Have computer viruses - no firewall

[ptownRandy]

Hi,
First of all - I think this website is awesome. I've been dealing with these viruses for a couple of weeks. While doing the pre-posting steps I felt for the first time that there was a possiblity that the viruses could be removed.

I've had viruses and malware off and on for about three months. It started when my computer was hacked (by my ex-boss) and my Macafee and Spybot were disabled. I couldn't download any other anti-virus program. Was advised by Legal Aid not to fix viruses in hopes that the hacker would return so that we could get more evidence for criminal charges. They did and we have enough to prosecute. (The purpose was not for revenge, but to prevent future hackings.) The viruses (I assume there is more than one) have really been bad in the past few weeks and I am going out of my mind. I did a system restore to get back to factory specs in hope that it would eliminate the viruses. It obviously didn't. I really could use your help with this. Since I was laid off I have started a cleaning and gardening business and have a part-time sales job. I've been able to use my neighbor's computer, but can't anymore. I need the computer as these two jobs are my only source of income.   

Symptoms Before Starting Pre-Posting Steps 

--Start up page went to rogue anti-spyware.
--Slow operating speeds
--Firewall being turned off
--Computer would freeze
--Couldn't download updates to Norton, windows defender and microsoft security. 
--Window Defender history would show some viruses. They weren't blocked or removed but permitted. Couldn't delete because the Quaratine Items and Allowed Items functions wouldn't work.
--Took about seven tries to download Java. Kept getting error messages.

Symptoms While and After Starting Pre-Posting Steps

--System is still slow.
--SuperAntiSpyware - was able to download updates.
--Norton - able to download updates.
--Windows Defender - unable to download updates. History had been deleted.
--Couldn't connect to Malwarebytes - had to reinstall. Worked fine.
--Microsoft Security - was able to download updates.
--Start up page is fine.

Computer Hope Steps I have taken

--Downloaded SuperAntiSpyware and ran scan.
--Downloaded Malwarebytes and ran scan.
--Deleted TeaTimer
--Checked Add and Remove folders for suspicious programs. I do this on a regular basis.
--Downloaded CCCleaner Slim and ran scan.
--Verified Java - have (TM)6 update 17
--Downloaded Hijack This and ran scan.
--I have SP2 - couldn't download SP3.
--I went to Computer Hope Process and Log Analyzing Tool - that's when I discovered:
--That I HAVE NO FIREWALL, although the Control Panel says it is on and the Taskbar says that the Norton Firwall is enabled.
--I removed what I could from Hijack This, although I couldn't find some of the viruses indentified by the Log Analyzing Tool. My eyes really burn. is there anyway to make non-Internet pages type larger?

I've attached the requested logs. Please help. I appreciate any assistance you can give.

Randy

[Saving space, attachment deleted by admin]

[SuperDave]

Hello ptownRandy and welcome to Computer Hope Forum. My name is Superdave but you can just call me SD. I will be helping you out with your particular problem on your computer. I am working under the guidance of one of the specialist of this forum so it may take a bit longer to process your logs.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

Download and rename HijackThis.exe (HJT)

* Double-click on HJTInstall.
* Click on the Install button.
* It will automatically place HJT in C:\Program Files\TrendMicro\HijackThis\HijackThis.exe.
* Upon install, HijackThis should open for you.

•Close HijackThis and rename it.

•Go to C:\Program Files\Trend Micro\HijackThis.exe

•Right click on HijackThis.exe and select Rename.

•Type in sniper.exe and press Enter.

•Right-click on sniper.exe and select Send To > Desktop (create shortcut)
.
* From the desktop open HijackThis.
* If using Windows Vista, Right-click and Run As Administrator.
* Click on the Do a system scan and save a log file button
* HijackThis will scan and then a log will open in notepad.
•Copy and Paste the entire contents of the log in your post.
.
Do not have HijackThis fix anything yet. Most of what it finds will be harmless or even required.
.
Although we have renamed HijackThis to sniper, we will still refer to it as HijackThis or HJT.
 

[ptownRandy]

Hi SuperDave,

Here's the log. I already had Hijack This, so I deleted it and reinstalled it.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:57:19 AM, on 12/6/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymSCUI.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\sniper.exe\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKCU\..\Run: [HijackThis startup scan] C:\Program Files\Trend Micro\HijackThis\HijackThis.exe /startupscan
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Update Service (gupdate1ca73a33c69bbca) (gupdate1ca73a33c69bbca) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - c:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 8045 bytes

[ptownRandy]

Hi Superdave,

Don't know if this helps. Since my last posting I've been running Malwarebytes, HijackThis, Microsoft Security Essentials and Windows Defender and trying to eliminate anything that looks suspicious. I tried eliminating everything on HijackThis. Everything worked fine except I couldn't use my email service at aim.com. I couldn't log on. It was an experiment out of desperation. I'll wait for you to give me the word on what to elminate.

