Malware infection

**InfexusBytez** · August 4th, 2010, 06:12 AM

That stupid AntiVir or PerSecurity crap. Logs are as follows.

**InfexusBytez** · August 4th, 2010, 06:14 AM

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4294

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/31/2010 10:17:04 AM
mbam-log-2010-07-31 (10-17-04).txt

Scan type: Full scan (C:\|)
Objects scanned: 218643
Time elapsed: 1 hour(s), 16 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{27fa210e-9f51-4e63-9c88-bac9cc71a75a} (Rogue.RegDefender) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\KAY\Start Menu\Programs\Registry Defender (Rogue.Registry.Defender) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\Angle Interactive\RegDef2010\RDAssistant.exe (Rogue.RegDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\KAY\Start Menu\Programs\Registry Defender\Customer Support.lnk (Rogue.Registry.Defender) -> Quarantined and deleted successfully.
C:\Documents and Settings\KAY\Start Menu\Programs\Registry Defender\RegDef2010.lnk (Rogue.Registry.Defender) -> Quarantined and deleted successfully.
C:\Documents and Settings\KAY\Start Menu\Programs\Registry Defender\User Guide.lnk (Rogue.Registry.Defender) -> Quarantined and deleted successfully.
C:\Documents and Settings\KAY\Desktop\Reg Defender 2010.lnk (Rogue.RegDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\KAY\Start Menu\Programs\Startup\RD2010.lnk (Rogue.RegDefender) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

**InfexusBytez** · August 4th, 2010, 06:15 AM

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-03 13:31:20
Windows 5.1.2600 Service Pack 3
Running: 3nrkd43j.exe; Driver: C:\DOCUME~1\ADMINI~1.001\LOCALS~1\Temp\fwroapoc.sys

---- Kernel code sections - GMER 1.0.15 ----

? C:\DOCUME~1\ADMINI~1.001\LOCALS~1\Temp\fwroapog.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\Explorer.EXE[236] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B8000A
.text C:\WINDOWS\Explorer.EXE[236] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00C2000A
.text C:\WINDOWS\Explorer.EXE[236] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B7000C
.text C:\WINDOWS\system32\svchost.exe[1060] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 006E000A
.text C:\WINDOWS\system32\svchost.exe[1060] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 006F000A
.text C:\WINDOWS\system32\svchost.exe[1060] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 006D000C
.text C:\WINDOWS\system32\svchost.exe[1060] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 00F3000A

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL@Installed 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL@
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI@NoChange 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI@Installed 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI@
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS@Installed 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS@
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\InprocServer32@ C:\Program Files\Common Files\Corel\Shared\Writing Tools\12\WT12cbe.dll

---- EOF - GMER 1.0.15 ----

**InfexusBytez** · August 4th, 2010, 06:16 AM

DDS (Ver_10-03-17.01) - NTFSx86
Run by KAY at 5:06:43.76 on Wed 08/04/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.766.310 [GMT -5:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Qwest\Desktop\QwestTouchPointAgent.exe
C:\Program Files\Qwest Personal Digital Vault\QwestPersonalDigitalVault.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe
C:\Program Files\Qwest\Quickcare\bin\sprtsvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Qwest\Quickcare\bin\tgsrvc.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\DOCUME~1\KAY\LOCALS~1\Temp\Nzd.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Documents and Settings\KAY\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page =
uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZKxdm009YYUS&fl=0&ptb=5dc3TXBG6uQdQpu.Qpu82A&url=http://edits.mywebsearch.com/toolbaredits/barsearch.jhtml&st=sb&searchfor={searchTerms}
uDefault_Page_URL = hxxp://qwest.live.com
uWindow Title = Windows Internet Explorer provided by Qwest
uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/mywaybiz
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5643
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant =
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Noon: {25e76f98-e9a4-8ed4-013d-359b62a4e5a6} - c:\program files\common files\noon.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [MsnMsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [INCG9WP8HQ] c:\docume~1\kay\locals~1\temp\Nzd.exe
uRun: [wmflxrxi] c:\documents and settings\kay\local settings\application data\uuoywummq\pwodliltssd.exe
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockwave 11\SwHelper_1150595.exe -Update -1150595 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; FunWebProducts; SU 3.22; .NET CLR 1.1.4322; MySpace;; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; MS-RTC EA 2; MySpace

" -"http://www.shockwave.com/contentPlay/shockwave.jsp?dwin=1&id=jigsawpuzzles"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [QwestTouchPointAgent] "c:\program files\qwest\desktop\QwestTouchPointAgent.exe" /autostart
mRun: [Qwest Personal Digital Vault] "c:\program files\qwest personal digital vault\QwestPersonalDigitalVault.exe" /m
mRun: [QuickCare] c:\program files\qwest\quickcare\bin\sprtcmd.exe /P QuickCare
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
IE: &Search
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D441AB53-A39C-42AE-AB79-3C05B7298F34} - hxxp://www.shockwave.com/content/astroavenger2/sis/AstroAvenger2Loader.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F46BD8B1-DE4C-4A4F-B6F6-8FB68D25342D} - hxxp://www.shockwave.com/content/mahjongroadshow/sis/MahjongRoadshowWeb.1.0.0.18.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
AppInit_DLLs:
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-7-10 11608]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-2-17 66632]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-7-10 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-7-10 267432]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-7-10 60936]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-7-9 55152]
R2 sprtlisten;SupportSoft Listener Service;c:\program files\common files\supportsoft\bin\sprtlisten.exe [2008-1-8 1213728]
R2 sprtsvc_quickcare;SupportSoft Sprocket Service (quickcare);c:\program files\qwest\quickcare\bin\sprtsvc.exe [2010-4-8 206120]
R2 tgsrvc_quickcare;SupportSoft Repair Service (quickcare);c:\program files\qwest\quickcare\bin\tgsrvc.exe [2010-4-8 185640]
S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872]

=============== Created Last 30 ================

2010-08-03 08:30:44 0 d-----w- c:\program files\SUPERAntiSpyware
2010-08-03 07:51:17 0 d-----w- c:\program files\common files\Wise Installation Wizard
2010-08-01 13:55:03 54156 ---ha-w- c:\windows\QTFont.qfn
2010-08-01 13:55:03 1409 ----a-w- c:\windows\QTFont.for
2010-07-31 20:40:11 0 d-----w- c:\docume~1\kay\applic~1\Avira
2010-07-31 13:36:42 0 d-----w- C:\ProgramData
2010-07-31 13:36:42 0 d-----w- c:\program files\Angle Interactive
2010-07-30 22:06:25 195072 ----a-w- c:\windows\Nruxoa.exe
2010-07-30 22:06:08 147968 --sha-r- c:\windows\system32\doskey7.dll
2010-07-16 16:51:16 0 d-----w- c:\docume~1\kay\applic~1\CannyGames
2010-07-16 01:47:51 0 d-----w- c:\docume~1\kay\applic~1\Hotdog Hotshot
2010-07-13 21:09:28 0 d-----w- c:\program files\FrostWire
2010-07-10 05:25:26 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-07-10 05:25:26 0 d-----w- c:\program files\Avira
2010-07-10 05:25:26 0 d-----w- c:\docume~1\alluse~1\applic~1\Avira
2010-07-10 04:47:25 0 d-----w- c:\docume~1\kay\applic~1\bfgbar
2010-07-09 01:27:37 0 d-----w- c:\program files\Trend Micro
2010-07-08 22:38:50 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-07-08 22:38:38 0 d-----w- c:\docume~1\kay\applic~1\SUPERAntiSpyware.com
2010-07-08 07:06:40 42112 ----a-w- c:\windows\system32\drivers\oieuoask.sys
2010-07-07 22:52:45 0 d-----w- c:\windows\system32\wbem\Repository
2010-07-07 02:23:38 0 d-----w- C:\VIPRERESCUE
2010-07-06 09:57:50 444 ----a-w- c:\windows\system32\d3d8caps.dat
2010-07-06 09:57:50 1324 ----a-w- c:\windows\system32\d3d9caps.dat

