Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

Author Topic: Can someone help me please!!  (Read 12698 times)

0 Members and 1 Guest are viewing this topic.

007will

    Topic Starter


    Beginner

    Can someone help me please!!
    « on: May 05, 2011, 02:25:19 PM »
    My computer suddenly had a box popup from MS Removal Tool stating I have loads of infections/Malware so the messages say. It tells me everything I try is "infected". I tried to open the programs you advise but these do not work! I tried re-booting in safe mode and using system restore but this wouldn't work either! can you help me??

    Thank you!

    Allan

    • Moderator

    • Mastermind
    • Thanked: 1205
    • Experience: Guru
    • OS: Windows 10
    Re: Can someone help me please!!
    « Reply #1 on: May 05, 2011, 02:32:07 PM »
    Please follow the instructions in the following link and post your logs:
    http://www.computerhope.com/forum/index.php/topic,46313.0.html

    007will

      Topic Starter


      Beginner

      Re: Can someone help me please!!
      « Reply #2 on: May 05, 2011, 03:25:26 PM »
      okay i have managed to do the logs...

      007will

        Topic Starter


        Beginner

        Re: Can someone help me please!!
        « Reply #3 on: May 05, 2011, 03:25:48 PM »
        Malwarebytes' Anti-Malware 1.50.1.1100
        www.malwarebytes.org

        Database version: 6515

        Windows 5.1.2600 Service Pack 3 (Safe Mode)
        Internet Explorer 8.0.6001.18702

        05/05/2011 21:47:39
        mbam-log-2011-05-05 (21-47-39).txt

        Scan type: Quick scan
        Objects scanned: 182755
        Time elapsed: 8 minute(s), 12 second(s)

        Memory Processes Infected: 0
        Memory Modules Infected: 0
        Registry Keys Infected: 4
        Registry Values Infected: 3
        Registry Data Items Infected: 0
        Folders Infected: 0
        Files Infected: 23

        Memory Processes Infected:
        (No malicious items detected)

        Memory Modules Infected:
        (No malicious items detected)

        Registry Keys Infected:
        HKEY_CURRENT_USER\SOFTWARE\ICS5R7Y0OS (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.
        HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully.
        HKEY_CURRENT_USER\Software\R8388QA8U8 (Malware.Trace) -> Quarantined and deleted successfully.
        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.

        Registry Values Infected:
        HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\R8388QA8U8 (Trojan.Downloader) -> Value: R8388QA8U8 -> Quarantined and deleted successfully.
        HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\bL28601CaIgA28601 (Trojan.FakeAlert.Gen) -> Value: bL28601CaIgA28601 -> Quarantined and deleted successfully.
        HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mssend (Trojan.Agent) -> Value: mssend -> Quarantined and deleted successfully.

        Registry Data Items Infected:
        (No malicious items detected)

        Folders Infected:
        (No malicious items detected)

        Files Infected:
        c:\documents and settings\Owner\local settings\Temp\Mnp.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
        c:\documents and settings\all users\application data\bl28601caiga28601\bl28601caiga28601.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
        c:\documents and settings\Owner\local settings\Temp\m.28b.tmp.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
        c:\documents and settings\Owner\local settings\Temp\Mnj.exe (Trojan.Agent) -> Quarantined and deleted successfully.
        c:\documents and settings\Owner\local settings\Temp\Mnm.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
        c:\documents and settings\Owner\local settings\Temp\Mnn.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
        c:\documents and settings\Owner\local settings\Temp\Mno.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
        c:\documents and settings\Owner\local settings\Temp\Mnq.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
        c:\documents and settings\Owner\local settings\Temp\Mnr.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
        c:\documents and settings\Owner\local settings\Temp\Mns.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
        c:\documents and settings\Owner\local settings\Temp\Mnt.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
        c:\documents and settings\Owner\local settings\Temp\Mnu.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
        c:\WINDOWS\Temp\Mnk.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
        c:\WINDOWS\Temp\Mnl.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
        c:\WINDOWS\Temp\Mnm.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
        c:\WINDOWS\Mpogoa.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
        c:\documents and settings\Owner\local settings\Temp\ppddfcfux.exxe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
        c:\documents and settings\Owner\local settings\Temp\w32rim_mem.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
        c:\documents and settings\Owner\local settings\Temp\wrfwe_di.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
        c:\WINDOWS\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
        c:\WINDOWS\Tasks\{bbaeaeaf-1275-40e2-bd6c-bc8f88bd114a}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
        c:\WINDOWS\Tasks\{810401e2-dde0-454e-b0e2-aa89c9e5967c}.job (Trojan.FraudPack) -> Quarantined and deleted successfully.
        c:\documents and settings\Owner\application data\xfgkxer1hbbxwfxokvojijtyebjdow3k2\svcnost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

        007will

          Topic Starter


          Beginner

          Re: Can someone help me please!!
          « Reply #4 on: May 05, 2011, 03:26:06 PM »
          SUPERAntiSpyware Scan Log
          http://www.superantispyware.com

          Generated 05/05/2011 at 10:03 PM

          Application Version : 4.51.1000

          Core Rules Database Version : 6950
          Trace Rules Database Version: 4762

          Scan type       : Quick Scan
          Total Scan Time : 00:07:16

          Memory items scanned      : 548
          Memory threats detected   : 0
          Registry items scanned    : 1506
          Registry threats detected : 2
          File items scanned        : 5024
          File threats detected     : 84

          Adware.Tracking Cookie
             C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
             C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
             C:\Documents and Settings\Owner\Cookies\[email protected][3].txt
             C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
             C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
             C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
             C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
             C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
             C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
             C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
             C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
             C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
             C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
             C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
             C:\Documents and Settings\Owner\Cookies\[email protected][3].txt
             C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
             C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
             C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
             C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
             C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
             C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
             C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
             C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
             C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
             C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
             C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
             C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
             C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
             C:\Documents and Settings\Owner\Cookies\[email protected][3].txt
             C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
             C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
             C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
             C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
             C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
             C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
             C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
             C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
             C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
             C:\Documents and Settings\Owner\Cookies\[email protected][3].txt
             C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
             C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
             C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
             C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
             secure-it.imrworldwide.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\4PEFYC9S ]
             C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
             C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
             C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
             C:\Documents and Settings\NetworkService\Cookies\[email protected][4].txt
             C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
             C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
             C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
             C:\Documents and Settings\NetworkService\Cookies\[email protected][3].txt
             C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
             C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
             C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
             C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
             C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
             C:\Documents and Settings\NetworkService\Cookies\[email protected][3].txt
             C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
             C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
             C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
             C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
             C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
             C:\Documents and Settings\NetworkService\Cookies\[email protected][3].txt
             C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
             C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
             C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
             C:\Documents and Settings\NetworkService\Cookies\[email protected][3].txt
             C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
             C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
             C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
             C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
             C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
             C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
             C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
             C:\Documents and Settings\NetworkService\Cookies\[email protected][3].txt
             C:\Documents and Settings\NetworkService\Cookies\[email protected][4].txt
             C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
             C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
             C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
             macromedia.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\DJ8G5CAP ]
             media.mtvnservices.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\DJ8G5CAP ]
             secure-it.imrworldwide.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\DJ8G5CAP ]
             www.adserverplatform.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\DJ8G5CAP ]

          Malware.Trace
             HKU\.DEFAULT\Software\NtWqIVLZEWZU

          SuperDave

          • Malware Removal Specialist
          • Moderator


          • Genius
          • Thanked: 988
          • Certifications: List
          • Experience: Expert
          • OS: Windows 8
          Re: Can someone help me please!!
          « Reply #5 on: May 05, 2011, 05:04:17 PM »
          Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

          1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
          2. The fixes are specific to your problem and should only be used for this issue on this machine.
          3. If you don't know or understand something, please don't hesitate to ask.
          4. Please DO NOT run any other tools or scans while I am helping you.
          5. It is important that you reply to this thread. Do not start a new topic.
          6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
          7. Absence of symptoms does not mean that everything is clear.

          If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
          ****************************************************
          Download DDS from HERE or HERE and save it to your desktop.

          Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

          * XP users Double click on dds to run it.
          * If your antivirus or firewall try to block DDS then please allow it to run.
          * When finished DDS will open two (2) logs.

          1) DDS.txt
          2) Attach.txt

          * Save both logs to your desktop.
          * Please copy and paste the entire contents of both logs in your next reply.

          Note: DDS will instruct you to post the Attach.txt log as an attachment.
          Please just post it as you would any other log by copying and pasting it into the reply.
          **************************************************
          Download Security Check by screen317 from one of the following links and save it to your desktop.

          Link 1
          Link 2

          * Unzip SecurityCheck.zip and a folder named Security Check should appear.
          * Open the Security Check folder and double-click Security Check.bat
          * Follow the on-screen instructions inside of the black box.
          * A Notepad document should open automatically called checkup.txt
          * Post the contents of that document in your next reply.

          Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
          Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender

          007will

            Topic Starter


            Beginner

            Re: Can someone help me please!!
            « Reply #6 on: May 08, 2011, 07:08:49 AM »
            DDS (Ver_11-03-05.01) - NTFSx86 
            Run by Owner at 13:40:12.31 on 08/05/2011
            Internet Explorer: 8.0.6001.18702
            Microsoft Windows XP Home Edition  5.1.2600.3.1252.44.1033.18.1014.242 [GMT 1:00]
            .
            AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
            .
            ============== Running Processes ===============
            .
            C:\WINDOWS\system32\svchost -k DcomLaunch
            svchost.exe
            C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
            svchost.exe
            svchost.exe
            C:\WINDOWS\system32\spoolsv.exe
            C:\WINDOWS\system32\rundll32.exe
            svchost.exe
            C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
            C:\Program Files\Bonjour\mDNSResponder.exe
            C:\Program Files\Java\jre6\bin\jqs.exe
            C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
            C:\WINDOWS\system32\svchost.exe -k imgsvc
            C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
            C:\WINDOWS\system32\SearchIndexer.exe
            C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
            C:\WINDOWS\Explorer.EXE
            C:\WINDOWS\system32\igfxpers.exe
            C:\WINDOWS\stsystra.exe
            C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
            C:\Program Files\iTunes\iTunesHelper.exe
            C:\Program Files\Common Files\Java\Java Update\jusched.exe
            C:\WINDOWS\system32\ctfmon.exe
            C:\Program Files\Windows Live\Messenger\msnmsgr.exe
            C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
            C:\Program Files\Windows Desktop Search\WindowsSearch.exe
            C:\Program Files\OpenOffice.org 3\program\soffice.exe
            C:\Program Files\OpenOffice.org 3\program\soffice.bin
            C:\Program Files\iPod\bin\iPodService.exe
            C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
            C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
            C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE
            C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
            C:\WINDOWS\System32\svchost.exe -k netsvcs
            C:\Program Files\Internet Explorer\iexplore.exe
            C:\Program Files\Internet Explorer\iexplore.exe
            C:\WINDOWS\TEMP\kixd\setup.exe
            C:\Documents and Settings\Owner\Desktop\dds.scr
            .
            ============== Pseudo HJT Report ===============
            .
            uInternet Settings,ProxyOverride = *.local
            BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
            BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
            BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
            BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
            uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
            uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
            uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
            uRun: [{4A29A5C9-E3D8-408B-4DBE-54A2258FA697}] "c:\documents and settings\owner\application data\awraoh\adcu.exe"
            mRun: [igfxtray] c:\windows\system32\igfxtray.exe
            mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
            mRun: [igfxpers] c:\windows\system32\igfxpers.exe
            mRun: [SigmatelSysTrayApp] stsystra.exe
            mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
            mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
            mRun: [Zune Launcher] "f:\zune\ZuneLauncher.exe"
            mRun: [<NO NAME>]
            mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
            mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
            mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
            dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
            dRun: [AMService] c:\windows\temp\kixd\setup.exe
            StartupFolder: c:\docume~1\owner\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
            StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
            StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
            IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
            IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
            DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1295466996328
            DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
            DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
            DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
            Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
            Notify: igfxcui - igfxdev.dll
            SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
            SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
            .
            ============= SERVICES / DRIVERS ===============
            .
            R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
            R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
            R2 ASTRA32;ASTRA32 Kernel Driver 5.2.1.0;c:\program files\astra32\astra32.sys [2007-2-22 30864]
            R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2010-2-28 821664]
            R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2010-4-24 483688]
            R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfsxp.sys [2009-12-2 554344]
            R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplayxp.sys [2009-12-2 211432]
            R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirxp.sys [2009-12-2 20584]
            R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvolxp.sys [2009-12-2 18280]
            R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2010-4-24 209768]
            S0 nwba;nwba;c:\windows\system32\drivers\fxufjr.sys --> c:\windows\system32\drivers\fxufjr.sys [?]
            S1 ethxylvf;ethxylvf;c:\windows\system32\drivers\ethxylvf.sys [2011-5-5 135680]
            S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
            S2 AMService;AMService;c:\windows\temp\kixd\setup.exe run --> c:\windows\temp\kixd\setup.exe run [?]
            S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
            S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
            S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]
            S3 WMZuneComm;Zune Windows Mobile Connectivity Service;f:\zune\wmzunecomm.exe --> f:\zune\WMZuneComm.exe [?]
            S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
            .
            =============== Created Last 30 ================
            .
            2011-05-08 11:48:43   --------   d-----w-   c:\docume~1\owner\applic~1\Ulirmo
            2011-05-08 11:48:43   --------   d-----w-   c:\docume~1\owner\applic~1\Awraoh
            2011-05-05 21:25:13   135680   ----a-w-   c:\windows\system32\drivers\ethxylvf.sys
            2011-05-05 21:22:13   388096   ----a-r-   c:\docume~1\owner\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
            2011-05-05 21:22:13   --------   d-----w-   c:\program files\Trend Micro
            2011-05-05 20:44:55   --------   d-----w-   c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
            2011-05-05 20:35:13   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
            2011-05-05 20:35:09   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
            2011-05-05 20:32:34   --------   d-----w-   c:\program files\CCleaner
            2011-05-05 19:19:48   --------   d-----w-   c:\docume~1\alluse~1\applic~1\bL28601CaIgA28601
            2011-05-05 18:49:54   55808   ---h--w-   c:\docume~1\owner\applic~1\ntuser.dat
            2011-05-05 18:49:46   --------   d-----w-   c:\docume~1\owner\applic~1\xfgkxer1hbbxwfxokvojijtyebjdow3k2
            2011-05-05 18:46:28   114176   --sha-r-   c:\windows\system32\rpcns4H.dll
            2011-05-05 18:46:28   114176   --sha-r-   c:\windows\system32\logonuiv.dll
            2011-05-05 18:46:28   114176   --sha-r-   c:\windows\system32\ialmuTHAU.dll
            2011-05-05 18:41:00   7071056   ----a-w-   c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{7c8c2a59-ac6b-4305-bf8f-aa42a1fbbbc0}\mpengine.dll
            2011-04-29 12:34:08   --------   d-----w-   c:\windows\system32\wbem\repository\FS
            2011-04-29 12:34:08   --------   d-----w-   c:\windows\system32\wbem\Repository
            2011-04-29 06:43:54   --------   d-----w-   c:\docume~1\owner\applic~1\Sibelius Software
            2011-04-28 23:18:51   --------   d-----w-   c:\docume~1\owner\applic~1\Malwarebytes
            2011-04-28 23:18:45   --------   d-----w-   c:\docume~1\alluse~1\applic~1\Malwarebytes
            2011-04-28 23:18:41   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
            2011-04-28 22:38:23   --------   d-----w-   c:\docume~1\owner\applic~1\SUPERAntiSpyware.com
            2011-04-28 22:38:13   --------   d-----w-   c:\program files\SUPERAntiSpyware
            2011-04-25 15:51:51   --------   d-----w-   c:\program files\iPod
            2011-04-25 15:51:45   --------   d-----w-   c:\program files\iTunes
            2011-04-25 15:46:52   --------   d-----w-   c:\program files\Bonjour
            2011-04-25 13:59:55   --------   d-----w-   c:\docume~1\owner\locals~1\applic~1\SoftGrid Client
            2011-04-25 13:59:51   --------   d-----w-   c:\docume~1\owner\applic~1\SoftGrid Client
            2011-04-25 13:57:35   --------   d-----w-   c:\documents and settings\all users\Microsoft
            2011-04-25 13:57:34   --------   d-----w-   c:\program files\Microsoft Application Virtualization Client
            2011-04-25 13:56:28   --------   d-----w-   c:\docume~1\owner\applic~1\TP
            2011-04-18 21:12:27   --------   d-----w-   c:\program files\Amazon
            2011-04-16 14:29:38   --------   d-----w-   c:\docume~1\owner\applic~1\OpenOffice.org
            2011-04-16 14:26:19   --------   d-----w-   c:\program files\OpenOffice.org 3
            2011-04-16 14:25:55   73728   ----a-w-   c:\windows\system32\javacpl.cpl
            2011-04-16 14:25:55   472808   ----a-w-   c:\windows\system32\deployJava1.dll
            .
            ==================== Find3M  ====================
            .
            2011-05-05 20:14:56   9728   ---h--w-   c:\docume~1\owner\applic~1\desktop.ini
            2011-04-06 15:20:16   91424   ----a-w-   c:\windows\system32\dnssd.dll
            2011-04-06 15:20:16   75040   ----a-w-   c:\windows\system32\jdns_sd.dll
            2011-04-06 15:20:16   197920   ----a-w-   c:\windows\system32\dnssdX.dll
            2011-04-06 15:20:16   107808   ----a-w-   c:\windows\system32\dns-sd.exe
            2011-03-07 05:33:50   692736   ----a-w-   c:\windows\system32\inetcomm.dll
            2011-03-04 06:37:06   420864   ----a-w-   c:\windows\system32\vbscript.dll
            2011-03-03 13:21:11   1857920   ----a-w-   c:\windows\system32\win32k.sys
            2011-02-22 23:06:29   916480   ----a-w-   c:\windows\system32\wininet.dll
            2011-02-22 23:06:29   43520   ------w-   c:\windows\system32\licmgr10.dll
            2011-02-22 23:06:29   1469440   ------w-   c:\windows\system32\inetcpl.cpl
            2011-02-22 11:41:59   385024   ------w-   c:\windows\system32\html.iec
            2011-02-17 12:32:12   5120   ----a-w-   c:\windows\system32\xpsp4res.dll
            2011-02-15 12:56:39   290432   ----a-w-   c:\windows\system32\atmfd.dll
            2011-02-09 13:53:52   270848   ----a-w-   c:\windows\system32\sbe.dll
            2011-02-09 13:53:52   186880   ----a-w-   c:\windows\system32\encdec.dll
            2011-02-08 13:33:55   978944   ----a-w-   c:\windows\system32\mfc42.dll
            2011-02-08 13:33:55   974848   ----a-w-   c:\windows\system32\mfc42u.dll
            .
            =================== ROOTKIT  ====================
            .
            Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
            Windows 5.1.2600 Disk: WDC_WD5000AADS-00S9B0 rev.01.00A01 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
            .
            device: opened successfully
            user: MBR read successfully
            .
            Disk trace:
            called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8652D6F0]<<
            _asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x86533a10]; MOV EAX, [0x86533a8c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX;  }
            1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x865CEAB8]
            3 CLASSPNP[0xF75FEFD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x86578D58]
            \Driver\atapi[0x865D4A08] -> IRP_MJ_CREATE -> 0x8652D6F0
            error: Read  A device attached to the system is not functioning.
            kernel: MBR read successfully
            _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a;  }
            detected disk devices:
            detected hooks:
            \Driver\atapi DriverStartIo -> 0x8652D53B
            user & kernel MBR OK
            Warning: possible TDL3 rootkit infection !
            .
            ============= FINISH: 13:41:23.85 ===============