Thanks,
Randy

[SuperDave]

Please don't try any fixes on your own. It could make things harder to repair. Your logs show that you are running two Anti-Virus programs at once: Norton and MicroSoft Security Essentials. You should never have more than one AV program running on your computer as it causes lots of problems. Please let me know which one you decide to uninstall and I'll help you with it. Please do this:

Download ComboFix by sUBs from one of the below links.  Be sure to save it to the Desktop.

link # 1
Link # 2

Close any open web browsers (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your anti-virus, and any anti-spyware real-time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Vista users Right-click combofix.exe and select Run as Administrator and follow the prompts.
Double-click combofix.exe and follow the prompts.
When finished, ComboFix will produce a log for you.
Post the ComboFix log and a new HijackThis log in your next reply.

NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your anti-virus and anti-spyware protection when ComboFix is complete.

[ptownRandy]

Trust me, I'm not going to do anything except what you say to do. I did all that between my first post and your reply. I don't know what info is important. Here are the logs.
ComboFix 09-12-07.01 - Compaq_Owner 12/07/2009 18:12.1.1 - x86
Running from: c:\documents and settings\Compaq_Owner.3637YAPHEH.000\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Norton AntiVirus 2005 *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\COMPAQ~1.000\LOCALS~1\Temp\tmp2.tmp
c:\documents and settings\Compaq_Owner\Application Data\Install.dat
c:\windows\system32\ps2.bat
c:\windows\viassary-hp.reg
D:\Autorun.inf

.
(((((((((((((((((((((((((   Files Created from 2009-11-07 to 2009-12-07  )))))))))))))))))))))))))))))))
.