==================== Find3M ====================

2010-06-03 21:06:31 262672 ----a-w- c:\program files\common files\noon.dll
2009-04-12 22:42:59 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009041220090413\index.dat

============= FINISH: 5:08:51.65 ===============

**InfexusBytez** · August 4th, 2010, 06:17 AM

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 3/23/2009 5:08:22 PM
System Uptime: 8/4/2010 4:56:52 AM (1 hours ago)

Motherboard: Dell Computer Corp. | | 0TC666
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | Microprocessor | 2992/800mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 34 GiB total, 14.757 GiB free.
D: is CDROM (CDFS)
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

2 Tasty
4200
4200_Help
4200Tour
4200Trb
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1.3
Adobe Shockwave Player 11.5
AiO_Scan
AiOSoftware
Avira AntiVir Personal - Free Antivirus
Bicycle Card Games
Big City Adventure™: New York City
Big Fish Games: Game Manager
Bubblet!
BufferChm
CCScore
CDDRV_Installer
Chicken Invaders 3: Revenge of the Yolk Easter Edition
Choice Guard
Conexant D850 56K V.9x DFVc Modem
Copy
CreativeProjects
CreativeProjectsTemplates
CueTour
Dell Driver Reset Tool
Dell Picture Studio v3.0
Dell System Restore
DellSupport
Destinations
Digital Line Detect
Director
DocProc
DocumentViewer
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
Fast Browser Search (My Web Tattoo)
Fax
fflink
Form Fill (Windows Live Toolbar)
FrostWire 4.20.7
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Hoyle Board Games 5
HP Diagnostic Assistant
HP Image Zone 4.2
HP Photosmart Essential
HP PSC & OfficeJet 4.2
HP Software Update
HP Unload DLL Patch
HPSystemDiagnostics
InstantShare
Intel(R) Extreme Graphics 2 Driver
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet for Wired Connections
Internet Explorer Default Page
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro Studio, Dell Editon
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 17
Java(TM) 6 Update 7
Jigsaw Puzzle Player
Junk Mail filter update
Jurassic Realm
kgcbaby
kgcbase
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
KhalInstallWrapper
Kodak EasyShare software
KSU
Mahjongg Dimensions
Malwarebytes' Anti-Malware
Map Button (Windows Live Toolbar)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Easy Assist v2
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Modem Helper
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Musicmatch® Jukebox
netbrdg
NetWaiting
Notifier
OfotoXMI
OneCare Advisor (Windows Live Toolbar)
Overland
Paradise Quest
PhotoGallery
Popup Blocker (Windows Live Toolbar)
PowerDVD 5.5
PrintScreen
ProductContext
QFolder
Qualxserve Service Agreement
QuickProjects
QuickTime
Qwest Installer
Qwest Personal Digital Vault™
Qwest QuickAssist Desktop Tools
Qwest Quickcare 2.7
Qwest Windows Live Toolbar Buttons
Readme
Revo Uninstaller 1.89
Rhapsody Player Engine
Scan
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Segoe UI
SFR
SHASTA
skin0001
SkinsHP1
SKINXSDK
Sonic DLA
Sonic MyDVD LE
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Spelling Dictionaries Support For Adobe Reader 9
staticcr
SUPERAntiSpyware Free Edition
Tabbed Browsing (Windows Live Toolbar)
tooltips
TrayApp
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.762
VLC media player 1.0.1
VPRINTOL
WebCyberCoach 3.2 Dell
WebFldrs XP
WebReg
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Outlook Toolbar (Windows Live Toolbar)
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Toolbar Feed Detector (Windows Live Toolbar)
Windows Live Upload Tool
Windows Live Writer
Windows Media Format Runtime
Windows Media Player 10
Windows PowerShell(TM) 1.0
Windows XP Service Pack 3
WIRELESS
WordPerfect Office 12
Yahoo! Messenger

==== Event Viewer Messages From Past Week ========

8/3/2010 3:39:09 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avgio avipbb Fips intelppm SASDIFSV SASKUTIL ssmdrv
8/3/2010 2:50:31 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
8/3/2010 2:50:18 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avgio avipbb Fips intelppm ssmdrv
8/3/2010 2:49:50 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/3/2010 2:45:22 AM, error: Cdrom [11] - The driver detected a controller error on \Device\CdRom0.
8/3/2010 2:44:50 AM, error: atapi [9] - The device, \Device\Ide\IdePort1, did not respond within the timeout period.
8/2/2010 4:58:23 PM, error: Dhcp [1002] - The IP address lease 192.168.0.2 for the Network Card with network address 0013206EAA8B has been denied by the DHCP server 192.168.20.21 (The DHCP Server sent a DHCPNACK message).
7/31/2010 10:21:52 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: IntelIde
7/30/2010 7:38:13 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the SeaPort service to connect.
7/30/2010 7:38:13 PM, error: Service Control Manager [7000] - The SeaPort service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/30/2010 7:35:57 PM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
7/30/2010 7:35:57 PM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.

==== End Of File ===========================

**Broni** · August 4th, 2010, 11:48 PM

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt"

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

**InfexusBytez** · August 5th, 2010, 01:33 AM

ComboFix 10-08-04.04 - KAY 08/05/2010 0:20.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.766.474 [GMT -5:00]
Running from: c:\documents and settings\KAY\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\KAY\Application Data\.#
c:\documents and settings\KAY\Application Data\.#\MBX@318@384190.###
c:\documents and settings\KAY\Application Data\.#\MBX@318@3841C0.###
c:\documents and settings\KAY\Application Data\.#\MBX@318@3841F0.###
c:\documents and settings\KAY\Application Data\.#\MBX@55C@384190.###
c:\documents and settings\KAY\Application Data\.#\MBX@55C@3841C0.###
c:\documents and settings\KAY\Application Data\.#\MBX@55C@3841F0.###
c:\documents and settings\KAY\Application Data\0200000009701def651C.manifest
c:\documents and settings\KAY\Application Data\0200000009701def651O.manifest
c:\documents and settings\KAY\Application Data\0200000009701def651P.manifest
c:\documents and settings\KAY\Application Data\0200000009701def651S.manifest
c:\documents and settings\LocalService\Local Settings\Application Data\Windows Server
c:\documents and settings\NetworkService\Local Settings\Application Data\Windows Server
C:\mtwb.dat
c:\program files\Search Guard Plus
c:\program files\Search Guard Plus\fbsSearchProvider.xml
c:\program files\Search Guard Plus\SearchGuardPlus.exe
c:\program files\Search Guard Plus\SearchGuardPlus.ico
c:\program files\Search Guard PlusU
c:\program files\Search Guard PlusU\SGPU.ico
c:\program files\Search Guard PlusU\sgpUpdater.exe
c:\program files\Search Guard PlusU\sgpUpdater.xml
c:\program files\Search Guard PlusU\sgpUpdaters.exe
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
c:\windows\Downloaded Program Files\ODCTOOLS
c:\windows\Downloaded Program Files\ODCTOOLS\ef6b26db-344d-4ad3-ba24-aca0bdaa999a.cab
c:\windows\Downloaded Program Files\ODCTOOLS\f04d289f-c60a-422b-8396-6c372047042e.cab
c:\windows\Nruxoa.exe

.
((((((((((((((((((((((((( Files Created from 2010-07-05 to 2010-08-05 )))))))))))))))))))))))))))))))
.

