598   ----a-w-   c:\windows\system32\dllcache\usr1806.sys
2010-02-17 03:01:09   794654   ----a-w-   c:\windows\system32\dllcache\usr1801.sys
2010-02-17 03:01:06   26112   ----a-w-   c:\windows\system32\dllcache\usbser.sys
2010-02-17 03:01:03   32384   ----a-w-   c:\windows\system32\dllcache\usb101et.sys
2010-02-17 02:59:56   159232   ----a-w-   c:\windows\system32\dllcache\tridkbm.sys
2010-02-17 02:58:58   149376   ----a-w-   c:\windows\system32\dllcache\tffsport.sys
2010-02-17 02:57:58   10240   ----a-w-   c:\windows\system32\dllcache\swpidflt.dll
2010-02-17 02:57:54   10240   ----a-w-   c:\windows\system32\dllcache\swpdflt2.dll
2010-02-17 02:57:51   53760   ----a-w-   c:\windows\system32\dllcache\sw_wheel.dll
2010-02-17 02:57:47   41472   ----a-w-   c:\windows\system32\dllcache\sw_effct.dll
2010-02-17 02:57:43   155648   ----a-w-   c:\windows\system32\dllcache\stlnprop.dll
2010-02-17 02:57:36   53248   ----a-w-   c:\windows\system32\dllcache\stlncoin.dll
2010-02-17 02:57:32   285760   ----a-w-   c:\windows\system32\dllcache\stlnata.sys
2010-02-17 02:57:28   16896   ----a-w-   c:\windows\system32\dllcache\stcusb.sys
2010-02-17 02:57:22   48736   ----a-w-   c:\windows\system32\dllcache\srwlnd5.sys
2010-02-17 02:57:19   99328   ----a-w-   c:\windows\system32\dllcache\srusd.dll
2010-02-17 02:57:12   24660   ----a-w-   c:\windows\system32\dllcache\spxupchk.dll
2010-02-17 02:57:06   61824   ----a-w-   c:\windows\system32\dllcache\speed.sys
2010-02-17 02:57:03   106584   ----a-w-   c:\windows\system32\dllcache\spdports.dll
2010-02-17 02:55:58   45568   ----a-w-   c:\windows\system32\dllcache\smb3w.dll
2010-02-17 02:54:48   161568   ----a-w-   c:\windows\system32\dllcache\sgsmusb.sys
2010-02-17 02:54:45   18400   ----a-w-   c:\windows\system32\dllcache\sgsmld.sys
2010-02-17 02:54:41   98080   ----a-w-   c:\windows\system32\dllcache\sgiulnt5.sys
2010-02-17 02:54:38   386560   ----a-w-   c:\windows\system32\dllcache\sgiul50.dll
2010-02-17 02:54:34   36480   ----a-w-   c:\windows\system32\dllcache\sfmanm.sys
2010-02-17 02:54:28   6784   ----a-w-   c:\windows\system32\dllcache\serscan.sys
2010-02-17 02:54:24   17664   ----a-w-   c:\windows\system32\dllcache\sermouse.sys
2010-02-17 02:54:17   6912   ----a-w-   c:\windows\system32\dllcache\seaddsmc.sys
2010-02-17 02:54:15   11520   ----a-w-   c:\windows\system32\dllcache\scsiscan.sys
2010-02-17 02:54:11   11648   ----a-w-   c:\windows\system32\dllcache\scsiprnt.sys
2010-02-17 02:54:07   17280   ----a-w-   c:\windows\system32\dllcache\scr111.sys
2010-02-17 02:54:03   16640   ----a-w-   c:\windows\system32\dllcache\scmstcs.sys
2010-02-17 02:52:58   65664   ----a-w-   c:\windows\system32\dllcache\s3legacy.sys
2010-02-17 02:52:54   82432   ----a-w-   c:\windows\system32\dllcache\rwia450.dll
2010-02-17 02:52:51   79872   ----a-w-   c:\windows\system32\dllcache\rwia430.dll
2010-02-17 02:52:49   29696   ----a-w-   c:\windows\system32\dllcache\rw450ext.dll
2010-02-17 02:52:48   27648   ----a-w-   c:\windows\system32\dllcache\rw430ext.dll
2010-02-17 02:52:43   19017   ----a-w-   c:\windows\system32\dllcache\rtl8029.sys
2010-02-17 02:52:37   30720   ----a-w-   c:\windows\system32\dllcache\rthwcls.sys
2010-02-17 02:52:30   9216   ----a-w-   c:\windows\system32\dllcache\rsmgrstr.dll
2010-02-17 02:52:24   3840   ----a-w-   c:\windows\system32\dllcache\rpfun.sys
2010-02-17 02:52:22   79104   ----a-w-   c:\windows\system32\dllcache\rocket.sys
2010-02-17 02:52:18   37563   ----a-w-   c:\windows\system32\dllcache\rlnet5.sys
2010-02-17 02:52:14   86097   ----a-w-   c:\windows\system32\dllcache\reslog32.dll
2010-02-17 02:50:56   16128   ----a-w-   c:\windows\system32\dllcache\pscr.sys
2010-02-17 02:49:59   35328   ----a-w-   c:\windows\system32\dllcache\pcntpci5.sys
2010-02-17 02:48:58   43689   ----a-w-   c:\windows\system32\dllcache\otceth5.sys
2010-02-17 02:47:54   65278   ----a-w-   c:\windows\system32\dllcache\netflx3.sys
2010-02-17 02:46:58   19968   ----a-w-   c:\windows\system32\dllcache\mxicfg.dll
2010-02-17 02:45:55   17280   ----a-w-   c:\windows\system32\dllcache\mraid35x.sys
2010-02-17 02:45:53   15232   ----a-w-   c:\windows\system32\dllcache\mpe.sys
2010-02-17 02:45:45   16128   ----a-w-   c:\windows\system32\dllcache\modemcsa.sys
2010-02-17 02:45:35   6528   ----a-w-   c:\windows\system32\dllcache\miniqic.sys
2010-02-17 02:45:29   320384   ----a-w-   c:\windows\system32\dllcache\mgaum.sys
2010-02-17 02:45:26   235648   ----a-w-   c:\windows\system32\dllcache\mgaud.dll
2010-02-17 02:45:25   26112   ----a-w-   c:\windows\system32\dllcache\memstpci.sys
2010-02-17 02:45:22   47616   ----a-w-   c:\windows\system32\dllcache\memgrp.dll
2010-02-17 02:45:19   8320   ----a-w-   c:\windows\system32\dllcache\memcard.sys
2010-02-17 02:45:12   164586   ----a-w-   c:\windows\system32\dllcache\mdgndis5.sys
2010-02-17 02:45:06   7424   ----a-w-   c:\windows\system32\dllcache\mammoth.sys
2010-02-17 02:45:02   48768   ----a-w-   c:\windows\system32\dllcache\maestro.sys
2010-02-17 02:43:51   14592   ----a-w-   c:\windows\system32\dllcache\kbdhid.sys
2010-02-17 02:42:59   372824   ----a-w-   c:\windows\system32\dllcache\iconf32.dll
2010-02-17 02:41:59   488383   ----a-w-   c:\windows\system32\dllcache\hsf_v124.sys
2010-02-17 02:40:58   126976   ----a-w-   c:\windows\system32\dllcache\hpgt34tk.dll
2010-02-17 02:39:55   442240   ----a-w-   c:\windows\system32\dllcache\fpnpbase.sys
2010-02-17 02:39:53   441728   ----a-w-   c:\windows\system32\dllcache\fpcmbase.sys
2010-02-17 02:39:51   444416   ----a-w-   c:\windows\system32\dllcache\fpcibase.sys
2010-02-17 02:39:47   34173   ----a-w-   c:\windows\system32\dllcache\forehe.sys
2010-02-17 02:39:43   71680   ----a-w-   c:\windows\system32\dllcache\fnfilter.dll
2010-02-17 02:39:31   27165   ----a-w-   c:\windows\system32\dllcache\fetnd5.sys
2010-02-17 02:39:24   22090   ----a-w-   c:\windows\system32\dllcache\fem556n5.sys
2010-02-17 02:39:17   24618   ----a-w-   c:\windows\system32\dllcache\fa410nd5.sys
2010-02-17 02:39:14   16074   ----a-w-   c:\windows\system32\dllcache\fa312nd5.sys
2010-02-17 02:39:11   11850   ----a-w-   c:\windows\system32\dllcache\f3ab18xj.sys
2010-02-17 02:39:09   12362   ----a-w-   c:\windows\system32\dllcache\f3ab18xi.sys
2010-02-17 02:39:00   7040   ----a-w-   c:\windows\system32\dllcache\exabyte2.sys
2010-02-17 02:37:57   19996   ----a-w-   c:\windows\system32\dllcache\em556n4.sys
2010-02-17 02:36:59   37962   ----a-w-   c:\windows\system32\dllcache\divaprop.dll
2010-02-17 02:35:58   27648   ----a-w-   c:\windows\system32\dllcache\cyyports.dll
2010-02-17 02:34:59   37916   ----a-w-   c:\windows\system32\dllcache\cb102.sys
2010-02-17 02:33:59   871388   ----a-w-   c:\windows\system32\dllcache\bcmdm.sys
2010-02-17 02:32:33   66048   ----a-w-   c:\windows\system32\dllcache\s3legacy.dll
2010-02-11 03:58:40   0   d-----w-   c:\docume~1\compaq~1\applic~1\CheckPoint
2010-02-11 03:55:42   0   d-----w-   c:\program files\CheckPoint
2010-02-11 03:55:39   4212   ---ha-w-   c:\windows\system32\zllictbl.dat
2010-02-11 03:55:29   1238408   ----a-w-   c:\windows\system32\zpeng25.dll
2010-02-11 03:55:29   0   d-----w-   c:\windows\system32\ZoneLabs
2010-02-11 03:55:28   422437   ----a-w-   c:\windows\system32\vsconfig.xml
2010-02-11 03:55:27   0   d-----w-   c:\program files\Zone Labs
2010-02-11 03:54:59   0   d-----w-   c:\windows\Internet Logs
2010-02-11 03:53:08   40233352   ----a-w-   C:\zaSetup_91_007_002_en.exe
2010-02-11 03:51:04   16409960   ----a-w-   C:\havefun.exe
2010-02-11 01:56:52   363008   ----a-w-   C:\rkill.com
2010-02-09 02:16:12   5632   --sha-w-   c:\windows\Thumbs.db
2010-02-08 19:43:46   0   d-----w-   c:\docume~1\compaq~1\applic~1\Digital Support
2010-02-08 19:43:39   0   d-----w-   c:\program files\Digital Support
2010-02-08 19:43:07   1284416   ----a-w-   C:\PCFixerSetup.exe
2010-02-06 23:25:42   0   d-----w-   c:\program files\uTorrent
2010-02-06 23:25:16   319280   ----a-w-   C:\utorrent.exe
2010-02-04 14:22:34   0   d-----w-   c:\program files\Free Window Registry Repair
2010-02-04 14:22:24   798000   ----a-w-   C:\RegpairSetup.exe
2010-02-02 01:02:01   50955   ----a-w-   C:\VETlog.dmp
2010-01-31 02:46:27   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-31 02:46:22   19160   ----a-w-   c:\windows\system32\drivers\mbam.sys
2010-01-31 02:46:22   0   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2010-01-31 02:45:07   0   d-----w-   c:\program files\MetaStream
2010-01-31 00:51:25   0   d-----w-   c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-01-31 00:51:01   0   d-----w-   c:\program files\SUPERAntiSpyware
2010-01-31 00:51:01   0   d-----w-   c:\docume~1\compaq~1\applic~1\SUPERAntiSpyware.com
2010-01-31 00:49:51   5115824   ----a-w-   C:\mb.exe
2010-01-31 00:43:44   0   d-s---w-   C:\ComboFix
2010-01-30 15:16:33   0   d-----w-   c:\program files\3345setup.exe
2010-01-30 13:35:05   2   --shatr-   c:\windows\winstart.bat
2010-01-30 13:34:00   0   d-----w-   c:\program files\UnHackMe
2010-01-29 18:38:47   96978   ----a-w-   c:\program files\VirtumundoBeGone.exe
2010-01-29 14:00:14   28552   ----a-w-   c:\windows\system32\drivers\pavboot.sys
2010-01-29 00:16:54   0   d-----w-   c:\windows\pss
2010-01-28 23:47:49   0   d-----w-   c:\documents and settings\compaq_owner\.SunDownloadManager
2010-01-28 22:48:44   0   d-----w-   C:\VundoFix Backups
2010-01-28 13:45:45   0   d-----w-   c:\docume~1\compaq~1\applic~1\QuickScan
2010-01-23 23:52:43   917504   ----a-w-   c:\windows\system32\FLASH.OCX