2009-12-06 19:45 . 2009-08-07 00:23   215920   ----a-w-   c:\windows\system32\muweb.dll
2009-12-05 19:29 . 2009-12-05 19:29   --------   d-----w-   c:\windows\system32\wbem\Repository
2009-12-04 13:11 . 2009-12-04 14:23   --------   d-----w-   c:\windows\system32\NtmsData
2009-12-02 23:48 . 2009-12-02 23:48   664   ----a-w-   c:\windows\system32\d3d9caps.dat
2009-12-02 23:21 . 2009-12-02 23:21   --------   d-----w-   c:\documents and settings\Compaq_Owner.3637YAPHEH.000\Local Settings\Application Data\Temp
2009-12-02 23:21 . 2009-12-02 23:21   --------   d-----w-   c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-12-02 23:07 . 2009-12-02 23:07   --------   d-----w-   c:\documents and settings\Compaq_Owner.3637YAPHEH.000\Local Settings\Application Data\Real
2009-12-02 23:05 . 2009-12-02 23:05   --------   d-----w-   c:\program files\Common Files\xing shared
2009-12-02 23:00 . 2009-12-02 23:00   --------   d-----w-   c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-12-02 22:41 . 2009-12-02 22:41   --------   d-----w-   c:\program files\WOT
2009-12-02 13:45 . 2009-12-07 12:08   117760   ----a-w-   c:\documents and settings\Compaq_Owner.3637YAPHEH.000\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-12-02 09:23 . 2009-12-02 09:23   --------   d-----w-   c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2009-12-02 02:09 . 2009-12-02 02:09   --------   d-----w-   c:\documents and settings\Compaq_Owner.3637YAPHEH.000\Application Data\Malwarebytes
2009-12-02 02:09 . 2009-09-10 19:54   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-02 02:09 . 2009-09-10 19:53   19160   ----a-w-   c:\windows\system32\drivers\mbam.sys
2009-12-02 02:09 . 2009-12-02 16:25   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2009-12-01 21:05 . 2009-12-01 21:05   --------   d-----w-   c:\documents and settings\Compaq_Owner.3637YAPHEH.000\Application Data\SUPERAntiSpyware.com
2009-12-01 21:05 . 2009-12-01 21:05   --------   d-----w-   c:\program files\Common Files\Wise Installation Wizard
2009-12-01 20:44 . 2009-12-01 20:44   --------   d-----w-   c:\program files\CCleaner
2009-12-01 16:16 . 2007-04-28 14:41   40960   ----a-w-   c:\windows\system32\dldtvs.dll
2009-12-01 16:16 . 2007-12-12 21:32   360448   ----a-w-   c:\windows\system32\dldtcoin.dll
2009-12-01 16:16 . 2008-02-13 11:49   115200   ----a-w-   c:\windows\system32\Spool\prtprocs\w32x86\dldtdrpp.dll
2009-12-01 16:15 . 2008-02-19 22:25   81920   ----a-w-   c:\windows\system32\dldtcaps.dll
2009-12-01 16:15 . 2008-02-21 20:41   782336   ----a-w-   c:\windows\system32\dldtdrs.dll
2009-12-01 16:15 . 2007-11-13 19:13   69632   ----a-w-   c:\windows\system32\dldtcnv4.dll
2009-12-01 16:10 . 2008-02-25 16:38   17648   ----a-w-   c:\windows\system32\dldtwupd.exe
2009-12-01 16:10 . 2008-01-29 13:29   102400   ----a-w-   c:\windows\system32\dldtwupd.dll
2009-12-01 15:12 . 2009-12-01 15:18   --------   d-----w-   c:\documents and settings\All Users\Dl_cats
2009-12-01 15:08 . 2009-12-01 16:22   --------   d-----w-   c:\documents and settings\Compaq_Owner.3637YAPHEH.000\Application Data\Dell Imaging Toolbox
2009-12-01 15:06 . 2009-12-01 15:05   411368   ----a-w-   c:\windows\system32\deploytk.dll
2009-12-01 07:13 . 2008-06-13 13:10   272128   -c----w-   c:\windows\system32\dllcache\bthport.sys
2009-12-01 07:13 . 2008-06-13 13:10   272128   ------w-   c:\windows\system32\drivers\bthport.sys
2009-12-01 07:13 . 2009-11-03 01:42   195456   ------w-   c:\windows\system32\MpSigStub.exe
2009-12-01 07:11 . 2008-10-24 11:10   453632   -c----w-   c:\windows\system32\dllcache\mrxsmb.sys
2009-12-01 06:58 . 2009-08-07 00:23   274288   ----a-w-   c:\windows\system32\mucltui.dll
2009-12-01 03:30 . 2009-08-29 08:08   594432   -c----w-   c:\windows\system32\dllcache\msfeeds.dll
2009-12-01 03:30 . 2009-08-29 08:08   12800   -c----w-   c:\windows\system32\dllcache\xpshims.dll
2009-12-01 03:30 . 2009-08-29 08:08   55296   -c----w-   c:\windows\system32\dllcache\msfeedsbs.dll
2009-12-01 03:30 . 2009-08-29 08:08   1985536   -c----w-   c:\windows\system32\dllcache\iertutil.dll
2009-12-01 03:30 . 2009-08-29 08:08   246272   -c----w-   c:\windows\system32\dllcache\ieproxy.dll