2010-08-04 10:37 . 2010-08-04 10:37 503808 ----a-w- c:\documents and settings\KAY\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-24e09408-n\msvcp71.dll
2010-08-04 10:37 . 2010-08-04 10:37 499712 ----a-w- c:\documents and settings\KAY\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-24e09408-n\jmc.dll
2010-08-04 10:37 . 2010-08-04 10:37 348160 ----a-w- c:\documents and settings\KAY\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-24e09408-n\msvcr71.dll
2010-08-04 10:37 . 2010-08-04 10:37 61440 ----a-w- c:\documents and settings\KAY\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-3fc2a41d-n\decora-sse.dll
2010-08-04 10:37 . 2010-08-04 10:37 12800 ----a-w- c:\documents and settings\KAY\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-3fc2a41d-n\decora-d3d.dll
2010-08-04 10:37 . 2010-07-17 10:00 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-03 10:33 . 2010-08-03 10:33 -------- d-----w- c:\documents and settings\Administrator.DJFSGZ71.001\Application Data\ElevatedDiagnostics
2010-08-03 10:31 . 2010-08-03 10:31 47720 ----a-w- c:\documents and settings\Administrator.DJFSGZ71.001\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-03 10:30 . 2010-08-03 10:30 -------- d-sh--w- c:\documents and settings\Administrator.DJFSGZ71.001\IECompatCache
2010-08-03 10:29 . 2010-08-03 10:29 -------- d-sh--w- c:\documents and settings\Administrator.DJFSGZ71.001\PrivacIE
2010-08-03 08:31 . 2010-08-03 08:31 52224 ----a-w- c:\documents and settings\KAY\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-08-03 08:31 . 2010-08-03 08:33 117760 ----a-w- c:\documents and settings\KAY\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-08-03 08:30 . 2010-08-03 08:30 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-08-03 07:51 . 2010-08-03 07:51 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-08-02 01:18 . 2010-08-03 08:26 -------- d-----w- c:\documents and settings\KAY\Local Settings\Application Data\uuoywummq
2010-08-01 00:25 . 2010-08-01 00:25 27591840 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\msgup1000_1270_us_u2.exe
2010-07-31 20:40 . 2010-07-31 20:40 -------- d-----w- c:\documents and settings\KAY\Application Data\Avira
2010-07-31 13:36 . 2010-07-31 13:36 -------- d-----w- C:\ProgramData
2010-07-30 22:06 . 2010-07-30 22:06 147968 --sha-r- c:\windows\system32\doskey7.dll
2010-07-16 16:51 . 2010-07-16 16:51 -------- d-----w- c:\documents and settings\KAY\Application Data\CannyGames
2010-07-16 01:47 . 2010-07-16 01:47 -------- d-----w- c:\documents and settings\KAY\Application Data\Hotdog Hotshot
2010-07-13 21:29 . 2010-08-04 10:02 -------- d-----w- c:\documents and settings\KAY\Local Settings\Application Data\AskToolbar
2010-07-10 05:25 . 2010-07-10 05:25 -------- d-----w- c:\program files\Avira
2010-07-10 05:25 . 2010-07-10 05:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-07-10 05:25 . 2010-03-01 15:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-07-10 05:25 . 2010-02-16 19:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-07-10 05:25 . 2009-05-11 17:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-07-10 05:25 . 2009-05-11 17:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-07-10 04:47 . 2010-07-10 04:47 -------- d-----w- c:\documents and settings\KAY\Application Data\bfgbar
2010-07-09 01:27 . 2010-08-03 08:33 -------- d-----w- c:\program files\Trend Micro
2010-07-09 01:11 . 2010-07-09 01:11 -------- d-----w- c:\documents and settings\Administrator.DJFSGZ71.001\Application Data\Malwarebytes
2010-07-08 23:35 . 2010-07-09 02:16 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ypmpgxple
2010-07-08 23:34 . 2010-07-08 23:34 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2010-07-08 22:55 . 2010-07-08 22:55 52224 ----a-w- c:\documents and settings\Administrator.DJFSGZ71.001\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-07-08 22:55 . 2010-07-08 23:06 117760 ----a-w- c:\documents and settings\Administrator.DJFSGZ71.001\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-07-08 22:54 . 2010-07-08 22:54 -------- d-----w- c:\documents and settings\Administrator.DJFSGZ71.001\Application Data\SUPERAntiSpyware.com
2010-07-08 22:53 . 2010-07-08 22:53 -------- d-sh--w- c:\documents and settings\Administrator.DJFSGZ71.001\IETldCache
2010-07-08 22:38 . 2010-07-08 22:38 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-07-08 22:38 . 2010-08-03 08:30 -------- d-----w- c:\documents and settings\KAY\Application Data\SUPERAntiSpyware.com
2010-07-08 10:20 . 2010-07-09 00:14 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\omstefyfq
2010-07-08 07:06 . 2010-07-08 07:06 42112 ----a-w- c:\windows\system32\drivers\oieuoask.sys
2010-07-08 02:10 . 2010-07-08 02:10 -------- d-----w- c:\documents and settings\KAY\Local Settings\Application Data\Help
2010-07-07 22:52 . 2010-07-07 22:52 -------- d-----w- c:\windows\system32\wbem\Repository
2010-07-07 22:51 . 2010-07-09 02:16 -------- d-----w- c:\documents and settings\KAY\Local Settings\Application Data\oadlgjlcm
2010-07-07 22:51 . 2010-07-07 22:51 -------- d-----w- c:\documents and settings\KAY\Local Settings\Application Data\lbnsqcdwe
2010-07-07 22:51 . 2010-07-07 22:51 -------- d-----w- c:\documents and settings\KAY\Local Settings\Application Data\mbyiixvru
2010-07-07 22:12 . 2010-07-07 22:34 -------- d-s---w- c:\documents and settings\Administrator.DJFSGZ71.000
2010-07-07 02:23 . 2010-07-07 22:34 -------- d-----w- C:\VIPRERESCUE
2010-07-06 22:36 . 2010-07-06 22:36 -------- d-----w- c:\documents and settings\Administrator.DJFSGZ71\IETldCache
2010-07-06 22:34 . 2010-07-07 22:42 -------- d-----w- c:\documents and settings\Administrator.DJFSGZ71\Local Settings\Application Data\Microsoft
2010-07-06 22:34 . 2010-07-07 22:42 -------- d-s---w- c:\documents and settings\Administrator.DJFSGZ71
2010-07-06 09:57 . 2010-08-04 10:04 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-06 09:57 . 2010-07-06 09:57 444 ----a-w- c:\windows\system32\d3d8caps.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-04 10:37 . 2005-07-24 04:30 -------- d-----w- c:\program files\Common Files\Java
2010-08-04 10:37 . 2005-07-24 04:30 -------- d-----w- c:\program files\Java
2010-08-04 10:33 . 2010-05-12 05:33 -------- d-----w- c:\program files\VideoLAN
2010-08-04 10:24 . 2009-04-08 05:14 -------- d-----w- c:\documents and settings\KAY\Application Data\FrostWire
2010-07-23 01:17 . 2009-03-29 17:49 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-07-18 21:01 . 2009-04-22 00:45 -------- d-----w- c:\program files\Shockwave.com
2010-07-11 02:35 . 2009-03-27 22:54 -------- d-----w- c:\program files\Google
2010-07-10 05:12 . 2009-12-20 21:56 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2010-07-10 04:29 . 2009-03-24 02:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-07-10 04:29 . 2009-03-24 02:34 -------- d-----w- c:\program files\Yahoo!
2010-07-10 04:11 . 2009-05-16 22:34 -------- d-----w- c:\documents and settings\KAY\Application Data\StumbleUpon
2010-07-09 00:55 . 2009-05-10 14:07 -------- d-----w- c:\program files\VS Revo Group
2010-07-09 00:51 . 2009-11-29 23:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-08 06:33 . 2009-03-29 04:44 -------- d-----w- c:\program files\LimeWire
2010-07-07 22:48 . 2009-07-10 00:37 -------- d-----w- c:\program files\Microsoft Silverlight
2010-07-07 22:46 . 2010-06-19 20:32 -------- d-----w- c:\documents and settings\All Users\Application Data\The Game Equation
2010-06-10 22:00 . 2010-06-10 22:00 143360 ----a-w- c:\documents and settings\All Users\Application Data\BigFishGamesCache\Upgrade\stub\bumblebee-jewel_s1_l1_gF5837T1L1_d961419234[1].exe
2010-06-03 21:06 . 2010-06-03 21:06 262672 ----a-w- c:\program files\Common Files\noon.dll
2010-05-29 16:15 . 2009-03-25 23:23 47720 ----a-w- c:\documents and settings\KAY\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-25 00:20 . 2010-05-25 00:20 503808 ----a-w- c:\documents and settings\KAY\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-27134479-n\msvcp71.dll
2010-05-25 00:20 . 2010-05-25 00:20 348160 ----a-w- c:\documents and settings\KAY\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-27134479-n\msvcr71.dll
2010-05-25 00:20 . 2010-05-25 00:20 499712 ----a-w- c:\documents and settings\KAY\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-27134479-n\jmc.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25E76F98-E9A4-8ED4-013D-359B62A4E5A6}]
2010-06-03 21:06 262672 ----a-w- c:\program files\Common Files\noon.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-03-19 4363504]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1150595.exe" [2009-03-19 460216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-15 1404928]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"QwestTouchPointAgent"="c:\program files\Qwest\Desktop\QwestTouchPointAgent.exe" [2010-02-12 45992]
"Qwest Personal Digital Vault"="c:\program files\Qwest Personal Digital Vault\QwestPersonalDigitalVault.exe" [2009-12-18 1064808]
"QuickCare"="c:\program files\Qwest\Quickcare\bin\sprtcmd.exe" [2010-01-16 206120]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-28 241664]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-5-28 53248]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 08:42 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 10:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2010 10:15 AM 66632]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [7/10/2010 12:25 AM 135336]
R2 sprtlisten;SupportSoft Listener Service;c:\program files\Common Files\supportsoft\bin\sprtlisten.exe [1/8/2008 12:02 PM 1213728]
R2 sprtsvc_quickcare;SupportSoft Sprocket Service (quickcare);c:\program files\Qwest\Quickcare\bin\sprtsvc.exe [4/8/2010 6:43 PM 206120]
R2 tgsrvc_quickcare;SupportSoft Repair Service (quickcare);c:\program files\Qwest\Quickcare\bin\tgsrvc.exe [4/8/2010 6:43 PM 185640]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2010 10:15 AM 12872]
.
Contents of the 'Scheduled Tasks' folder