==================== Find3M  ====================

2009-12-31 16:50:03   353792   ----a-w-   c:\windows\system32\drivers\srv.sys
2009-12-31 16:50:03   353792   ----a-w-   c:\windows\system32\dllcache\srv.sys
2009-12-22 05:21:05   667136   ----a-w-   c:\windows\system32\wininet.dll
2009-12-22 05:21:05   667136   ----a-w-   c:\windows\system32\dllcache\wininet.dll
2009-12-22 05:21:03   627712   ----a-w-   c:\windows\system32\dllcache\urlmon.dll
2009-12-22 05:21:02   1509888   ----a-w-   c:\windows\system32\dllcache\shdocvw.dll
2009-12-22 05:21:00   3071488   ----a-w-   c:\windows\system32\dllcache\mshtml.dll
2009-12-22 05:20:58   81920   ----a-w-   c:\windows\system32\ieencode.dll
2009-12-22 05:20:58   81920   ----a-w-   c:\windows\system32\dllcache\ieencode.dll
2009-12-17 22:14:00   411368   -c--a-w-   c:\windows\system32\deploytk.dll
2009-12-16 18:43:27   343040   ----a-w-   c:\windows\system32\mspaint.exe
2009-12-16 18:43:27   343040   ----a-w-   c:\windows\system32\dllcache\mspaint.exe
2009-12-14 07:08:23   33280   ----a-w-   c:\windows\system32\dllcache\csrsrv.dll
2009-12-14 07:08:23   33280   ----a-w-   c:\windows\system32\csrsrv.dll
2009-12-08 19:27:51   2189184   ----a-w-   c:\windows\system32\ntoskrnl.exe
2009-12-08 19:27:51   2189184   ----a-w-   c:\windows\system32\dllcache\ntoskrnl.exe
2009-12-08 19:26:15   2145280   ----a-w-   c:\windows\system32\dllcache\ntkrnlmp.exe
2009-12-08 18:43:51   2023936   ----a-w-   c:\windows\system32\dllcache\ntkrpamp.exe
2009-12-08 18:43:50   2066048   ----a-w-   c:\windows\system32\ntkrnlpa.exe
2009-12-08 18:43:50   2066048   ----a-w-   c:\windows\system32\dllcache\ntkrnlpa.exe
2009-12-08 09:23:28   474112   ----a-w-   c:\windows\system32\dllcache\shlwapi.dll
2009-12-04 18:22:22   455424   ----a-w-   c:\windows\system32\dllcache\mrxsmb.sys
2009-11-27 17:11:44   17920   ----a-w-   c:\windows\system32\msyuv.dll
2009-11-27 17:11:44   17920   ----a-w-   c:\windows\system32\dllcache\msyuv.dll
2009-11-27 17:11:44   1291776   ----a-w-   c:\windows\system32\quartz.dll
2009-11-27 17:11:44   1291776   ----a-w-   c:\windows\system32\dllcache\quartz.dll
2009-11-27 16:07:35   8704   ----a-w-   c:\windows\system32\tsbyuv.dll
2009-11-27 16:07:35   8704   ----a-w-   c:\windows\system32\dllcache\tsbyuv.dll
2009-11-27 16:07:35   28672   ----a-w-   c:\windows\system32\msvidc32.dll
2009-11-27 16:07:35   28672   ----a-w-   c:\windows\system32\dllcache\msvidc32.dll
2009-11-27 16:07:34   84992   ----a-w-   c:\windows\system32\dllcache\avifil32.dll
2009-11-27 16:07:34   84992   ----a-w-   c:\windows\system32\avifil32.dll
2009-11-27 16:07:34   48128   ----a-w-   c:\windows\system32\iyuv_32.dll
2009-11-27 16:07:34   48128   ----a-w-   c:\windows\system32\dllcache\iyuv_32.dll
2009-11-27 16:07:34   11264   ----a-w-   c:\windows\system32\msrle32.dll
2009-11-27 16:07:34   11264   ----a-w-   c:\windows\system32\dllcache\msrle32.dll
2009-11-21 15:51:04   471552   ----a-w-   c:\windows\system32\dllcache\aclayers.dll
2008-10-09 19:00:16   19088   -c--a-w-   c:\program files\common files\irywuzubu.bat
2008-10-09 19:00:16   18489   -c--a-w-   c:\program files\common files\vedu.dl
2008-10-09 19:00:16   14113   -c--a-w-   c:\program files\common files\xipa.bat
2008-10-09 19:00:16   12606   -c--a-w-   c:\program files\common files\badyxyret.reg

============= FINISH:  8:15:58.01 ===============



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 7/18/2007 2:22:34 PM
System Uptime: 2/19/2010 7:59:26 AM (1 hours ago)

Motherboard: ASUSTek Computer INC. |  | NAOS
Processor: AMD Sempron(tm) Processor 3400+ | Socket AM2  | 1803/199mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 104 GiB total, 72.285 GiB free.
D: is FIXED (FAT32) - 7 GiB total, 0.532 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Digital Blue DMC2 Video Device
Device ID: ROOT\LEGACY_CA50XAV\0000
Manufacturer:
Name: Digital Blue DMC2 Video Device
PNP Device ID: ROOT\LEGACY_CA50XAV\0000
Service: Ca50xav

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Serial
Device ID: ROOT\LEGACY_SERIAL\0000
Manufacturer:
Name: Serial
PNP Device ID: ROOT\LEGACY_SERIAL\0000
Service: Serial

==== System Restore Points ===================

RP950: 2/19/2010 4:01:32 AM - System Checkpoint

==== Installed Programs ======================

µTorrent
AAC Decoder
ABBYY FineReader 6.0 Sprint Plus
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.1.0
Advanced SystemCare 3
AOL Connectivity Services
AOL Uninstaller
AOL You've Got Pictures Screensaver
AutoUpdate
Avira AntiVir Personal - Free Antivirus
BufferChm
CCleaner (remove only)
Compaq Connections (remove only)
ConvertXtoDVD 3.5.3.139
CP_AtenaShokunin1Config
CP_CalendarTemplates1
cp_LightScribeConfig
cp_OnlineProjectsConfig
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
cp_PosterPrintConfig
cp_UpdateProjectsConfig
Critical Update for Windows Media Player 11 (KB959772)
CueTour
Data Fax SoftModem with SmartCP
Destinations
DeviceManagementQFolder
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
DVD-CLONER V6.00 Build 977
Eraser
Free Window Registry Repair
FullDPAppQFolder
Google Earth
Google Toolbar for Firefox
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
H.264 Decoder
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
HP Boot Optimizer
HP DVD Play 2.1
HP Games
HP Imaging Device Functions 7.0
HP Photosmart Premier Software 6.5
HP Support Overview
HP Update
HP Web Helper
HPPhotoSmartExpress
HpSdpAppCoreApp
InstantShareDevices
IObit Security 360
Java Auto Updater
Java(TM) 6 Update 18
Lexmark 6200 Series
LightScribe System Software  1.10.13.1
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
MKV Splitter
Mozilla Firefox (3.0.10)
MSN
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
My HP Games
Nero 7 Essentials
neroxml
NVIDIA Drivers
OpenOffice.org Installer 1.0
OptionalContentQFolder
PC-Doctor 5 for Windows
PC Fixer
PhotoGallery
Python 2.2 pywin32 extensions (build 203)
Quicken 2006
QuickTime
RandMap
RealPlayer
Realtek High Definition Audio Driver
Rhapsody
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978706)
SkinsHP1
SlideShow
SlideShowMusic
Smart Defrag
Sonic Audio module
Sonic DLA
Sonic Express Labeler
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic_PrimoSDK
SUPERAntiSpyware Free Edition
TomTom HOME 2.7.3.1894
TomTom HOME Visual Studio Merge Modules
Unload
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB953356)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
VC80CRTRedist - 8.0.50727.762
WebFldrs XP
WildTangent Web Driver
Windows Genuine Advantage Validation Tool (KB892130)
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
Yahoo! Toolbar
ZoneAlarm
ZoneAlarm Toolbar
Zuma's Revenge

==== Event Viewer Messages From Past Week ========

2/18/2010 2:31:21 PM, error: Service Control Manager [7034]  - The Java Quick Starter service terminated unexpectedly.  It has done this 1 time(s).
2/17/2010 7:01:01 PM, error: Service Control Manager [7001]  - The Universal Plug and Play Device Host service depends on the SSDP Discovery Service service which failed to start because of the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
2/17/2010 7:00:49 PM, error: DCOM [10005]  - DCOM got error "%1068" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
2/16/2010 9:32:45 PM, information: Windows File Protection [64020]  - Windows File Protection scan found that the system file c:\windows\system32\drmstor.dll has a bad signature. This file was restored to the original version to maintain system stability.  The file version of the system file is 10.0.0.3646.
2/16/2010 9:32:45 PM, information: Windows File Protection [64004]  - The protected system file c:\windows\system32\drmstor.dll could not be restored to its original, valid version. The file version of the bad file is 10.0.0.3646 The specific error code is 0x800b0100 [No signature was present in the subject. ].
2/16/2010 9:32:45 PM, information: Windows File Protection [64004]  - The protected system file c:\windows\system32\drmclien.dll could not be restored to its original, valid version. The file version of the bad file is 10.0.0.3646 The specific error code is 0x800b0110 [The certificate is not valid for the requested usage. ].
2/16/2010 9:32:44 PM, information: Windows File Protection [64020]  - Windows File Protection scan found that the system file c:\windows\system32\drmclien.dll has a bad signature. This file was restored to the original version to maintain system stability.  The file version of the system file is 10.0.0.3646.
2/16/2010 9:32:00 PM, information: Windows File Protection [64016]  - Windows File Protection file scan was started.
2/16/2010 6:17:40 PM, error: Service Control Manager [7009]  - Timeout (30000 milliseconds) waiting for the AOL TopSpeed Monitor service to connect.
2/16/2010 6:17:15 PM, error: Service Control Manager [7031]  - The AOL TopSpeed Monitor service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.
2/16/2010 10:04:32 PM, information: Windows File Protection [64017]  - Windows File Protection file scan completed successfully.
2/15/2010 8:40:39 PM, error: Service Control Manager [7023]  - The Application Management service terminated with the following error:  The system cannot find the file specified.
2/15/2010 8:27:03 PM, error: DCOM [10005]  - DCOM got error "%1053" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
2/15/2010 8:26:51 PM, error: Service Control Manager [7000]  - The Windows Installer service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
2/15/2010 8:26:50 PM, error: Service Control Manager [7009]  - Timeout (30000 milliseconds) waiting for the Windows Installer service to connect.
2/15/2010 8:25:20 PM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  ftsata2
2/15/2010 8:25:18 PM, error: Service Control Manager [7000]  - The iolo System Service service failed to start due to the following error:  The system cannot find the path specified.
2/15/2010 8:25:17 PM, error: Service Control Manager [7009]  - Timeout (30000 milliseconds) waiting for the TrueVector Internet Monitor service to connect.
2/15/2010 8:25:17 PM, error: Service Control Manager [7000]  - The TrueVector Internet Monitor service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
2/15/2010 8:25:17 PM, error: Service Control Manager [7000]  - The iolo FileInfoList Service service failed to start due to the following error:  The system cannot find the path specified.
2/15/2010 3:55:03 AM, error: DCOM [10000]  - Unable to start a DCOM Server: {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}. The error: "%1450" Happened while starting this command: C:\WINDOWS\system32\wbem\wmiprvse.exe -Embedding
2/15/2010 3:46:58 AM, error: sr [1]  - The System Restore filter encountered the unexpected error '0xC00000A1' while processing the file 'BACKUP.RDB' on the volume 'HarddiskVolume1'.  It has stopped monitoring the volume.
2/15/2010 11:59:35 AM, error: Dhcp [1002]  - The IP address lease 192.168.1.33 for the Network Card with network address 0018F361A203 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
2/14/2010 7:05:04 AM, error: DCOM [10000]  - Unable to start a DCOM Server: {FFF2D28F-E4EE-44D9-8104-8E71556757F6}. The error: "%1450" Happened while starting this command: C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe -Embedding
2/14/2010 7:05:04 AM, error: DCOM [10000]  - Unable to start a DCOM Server: {FFF2D28F-E4EE-44D9-8104-8E71556757F6}. The error: "%1450" Happened while starting this command: "c:\Program Files\Common Files\InstallShield\UpdateService\agent.exe" -Embedding

==== End Of File ===========================

[evilfantasy]

Go to Add or Remove Programs and uninstall:

- Free Window Registry Repair
- ZoneAlarm Toolbar <- This is actually the Ask.com toolbar and is useless
.
-----------

If you already have ComboFix be sure to delete it and download a new copy.

Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.

Link #1
Link #2

**Note:  It is important that it is saved directly to your Desktop

DO NOT run it yet!

Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system

Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code: [Select]

KillAll::

DDS::
mDefault_Search_URL = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13917&gct=&gc=1&q=
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13917&gct=&gc=1&q=%s
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} -
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSA: Notification Packages = scecli tayanage.dll

Folder::
C:\VundoFix Backups


3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!



ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze

[godsize71]

i did a everything you asked me to do, twice, when combofix was rebooting is just stayed on the blue shutting down windows page for bout 10 min so i had to restart it, and when it did come back combofix was preparing log bout didnt, so i clicked it off after bout 10 min

[evilfantasy]

Try running it without the script.

Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.
 
Double click combofix.exe & follow the prompts.
Vista users Right-Click on ComboFix.exe and select Run as administrator (you will receive a UAC prompt, please allow it)
When finished ComboFix will produce a log for you.
Post the ComboFix log in your next reply.

Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.

If you have problems with ComboFix usage, see How to use ComboFix

[godsize71]

ComboFix 10-02-19.03 - Compaq_Owner 02/19/2010  16:41:27.3.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.446.175 [GMT -5:00]
Running from: c:\documents and settings\Compaq_Owner\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

(((((((((((((((((((((((((   Files Created from 2010-01-19 to 2010-02-19  )))))))))))))))))))))))))))))))
.

2010-02-19 13:12 . 2010-02-19 13:12   524288   ----a-w-   C:\dds.scr
2010-02-18 19:28 . 2010-02-18 19:28   918816   ----a-w-   C:\jxpiinstall.exe
2010-02-17 03:04 . 2008-04-14 01:12   116224   ----a-w-   c:\windows\system32\dllcache\xrxwiadr.dll
2010-02-17 03:04 . 2001-08-18 03:36   23040   ----a-w-   c:\windows\system32\dllcache\xrxwbtmp.dll
2010-02-17 03:04 . 2008-04-14 01:12   18944   ----a-w-   c:\windows\system32\dllcache\xrxscnui.dll
2010-02-17 03:04 . 2001-08-18 03:37   27648   ----a-w-   c:\windows\system32\dllcache\xrxftplt.exe
2010-02-17 03:04 . 2001-08-18 03:37   4608   ----a-w-   c:\windows\system32\dllcache\xrxflnch.exe
2010-02-17 03:04 . 2001-08-18 03:37   99865   ----a-w-   c:\windows\system32\dllcache\xlog.exe
2010-02-17 03:04 . 2001-08-17 17:11   16970   ----a-w-   c:\windows\system32\dllcache\xem336n5.sys
2010-02-17 03:03 . 2004-08-04 03:29   19455   ----a-w-   c:\windows\system32\dllcache\wvchntxx.sys
2010-02-17 03:03 . 2004-08-04 03:29   12063   ----a-w-   c:\windows\system32\dllcache\wsiintxx.sys
2010-02-17 03:03 . 2008-04-14 01:12   8192   ----a-w-   c:\windows\system32\dllcache\wshirda.dll
2010-02-17 03:03 . 2008-04-13 19:36   8832   ----a-w-   c:\windows\system32\dllcache\wmiacpi.sys
2010-02-17 03:03 . 2004-08-04 03:31   154624   ----a-w-   c:\windows\system32\dllcache\wlluc48.sys
2010-02-17 03:03 . 2001-08-17 17:12   34890   ----a-w-   c:\windows\system32\dllcache\wlandrv2.sys
2010-02-17 03:03 . 2001-08-17 18:28   771581   ----a-w-   c:\windows\system32\dllcache\winacisa.sys
2010-02-17 03:03 . 2001-08-18 03:36   53760   ----a-w-   c:\windows\system32\dllcache\wiamsmud.dll
2010-02-17 03:01 . 2001-08-17 18:28   604253   ----a-w-   c:\windows\system32\dllcache\vmodem.sys
2010-02-17 03:01 . 2001-08-17 17:14   249402   ----a-w-   c:\windows\system32\dllcache\vinwm.sys
2010-02-17 03:01 . 2001-08-17 18:49   24576   ----a-w-   c:\windows\system32\dllcache\viairda.sys
2010-02-17 03:01 . 2001-08-17 18:28   687999   ----a-w-   c:\windows\system32\dllcache\usrwdxjs.sys
2010-02-17 03:01 . 2001-08-17 18:28   765884   ----a-w-   c:\windows\system32\dllcache\usrti.sys
2010-02-17 03:01 . 2001-08-17 18:28   113762   ----a-w-   c:\windows\system32\dllcache\usrpda.sys
2010-02-17 03:01 . 2001-08-17 18:28   7556   ----a-w-   c:\windows\system32\dllcache\usroslba.sys
2010-02-17 03:01 . 2001-08-17 18:28   224802   ----a-w-   c:\windows\system32\dllcache\usr1807a.sys
2010-02-17 03:01 . 2001-08-17 18:28   794399   ----a-w-   c:\windows\system32\dllcache\usr1806v.sys
2010-02-17 03:01 . 2001-08-17 18:28   793598   ----a-w-   c:\windows\system32\dllcache\usr1806.sys
2010-02-17 03:01 . 2001-08-17 18:28   794654   ----a-w-   c:\windows\system32\dllcache\usr1801.sys
2010-02-17 03:01 . 2008-04-13 19:45   26112   ----a-w-   c:\windows\system32\dllcache\usbser.sys
2010-02-17 03:01 . 2004-08-04 03:31   32384   ----a-w-   c:\windows\system32\dllcache\usb101et.sys
2010-02-17 02:59 . 2001-08-17 17:51   159232   ----a-w-   c:\windows\system32\dllcache\tridkbm.sys
2010-02-17 02:58 . 2008-04-13 19:40   149376   ----a-w-   c:\windows\system32\dllcache\tffsport.sys
2010-02-17 02:57 . 2001-08-18 03:36   10240   ----a-w-   c:\windows\system32\dllcache\swpidflt.dll
2010-02-17 02:57 . 2001-08-18 03:36   10240   ----a-w-   c:\windows\system32\dllcache\swpdflt2.dll
2010-02-17 02:57 . 2001-08-18 03:36   53760   ----a-w-   c:\windows\system32\dllcache\sw_wheel.dll
2010-02-17 02:57 . 2001-08-18 03:36   41472   ----a-w-   c:\windows\system32\dllcache\sw_effct.dll
2010-02-17 02:57 . 2001-08-18 03:36   155648   ----a-w-   c:\windows\system32\dllcache\stlnprop.dll
2010-02-17 02:57 . 2001-08-18 03:36   53248   ----a-w-   c:\windows\system32\dllcache\stlncoin.dll
2010-02-17 02:57 . 2001-08-17 17:18   285760   ----a-w-   c:\windows\system32\dllcache\stlnata.sys
2010-02-17 02:57 . 2001-08-17 18:51   16896   ----a-w-   c:\windows\system32\dllcache\stcusb.sys
2010-02-17 02:57 . 2001-08-17 17:11   48736   ----a-w-   c:\windows\system32\dllcache\srwlnd5.sys
2010-02-17 02:57 . 2001-08-18 03:36   99328   ----a-w-   c:\windows\system32\dllcache\srusd.dll
2010-02-17 02:57 . 2001-08-18 03:36   24660   ----a-w-   c:\windows\system32\dllcache\spxupchk.dll
2010-02-17 02:57 . 2001-08-17 18:51   61824   ----a-w-   c:\windows\system32\dllcache\speed.sys
2010-02-17 02:57 . 2001-08-18 03:36   106584   ----a-w-   c:\windows\system32\dllcache\spdports.dll
2010-02-17 02:55 . 2001-08-18 03:36   45568   ----a-w-   c:\windows\system32\dllcache\smb3w.dll
2010-02-17 02:54 . 2001-07-21 19:29   161568   ----a-w-   c:\windows\system32\dllcache\sgsmusb.sys
2010-02-17 02:54 . 2001-07-21 19:29   18400   ----a-w-   c:\windows\system32\dllcache\sgsmld.sys
2010-02-17 02:54 . 2001-08-17 17:51   98080   ----a-w-   c:\windows\system32\dllcache\sgiulnt5.sys
2010-02-17 02:54 . 2001-08-18 03:36   386560   ----a-w-   c:\windows\system32\dllcache\sgiul50.dll
2010-02-17 02:54 . 2001-08-17 17:19   36480   ----a-w-   c:\windows\system32\dllcache\sfmanm.sys
2010-02-17 02:54 . 2001-08-17 18:53   6784   ----a-w-   c:\windows\system32\dllcache\serscan.sys
2010-02-17 02:54 . 2001-08-17 18:48   17664   ----a-w-   c:\windows\system32\dllcache\sermouse.sys
2010-02-17 02:54 . 2001-08-17 18:53   6912   ----a-w-   c:\windows\system32\dllcache\seaddsmc.sys
2010-02-17 02:54 . 2008-04-13 19:45   11520   ----a-w-   c:\windows\system32\dllcache\scsiscan.sys
2010-02-17 02:54 . 2001-08-17 18:52   11648   ----a-w-   c:\windows\system32\dllcache\scsiprnt.sys
2010-02-17 02:54 . 2001-08-17 18:51   17280   ----a-w-   c:\windows\system32\dllcache\scr111.sys
2010-02-17 02:54 . 2001-08-17 18:51   16640   ----a-w-   c:\windows\system32\dllcache\scmstcs.sys
2010-02-17 02:52 . 2001-08-17 18:57   65664   ----a-w-   c:\windows\system32\dllcache\s3legacy.sys
2010-02-17 02:52 . 2001-08-18 03:36   82432   ----a-w-   c:\windows\system32\dllcache\rwia450.dll
2010-02-17 02:52 . 2001-08-18 03:36   79872   ----a-w-   c:\windows\system32\dllcache\rwia430.dll
2010-02-17 02:52 . 2008-04-14 01:12   29696   ----a-w-   c:\windows\system32\dllcache\rw450ext.dll
2010-02-17 02:52 . 2008-04-14 01:12   27648   ----a-w-   c:\windows\system32\dllcache\rw430ext.dll
2010-02-17 02:52 . 2001-08-17 17:12   19017   ----a-w-   c:\windows\system32\dllcache\rtl8029.sys
2010-02-17 02:52 . 2001-08-17 17:19   30720   ----a-w-   c:\windows\system32\dllcache\rthwcls.sys
2010-02-17 02:52 . 2001-08-18 03:36   9216   ----a-w-   c:\windows\system32\dllcache\rsmgrstr.dll
2010-02-17 02:52 . 2001-08-17 17:19   3840   ----a-w-   c:\windows\system32\dllcache\rpfun.sys
2010-02-17 02:52 . 2008-04-13 19:40   79104   ----a-w-   c:\windows\system32\dllcache\rocket.sys
2010-02-17 02:52 . 2001-08-17 17:12   37563   ----a-w-   c:\windows\system32\dllcache\rlnet5.sys
2010-02-17 02:52 . 2001-08-18 03:36   86097   ----a-w-   c:\windows\system32\dllcache\reslog32.dll
2010-02-17 02:50 . 2001-08-17 18:51   16128   ----a-w-   c:\windows\system32\dllcache\pscr.sys
2010-02-17 02:49 . 2001-08-17 17:11   35328   ----a-w-   c:\windows\system32\dllcache\pcntpci5.sys
2010-02-17 02:48 . 2001-08-17 17:12   43689   ----a-w-   c:\windows\system32\dllcache\otceth5.sys
2010-02-17 02:47 . 2001-08-17 17:11   65278   ----a-w-   c:\windows\system32\dllcache\netflx3.sys
2010-02-17 02:46 . 2001-08-18 03:36   19968   ----a-w-   c:\windows\system32\dllcache\mxicfg.dll
2010-02-17 02:46 . 2004-08-04 04:00   229439   ----a-w-   c:\windows\system32\dllcache\multibox.dll
2010-02-17 02:46 . 2001-08-17 18:50   21888   ----a-w-   c:\windows\system32\dllcache\mxcard.sys
2010-02-17 02:46 . 2001-08-17 17:50   103296   ----a-w-   c:\windows\system32\dllcache\mtxvideo.sys
2010-02-17 02:46 . 2008-04-13 19:46   49024   ----a-w-   c:\windows\system32\dllcache\mstape.sys
2010-02-17 02:46 . 2001-08-17 18:48   12416   ----a-w-   c:\windows\system32\dllcache\msriffwv.sys
2010-02-17 02:46 . 2001-08-17 19:00   2944   ----a-w-   c:\windows\system32\dllcache\msmpu401.sys
2010-02-17 02:46 . 2008-04-13 19:54   22016   ----a-w-   c:\windows\system32\dllcache\msircomm.sys
2010-02-17 02:46 . 2004-08-04 04:00   98304   ----a-w-   c:\windows\system32\dllcache\msir3jp.dll
2010-02-17 02:46 . 2001-08-17 19:02   35200   ----a-w-   c:\windows\system32\dllcache\msgame.sys
2010-02-17 02:46 . 2001-08-17 18:48   6016   ----a-w-   c:\windows\system32\dllcache\msfsio.sys
2010-02-17 02:46 . 2008-04-13 19:46   51200   ----a-w-   c:\windows\system32\dllcache\msdv.sys
2010-02-17 02:45 . 2001-08-17 18:52   17280   ----a-w-   c:\windows\system32\dllcache\mraid35x.sys
2010-02-17 02:45 . 2008-04-13 19:46   15232   ----a-w-   c:\windows\system32\dllcache\mpe.sys
2010-02-17 02:45 . 2001-08-17 18:57   16128   ----a-w-   c:\windows\system32\dllcache\modemcsa.sys
2010-02-17 02:45 . 2001-08-17 18:52   6528   ----a-w-   c:\windows\system32\dllcache\miniqic.sys
2010-02-17 02:45 . 2001-08-17 17:50   320384   ----a-w-   c:\windows\system32\dllcache\mgaum.sys
2010-02-17 02:45 . 2001-08-17 19:56   235648   ----a-w-   c:\windows\system32\dllcache\mgaud.dll
2010-02-17 02:45 . 2008-04-13 19:41   26112   ----a-w-   c:\windows\system32\dllcache\memstpci.sys
2010-02-17 02:45 . 2001-08-18 03:36   47616   ----a-w-   c:\windows\system32\dllcache\memgrp.dll
2010-02-17 02:45 . 2001-08-17 18:58   8320   ----a-w-   c:\windows\system32\dllcache\memcard.sys
2010-02-17 02:45 . 2001-08-17 17:12   164586   ----a-w-   c:\windows\system32\dllcache\mdgndis5.sys
2010-02-17 02:45 . 2001-08-17 18:52   7424   ----a-w-   c:\windows\system32\dllcache\mammoth.sys
2010-02-17 02:45 . 2001-08-17 17:19   48768   ----a-w-   c:\windows\system32\dllcache\maestro.sys
2010-02-17 02:43 . 2008-04-13 19:39   14592   ----a-w-   c:\windows\system32\dllcache\kbdhid.sys
2010-02-17 02:42 . 2001-08-18 03:36   372824   ----a-w-   c:\windows\system32\dllcache\iconf32.dll
2010-02-17 02:41 . 2001-08-17 18:28   488383   ----a-w-   c:\windows\system32\dllcache\hsf_v124.sys
2010-02-17 02:40 . 2001-08-18 03:36   126976   ----a-w-   c:\windows\system32\dllcache\hpgt34tk.dll
2010-02-17 02:39 . 2001-08-17 17:15   442240   ----a-w-   c:\windows\system32\dllcache\fpnpbase.sys
2010-02-17 02:39 . 2001-08-17 17:14   441728   ----a-w-   c:\windows\system32\dllcache\fpcmbase.sys
2010-02-17 02:39 . 2001-08-17 17:14   444416   ----a-w-   c:\windows\system32\dllcache\fpcibase.sys
2010-02-17 02:39 . 2004-08-04 03:31   34173   ----a-w-   c:\windows\system32\dllcache\forehe.sys
2010-02-17 02:39 . 2001-08-18 03:36   71680   ----a-w-   c:\windows\system32\dllcache\fnfilter.dll
2010-02-17 02:39 . 2001-08-17 17:13   27165   ----a-w-   c:\windows\system32\dllcache\fetnd5.sys
2010-02-17 02:39 . 2001-08-17 17:10   22090   ----a-w-   c:\windows\system32\dllcache\fem556n5.sys
2010-02-17 02:39 . 2001-08-17 17:12   24618   ----a-w-   c:\windows\system32\dllcache\fa410nd5.sys
2010-02-17 02:39 . 2001-08-17 17:12   16074   ----a-w-   c:\windows\system32\dllcache\fa312nd5.sys
2010-02-17 02:39 . 2001-08-17 17:11   11850   ----a-w-   c:\windows\system32\dllcache\f3ab18xj.sys
2010-02-17 02:39 . 2001-08-17 17:11   12362   ----a-w-   c:\windows\system32\dllcache\f3ab18xi.sys
2010-02-17 02:39 . 2001-08-17 18:52   7040   ----a-w-   c:\windows\system32\dllcache\exabyte2.sys
2010-02-17 02:37 . 2001-08-17 17:10   19996   ----a-w-   c:\windows\system32\dllcache\em556n4.sys
2010-02-17 02:36 . 2001-08-18 03:36   37962   ----a-w-   c:\windows\system32\dllcache\divaprop.dll
2010-02-17 02:35 . 2001-08-18 03:36   27648   ----a-w-   c:\windows\system32\dllcache\cyyports.dll
2010-02-17 02:34 . 2001-08-17 17:12   37916   ----a-w-   c:\windows\system32\dllcache\cb102.sys
2010-02-17 02:33 . 2001-08-17 18:28   871388   ----a-w-   c:\windows\system32\dllcache\bcmdm.sys
2010-02-17 02:32 . 2001-08-17 19:56   66048   ----a-w-   c:\windows\system32\dllcache\s3legacy.dll
2010-02-11 03:58 . 2010-02-11 03:58   --------   d-----w-   c:\documents and settings\Compaq_Owner\Application Data\CheckPoint
2010-02-11 03:54 . 2010-02-19 21:50   --------   d-----w-   c:\windows\Internet Logs
2010-02-11 03:53 . 2010-02-11 03:54   40233352   ----a-w-   C:\zaSetup_91_007_002_en.exe
2010-02-11 03:51 . 2010-02-11 03:51   16409960   ----a-w-   C:\havefun.exe
2010-02-11 01:56 . 2010-02-11 02:11   363008   ----a-w-   C:\rkill.com