2009-12-01 03:30 . 2009-08-29 08:08   11069440   -c----w-   c:\windows\system32\dllcache\ieframe.dll
2009-12-01 03:30 . 2009-08-04 13:58   2136064   -c----w-   c:\windows\system32\dllcache\ntkrnlmp.exe
2009-12-01 03:30 . 2009-08-04 14:00   2180352   -c----w-   c:\windows\system32\dllcache\ntoskrnl.exe
2009-12-01 03:30 . 2009-08-04 13:13   2015744   -c----w-   c:\windows\system32\dllcache\ntkrpamp.exe
2009-12-01 03:30 . 2009-08-04 13:13   2057728   -c----w-   c:\windows\system32\dllcache\ntkrnlpa.exe
2009-12-01 03:02 . 2009-08-07 00:24   44768   ----a-w-   c:\windows\system32\wups2.dll
2009-11-30 21:35 . 2009-12-06 16:56   --------   d-----w-   c:\program files\Trend Micro
2009-11-30 17:43 . 2009-12-01 15:04   152576   ----a-w-   c:\documents and settings\Compaq_Owner.3637YAPHEH.000\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-30 17:43 . 2009-12-01 15:03   79488   ----a-w-   c:\documents and settings\Compaq_Owner.3637YAPHEH.000\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-30 16:46 . 2009-11-30 16:46   --------   d-----w-   c:\documents and settings\All Users\Application Data\Dell V305
2009-11-30 12:41 . 2009-11-30 12:41   --------   d-----w-   c:\documents and settings\Compaq_Owner.3637YAPHEH.000\Application Data\InterMute
2009-11-29 20:53 . 2009-11-29 20:53   --------   d-----w-   c:\program files\interMute
2009-11-29 04:43 . 2009-12-04 00:22   1   ----a-w-   c:\documents and settings\Compaq_Owner.3637YAPHEH.000\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-11-29 04:42 . 2009-11-29 04:42   --------   d-----w-   c:\documents and settings\Compaq_Owner.3637YAPHEH.000\Application Data\OpenOffice.org
2009-11-29 04:18 . 2009-11-29 04:18   --------   d-----w-   c:\documents and settings\Compaq_Owner.3637YAPHEH.000\Application Data\Template
2009-11-29 04:01 . 2009-11-29 04:02   --------   d-----w-   c:\program files\Microsoft Home Publishing 2000
2009-11-29 03:55 . 2009-11-29 03:55   --------   d-----w-   c:\program files\Microsoft Encarta
2009-11-29 03:46 . 2009-11-29 03:47   --------   d-----w-   c:\program files\Microsoft Expedia Streets & Trips
2009-11-29 03:44 . 2009-11-29 03:44   --------   d-----w-   c:\documents and settings\Compaq_Owner.3637YAPHEH.000\Application Data\Microsoft Web Folders
2009-11-29 03:41 . 2009-11-29 03:41   --------   d-----w-   c:\windows\system32\ShellNew
2009-11-29 03:40 . 2009-11-29 03:41   --------   d-----w-   c:\program files\Microsoft Picture It! Express
2009-11-29 03:39 . 2009-11-29 03:39   --------   d-----w-   c:\program files\Microsoft Money
2009-11-29 03:34 . 2009-11-29 03:34   --------   d-----w-   c:\program files\Microsoft Works Suite 2000
2009-11-28 18:28 . 2009-11-28 18:28   --------   d-----w-   c:\windows\system32\drivers\NSS
2009-11-28 18:28 . 2009-11-28 18:28   --------   d-----w-   c:\program files\Norton Security Scan
2009-11-28 18:28 . 2009-11-28 18:28   --------   d-----w-   c:\program files\NortonInstaller
2009-11-28 15:03 . 2004-08-04 03:58   15104   -c--a-w-   c:\windows\system32\dllcache\usbscan.sys
2009-11-28 15:03 . 2004-08-04 03:58   15104   ----a-w-   c:\windows\system32\drivers\usbscan.sys
2009-11-28 15:03 . 2001-08-18 03:36   87040   -c--a-w-   c:\windows\system32\dllcache\wiafbdrv.dll
2009-11-28 15:03 . 2001-08-18 03:36   87040   ----a-w-   c:\windows\system32\wiafbdrv.dll
2009-11-28 14:54 . 2009-11-28 14:54   --------   d-----w-   c:\documents and settings\Compaq_Owner.3637YAPHEH.000\Local Settings\Application Data\Mozilla
2009-11-28 00:21 . 2009-11-28 00:21   --------   d-----w-   c:\program files\SymNetDrv
2009-11-27 05:12 . 2009-12-05 19:34   72232   ----a-w-   c:\documents and settings\Compaq_Owner.3637YAPHEH.000\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-27 04:53 . 2009-11-27 04:53   --------   d-sh--w-   c:\documents and settings\Compaq_Owner.3637YAPHEH.000\IECompatCache
2009-11-27 04:53 . 2009-11-27 04:53   --------   d-sh--w-   c:\documents and settings\Compaq_Owner.3637YAPHEH.000\PrivacIE
2009-11-27 04:51 . 2009-11-27 04:51   --------   d-sh--w-   c:\documents and settings\Compaq_Owner.3637YAPHEH.000\IETldCache
2009-11-27 04:43 . 2009-01-07 23:21   26144   ----a-w-   c:\windows\system32\spupdsvc.exe