2010-08-05 c:\windows\Tasks\User_Feed_Synchronization-{CFD2AC3E-6D5E-40BB-9987-6614F304721A}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 10:31]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZKxdm009YYUS&fl=0&ptb=5dc3TXBG6uQdQpu.Qpu82A&url=http://edits.mywebsearch.com/toolbaredits/barsearch.jhtml&st=sb&searchfor={searchTerms}
uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/mywaybiz
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5643
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
DPF: {D441AB53-A39C-42AE-AB79-3C05B7298F34} - hxxp://www.shockwave.com/content/astroavenger2/sis/AstroAvenger2Loader.cab
DPF: {F46BD8B1-DE4C-4A4F-B6F6-8FB68D25342D} - hxxp://www.shockwave.com/content/mahjongroadshow/sis/MahjongRoadshowWeb.1.0.0.18.cab
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-wmflxrxi - c:\documents and settings\KAY\Local Settings\Application Data\uuoywummq\pwodliltssd.exe
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1021057068-1564077900-2212262887-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"NoChange"="1"
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
@=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(636)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
.
Completion time: 2010-08-05 00:29:53
ComboFix-quarantined-files.txt 2010-08-05 05:29

Pre-Run: 15,944,519,680 bytes free
Post-Run: 16,558,329,856 bytes free

- - End Of File - - 8EB7CF26AA82B11E292626CD63290D29

**Broni** · August 5th, 2010, 01:41 AM

1. Please open Notepad

Click Start , then Run
Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code:

File::
c:\windows\system32\doskey7.dll
c:\windows\system32\drivers\oieuoask.sys
c:\program files\Common Files\noon.dll


Folder::
c:\documents and settings\KAY\Local Settings\Application Data\uuoywummq
c:\documents and settings\LocalService\Local Settings\Application Data\ypmpgxple
c:\documents and settings\NetworkService\Local Settings\Application Data\omstefyfq
c:\documents and settings\KAY\Local Settings\Application Data\oadlgjlcm
c:\documents and settings\KAY\Local Settings\Application Data\lbnsqcdwe
c:\documents and settings\KAY\Local Settings\Application Data\mbyiixvru
c:\documents and settings\KAY\Local Settings\Application Data\AskToolbar

DDS::
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5643

Driver::
oieuoask


Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25E76F98-E9A4-8ED4-013D-359B62A4E5A6}]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=-

3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

**InfexusBytez** · August 5th, 2010, 02:03 AM

ComboFix 10-08-04.04 - KAY 08/05/2010 0:51.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.766.456 [GMT -5:00]
Running from: c:\documents and settings\KAY\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\KAY\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

FILE ::
"c:\program files\Common Files\noon.dll"
"c:\windows\system32\doskey7.dll"
"c:\windows\system32\drivers\oieuoask.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\KAY\Local Settings\Application Data\AskToolbar
c:\documents and settings\KAY\Local Settings\Application Data\lbnsqcdwe
c:\documents and settings\KAY\Local Settings\Application Data\mbyiixvru
c:\documents and settings\KAY\Local Settings\Application Data\oadlgjlcm
c:\documents and settings\KAY\Local Settings\Application Data\uuoywummq
c:\documents and settings\LocalService\Local Settings\Application Data\ypmpgxple
c:\documents and settings\NetworkService\Local Settings\Application Data\omstefyfq
c:\program files\Common Files\noon.dll
c:\windows\system32\doskey7.dll
c:\windows\system32\drivers\oieuoask.sys

.
((((((((((((((((((((((((( Files Created from 2010-07-05 to 2010-08-05 )))))))))))))))))))))))))))))))
.