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-19 21:35 . 2008-01-31 02:51   --------   d-----w-   c:\documents and settings\Compaq_Owner\Application Data\Vso
2010-02-19 19:16 . 2010-02-12 17:17   3800595   ----a-w-   c:\windows\Internet Logs\tvDebug.Zip
2010-02-19 18:35 . 2009-05-07 18:09   --------   d-----w-   c:\documents and settings\All Users\Application Data\Google Updater
2010-02-18 19:34 . 2010-02-18 19:34   503808   ----a-w-   c:\documents and settings\Compaq_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5841e772-n\msvcp71.dll
2010-02-18 19:34 . 2010-02-18 19:34   499712   ----a-w-   c:\documents and settings\Compaq_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5841e772-n\jmc.dll
2010-02-18 19:34 . 2010-02-18 19:34   348160   ----a-w-   c:\documents and settings\Compaq_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5841e772-n\msvcr71.dll
2010-02-18 19:34 . 2010-02-18 19:34   61440   ----a-w-   c:\documents and settings\Compaq_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-14e7b00d-n\decora-sse.dll
2010-02-18 19:34 . 2010-02-18 19:34   12800   ----a-w-   c:\documents and settings\Compaq_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-14e7b00d-n\decora-d3d.dll
2010-02-18 19:33 . 2006-09-04 22:01   --------   d-----w-   c:\program files\Java
2010-02-17 02:24 . 2010-01-31 00:52   117760   ----a-w-   c:\documents and settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-02-14 00:32 . 2010-02-14 00:32   125806   ----a-w-   c:\windows\Internet Logs\vsmon_2nd_2010_02_13_19_27_25_small.dmp.zip
2010-02-14 00:08 . 2010-02-14 00:13   1638912   ----a-w-   c:\windows\Internet Logs\xDB94.tmp
2010-02-11 03:55 . 2010-02-11 03:55   --------   d-----w-   c:\program files\CheckPoint
2010-02-11 03:55 . 2010-02-11 03:55   4212   ---ha-w-   c:\windows\system32\zllictbl.dat
2010-02-11 03:55 . 2010-02-11 03:55   --------   d-----w-   c:\program files\Zone Labs
2010-02-09 02:16 . 2008-12-16 14:29   --------   d-----w-   c:\program files\Dvd-cloner
2010-02-09 02:16 . 2006-09-04 22:47   --------   d-----w-   c:\program files\PC-Doctor 5 for Windows
2010-02-09 02:16 . 2006-09-04 22:23   --------   d-----w-   c:\program files\music_now
2010-02-09 02:16 . 2007-09-05 22:54   --------   d-----w-   c:\program files\Windows Media Connect 2
2010-02-09 02:16 . 2007-07-29 23:12   --------   d-----w-   c:\program files\DivX
2010-02-09 02:16 . 2006-09-04 22:33   --------   d-----w-   c:\program files\MSN Encarta Standard
2010-02-09 02:16 . 2006-09-04 22:34   --------   d-----w-   c:\program files\Microsoft Works
2010-02-09 02:16 . 2007-07-28 21:02   --------   d-----w-   c:\program files\America Online 9.0
2010-02-03 15:26 . 2007-07-29 23:17   --------   d-----w-   c:\program files\Google
2010-01-31 00:52 . 2010-01-31 00:52   52224   ----a-w-   c:\documents and settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-01-31 00:50 . 2007-12-13 01:23   --------   d-----w-   c:\program files\Common Files\Wise Installation Wizard
2010-01-31 00:20 . 2006-09-04 22:01   --------   d-----w-   c:\program files\Common Files\Java
2010-01-31 00:14 . 2007-07-28 21:03   --------   d-----w-   c:\documents and settings\All Users\Application Data\Viewpoint
2010-01-30 17:13 . 2007-07-29 12:55   --------   d-----w-   c:\program files\Eraser
2010-01-29 21:23 . 2009-03-31 18:40   --------   d---a-w-   c:\documents and settings\All Users\Application Data\TEMP
2010-01-29 19:46 . 2008-12-07 12:27   --------   d-----w-   c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-31 16:50 . 2004-08-04 11:00   353792   ----a-w-   c:\windows\system32\drivers\srv.sys
2009-12-26 18:22 . 2006-09-04 22:27   --------   d-----w-   c:\documents and settings\All Users\Application Data\WildTangent
2009-12-26 18:21 . 2006-09-04 22:27   --------   d-----w-   c:\program files\HP Games
2009-12-26 18:13 . 2009-12-26 18:12   18438256   ----a-w-   c:\documents and settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\Installers\SetupGamesClient.exe
2009-12-24 03:13 . 2009-12-24 03:13   --------   d-----w-   c:\documents and settings\All Users\Application Data\TomTom
2009-12-24 03:12 . 2009-12-24 03:12   --------   d-----w-   c:\documents and settings\Compaq_Owner\Application Data\TomTom
2009-12-24 03:11 . 2009-12-24 03:11   --------   d-----w-   c:\program files\TomTom International B.V
2009-12-24 03:11 . 2009-12-24 03:10   --------   d-----w-   c:\program files\TomTom HOME 2
2009-12-24 03:05 . 2009-12-24 03:05   --------   d-----w-   c:\program files\TomTom DesktopSuite
2009-12-22 05:21 . 2004-08-04 11:00   667136   ------w-   c:\windows\system32\wininet.dll
2009-12-22 05:20 . 2004-08-04 11:00   81920   ----a-w-   c:\windows\system32\ieencode.dll
2009-12-17 22:14 . 2008-12-07 12:05   411368   -c--a-w-   c:\windows\system32\deploytk.dll
2009-12-16 18:43 . 2004-08-04 11:00   343040   ----a-w-   c:\windows\system32\mspaint.exe
2009-12-14 07:08 . 2004-08-04 11:00   33280   ----a-w-   c:\windows\system32\csrsrv.dll
2009-12-08 19:27 . 2004-08-04 11:00   2189184   ------w-   c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43 . 2004-08-04 11:00   2066048   ------w-   c:\windows\system32\ntkrnlpa.exe
2009-12-08 11:30 . 2009-03-31 23:16   56816   ----a-w-   c:\windows\system32\drivers\avgntflt.sys
2009-12-04 18:22 . 2004-08-04 11:00   455424   ----a-w-   c:\windows\system32\drivers\mrxsmb.sys
2009-11-27 17:11 . 2004-08-04 11:00   17920   ----a-w-   c:\windows\system32\msyuv.dll
2009-11-27 17:11 . 2004-08-04 11:00   1291776   ----a-w-   c:\windows\system32\quartz.dll
2009-11-27 16:07 . 2004-08-04 11:00   8704   ----a-w-   c:\windows\system32\tsbyuv.dll
2009-11-27 16:07 . 2004-08-04 11:00   28672   ----a-w-   c:\windows\system32\msvidc32.dll
2009-11-27 16:07 . 2004-08-04 11:00   84992   ----a-w-   c:\windows\system32\avifil32.dll
2009-11-27 16:07 . 2004-08-04 11:00   48128   ----a-w-   c:\windows\system32\iyuv_32.dll
2009-11-27 16:07 . 2004-08-04 11:00   11264   ----a-w-   c:\windows\system32\msrle32.dll
2009-11-22 20:42 . 2010-02-11 03:55   1238408   ----a-w-   c:\windows\system32\zpeng25.dll
2009-11-22 20:42 . 2010-02-11 03:55   69000   ----a-w-   c:\windows\system32\zlcomm.dll
2009-11-22 20:42 . 2010-02-11 03:55   103816   ----a-w-   c:\windows\system32\zlcommdb.dll
2008-10-09 19:00 . 2008-10-09 19:00   18489   -c--a-w-   c:\program files\Common Files\vedu.dl
2009-02-24 19:34 . 2009-02-24 19:34   1044480   -c--a-w-   c:\program files\mozilla firefox\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34   200704   -c--a-w-   c:\program files\mozilla firefox\plugins\ssldivx.dll
.