2009-11-27 04:34 . 2009-11-27 04:34   --------   d-----w-   c:\documents and settings\Compaq_Owner.3637YAPHEH.000\Local Settings\Application Data\Identities
2009-11-27 03:33 . 2009-11-27 03:33   --------   d-sh--w-   c:\documents and settings\Compaq_Owner.3637YAPHEH.000\UserData
2009-11-27 03:15 . 2004-08-04 12:00   221184   ----a-w-   c:\windows\system32\wmpns.dll
2009-11-27 03:11 . 2004-10-20 14:47   --------   d-----w-   c:\windows\system32\config\systemprofile\Application Data\Apple Computer
2009-11-27 03:11 . 2004-10-21 10:13   --------   d-----w-   c:\windows\system32\config\systemprofile\Application Data\Symantec
2009-11-27 03:11 . 2004-10-21 06:40   --------   d-----w-   c:\windows\system32\config\systemprofile\Application Data\Sonic
2009-11-27 03:11 . 2004-10-21 06:40   --------   d-----w-   c:\windows\system32\config\systemprofile\Application Data\SampleView
2009-11-27 03:11 . 2004-10-20 14:47   --------   d-----w-   c:\windows\system32\config\systemprofile\WINDOWS
2009-11-27 03:11 . 2004-10-20 14:31   --------   d-----w-   c:\windows\system32\config\systemprofile\Application Data\Intervideo
2009-11-27 03:10 . 2003-09-19 06:47   10368   ------w-   c:\windows\system32\drivers\pfc.sys
2009-11-27 03:10 . 2003-09-11 04:36   21060   ------w-   c:\windows\system32\drivers\iviaspi.sys
2009-11-27 02:58 . 2001-08-17 22:02   9600   ----a-w-   c:\windows\system32\drivers\hidusb.sys
2009-11-27 02:58 . 2004-08-04 07:01   25856   ----a-w-   c:\windows\system32\drivers\usbprint.sys
2009-11-27 02:58 . 2004-08-04 07:08   31616   ----a-w-   c:\windows\system32\drivers\usbccgp.sys
2009-11-27 02:58 . 2004-08-04 06:58   4992   ----a-w-   c:\windows\system32\drivers\MSPQM.sys
2009-11-27 02:58 . 2004-08-04 06:58   5376   ----a-w-   c:\windows\system32\drivers\MSPCLOCK.sys
2009-11-27 02:57 . 2004-08-04 06:58   7552   ----a-w-   c:\windows\system32\drivers\MSKSSRV.sys
2009-11-27 02:57 . 2004-08-04 07:10   61056   ----a-w-   c:\windows\system32\drivers\ohci1394.sys
2009-11-27 02:57 . 2001-08-17 21:46   6400   ----a-w-   c:\windows\system32\drivers\enum1394.sys
2009-11-27 02:57 . 2004-08-04 07:10   53248   ----a-w-   c:\windows\system32\drivers\1394bus.sys
2009-11-27 01:45 . 2009-12-06 16:38   --------   dcsh--r-   c:\windows\system32\dllcache
2009-11-26 03:51 . 2009-12-01 15:57   --------   d-----w-   c:\program files\Windows Live Safety Center
2009-11-23 02:28 . 2009-11-23 02:30   --------   d-----w-   c:\program files\Microsoft Security Essentials
2009-11-23 00:15 . 2009-11-23 00:15   --------   d-----w-   c:\program files\RegCure
2009-11-16 01:23 . 2009-11-16 01:23   --------   d-----w-   c:\windows\Profiles
2009-11-15 23:08 . 2009-11-18 15:45   --------   d-----w-   c:\windows\11-15-2009
2009-11-13 19:24 . 2009-11-13 19:24   2289688   ----a-w-   c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ToolBox\LT\HostFileEditor.exe
2009-11-13 19:24 . 2009-11-13 19:24   77616   ----a-w-   c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\i386\sbapifsl.sys
2009-11-13 19:24 . 2009-11-13 19:24   69936   ----a-w-   c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\i386\sbapifs.sys
2009-11-13 19:24 . 2009-11-13 19:24   13360   ----a-w-   c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\i386\sbaphd.sys
2009-11-13 17:23 . 2009-11-13 17:23   --------   dc-h--w-   c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-11-13 17:23 . 2009-10-03 08:15   2924848   -c--a-w-   c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
2009-11-13 17:22 . 2009-11-13 17:25   --------   d-----w-   c:\documents and settings\All Users\Application Data\Lavasoft
2009-11-13 00:08 . 2009-11-13 00:08   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-13 00:02 . 2009-11-18 15:46   --------   d-----w-   C:\ProgramData
2009-11-13 00:02 . 2009-11-13 18:39   --------   d-----w-   c:\program files\Angle Interactive
2009-11-12 23:35 . 2009-11-12 23:27   181156   ----a-w-   C:\nod32removal.exe
2009-11-12 02:17 . 2009-11-12 02:17   --------   d-----w-   C:\11fe708f98d02de40080
2009-11-09 22:08 . 2009-11-09 22:08   --------   d-----w-   c:\program files\Alwil Software