            007will

              Topic Starter


              Beginner

              Re: Can someone help me please!!
              « Reply #7 on: May 08, 2011, 07:09:59 AM »
              .
              UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
              IF REQUESTED, ZIP IT UP & ATTACH IT
              .
              DDS (Ver_11-03-05.01)
              .
              Microsoft Windows XP Home Edition
              Boot Device: \Device\HarddiskVolume1
              Install Date: 11/01/2011 19:29:56
              System Uptime: 08/05/2011 12:44:45 (1 hours ago)
              .
              Motherboard: Dell Inc.           |  | 0HJ054
              Processor:              Intel(R) Pentium(R) D  CPU 2.66GHz | Microprocessor | 2660/533mhz
              .
              ==== Disk Partitions =========================
              .
              C: is FIXED (NTFS) - 466 GiB total, 453.216 GiB free.
              D: is CDROM (CDFS)
              .
              ==== Disabled Device Manager Items =============
              .
              ==== System Restore Points ===================
              .
              RP1: 05/05/2011 20:51:22 - System Checkpoint
              RP2: 05/05/2011 22:19:45 - Installed Java(TM) 6 Update 25
              RP3: 05/05/2011 22:22:11 - Installed HiJackThis
              .
              ==== Installed Programs ======================
              .
              Adobe Flash Player 10 ActiveX
              AiO_Scan_CDA
              AiOSoftwareNPI
              Amazon MP3 Downloader 1.0.9
              Apple Application Support
              Apple Mobile Device Support
              Apple Software Update
              ASTRA32 - Advanced System Information Tool 2.06
              Bonjour
              BufferChm
              C3100
              c3100_Help
              CCleaner
              CustomerResearchQFolder
              Destinations
              DeviceManagementQFolder
              DocProc
              DocProcQFolder
              eSupportQFolder
              Fax_CDA
              High Definition Audio Driver Package - KB835221
              HiJackThis
              Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
              Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
              Hotfix for Windows Media Format 11 SDK (KB929399)
              Hotfix for Windows Media Format 11 SDK (KB973442)
              Hotfix for Windows Media Player 11 (KB939683)
              Hotfix for Windows XP (KB2443685)
              Hotfix for Windows XP (KB915800-v4)
              Hotfix for Windows XP (KB932716-v2)
              Hotfix for Windows XP (KB952287)
              Hotfix for Windows XP (KB954550-v5)
              Hotfix for Windows XP (KB961118)
              Hotfix for Windows XP (KB976002-v5)
              Hotfix for Windows XP (KB981793)
              HP Customer Participation Program 7.0
              HP Imaging Device Functions 7.0
              HP Photosmart Essential
              HP Photosmart, Officejet and Deskjet 7.0.A
              HP Product Assistant
              HP Solution Center 7.0
              HP Update
              HPPhotoSmartExpress
              HPProductAssistant
              InstantShareDevicesMFC
              Intel(R) Graphics Media Accelerator Driver
              Intel(R) PRO Network Connections Drivers
              iTunes
              Java Auto Updater
              Java(TM) 6 Update 25
              Malwarebytes' Anti-Malware
              MarketResearch
              Microsoft .NET Framework 1.1
              Microsoft .NET Framework 1.1 Security Update (KB2416447)
              Microsoft .NET Framework 2.0 Service Pack 2
              Microsoft .NET Framework 3.0 Service Pack 2
              Microsoft .NET Framework 3.5 SP1
              Microsoft .NET Framework 4 Client Profile
              Microsoft Antimalware
              Microsoft Application Error Reporting
              Microsoft Base Smart Card Cryptographic Service Provider Package
              Microsoft Choice Guard
              Microsoft Compression Client Pack 1.0 for Windows XP
              Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
              Microsoft Office Click-to-Run 2010
              Microsoft Office Home and Business 2010 - English
              Microsoft Security Client
              Microsoft Security Essentials
              Microsoft Silverlight
              Microsoft User-Mode Driver Framework Feature Pack 1.9
              Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
              Microsoft WinUsb 1.0
              MSVCRT
              MSXML 4.0 SP2 (KB954430)
              MSXML 4.0 SP2 (KB973688)
              NewCopy_CDA
              OCR Software by I.R.I.S 7.0
              OpenOffice.org 3.3
              PanoStandAlone
              ProductContextNPI
              QuickTime
              Readme
              Scan
              ScannerCopy
              Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
              Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
              Security Update for Windows Internet Explorer 8 (KB2360131)
              Security Update for Windows Internet Explorer 8 (KB2416400)
              Security Update for Windows Internet Explorer 8 (KB2482017)
              Security Update for Windows Internet Explorer 8 (KB2497640)
              Security Update for Windows Internet Explorer 8 (KB2510531)
              Security Update for Windows Internet Explorer 8 (KB971961)
              Security Update for Windows Internet Explorer 8 (KB981332)
              Security Update for Windows Internet Explorer 8 (KB982381)
              Security Update for Windows Media Player (KB2378111)
              Security Update for Windows Media Player (KB952069)
              Security Update for Windows Media Player (KB954155)
              Security Update for Windows Media Player (KB973540)
              Security Update for Windows Media Player (KB975558)
              Security Update for Windows Media Player (KB978695)
              Security Update for Windows Media Player (KB979402)
              Security Update for Windows Media Player 11 (KB954154)
              Security Update for Windows Search 4 - KB963093
              Security Update for Windows XP (KB2079403)
              Security Update for Windows XP (KB2115168)
              Security Update for Windows XP (KB2121546)
              Security Update for Windows XP (KB2229593)
              Security Update for Windows XP (KB2259922)
              Security Update for Windows XP (KB2286198)
              Security Update for Windows XP (KB2296011)
              Security Update for Windows XP (KB2296199)
              Security Update for Windows XP (KB2347290)
              Security Update for Windows XP (KB2360937)
              Security Update for Windows XP (KB2387149)
              Security Update for Windows XP (KB2393802)
              Security Update for Windows XP (KB2412687)
              Security Update for Windows XP (KB2416400)
              Security Update for Windows XP (KB2419632)
              Security Update for Windows XP (KB2423089)
              Security Update for Windows XP (KB2436673)
              Security Update for Windows XP (KB2440591)
              Security Update for Windows XP (KB2443105)
              Security Update for Windows XP (KB2476687)
              Security Update for Windows XP (KB2478960)
              Security Update for Windows XP (KB2478971)
              Security Update for Windows XP (KB2479628)
              Security Update for Windows XP (KB2479943)
              Security Update for Windows XP (KB2481109)
              Security Update for Windows XP (KB2483185)
              Security Update for Windows XP (KB2485376)
              Security Update for Windows XP (KB2485663)
              Security Update for Windows XP (KB2503658)
              Security Update for Windows XP (KB2506212)
              Security Update for Windows XP (KB2506223)
              Security Update for Windows XP (KB2507618)
              Security Update for Windows XP (KB2508272)
              Security Update for Windows XP (KB2508429)
              Security Update for Windows XP (KB2509553)
              Security Update for Windows XP (KB2511455)
              Security Update for Windows XP (KB2524375)
              Security Update for Windows XP (KB923561)
              Security Update for Windows XP (KB923789)
              Security Update for Windows XP (KB941569)
              Security Update for Windows XP (KB946648)
              Security Update for Windows XP (KB950762)
              Security Update for Windows XP (KB950974)
              Security Update for Windows XP (KB951376-v2)
              Security Update for Windows XP (KB951748)
              Security Update for Windows XP (KB952004)
              Security Update for Windows XP (KB952954)
              Security Update for Windows XP (KB955069)
              Security Update for Windows XP (KB956572)
              Security Update for Windows XP (KB956744)
              Security Update for Windows XP (KB956802)
              Security Update for Windows XP (KB956803)
              Security Update for Windows XP (KB956844)
              Security Update for Windows XP (KB958644)
              Security Update for Windows XP (KB958869)
              Security Update for Windows XP (KB959426)
              Security Update for Windows XP (KB960225)
              Security Update for Windows XP (KB960803)
              Security Update for Windows XP (KB960859)
              Security Update for Windows XP (KB961501)
              Security Update for Windows XP (KB969059)
              Security Update for Windows XP (KB970238)
              Security Update for Windows XP (KB970430)
              Security Update for Windows XP (KB971468)
              Security Update for Windows XP (KB971657)
              Security Update for Windows XP (KB971961)
              Security Update for Windows XP (KB972270)
              Security Update for Windows XP (KB973507)
              Security Update for Windows XP (KB973869)
              Security Update for Windows XP (KB973904)
              Security Update for Windows XP (KB974112)
              Security Update for Windows XP (KB974318)
              Security Update for Windows XP (KB974392)
              Security Update for Windows XP (KB974571)
              Security Update for Windows XP (KB975025)
              Security Update for Windows XP (KB975467)
              Security Update for Windows XP (KB975560)
              Security Update for Windows XP (KB975561)
              Security Update for Windows XP (KB975562)
              Security Update for Windows XP (KB975713)
              Security Update for Windows XP (KB977816)
              Security Update for Windows XP (KB977914)
              Security Update for Windows XP (KB978037)
              Security Update for Windows XP (KB978338)
              Security Update for Windows XP (KB978542)
              Security Update for Windows XP (KB978601)
              Security Update for Windows XP (KB978706)
              Security Update for Windows XP (KB979309)
              Security Update for Windows XP (KB979482)
              Security Update for Windows XP (KB979559)
              Security Update for Windows XP (KB979683)
              Security Update for Windows XP (KB979687)
              Security Update for Windows XP (KB980195)
              Security Update for Windows XP (KB980218)
              Security Update for Windows XP (KB980232)
              Security Update for Windows XP (KB980436)
              Security Update for Windows XP (KB981322)
              Security Update for Windows XP (KB981349)
              Security Update for Windows XP (KB981852)
              Security Update for Windows XP (KB981997)
              Security Update for Windows XP (KB982132)
              Security Update for Windows XP (KB982214)
              Security Update for Windows XP (KB982381)
              Security Update for Windows XP (KB982665)
              Segoe UI
              SigmaTel Audio
              SolutionCenter
              Status
              SUPERAntiSpyware
              Toolbox
              TrayApp
              Unload
              Update for Microsoft Windows (KB971513)
              Update for Windows Internet Explorer 8 (KB2447568)
              Update for Windows Internet Explorer 8 (KB976662)
              Update for Windows XP (KB2141007)
              Update for Windows XP (KB2345886)
              Update for Windows XP (KB2467659)
              Update for Windows XP (KB951978)
              Update for Windows XP (KB955759)
              Update for Windows XP (KB961503)
              Update for Windows XP (KB967715)
              Update for Windows XP (KB968389)
              Update for Windows XP (KB971029)
              Update for Windows XP (KB971737)
              Update for Windows XP (KB973687)
              Update for Windows XP (KB973815)
              WebFldrs XP
              WebReg
              Windows Genuine Advantage Validation Tool (KB892130)
              Windows Internet Explorer 8
              Windows Live Call
              Windows Live Communications Platform
              Windows Live Essentials
              Windows Live Messenger
              Windows Live Sign-in Assistant
              Windows Live Upload Tool
              Windows Management Framework Core
              Windows Media Format 11 runtime
              Windows Media Player 11
              Windows Mobile Device Updater Component
              Windows Search 4.0
              Windows XP Service Pack 3
              Zune
              Zune Language Pack (DEU)
              Zune Language Pack (ESP)
              Zune Language Pack (FRA)
              Zune Language Pack (ITA)
              Zune Language Pack (NLD)
              Zune Language Pack (PTB)
              Zune Language Pack (PTG)
              .
              ==== Event Viewer Messages From Past Week ========
              .
              08/05/2011 13:01:36, error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error:  An instance of the service is already running.
              08/05/2011 12:51:03, error: Service Control Manager [7000]  - The SASDIFSV service failed to start due to the following error:  Cannot create a file when that file already exists.
              08/05/2011 12:48:41, error: Service Control Manager [7009]  - Timeout (30000 milliseconds) waiting for the Pml Driver HPZ12 service to connect.
              08/05/2011 12:48:41, error: Service Control Manager [7000]  - The Pml Driver HPZ12 service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
              08/05/2011 12:46:45, error: Service Control Manager [7009]  - Timeout (30000 milliseconds) waiting for the AMService service to connect.
              08/05/2011 12:46:45, error: Service Control Manager [7000]  - The Zune Bus Enumerator service failed to start due to the following error:  The system cannot find the path specified.
              .
              ==== End Of File ===========================

              007will

                Topic Starter


                Beginner

                Re: Can someone help me please!!
                « Reply #8 on: May 08, 2011, 07:10:38 AM »
                 Results of screen317's Security Check version 0.99.10 
                 Windows XP Service Pack 3 
                 Internet Explorer 8 
                ``````````````````````````````
                Antivirus/Firewall Check:

                 Windows Security Center service is not running! This report may not be accurate!
                 Microsoft Security Essentials   
                ```````````````````````````````
                Anti-malware/Other Utilities Check:

                 Malwarebytes' Anti-Malware   
                 CCleaner     
                 Java(TM) 6 Update 25 
                 Out of date Java installed!
                 Adobe Flash Player   
                ````````````````````````````````
                Process Check: 
                objlist.exe by Laurent

                ``````````End of Log````````````

                SuperDave

                • Malware Removal Specialist
                • Moderator


                • Genius
                • Thanked: 988
                • Certifications: List
                • Experience: Expert
                • OS: Windows 8
                Re: Can someone help me please!!
                « Reply #9 on: May 08, 2011, 01:17:16 PM »
                You have one of the latest infection going around. Please try this and don't be surprised if it will not run completely. Please let me know and I will give you further instructions.

                • Download TDSSKiller and save it to your Desktop.
                • Extract its contents to your desktop.
                • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
                • If an infected file is detected, the default action will be Cure, click on Continue.
                • If a suspicious file is detected, the default action will be Skip, click on Continue.
                • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
                • Click the Report button and copy/paste the contents of it into your next reply
                Note:It will also create a log in the C:\ directory..
                Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender

                007will

                  Topic Starter


                  Beginner

                  Re: Can someone help me please!!
                  « Reply #10 on: May 08, 2011, 03:30:47 PM »
                  2011/05/08 22:29:44.0281 3664   Mode: Manual;
                  2011/05/08 22:29:44.0281 3664   ================================================================================
                  2011/05/08 22:29:44.0906 3664   ACPI            (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
                  2011/05/08 22:29:44.0937 3664   ACPIEC          (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
                  2011/05/08 22:29:44.0984 3664   aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
                  2011/05/08 22:29:45.0031 3664   AFD             (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
                  2011/05/08 22:29:45.0281 3664   ASTRA32         (5fc1fed39ed5d3f71c7d2fc16a49e2a2) C:\Program Files\ASTRA32\ASTRA32.sys
                  2011/05/08 22:29:45.0328 3664   AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
                  2011/05/08 22:29:45.0328 3664   atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
                  2011/05/08 22:29:45.0375 3664   Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
                  2011/05/08 22:29:45.0421 3664   audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
                  2011/05/08 22:29:45.0468 3664   Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
                  2011/05/08 22:29:45.0546 3664   cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
                  2011/05/08 22:29:45.0625 3664   Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
                  2011/05/08 22:29:45.0625 3664   Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
                  2011/05/08 22:29:45.0687 3664   Cdrom           (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
                  2011/05/08 22:29:45.0718 3664   cercsr6         (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
                  2011/05/08 22:29:45.0843 3664   Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
                  2011/05/08 22:29:45.0906 3664   dmboot          (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
                  2011/05/08 22:29:45.0953 3664   dmio            (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
                  2011/05/08 22:29:45.0984 3664   dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
                  2011/05/08 22:29:46.0015 3664   DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
                  2011/05/08 22:29:46.0078 3664   drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
                  2011/05/08 22:29:46.0125 3664   E100B           (d57a8fc800b501ac05b10d00f66d127a) C:\WINDOWS\system32\DRIVERS\e100b325.sys
                  2011/05/08 22:29:46.0187 3664   ethxylvf        (134bf92d51d07e59113dd98721879f8b) C:\WINDOWS\system32\drivers\ethxylvf.sys
                  2011/05/08 22:29:46.0218 3664   Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
                  2011/05/08 22:29:46.0281 3664   Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
                  2011/05/08 22:29:46.0296 3664   Fips            (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
                  2011/05/08 22:29:46.0312 3664   Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
                  2011/05/08 22:29:46.0359 3664   FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
                  2011/05/08 22:29:46.0406 3664   Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
                  2011/05/08 22:29:46.0421 3664   Ftdisk          (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
                  2011/05/08 22:29:46.0500 3664   GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
                  2011/05/08 22:29:46.0531 3664   Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
                  2011/05/08 22:29:46.0578 3664   HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
                  2011/05/08 22:29:46.0593 3664   hidusb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
                  2011/05/08 22:29:46.0687 3664   HPZid412        (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
                  2011/05/08 22:29:46.0718 3664   HPZipr12        (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
                  2011/05/08 22:29:46.0765 3664   HPZius12        (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
                  2011/05/08 22:29:46.0828 3664   HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
                  2011/05/08 22:29:46.0875 3664   i8042prt        (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
                  2011/05/08 22:29:46.0968 3664   ialm            (0f0194c4b635c10c3f785e4fee52d641) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
                  2011/05/08 22:29:47.0000 3664   Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
                  2011/05/08 22:29:47.0109 3664   intelppm        (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
                  2011/05/08 22:29:47.0140 3664   Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
                  2011/05/08 22:29:47.0171 3664   IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
                  2011/05/08 22:29:47.0203 3664   IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
                  2011/05/08 22:29:47.0218 3664   IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
                  2011/05/08 22:29:47.0234 3664   IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
                  2011/05/08 22:29:47.0250 3664   IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
                  2011/05/08 22:29:47.0265 3664   isapnp          (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
                  2011/05/08 22:29:47.0296 3664   Kbdclass        (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
                  2011/05/08 22:29:47.0312 3664   kbdhid          (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
                  2011/05/08 22:29:47.0343 3664   kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
                  2011/05/08 22:29:47.0375 3664   KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
                  2011/05/08 22:29:47.0453 3664   mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
                  2011/05/08 22:29:47.0484 3664   Modem           (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
                  2011/05/08 22:29:47.0500 3664   Mouclass        (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
                  2011/05/08 22:29:47.0531 3664   mouhid          (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
                  2011/05/08 22:29:47.0546 3664   MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
                  2011/05/08 22:29:47.0578 3664   MpFilter        (7e34bfa1a7b60bba1da03d677f16cd63) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
                  2011/05/08 22:29:47.0609 3664   MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
                  2011/05/08 22:29:47.0640 3664   MRxSmb          (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
                  2011/05/08 22:29:47.0687 3664   Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
                  2011/05/08 22:29:47.0734 3664   MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
                  2011/05/08 22:29:47.0750 3664   MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
                  2011/05/08 22:29:47.0796 3664   MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
                  2011/05/08 22:29:47.0843 3664   mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
                  2011/05/08 22:29:47.0859 3664   Mup             (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
                  2011/05/08 22:29:47.0906 3664   NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
                  2011/05/08 22:29:47.0953 3664   NdisTapi        (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
                  2011/05/08 22:29:47.0968 3664   Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
                  2011/05/08 22:29:48.0000 3664   NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
                  2011/05/08 22:29:48.0015 3664   NDProxy         (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
                  2011/05/08 22:29:48.0046 3664   NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
                  2011/05/08 22:29:48.0093 3664   NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
                  2011/05/08 22:29:48.0156 3664   Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
                  2011/05/08 22:29:48.0171 3664   Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
                  2011/05/08 22:29:48.0218 3664   Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
                  2011/05/08 22:29:48.0265 3664   NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
                  2011/05/08 22:29:48.0281 3664   NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
                  2011/05/08 22:29:48.0328 3664   Parport         (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
                  2011/05/08 22:29:48.0343 3664   PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
                  2011/05/08 22:29:48.0390 3664   ParVdm          (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
                  2011/05/08 22:29:48.0421 3664   PCI             (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
                  2011/05/08 22:29:48.0484 3664   PCIIde          (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
                  2011/05/08 22:29:48.0531 3664   Pcmcia          (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
                  2011/05/08 22:29:48.0687 3664   PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
                  2011/05/08 22:29:48.0703 3664   PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
                  2011/05/08 22:29:48.0750 3664   Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
                  2011/05/08 22:29:48.0859 3664   RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
                  2011/05/08 22:29:48.0875 3664   Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
                  2011/05/08 22:29:48.0906 3664   RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
                  2011/05/08 22:29:48.0921 3664   Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
                  2011/05/08 22:29:48.0937 3664   Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
                  2011/05/08 22:29:48.0968 3664   RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
                  2011/05/08 22:29:49.0015 3664   RDPWD           (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
                  2011/05/08 22:29:49.0046 3664   redbook         (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
                  2011/05/08 22:29:49.0156 3664   SASDIFSV        (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
                  2011/05/08 22:29:49.0187 3664   SASKUTIL        (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
                  2011/05/08 22:29:49.0218 3664   Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
                  2011/05/08 22:29:49.0265 3664   Serial          (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
                  2011/05/08 22:29:49.0312 3664   Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
                  2011/05/08 22:29:49.0390 3664   Sftfs           (14cb193ecd4e71a32446790f9ecf39dd) C:\WINDOWS\system32\DRIVERS\Sftfsxp.sys
                  2011/05/08 22:29:49.0421 3664   Sftplay         (1f05637831caf19b069aaf361d720bb9) C:\WINDOWS\system32\DRIVERS\Sftplayxp.sys
                  2011/05/08 22:29:49.0453 3664   Sftredir        (423628f17862593d7d43e02187f4c1b5) C:\WINDOWS\system32\DRIVERS\Sftredirxp.sys
                  2011/05/08 22:29:49.0484 3664   Sftvol          (258ab73a01fa1b8d1a2a053c6bba5544) C:\WINDOWS\system32\DRIVERS\Sftvolxp.sys
                  2011/05/08 22:29:49.0562 3664   splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
                  2011/05/08 22:29:49.0578 3664   sr              (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
                  2011/05/08 22:29:49.0625 3664   Srv             (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
                  2011/05/08 22:29:49.0703 3664   STHDA           (2a2dc39623adef8ab3703ab9fac4b440) C:\WINDOWS\system32\drivers\sthda.sys
                  2011/05/08 22:29:49.0765 3664   swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
                  2011/05/08 22:29:49.0781 3664   swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
                  2011/05/08 22:29:49.0921 3664   sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
                  2011/05/08 22:29:49.0984 3664   Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
                  2011/05/08 22:29:50.0031 3664   TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
                  2011/05/08 22:29:50.0062 3664   TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
                  2011/05/08 22:29:50.0093 3664   TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
                  2011/05/08 22:29:50.0171 3664   Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
                  2011/05/08 22:29:50.0234 3664   Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
                  2011/05/08 22:29:50.0265 3664   usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
                  2011/05/08 22:29:50.0296 3664   usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
                  2011/05/08 22:29:50.0312 3664   usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
                  2011/05/08 22:29:50.0359 3664   usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
                  2011/05/08 22:29:50.0421 3664   usbscan         (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
                  2011/05/08 22:29:50.0484 3664   USBSTOR         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
                  2011/05/08 22:29:50.0500 3664   usbuhci         (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
                  2011/05/08 22:29:50.0515 3664   VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
                  2011/05/08 22:29:50.0562 3664   VolSnap         (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
                  2011/05/08 22:29:50.0578 3664   Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
                  2011/05/08 22:29:50.0656 3664   Wdf01000        (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
                  2011/05/08 22:29:50.0703 3664   wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
                  2011/05/08 22:29:50.0781 3664   WinUSB          (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys
                  2011/05/08 22:29:50.0859 3664   WpdUsb          (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
                  2011/05/08 22:29:50.0921 3664   WudfPf          (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
                  2011/05/08 22:29:50.0937 3664   WudfRd          (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
                  2011/05/08 22:29:50.0984 3664   zumbus          (337b9607f041b77824411750069aff2d) C:\WINDOWS\system32\DRIVERS\zumbus.sys
                  2011/05/08 22:29:51.0406 3664   ================================================================================
                  2011/05/08 22:29:51.0406 3664   Scan finished
                  2011/05/08 22:29:51.0406 3664   ================================================================================

                  007will

                    Topic Starter


                    Beginner

                    Re: Can someone help me please!!
                    « Reply #11 on: May 08, 2011, 03:32:09 PM »
                    I don't know if that was right. I did the scan and it deleted something then restarted. I have then done a report which is what i post.

                    Also when this is all fixed can you advise me what the best AV software to have on my PC is?

                    Many thanks!

                    SuperDave

                    • Malware Removal Specialist
                    • Moderator


                    • Genius
                    • Thanked: 988
                    • Certifications: List
                    • Experience: Expert
                    • OS: Windows 8
                    Re: Can someone help me please!!
                    « Reply #12 on: May 08, 2011, 05:19:02 PM »
                    Quote
                    Also when this is all fixed can you advise me what the best AV software to have on my PC is?
                    This is a tough question. Almost everyone has their favourite. I, myself, prefer MicroSoft Security Essentials because it highly efficient and low resource usage. It's free to all registered Windows users and requires no registration or renewal and it updates automatically.I'll give you a link below but in addition to a good, updated AV you also require programs to protect against other malware such as rogues and trojans. I will post these at the conclusion of our cleaning.

                    Remember to only install one antivirus!
                     
                    1) Avast! Home Edition
                    2) AVG Free Edition
                    3) Avira AntiVir Personal
                    4) Microsoft Security Essentials for Windows Vista\Windows 7 - 64 bit Download
                    4-a) Microsoft Security Essentials for Windows XP
                    5) Comodo Antivirus (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" if you choose this one)
                    6) PC Tools AntiVirus Free Edition

                    It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time.
                    **************************************************
                    Please download ComboFix from BleepingComputer.com

                    Alternate link: GeeksToGo.com

                    and save it to your Desktop.
                    It would be easiest to download using Internet Explorer.
                    If you insist on using Firefox, make sure that your download settings are as follows:

                    * Tools->Options->Main tab
                    * Set to "Always ask me where to Save the files".

                    Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
                    Double click ComboFix.exe & follow the prompts.
                    As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
                    Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

                    Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

                    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


                    Click on Yes, to continue scanning for malware.
                    When finished, it shall produce a log for you.  Please include the contents of C:\ComboFix.txt in your next reply.

                    If you have problems with ComboFix usage, see How to use ComboFix
                    Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender

                    007will

                      Topic Starter


                      Beginner

                      Re: Can someone help me please!!
                      « Reply #13 on: May 09, 2011, 10:57:31 AM »
                      ComboFix 11-05-08.04 - Owner 09/05/2011  17:46:12.1.2 - x86
                      Microsoft Windows XP Home Edition  5.1.2600.3.1252.44.1033.18.1014.728 [GMT 1:00]
                      Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
                      AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
                      .
                      .
                      (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
                      .
                      .
                      c:\documents and settings\Owner\Application Data\Awraoh
                      c:\documents and settings\Owner\Application Data\Awraoh\adcu.exe
                      c:\documents and settings\Owner\Application Data\desktop.ini
                      c:\documents and settings\Owner\Application Data\ntuser.dat
                      .
                      .
                      (((((((((((((((((((((((((   Files Created from 2011-04-09 to 2011-05-09  )))))))))))))))))))))))))))))))
                      .
                      .
                      2011-05-08 11:48 . 2011-05-09 16:33   --------   d-----w-   c:\documents and settings\Owner\Application Data\Ulirmo
                      2011-05-05 21:25 . 2011-05-05 21:25   135680   ----a-w-   c:\windows\system32\drivers\ethxylvf.sys
                      2011-05-05 21:22 . 2011-05-05 21:22   388096   ----a-r-   c:\documents and settings\Owner\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
                      2011-05-05 21:22 . 2011-05-05 21:22   --------   d-----w-   c:\program files\Trend Micro
                      2011-05-05 21:20 . 2011-05-05 21:20   --------   d-----w-   c:\program files\Common Files\Java
                      2011-05-05 20:44 . 2011-05-05 20:44   --------   d-----w-   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
                      2011-05-05 20:35 . 2010-12-20 17:09   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
                      2011-05-05 20:35 . 2010-12-20 17:08   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
                      2011-05-05 20:32 . 2011-05-05 20:32   --------   d-----w-   c:\program files\CCleaner
                      2011-05-05 19:19 . 2011-05-05 20:47   --------   d-----w-   c:\documents and settings\All Users\Application Data\bL28601CaIgA28601
                      2011-05-05 18:49 . 2011-05-05 20:47   --------   d-----w-   c:\documents and settings\Owner\Application Data\xfgkxer1hbbxwfxokvojijtyebjdow3k2
                      2011-05-05 18:46 . 2011-05-05 18:46   114176   --sha-r-   c:\windows\system32\rpcns4H.dll
                      2011-05-05 18:46 . 2011-05-05 18:46   114176   --sha-r-   c:\windows\system32\logonuiv.dll
                      2011-05-05 18:46 . 2011-05-05 18:46   114176   --sha-r-   c:\windows\system32\ialmuTHAU.dll
                      2011-05-05 18:41 . 2011-04-11 07:04   7071056   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7C8C2A59-AC6B-4305-BF8F-AA42A1FBBBC0}\mpengine.dll
                      2011-04-29 12:34 . 2011-04-29 12:34   --------   d-----w-   c:\windows\system32\wbem\Repository
                      2011-04-29 12:30 . 2011-04-29 12:33   --------   d-s---w-   c:\documents and settings\Administrator
                      2011-04-29 06:43 . 2011-04-29 06:43   --------   d-----w-   c:\documents and settings\Owner\Application Data\Sibelius Software
                      2011-04-28 23:18 . 2011-04-28 23:18   --------   d-----w-   c:\documents and settings\Owner\Application Data\Malwarebytes
                      2011-04-28 23:18 . 2011-04-28 23:18   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
                      2011-04-28 23:18 . 2011-05-05 20:35   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
                      2011-04-28 22:38 . 2011-04-28 22:38   --------   d-----w-   c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
                      2011-04-28 22:38 . 2011-05-08 11:50   --------   d-----w-   c:\program files\SUPERAntiSpyware
                      2011-04-25 15:51 . 2011-04-25 15:51   --------   d-----w-   c:\program files\iPod
                      2011-04-25 15:51 . 2011-04-25 15:53   --------   d-----w-   c:\program files\iTunes
                      2011-04-25 15:46 . 2011-04-25 15:46   --------   d-----w-   c:\program files\Bonjour
                      2011-04-25 14:07 . 2011-04-25 14:07   --------   d-----r-   C:\MSOCache
                      2011-04-25 13:59 . 2011-04-25 13:59   --------   d-----w-   c:\documents and settings\Owner\Local Settings\Application Data\SoftGrid Client
                      2011-04-25 13:59 . 2011-05-09 16:43   --------   d-----w-   c:\documents and settings\Owner\Application Data\SoftGrid Client
                      2011-04-25 13:59 . 2011-04-25 13:59   --------   d-----w-   c:\windows\system32\config\systemprofile\Application Data\{90140011-0062-0409-0000-0000000FF1CE}
                      2011-04-25 13:59 . 2011-05-09 16:43   --------   d-----w-   c:\windows\system32\config\systemprofile\Application Data\SoftGrid Client
                      2011-04-25 13:57 . 2011-04-25 13:57   --------   d-----w-   c:\documents and settings\All Users\Microsoft
                      2011-04-25 13:57 . 2011-04-29 12:38   --------   d-----w-   c:\program files\Microsoft Application Virtualization Client
                      2011-04-25 13:56 . 2011-04-25 14:01   --------   d-----w-   c:\documents and settings\Owner\Application Data\TP
                      2011-04-18 21:13 . 2011-04-18 21:13   --------   d-----w-   c:\documents and settings\Owner\Application Data\Amazon
                      2011-04-18 21:12 . 2011-04-18 21:12   --------   d-----w-   c:\program files\Amazon
                      2011-04-17 14:07 . 2011-04-17 14:07   --------   d-----w-   c:\windows\Sun
                      2011-04-16 14:29 . 2011-04-16 14:29   --------   d-----w-   c:\documents and settings\Owner\Application Data\OpenOffice.org
                      2011-04-16 14:26 . 2011-04-16 14:26   --------   d-----w-   c:\program files\OpenOffice.org 3
                      2011-04-16 14:25 . 2011-04-14 04:07   472808   ----a-w-   c:\windows\system32\deployJava1.dll
                      2011-04-16 14:25 . 2011-04-14 01:40   73728   ----a-w-   c:\windows\system32\javacpl.cpl
                      2011-04-16 14:25 . 2011-05-05 21:20   --------   d-----w-   c:\program files\Java
                      .
                      .
                      .
                      ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
                      .
                      2011-04-29 06:43 . 2011-04-29 06:43   1409   ----a-w-   c:\windows\Fonts\RPRSTITL.FOT
                      2011-04-29 06:43 . 2011-04-29 06:43   1409   ----a-w-   c:\windows\Fonts\RPRSTEXT.FOT
                      2011-04-29 06:43 . 2011-04-29 06:43   1409   ----a-w-   c:\windows\Fonts\RPRSSTMP.FOT
                      2011-04-29 06:43 . 2011-04-29 06:43   1409   ----a-w-   c:\windows\Fonts\RPRSSPEC.FOT
                      2011-04-29 06:43 . 2011-04-29 06:43   1409   ----a-w-   c:\windows\Fonts\RPRSSCRP.FOT
                      2011-04-29 06:43 . 2011-04-29 06:43   1409   ----a-w-   c:\windows\Fonts\RPRSREH_.FOT
                      2011-04-29 06:43 . 2011-04-29 06:43   1409   ----a-w-   c:\windows\Fonts\RPRSMET_.FOT
                      2011-04-29 06:43 . 2011-04-29 06:43   1409   ----a-w-   c:\windows\Fonts\RPRSCHOR.FOT
                      2011-04-29 06:43 . 2011-04-29 06:43   1409   ----a-w-   c:\windows\Fonts\RPRS____.FOT
                      2011-04-29 06:43 . 2011-04-29 06:43   1409   ----a-w-   c:\windows\Fonts\OPUSTEXT.FOT
                      2011-04-29 06:43 . 2011-04-29 06:43   1409   ----a-w-   c:\windows\Fonts\OPUSSE__.FOT
                      2011-04-29 06:43 . 2011-04-29 06:43   1409   ----a-w-   c:\windows\Fonts\OPUSS___.FOT
                      2011-04-29 06:43 . 2011-04-29 06:43   1409   ----a-w-   c:\windows\Fonts\OPUSROMC.FOT
                      2011-04-29 06:43 . 2011-04-29 06:43   1409   ----a-w-   c:\windows\Fonts\OPUSPC__.FOT
                      2011-04-29 06:43 . 2011-04-29 06:43   1409   ----a-w-   c:\windows\Fonts\OPUSP___.FOT
                      2011-04-29 06:43 . 2011-04-29 06:43   1409   ----a-w-   c:\windows\Fonts\OPUSO___.FOT
                      2011-04-29 06:43 . 2011-04-29 06:43   1409   ----a-w-   c:\windows\Fonts\OPUSNN__.FOT
                      2011-04-29 06:43 . 2011-04-29 06:43   1409   ----a-w-   c:\windows\Fonts\OPUSM___.FOT
                      2011-04-29 06:43 . 2011-04-29 06:43   1409   ----a-w-   c:\windows\Fonts\OPUSFS__.FOT
                      2011-04-29 06:43 . 2011-04-29 06:43   1409   ----a-w-   c:\windows\Fonts\OPUSFBE_.FOT
                      2011-04-29 06:43 . 2011-04-29 06:43   1409   ----a-w-   c:\windows\Fonts\OPUSFB__.FOT
                      2011-04-29 06:43 . 2011-04-29 06:43   1409   ----a-w-   c:\windows\Fonts\OPUSCSC_.FOT
                      2011-04-29 06:43 . 2011-04-29 06:43   1409   ----a-w-   c:\windows\Fonts\OPUSCS__.FOT
                      2011-04-29 06:43 . 2011-04-29 06:43   1409   ----a-w-   c:\windows\Fonts\OPUSC___.FOT
                      2011-04-29 06:43 . 2011-04-29 06:43   1409   ----a-w-   c:\windows\Fonts\OPUS____.FOT
                      2011-04-29 06:43 . 2011-04-29 06:43   1409   ----a-w-   c:\windows\Fonts\INKPEN2_.FOT
                      2011-04-29 06:43 . 2011-04-29 06:43   1409   ----a-w-   c:\windows\Fonts\INK2TEXT.FOT
                      2011-04-29 06:43 . 2011-04-29 06:43   1409   ----a-w-   c:\windows\Fonts\INK2SPEC.FOT
                      2011-04-29 06:43 . 2011-04-29 06:43   1409   ----a-w-   c:\windows\Fonts\INK2SCRI.FOT
                      2011-04-29 06:43 . 2011-04-29 06:43   1409   ----a-w-   c:\windows\Fonts\INK2METR.FOT
                      2011-04-29 06:43 . 2011-04-29 06:43   1409   ----a-w-   c:\windows\Fonts\INK2CHOR.FOT
                      2011-04-29 06:43 . 2011-04-29 06:43   1409   ----a-w-   c:\windows\Fonts\HELST___.FOT
                      2011-04-29 06:43 . 2011-04-29 06:43   1409   ----a-w-   c:\windows\Fonts\HELSS___.FOT
                      2011-04-29 06:43 . 2011-04-29 06:43   1409   ----a-w-   c:\windows\Fonts\HELSM___.FOT
                      2011-04-29 06:43 . 2011-04-29 06:43   1409   ----a-w-   c:\windows\Fonts\HELSINKI.FOT
                      2011-04-11 07:04 . 2011-02-06 22:20   7071056   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
                      2011-04-06 15:20 . 2011-04-06 15:20   91424   ----a-w-   c:\windows\system32\dnssd.dll
                      2011-04-06 15:20 . 2011-04-06 15:20   75040   ----a-w-   c:\windows\system32\jdns_sd.dll
                      2011-04-06 15:20 . 2011-04-06 15:20   197920   ----a-w-   c:\windows\system32\dnssdX.dll
                      2011-04-06 15:20 . 2011-04-06 15:20   107808   ----a-w-   c:\windows\system32\dns-sd.exe
                      2011-03-07 05:33 . 2011-01-11 19:25   692736   ----a-w-   c:\windows\system32\inetcomm.dll
                      2011-03-04 06:37 . 2004-08-04 10:00   420864   ----a-w-   c:\windows\system32\vbscript.dll
                      2011-03-03 13:21 . 2004-08-04 10:00   1857920   ----a-w-   c:\windows\system32\win32k.sys
                      2011-02-22 23:06 . 2006-03-04 03:33   916480   ----a-w-   c:\windows\system32\wininet.dll
                      2011-02-22 23:06 . 2004-08-04 10:00   43520   ------w-   c:\windows\system32\licmgr10.dll
                      2011-02-22 23:06 . 2004-08-04 10:00   1469440   ------w-   c:\windows\system32\inetcpl.cpl
                      2011-02-22 11:41 . 2004-08-04 10:00   385024   ------w-   c:\windows\system32\html.iec
                      2011-02-17 13:18 . 2004-08-04 10:00   455936   ----a-w-   c:\windows\system32\drivers\mrxsmb.sys
                      2011-02-17 13:18 . 2004-08-04 10:00   357888   ----a-w-   c:\windows\system32\drivers\srv.sys
                      2011-02-17 12:32 . 2011-01-19 20:06   5120   ----a-w-   c:\windows\system32\xpsp4res.dll
                      2011-02-15 12:56 . 2004-08-04 10:00   290432   ----a-w-   c:\windows\system32\atmfd.dll
                      2011-02-09 13:53 . 2004-08-04 10:00   270848   ----a-w-   c:\windows\system32\sbe.dll
                      2011-02-09 13:53 . 2004-08-04 10:00   186880   ----a-w-   c:\windows\system32\encdec.dll
                      .
                      .
                      (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
                      .
                      .
                      *Note* empty entries & legit default entries are not shown
                      REGEDIT4
                      .
                      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                      "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
                      "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-05-08 2424192]
                      .
                      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                      "igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
                      "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
                      "igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
                      "SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 339968]
                      "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
                      "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-02-18 49208]
                      "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
                      "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-14 421160]
                      "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
                      .
                      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
                      "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
                      .
                      c:\documents and settings\Default User\Start Menu\Programs\Startup\
                      ykitl.exe [2011-5-8 284160]
                      .
                      c:\documents and settings\Owner\Start Menu\Programs\Startup\
                      OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
                      .
                      c:\documents and settings\All Users\Start Menu\Programs\Startup\
                      HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
                      Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
                      .
                      [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
                      "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
                      "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
                      .
                      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
                      2009-09-03 22:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.DLL
                      .
                      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
                      @="Service"
                      .
                      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
                      @="Driver"
                      .
                      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
                      @="Service"
                      .
                      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
                      "%windir%\\system32\\sessmgr.exe"=
                      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
                      "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
                      "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
                      "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
                      "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
                      "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
                      "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
                      "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
                      "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
                      "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
                      "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
                      "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
                      "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
                      "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
                      "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
                      "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
                      "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
                      "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
                      "c:\\Program Files\\iTunes\\iTunes.exe"=
                      .
                      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
                      "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
                      .
                      R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 19:25 12872]
                      R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/05/2010 19:41 67656]
                      R2 ASTRA32;ASTRA32 Kernel Driver 5.2.1.0;c:\program files\ASTRA32\astra32.sys [22/02/2007 12:28 30864]
                      R2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [28/02/2010 02:33 821664]
                      R2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [24/04/2010 01:10 483688]
                      R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfsxp.sys [02/12/2009 22:23 554344]
                      R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplayxp.sys [02/12/2009 22:23 211432]
                      R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirxp.sys [02/12/2009 22:23 20584]
                      R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvolxp.sys [02/12/2009 22:23 18280]
                      R3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [24/04/2010 01:10 209768]
                      S0 nwba;nwba;c:\windows\system32\drivers\fxufjr.sys --> c:\windows\system32\drivers\fxufjr.sys [?]
                      S1 ethxylvf;ethxylvf;c:\windows\system32\drivers\ethxylvf.sys [05/05/2011 22:25 135680]
                      S2 AMService;AMService;c:\windows\TEMP\kixd\setup.exe run --> c:\windows\TEMP\kixd\setup.exe run [?]
                      S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 14:16 130384]
                      S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [09/01/2010 21:37 4640000]
                      S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [04/08/2004 11:00 14336]
                      S3 WMZuneComm;Zune Windows Mobile Connectivity Service;f:\zune\WMZuneComm.exe --> f:\zune\WMZuneComm.exe [?]
                      S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 14:16 753504]
                      .
                      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
                      WINRM   REG_MULTI_SZ      WINRM
                      .
                      Contents of the 'Scheduled Tasks' folder
                      .
                      .
                      ------- Supplementary Scan -------
                      .
                      uInternet Settings,ProxyOverride = *.local
                      .
                      - - - - ORPHANS REMOVED - - - -
                      .
                      HKCU-Run-{4A29A5C9-E3D8-408B-4DBE-54A2258FA697} - c:\documents and settings\Owner\Application Data\Awraoh\adcu.exe
                      HKLM-Run-Zune Launcher - f:\zune\ZuneLauncher.exe
                      SafeBoot-WudfPf
                      SafeBoot-WudfRd
                      AddRemove-Zune - f:\zune\ZuneSetup.exe
                      .
                      .
                      .
                      **************************************************************************
                      .
                      catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
                      Rootkit scan 2011-05-09 17:53
                      Windows 5.1.2600 Service Pack 3 NTFS
                      .
                      scanning hidden processes ... 
                      .
                      scanning hidden autostart entries ...
                      .
                      scanning hidden files ... 
                      .
                      scan completed successfully
                      hidden files: 0
                      .
                      **************************************************************************
                      .
                      --------------------- LOCKED REGISTRY KEYS ---------------------
                      .
                      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
                      @Denied: (A 2) (Everyone)
                      @="FlashBroker"
                      "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
                      .
                      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
                      "Enabled"=dword:00000001
                      .
                      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
                      @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
                      .
                      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
                      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
                      .
                      [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
                      @Denied: (A 2) (Everyone)
                      @="IFlashBroker4"
                      .
                      [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
                      @="{00020424-0000-0000-C000-000000000046}"
                      .
                      [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
                      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
                      "Version"="1.0"
                      .
                      --------------------- DLLs Loaded Under Running Processes ---------------------
                      .
                      - - - - - - - > 'winlogon.exe'(644)
                      c:\program files\SUPERAntiSpyware\SASWINLO.DLL
                      c:\windows\system32\WININET.dll
                      .
                      Completion time: 2011-05-09  17:54:46
                      ComboFix-quarantined-files.txt  2011-05-09 16:54
                      .
                      Pre-Run: 486,545,432,576 bytes free
                      Post-Run: 488,234,688,512 bytes free
                      .
                      WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
                      [boot loader]
                      timeout=2
                      default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
                      [operating systems]
                      c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
                      UnsupportedDebug="do not select this" /debug
                      multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
                      .
                      - - End Of File - - 16E3555B8274A30826B69815E5ADE5EE

                      SuperDave

                      • Malware Removal Specialist
                      • Moderator


                      • Genius
                      • Thanked: 988
                      • Certifications: List
                      • Experience: Expert
                      • OS: Windows 8
                      Re: Can someone help me please!!
                      « Reply #14 on: May 09, 2011, 04:26:42 PM »
                      I have a bunch of files to be checked.

                      Please go to Jotti's malware scan
                      (If more than one file needs scanned they must be done separately and links posted for each one)

                      * Copy the file path in the below Code box:

                      Code: [Select]
                      c:\windows\system32\drivers\ethxylvf.sys
                      c:\windows\system32\rpcns4H.dll
                      c:\windows\system32\logonuiv.dll
                      c:\windows\system32\ialmuTHAU.dll
                      c:\documents and settings\Default User\Start Menu\Programs\Startup\
                      ykitl.exe 

                      * At the upload site, click once inside the window next to Browse.
                      * Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.
                      * Next click Submit file
                      * Your file will possibly be entered into a queue which normally takes less than a minute to clear.
                      * This will perform a scan across multiple different virus scanning engines.
                      * Important: Wait for all of the scanning engines to complete.
                      * Once the scan is finished, Copy and then Paste the link in the address bar into your next reply.
                      ***************************************************
                      Re-running ComboFix to remove infections:

                      • Close any open browsers.
                      • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
                      • Open notepad and copy/paste the text in the quotebox below into it:
                        Quote
                        KillAll::

                        Folder::
                        c:\documents and settings\All Users\Application Data\bL28601CaIgA28601
                        c:\documents and settings\Owner\Application Data\xfgkxer1hbbxwfxokvojijtyebjdow3k2

                        MBR::

                      • Save this as CFScript.txt, in the same location as ComboFix.exe



                      • Referring to the picture above, drag CFScript into ComboFix.exe
                      • When finished, it shall produce a log for you at C:\ComboFix.txt
                      • Please post the contents of the log in your next reply.
                      Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender


                      007will

                        Topic Starter


                        Beginner

                        Re: Can someone help me please!!
                        « Reply #16 on: May 10, 2011, 11:27:13 AM »
                        ComboFix 11-05-09.03 - Owner 10/05/2011  18:13:20.2.2 - x86
                        Microsoft Windows XP Home Edition  5.1.2600.3.1252.44.1033.18.1014.545 [GMT 1:00]
                        Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
                        Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
                        AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
                        .
                        .
                        (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
                        .
                        .
                        c:\documents and settings\All Users\Application Data\bL28601CaIgA28601
                        c:\documents and settings\All Users\Application Data\bL28601CaIgA28601\bL28601CaIgA28601
                        c:\documents and settings\Owner\Application Data\xfgkxer1hbbxwfxokvojijtyebjdow3k2
                        .
                        .
                        (((((((((((((((((((((((((   Files Created from 2011-04-10 to 2011-05-10  )))))))))))))))))))))))))))))))
                        .
                        .
                        2011-05-08 11:48 . 2011-05-09 16:33   --------   d-----w-   c:\documents and settings\Owner\Application Data\Ulirmo
                        2011-05-05 21:25 . 2011-05-05 21:25   135680   ----a-w-   c:\windows\system32\drivers\ethxylvf.sys
                        2011-05-05 21:22 . 2011-05-05 21:22   388096   ----a-r-   c:\documents and settings\Owner\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
                        2011-05-05 21:22 . 2011-05-05 21:22   --------   d-----w-   c:\program files\Trend Micro
                        2011-05-05 21:20 . 2011-05-05 21:20   --------   d-----w-   c:\program files\Common Files\Java
                        2011-05-05 20:44 . 2011-05-05 20:44   --------   d-----w-   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
                        2011-05-05 20:35 . 2010-12-20 17:09   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
                        2011-05-05 20:35 . 2010-12-20 17:08   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
                        2011-05-05 20:32 . 2011-05-05 20:32   --------   d-----w-   c:\program files\CCleaner
                        2011-05-05 18:46 . 2011-05-05 18:46   114176   --sha-r-   c:\windows\system32\rpcns4H.dll
                        2011-05-05 18:46 . 2011-05-05 18:46   114176   --sha-r-   c:\windows\system32\logonuiv.dll
                        2011-05-05 18:46 . 2011-05-05 18:46   114176   --sha-r-   c:\windows\system32\ialmuTHAU.dll
                        2011-05-05 18:41 . 2011-04-11 07:04   7071056   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7C8C2A59-AC6B-4305-BF8F-AA42A1FBBBC0}\mpengine.dll
                        2011-04-29 12:34 . 2011-04-29 12:34   --------   d-----w-   c:\windows\system32\wbem\Repository
                        2011-04-29 12:30 . 2011-04-29 12:33   --------   d-s---w-   c:\documents and settings\Administrator
                        2011-04-29 06:43 . 2011-04-29 06:43   --------   d-----w-   c:\documents and settings\Owner\Application Data\Sibelius Software
                        2011-04-28 23:18 . 2011-04-28 23:18   --------   d-----w-   c:\documents and settings\Owner\Application Data\Malwarebytes
                        2011-04-28 23:18 . 2011-04-28 23:18   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
                        2011-04-28 23:18 . 2011-05-05 20:35   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
                        2011-04-28 22:38 . 2011-04-28 22:38   --------   d-----w-   c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
                        2011-04-28 22:38 . 2011-05-08 11:50   --------   d-----w-   c:\program files\SUPERAntiSpyware
                        2011-04-25 15:51 . 2011-04-25 15:51   --------   d-----w-   c:\program files\iPod
                        2011-04-25 15:51 . 2011-04-25 15:53   --------   d-----w-   c:\program files\iTunes
                        2011-04-25 15:46 . 2011-04-25 15:46   --------   d-----w-   c:\program files\Bonjour
                        2011-04-25 14:07 . 2011-04-25 14:07   --------   d-----r-   C:\MSOCache
                        2011-04-25 13:59 . 2011-04-25 13:59   --------   d-----w-   c:\documents and settings\Owner\Local Settings\Application Data\SoftGrid Client
                        2011-04-25 13:59 . 2011-05-09 17:10   --------   d-----w-   c:\documents and settings\Owner\Application Data\SoftGrid Client
                        2011-04-25 13:59 . 2011-04-25 13:59   --------   d-----w-   c:\windows\system32\config\systemprofile\Application Data\{90140011-0062-0409-0000-0000000FF1CE}
                        2011-04-25 13:59 . 2011-05-09 17:10   --------   d-----w-   c:\windows\system32\config\systemprofile\Application Data\SoftGrid Client
                        2011-04-25 13:57 . 2011-04-25 13:57   --------   d-----w-   c:\documents and settings\All Users\Microsoft
                        2011-04-25 13:57 . 2011-04-29 12:38   --------   d-----w-   c:\program files\Microsoft Application Virtualization Client
                        2011-04-25 13:56 . 2011-04-25 14:01   --------   d-----w-   c:\documents and settings\Owner\Application Data\TP
                        2011-04-18 21:13 . 2011-04-18 21:13   --------   d-----w-   c:\documents and settings\Owner\Application Data\Amazon
                        2011-04-18 21:12 . 2011-04-18 21:12   --------   d-----w-   c:\program files\Amazon
                        2011-04-17 14:07 . 2011-04-17 14:07   --------   d-----w-   c:\windows\Sun
                        2011-04-16 14:29 . 2011-04-16 14:29   --------   d-----w-   c:\documents and settings\Owner\Application Data\OpenOffice.org
                        2011-04-16 14:26 . 2011-04-16 14:26   --------   d-----w-   c:\program files\OpenOffice.org 3
                        2011-04-16 14:25 . 2011-04-14 04:07   472808   ----a-w-   c:\windows\system32\deployJava1.dll
                        2011-04-16 14:25 . 2011-04-14 01:40   73728   ----a-w-   c:\windows\system32\javacpl.cpl
                        2011-04-16 14:25 . 2011-05-05 21:20   --------   d-----w-   c:\program files\Java
                        .
                        .
                        .
                        ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
                        .
                        2011-04-29 06:43 . 2011-04-29 06:43   1409   ----a-w-   c:\windows\Fonts\RPRSTITL.FOT
                        2011-04-29 06:43 . 2011-04-29 06:43   1409   ----a-w-   c:\windows\Fonts\RPRSTEXT.FOT
                        2011-04-29 06:43 . 2011-04-29 06:43   1409   ----a-w-   c:\windows\Fonts\RPRSSTMP.FOT
                        2011-04-29 06:43 . 2011-04-29 06:43   1409   ----a-w-   c:\windows\Fonts\RPRSSPEC.FOT
                        2011-04-29 06:43 . 2011-04-29 06:43   1409   ----a-w-   c:\windows\Fonts\RPRSSCRP.FOT
                        2011-04-29 06:43 . 2011-04-29 06:43   1409   ----a-w-   c:\windows\Fonts\RPRSREH_.FOT
                        2011-04-29 06:43 . 2011-04-29 06:43   1409   ----a-w-   c:\windows\Fonts\RPRSMET_.FOT
                        2011-04-29 06:43 . 2011-04-29 06:43   1409   ----a-w-   c:\windows\Fonts\RPRSCHOR.FOT
                        2011-04-29 06:43 . 2011-04-29 06:43   1409   ----a-w-   c:\windows\Fonts\RPRS____.FOT
                        2011-04-29 06:43 . 2011-04-29 06:43   1409   ----a-w-   c:\windows\Fonts\OPUSTEXT.FOT
                        2011-04-29 06:43 . 2011-04-29 06:43   1409   ----a-w-   c:\windows\Fonts\OPUSSE__.FOT
                        2011-04-29 06:43 . 2011-04-29 06:43   1409   ----a-w-   c:\windows\Fonts\OPUSS___.FOT
                        2011-04-29 06:43 . 2011-04-29 06:43   1409   ----a-w-   c:\windows\Fonts\OPUSROMC.FOT
                        2011-04-29 06:43 . 2011-04-29 06:43   1409   ----a-w-   c:\windows\Fonts\OPUSPC__.FOT
                        2011-04-29 06:43 . 2011-04-29 06:43   1409   ----a-w-   c:\windows\Fonts\OPUSP___.FOT
                        2011-04-29 06:43 . 2011-04-29 06:43   1409   ----a-w-   c:\windows\Fonts\OPUSO___.FOT
                        2011-04-29 06:43 . 2011-04-29 06:43   1409   ----a-w-   c:\windows\Fonts\OPUSNN__.FOT
                        2011-04-29 06:43 . 2011-04-29 06:43   1409   ----a-w-   c:\windows\Fonts\OPUSM___.FOT
                        2011-04-29 06:43 . 2011-04-29 06:43   1409   ----a-w-   c:\windows\Fonts\OPUSFS__.FOT
                        2011-04-29 06:43 . 2011-04-29 06:43   1409   ----a-w-   c:\windows\Fonts\OPUSFBE_.FOT
                        2011-04-29 06:43 . 2011-04-29 06:43   1409   ----a-w-   c:\windows\Fonts\OPUSFB__.FOT
                        2011-04-29 06:43 . 2011-04-29 06:43   1409   ----a-w-   c:\windows\Fonts\OPUSCSC_.FOT
                        2011-04-29 06:43 . 2011-04-29 06:43   1409   ----a-w-   c:\windows\Fonts\OPUSCS__.FOT
                        2011-04-29 06:43 . 2011-04-29 06:43   1409   ----a-w-   c:\windows\Fonts\OPUSC___.FOT
                        2011-04-29 06:43 . 2011-04-29 06:43   1409   ----a-w-   c:\windows\Fonts\OPUS____.FOT
                        2011-04-29 06:43 . 2011-04-29 06:43   1409   ----a-w-   c:\windows\Fonts\INKPEN2_.FOT
                        2011-04-29 06:43 . 2011-04-29 06:43   1409   ----a-w-   c:\windows\Fonts\INK2TEXT.FOT
                        2011-04-29 06:43 . 2011-04-29 06:43   1409   ----a-w-   c:\windows\Fonts\INK2SPEC.FOT
                        2011-04-29 06:43 . 2011-04-29 06:43   1409   ----a-w-   c:\windows\Fonts\INK2SCRI.FOT
                        2011-04-29 06:43 . 2011-04-29 06:43   1409   ----a-w-   c:\windows\Fonts\INK2METR.FOT
                        2011-04-29 06:43 . 2011-04-29 06:43   1409   ----a-w-   c:\windows\Fonts\INK2CHOR.FOT
                        2011-04-29 06:43 . 2011-04-29 06:43   1409   ----a-w-   c:\windows\Fonts\HELST___.FOT
                        2011-04-29 06:43 . 2011-04-29 06:43   1409   ----a-w-   c:\windows\Fonts\HELSS___.FOT
                        2011-04-29 06:43 . 2011-04-29 06:43   1409   ----a-w-   c:\windows\Fonts\HELSM___.FOT
                        2011-04-29 06:43 . 2011-04-29 06:43   1409   ----a-w-   c:\windows\Fonts\HELSINKI.FOT
                        2011-04-11 07:04 . 2011-02-06 22:20   7071056   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
                        2011-04-06 15:20 . 2011-04-06 15:20   91424   ----a-w-   c:\windows\system32\dnssd.dll
                        2011-04-06 15:20 . 2011-04-06 15:20   75040   ----a-w-   c:\windows\system32\jdns_sd.dll
                        2011-04-06 15:20 . 2011-04-06 15:20   197920   ----a-w-   c:\windows\system32\dnssdX.dll
                        2011-04-06 15:20 . 2011-04-06 15:20   107808   ----a-w-   c:\windows\system32\dns-sd.exe
                        2011-03-07 05:33 . 2011-01-11 19:25   692736   ----a-w-   c:\windows\system32\inetcomm.dll
                        2011-03-04 06:37 . 2004-08-04 10:00   420864   ----a-w-   c:\windows\system32\vbscript.dll
                        2011-03-03 13:21 . 2004-08-04 10:00   1857920   ----a-w-   c:\windows\system32\win32k.sys
                        2011-02-22 23:06 . 2006-03-04 03:33   916480   ----a-w-   c:\windows\system32\wininet.dll
                        2011-02-22 23:06 . 2004-08-04 10:00   43520   ------w-   c:\windows\system32\licmgr10.dll
                        2011-02-22 23:06 . 2004-08-04 10:00   1469440   ------w-   c:\windows\system32\inetcpl.cpl
                        2011-02-22 11:41 . 2004-08-04 10:00   385024   ------w-   c:\windows\system32\html.iec
                        2011-02-17 13:18 . 2004-08-04 10:00   455936   ----a-w-   c:\windows\system32\drivers\mrxsmb.sys
                        2011-02-17 13:18 . 2004-08-04 10:00   357888   ----a-w-   c:\windows\system32\drivers\srv.sys
                        2011-02-17 12:32 . 2011-01-19 20:06   5120   ----a-w-   c:\windows\system32\xpsp4res.dll
                        2011-02-15 12:56 . 2004-08-04 10:00   290432   ----a-w-   c:\windows\system32\atmfd.dll
                        .
                        .
                        (((((((((((((((((((((((((((((   [email protected]_16.53.14   )))))))))))))))))))))))))))))))))))))))))
                        .
                        + 2011-01-11 09:59 . 2011-01-11 09:59   51024              c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_214ee422\vcomp90.dll
                        + 2011-01-11 09:59 . 2011-01-11 09:59   59728              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90rus.dll
                        + 2011-01-11 09:59 . 2011-01-11 09:59   42832              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90kor.dll
                        + 2011-01-11 09:59 . 2011-01-11 09:59   43344              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90jpn.dll
                        + 2011-01-11 09:59 . 2011-01-11 09:59   61264              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90ita.dll
                        + 2011-01-11 09:59 . 2011-01-11 09:59   62800              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90fra.dll
                        + 2011-01-11 09:59 . 2011-01-11 09:59   61776              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90esp.dll
                        + 2011-01-11 09:59 . 2011-01-11 09:59   61776              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90esn.dll
                        + 2011-01-11 09:59 . 2011-01-11 09:59   53584              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90enu.dll
                        + 2011-01-11 09:59 . 2011-01-11 09:59   63312              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90deu.dll
                        + 2011-01-11 09:59 . 2011-01-11 09:59   36688              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90cht.dll
                        + 2011-01-11 09:59 . 2011-01-11 09:59   35664              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90chs.dll
                        + 2011-01-11 09:59 . 2011-01-11 09:59   59904              c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_d5fe2ecb\mfcm90u.dll
                        + 2011-01-11 09:59 . 2011-01-11 09:59   59904              c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_d5fe2ecb\mfcm90.dll
                        + 2011-05-10 17:19 . 2011-05-10 17:19   16384              c:\windows\temp\Perflib_Perfdata_798.dat
                        + 2011-01-11 09:59 . 2011-01-11 09:59   653136              c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_0517bbc6\msvcr90.dll
                        + 2011-01-11 09:59 . 2011-01-11 09:59   569680              c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_0517bbc6\msvcp90.dll
                        + 2011-01-11 09:59 . 2011-01-11 09:59   225280              c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_0517bbc6\msvcm90.dll
                        + 2011-01-11 09:59 . 2011-01-11 09:59   159048              c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_65b7a93a\atl90.dll
                        + 2011-05-09 17:10 . 2011-05-09 17:10   223232              c:\windows\Installer\186080.msi
                        + 2011-01-11 09:59 . 2011-01-11 09:59   3780936              c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_d5fe2ecb\mfc90u.dll
                        + 2011-01-11 09:59 . 2011-01-11 09:59   3766088              c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_d5fe2ecb\mfc90.dll
                        .
                        (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
                        .
                        .
                        *Note* empty entries & legit default entries are not shown
                        REGEDIT4
                        .
                        [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                        "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
                        "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-05-08 2424192]
                        .
                        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                        "igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
                        "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
                        "igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
                        "SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 339968]
                        "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
                        "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-02-18 49208]
                        "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
                        "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-14 421160]
                        "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
                        .
                        [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
                        "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
                        .
                        c:\documents and settings\Default User\Start Menu\Programs\Startup\
                        ykitl.exe [2011-5-8 284160]
                        .
                        c:\documents and settings\Owner\Start Menu\Programs\Startup\
                        OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
                        .
                        c:\documents and settings\All Users\Start Menu\Programs\Startup\
                        HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
                        Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
                        .
                        [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
                        "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
                        "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
                        .
                        [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
                        2009-09-03 22:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.DLL
                        .
                        [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
                        @="Service"
                        .
                        [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
                        @="Driver"
                        .
                        [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
                        @="Service"
                        .
                        [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
                        "%windir%\\system32\\sessmgr.exe"=
                        "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
                        "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
                        "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
                        "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
                        "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
                        "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
                        "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
                        "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
                        "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
                        "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
                        "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
                        "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
                        "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
                        "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
                        "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
                        "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
                        "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
                        "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
                        "c:\\Program Files\\iTunes\\iTunes.exe"=
                        .
                        [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
                        "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
                        .
                        R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 19:25 12872]
                        R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/05/2010 19:41 67656]
                        R2 ASTRA32;ASTRA32 Kernel Driver 5.2.1.0;c:\program files\ASTRA32\astra32.sys [22/02/2007 12:28 30864]
                        R2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [28/02/2010 02:33 821664]
                        R2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [24/04/2010 01:10 483688]
                        R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfsxp.sys [02/12/2009 22:23 554344]
                        R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplayxp.sys [02/12/2009 22:23 211432]
                        R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirxp.sys [02/12/2009 22:23 20584]
                        R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvolxp.sys [02/12/2009 22:23 18280]
                        R3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [24/04/2010 01:10 209768]
                        S0 nwba;nwba;c:\windows\system32\drivers\fxufjr.sys --> c:\windows\system32\drivers\fxufjr.sys [?]
                        S1 ethxylvf;ethxylvf;c:\windows\system32\drivers\ethxylvf.sys [05/05/2011 22:25 135680]
                        S2 AMService;AMService;c:\windows\TEMP\kixd\setup.exe run --> c:\windows\TEMP\kixd\setup.exe run [?]
                        S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 14:16 130384]
                        S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [09/01/2010 21:37 4640000]
                        S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [04/08/2004 11:00 14336]
                        S3 WMZuneComm;Zune Windows Mobile Connectivity Service;f:\zune\WMZuneComm.exe --> f:\zune\WMZuneComm.exe [?]
                        S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 14:16 753504]
                        .
                        [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
                        WINRM   REG_MULTI_SZ      WINRM
                        .
                        .
                        ------- Supplementary Scan -------
                        .
                        uInternet Settings,ProxyOverride = *.local
                        .
                        .
                        **************************************************************************
                        .
                        catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
                        Rootkit scan 2011-05-10 18:20
                        Windows 5.1.2600 Service Pack 3 NTFS
                        .
                        scanning hidden processes ... 
                        .
                        scanning hidden autostart entries ...
                        .
                        scanning hidden files ... 
                        .
                        scan completed successfully
                        hidden files: 0
                        .
                        **************************************************************************
                        .
                        --------------------- LOCKED REGISTRY KEYS ---------------------
                        .
                        [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
                        @Denied: (A 2) (Everyone)
                        @="FlashBroker"
                        "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
                        .
                        [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
                        "Enabled"=dword:00000001
                        .
                        [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
                        @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
                        .
                        [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
                        @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
                        .
                        [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
                        @Denied: (A 2) (Everyone)
                        @="IFlashBroker4"
                        .
                        [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
                        @="{00020424-0000-0000-C000-000000000046}"
                        .
                        [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
                        @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
                        "Version"="1.0"
                        .
                        --------------------- DLLs Loaded Under Running Processes ---------------------
                        .
                        - - - - - - - > 'winlogon.exe'(640)
                        c:\program files\SUPERAntiSpyware\SASWINLO.DLL
                        c:\windows\system32\WININET.dll
                        .
                        - - - - - - - > 'explorer.exe'(560)
                        c:\windows\system32\WININET.dll
                        c:\windows\system32\ieframe.dll
                        c:\windows\system32\webcheck.dll
                        c:\windows\system32\WPDShServiceObj.dll
                        c:\windows\system32\PortableDeviceTypes.dll
                        c:\windows\system32\PortableDeviceApi.dll
                        .
                        ------------------------ Other Running Processes ------------------------
                        .
                        c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
                        c:\program files\Bonjour\mDNSResponder.exe
                        c:\program files\Java\jre6\bin\jqs.exe
                        c:\windows\system32\SearchIndexer.exe
                        c:\windows\system32\wscntfy.exe
                        c:\windows\stsystra.exe
                        c:\program files\OpenOffice.org 3\program\soffice.exe
                        c:\program files\OpenOffice.org 3\program\soffice.bin
                        c:\program files\iPod\bin\iPodService.exe
                        c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
                        .
                        **************************************************************************
                        .
                        Completion time: 2011-05-10  18:23:43 - machine was rebooted
                        ComboFix-quarantined-files.txt  2011-05-10 17:23
                        ComboFix2.txt  2011-05-09 16:54
                        .
                        Pre-Run: 488,152,834,048 bytes free
                        Post-Run: 488,185,438,208 bytes free
                        .
                        - - End Of File - - 39F9F2BE1C45ACA3A07C972651ABE405

                        SuperDave

                        • Malware Removal Specialist
                        • Moderator


                        • Genius
                        • Thanked: 988
                        • Certifications: List
                        • Experience: Expert
                        • OS: Windows 8
                        Re: Can someone help me please!!
                        « Reply #17 on: May 10, 2011, 12:53:37 PM »
                        Ok. Just a few more things to do. Any improvement in your computer?

                        Re-running ComboFix to remove infections:

                        • Close any open browsers.
                        • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
                        • Open notepad and copy/paste the text in the quotebox below into it:
                          Quote
                          KillAll::

                          File::
                          c:\windows\system32\drivers\ethxylvf.sys
                          c:\documents and settings\Default User\Start Menu\Programs\Startup\
                          ykitl.exe

                          Driver::
                          ethxylvf
                        • Save this as CFScript.txt, in the same location as ComboFix.exe



                        • Referring to the picture above, drag CFScript into ComboFix.exe
                        • When finished, it shall produce a log for you at C:\ComboFix.txt
                        • Please post the contents of the log in your next reply.
                        ******************************************************
                        Download Security Check by screen317 from one of the following links and save it to your desktop.

                        Link 1
                        Link 2

                        * Unzip SecurityCheck.zip and a folder named Security Check should appear.
                        * Open the Security Check folder and double-click Security Check.bat
                        * Follow the on-screen instructions inside of the black box.
                        * A Notepad document should open automatically called checkup.txt
                        * Post the contents of that document in your next reply.