------- Sigcheck -------

[7] 2004-08-04 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys

c:\windows\System32\drivers\beep.sys ... is missing !!
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AOL Fast Start"="c:\program files\America Online 9.0\AOL.EXE" [2005-07-28 50776]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-03 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 249856]
"LXBUCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXBUtime.dll" [2004-08-20 65536]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"IObit Security 360"="c:\program files\IObit\IObit Security 360\IS360tray.exe" [2009-12-24 1280272]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-11-22 1037192]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-09-04 180269]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-03 68856]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoPopUpsOnBoot"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute   REG_MULTI_SZ      autocheck autochk *\0smrgdf c:\program files\iolo\System Mechanic Professional 6\\0SsiEfr.e\0SsiEfr.ex\0SsiEfr.ex\0SsiEfr.e\0SsiEfr.ex\0SsiEfr.ex\0SsiEfr.ex\0SsiEfr.ex\0SsiEfr.e\0SsiEfr.ex\0SsiEfr.e\0SsiEfr.e\0SsiEfr.e\0SsiEfr.ex\0SsiEfr.ex\0SsiEfr.ex\0SsiEfr.e\0SsiEfr.e\0SsiEfr.ex\0SsiEfr.e\0SsiEfr.ex\0SsiEfr.ex\0SsiEfr.ex\0SsiEfr.ex\0SsiEfr.ex\0SsiEfr.ex\0SsiEfr.ex\0SsiEfr.ex\0SsiEfr.ex\0SsiEfr.ex\0SsiEfr.ex\0SsiEfr.ex\0SsiEfr.ex\0SsiEfr.ex\0SsiEfr.e\0SsiEfr.ex\0SsiEfr.e\0SsiEfr.ex\0SsiEfr.ex\0SsiEfr.e\0SsiEfr.ex\0SsiEfr.e\0SsiEfr.ex

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare]
2005-01-20 21:46   2953216   -c--a-w-   c:\program files\BearShare\BearShare.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
2005-07-23 05:14   237568   -c--a-w-   c:\windows\SMINST\Recguard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-09-03 13:37   68856   ----a-w-   c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2009-11-13 11:31   247144   ----a-w-   c:\program files\TomTom HOME 2\TomTomHOMERunner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1185656573\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\WINDOWS\\system32\\lxbucoms.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\BearShare\\BearShare.exe"=
"c:\\Program Files\\Rhapsody\\rhapsody.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [1/29/2010 9:00 AM 28552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [1/5/2010 7:56 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/5/2010 7:56 AM 74480]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [3/31/2009 6:16 PM 108289]
R2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\is360srv.exe [1/27/2010 4:19 PM 311568]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [11/13/2009 6:31 AM 92008]
S2 Ca50xav;Digital Blue DMC2 Video Device;c:\windows\system32\drivers\Ca50xav.sys [12/24/2007 3:57 PM 508304]
S2 gupdate1c9cf3f12870e60;Google Update Service (gupdate1c9cf3f12870e60);c:\program files\Google\Update\GoogleUpdate.exe [5/7/2009 1:10 PM 133104]
S2 ioloFileInfoList;iolo FileInfoList Service;

S2 ioloSystemService;iolo System Service;

S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/5/2010 7:56 AM 7408]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-23 22:34   451872   -c--a-w-   c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-02-19 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-09-02 18:09]

2010-02-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-07 18:10]

2010-02-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-07 18:10]

2010-02-08 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2010-01-20 20:30]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://yahoo.com/
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Search
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\gqdahqaj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/?fr=fptb-
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 4095
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 1000000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 1000000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 1000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0

FF - user.js: network.http.pipelining - false
FF - user.js: network.http.proxy.pipelining - false
FF - user.js: network.http.pipelining - false
FF - user.js: network.http.proxy.pipelining - false
FF - user.js: network.http.pipelining - false
FF - user.js: network.http.proxy.pipelining - false
FF - user.js: network.http.pipelining - false
FF - user.js: network.http.proxy.pipelining - false.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-19 16:50
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  LXBUCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXBUtime.dll,_RunDLLEntry@16??

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(6592)
c:\program files\Common Files\Ahead\Lib\NeroSearchBar.dll
c:\program files\Common Files\Ahead\Lib\MFC71U.DLL
c:\program files\Common Files\Ahead\Lib\BCGCBPRO860un71.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-02-19  16:56:19
ComboFix-quarantined-files.txt  2010-02-19 21:56

Pre-Run: 79,875,637,248 bytes free
Post-Run: 79,811,575,808 bytes free

- - End Of File - - 5D5B992E088C45317B7A95CE4B2851E4

[evilfantasy]

Please download SystemLook from one of the below links and save it to your desktop.

Link #1
Link #2

Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

* Double-click SystemLook.exe to run it.
* Copy the contents of the following codebox into the main textfield.

Code: [Select]

:filefind
beep.sys

* Click the Look button to start the scan.
* Note: The scan may take some time so please just let it do its work and be patient (or do something else unrelated to the computer).
* When finished, a notepad window will open with the results of the scan. Please post the log.

The log can also be found on your desktop entitled SystemLook.txt

[godsize71]

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 18:34 on 19/02/2010 by Compaq_Owner (Administrator - Elevation successful)

========== filefind ==========

Searching for "beep.sys"
C:\WINDOWS\system32\dllcache\beep.sys   --a--- 4224 bytes   [02:34 17/02/2010]   [04:00 04/08/2004] DA1F27D85E0D1525F6621372E7B685E9

-=End Of File

[evilfantasy]

Download the attached beep.zip file (at the bottom of this post) to your desktop and unzip it to your desktop then follow the instructions.


1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code: [Select]

KillAll::

FCopy::
c:\documents and settings\Compaq_Owner\Desktop\beep.sys | c:\windows\System32\drivers\beep.sys

DDS::
mDefault_Search_URL = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13917&gct=&gc=1&q=
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13917&gct=&gc=1&q=%s
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} -
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSA: Notification Packages = scecli tayanage.dll

Folder::
C:\VundoFix Backups


3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!



ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze

[godsize71]

ComboFix 10-02-19.03 - Compaq_Owner 02/19/2010  19:25:33.4.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.446.128 [GMT -5:00]
Running from: c:\documents and settings\Compaq_Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Compaq_Owner\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

(((((((((((((((((((((((((   Files Created from 2010-01-20 to 2010-02-20  )))))))))))))))))))))))))))))))
.

2010-02-19 13:12 . 2010-02-19 13:12   524288   ----a-w-   C:\dds.scr
2010-02-18 19:28 . 2010-02-18 19:28   918816   ----a-w-   C:\jxpiinstall.exe
2010-02-17 03:04 . 2008-04-14 01:12   116224   ----a-w-   c:\windows\system32\dllcache\xrxwiadr.dll
2010-02-17 03:04 . 2001-08-18 03:36   23040   ----a-w-   c:\windows\system32\dllcache\xrxwbtmp.dll
2010-02-17 03:04 . 2008-04-14 01:12   18944   ----a-w-   c:\windows\system32\dllcache\xrxscnui.dll
2010-02-17 03:04 . 2001-08-18 03:37   27648   ----a-w-   c:\windows\system32\dllcache\xrxftplt.exe
2010-02-17 03:04 . 2001-08-18 03:37   4608   ----a-w-   c:\windows\system32\dllcache\xrxflnch.exe
2010-02-17 03:04 . 2001-08-18 03:37   99865   ----a-w-   c:\windows\system32\dllcache\xlog.exe
2010-02-17 03:04 . 2001-08-17 17:11   16970   ----a-w-   c:\windows\system32\dllcache\xem336n5.sys
2010-02-17 03:03 . 2004-08-04 03:29   19455   ----a-w-   c:\windows\system32\dllcache\wvchntxx.sys
2010-02-17 03:03 . 2004-08-04 03:29   12063   ----a-w-   c:\windows\system32\dllcache\wsiintxx.sys
2010-02-17 03:03 . 2008-04-14 01:12   8192   ----a-w-   c:\windows\system32\dllcache\wshirda.dll
2010-02-17 03:03 . 2008-04-13 19:36   8832   ----a-w-   c:\windows\system32\dllcache\wmiacpi.sys
2010-02-17 03:03 . 2004-08-04 03:31   154624   ----a-w-   c:\windows\system32\dllcache\wlluc48.sys
2010-02-17 03:03 . 2001-08-17 17:12   34890   ----a-w-   c:\windows\system32\dllcache\wlandrv2.sys
2010-02-17 03:03 . 2001-08-17 18:28   771581   ----a-w-   c:\windows\system32\dllcache\winacisa.sys
2010-02-17 03:03 . 2001-08-18 03:36   53760   ----a-w-   c:\windows\system32\dllcache\wiamsmud.dll
2010-02-17 03:01 . 2001-08-17 18:28   604253   ----a-w-   c:\windows\system32\dllcache\vmodem.sys
2010-02-17 03:01 . 2001-08-17 17:14   249402   ----a-w-   c:\windows\system32\dllcache\vinwm.sys
2010-02-17 03:01 . 2001-08-17 18:49   24576   ----a-w-   c:\windows\system32\dllcache\viairda.sys
2010-02-17 03:01 . 2001-08-17 18:28   687999   ----a-w-   c:\windows\system32\dllcache\usrwdxjs.sys
2010-02-17 03:01 . 2001-08-17 18:28   765884   ----a-w-   c:\windows\system32\dllcache\usrti.sys
2010-02-17 03:01 . 2001-08-17 18:28   113762   ----a-w-   c:\windows\system32\dllcache\usrpda.sys
2010-02-17 03:01 . 2001-08-17 18:28   7556   ----a-w-   c:\windows\system32\dllcache\usroslba.sys
2010-02-17 03:01 . 2001-08-17 18:28   224802   ----a-w-   c:\windows\system32\dllcache\usr1807a.sys
2010-02-17 03:01 . 2001-08-17 18:28   794399   ----a-w-   c:\windows\system32\dllcache\usr1806v.sys
2010-02-17 03:01 . 2001-08-17 18:28   793598   ----a-w-   c:\windows\system32\dllcache\usr1806.sys
2010-02-17 03:01 . 2001-08-17 18:28   794654   ----a-w-   c:\windows\system32\dllcache\usr1801.sys
2010-02-17 03:01 . 2008-04-13 19:45   26112   ----a-w-   c:\windows\system32\dllcache\usbser.sys
2010-02-17 03:01 . 2004-08-04 03:31   32384   ----a-w-   c:\windows\system32\dllcache\usb101et.sys
2010-02-17 02:59 . 2001-08-17 17:51   159232   ----a-w-   c:\windows\system32\dllcache\tridkbm.sys
2010-02-17 02:58 . 2008-04-13 19:40   149376   ----a-w-   c:\windows\system32\dllcache\tffsport.sys
2010-02-17 02:57 . 2001-08-18 03:36   10240   ----a-w-   c:\windows\system32\dllcache\swpidflt.dll
2010-02-17 02:57 . 2001-08-18 03:36   10240   ----a-w-   c:\windows\system32\dllcache\swpdflt2.dll
2010-02-17 02:57 . 2001-08-18 03:36   53760   ----a-w-   c:\windows\system32\dllcache\sw_wheel.dll
2010-02-17 02:57 . 2001-08-18 03:36   41472   ----a-w-   c:\windows\system32\dllcache\sw_effct.dll
2010-02-17 02:57 . 2001-08-18 03:36   155648   ----a-w-   c:\windows\system32\dllcache\stlnprop.dll
2010-02-17 02:57 . 2001-08-18 03:36   53248   ----a-w-   c:\windows\system32\dllcache\stlncoin.dll
2010-02-17 02:57 . 2001-08-17 17:18   285760   ----a-w-   c:\windows\system32\dllcache\stlnata.sys
2010-02-17 02:57 . 2001-08-17 18:51   16896   ----a-w-   c:\windows\system32\dllcache\stcusb.sys
2010-02-17 02:57 . 2001-08-17 17:11   48736   ----a-w-   c:\windows\system32\dllcache\srwlnd5.sys
2010-02-17 02:57 . 2001-08-18 03:36   99328   ----a-w-   c:\windows\system32\dllcache\srusd.dll
2010-02-17 02:57 . 2001-08-18 03:36   24660   ----a-w-   c:\windows\system32\dllcache\spxupchk.dll
2010-02-17 02:57 . 2001-08-17 18:51   61824   ----a-w-   c:\windows\system32\dllcache\speed.sys
2010-02-17 02:57 . 2001-08-18 03:36   106584   ----a-w-   c:\windows\system32\dllcache\spdports.dll
2010-02-17 02:55 . 2001-08-18 03:36   45568   ----a-w-   c:\windows\system32\dllcache\smb3w.dll
2010-02-17 02:54 . 2001-07-21 19:29   161568   ----a-w-   c:\windows\system32\dllcache\sgsmusb.sys
2010-02-17 02:54 . 2001-07-21 19:29   18400   ----a-w-   c:\windows\system32\dllcache\sgsmld.sys
2010-02-17 02:54 . 2001-08-17 17:51   98080   ----a-w-   c:\windows\system32\dllcache\sgiulnt5.sys
2010-02-17 02:54 . 2001-08-18 03:36   386560   ----a-w-   c:\windows\system32\dllcache\sgiul50.dll
2010-02-17 02:54 . 2001-08-17 17:19   36480   ----a-w-   c:\windows\system32\dllcache\sfmanm.sys
2010-02-17 02:54 . 2001-08-17 18:53   6784   ----a-w-   c:\windows\system32\dllcache\serscan.sys
2010-02-17 02:54 . 2001-08-17 18:48   17664   ----a-w-   c:\windows\system32\dllcache\sermouse.sys
2010-02-17 02:54 . 2001-08-17 18:53   6912   ----a-w-   c:\windows\system32\dllcache\seaddsmc.sys
2010-02-17 02:54 . 2008-04-13 19:45   11520   ----a-w-   c:\windows\system32\dllcache\scsiscan.sys
2010-02-17 02:54 . 2001-08-17 18:52   11648   ----a-w-   c:\windows\system32\dllcache\scsiprnt.sys
2010-02-17 02:54 . 2001-08-17 18:51   17280   ----a-w-   c:\windows\system32\dllcache\scr111.sys
2010-02-17 02:54 . 2001-08-17 18:51   16640   ----a-w-   c:\windows\system32\dllcache\scmstcs.sys
2010-02-17 02:52 . 2001-08-17 18:57   65664   ----a-w-   c:\windows\system32\dllcache\s3legacy.sys
2010-02-17 02:52 . 2001-08-18 03:36   82432   ----a-w-   c:\windows\system32\dllcache\rwia450.dll
2010-02-17 02:52 . 2001-08-18 03:36   79872   ----a-w-   c:\windows\system32\dllcache\rwia430.dll
2010-02-17 02:52 . 2008-04-14 01:12   29696   ----a-w-   c:\windows\system32\dllcache\rw450ext.dll
2010-02-17 02:52 . 2008-04-14 01:12   27648   ----a-w-   c:\windows\system32\dllcache\rw430ext.dll
2010-02-17 02:52 . 2001-08-17 17:12   19017   ----a-w-   c:\windows\system32\dllcache\rtl8029.sys
2010-02-17 02:52 . 2001-08-17 17:19   30720   ----a-w-   c:\windows\system32\dllcache\rthwcls.sys
2010-02-17 02:52 . 2001-08-18 03:36   9216   ----a-w-   c:\windows\system32\dllcache\rsmgrstr.dll
2010-02-17 02:52 . 2001-08-17 17:19   3840   ----a-w-   c:\windows\system32\dllcache\rpfun.sys
2010-02-17 02:52 . 2008-04-13 19:40   79104   ----a-w-   c:\windows\system32\dllcache\rocket.sys
2010-02-17 02:52 . 2001-08-17 17:12   37563   ----a-w-   c:\windows\system32\dllcache\rlnet5.sys
2010-02-17 02:52 . 2001-08-18 03:36   86097   ----a-w-   c:\windows\system32\dllcache\reslog32.dll
2010-02-17 02:50 . 2001-08-17 18:51   16128   ----a-w-   c:\windows\system32\dllcache\pscr.sys
2010-02-17 02:49 . 2001-08-17 17:11   35328   ----a-w-   c:\windows\system32\dllcache\pcntpci5.sys
2010-02-17 02:48 . 2001-08-17 17:12   43689   ----a-w-   c:\windows\system32\dllcache\otceth5.sys
2010-02-17 02:47 . 2001-08-17 17:11   65278   ----a-w-   c:\windows\system32\dllcache\netflx3.sys
2010-02-17 02:46 . 2001-08-18 03:36   19968   ----a-w-   c:\windows\system32\dllcache\mxicfg.dll
2010-02-17 02:46 . 2004-08-04 04:00   229439   ----a-w-   c:\windows\system32\dllcache\multibox.dll
2010-02-17 02:46 . 2001-08-17 18:50   21888   ----a-w-   c:\windows\system32\dllcache\mxcard.sys
2010-02-17 02:46 . 2001-08-17 17:50   103296   ----a-w-   c:\windows\system32\dllcache\mtxvideo.sys
2010-02-17 02:46 . 2008-04-13 19:46   49024   ----a-w-   c:\windows\system32\dllcache\mstape.sys
2010-02-17 02:46 . 2001-08-17 18:48   12416   ----a-w-   c:\windows\system32\dllcache\msriffwv.sys
2010-02-17 02:46 . 2001-08-17 19:00   2944   ----a-w-   c:\windows\system32\dllcache\msmpu401.sys
2010-02-17 02:46 . 2008-04-13 19:54   22016   ----a-w-   c:\windows\system32\dllcache\msircomm.sys
2010-02-17 02:46 . 2004-08-04 04:00   98304   ----a-w-   c:\windows\system32\dllcache\msir3jp.dll
2010-02-17 02:46 . 2001-08-17 19:02   35200   ----a-w-   c:\windows\system32\dllcache\msgame.sys
2010-02-17 02:46 . 2001-08-17 18:48   6016   ----a-w-   c:\windows\system32\dllcache\msfsio.sys
2010-02-17 02:46 . 2008-04-13 19:46   51200   ----a-w-   c:\windows\system32\dllcache\msdv.sys
2010-02-17 02:45 . 2001-08-17 18:52   17280   ----a-w-   c:\windows\system32\dllcache\mraid35x.sys
2010-02-17 02:45 . 2008-04-13 19:46   15232   ----a-w-   c:\windows\system32\dllcache\mpe.sys
2010-02-17 02:45 . 2001-08-17 18:57   16128   ----a-w-   c:\windows\system32\dllcache\modemcsa.sys
2010-02-17 02:45 . 2001-08-17 18:52   6528   ----a-w-   c:\windows\system32\dllcache\miniqic.sys
2010-02-17 02:45 . 2001-08-17 17:50   320384   ----a-w-   c:\windows\system32\dllcache\mgaum.sys
2010-02-17 02:45 . 2001-08-17 19:56   235648   ----a-w-   c:\windows\system32\dllcache\mgaud.dll
2010-02-17 02:45 . 2008-04-13 19:41   26112   ----a-w-   c:\windows\system32\dllcache\memstpci.sys
2010-02-17 02:45 . 2001-08-18 03:36   47616   ----a-w-   c:\windows\system32\dllcache\memgrp.dll
2010-02-17 02:45 . 2001-08-17 18:58   8320   ----a-w-   c:\windows\system32\dllcache\memcard.sys
2010-02-17 02:45 . 2001-08-17 17:12   164586   ----a-w-   c:\windows\system32\dllcache\mdgndis5.sys
2010-02-17 02:45 . 2001-08-17 18:52   7424   ----a-w-   c:\windows\system32\dllcache\mammoth.sys
2010-02-17 02:45 . 2001-08-17 17:19   48768   ----a-w-   c:\windows\system32\dllcache\maestro.sys
2010-02-17 02:43 . 2008-04-13 19:39   14592   ----a-w-   c:\windows\system32\dllcache\kbdhid.sys
2010-02-17 02:42 . 2001-08-18 03:36   372824   ----a-w-   c:\windows\system32\dllcache\iconf32.dll
2010-02-17 02:41 . 2001-08-17 18:28   488383   ----a-w-   c:\windows\system32\dllcache\hsf_v124.sys
2010-02-17 02:40 . 2001-08-18 03:36   126976   ----a-w-   c:\windows\system32\dllcache\hpgt34tk.dll
2010-02-17 02:39 . 2001-08-17 17:15   442240   ----a-w-   c:\windows\system32\dllcache\fpnpbase.sys
2010-02-17 02:39 . 2001-08-17 17:14   441728   ----a-w-   c:\windows\system32\dllcache\fpcmbase.sys
2010-02-17 02:39 . 2001-08-17 17:14   444416   ----a-w-   c:\windows\system32\dllcache\fpcibase.sys
2010-02-17 02:39 . 2004-08-04 03:31   34173   ----a-w-   c:\windows\system32\dllcache\forehe.sys
2010-02-17 02:39 . 2001-08-18 03:36   71680   ----a-w-   c:\windows\system32\dllcache\fnfilter.dll
2010-02-17 02:39 . 2001-08-17 17:13   27165   ----a-w-   c:\windows\system32\dllcache\fetnd5.sys
2010-02-17 02:39 . 2001-08-17 17:10   22090   ----a-w-   c:\windows\system32\dllcache\fem556n5.sys
2010-02-17 02:39 . 2001-08-17 17:12   24618   ----a-w-   c:\windows\system32\dllcache\fa410nd5.sys
2010-02-17 02:39 . 2001-08-17 17:12   16074   ----a-w-   c:\windows\system32\dllcache\fa312nd5.sys
2010-02-17 02:39 . 2001-08-17 17:11   11850   ----a-w-   c:\windows\system32\dllcache\f3ab18xj.sys
2010-02-17 02:39 . 2001-08-17 17:11   12362   ----a-w-   c:\windows\system32\dllcache\f3ab18xi.sys
2010-02-17 02:39 . 2001-08-17 18:52   7040   ----a-w-   c:\windows\system32\dllcache\exabyte2.sys
2010-02-17 02:37 . 2001-08-17 17:10   19996   ----a-w-   c:\windows\system32\dllcache\em556n4.sys
2010-02-17 02:36 . 2001-08-18 03:36   37962   ----a-w-   c:\windows\system32\dllcache\divaprop.dll
2010-02-17 02:35 . 2001-08-18 03:36   27648   ----a-w-   c:\windows\system32\dllcache\cyyports.dll
2010-02-17 02:34 . 2001-08-17 17:12   37916   ----a-w-   c:\windows\system32\dllcache\cb102.sys
2010-02-17 02:33 . 2001-08-17 18:28   871388   ----a-w-   c:\windows\system32\dllcache\bcmdm.sys
2010-02-17 02:32 . 2001-08-17 19:56   66048   ----a-w-   c:\windows\system32\dllcache\s3legacy.dll
2010-02-11 03:58 . 2010-02-11 03:58   --------   d-----w-   c:\documents and settings\Compaq_Owner\Application Data\CheckPoint
2010-02-11 03:54 . 2010-02-20 00:25   --------   d-----w-   c:\windows\Internet Logs
2010-02-11 03:53 . 2010-02-11 03:54   40233352   ----a-w-   C:\zaSetup_91_007_002_en.exe
2010-02-11 03:51 . 2010-02-11 03:51   16409960   ----a-w-   C:\havefun.exe
2010-02-11 01:56 . 2010-02-11 02:11   363008   ----a-w-   C:\rkill.com