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-07 22:41 . 2009-09-02 12:04   --------   d-----w-   c:\documents and settings\All Users\Application Data\NOS
2009-12-06 17:37 . 2009-11-28 15:24   --------   d-----w-   c:\program files\McAfee Security Scan
2009-12-06 14:03 . 2004-10-21 10:13   --------   d-----w-   c:\program files\Common Files\Symantec Shared
2009-12-05 19:29 . 2009-10-05 02:23   --------   d-----w-   c:\program files\JRE
2009-12-05 19:27 . 2009-12-05 19:26   --------   d-----w-   c:\program files\Dell V305
2009-12-05 19:26 . 2009-12-05 19:26   --------   d-----w-   c:\program files\Dell
2009-12-05 19:26 . 2006-10-24 19:33   --------   d-----w-   c:\program files\Google
2009-12-05 19:26 . 2009-12-04 14:45   --------   d-----w-   c:\program files\Dell V305(2)
2009-12-05 19:24 . 2006-01-22 23:15   --------   d-----w-   c:\program files\Common Files\AOL
2009-12-05 19:24 . 2009-12-05 14:27   --------   d-----w-   c:\documents and settings\Compaq_Owner.3637YAPHEH.000\Application Data\acccore
2009-12-05 19:24 . 2009-12-05 14:24   --------   d-----w-   c:\program files\AIM7
2009-12-05 14:24 . 2009-12-05 14:24   --------   d-----w-   c:\documents and settings\All Users\Application Data\AIM
2009-12-04 23:26 . 2009-12-04 21:50   111400   ----a-w-   c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-12-04 20:59 . 2009-10-05 02:23   --------   d-----w-   c:\program files\OpenOffice.org 3
2009-12-04 15:10 . 2009-12-04 15:10   --------   d-----w-   c:\documents and settings\Compaq_Owner.3637YAPHEH.000\Application Data\Blitware
2009-12-04 15:09 . 2009-12-04 15:09   --------   d-----w-   c:\program files\Driver Robot
2009-12-04 13:58 . 2004-10-20 13:39   --------   d-----w-   c:\program files\Java
2009-12-04 13:24 . 2004-10-20 13:13   --------   d-----w-   c:\program files\microsoft frontpage
2009-12-03 21:16 . 2004-10-20 14:40   --------   d-----w-   c:\program files\Microsoft Works
2009-12-03 20:50 . 2009-03-12 21:46   --------   d-----w-   c:\program files\Advanced Registry Optimizer
2009-12-03 17:42 . 2004-10-21 10:13   --------   d-----w-   c:\program files\Norton AntiVirus
2009-12-02 23:05 . 2004-10-20 14:25   --------   d-----w-   c:\program files\Common Files\Real
2009-12-01 21:06 . 2008-11-25 23:55   --------   d-----w-   c:\program files\SUPERAntiSpyware
2009-12-01 17:09 . 2009-12-01 17:09   3164   ----a-w-   c:\documents and settings\All Users\SPL7.tmp
2009-12-01 16:24 . 2009-12-01 16:24   3164   ----a-w-   c:\documents and settings\All Users\SPL8A.tmp
2009-12-01 15:57 . 2004-10-20 14:46   --------   d-----w-   c:\program files\QuickTime
2009-12-01 15:57 . 2004-10-20 14:46   --------   d-----w-   c:\program files\iTunes
2009-12-01 15:57 . 2004-10-20 14:30   --------   d-----w-   c:\program files\InterVideo
2009-12-01 15:56 . 2009-05-06 12:34   --------   d-----w-   c:\program files\Coupons
2009-12-01 03:00 . 2009-11-27 03:14   150   ----a-w-   c:\documents and settings\Compaq_Owner.3637YAPHEH.000\Local Settings\Application Data\fusioncache.dat
2009-11-30 17:05 . 2009-11-30 17:05   573322   ----a-w-   c:\documents and settings\All Users\SPL10.tmp
2009-11-30 16:44 . 2009-11-30 16:44   573322   ----a-w-   c:\documents and settings\All Users\SPL64.tmp
2009-11-29 21:18 . 2009-11-29 04:12   748   ----a-w-   c:\documents and settings\Compaq_Owner.3637YAPHEH.000\Application Data\wklnhst.dat
2009-11-28 18:28 . 2009-09-30 23:08   --------   d-----w-   c:\documents and settings\All Users\Application Data\Norton
2009-11-28 16:49 . 2009-11-28 16:49   --------   d-----w-   c:\documents and settings\Compaq_Owner.3637YAPHEH.000\Application Data\AdobeUM
2009-11-28 15:24 . 2009-11-28 15:24   --------   d-----w-   c:\documents and settings\All Users\Application Data\McAfee Security Scan
2009-11-28 00:22 . 2004-10-21 10:13   --------   d-----w-   c:\program files\Symantec
2009-11-28 00:17 . 2009-11-27 03:14   --------   d-----w-   c:\documents and settings\Compaq_Owner.3637YAPHEH.000\Application Data\Symantec
2009-11-27 03:32 . 2004-10-21 06:10   --------   d-----w-   c:\program files\Easy Internet signup
2009-11-27 03:14 . 2009-11-27 03:14   1900   --sha-r-   c:\windows\system32\drivers\103C_HP_CPC_PP161AA-ABA SR1330NX NA510_YC_0Pres_QCNH501_E51NAheRED3_47_I Kelut_SASUSTek Computer INC._V2.02_B3.11_T040902_WXH2_L409_M448 _J200_7AMD_8Athlon XP_92.2_#050309_N11063065_Z11C1048C_G11067205.MRK
2009-11-27 03:11 . 2004-10-20 14:30   --------   d--h--w-   c:\program files\InstallShield Installation Information
2009-11-23 12:45 . 2009-11-23 12:43   1536   ----a-w-   c:\windows\~DF8C99.tmp
2009-11-20 22:03 . 2009-11-20 22:02   1536   ----a-w-   c:\windows\~DF826.tmp
2009-11-20 22:03 . 2009-11-20 22:02   1536   ----a-w-   c:\windows\~DF814.tmp
2009-11-20 22:03 . 2009-11-20 22:02   1536   ----a-w-   c:\windows\~DF83D.tmp
2009-11-16 03:43 . 2009-11-16 01:23   1536   ----a-w-   c:\windows\~DFF9FD.tmp
2009-11-16 03:43 . 2009-11-16 01:23   1536   ----a-w-   c:\windows\~DFFFF4.tmp
2009-11-16 01:31 . 2009-11-16 01:23   1536   ----a-w-   c:\windows\~DFF9D1.tmp
2009-11-16 01:31 . 2009-11-16 01:23   1536   ----a-w-   c:\windows\~DFFAD3.tmp
2009-11-13 17:24 . 2009-11-13 17:24   93360   ----a-w-   c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\SBREDrv.sys
2009-11-13 17:24 . 2009-11-13 17:24   554280   ----a-w-   c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\sbap.dll
2009-11-13 17:24 . 2009-11-13 17:24   15880   ----a-w-   c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-11-13 17:24 . 2009-11-13 17:24   283944   ----a-w-   c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Vipre.dll