                        Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
                        Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender

                        007will

                          Topic Starter


                          Beginner

                          Re: Can someone help me please!!
                          « Reply #18 on: May 11, 2011, 11:23:27 AM »
                           Results of screen317's Security Check version 0.99.10 
                           Windows XP Service Pack 3 
                           Internet Explorer 8 
                          ``````````````````````````````
                          Antivirus/Firewall Check:

                           Windows Firewall Enabled! 
                           Microsoft Security Essentials   
                          ```````````````````````````````
                          Anti-malware/Other Utilities Check:

                           Malwarebytes' Anti-Malware   
                           CCleaner     
                           Java(TM) 6 Update 25 
                           Out of date Java installed!
                           Adobe Flash Player   
                          ````````````````````````````````
                          Process Check: 
                          objlist.exe by Laurent

                           Microsoft Security Essentials msseces.exe
                          ``````````End of Log````````````

                          007will

                            Topic Starter


                            Beginner

                            Re: Can someone help me please!!
                            « Reply #19 on: May 11, 2011, 11:23:56 AM »
                            ComboFix 11-05-10.02 - Owner 11/05/2011  18:10:05.3.2 - x86
                            Microsoft Windows XP Home Edition  5.1.2600.3.1252.44.1033.18.1014.559 [GMT 1:00]
                            Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
                            Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
                            AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
                            .
                            FILE ::
                            "c:\documents and settings\Default User\Start Menu\Programs\Startup\"
                            "c:\windows\system32\drivers\ethxylvf.sys"
                            .
                            .
                            (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
                            .
                            .
                            c:\windows\system32\drivers\ethxylvf.sys
                            .
                            .
                            (((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
                            .
                            .
                            -------\Service_ethxylvf
                            .
                            .
                            (((((((((((((((((((((((((   Files Created from 2011-04-11 to 2011-05-11  )))))))))))))))))))))))))))))))
                            .
                            .
                            2011-05-08 11:48 . 2011-05-09 16:33   --------   d-----w-   c:\documents and settings\Owner\Application Data\Ulirmo
                            2011-05-05 21:22 . 2011-05-05 21:22   388096   ----a-r-   c:\documents and settings\Owner\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
                            2011-05-05 21:22 . 2011-05-05 21:22   --------   d-----w-   c:\program files\Trend Micro
                            2011-05-05 21:20 . 2011-05-05 21:20   --------   d-----w-   c:\program files\Common Files\Java
                            2011-05-05 20:44 . 2011-05-05 20:44   --------   d-----w-   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
                            2011-05-05 20:35 . 2010-12-20 17:09   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
                            2011-05-05 20:35 . 2010-12-20 17:08   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
                            2011-05-05 20:32 . 2011-05-05 20:32   --------   d-----w-   c:\program files\CCleaner
                            2011-05-05 18:46 . 2011-05-05 18:46   114176   --sha-r-   c:\windows\system32\rpcns4H.dll
                            2011-05-05 18:46 . 2011-05-05 18:46   114176   --sha-r-   c:\windows\system32\logonuiv.dll
                            2011-05-05 18:46 . 2011-05-05 18:46   114176   --sha-r-   c:\windows\system32\ialmuTHAU.dll
                            2011-05-05 18:41 . 2011-04-11 07:04   7071056   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7C8C2A59-AC6B-4305-BF8F-AA42A1FBBBC0}\mpengine.dll
                            2011-04-29 12:34 . 2011-04-29 12:34   --------   d-----w-   c:\windows\system32\wbem\Repository
                            2011-04-29 12:30 . 2011-04-29 12:33   --------   d-s---w-   c:\documents and settings\Administrator
                            2011-04-29 06:43 . 2011-04-29 06:43   --------   d-----w-   c:\documents and settings\Owner\Application Data\Sibelius Software
                            2011-04-28 23:18 . 2011-04-28 23:18   --------   d-----w-   c:\documents and settings\Owner\Application Data\Malwarebytes
                            2011-04-28 23:18 . 2011-04-28 23:18   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
                            2011-04-28 23:18 . 2011-05-05 20:35   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
                            2011-04-28 22:38 . 2011-04-28 22:38   --------   d-----w-   c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
                            2011-04-28 22:38 . 2011-05-08 11:50   --------   d-----w-   c:\program files\SUPERAntiSpyware
                            2011-04-25 15:51 . 2011-04-25 15:51   --------   d-----w-   c:\program files\iPod
                            2011-04-25 15:51 . 2011-04-25 15:53   --------   d-----w-   c:\program files\iTunes
                            2011-04-25 15:46 . 2011-04-25 15:46   --------   d-----w-   c:\program files\Bonjour
                            2011-04-25 14:07 . 2011-04-25 14:07   --------   d-----r-   C:\MSOCache
                            2011-04-25 13:59 . 2011-04-25 13:59   --------   d-----w-   c:\documents and settings\Owner\Local Settings\Application Data\SoftGrid Client
                            2011-04-25 13:59 . 2011-05-10 18:53   --------   d-----w-   c:\documents and settings\Owner\Application Data\SoftGrid Client
                            2011-04-25 13:59 . 2011-04-25 13:59   --------   d-----w-   c:\windows\system32\config\systemprofile\Application Data\{90140011-0062-0409-0000-0000000FF1CE}
                            2011-04-25 13:59 . 2011-05-10 18:53   --------   d-----w-   c:\windows\system32\config\systemprofile\Application Data\SoftGrid Client
                            2011-04-25 13:57 . 2011-04-25 13:57   --------   d-----w-   c:\documents and settings\All Users\Microsoft
                            2011-04-25 13:57 . 2011-04-29 12:38   --------   d-----w-   c:\program files\Microsoft Application Virtualization Client
                            2011-04-25 13:56 . 2011-04-25 14:01   --------   d-----w-   c:\documents and settings\Owner\Application Data\TP
                            2011-04-18 21:13 . 2011-04-18 21:13   --------   d-----w-   c:\documents and settings\Owner\Application Data\Amazon
                            2011-04-18 21:12 . 2011-04-18 21:12   --------   d-----w-   c:\program files\Amazon
                            2011-04-17 14:07 . 2011-04-17 14:07   --------   d-----w-   c:\windows\Sun
                            2011-04-16 14:29 . 2011-04-16 14:29   --------   d-----w-   c:\documents and settings\Owner\Application Data\OpenOffice.org
                            2011-04-16 14:26 . 2011-04-16 14:26   --------   d-----w-   c:\program files\OpenOffice.org 3
                            2011-04-16 14:25 . 2011-04-14 04:07   472808   ----a-w-   c:\windows\system32\deployJava1.dll
                            2011-04-16 14:25 . 2011-04-14 01:40   73728   ----a-w-   c:\windows\system32\javacpl.cpl
                            2011-04-16 14:25 . 2011-05-05 21:20   --------   d-----w-   c:\program files\Java
                            .
                            .
                            .
                            ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
                            .
                            2011-04-29 06:43 . 2011-04-29 06:43   1409   ----a-w-   c:\windows\Fonts\RPRSTITL.FOT
                            2011-04-29 06:43 . 2011-04-29 06:43   1409   ----a-w-   c:\windows\Fonts\RPRSTEXT.FOT
                            2011-04-29 06:43 . 2011-04-29 06:43   1409   ----a-w-   c:\windows\Fonts\RPRSSTMP.FOT
                            2011-04-29 06:43 . 2011-04-29 06:43   1409   ----a-w-   c:\windows\Fonts\RPRSSPEC.FOT
                            2011-04-29 06:43 . 2011-04-29 06:43   1409   ----a-w-   c:\windows\Fonts\RPRSSCRP.FOT
                            2011-04-29 06:43 . 2011-04-29 06:43   1409   ----a-w-   c:\windows\Fonts\RPRSREH_.FOT
                            2011-04-29 06:43 . 2011-04-29 06:43   1409   ----a-w-   c:\windows\Fonts\RPRSMET_.FOT
                            2011-04-29 06:43 . 2011-04-29 06:43   1409   ----a-w-   c:\windows\Fonts\RPRSCHOR.FOT
                            2011-04-29 06:43 . 2011-04-29 06:43   1409   ----a-w-   c:\windows\Fonts\RPRS____.FOT
                            2011-04-29 06:43 . 2011-04-29 06:43   1409   ----a-w-   c:\windows\Fonts\OPUSTEXT.FOT
                            2011-04-29 06:43 . 2011-04-29 06:43   1409   ----a-w-   c:\windows\Fonts\OPUSSE__.FOT
                            2011-04-29 06:43 . 2011-04-29 06:43   1409   ----a-w-   c:\windows\Fonts\OPUSS___.FOT
                            2011-04-29 06:43 . 2011-04-29 06:43   1409   ----a-w-   c:\windows\Fonts\OPUSROMC.FOT
                            2011-04-29 06:43 . 2011-04-29 06:43   1409   ----a-w-   c:\windows\Fonts\OPUSPC__.FOT
                            2011-04-29 06:43 . 2011-04-29 06:43   1409   ----a-w-   c:\windows\Fonts\OPUSP___.FOT
                            2011-04-29 06:43 . 2011-04-29 06:43   1409   ----a-w-   c:\windows\Fonts\OPUSO___.FOT
                            2011-04-29 06:43 . 2011-04-29 06:43   1409   ----a-w-   c:\windows\Fonts\OPUSNN__.FOT
                            2011-04-29 06:43 . 2011-04-29 06:43   1409   ----a-w-   c:\windows\Fonts\OPUSM___.FOT
                            2011-04-29 06:43 . 2011-04-29 06:43   1409   ----a-w-   c:\windows\Fonts\OPUSFS__.FOT
                            2011-04-29 06:43 . 2011-04-29 06:43   1409   ----a-w-   c:\windows\Fonts\OPUSFBE_.FOT
                            2011-04-29 06:43 . 2011-04-29 06:43   1409   ----a-w-   c:\windows\Fonts\OPUSFB__.FOT
                            2011-04-29 06:43 . 2011-04-29 06:43   1409   ----a-w-   c:\windows\Fonts\OPUSCSC_.FOT
                            2011-04-29 06:43 . 2011-04-29 06:43   1409   ----a-w-   c:\windows\Fonts\OPUSCS__.FOT
                            2011-04-29 06:43 . 2011-04-29 06:43   1409   ----a-w-   c:\windows\Fonts\OPUSC___.FOT
                            2011-04-29 06:43 . 2011-04-29 06:43   1409   ----a-w-   c:\windows\Fonts\OPUS____.FOT
                            2011-04-29 06:43 . 2011-04-29 06:43   1409   ----a-w-   c:\windows\Fonts\INKPEN2_.FOT
                            2011-04-29 06:43 . 2011-04-29 06:43   1409   ----a-w-   c:\windows\Fonts\INK2TEXT.FOT
                            2011-04-29 06:43 . 2011-04-29 06:43   1409   ----a-w-   c:\windows\Fonts\INK2SPEC.FOT
                            2011-04-29 06:43 . 2011-04-29 06:43   1409   ----a-w-   c:\windows\Fonts\INK2SCRI.FOT
                            2011-04-29 06:43 . 2011-04-29 06:43   1409   ----a-w-   c:\windows\Fonts\INK2METR.FOT
                            2011-04-29 06:43 . 2011-04-29 06:43   1409   ----a-w-   c:\windows\Fonts\INK2CHOR.FOT
                            2011-04-29 06:43 . 2011-04-29 06:43   1409   ----a-w-   c:\windows\Fonts\HELST___.FOT
                            2011-04-29 06:43 . 2011-04-29 06:43   1409   ----a-w-   c:\windows\Fonts\HELSS___.FOT
                            2011-04-29 06:43 . 2011-04-29 06:43   1409   ----a-w-   c:\windows\Fonts\HELSM___.FOT
                            2011-04-29 06:43 . 2011-04-29 06:43   1409   ----a-w-   c:\windows\Fonts\HELSINKI.FOT
                            2011-04-11 07:04 . 2011-02-06 22:20   7071056   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
                            2011-04-06 15:20 . 2011-04-06 15:20   91424   ----a-w-   c:\windows\system32\dnssd.dll
                            2011-04-06 15:20 . 2011-04-06 15:20   75040   ----a-w-   c:\windows\system32\jdns_sd.dll
                            2011-04-06 15:20 . 2011-04-06 15:20   197920   ----a-w-   c:\windows\system32\dnssdX.dll
                            2011-04-06 15:20 . 2011-04-06 15:20   107808   ----a-w-   c:\windows\system32\dns-sd.exe
                            2011-03-07 05:33 . 2011-01-11 19:25   692736   ----a-w-   c:\windows\system32\inetcomm.dll
                            2011-03-04 06:37 . 2004-08-04 10:00   420864   ----a-w-   c:\windows\system32\vbscript.dll
                            2011-03-03 13:21 . 2004-08-04 10:00   1857920   ----a-w-   c:\windows\system32\win32k.sys
                            2011-02-22 23:06 . 2006-03-04 03:33   916480   ----a-w-   c:\windows\system32\wininet.dll
                            2011-02-22 23:06 . 2004-08-04 10:00   43520   ------w-   c:\windows\system32\licmgr10.dll
                            2011-02-22 23:06 . 2004-08-04 10:00   1469440   ------w-   c:\windows\system32\inetcpl.cpl
                            2011-02-22 11:41 . 2004-08-04 10:00   385024   ------w-   c:\windows\system32\html.iec
                            2011-02-17 13:18 . 2004-08-04 10:00   455936   ----a-w-   c:\windows\system32\drivers\mrxsmb.sys
                            2011-02-17 13:18 . 2004-08-04 10:00   357888   ----a-w-   c:\windows\system32\drivers\srv.sys
                            2011-02-17 12:32 . 2011-01-19 20:06   5120   ----a-w-   c:\windows\system32\xpsp4res.dll
                            2011-02-15 12:56 . 2004-08-04 10:00   290432   ----a-w-   c:\windows\system32\atmfd.dll
                            .
                            .
                            (((((((((((((((((((((((((((((   [email protected]_16.53.14   )))))))))))))))))))))))))))))))))))))))))
                            .
                            + 2011-01-11 09:59 . 2011-01-11 09:59   51024              c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_214ee422\vcomp90.dll
                            + 2011-01-11 09:59 . 2011-01-11 09:59   59728              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90rus.dll
                            + 2011-01-11 09:59 . 2011-01-11 09:59   42832              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90kor.dll
                            + 2011-01-11 09:59 . 2011-01-11 09:59   43344              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90jpn.dll
                            + 2011-01-11 09:59 . 2011-01-11 09:59   61264              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90ita.dll
                            + 2011-01-11 09:59 . 2011-01-11 09:59   62800              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90fra.dll
                            + 2011-01-11 09:59 . 2011-01-11 09:59   61776              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90esp.dll
                            + 2011-01-11 09:59 . 2011-01-11 09:59   61776              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90esn.dll
                            + 2011-01-11 09:59 . 2011-01-11 09:59   53584              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90enu.dll
                            + 2011-01-11 09:59 . 2011-01-11 09:59   63312              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90deu.dll
                            + 2011-01-11 09:59 . 2011-01-11 09:59   36688              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90cht.dll
                            + 2011-01-11 09:59 . 2011-01-11 09:59   35664              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90chs.dll
                            + 2011-01-11 09:59 . 2011-01-11 09:59   59904              c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_d5fe2ecb\mfcm90u.dll
                            + 2011-01-11 09:59 . 2011-01-11 09:59   59904              c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_d5fe2ecb\mfcm90.dll
                            + 2011-05-11 17:15 . 2011-05-11 17:15   16384              c:\windows\temp\Perflib_Perfdata_660.dat
                            + 2011-01-11 09:59 . 2011-01-11 09:59   653136              c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_0517bbc6\msvcr90.dll
                            + 2011-01-11 09:59 . 2011-01-11 09:59   569680              c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_0517bbc6\msvcp90.dll
                            + 2011-01-11 09:59 . 2011-01-11 09:59   225280              c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_0517bbc6\msvcm90.dll
                            + 2011-01-11 09:59 . 2011-01-11 09:59   159048              c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_65b7a93a\atl90.dll
                            + 2011-05-09 17:10 . 2011-05-09 17:10   223232              c:\windows\Installer\186080.msi
                            + 2011-01-11 09:59 . 2011-01-11 09:59   3780936              c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_d5fe2ecb\mfc90u.dll
                            + 2011-01-11 09:59 . 2011-01-11 09:59   3766088              c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_d5fe2ecb\mfc90.dll
                            .
                            (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
                            .
                            .
                            *Note* empty entries & legit default entries are not shown
                            REGEDIT4
                            .
                            [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                            "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
                            "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-05-08 2424192]
                            .
                            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                            "igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
                            "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
                            "igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
                            "SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 339968]
                            "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
                            "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-02-18 49208]
                            "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
                            "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-14 421160]
                            "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
                            .
                            [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
                            "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
                            .
                            c:\documents and settings\Default User\Start Menu\Programs\Startup\
                            ykitl.exe [2011-5-8 284160]
                            .
                            c:\documents and settings\Owner\Start Menu\Programs\Startup\
                            OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
                            .
                            c:\documents and settings\All Users\Start Menu\Programs\Startup\
                            HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
                            Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
                            .
                            [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
                            "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
                            "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
                            .
                            [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
                            2009-09-03 22:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.DLL
                            .
                            [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
                            @="Service"
                            .
                            [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
                            @="Driver"
                            .
                            [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
                            @="Service"
                            .
                            [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
                            "%windir%\\system32\\sessmgr.exe"=
                            "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
                            "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
                            "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
                            "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
                            "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
                            "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
                            "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
                            "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
                            "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
                            "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
                            "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
                            "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
                            "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
                            "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
                            "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
                            "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
                            "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
                            "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
                            "c:\\Program Files\\iTunes\\iTunes.exe"=
                            .
                            [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
                            "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
                            .
                            R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 19:25 12872]
                            R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/05/2010 19:41 67656]
                            R2 ASTRA32;ASTRA32 Kernel Driver 5.2.1.0;c:\program files\ASTRA32\astra32.sys [22/02/2007 12:28 30864]
                            R2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [28/02/2010 02:33 821664]
                            R2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [24/04/2010 01:10 483688]
                            R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfsxp.sys [02/12/2009 22:23 554344]
                            R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplayxp.sys [02/12/2009 22:23 211432]
                            R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirxp.sys [02/12/2009 22:23 20584]
                            R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvolxp.sys [02/12/2009 22:23 18280]
                            R3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [24/04/2010 01:10 209768]
                            S0 nwba;nwba;c:\windows\system32\drivers\fxufjr.sys --> c:\windows\system32\drivers\fxufjr.sys [?]
                            S2 AMService;AMService;c:\windows\TEMP\kixd\setup.exe run --> c:\windows\TEMP\kixd\setup.exe run [?]
                            S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 14:16 130384]
                            S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [09/01/2010 21:37 4640000]
                            S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [04/08/2004 11:00 14336]
                            S3 WMZuneComm;Zune Windows Mobile Connectivity Service;f:\zune\WMZuneComm.exe --> f:\zune\WMZuneComm.exe [?]
                            S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 14:16 753504]
                            .
                            [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
                            WINRM   REG_MULTI_SZ      WINRM
                            .
                            .
                            ------- Supplementary Scan -------
                            .
                            uInternet Settings,ProxyOverride = *.local
                            .
                            .
                            **************************************************************************
                            .
                            catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
                            Rootkit scan 2011-05-11 18:16
                            Windows 5.1.2600 Service Pack 3 NTFS
                            .
                            scanning hidden processes ... 
                            .
                            scanning hidden autostart entries ...
                            .
                            scanning hidden files ... 
                            .
                            scan completed successfully
                            hidden files: 0
                            .
                            **************************************************************************
                            .
                            --------------------- LOCKED REGISTRY KEYS ---------------------
                            .
                            [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
                            @Denied: (A 2) (Everyone)
                            @="FlashBroker"
                            "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
                            .
                            [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
                            "Enabled"=dword:00000001
                            .
                            [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
                            @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
                            .
                            [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
                            @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
                            .
                            [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
                            @Denied: (A 2) (Everyone)
                            @="IFlashBroker4"
                            .
                            [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
                            @="{00020424-0000-0000-C000-000000000046}"
                            .
                            [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
                            @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
                            "Version"="1.0"
                            .
                            --------------------- DLLs Loaded Under Running Processes ---------------------
                            .
                            - - - - - - - > 'winlogon.exe'(620)
                            c:\program files\SUPERAntiSpyware\SASWINLO.DLL
                            c:\windows\system32\WININET.dll
                            .
                            - - - - - - - > 'explorer.exe'(3248)
                            c:\windows\system32\WININET.dll
                            c:\windows\system32\ieframe.dll
                            c:\windows\system32\webcheck.dll
                            c:\windows\system32\WPDShServiceObj.dll
                            c:\windows\system32\PortableDeviceTypes.dll
                            c:\windows\system32\PortableDeviceApi.dll
                            .
                            ------------------------ Other Running Processes ------------------------
                            .
                            c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
                            c:\program files\Bonjour\mDNSResponder.exe
                            c:\program files\Java\jre6\bin\jqs.exe
                            c:\windows\system32\SearchIndexer.exe
                            c:\windows\system32\wscntfy.exe
                            c:\windows\stsystra.exe
                            c:\program files\OpenOffice.org 3\program\soffice.exe
                            c:\program files\OpenOffice.org 3\program\soffice.bin
                            c:\program files\iPod\bin\iPodService.exe
                            c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
                            .
                            **************************************************************************
                            .
                            Completion time: 2011-05-11  18:19:13 - machine was rebooted
                            ComboFix-quarantined-files.txt  2011-05-11 17:19
                            ComboFix2.txt  2011-05-10 17:23
                            ComboFix3.txt  2011-05-09 16:54
                            .
                            Pre-Run: 488,131,448,832 bytes free
                            Post-Run: 488,109,334,528 bytes free
                            .
                            - - End Of File - - 3134006567461E2BA064FDD000367D38