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-19 21:35 . 2008-01-31 02:51   --------   d-----w-   c:\documents and settings\Compaq_Owner\Application Data\Vso
2010-02-19 18:35 . 2009-05-07 18:09   --------   d-----w-   c:\documents and settings\All Users\Application Data\Google Updater
2010-02-18 19:33 . 2006-09-04 22:01   --------   d-----w-   c:\program files\Java
2010-02-11 03:55 . 2010-02-11 03:55   --------   d-----w-   c:\program files\CheckPoint
2010-02-11 03:55 . 2010-02-11 03:55   4212   ---ha-w-   c:\windows\system32\zllictbl.dat
2010-02-11 03:55 . 2010-02-11 03:55   --------   d-----w-   c:\program files\Zone Labs
2010-02-09 02:16 . 2008-12-16 14:29   --------   d-----w-   c:\program files\Dvd-cloner
2010-02-09 02:16 . 2006-09-04 22:47   --------   d-----w-   c:\program files\PC-Doctor 5 for Windows
2010-02-09 02:16 . 2006-09-04 22:23   --------   d-----w-   c:\program files\music_now
2010-02-09 02:16 . 2007-09-05 22:54   --------   d-----w-   c:\program files\Windows Media Connect 2
2010-02-09 02:16 . 2007-07-29 23:12   --------   d-----w-   c:\program files\DivX
2010-02-09 02:16 . 2006-09-04 22:33   --------   d-----w-   c:\program files\MSN Encarta Standard
2010-02-09 02:16 . 2006-09-04 22:34   --------   d-----w-   c:\program files\Microsoft Works
2010-02-09 02:16 . 2007-07-28 21:02   --------   d-----w-   c:\program files\America Online 9.0
2010-02-03 15:26 . 2007-07-29 23:17   --------   d-----w-   c:\program files\Google
2010-01-31 00:50 . 2007-12-13 01:23   --------   d-----w-   c:\program files\Common Files\Wise Installation Wizard
2010-01-31 00:20 . 2006-09-04 22:01   --------   d-----w-   c:\program files\Common Files\Java
2010-01-31 00:14 . 2007-07-28 21:03   --------   d-----w-   c:\documents and settings\All Users\Application Data\Viewpoint
2010-01-30 17:13 . 2007-07-29 12:55   --------   d-----w-   c:\program files\Eraser
2010-01-29 21:23 . 2009-03-31 18:40   --------   d---a-w-   c:\documents and settings\All Users\Application Data\TEMP
2010-01-29 19:46 . 2008-12-07 12:27   --------   d-----w-   c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-31 16:50 . 2004-08-04 11:00   353792   ----a-w-   c:\windows\system32\drivers\srv.sys
2009-12-26 18:22 . 2006-09-04 22:27   --------   d-----w-   c:\documents and settings\All Users\Application Data\WildTangent
2009-12-26 18:21 . 2006-09-04 22:27   --------   d-----w-   c:\program files\HP Games
2009-12-24 03:13 . 2009-12-24 03:13   --------   d-----w-   c:\documents and settings\All Users\Application Data\TomTom
2009-12-24 03:12 . 2009-12-24 03:12   --------   d-----w-   c:\documents and settings\Compaq_Owner\Application Data\TomTom
2009-12-24 03:11 . 2009-12-24 03:11   --------   d-----w-   c:\program files\TomTom International B.V
2009-12-24 03:11 . 2009-12-24 03:10   --------   d-----w-   c:\program files\TomTom HOME 2
2009-12-24 03:05 . 2009-12-24 03:05   --------   d-----w-   c:\program files\TomTom DesktopSuite
2009-12-22 05:21 . 2004-08-04 11:00   667136   ------w-   c:\windows\system32\wininet.dll
2009-12-22 05:20 . 2004-08-04 11:00   81920   ----a-w-   c:\windows\system32\ieencode.dll
2009-12-17 22:14 . 2008-12-07 12:05   411368   -c--a-w-   c:\windows\system32\deploytk.dll
2009-12-16 18:43 . 2004-08-04 11:00   343040   ----a-w-   c:\windows\system32\mspaint.exe
2009-12-14 07:08 . 2004-08-04 11:00   33280   ----a-w-   c:\windows\system32\csrsrv.dll
2009-12-08 19:27 . 2004-08-04 11:00   2189184   ------w-   c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43 . 2004-08-04 11:00   2066048   ------w-   c:\windows\system32\ntkrnlpa.exe
2009-12-08 11:30 . 2009-03-31 23:16   56816   ----a-w-   c:\windows\system32\drivers\avgntflt.sys
2009-12-04 18:22 . 2004-08-04 11:00   455424   ----a-w-   c:\windows\system32\drivers\mrxsmb.sys
2009-11-27 17:11 . 2004-08-04 11:00   17920   ----a-w-   c:\windows\system32\msyuv.dll
2009-11-27 17:11 . 2004-08-04 11:00   1291776   ----a-w-   c:\windows\system32\quartz.dll
2009-11-27 16:07 . 2004-08-04 11:00   8704   ----a-w-   c:\windows\system32\tsbyuv.dll
2009-11-27 16:07 . 2004-08-04 11:00   28672   ----a-w-   c:\windows\system32\msvidc32.dll
2009-11-27 16:07 . 2004-08-04 11:00   84992   ----a-w-   c:\windows\system32\avifil32.dll
2009-11-27 16:07 . 2004-08-04 11:00   48128   ----a-w-   c:\windows\system32\iyuv_32.dll
2009-11-27 16:07 . 2004-08-04 11:00   11264   ----a-w-   c:\windows\system32\msrle32.dll
2009-11-22 20:42 . 2010-02-11 03:55   1238408   ----a-w-   c:\windows\system32\zpeng25.dll
2009-11-22 20:42 . 2010-02-11 03:55   69000   ----a-w-   c:\windows\system32\zlcomm.dll
2009-11-22 20:42 . 2010-02-11 03:55   103816   ----a-w-   c:\windows\system32\zlcommdb.dll
2008-10-09 19:00 . 2008-10-09 19:00   18489   -c--a-w-   c:\program files\Common Files\vedu.dl
2009-02-24 19:34 . 2009-02-24 19:34   1044480   -c--a-w-   c:\program files\mozilla firefox\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34   200704   -c--a-w-   c:\program files\mozilla firefox\plugins\ssldivx.dll
.

------- Sigcheck -------

[7] 2004-08-04 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys

c:\windows\System32\drivers\beep.sys ... is missing !!
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AOL Fast Start"="c:\program files\America Online 9.0\AOL.EXE" [2005-07-28 50776]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-03 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 249856]
"LXBUCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXBUtime.dll" [2004-08-20 65536]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"IObit Security 360"="c:\program files\IObit\IObit Security 360\IS360tray.exe" [2009-12-24 1280272]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-11-22 1037192]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-09-04 180269]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-03 68856]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoPopUpsOnBoot"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute   REG_MULTI_SZ      autocheck autochk *\0smrgdf c:\program files\iolo\System Mechanic Professional 6\\0SsiEfr.e\0SsiEfr.ex\0SsiEfr.ex\0SsiEfr.e\0SsiEfr.ex\0SsiEfr.ex\0SsiEfr.ex\0SsiEfr.ex\0SsiEfr.e\0SsiEfr.ex\0SsiEfr.e\0SsiEfr.e\0SsiEfr.e\0SsiEfr.ex\0SsiEfr.ex\0SsiEfr.ex\0SsiEfr.e\0SsiEfr.e\0SsiEfr.ex\0SsiEfr.e\0SsiEfr.ex\0SsiEfr.ex\0SsiEfr.ex\0SsiEfr.ex\0SsiEfr.ex\0SsiEfr.ex\0SsiEfr.ex\0SsiEfr.ex\0SsiEfr.ex\0SsiEfr.ex\0SsiEfr.ex\0SsiEfr.ex\0SsiEfr.ex\0SsiEfr.ex\0SsiEfr.e\0SsiEfr.ex\0SsiEfr.e\0SsiEfr.ex\0SsiEfr.ex\0SsiEfr.e\0SsiEfr.ex\0SsiEfr.e\0SsiEfr.ex

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare]
2005-01-20 21:46   2953216   -c--a-w-   c:\program files\BearShare\BearShare.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
2005-07-23 05:14   237568   -c--a-w-   c:\windows\SMINST\Recguard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-09-03 13:37   68856   ----a-w-   c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2009-11-13 11:31   247144   ----a-w-   c:\program files\TomTom HOME 2\TomTomHOMERunner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1185656573\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\WINDOWS\\system32\\lxbucoms.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\BearShare\\BearShare.exe"=
"c:\\Program Files\\Rhapsody\\rhapsody.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [1/29/2010 9:00 AM 28552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [1/5/2010 7:56 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/5/2010 7:56 AM 74480]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [3/31/2009 6:16 PM 108289]
R2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\is360srv.exe [1/27/2010 4:19 PM 311568]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [11/13/2009 6:31 AM 92008]
S2 Ca50xav;Digital Blue DMC2 Video Device;c:\windows\system32\drivers\Ca50xav.sys [12/24/2007 3:57 PM 508304]
S2 gupdate1c9cf3f12870e60;Google Update Service (gupdate1c9cf3f12870e60);c:\program files\Google\Update\GoogleUpdate.exe [5/7/2009 1:10 PM 133104]
S2 ioloFileInfoList;iolo FileInfoList Service;

S2 ioloSystemService;iolo System Service;

S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/5/2010 7:56 AM 7408]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-23 22:34   451872   -c--a-w-   c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-02-20 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-09-02 18:09]

2010-02-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-07 18:10]

2010-02-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-07 18:10]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://yahoo.com/
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: &Search
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\gqdahqaj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/?fr=fptb-
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 4095
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 1000000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 1000000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 1000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0

FF - user.js: network.http.pipelining - false
FF - user.js: network.http.proxy.pipelining - false
FF - user.js: network.http.pipelining - false
FF - user.js: network.http.proxy.pipelining - false
FF - user.js: network.http.pipelining - false
FF - user.js: network.http.proxy.pipelining - false
FF - user.js: network.http.pipelining - false
FF - user.js: network.http.proxy.pipelining - false.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-19 19:43
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  LXBUCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXBUtime.dll,_RunDLLEntry@16??

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(5688)
c:\program files\Common Files\Ahead\Lib\NeroSearchBar.dll
c:\program files\Common Files\Ahead\Lib\MFC71U.DLL
c:\program files\Common Files\Ahead\Lib\BCGCBPRO860un71.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Common Files\aolshare\aolshcpy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
c:\program files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
c:\program files\Nero\Nero 7\InCD\InCDsrv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\nvsvc32.exe
c:\program files\America Online 9.0\waol.exe
c:\program files\IObit\IObit Security 360\is360.exe
c:\program files\America Online 9.0\shellmon.exe
.
**************************************************************************
.
Completion time: 2010-02-19  19:59:35 - machine was rebooted
ComboFix-quarantined-files.txt  2010-02-20 00:59
ComboFix2.txt  2010-02-19 21:56

Pre-Run: 79,541,571,584 bytes free
Post-Run: 80,024,301,568 bytes free

- - End Of File - - FA21A306079B4D0CE50ED1CDCCEA29C9

[evilfantasy]

You didn't put the beep.sys file on your desktop?

[godsize71]

the system look right? its there

[evilfantasy]

No. You were supposed to download the attached file. (look at the bottom of this post)

Download the attached beep.zip file (at the bottom of this post) to your desktop and then unzip it to your desktop.

Let me know when the beep.sys file is on your desktop.

[Saving space, attachment deleted by admin]

[godsize71]

its there

[evilfantasy]

Yours is missing so now we need to move it to where it should be.

Download The Avenger by Swandog46 and save it to your desktop.

* Extract avenger.exe from the Zip file and save it to your desktop
* Run avenger.exe by double-clicking on it.
* Do not change any check box options!!
* Copy everything in the Code box below, and paste it into the Input script here window:

Code: [Select]

Comment:

Files to move:
c:\documents and settings\Compaq_Owner\Desktop\beep.sys | c:\windows\System32\drivers\beep.sys
* Now click the Execute button.
* Click Yes to the prompt to confirm you want to execute.
* Click Yes to the "Reboot now?" question that will appear when Avenger finishes running.
* Your PC should reboot, if not, reboot it yourself.
* A log file from Avenger will be produced at C:\avenger.txt and it will pop-up for you to view when you login after reboot.

* Add the Avenger log in your next post.


Also let me know how the computer is running now.

[godsize71]

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform:  Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File move operation "c:\documents and settings\Compaq_Owner\Desktop\beep.sys|c:\windows\System32\drivers\beep.sys" completed successfully.

Completed script processing.

*******************

Finished!  Terminate.
  its running ok lil slow but the insufficient error hasnt been on but then again i have been rebooting...i will let you know in the morning time

[evilfantasy]

Looks good.

When you get back run GMER. We need to make sure everything is gone.


Download GMER Rootkit Detector and save it your desktop.
 
* Extract it to your desktop and double-click GMER.exe
* Make sure all of the boxes on the right of the screen are checked, EXCEPT for "Show All".
* Click the Rootkit tab and then Scan.
* Don't check the Show All box while scanning in progress!
* When scanning is finished click Copy.
* This copies the log to clipboard
* Post the log in your reply.

[godsize71]

i have it but cant find clipboard where is it

[evilfantasy]

The clipboard is when you copy text. Just right click in the reply box and choose Paste.

[godsize71]

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-02-19 21:19:03
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\uwlcraoc.sys


---- Disk sectors - GMER 1.0.15 ----

Disk            \Device\Harddisk0\DR0        sector 00: MBR rootkit code detected

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Ntfs \Ntfs       InCDrec.SYS (InCD File System Recognizer/Nero AG)
AttachedDevice  \FileSystem\Fastfat \Fat     InCDrec.SYS (InCD File System Recognizer/Nero AG)

Device          \Driver\Tcpip \Device\Ip     vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device          \Driver\Tcpip \Device\Tcp    vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device          \Driver\Tcpip \Device\Udp    vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device          \Driver\Tcpip \Device\RawIp  vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

---- EOF - GMER 1.0.15 ----

[evilfantasy]

MBR rootkit code detected

We need to fix that.

Download the MBR Rootkit Detector to your desktop.

Go to Start > Run then copy and paste the following red text into the Open field then click OK:

"%userprofile%\desktop\mbr.exe" -f

Next, double click on the mbr.exe file.

Post the contents of the mbr.log

[godsize71]

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
MBR rootkit code detected !

[evilfantasy]

Download DeFogger by jpshortstuff and save it to your desktop.
 
* Double click DeFogger.exe to run the tool.
* The application window will appear.
* Click the Disable button to disable your CD Emulation drivers
* Click Yes to continue.
* A 'Finished!' message will appear.
* Click OK.
* DeFogger will now ask to reboot the machine...click OK.
 
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.
 
Do not re-enable these drivers until otherwise instructed.

----------

Go to Start > Run then copy and paste the following red text into the Open field then click OK:

"%userprofile%\desktop\mbr.exe" -f

Next, double click on the mbr.exe file.

Post the contents of the mbr.log

[godsize71]

it just kept asking me to disable cd i did it like 4 times but never asked to reboot, just kept the disable cd window

[godsize71]

defogger_disable by jpshortstuff (29.01.10.1)
Log created at 13:12 on 20/02/2010 (Compaq_Owner)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-


Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
MBR rootkit code detected !



this is what i got from logs...didnt reboot like i said

[evilfantasy]

Download Dr.Web CureIt and save it to your desktop.

 Scan with DrWeb-CureIt as follows:

• Double-click on drweb-cureit.exe and then click Start
  
• An information notice will appear, click OK.
  
• This starts a short scan that will scan the files currently running in memory.
• If you get a prompt to buy the full version just exit out of the window. The scanner will still work without buying the full version
  
• If or when something is found, click the Yes button when it asks you if you want to cure it.

• Once the short scan has finished, Click Settings > Change Settings
  
• Under the Scanning tab UNcheck Heuristic analysis and click OK
  
• Back at the main window, select the Complete scan button and then click the Green Arrow Start Scanning button on the right and the scan will start.
  
• Click Yes to all if it asks if you want to cure/move any file(s).
  
• When the scan is done.
• In the Dr.Web CureIt menu on top left, click File and choose Save report list.
  
• Save the DrWeb.csv report to your Desktop.
  
• Exit Dr.Web Cureit.
• Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.

.
* After reboot, Right-click the Dr.Web log on the desktop and choose Open With > Notepad
* Copy and paste that log in the next reply

[godsize71]

this thing is still scanning almost 2 hrs now

[evilfantasy]

Dr Web takes a while but it's very good.

[godsize71]

ZULELOLO.DLL.del;C:\WINDOWS\system32;Probably Trojan.Packed.980;Incurable.Deleted.;
4b740b73.qua\data001;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED\4b740b73.qua;Trojan.Fakealert.11962;;
4b740b73.qua;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED;Container contains infected objects;Moved.;
4b85c3a7.qua\data001;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED\4b85c3a7.qua;BackDoor.Tdss.based.3;;
4b85c3a7.qua;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED;Container contains infected objects;Moved.;
4ba3f7c7.qua\data001;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED\4ba3f7c7.qua;Trojan.Virtumod.5274;;
4ba3f7c7.qua;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED;Container contains infected objects;Moved.;
4ba40a9c.qua\data001;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED\4ba40a9c.qua;Trojan.Fakealert.11962;;
4ba40a9c.qua;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED;Container contains infected objects;Moved.;
4ba620a6.qua\data001;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED\4ba620a6.qua;Trojan.Fakealert.11962;;
4ba620a6.qua;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED;Container contains infected objects;Moved.;
4bc4c3bb.qua\data001;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED\4bc4c3bb.qua;BackDoor.Tdss.based.3;;
4bc4c3bb.qua;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED;Container contains infected objects;Moved.;
3C8476D5.ani;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Exploit.ANIFile;Deleted.;
3C9E46B8.ani;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Exploit.ANIFile;Deleted.;
BSLITEINSTALL.exe\data016;C:\Documents and Settings\Compaq_Owner\Desktop\BSLITEINSTALL.exe;Adware.SearchAid.40;;
BSLITEINSTALL.exe;C:\Documents and Settings\Compaq_Owner\Desktop;Archive contains infected objects;Moved.;
KillWind.exe;C:\hp\bin;Tool.ProcessKill;;
VirtumundoBeGone.exe\___;C:\Program Files\VirtumundoBeGone.exe;Tool.Prockill;;
VirtumundoBeGone.exe;C:\Program Files;Archive contains infected objects;Moved.;
GTDownAO_106.ocx;C:\Program Files\Common Files\AolCoach\en_en;Adware.Gdown;;
SlgClientServicesRedists.exe\1.file;C:\Program Files\HP Games\Cake Mania\SlgClientServicesRedists.exe;Adware.SpywareStorm;;
SlgClientServicesRedists.exe;C:\Program Files\HP Games\Cake Mania;Archive contains infected objects;Moved.;
dtmxukqv\data001;C:\Program Files\IObit\IObit Security 360\Quarantine Zone\dtmxukqv;Trojan.Packed.2936;;
dtmxukqv;C:\Program Files\IObit\IObit Security 360\Quarantine Zone;Container contains infected objects;Moved.;
ffxgunml\data001;C:\Program Files\IObit\IObit Security 360\Quarantine Zone\ffxgunml;Trojan.Packed.2936;;
ffxgunml;C:\Program Files\IObit\IObit Security 360\Quarantine Zone;Container contains infected objects;Moved.;
fjifblha\data001;C:\Program Files\IObit\IObit Security 360\Quarantine Zone\fjifblha;Trojan.Siggen.3283;;
fjifblha;C:\Program Files\IObit\IObit Security 360\Quarantine Zone;Container contains infected objects;Moved.;
gxsnrwpq\data001;C:\Program Files\IObit\IObit Security 360\Quarantine Zone\gxsnrwpq;Trojan.Packed.2936;;
gxsnrwpq;C:\Program Files\IObit\IObit Security 360\Quarantine Zone;Container contains infected objects;Moved.;
imzoqodk\data001;C:\Program Files\IObit\IObit Security 360\Quarantine Zone\imzoqodk;Trojan.Packed.2936;;
imzoqodk;C:\Program Files\IObit\IObit Security 360\Quarantine Zone;Container contains infected objects;Moved.;
iybcerss\data001;C:\Program Files\IObit\IObit Security 360\Quarantine Zone\iybcerss;Trojan.Packed.2936;;
iybcerss;C:\Program Files\IObit\IObit Security 360\Quarantine Zone;Container contains infected objects;Moved.;
jngxsbis\data001;C:\Program Files\IObit\IObit Security 360\Quarantine Zone\jngxsbis;Trojan.Packed.2936;;
jngxsbis;C:\Program Files\IObit\IObit Security 360\Quarantine Zone;Container contains infected objects;Moved.;
jutxnqiy\data001;C:\Program Files\IObit\IObit Security 360\Quarantine Zone\jutxnqiy;Trojan.Virtumod.5274;;
jutxnqiy;C:\Program Files\IObit\IObit Security 360\Quarantine Zone;Container contains infected objects;Moved.;
kuokrcij\data001;C:\Program Files\IObit\IObit Security 360\Quarantine Zone\kuokrcij;Trojan.Packed.2936;;
kuokrcij;C:\Program Files\IObit\IObit Security 360\Quarantine Zone;Container contains infected objects;Moved.;
kyhzlesv\data001;C:\Program Files\IObit\IObit Security 360\Quarantine Zone\kyhzlesv;Trojan.Packed.2936;;
kyhzlesv;C:\Program Files\IObit\IObit Security 360\Quarantine Zone;Container contains infected objects;Moved.;
lfvgzhrx\data001;C:\Program Files\IObit\IObit Security 360\Quarantine Zone\lfvgzhrx;Trojan.Packed.2936;;
lfvgzhrx;C:\Program Files\IObit\IObit Security 360\Quarantine Zone;Container contains infected objects;Moved.;
nanlfuyn\data001;C:\Program Files\IObit\IObit Security 360\Quarantine Zone\nanlfuyn;Trojan.Packed.2936;;
nanlfuyn;C:\Program Files\IObit\IObit Security 360\Quarantine Zone;Container contains infected objects;Moved.;
oddyrowh\data001;C:\Program Files\IObit\IObit Security 360\Quarantine Zone\oddyrowh;Trojan.Packed.2936;;
oddyrowh;C:\Program Files\IObit\IObit Security 360\Quarantine Zone;Container contains infected objects;Moved.;
vjxwmhqp\data001;C:\Program Files\IObit\IObit Security 360\Quarantine Zone\vjxwmhqp;Trojan.Virtumod.5274;;
vjxwmhqp;C:\Program Files\IObit\IObit Security 360\Quarantine Zone;Container contains infected objects;Moved.;
wyijktlz\data001;C:\Program Files\IObit\IObit Security 360\Quarantine Zone\wyijktlz;Trojan.Packed.2936;;
wyijktlz;C:\Program Files\IObit\IObit Security 360\Quarantine Zone;Container contains infected objects;Moved.;
zjbofuih\data001;C:\Program Files\IObit\IObit Security 360\Quarantine Zone\zjbofuih;Trojan.Virtumod.5274;;
zjbofuih;C:\Program Files\IObit\IObit Security 360\Quarantine Zone;Container contains infected objects;Moved.;
inetchk.exe;C:\Program Files\music_now;Trojan.Click.2093;Deleted.;
AOLCINST.EXE\core.cab\GTDOWNAO_106.ocx;C:\Program Files\Online Services\Aol\United States\AOL90\COMPS\COACH\AOLCINST.EXE;Adware.Gdown;;
AOLCINST.EXE;C:\Program Files\Online Services\Aol\United States\AOL90\COMPS\COACH;Archive contains infected objects;Moved.;
A0307193.exe\data016;C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP952\A0307193.exe;Adware.SearchAid.40;;
A0307193.exe;C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP952;Archive contains infected objects;Moved.;
A0307196.exe\___;C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP952\A0307196.exe;Tool.Prockill;;
A0307196.exe;C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP952;Archive contains infected objects;Moved.;
A0307199.exe\1.file;C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP952\A0307199.exe;Adware.SpywareStorm;;
A0307199.exe;C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP952;Archive contains infected objects;Moved.;
A0307202.exe;C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP952;Trojan.Click.2093;Deleted.;
A0307205.EXE\core.cab\GTDOWNAO_106.ocx;C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP952\A0307205.EXE;Adware.Gdown;;
A0307205.EXE;C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP952;Archive contains infected objects;Moved.;
cakemania-setup.exe/SlgClientServicesRedists.exe\1.file;D:\I386\APPS\APP12247\src\install\Worldwide-Compaq\games\cakemania-setup.exe/SlgClientServicesRedists.exe;Adware.SpywareStorm;;
SlgClientServicesRedists.exe;D:\I386\APPS\APP12247\src\install\Worldwide-Compaq\games;Archive contains infected objects;;
cakemania-setup.exe;D:\I386\APPS\APP12247\src\install\Worldwide-Compaq\games;Archive contains infected objects;Moved.;

[evilfantasy]

How is the computer running now?

[godsize71]

runs ok..web pages freezes a lil at times but they have always done that as far as the insufficient system error i wont know til tonite or tomorrow morning can i turn on cd drivesor what ever i turned off

[evilfantasy]

To re-enable your Emulation drivers, double click DeFogger to run the tool.

* The application window will appear.
* Click the Re-enable button to re-enable your CD Emulation drivers.
* Click Yes to continue.
* A 'Finished!' message will appear.
* Click OK
* DeFogger will now ask to reboot the machine, click OK

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

Your Emulation drivers are now re-enabled.

----------

Let's clear out the programs we've been using to clean up your computer, they are not suitable for general malware removal and could cause damage if launched accidentally. These steps will also help secure the work you have done.

* Click START then RUN
* Now type Combofix /Uninstall in the runbox
* Make sure there's a space between Combofix and /Uninstall
* Then hit Enter.

The above procedure will:
* Delete: ComboFix and its associated files and folders.
* Reset the clock settings.
* Hide file extensions, if required.
* Hide System/Hidden files, if required.
* Set a new, clean Restore Point.

----------

Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. 
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.

----------

Use the Secunia Software Inspector to check for out of date software.

* Click Start Now
* Check the box next to Enable thorough system inspection.
* Click Start
* Allow the scan to finish and scroll down to see if any updates are needed.
* Update anything listed.

----------

Go to Microsoft Windows Update and get all critical updates.

----------

If you are using or have installed IE6 you are using an outdated and soon to be unsupported version of Internet Explorer and I strongly suggest you update to the latest version directly from Microsoft Internet Explorer 8: Home page.

----------

I recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no realtime protection so will not interfere with each other. They do not use any significant amount of resources (except a little disk space) until you run a scan.

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy.
* Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.

[godsize71]

my drivers wont work tried defogger and it says unable..i dnloaded it again but didnt work

[evilfantasy]

Uninstall ComboFix and the try again.

[godsize71]

nothing

[evilfantasy]

What is turned off?

[godsize71]

is it becaused i erased the other programs also

[godsize71]

my cd drivers

[evilfantasy]

Your CD drives? They don't work when you put in a disk?

[godsize71]

no...because of defogger right?

[evilfantasy]

Defogger disables virtual drives, not your disk drive.

Go to Start > Run then type devicemgmt.msc and press Enter.

Are there any question marks next to anything?

[godsize71]

says it cant find it

[evilfantasy]

Try this.

Click Start, click Control Panel, click Performance and Maintenance, and then click System.

On the Hardware tab, click Device Manager.

[godsize71]

ok..now what there is dvd/cd rom drives

[evilfantasy]

Is there an question mark next to anything?

[godsize71]

nada...i open up wmp and it shows nothing in drive

[evilfantasy]

Was this happening before the malware?

Can you get the CD to play by choosing it in WMP?

[godsize71]

never had problem

[evilfantasy]

Go back into Device Manager and right click the drive and choose to Update it. See if that fixes it. If not try rolling it back.

[godsize71]

already did that..nothing..whats rollback

[evilfantasy]

How To Use the Roll Back Driver Feature in Windows XP http://support.microsoft.com/kb/283657

[godsize71]

nothing..this blows really bad

[evilfantasy]

Try posting in the Windows forum. You will get more answers there. I'm not sure what to think.

[godsize71]

thx for your help bro...had to delete spybot it was freezing my computer like crazy...but do appreciate ur help