2010-08-04 10:37 . 2010-08-04 10:37 503808 ----a-w- c:\documents and settings\KAY\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-24e09408-n\msvcp71.dll
2010-08-04 10:37 . 2010-08-04 10:37 499712 ----a-w- c:\documents and settings\KAY\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-24e09408-n\jmc.dll
2010-08-04 10:37 . 2010-08-04 10:37 348160 ----a-w- c:\documents and settings\KAY\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-24e09408-n\msvcr71.dll
2010-08-04 10:37 . 2010-08-04 10:37 61440 ----a-w- c:\documents and settings\KAY\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-3fc2a41d-n\decora-sse.dll
2010-08-04 10:37 . 2010-08-04 10:37 12800 ----a-w- c:\documents and settings\KAY\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-3fc2a41d-n\decora-d3d.dll
2010-08-04 10:37 . 2010-07-17 10:00 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-03 10:33 . 2010-08-03 10:33 -------- d-----w- c:\documents and settings\Administrator.DJFSGZ71.001\Application Data\ElevatedDiagnostics
2010-08-03 10:31 . 2010-08-03 10:31 47720 ----a-w- c:\documents and settings\Administrator.DJFSGZ71.001\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-03 10:30 . 2010-08-03 10:30 -------- d-sh--w- c:\documents and settings\Administrator.DJFSGZ71.001\IECompatCache
2010-08-03 10:29 . 2010-08-03 10:29 -------- d-sh--w- c:\documents and settings\Administrator.DJFSGZ71.001\PrivacIE
2010-08-03 08:31 . 2010-08-03 08:31 52224 ----a-w- c:\documents and settings\KAY\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-08-03 08:31 . 2010-08-03 08:33 117760 ----a-w- c:\documents and settings\KAY\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-08-03 08:30 . 2010-08-03 08:30 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-08-03 07:51 . 2010-08-03 07:51 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-08-01 00:25 . 2010-08-01 00:25 27591840 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\msgup1000_1270_us_u2.exe
2010-07-31 20:40 . 2010-07-31 20:40 -------- d-----w- c:\documents and settings\KAY\Application Data\Avira
2010-07-31 13:36 . 2010-07-31 13:36 -------- d-----w- C:\ProgramData
2010-07-16 16:51 . 2010-07-16 16:51 -------- d-----w- c:\documents and settings\KAY\Application Data\CannyGames
2010-07-16 01:47 . 2010-07-16 01:47 -------- d-----w- c:\documents and settings\KAY\Application Data\Hotdog Hotshot
2010-07-10 05:25 . 2010-07-10 05:25 -------- d-----w- c:\program files\Avira
2010-07-10 05:25 . 2010-07-10 05:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-07-10 05:25 . 2010-03-01 15:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-07-10 05:25 . 2010-02-16 19:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-07-10 05:25 . 2009-05-11 17:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-07-10 05:25 . 2009-05-11 17:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-07-10 04:47 . 2010-07-10 04:47 -------- d-----w- c:\documents and settings\KAY\Application Data\bfgbar
2010-07-09 01:27 . 2010-08-03 08:33 -------- d-----w- c:\program files\Trend Micro
2010-07-09 01:11 . 2010-07-09 01:11 -------- d-----w- c:\documents and settings\Administrator.DJFSGZ71.001\Application Data\Malwarebytes
2010-07-08 23:34 . 2010-07-08 23:34 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2010-07-08 22:55 . 2010-07-08 22:55 52224 ----a-w- c:\documents and settings\Administrator.DJFSGZ71.001\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-07-08 22:55 . 2010-07-08 23:06 117760 ----a-w- c:\documents and settings\Administrator.DJFSGZ71.001\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-07-08 22:54 . 2010-07-08 22:54 -------- d-----w- c:\documents and settings\Administrator.DJFSGZ71.001\Application Data\SUPERAntiSpyware.com
2010-07-08 22:53 . 2010-07-08 22:53 -------- d-sh--w- c:\documents and settings\Administrator.DJFSGZ71.001\IETldCache
2010-07-08 22:38 . 2010-07-08 22:38 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-07-08 22:38 . 2010-08-03 08:30 -------- d-----w- c:\documents and settings\KAY\Application Data\SUPERAntiSpyware.com
2010-07-08 02:10 . 2010-07-08 02:10 -------- d-----w- c:\documents and settings\KAY\Local Settings\Application Data\Help
2010-07-07 22:52 . 2010-07-07 22:52 -------- d-----w- c:\windows\system32\wbem\Repository
2010-07-07 22:12 . 2010-07-07 22:34 -------- d-s---w- c:\documents and settings\Administrator.DJFSGZ71.000
2010-07-07 02:23 . 2010-07-07 22:34 -------- d-----w- C:\VIPRERESCUE
2010-07-06 22:36 . 2010-07-06 22:36 -------- d-----w- c:\documents and settings\Administrator.DJFSGZ71\IETldCache
2010-07-06 22:34 . 2010-07-07 22:42 -------- d-----w- c:\documents and settings\Administrator.DJFSGZ71\Local Settings\Application Data\Microsoft
2010-07-06 22:34 . 2010-07-07 22:42 -------- d-s---w- c:\documents and settings\Administrator.DJFSGZ71
2010-07-06 09:57 . 2010-08-04 10:04 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-06 09:57 . 2010-07-06 09:57 444 ----a-w- c:\windows\system32\d3d8caps.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-04 10:37 . 2005-07-24 04:30 -------- d-----w- c:\program files\Common Files\Java
2010-08-04 10:37 . 2005-07-24 04:30 -------- d-----w- c:\program files\Java
2010-08-04 10:33 . 2010-05-12 05:33 -------- d-----w- c:\program files\VideoLAN
2010-08-04 10:24 . 2009-04-08 05:14 -------- d-----w- c:\documents and settings\KAY\Application Data\FrostWire
2010-07-23 01:17 . 2009-03-29 17:49 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-07-18 21:01 . 2009-04-22 00:45 -------- d-----w- c:\program files\Shockwave.com
2010-07-11 02:35 . 2009-03-27 22:54 -------- d-----w- c:\program files\Google
2010-07-10 05:12 . 2009-12-20 21:56 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2010-07-10 04:29 . 2009-03-24 02:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-07-10 04:29 . 2009-03-24 02:34 -------- d-----w- c:\program files\Yahoo!
2010-07-10 04:11 . 2009-05-16 22:34 -------- d-----w- c:\documents and settings\KAY\Application Data\StumbleUpon
2010-07-09 00:55 . 2009-05-10 14:07 -------- d-----w- c:\program files\VS Revo Group
2010-07-09 00:51 . 2009-11-29 23:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-08 06:33 . 2009-03-29 04:44 -------- d-----w- c:\program files\LimeWire
2010-07-07 22:48 . 2009-07-10 00:37 -------- d-----w- c:\program files\Microsoft Silverlight
2010-07-07 22:46 . 2010-06-19 20:32 -------- d-----w- c:\documents and settings\All Users\Application Data\The Game Equation
2010-06-10 22:00 . 2010-06-10 22:00 143360 ----a-w- c:\documents and settings\All Users\Application Data\BigFishGamesCache\Upgrade\stub\bumblebee-jewel_s1_l1_gF5837T1L1_d961419234[1].exe
2010-05-29 16:15 . 2009-03-25 23:23 47720 ----a-w- c:\documents and settings\KAY\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-25 00:20 . 2010-05-25 00:20 503808 ----a-w- c:\documents and settings\KAY\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-27134479-n\msvcp71.dll
2010-05-25 00:20 . 2010-05-25 00:20 348160 ----a-w- c:\documents and settings\KAY\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-27134479-n\msvcr71.dll
2010-05-25 00:20 . 2010-05-25 00:20 499712 ----a-w- c:\documents and settings\KAY\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-27134479-n\jmc.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-08-05_05.28.31 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-08-05 05:45 . 2010-08-05 05:45 16384 c:\windows\Temp\Perflib_Perfdata_738.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-03-19 4363504]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1150595.exe" [2009-03-19 460216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-15 1404928]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"QwestTouchPointAgent"="c:\program files\Qwest\Desktop\QwestTouchPointAgent.exe" [2010-02-12 45992]
"Qwest Personal Digital Vault"="c:\program files\Qwest Personal Digital Vault\QwestPersonalDigitalVault.exe" [2009-12-18 1064808]
"QuickCare"="c:\program files\Qwest\Quickcare\bin\sprtcmd.exe" [2010-01-16 206120]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-28 241664]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-5-28 53248]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 08:42 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 10:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2010 10:15 AM 66632]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [7/10/2010 12:25 AM 135336]
R2 sprtlisten;SupportSoft Listener Service;c:\program files\Common Files\supportsoft\bin\sprtlisten.exe [1/8/2008 12:02 PM 1213728]
R2 sprtsvc_quickcare;SupportSoft Sprocket Service (quickcare);c:\program files\Qwest\Quickcare\bin\sprtsvc.exe [4/8/2010 6:43 PM 206120]
R2 tgsrvc_quickcare;SupportSoft Repair Service (quickcare);c:\program files\Qwest\Quickcare\bin\tgsrvc.exe [4/8/2010 6:43 PM 185640]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2010 10:15 AM 12872]
.
Contents of the 'Scheduled Tasks' folder

2010-08-05 c:\windows\Tasks\User_Feed_Synchronization-{CFD2AC3E-6D5E-40BB-9987-6614F304721A}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 10:31]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZKxdm009YYUS&fl=0&ptb=5dc3TXBG6uQdQpu.Qpu82A&url=http://edits.mywebsearch.com/toolbaredits/barsearch.jhtml&st=sb&searchfor={searchTerms}
uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/mywaybiz
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
DPF: {D441AB53-A39C-42AE-AB79-3C05B7298F34} - hxxp://www.shockwave.com/content/astroavenger2/sis/AstroAvenger2Loader.cab
DPF: {F46BD8B1-DE4C-4A4F-B6F6-8FB68D25342D} - hxxp://www.shockwave.com/content/mahjongroadshow/sis/MahjongRoadshowWeb.1.0.0.18.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-05 00:58
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1021057068-1564077900-2212262887-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"NoChange"="1"
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
@=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(636)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
.
Completion time: 2010-08-05 01:01:26
ComboFix-quarantined-files.txt 2010-08-05 06:01
ComboFix2.txt 2010-08-05 05:29

Pre-Run: 16,559,034,368 bytes free
Post-Run: 16,540,434,432 bytes free

- - End Of File - - FDA0D607AD2C77D4667E5CAAD6784AB5

**Broni** · August 5th, 2010, 07:42 PM

How is computer doing at the moment?

Uninstall Combofix:
Go Start > Run [Vista users, go Start>"Start search"]
Type in:
Combofix /Uninstall
Note the space between the "Combofix" and the "/Uninstall"
Click OK (Vista users - press Enter).
Restart computer.

===============================================================

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:

netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\system32\spool\prtprocs\w32x86\*.tmp
%systemroot%\*. /mp /s
/md5start
/md5stop
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

**InfexusBytez** · August 5th, 2010, 08:52 PM

System is running a lot smoother. EXE's are actually working without being in safemode. lol I hate that stupid malware persecurity or whatever. And it keeps getting worse, more intrusive.

**Broni** · August 5th, 2010, 09:52 PM

Good

Keep going...

**InfexusBytez** · August 6th, 2010, 04:36 AM

OTL logfile created on: 8/6/2010 3:26:43 AM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\KAY\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

766.00 Mb Total Physical Memory | 440.00 Mb Available Physical Memory | 57.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 2 1149 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.46 Gb Total Space | 15.38 Gb Free Space | 44.65% Space Free | Partition Type: NTFS
Drive D: | 4.15 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DJFSGZ71
Current User Name: KAY
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/08/06 03:11:36 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\KAY\Desktop\OTL.exe
PRC - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/03/02 11:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/01/16 13:30:16 | 000,185,640 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Qwest\Quickcare\bin\tgsrvc.exe
PRC - [2010/01/16 13:30:10 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Qwest\Quickcare\bin\sprtsvc.exe
PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/08 12:02:16 | 001,213,728 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe
PRC - [2004/10/14 19:42:54 | 001,404,928 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2004/07/27 16:50:18 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

========== Modules (SafeList) ==========

MOD - [2010/08/06 03:11:36 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\KAY\Desktop\OTL.exe
MOD - [2008/04/13 19:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/01/16 13:31:40 | 000,382,320 | ---- | M] (SupportSoft, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2010/01/16 13:30:16 | 000,185,640 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Qwest\Quickcare\bin\tgsrvc.exe -- (tgsrvc_quickcare) SupportSoft Repair Service (quickcare)
SRV - [2010/01/16 13:30:10 | 000,206,120 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Qwest\Quickcare\bin\sprtsvc.exe -- (sprtsvc_quickcare) SupportSoft Sprocket Service (quickcare)
SRV - [2009/02/06 18:08:58 | 000,533,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2008/05/02 03:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008/01/08 12:02:16 | 001,213,728 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe -- (sprtlisten)
SRV - [2007/03/07 16:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2004/03/18 16:55:48 | 000,065,536 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\KAY\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/03/01 10:05:24 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/02/17 10:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/17 10:15:58 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 10:15:58 | 000,012,872 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/02/16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/05/11 12:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/05/11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/02/06 18:08:42 | 000,055,152 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2008/04/13 14:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 13:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2007/02/25 13:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 17:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2004/12/06 01:05:00 | 000,100,603 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2004/12/06 01:05:00 | 000,098,714 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2004/12/06 01:05:00 | 000,086,586 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2004/12/06 01:05:00 | 000,034,843 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2004/12/06 01:05:00 | 000,025,883 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2004/12/06 01:05:00 | 000,015,227 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2004/12/06 01:05:00 | 000,006,363 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2004/12/06 01:05:00 | 000,004,123 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2004/12/06 01:05:00 | 000,002,239 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres)
DRV - [2004/12/01 03:22:00 | 000,087,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2004/11/23 02:56:00 | 000,040,480 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm)
DRV - [2004/09/17 14:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/08/03 22:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/07/14 11:29:04 | 000,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5)
DRV - [2004/07/14 11:28:50 | 000,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln)
DRV - [2003/11/17 21:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 21:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 21:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 13:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.msn.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = My Web Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultUrl = http://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZKxdm009YYUS&fl=0&ptb=5dc3TXBG6uQdQpu.Qpu82A&url=http://edits.mywebsearch.com/toolbaredits/barsearch.jhtml&st=sb&searchfor={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[2009/12/09 00:04:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\KAY\Application Data\Mozilla\Extensions
[2009/05/23 13:53:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\KAY\Application Data\Mozilla\Extensions\[email protected]

O1 HOSTS File: ([2010/08/05 00:58:29 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [QuickCare] C:\Program Files\Qwest\Quickcare\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [Qwest Personal Digital Vault] C:\Program Files\Qwest Personal Digital Vault\QwestPersonalDigitalVault.exe ()
O4 - HKLM..\Run: [QwestTouchPointAgent] C:\Program Files\Qwest\Desktop\QwestTouchPointAgent.exe (Qwest Communications)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\WINDOWS\System32\Adobe\Shockwave 11\SwHelper_1150595.exe -Update -1150595 -Mozilla\4.0 ( File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

**InfexusBytez** · August 6th, 2010, 04:37 AM

O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.microsoft.com/OAS/ActiveX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/s...irector/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/s...sh/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D441AB53-A39C-42AE-AB79-3C05B7298F34} http://www.shockwave.com/content/ast...ger2Loader.cab (AstroAvengerLoader Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F46BD8B1-DE4C-4A4F-B6F6-8FB68D25342D} http://www.shockwave.com/content/mah...b.1.0.0.18.cab (CPlayFirstMahjongRoaControl Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.116.2.50 24.116.2.34
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\KAY\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\KAY\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 13:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17183584330711040)

========== Files/Folders - Created Within 90 Days ==========

[2010/08/06 03:11:35 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\KAY\Desktop\OTL.exe
[2010/08/04 23:41:22 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/08/04 23:35:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/08/04 05:37:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/08/03 05:32:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2010/08/03 03:30:44 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/08/03 02:51:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/07/31 15:40:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\KAY\Application Data\Avira
[2010/07/31 08:36:42 | 000,000,000 | ---D | C] -- C:\ProgramData
[2010/07/16 11:51:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\KAY\Application Data\CannyGames
[2010/07/15 20:47:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\KAY\Application Data\Hotdog Hotshot
[2010/07/10 00:31:50 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\KAY\Recent
[2010/07/10 00:25:27 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2010/07/10 00:25:26 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010/07/10 00:25:26 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010/07/10 00:25:26 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2010/07/10 00:25:26 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2010/07/10 00:25:26 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/07/10 00:25:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2010/07/09 23:47:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\KAY\Application Data\bfgbar
[2010/07/08 21:26:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\KAY\My Documents\Downloads
[2010/07/08 20:27:37 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/07/08 18:34:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2010/07/08 18:34:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2010/07/08 17:38:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/07/08 17:38:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\KAY\Application Data\SUPERAntiSpyware.com
[2010/07/08 05:19:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/07/07 21:10:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\KAY\Local Settings\Application Data\Help
[2010/07/07 21:10:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\KAY\Application Data\Help
[2010/07/06 21:23:38 | 000,000,000 | ---D | C] -- C:\VIPRERESCUE
[2010/07/06 05:17:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/07/06 05:17:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/07/03 06:10:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/07/02 22:07:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/07/02 22:07:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/06/19 15:32:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\The Game Equation
[2010/05/28 19:08:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Sierra On-Line
[2010/05/28 19:08:27 | 000,000,000 | ---D | C] -- C:\SIERRA
[2010/05/28 18:34:18 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Games
[2010/05/25 20:07:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\KAY\Maximize Games
[2010/05/25 14:28:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\1D2C
[2010/05/22 20:53:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\KAY\Application Data\Flood Light Games
[2010/05/22 20:53:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Flood Light Games
[2010/05/15 12:43:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\KAY\Application Data\Chains
[2010/05/12 20:12:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\KAY\Application Data\Family Farm
[2010/05/12 00:36:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\KAY\Local Settings\Application Data\Graboid_Inc
[2010/05/12 00:36:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\KAY\Local Settings\Application Data\Graboid
[2010/05/12 00:35:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\KAY\Application Data\MozillaControl
[2010/05/12 00:35:15 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla ActiveX Control v1.7.12
[2010/05/12 00:33:41 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN

========== Files - Modified Within 90 Days ==========

[2010/08/06 03:25:00 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{CFD2AC3E-6D5E-40BB-9987-6614F304721A}.job
[2010/08/06 03:22:13 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/06 03:22:00 | 803,262,464 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/06 03:22:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/06 03:20:54 | 003,932,160 | ---- | M] () -- C:\Documents and Settings\KAY\ntuser.dat
[2010/08/06 03:20:54 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\KAY\ntuser.ini
[2010/08/06 03:16:11 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/08/06 03:11:36 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\KAY\Desktop\OTL.exe
[2010/08/06 03:02:49 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/05 00:59:12 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/08/05 00:58:29 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/08/04 23:41:29 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/08/04 05:06:31 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\KAY\Desktop\dds.scr
[2010/08/04 05:04:07 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/03 03:33:44 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\KAY\Desktop\HijackThis.lnk
[2010/08/03 03:30:48 | 000,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/08/01 16:09:31 | 000,000,237 | ---- | M] () -- C:\Documents and Settings\KAY\Desktop\Yahoo!.url
[2010/08/01 08:55:03 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/08/01 08:55:03 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2010/07/31 17:03:05 | 000,012,099 | ---- | M] () -- C:\Documents and Settings\KAY\Desktop\Facebook Home.url
[2010/07/22 14:37:21 | 000,256,141 | ---- | M] () -- C:\logfile
[2010/07/18 08:57:55 | 000,000,166 | ---- | M] () -- C:\Documents and Settings\KAY\Desktop\Qwest.url
[2010/07/17 14:32:44 | 001,297,408 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2010/07/17 14:32:43 | 002,489,344 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2010/07/16 11:50:28 | 000,001,196 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\More Great Games.lnk
[2010/07/10 00:25:46 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010/07/08 19:56:10 | 000,000,917 | ---- | M] () -- C:\Documents and Settings\KAY\Desktop\Revo Uninstaller.lnk
[2010/07/08 19:38:04 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/08 19:31:12 | 000,523,698 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/07/08 19:31:12 | 000,442,798 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/07/08 19:31:12 | 000,072,080 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/07/07 17:53:33 | 000,193,776 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/07/06 04:57:50 | 000,000,444 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/05/29 11:15:36 | 000,047,720 | ---- | M] () -- C:\Documents and Settings\KAY\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/05/28 19:08:51 | 000,000,208 | ---- | M] () -- C:\WINDOWS\SIERRA.INI
[2010/05/28 18:36:38 | 000,001,853 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Bicycle Card Games.lnk
[2010/05/25 14:30:12 | 000,000,000 | ---- | M] () -- C:\testwma.raw

**InfexusBytez** · August 6th, 2010, 04:38 AM

========== Files Created - No Company Name ==========

[2010/08/04 23:41:29 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/08/04 23:41:25 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/08/04 05:06:30 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\KAY\Desktop\dds.scr
[2010/08/04 04:57:16 | 803,262,464 | -HS- | C] () -- C:\hiberfil.sys
[2010/08/03 05:30:27 | 000,000,438 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{CFD2AC3E-6D5E-40BB-9987-6614F304721A}.job
[2010/08/03 03:33:44 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\KAY\Desktop\HijackThis.lnk
[2010/08/03 03:30:48 | 000,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/08/01 08:55:03 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2010/08/01 08:55:03 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2010/07/16 11:50:28 | 000,001,196 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\More Great Games.lnk
[2010/07/10 00:25:46 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010/07/08 19:55:34 | 000,000,917 | ---- | C] () -- C:\Documents and Settings\KAY\Desktop\Revo Uninstaller.lnk
[2010/07/06 04:57:50 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/06 04:57:50 | 000,000,444 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/07/01 02:02:28 | 003,932,160 | ---- | C] () -- C:\Documents and Settings\KAY\ntuser.dat
[2010/05/28 19:08:18 | 000,000,208 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2010/05/28 18:36:38 | 000,001,853 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Bicycle Card Games.lnk
[2005/07/23 23:48:48 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/07/23 23:38:29 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/07/23 23:15:04 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2005/07/23 23:14:52 | 000,000,375 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/04/09 17:04:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 13:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 13:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2001/09/06 17:42:54 | 000,000,036 | ---- | C] () -- C:\WINDOWS\A3W.ini

========== LOP Check ==========

[2010/05/25 14:28:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\1D2C
[2009/12/04 18:35:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alawar Stargaze
[2009/04/01 18:48:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications
[2009/08/21 16:51:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BarbarianGames
[2009/04/18 17:31:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Black Blob Studios
[2009/03/29 12:52:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\blg
[2009/06/21 17:35:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Escape From Paradise
[2010/05/22 20:53:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flood Light Games
[2009/05/09 13:03:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fugazo
[2009/07/31 13:44:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FuzzyBug
[2009/07/28 20:14:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GoBit Games
[2010/04/25 17:38:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InterAction studios
[2009/12/25 11:37:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JollyBear
[2009/11/03 19:58:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ludia
[2009/06/27 11:49:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Merscom
[2009/04/29 18:56:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2009/07/19 14:38:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MythPeople
[2009/05/04 16:54:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oberon Games
[2009/05/06 18:19:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2009/04/06 20:42:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QuickClick
[2010/04/08 17:56:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Qwest
[2009/06/19 23:27:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Slapdash Games
[2009/10/06 11:35:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SuperRanch
[2010/04/08 18:43:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2010/07/22 20:17:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/07/07 17:46:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\The Game Equation
[2009/06/20 21:13:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UClick
[2010/03/19 22:27:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\KAY\Application Data\Arkadium
[2009/08/16 19:23:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\KAY\Application Data\Babylonia
[2009/08/21 16:51:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\KAY\Application Data\BarbarianGames
[2010/04/11 04:00:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\KAY\Application Data\bearsharemediabartb
[2010/07/09 23:47:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\KAY\Application Data\bfgbar
[2009/03/29 12:52:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\KAY\Application Data\blg
[2009/08/26 20:09:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\KAY\Application Data\Camel101
[2010/07/16 11:51:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\KAY\Application Data\CannyGames
[2010/05/15 13:00:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\KAY\Application Data\Chains
[2009/05/05 17:26:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\KAY\Application Data\CobiMobi
[2009/07/16 22:01:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\KAY\Application Data\CupcakeCafe
[2010/05/12 20:15:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\KAY\Application Data\Family Farm
[2010/05/22 20:53:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\KAY\Application Data\Flood Light Games
[2010/08/04 05:24:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\KAY\Application Data\FrostWire
[2009/04/13 20:02:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\KAY\Application Data\funkitron
[2010/07/15 20:47:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\KAY\Application Data\Hotdog Hotshot
[2009/03/27 21:46:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\KAY\Application Data\Image Zone Express
[2009/11/05 20:58:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\KAY\Application Data\Ludia
[2010/04/02 19:18:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\KAY\Application Data\MB4
[2009/04/07 19:17:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\KAY\Application Data\monkey money
[2009/07/04 12:47:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\KAY\Application Data\Nology
[2009/04/29 16:36:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\KAY\Application Data\Orneon
[2009/05/01 16:37:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\KAY\Application Data\Pi Eye Games
[2009/05/06 18:19:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\KAY\Application Data\PlayFirst
[2009/10/20 17:45:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\KAY\Application Data\Playrix Entertainment
[2009/03/27 21:46:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\KAY\Application Data\Printer Info Cache
[2010/04/22 22:10:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\KAY\Application Data\Sahmon Games
[2010/04/02 19:00:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\KAY\Application Data\SmashFrenzy4
[2010/07/09 23:11:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\KAY\Application Data\StumbleUpon
[2009/06/20 21:13:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\KAY\Application Data\UClick
[2010/08/06 03:25:00 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{CFD2AC3E-6D5E-40BB-9987-6614F304721A}.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2004/08/10 13:04:08 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/03/23 17:08:14 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/08/04 23:41:29 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/02/07 13:56:52 | 000,246,202 | ---- | M] () -- C:\cddrvinstall.log
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2010/08/05 01:01:27 | 000,017,492 | ---- | M] () -- C:\ComboFix.txt
[2004/08/10 13:04:08 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2005/07/23 23:17:52 | 000,004,833 | RH-- | M] () -- C:\dell.sdr
[2010/08/06 03:22:23 | 000,023,665 | ---- | M] () -- C:\Facilitator.log
[2010/08/06 03:22:00 | 803,262,464 | -HS- | M] () -- C:\hiberfil.sys
[2003/12/08 13:15:56 | 000,028,672 | R--- | M] ( ) -- C:\hpqimgrc.resources.dll
[2009/03/23 17:25:54 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2004/08/10 13:04:08 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2010/07/22 14:37:21 | 000,256,141 | ---- | M] () -- C:\logfile
[2010/07/08 19:51:55 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2004/08/10 13:04:08 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2004/08/04 05:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/04/12 14:48:39 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/08/06 03:21:59 | 1204,785,152 | -HS- | M] () -- C:\pagefile.sys
[2009/04/11 18:27:46 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2009/04/12 11:37:56 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2009/04/12 17:40:47 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2009/05/09 12:35:27 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2009/05/10 10:48:21 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2009/05/15 14:00:29 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2009/05/21 16:43:38 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2009/05/21 17:08:51 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2009/05/21 20:48:32 | 000,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2009/05/27 13:12:50 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2009/05/31 10:49:24 | 000,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
[2009/06/07 03:09:49 | 000,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
[2009/06/09 14:54:10 | 000,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
[2009/06/15 12:28:48 | 000,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
[2009/06/21 14:27:08 | 000,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
[2009/06/21 17:48:54 | 000,000,268 | -H-- | M] () -- C:\sqmdata15.sqm
[2009/07/05 17:02:46 | 000,000,268 | -H-- | M] () -- C:\sqmdata16.sqm
[2009/07/09 19:24:26 | 000,000,268 | -H-- | M] () -- C:\sqmdata17.sqm
[2009/04/11 18:27:45 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2009/04/12 11:37:56 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2009/04/12 17:40:47 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2009/05/09 12:35:27 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2009/05/10 10:48:21 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2009/05/15 14:00:29 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2009/05/21 16:43:38 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2009/05/21 17:08:51 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2009/05/21 20:48:32 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2009/05/27 13:12:50 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2009/05/31 10:49:24 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2009/06/07 03:09:48 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2009/06/09 14:54:09 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2009/06/15 12:28:48 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2009/06/21 14:27:08 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2009/06/21 17:48:53 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2009/07/05 17:02:46 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2009/07/09 19:24:25 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2010/05/25 14:30:12 | 000,000,000 | ---- | M] () -- C:\testwma.raw
[2009/04/09 17:31:16 | 000,001,371 | ---- | M] () -- C:\_Sid.txt

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll

Thread: Malware infection

Thread Tools

Search Thread

Display

Malware infection

Thread Information

Users Browsing this Thread

Posting Permissions