2009-11-13 17:24 . 2009-11-13 17:24   212480   ----a-w-   c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\VipreBridge.dll
2009-11-13 17:24 . 2009-11-13 17:24   1223976   ----a-w-   c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBTE.dll
2009-11-13 17:24 . 2009-11-13 17:24   242984   ----a-w-   c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBRE.dll
2009-11-13 17:24 . 2009-11-13 17:24   5908024   ----a-w-   c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-11-13 17:22 . 2009-09-24 01:37   --------   d-----w-   c:\program files\Lavasoft
2009-10-26 03:10 . 2009-08-15 21:56   --------   d-----w-   c:\program files\McAfee
2009-10-26 01:36 . 2009-10-26 01:36   1341824   ----a-w-   c:\documents and settings\All Users\SPL3A.tmp
2009-10-26 01:00 . 2009-01-12 01:48   --------   d-----w-   c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-10-26 01:00 . 2009-01-12 01:48   --------   d-----w-   c:\program files\Spybot - Search & Destroy
2009-10-20 18:32 . 2009-09-27 19:32   --------   d---a-w-   c:\documents and settings\All Users\Application Data\TEMP
2009-10-20 17:42 . 2005-03-15 19:51   --------   d-----w-   c:\program files\Viewpoint
2009-10-19 18:07 . 2009-10-19 18:07   3887016   ----a-w-   c:\documents and settings\All Users\SPL1C.tmp
2009-10-04 18:05 . 2008-11-05 20:15   77824   ----a-w-   c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\ess\bindbins\BindBins.exe
2009-10-04 18:05 . 2009-10-04 18:05   1179648   ----a-w-   c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_140002_312fbc\EasyShrx.Dll
2009-10-03 13:10 . 2009-10-03 13:10   1648006   ----a-w-   c:\documents and settings\All Users\SPL1E.tmp
2009-10-03 12:16 . 2009-10-03 12:16   360580   ----a-w-   c:\windows\eSellerateEngine.dll
2009-09-25 14:56 . 2009-09-25 14:56   148168   ----a-w-   c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-09-25 13:52 . 2009-09-25 13:52   73416   ----a-w-   c:\documents and settings\Hiram\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-25 13:38 . 2009-09-25 13:38   152576   ----a-w-   c:\documents and settings\Hiram\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-09-11 14:33 . 2004-12-28 10:36   133632   ----a-w-   c:\windows\system32\msv1_0.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"="c:\program files\CCleaner\ccleaner.exe" [2009-11-24 1738040]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-11-23 2001648]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-27 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2004-06-05 286720]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-08-21 155648]
"SiSPower"="SiSPower.dll" [2004-09-24 49152]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 58984]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-30 88363]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-15 253952]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-04-18 196608]
"Symantec NetDriver Monitor"="c:\progra~1\SYMNET~1\SNDMon.exe" [2009-11-28 100056]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2004-10-20 98304]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2009-09-13 1048392]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-01 149280]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-12-02 198160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\Compaq_Owner\Start Menu\Programs\Startup\
Adobe Media Player.lnk - c:\documents and settings\Adobe Media Player\Adobe Media Player.exe [2009-6-6 261632]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
McAfee Security Scan.lnk - c:\program files\McAfee Security Scan\1.0.150\SSScheduler.exe [2009-7-27 199184]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-9-4 65588]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Compaq Connections\\6750491\\Program\\Compaq Connections.exe"=
"c:\\Program Files\\interMute\\SpySubtract\\SpySub.exe"=
"c:\\Program Files\\Dell V305\\dldtmon.exe"=
"c:\\Program Files\\Dell V305\\dldtamon.exe"=
"c:\\Program Files\\Dell V305\\FRun.exe"=
"c:\\Program Files\\Abbyy FineReader 6.0 Sprint\\scan\\scanman6.exe"=
"c:\\WINDOWS\\system32\\dldtcoms.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldtpswx.exe"=
"c:\\Program Files\\Dell V305\\Diagnostics\\DLDTdiag.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\WINDOWS\\system32\\dldtcfg.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [11/23/2009 8:43 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [11/23/2009 8:43 AM 74480]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [11/23/2009 8:43 AM 7408]
.
------- Supplementary Scan -------
.
Handler: ms-its51 - {F6F1E82D-DE4D-11D2-875C-0000F8105754} - c:\program files\Common Files\Microsoft Shared\Information Retrieval\itss51.dll
FF - ProfilePath - c:\documents and settings\Compaq_Owner.3637YAPHEH.000\Application Data\Mozilla\Firefox\Profiles\rrmylbld.default\
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAskSBr.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, falsec:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
.
------- File Associations -------
.
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
HKCU-Run-HijackThis startup scan - c:\program files\Trend Micro\HijackThis\HijackThis.exe
ShellExecuteHooks-{FA010552-4A27-4cb1-A1BB-3E2D697F1639} - (no file)
AddRemove-HijackThis - c:\program files\Trend Micro\HijackThis\HijackThis.exe
AddRemove-Microsoft Interactive Training - c:\windows\IsUninst.exe -fc:\windows\orun32.isu



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-07 18:48
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(712)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
.
Completion time: 2009-12-07 19:01
ComboFix-quarantined-files.txt  2009-12-08 00:01

Pre-Run: 159,788,105,728 bytes free
Post-Run: 162,601,050,112 bytes free

- - End Of File - - E55F748749DF941BF3C5037A09610A54
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:09:32 PM, on 12/7/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymSCUI.exe
C:\Program Files\McAfee Security Scan\1.0.150\McUICnt.exe
C:\WINDOWS\system32\DllHost.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Windows Defender\MsMpEng.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\sniper.exe\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: McAfee Security Scan.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Update Service (gupdate1ca73a33c69bbca) (gupdate1ca73a33c69bbca) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - c:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 8378 bytes

[SuperDave]

Hello ptownRandy. You are still running two Anti-Virus programs; Norton and MicroSoft Security Essentials. Norton is dated 2005. I would recommend uninstalling Norton or updating it which will probably cost $$. I'm including the Norton Removal tool just in case you want to remove it.

Download the Norton Removal Tool (SymNRT) to your desktop.

Once downloaded please close ALL open browsers, also save any work because this may require a restart.

* Go to your desktop and double click on the 'Norton_Removal_Tool' and then click Setup.
* Once open Click Next
* Accept the license agreement and click Next
* Type in the letters/numbers that you see into the text box then click Next.
* Then click Next and the tool will start running.
* Once finished restart the PC.
* Delete the 'Norton_Removal_Tool' from your desktop.

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code: [Select]

KillAll::

DDS::

FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAskSBr.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll


3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!



ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze

[ptownRandy]

Hi SuperDave,

I haven't been ignoring you. Had to visit my father on an emergency. There was no computer access. When I got back today I found that my friends had installed a new computer for me. I want to thank you very much for all your help. All you guys on this website are great.

[SuperDave]

Hello ptownRandy. You have great friends. Here's some reading material. Some won't apply to you with a new computer but other stuff is good info.

Use the Secunia Software Inspector to check for out of date software.

•Click Start Now

•Check the box next to Enable thorough system inspection.

•Click Start

•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything listed.
.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smooth.

Safe Surfing