                            SuperDave

                            • Malware Removal Specialist
                            • Moderator


                            • Genius
                            • Thanked: 988
                            • Certifications: List
                            • Experience: Expert
                            • OS: Windows 8
                            Re: Can someone help me please!!
                            « Reply #20 on: May 11, 2011, 11:57:15 AM »
                            SysProt Antirootkit

                            Download
                            SysProt Antirootkit from the link below (you will find it at the bottom
                            of the page under attachments, or you can get it from one of the
                            mirrors).

                            http://sites.google.com/site/sysprotantirootkit/

                            Unzip it into a folder on your desktop.
                            • Double click Sysprot.exe to start the program.
                            • Click on the Log tab.
                            • In the Write to log box select the following items.
                              • Process << Selected
                              • Kernel Modules << Selected
                              • SSDT << Selected
                              • Kernel Hooks << Selected
                              • IRP Hooks << NOT Selected
                              • Ports << NOT Selected
                              • Hidden Files << Selected
                            • At the bottom of the page
                              • Hidden Objects Only << Selected
                            • Click on the Create Log button on the bottom right.
                            • After a few seconds a new window should appear.
                            • Select Scan Root Drive. Click on the Start button.
                            • When it is complete a new window will appear to indicate that the scan is finished.
                            • The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.
                            Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender

                            007will

                              Topic Starter


                              Beginner

                              Re: Can someone help me please!!
                              « Reply #21 on: May 12, 2011, 10:55:14 AM »
                              SysProt AntiRootkit v1.0.1.0
                              by swatkat

                              ******************************************************************************************
                              ******************************************************************************************

                              No Hidden Processes found

                              ******************************************************************************************
                              ******************************************************************************************
                              Kernel Modules:
                              Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
                              Service Name: ---
                              Module Base: AA45C000
                              Module End: AA474000
                              Hidden: Yes

                              Module Name: \SystemRoot\System32\Drivers\dump_WMILIB.SYS
                              Service Name: ---
                              Module Base: F7B58000
                              Module End: F7B5A000
                              Hidden: Yes

                              Module Name: C:\WINDOWS\system32\DRIVERS\WinUSB.sys
                              Service Name: WinUSB
                              Module Base: F7966000
                              Module End: F796E000
                              Hidden: Yes

                              Module Name: C:\WINDOWS\system32\DRIVERS\wudfrd.sys
                              Service Name: WudfRd
                              Module Base: AA1CC000
                              Module End: AA1ED000
                              Hidden: Yes

                              ******************************************************************************************
                              ******************************************************************************************
                              SSDT:
                              Function Name: ZwTerminateProcess
                              Address: AA567620
                              Driver Base: AA55D000
                              Driver End: AA57F000
                              Driver Name: \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

                              ******************************************************************************************
                              ******************************************************************************************
                              No Kernel Hooks found

                              ******************************************************************************************
                              ******************************************************************************************
                              Hidden files/folders:
                              Object: C:\Qoobox\BackEnv\AppData.folder.dat
                              Status: Access denied

                              Object: C:\Qoobox\BackEnv\Cache.folder.dat
                              Status: Access denied

                              Object: C:\Qoobox\BackEnv\Cookies.folder.dat
                              Status: Access denied

                              Object: C:\Qoobox\BackEnv\Desktop.folder.dat
                              Status: Access denied

                              Object: C:\Qoobox\BackEnv\Favorites.folder.dat
                              Status: Access denied

                              Object: C:\Qoobox\BackEnv\History.folder.dat
                              Status: Access denied

                              Object: C:\Qoobox\BackEnv\LocalAppData.folder.dat
                              Status: Access denied

                              Object: C:\Qoobox\BackEnv\LocalSettings.folder.dat
                              Status: Access denied

                              Object: C:\Qoobox\BackEnv\Music.folder.dat
                              Status: Access denied

                              Object: C:\Qoobox\BackEnv\NetHood.folder.dat
                              Status: Access denied

                              Object: C:\Qoobox\BackEnv\Personal.folder.dat
                              Status: Access denied

                              Object: C:\Qoobox\BackEnv\Pictures.folder.dat
                              Status: Access denied

                              Object: C:\Qoobox\BackEnv\PrintHood.folder.dat
                              Status: Access denied

                              Object: C:\Qoobox\BackEnv\Profiles.Folder.dat
                              Status: Access denied

                              Object: C:\Qoobox\BackEnv\Profiles.Folder.folder.dat
                              Status: Access denied

                              Object: C:\Qoobox\BackEnv\Programs.folder.dat
                              Status: Access denied

                              Object: C:\Qoobox\BackEnv\Recent.folder.dat
                              Status: Access denied

                              Object: C:\Qoobox\BackEnv\SendTo.folder.dat
                              Status: Access denied

                              Object: C:\Qoobox\BackEnv\SetPath.bat
                              Status: Access denied

                              Object: C:\Qoobox\BackEnv\StartMenu.folder.dat
                              Status: Access denied

                              Object: C:\Qoobox\BackEnv\StartUp.folder.dat
                              Status: Access denied

                              Object: C:\Qoobox\BackEnv\SysPath.dat
                              Status: Access denied

                              Object: C:\Qoobox\BackEnv\Templates.folder.dat
                              Status: Access denied

                              Object: C:\Qoobox\BackEnv\VikPev00
                              Status: Access denied


                              SuperDave

                              • Malware Removal Specialist
                              • Moderator


                              • Genius
                              • Thanked: 988
                              • Certifications: List
                              • Experience: Expert
                              • OS: Windows 8
                              Re: Can someone help me please!!
                              « Reply #22 on: May 12, 2011, 01:27:18 PM »
                              Looking good. Let's try this scan.

                              I'd like to scan your machine with ESET OnlineScan

                              •Hold down Control and click on the following link to open ESET OnlineScan in a new window.
                              ESET OnlineScan
                              •Click the button.
                              •For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
                              • Click on to download the ESET Smart Installer. Save it to your desktop.
                              • Double click on the icon on your desktop.
                              •Check
                              •Click the button.
                              •Accept any security warnings from your browser.
                              •Check
                              •Push the Start button.
                              •ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
                              •When the scan completes, push
                              •Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
                              •Push the button.
                              •Push
                              A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
                              Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender

                              007will

                                Topic Starter


                                Beginner

                                Re: Can someone help me please!!
                                « Reply #23 on: May 14, 2011, 04:44:45 AM »
                                C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\37\4bb6a8a5-26d0d414   Java/TrojanDownloader.OpenStream.NBV trojan
                                C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\31\3ba0d75f-12867f1f   Java/TrojanDownloader.OpenStream.NBV trojan
                                C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\6\27241306-4d955265   Java/TrojanDownloader.Agent.NCQ trojan

                                SuperDave

                                • Malware Removal Specialist
                                • Moderator


                                • Genius
                                • Thanked: 988
                                • Certifications: List
                                • Experience: Expert
                                • OS: Windows 8
                                Re: Can someone help me please!!
                                « Reply #24 on: May 14, 2011, 12:29:45 PM »
                                Please run ESET again and this time, clean the infections. How's your computer working now? Any other issues?
                                Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender


                                007will

                                  Topic Starter


                                  Beginner

                                  Re: Can someone help me please!!
                                  « Reply #26 on: May 15, 2011, 03:42:24 AM »
                                  ComboFix 11-05-14.01 - Owner 15/05/2011  10:25:44.4.2 - x86
                                  Microsoft Windows XP Home Edition  5.1.2600.3.1252.44.1033.18.1014.331 [GMT 1:00]
                                  Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
                                  Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
                                  AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
                                  .
                                  .
                                  (((((((((((((((((((((((((   Files Created from 2011-04-15 to 2011-05-15  )))))))))))))))))))))))))))))))
                                  .
                                  .
                                  2011-05-15 09:33 . 2011-05-15 09:33   28752   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3A938866-38C7-452E-BE72-C0210707AC87}\MpKsld931e1f3.sys
                                  2011-05-15 09:15 . 2011-05-15 09:15   28752   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3A938866-38C7-452E-BE72-C0210707AC87}\MpKslca26fab0.sys
                                  2011-05-15 09:14 . 2011-04-11 07:04   7071056   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3A938866-38C7-452E-BE72-C0210707AC87}\mpengine.dll
                                  2011-05-15 09:06 . 2011-05-15 09:06   404640   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
                                  2011-05-14 10:34 . 2011-05-14 10:34   --------   d-----w-   c:\documents and settings\All Users\Application Data\VirtualizedApplications
                                  2011-05-14 08:29 . 2011-05-14 08:29   --------   d-----w-   c:\program files\ESET
                                  2011-05-08 11:48 . 2011-05-09 16:33   --------   d-----w-   c:\documents and settings\Owner\Application Data\Ulirmo
                                  2011-05-05 21:22 . 2011-05-05 21:22   388096   ----a-r-   c:\documents and settings\Owner\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
                                  2011-05-05 21:22 . 2011-05-05 21:22   --------   d-----w-   c:\program files\Trend Micro
                                  2011-05-05 21:20 . 2011-05-05 21:20   --------   d-----w-   c:\program files\Common Files\Java
                                  2011-05-05 20:44 . 2011-05-05 20:44   --------   d-----w-   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
                                  2011-05-05 20:35 . 2010-12-20 17:09   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
                                  2011-05-05 20:35 . 2010-12-20 17:08   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
                                  2011-05-05 20:32 . 2011-05-05 20:32   --------   d-----w-   c:\program files\CCleaner
                                  2011-05-05 18:46 . 2011-05-05 18:46   114176   --sha-r-   c:\windows\system32\rpcns4H.dll
                                  2011-05-05 18:46 . 2011-05-05 18:46   114176   --sha-r-   c:\windows\system32\logonuiv.dll
                                  2011-05-05 18:46 . 2011-05-05 18:46   114176   --sha-r-   c:\windows\system32\ialmuTHAU.dll
                                  2011-04-29 12:34 . 2011-04-29 12:34   --------   d-----w-   c:\windows\system32\wbem\Repository
                                  2011-04-29 12:30 . 2011-04-29 12:33   --------   d-s---w-   c:\documents and settings\Administrator
                                  2011-04-29 06:43 . 2011-04-29 06:43   --------   d-----w-   c:\documents and settings\Owner\Application Data\Sibelius Software
                                  2011-04-28 23:18 . 2011-04-28 23:18   --------   d-----w-   c:\documents and settings\Owner\Application Data\Malwarebytes
                                  2011-04-28 23:18 . 2011-04-28 23:18   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
                                  2011-04-28 23:18 . 2011-05-05 20:35   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
                                  2011-04-28 22:38 . 2011-04-28 22:38   --------   d-----w-   c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
                                  2011-04-28 22:38 . 2011-05-08 11:50   --------   d-----w-   c:\program files\SUPERAntiSpyware
                                  2011-04-25 15:51 . 2011-04-25 15:51   --------   d-----w-   c:\program files\iPod
                                  2011-04-25 15:51 . 2011-04-25 15:53   --------   d-----w-   c:\program files\iTunes
                                  2011-04-25 15:46 . 2011-04-25 15:46   --------   d-----w-   c:\program files\Bonjour
                                  2011-04-25 14:07 . 2011-04-25 14:07   --------   d-----r-   C:\MSOCache
                                  2011-04-25 13:59 . 2011-04-25 13:59   --------   d-----w-   c:\documents and settings\Owner\Local Settings\Application Data\SoftGrid Client
                                  2011-04-25 13:59 . 2011-05-14 11:28   --------   d-----w-   c:\documents and settings\Owner\Application Data\SoftGrid Client
                                  2011-04-25 13:59 . 2011-04-25 13:59   --------   d-----w-   c:\windows\system32\config\systemprofile\Application Data\{90140011-0062-0409-0000-0000000FF1CE}
                                  2011-04-25 13:59 . 2011-05-14 11:28   --------   d-----w-   c:\windows\system32\config\systemprofile\Application Data\SoftGrid Client
                                  2011-04-25 13:57 . 2011-04-25 13:57   --------   d-----w-   c:\documents and settings\All Users\Microsoft
                                  2011-04-25 13:57 . 2011-04-29 12:38   --------   d-----w-   c:\program files\Microsoft Application Virtualization Client
                                  2011-04-25 13:56 . 2011-04-25 14:01   --------   d-----w-   c:\documents and settings\Owner\Application Data\TP
                                  2011-04-18 21:13 . 2011-04-18 21:13   --------   d-----w-   c:\documents and settings\Owner\Application Data\Amazon
                                  2011-04-18 21:12 . 2011-04-18 21:12   --------   d-----w-   c:\program files\Amazon
                                  2011-04-17 14:07 . 2011-04-17 14:07   --------   d-----w-   c:\windows\Sun
                                  2011-04-16 14:29 . 2011-04-16 14:29   --------   d-----w-   c:\documents and settings\Owner\Application Data\OpenOffice.org
                                  2011-04-16 14:26 . 2011-04-16 14:26   --------   d-----w-   c:\program files\OpenOffice.org 3
                                  2011-04-16 14:25 . 2011-04-14 04:07   472808   ----a-w-   c:\windows\system32\deployJava1.dll
                                  2011-04-16 14:25 . 2011-04-14 01:40   73728   ----a-w-   c:\windows\system32\javacpl.cpl
                                  2011-04-16 14:25 . 2011-05-05 21:20   --------   d-----w-   c:\program files\Java
                                  .
                                  .
                                  .
                                  ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
                                  .
                                  2011-04-29 06:43 . 2011-04-29 06:43   1409   ----a-w-   c:\windows\Fonts\RPRSTITL.FOT
                                  2011-04-29 06:43 . 2011-04-29 06:43   1409   ----a-w-   c:\windows\Fonts\RPRSTEXT.FOT
                                  2011-04-29 06:43 . 2011-04-29 06:43   1409   ----a-w-   c:\windows\Fonts\RPRSSTMP.FOT
                                  2011-04-29 06:43 . 2011-04-29 06:43   1409   ----a-w-   c:\windows\Fonts\RPRSSPEC.FOT
                                  2011-04-29 06:43 . 2011-04-29 06:43   1409   ----a-w-   c:\windows\Fonts\RPRSSCRP.FOT
                                  2011-04-29 06:43 . 2011-04-29 06:43   1409   ----a-w-   c:\windows\Fonts\RPRSREH_.FOT
                                  2011-04-29 06:43 . 2011-04-29 06:43   1409   ----a-w-   c:\windows\Fonts\RPRSMET_.FOT
                                  2011-04-29 06:43 . 2011-04-29 06:43   1409   ----a-w-   c:\windows\Fonts\RPRSCHOR.FOT
                                  2011-04-29 06:43 . 2011-04-29 06:43   1409   ----a-w-   c:\windows\Fonts\RPRS____.FOT
                                  2011-04-29 06:43 . 2011-04-29 06:43   1409   ----a-w-   c:\windows\Fonts\OPUSTEXT.FOT
                                  2011-04-29 06:43 . 2011-04-29 06:43   1409   ----a-w-   c:\windows\Fonts\OPUSSE__.FOT
                                  2011-04-29 06:43 . 2011-04-29 06:43   1409   ----a-w-   c:\windows\Fonts\OPUSS___.FOT
                                  2011-04-29 06:43 . 2011-04-29 06:43   1409   ----a-w-   c:\windows\Fonts\OPUSROMC.FOT
                                  2011-04-29 06:43 . 2011-04-29 06:43   1409   ----a-w-   c:\windows\Fonts\OPUSPC__.FOT
                                  2011-04-29 06:43 . 2011-04-29 06:43   1409   ----a-w-   c:\windows\Fonts\OPUSP___.FOT
                                  2011-04-29 06:43 . 2011-04-29 06:43   1409   ----a-w-   c:\windows\Fonts\OPUSO___.FOT
                                  2011-04-29 06:43 . 2011-04-29 06:43   1409   ----a-w-   c:\windows\Fonts\OPUSNN__.FOT
                                  2011-04-29 06:43 . 2011-04-29 06:43   1409   ----a-w-   c:\windows\Fonts\OPUSM___.FOT
                                  2011-04-29 06:43 . 2011-04-29 06:43   1409   ----a-w-   c:\windows\Fonts\OPUSFS__.FOT
                                  2011-04-29 06:43 . 2011-04-29 06:43   1409   ----a-w-   c:\windows\Fonts\OPUSFBE_.FOT
                                  2011-04-29 06:43 . 2011-04-29 06:43   1409   ----a-w-   c:\windows\Fonts\OPUSFB__.FOT
                                  2011-04-29 06:43 . 2011-04-29 06:43   1409   ----a-w-   c:\windows\Fonts\OPUSCSC_.FOT
                                  2011-04-29 06:43 . 2011-04-29 06:43   1409   ----a-w-   c:\windows\Fonts\OPUSCS__.FOT
                                  2011-04-29 06:43 . 2011-04-29 06:43   1409   ----a-w-   c:\windows\Fonts\OPUSC___.FOT
                                  2011-04-29 06:43 . 2011-04-29 06:43   1409   ----a-w-   c:\windows\Fonts\OPUS____.FOT
                                  2011-04-29 06:43 . 2011-04-29 06:43   1409   ----a-w-   c:\windows\Fonts\INKPEN2_.FOT
                                  2011-04-29 06:43 . 2011-04-29 06:43   1409   ----a-w-   c:\windows\Fonts\INK2TEXT.FOT
                                  2011-04-29 06:43 . 2011-04-29 06:43   1409   ----a-w-   c:\windows\Fonts\INK2SPEC.FOT
                                  2011-04-29 06:43 . 2011-04-29 06:43   1409   ----a-w-   c:\windows\Fonts\INK2SCRI.FOT
                                  2011-04-29 06:43 . 2011-04-29 06:43   1409   ----a-w-   c:\windows\Fonts\INK2METR.FOT
                                  2011-04-29 06:43 . 2011-04-29 06:43   1409   ----a-w-   c:\windows\Fonts\INK2CHOR.FOT
                                  2011-04-29 06:43 . 2011-04-29 06:43   1409   ----a-w-   c:\windows\Fonts\HELST___.FOT
                                  2011-04-29 06:43 . 2011-04-29 06:43   1409   ----a-w-   c:\windows\Fonts\HELSS___.FOT
                                  2011-04-29 06:43 . 2011-04-29 06:43   1409   ----a-w-   c:\windows\Fonts\HELSM___.FOT
                                  2011-04-29 06:43 . 2011-04-29 06:43   1409   ----a-w-   c:\windows\Fonts\HELSINKI.FOT
                                  2011-04-11 07:04 . 2011-02-06 22:20   7071056   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
                                  2011-04-06 15:20 . 2011-04-06 15:20   91424   ----a-w-   c:\windows\system32\dnssd.dll
                                  2011-04-06 15:20 . 2011-04-06 15:20   75040   ----a-w-   c:\windows\system32\jdns_sd.dll
                                  2011-04-06 15:20 . 2011-04-06 15:20   197920   ----a-w-   c:\windows\system32\dnssdX.dll
                                  2011-04-06 15:20 . 2011-04-06 15:20   107808   ----a-w-   c:\windows\system32\dns-sd.exe
                                  2011-03-07 05:33 . 2011-01-11 19:25   692736   ----a-w-   c:\windows\system32\inetcomm.dll
                                  2011-03-04 06:37 . 2004-08-04 10:00   420864   ----a-w-   c:\windows\system32\vbscript.dll
                                  2011-03-03 13:21 . 2004-08-04 10:00   1857920   ----a-w-   c:\windows\system32\win32k.sys
                                  2011-02-22 23:06 . 2006-03-04 03:33   916480   ----a-w-   c:\windows\system32\wininet.dll
                                  2011-02-22 23:06 . 2004-08-04 10:00   43520   ------w-   c:\windows\system32\licmgr10.dll
                                  2011-02-22 23:06 . 2004-08-04 10:00   1469440   ------w-   c:\windows\system32\inetcpl.cpl
                                  2011-02-22 11:41 . 2004-08-04 10:00   385024   ------w-   c:\windows\system32\html.iec
                                  2011-02-17 13:18 . 2004-08-04 10:00   455936   ----a-w-   c:\windows\system32\drivers\mrxsmb.sys
                                  2011-02-17 13:18 . 2004-08-04 10:00   357888   ----a-w-   c:\windows\system32\drivers\srv.sys
                                  2011-02-17 12:32 . 2011-01-19 20:06   5120   ----a-w-   c:\windows\system32\xpsp4res.dll
                                  2011-02-15 12:56 . 2004-08-04 10:00   290432   ----a-w-   c:\windows\system32\atmfd.dll
                                  .
                                  .
                                  (((((((((((((((((((((((((((((   [email protected]_16.53.14   )))))))))))))))))))))))))))))))))))))))))
                                  .
                                  + 2011-01-11 09:59 . 2011-01-11 09:59   51024              c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_214ee422\vcomp90.dll
                                  + 2011-01-11 09:59 . 2011-01-11 09:59   59728              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90rus.dll
                                  + 2011-01-11 09:59 . 2011-01-11 09:59   42832              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90kor.dll
                                  + 2011-01-11 09:59 . 2011-01-11 09:59   43344              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90jpn.dll
                                  + 2011-01-11 09:59 . 2011-01-11 09:59   61264              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90ita.dll
                                  + 2011-01-11 09:59 . 2011-01-11 09:59   62800              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90fra.dll
                                  + 2011-01-11 09:59 . 2011-01-11 09:59   61776              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90esp.dll
                                  + 2011-01-11 09:59 . 2011-01-11 09:59   61776              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90esn.dll
                                  + 2011-01-11 09:59 . 2011-01-11 09:59   53584              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90enu.dll
                                  + 2011-01-11 09:59 . 2011-01-11 09:59   63312              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90deu.dll
                                  + 2011-01-11 09:59 . 2011-01-11 09:59   36688              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90cht.dll
                                  + 2011-01-11 09:59 . 2011-01-11 09:59   35664              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90chs.dll
                                  + 2011-01-11 09:59 . 2011-01-11 09:59   59904              c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_d5fe2ecb\mfcm90u.dll
                                  + 2011-01-11 09:59 . 2011-01-11 09:59   59904              c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_d5fe2ecb\mfcm90.dll
                                  + 2011-05-15 09:33 . 2011-05-15 09:33   16384              c:\windows\temp\Perflib_Perfdata_74c.dat
                                  + 2011-01-11 09:59 . 2011-01-11 09:59   653136              c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_0517bbc6\msvcr90.dll
                                  + 2011-01-11 09:59 . 2011-01-11 09:59   569680              c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_0517bbc6\msvcp90.dll
                                  + 2011-01-11 09:59 . 2011-01-11 09:59   225280              c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_0517bbc6\msvcm90.dll
                                  + 2011-01-11 09:59 . 2011-01-11 09:59   159048              c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_65b7a93a\atl90.dll
                                  + 2011-05-15 09:06 . 2011-05-15 09:06   240288              c:\windows\system32\Macromed\Flash\FlashUtil10q_ActiveX.exe
                                  + 2011-05-15 09:06 . 2011-05-15 09:06   321184              c:\windows\system32\Macromed\Flash\FlashUtil10q_ActiveX.dll
                                  + 2011-05-09 17:10 . 2011-05-09 17:10   223232              c:\windows\Installer\186080.msi
                                  + 2011-01-11 09:59 . 2011-01-11 09:59   3780936              c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_d5fe2ecb\mfc90u.dll
                                  + 2011-01-11 09:59 . 2011-01-11 09:59   3766088              c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_d5fe2ecb\mfc90.dll
                                  + 2011-01-19 20:26 . 2011-05-11 17:41   42829768              c:\windows\system32\MRT.exe
                                  .
                                  (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
                                  .
                                  .
                                  *Note* empty entries & legit default entries are not shown
                                  REGEDIT4
                                  .
                                  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                                  "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
                                  "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-05-08 2424192]
                                  .
                                  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                                  "igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
                                  "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
                                  "igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
                                  "SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 339968]
                                  "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
                                  "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-02-18 49208]
                                  "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
                                  "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-14 421160]
                                  "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
                                  .
                                  [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
                                  "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
                                  .
                                  c:\documents and settings\Owner\Start Menu\Programs\Startup\
                                  OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
                                  .
                                  c:\documents and settings\All Users\Start Menu\Programs\Startup\
                                  HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
                                  Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
                                  .
                                  [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
                                  "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
                                  "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
                                  .
                                  [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
                                  2009-09-03 22:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.DLL
                                  .
                                  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
                                  @="Service"
                                  .
                                  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
                                  @="Driver"
                                  .
                                  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
                                  @="Service"
                                  .
                                  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
                                  "%windir%\\system32\\sessmgr.exe"=
                                  "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
                                  "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
                                  "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
                                  "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
                                  "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
                                  "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
                                  "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
                                  "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
                                  "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
                                  "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
                                  "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
                                  "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
                                  "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
                                  "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
                                  "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
                                  "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
                                  "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
                                  "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
                                  "c:\\Program Files\\iTunes\\iTunes.exe"=
                                  .
                                  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
                                  "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
                                  .
                                  R1 MpKslca26fab0;MpKslca26fab0;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3A938866-38C7-452E-BE72-C0210707AC87}\MpKslca26fab0.sys [15/05/2011 10:15 28752]
                                  R1 MpKsld931e1f3;MpKsld931e1f3;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3A938866-38C7-452E-BE72-C0210707AC87}\MpKsld931e1f3.sys [15/05/2011 10:33 28752]
                                  R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 19:25 12872]
                                  R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/05/2010 19:41 67656]
                                  R2 ASTRA32;ASTRA32 Kernel Driver 5.2.1.0;c:\program files\ASTRA32\astra32.sys [22/02/2007 12:28 30864]
                                  R2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [28/02/2010 02:33 821664]
                                  R2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [24/04/2010 01:10 483688]
                                  R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfsxp.sys [02/12/2009 22:23 554344]
                                  R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplayxp.sys [02/12/2009 22:23 211432]
                                  R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirxp.sys [02/12/2009 22:23 20584]
                                  R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvolxp.sys [02/12/2009 22:23 18280]
                                  R3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [24/04/2010 01:10 209768]
                                  S0 nwba;nwba;c:\windows\system32\drivers\fxufjr.sys --> c:\windows\system32\drivers\fxufjr.sys [?]
                                  S2 AMService;AMService;c:\windows\TEMP\kixd\setup.exe run --> c:\windows\TEMP\kixd\setup.exe run [?]
                                  S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 14:16 130384]
                                  S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [09/01/2010 21:37 4640000]
                                  S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [04/08/2004 11:00 14336]
                                  S3 WMZuneComm;Zune Windows Mobile Connectivity Service;f:\zune\WMZuneComm.exe [11/11/2010 14:57 268528]
                                  S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 14:16 753504]
                                  .
                                  --- Other Services/Drivers In Memory ---
                                  .
                                  *NewlyCreated* - MPKSLD931E1F3
                                  .
                                  [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
                                  WINRM   REG_MULTI_SZ      WINRM
                                  .
                                  Contents of the 'Scheduled Tasks' folder
                                  .
                                  2011-05-15 c:\windows\Tasks\MP Scheduled Scan.job
                                  - c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 12:26]
                                  .
                                  .
                                  ------- Supplementary Scan -------
                                  .
                                  uInternet Settings,ProxyOverride = *.local
                                  .
                                  .
                                  **************************************************************************
                                  .
                                  catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
                                  Rootkit scan 2011-05-15 10:35
                                  Windows 5.1.2600 Service Pack 3 NTFS
                                  .
                                  scanning hidden processes ... 
                                  .
                                  scanning hidden autostart entries ...
                                  .
                                  scanning hidden files ... 
                                  .
                                  scan completed successfully
                                  hidden files: 0
                                  .
                                  **************************************************************************
                                  .
                                  --------------------- LOCKED REGISTRY KEYS ---------------------
                                  .
                                  [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
                                  @Denied: (A 2) (Everyone)
                                  @="FlashBroker"
                                  "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe,-101"
                                  .
                                  [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
                                  "Enabled"=dword:00000001
                                  .
                                  [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
                                  @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe"
                                  .
                                  [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
                                  @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
                                  .
                                  [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
                                  @Denied: (A 2) (Everyone)
                                  @="IFlashBroker4"
                                  .
                                  [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
                                  @="{00020424-0000-0000-C000-000000000046}"
                                  .
                                  [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
                                  @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
                                  "Version"="1.0"
                                  .
                                  --------------------- DLLs Loaded Under Running Processes ---------------------
                                  .
                                  - - - - - - - > 'winlogon.exe'(620)
                                  c:\program files\SUPERAntiSpyware\SASWINLO.DLL
                                  c:\windows\system32\WININET.dll
                                  .
                                  - - - - - - - > 'explorer.exe'(724)
                                  c:\windows\system32\WININET.dll
                                  c:\windows\system32\ieframe.dll
                                  c:\windows\system32\webcheck.dll
                                  c:\windows\system32\WPDShServiceObj.dll
                                  c:\windows\system32\PortableDeviceTypes.dll
                                  c:\windows\system32\PortableDeviceApi.dll
                                  .
                                  ------------------------ Other Running Processes ------------------------
                                  .
                                  c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
                                  c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
                                  c:\program files\Bonjour\mDNSResponder.exe
                                  c:\program files\Java\jre6\bin\jqs.exe
                                  f:\zune\ZuneBusEnum.exe
                                  c:\windows\system32\SearchIndexer.exe
                                  c:\windows\stsystra.exe
                                  c:\program files\OpenOffice.org 3\program\soffice.exe
                                  c:\program files\OpenOffice.org 3\program\soffice.bin
                                  c:\program files\iPod\bin\iPodService.exe
                                  c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
                                  .
                                  **************************************************************************
                                  .
                                  Completion time: 2011-05-15  10:38:24 - machine was rebooted
                                  ComboFix-quarantined-files.txt  2011-05-15 09:38
                                  ComboFix2.txt  2011-05-11 17:19
                                  ComboFix3.txt  2011-05-10 17:23
                                  ComboFix4.txt  2011-05-09 16:54
                                  .
                                  Pre-Run: 487,744,663,552 bytes free
                                  Post-Run: 487,813,476,352 bytes free
                                  .
                                  - - End Of File - - 089C36B5AA4188206B2D13BE7F2779A3

                                  007will

                                    Topic Starter


                                    Beginner

                                    Re: Can someone help me please!!
                                    « Reply #27 on: May 15, 2011, 03:43:51 AM »
                                    SORRY! READ THE WRONG PAGE. DONT WORRY ABOUT THE PREVIOUS COUPLE OF POSTS!!

                                    007will

                                      Topic Starter


                                      Beginner

                                      Re: Can someone help me please!!
                                      « Reply #28 on: May 15, 2011, 04:29:46 AM »
                                      I've scanned again and got rid of the infections. Touch wood, everything seems to be okay at the mo i think...

                                      SuperDave

                                      • Malware Removal Specialist
                                      • Moderator


                                      • Genius
                                      • Thanked: 988
                                      • Certifications: List
                                      • Experience: Expert
                                      • OS: Windows 8
                                      Re: Can someone help me please!!
                                      « Reply #29 on: May 15, 2011, 12:59:16 PM »
                                      That's great. Let's do some cleanup.

                                      To uninstall ComboFix

                                      • Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
                                      • In the field, type in ComboFix /uninstall


                                      (Note: Make sure there's a space between the word ComboFix and the forward-slash.)

                                      • Then, press Enter, or click OK.
                                      • This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.
                                      *******************************************************
                                      Clean out your temporary internet files and temp files.

                                      Download TFC by OldTimer to your desktop.

                                      Double-click TFC.exe to run it.

                                      Note: If you are running on Vista, right-click on the file and choose Run As Administrator

                                      TFC will close all programs when run, so make sure you have saved all your work before you begin.

                                      * Click the Start button to begin the cleaning process.
                                      * Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
                                      * Please let TFC run uninterrupted until it is finished.

                                      Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
                                      *******************************************************
                                      Looking over your log it seems you don't have any evidence of a third party firewall.

                                      Firewalls protect against hackers and malicious intruders. You need to download a free firewall from one of these reliable vendors.

                                      Remember only install ONE firewall

                                      1) Comodo Personal Firewall (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one)
                                      2) Online Armor
                                      3) Agnitum Outpost
                                      4) PC Tools Firewall Plus

                                      If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.
                                      **************************************************
                                      Use the Secunia Software Inspector to check for out of date software.

                                      •Click Start Now

                                      •Check the box next to Enable thorough system inspection.

                                      •Click Start

                                      •Allow the scan to finish and scroll down to see if any updates are needed.
                                      •Update anything listed.
                                      .
                                      ----------

                                      Go to Microsoft Windows Update and get all critical updates.

                                      ----------

                                      I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

                                      SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
                                      * Using SpywareBlaster to protect your computer from Spyware and Malware
                                      * If you don't know what ActiveX controls are, see here

                                      Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

                                      Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

                                      Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
                                      Safe Surfing!
                                      Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender