Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Shockwave not working (hijackthis log included)


  • This topic is locked This topic is locked
26 replies to this topic

#1 Rogowicz

Rogowicz

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:02 PM

Posted 28 March 2009 - 12:52 PM

Something happened with shockwave on my computer. It wont load on sites that it normally would have before. I've ran different virus scans, ad-aware, malware and other programs. I have no idea what to do at this point. Thank you for your help

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:45:38 PM, on 3/28/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\RioMSC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Milt\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Milt\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Milt\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Milt\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Milt\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [SkinClock] C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp /HIDEBL
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKUS\S-1-5-18\..\Run: [Osae] "C:\WINDOWS\ICROSO~1.NET\notepad.exe" -vt ndrv (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [] C:\PROGRA~1\YSTEM3~1\WNSPOO~1.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Wmxnmbr] C:\Documents and Settings\Milt\My Documents\?ppPatch\m?hta.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Osae] "C:\WINDOWS\ICROSO~1.NET\notepad.exe" -vt ndrv (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
O15 - Trusted Zone: http://*.download.microsoft.com
O15 - Trusted Zone: http://*.update.microsoft.com
O15 - Trusted Zone: http://*.windowsupdate.com
O15 - Trusted Zone: http://*.windowsupdate.microsoft.com
O16 - DPF: {195B4BBF-E1E4-4020-9773-0A8C6F65EA35} (CPlayFirstCookingDasControl Object) - http://games.bigfishgames.com/en_cooking-d...Web.1.0.0.9.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shock...ash/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Application Layer Gateway Service (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - (no file)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

--
End of file - 6345 bytes

Attached Files


Edited by Rogowicz, 28 March 2009 - 01:23 PM.


BC AdBot (Login to Remove)

 


#2 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA
  • Local time:07:02 PM

Posted 06 April 2009 - 10:44 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#3 Rogowicz

Rogowicz
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:02 PM

Posted 11 April 2009 - 01:04 PM

here are the files you requested, I really hope for the best!!

Attached Files



#4 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:02 PM

Posted 11 April 2009 - 02:22 PM

Hi,

Welcome to BleepingComputer HijackThis Logs and Malware Removal,Roqowicz. :thumbup2:
My name is sundavis, I will be helping you to deal with your Malware problems today.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times. and we are trying our best to keep up.
If you have since resolved the original problem you were having, we would appreciate you letting us know. If not, then please do the following.

Step1

Please download GMER Rootkit Scanner from Here or Here.
  • Extract the contents of the zipped file to desktop.
  • Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish. For more info, go to Here for your reference.
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" , and copy and paste the contents in your next reply.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


Step2
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

In your next reply, please post back:


1.GMER log
2.RSIT log.txt and info.txt.Thanks.

#5 Rogowicz

Rogowicz
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:02 PM

Posted 11 April 2009 - 05:06 PM

There they are for ya, thank you again for your help, I'm ready to break this thing!!

Attached Files

  • Attached File  GMER.log   9.76KB   2 downloads
  • Attached File  info.txt   17.14KB   10 downloads
  • Attached File  log.txt   28.42KB   1 downloads


#6 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:02 PM

Posted 11 April 2009 - 06:39 PM

Hi Roqowicz,


Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546
I suggest you remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.

Viewpoint Manager
Viewpoint Media Player
Viewpoint Toolbar


I notice there is sign of one P2P (Person to Person) File Sharing Programs on your computer. Even if you are using a "safe" P2P program, it is only the program that is safe.
You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares. Even you have PeerGuardian2 to safeguard your privacy on P2P.
You are well advised to remove it via Control Panel > Add/Remove Programs


Azureus
LimeWire PRO 4.14



I also notice there are some unwanted programs installed in your system. Those unwanted programs are sometimes malware related or potential hazard to your security. You're well advised to remove them.

Click Start > Settings > Control Panel.
In Control Panel, double-click Add or Remove Programs.
In Add or Remove Programs, highlight

Full Tilt Poker
PokerStars


and click on Change/Remove to remove it.



Step1


If you already have Combofix, please delete that copy and download it again as it's being updated regularly.

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Note: CombFix has recently been updated to include the option for installing the Recovery Console automatically. You will see the below prompt when you first run ComboFix:


Posted Image


The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once Recovery Console is installed, you should see a blue screen prompt like the one below:


Posted Image

1.Close/disable all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

2.Click Yes to allow Combofix to continue scanning for malware.

When done, a log will be produced (or locate it in C:\ComboFix.txt). Please post that log in your next reply.

Do not mouse click on Combofix while it is running. That may cause it to stall.

If you have problems to run combofix. Please rename it or run it in safe mode.


Step2


I also notice you have not any antivirus program installed in your system. it's somewhat suicidal in this digital world nowadays.
Please get ONE antivirus and install it. Restart the computer for changes to take effect.

AVG Free 8.0 for Windows
AntiVir Free Edition




In your next reply, please post back:

1.Combofix log
2.RSIT log.txt

Please post your logs directly to this thread. Don't attach the logs. Thanks

#7 Rogowicz

Rogowicz
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:02 PM

Posted 12 April 2009 - 11:33 AM

ComboFix 09-04-04.01 - Milt 2009-04-11 21:41:10.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.254.88 [GMT -4:00]
Running from: c:\documents and settings\Milt\My Documents\Downloads\ComboFix.exe
FW: Norton Internet Worm Protection *disabled*
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Milt\Application Data\inst.exe
c:\documents and settings\Milt\My Documents\PPPATC~1
c:\program files\Common Files\{E0661~1
c:\program files\Common Files\ystem3~1
c:\windows\icroso~1.net
c:\windows\system32\asembl~1
c:\windows\system32\components
c:\windows\system32\llllm.bak1
c:\windows\system32\llllm.bak2
c:\windows\system32\llllm.ini
c:\windows\system32\llllm.ini2
c:\windows\system32\llllm.tmp
c:\windows\system32\w32apiw.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TDSSSERV
-------\Service_TDSSserv


((((((((((((((((((((((((( Files Created from 2009-03-12 to 2009-04-12 )))))))))))))))))))))))))))))))
.

2009-04-11 18:03 . 2009-04-11 18:04 <DIR> d----c--- C:\rsit
2009-04-10 23:15 . 2009-04-10 23:15 <DIR> d-------- c:\program files\Enigma Software Group
2009-04-10 22:07 . 2009-04-10 23:05 <DIR> d-------- c:\program files\XoftSpySE
2009-04-04 03:06 . 2009-04-04 03:06 <DIR> d-------- c:\windows\Chocolatier Decadence by Design
2009-04-04 03:06 . 2009-04-04 03:07 <DIR> d-------- c:\program files\Chocolatier Decadence by Design
2009-03-28 14:33 . 2009-03-28 14:33 <DIR> d-------- c:\windows\system32\Adobe
2009-03-28 13:45 . 2009-03-28 13:45 <DIR> d-------- c:\program files\Trend Micro
2009-03-26 01:56 . 2009-03-26 01:56 <DIR> d-------- c:\windows\Be a King
2009-03-26 01:56 . 2009-03-26 01:58 <DIR> d-------- c:\program files\Be a King
2009-03-26 00:12 . 2009-03-26 00:12 <DIR> d-------- c:\program files\Common Files\Sandlot Shared
2009-03-26 00:08 . 2009-03-26 00:08 <DIR> d-------- c:\program files\Cake Mania Back to the Bakery
2009-03-23 00:55 . 2009-03-23 00:58 34 --a------ c:\documents and settings\Milt\jagex_runescape_preferences.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-12 01:46 104,476,704 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-04-12 01:46 1,211,612 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-04-12 01:35 --------- d-----w c:\program files\Lavasoft
2009-04-12 01:35 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-04-12 01:23 --------- d-----w c:\program files\Viewpoint
2009-04-12 01:23 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2009-04-12 01:04 --------- d-----w c:\documents and settings\Milt\Application Data\Azureus
2009-04-11 21:53 --------- d-----w c:\program files\Full Tilt Poker
2009-04-08 19:43 --------- d-----w c:\documents and settings\Milt\Application Data\PlayFirst
2009-04-08 19:43 --------- d-----w c:\documents and settings\All Users\Application Data\PlayFirst
2009-04-08 19:32 --------- d-----w c:\documents and settings\Milt\Application Data\SolSuite
2009-04-07 21:46 --------- d-----w c:\program files\Microsoft Silverlight
2009-04-03 14:55 --------- d-----w c:\documents and settings\All Users\Application Data\DriverScanner
2009-04-02 22:52 --------- d-----w c:\program files\PokerStars
2009-03-26 05:32 --------- d-----w c:\program files\Java
2009-03-26 04:12 --------- d-----w c:\documents and settings\All Users\Application Data\Sandlot Games
2009-03-24 03:20 --------- d-----w c:\program files\Azureus
2009-03-20 21:09 --------- d-----w c:\program files\Bodog Poker
2009-03-07 08:16 --------- d-----w c:\program files\SwiftSwitch
2009-03-07 07:03 --------- d-----w c:\documents and settings\Milt\Application Data\Lavasoft
2009-03-07 00:07 --------- d-----w c:\program files\SUPERAntiSpyware
2009-03-07 00:07 --------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-03-07 00:06 --------- d-----w c:\documents and settings\Milt\Application Data\SUPERAntiSpyware.com
2009-03-06 21:50 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-06 20:26 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-02-26 10:50 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-02-25 02:28 --------- d-----w c:\documents and settings\All Users\Application Data\CardPlayer
2008-10-13 20:12 47,360 ----a-w c:\documents and settings\Milt\Application Data\pcouffin.sys
2008-10-13 20:12 11,114 ----a-w c:\documents and settings\All Users\Application Data\MainApp.dll
2006-05-26 03:26 32 -c--a-r c:\documents and settings\All Users\hash.dat
2005-06-22 05:37 45,568 -csha-r c:\windows\system32\cygz.dll
.

------- Sigcheck -------

2001-08-23 11:00 12800 0f7d9c87b0ce1fa520473119752c6f79 c:\windows\$NtServicePackUninstall$\svchost.exe
2008-04-13 20:12 14336 27c6d03bcdb8cfeb96b716f3d8be3e18 c:\windows\Sdold\Download\cf8ec753e88561d2ddb53e183dc05c3e\svchost.exe
2004-08-04 01:56 14336 8f078ae4ed187aaabc0a305146de6716 c:\windows\ServicePackFiles\i386\svchost.exe
2004-08-04 01:56 14336 8f078ae4ed187aaabc0a305146de6716 c:\windows\system32\svchost.exe

2001-08-23 11:00 75264 8529c295df59b564d37a73b5629162b1 c:\windows\$NtServicePackUninstall$\ws2_32.dll
2008-04-13 20:12 82432 2ccc474eb85ceaa3e1fa1726580a3e5a c:\windows\Sdold\Download\cf8ec753e88561d2ddb53e183dc05c3e\ws2_32.dll
2004-08-04 01:56 82944 2ed0b7f12a60f90092081c50fa0ec2b2 c:\windows\ServicePackFiles\i386\ws2_32.dll
2004-08-04 01:56 82944 2ed0b7f12a60f90092081c50fa0ec2b2 c:\windows\system32\ws2_32.dll

2006-06-23 07:25 664576 64ce26db72810b30f7855ea51e1df836 c:\windows\$hf_mig$\KB918899\SP2QFE\wininet.dll
2006-09-14 04:31 664576 d207370287cf769aebebf03837784963 c:\windows\$hf_mig$\KB922760\SP2QFE\wininet.dll
2006-10-23 11:34 664576 231ef4179acabe486376b5ca893f1076 c:\windows\$hf_mig$\KB925454\SP2QFE\wininet.dll
2007-01-04 10:05 665088 3ffa1573fc274e5aa7467d03941c45ee c:\windows\$hf_mig$\KB928090\SP2QFE\wininet.dll
2007-02-20 05:52 665600 b258c922d22deec880b60720531d7627 c:\windows\$hf_mig$\KB931768\SP2QFE\wininet.dll
2007-04-18 08:46 665600 4261ba03afd659de04f0a17dfbdd454d c:\windows\$hf_mig$\KB933566\SP2QFE\wininet.dll
2007-06-26 10:35 665600 e1a3dd68b5380b360a7310a64d9bb188 c:\windows\$hf_mig$\KB937143\SP2QFE\wininet.dll
2007-08-22 08:55 665600 a1bc17eb3758d73c3938b2318820f5b4 c:\windows\$hf_mig$\KB939653\SP2QFE\wininet.dll
2008-04-21 02:56 666624 2e7de1bf9418b071799eb53de8cc22f5 c:\windows\$hf_mig$\KB950759\SP2QFE\wininet.dll
2008-04-21 02:44 666112 2b0c24aa747a93a28987b6d65a4a74bc c:\windows\$hf_mig$\KB950759\SP3GDR\wininet.dll
2008-04-21 02:24 666624 26f240c250e5b4b395cb4b178ba75437 c:\windows\$hf_mig$\KB950759\SP3QFE\wininet.dll
2008-06-23 12:12 667136 611ace3f4201e9610af8452f7c268995 c:\windows\$hf_mig$\KB953838\SP2QFE\wininet.dll
2008-06-23 11:09 666112 f12fbb673de9cc802c5dc518fe99aa2f c:\windows\$hf_mig$\KB953838\SP3GDR\wininet.dll
2008-06-23 10:54 666624 972299b7241ec325d8c7e5638c884925 c:\windows\$hf_mig$\KB953838\SP3QFE\wininet.dll
2001-08-23 11:00 593920 cf9f1eef71f42ede71b6f4aa05d5ca1a c:\windows\$NtServicePackUninstall$\wininet.dll
2008-10-16 06:37 659456 6f1e4bfd78c4e0d05ff3725d59b72925 c:\windows\Sdold\Download\7bc58354ca50aa200544caaef7677c8a\SP2GDR\wininet.dll
2008-10-16 06:20 667648 93c9d0a216498ee14eb9b26119bb95ee c:\windows\Sdold\Download\7bc58354ca50aa200544caaef7677c8a\SP2QFE\wininet.dll
2008-10-15 21:00 666112 1576318bf08d28cc61d1278114ad8d5b c:\windows\Sdold\Download\7bc58354ca50aa200544caaef7677c8a\SP3GDR\wininet.dll
2008-10-15 21:04 667136 e8fce58a470999350f64c591557f9e42 c:\windows\Sdold\Download\7bc58354ca50aa200544caaef7677c8a\SP3QFE\wininet.dll
2008-04-13 20:12 666112 7a4f775abb2f1c97def3e73afa2faedd c:\windows\Sdold\Download\cf8ec753e88561d2ddb53e183dc05c3e\wininet.dll
2004-08-04 01:56 656384 c0823fc5469663ba63e7db88f9919d70 c:\windows\ServicePackFiles\i386\wininet.dll
2008-10-16 06:37 659456 6f1e4bfd78c4e0d05ff3725d59b72925 c:\windows\SoftwareDistribution\Download\7bc58354ca50aa200544caaef7677c8a\SP2GDR\wininet.dll
2008-10-16 06:20 667648 93c9d0a216498ee14eb9b26119bb95ee c:\windows\SoftwareDistribution\Download\7bc58354ca50aa200544caaef7677c8a\SP2QFE\wininet.dll
2008-10-15 21:00 666112 1576318bf08d28cc61d1278114ad8d5b c:\windows\SoftwareDistribution\Download\7bc58354ca50aa200544caaef7677c8a\SP3GDR\wininet.dll
2008-10-15 21:04 667136 e8fce58a470999350f64c591557f9e42 c:\windows\SoftwareDistribution\Download\7bc58354ca50aa200544caaef7677c8a\SP3QFE\wininet.dll
2008-06-23 11:38 659456 9eea04bc4c3fa521d256d89940fab4db c:\windows\system32\wininet.dll

2006-04-20 08:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 12:53 360832 64798ecfa43d78c7178375fcdd16d8c8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2008-06-20 06:44 360960 744e57c99232201ae98c49168b918f48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
2008-06-20 07:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
2008-06-20 07:59 361600 ad978a1b783b5719720cff204b666c8e c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2001-08-23 11:00 327168 e7774698bb0d14b0710a9a31e209f9b6 c:\windows\$NtServicePackUninstall$\tcpip.sys
2008-04-13 15:20 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\Sdold\Download\cf8ec753e88561d2ddb53e183dc05c3e\tcpip.sys
2004-08-04 00:14 359040 9f4b36614a0fc234525ba224957de55c c:\windows\ServicePackFiles\i386\tcpip.sys
2008-06-20 06:45 360320 2a5554fc5b1e04e131230e3ce035c3f9 c:\windows\system32\drivers\tcpip.sys

2001-08-23 11:00 430080 2b0e480e975ee51f2d5ce5f068fed6e2 c:\windows\$NtServicePackUninstall$\winlogon.exe
2008-04-13 20:12 507904 ed0ef0a136dec83df69f04118870003e c:\windows\Sdold\Download\cf8ec753e88561d2ddb53e183dc05c3e\winlogon.exe
2004-08-04 01:56 502272 01c3346c241652f43aed8e2149881bfe c:\windows\ServicePackFiles\i386\winlogon.exe
2004-08-04 01:56 502272 01c3346c241652f43aed8e2149881bfe c:\windows\system32\winlogon.exe

2001-08-23 11:00 161536 3efd4f59ba0a340de0a3ab984001dbf7 c:\windows\$NtServicePackUninstall$\ndis.sys
2008-04-13 15:20 182656 1df7f42665c94b825322fae71721130d c:\windows\Sdold\Download\cf8ec753e88561d2ddb53e183dc05c3e\ndis.sys
2004-08-04 00:14 182912 558635d3af1c7546d26067d5d9b6959e c:\windows\ServicePackFiles\i386\ndis.sys
2004-08-04 00:14 182912 558635d3af1c7546d26067d5d9b6959e c:\windows\system32\drivers\ndis.sys

2008-04-13 14:53 36608 3bb22519a194418d5fec05d800a19ad0 c:\windows\Sdold\Download\cf8ec753e88561d2ddb53e183dc05c3e\ip6fw.sys
2004-08-04 00:00 29056 4448006b6bc60e6c027932cfc38d6855 c:\windows\ServicePackFiles\i386\ip6fw.sys
2004-08-04 00:00 29056 4448006b6bc60e6c027932cfc38d6855 c:\windows\system32\drivers\ip6fw.sys

2005-03-01 21:04 2179456 28187802b7c368c0d3aef7d4c382aabb c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
2006-12-19 12:51 2182016 cef243f6defd20be4adde26c7ecacb54 c:\windows\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe
2007-02-28 05:55 2182144 5a5c8db4aa962c714c8371fbdf189fc9 c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
2008-08-14 05:57 2185984 ce69dbd54221f2d40e49ff6db77c6507 c:\windows\$hf_mig$\KB956841\SP2QFE\ntoskrnl.exe
2008-08-14 06:11 2189184 eeaf32f8e15a24f62becb1bd403bb5c5 c:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe
2008-08-14 16:11 2189184 31914172342bff330063f343ac6958fe c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
2001-08-23 11:00 1982208 a29222d5281056e497408fcc9062f749 c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
2008-08-14 06:00 2180352 21c91da9cb53aa8a37041ba9684a8458 c:\windows\Driver Cache\i386\ntoskrnl.exe
2008-04-13 15:27 2188928 0c89243c7c3ee199b96fcc16990e0679 c:\windows\Sdold\Download\cf8ec753e88561d2ddb53e183dc05c3e\ntoskrnl.exe
2004-08-04 00:20 2180992 ce218bc7088681faa06633e218596ca7 c:\windows\ServicePackFiles\i386\ntoskrnl.exe
2008-08-14 06:00 2180352 21c91da9cb53aa8a37041ba9684a8458 c:\windows\system32\ntoskrnl.exe

2001-08-23 11:00 101376 e3df4a0252d287c44606ee55355e1623 c:\windows\$NtServicePackUninstall$\services.exe
2008-04-13 20:12 108544 0e776ed5f7cc9f94299e70461b7b8185 c:\windows\Sdold\Download\cf8ec753e88561d2ddb53e183dc05c3e\services.exe
2004-08-04 01:56 108032 c6ce6eec82f187615d1002bb3bb50ed4 c:\windows\ServicePackFiles\i386\services.exe
2004-08-04 01:56 108032 c6ce6eec82f187615d1002bb3bb50ed4 c:\windows\system32\services.exe

2001-08-23 11:00 11776 8a590ea109b5e0c7629e022f8a6b17c5 c:\windows\$NtServicePackUninstall$\lsass.exe
2008-04-13 20:12 13312 bf2466b3e18e970d8a976fb95fc1ca85 c:\windows\Sdold\Download\cf8ec753e88561d2ddb53e183dc05c3e\lsass.exe
2004-08-04 01:56 13312 84885f9b82f4d55c6146ebf6065d75d2 c:\windows\ServicePackFiles\i386\lsass.exe
2004-08-04 01:56 13312 84885f9b82f4d55c6146ebf6065d75d2 c:\windows\system32\lsass.exe

2001-08-23 11:00 13312 85b1054db58d13aa42d7dca778c30f57 c:\windows\$NtServicePackUninstall$\ctfmon.exe
2008-04-13 20:12 15360 5f1d5f88303d4a4dbc8e5f97ba967cc3 c:\windows\Sdold\Download\cf8ec753e88561d2ddb53e183dc05c3e\ctfmon.exe
2004-08-04 01:56 15360 24232996a38c0b0cf151c2140ae29fc8 c:\windows\ServicePackFiles\i386\ctfmon.exe
2004-08-04 01:56 15360 24232996a38c0b0cf151c2140ae29fc8 c:\windows\system32\ctfmon.exe

2001-08-23 11:00 21504 585398603f570f9705774d65d292e5d1 c:\windows\$NtServicePackUninstall$\userinit.exe
2008-04-13 20:12 26112 a93aee1928a9d7ce3e16d24ec7380f89 c:\windows\Sdold\Download\cf8ec753e88561d2ddb53e183dc05c3e\userinit.exe
2004-08-04 01:56 24576 39b1ffb03c2296323832acbae50d2aff c:\windows\ServicePackFiles\i386\userinit.exe
2004-08-04 01:56 24576 39b1ffb03c2296323832acbae50d2aff c:\windows\system32\userinit.exe

2001-08-23 11:00 197632 458635d2e4559526cf9c895340a38702 c:\windows\$NtServicePackUninstall$\termsrv.dll
2008-04-13 20:12 295424 ff3477c03be7201c294c35f684b3479f c:\windows\Sdold\Download\cf8ec753e88561d2ddb53e183dc05c3e\termsrv.dll
2004-08-04 01:56 295424 b60c877d16d9c880b952fda04adf16e6 c:\windows\ServicePackFiles\i386\termsrv.dll
2004-08-04 01:56 295424 b60c877d16d9c880b952fda04adf16e6 c:\windows\system32\termsrv.dll

2001-08-23 11:00 14848 865ad7ccb20856727d5bd994b094dc5e c:\windows\$NtServicePackUninstall$\powrprof.dll
2008-04-13 20:12 17408 50a166237a0fa771261275a405646cc0 c:\windows\Sdold\Download\cf8ec753e88561d2ddb53e183dc05c3e\powrprof.dll
2004-08-04 01:56 17408 1b5f6923abb450692e9fe0672c897aed c:\windows\ServicePackFiles\i386\powrprof.dll
2004-08-04 01:56 17408 1b5f6923abb450692e9fe0672c897aed c:\windows\system32\powrprof.dll

2001-08-23 11:00 96768 e046037fd5bcdf92ce1a122b749b9b09 c:\windows\$NtServicePackUninstall$\imm32.dll
2008-04-13 20:11 110080 0da85218e92526972a821587e6a8bf8f c:\windows\Sdold\Download\cf8ec753e88561d2ddb53e183dc05c3e\imm32.dll
2004-08-04 01:56 110080 87ca7ce6469577f059297b9d6556d66d c:\windows\ServicePackFiles\i386\imm32.dll
2004-08-04 01:56 110080 87ca7ce6469577f059297b9d6556d66d c:\windows\system32\imm32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkinClock"="c:\program files\Atomic Alarm Clock\AtomicAlarmClock.exe" [2008-05-21 1134592]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-10-31 50480]
"Uniblue RegistryBooster 2009"="c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe" [2008-08-26 2019624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2006-11-12 157592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Wmxnmbr"="c:\documents and settings\Milt\My Documents\?ppPatch\m?hta.exe" [?]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"EditLevel"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 12:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.3IV2"= 3ivxVfWCodec.dll
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a--c--- 2008-10-31 15:22 50480 c:\program files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a--c--- 2006-11-12 06:48 157592 c:\program files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a--c--- 2007-06-29 06:24 286720 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Documents and Settings\\Milt\\Application Data\\PowerChallenge\\PowerFootball\\PowerFootball-OpenGL.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"59692:TCP"= 59692:TCP:Azureus
"59692:UDP"= 59692:UDP:Azureus

R1 is-P3JUOdrv;is-P3JUOdrv;c:\windows\system32\drivers\95110920.sys [2009-03-06 148496]
S3 iAimFP8;iAimFP8;c:\windows\system32\drivers\wADV11NT.sys [2005-11-29 11935]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - GTNDIS5
*Deregistered* - AudioSrv
*Deregistered* - BITS
*Deregistered* - Browser
*Deregistered* - CryptSvc
*Deregistered* - DcomLaunch
*Deregistered* - Dhcp
*Deregistered* - dmserver
*Deregistered* - Dnscache
*Deregistered* - ERSvc
*Deregistered* - EventSystem
*Deregistered* - ewido anti-spyware 4.0 guard
*Deregistered* - FastUserSwitchingCompatibility
*Deregistered* - GTNDIS5
*Deregistered* - helpsvc
*Deregistered* - HTTPFilter
*Deregistered* - JavaQuickStarterService
*Deregistered* - lanmanserver
*Deregistered* - lanmanworkstation
*Deregistered* - LmHosts
*Deregistered* - Netman
*Deregistered* - Nla
*Deregistered* - PartMgr
*Deregistered* - ParVdm
*Deregistered* - PolicyAgent
*Deregistered* - PptpMiniport
*Deregistered* - ProtectedStorage
*Deregistered* - PSched
*Deregistered* - RasAcd
*Deregistered* - Rasl2tp
*Deregistered* - RasPppoe
*Deregistered* - Raspti
*Deregistered* - Rdbss
*Deregistered* - RDPCDD
*Deregistered* - rdpdr
*Deregistered* - RemoteRegistry
*Deregistered* - RioMSC
*Deregistered* - RpcLocator
*Deregistered* - RpcSs
*Deregistered* - SamSs
*Deregistered* - SASDIFSV
*Deregistered* - SASKUTIL
*Deregistered* - Secdrv
*Deregistered* - seclogon
*Deregistered* - SENS
*Deregistered* - SharedAccess
*Deregistered* - ShellHWDetection
*Deregistered* - Spooler
*Deregistered* - sptd
*Deregistered* - sr
*Deregistered* - srservice
*Deregistered* - Srv
*Deregistered* - SSDPSRV
*Deregistered* - stisvc
*Deregistered* - StyleXPHelper
*Deregistered* - StyleXPService
*Deregistered* - swenum
*Deregistered* - Tcpip
*Deregistered* - TermService
*Deregistered* - TrkWks
*Deregistered* - Update
*Deregistered* - upnphost
*Deregistered* - VgaSave
*Deregistered* - VolSnap
*Deregistered* - W32Time
*Deregistered* - Wanarp
*Deregistered* - WebClient
*Deregistered* - winmgmt
*Deregistered* - WMP54Gv4SVC
*Deregistered* - wscsvc
*Deregistered* - wuauserv
*Deregistered* - WZCSVC
.
Contents of the 'Scheduled Tasks' folder

2008-11-25 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\documents and settings\Milt\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-25 15:35]

2009-01-29 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2008-06-10 13:56]

2009-04-11 c:\windows\Tasks\XoftSpySE 2.job
- c:\program files\XoftSpySE\XoftSpy.exe [2009-04-10 22:44]

2009-04-11 c:\windows\Tasks\XoftSpySE.job
- c:\program files\XoftSpySE\XoftSpy.exe [2009-04-10 22:44]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-AWMON - c:\program files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
HKU-Default-Run-Osae - c:\windows\ICROSO~1.NET\notepad.exe


.
------- Supplementary Scan -------
.
uStart Page = about:blank
Trusted Zone: download.microsoft.com
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: update.microsoft.com
Trusted Zone: windowsupdate.com
Trusted Zone: windowsupdate.microsoft.com
DPF: {195B4BBF-E1E4-4020-9773-0A8C6F65EA35} - hxxp://games.bigfishgames.com/en_cooking-dash/online/CookingDashWeb.1.0.0.9.cab
FF - ProfilePath - c:\documents and settings\Milt\Application Data\Mozilla\Firefox\Profiles\yt3skppu.default\
FF - plugin: c:\program files\Google\Google Updater\2.2.1273.1045\npCIDetect12.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPCARDS.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npracplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npvirtools.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDCE08D86A-A41A-410A-943C-13BABB7DC474", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDA9EDC9ED-603A-4F3F-BBEA-59C8853A3236", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID90D10942-D952-4863-9DD6-A2BDBBAD456E", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID0ECEE744-7B69-4912-AB91-AE76D61ECB04", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDF25635B2-1AB9-47B5-88D1-8877B22C86DE", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID27B7F812-4159-45B9-A389-B7A118A58DE4", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDF849DF29-393B-4F8B-99D1-117A70D66FC7", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDBF1E9C3D-637C-4171-BD12-28A7360B879A", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDDE1C0601-7947-4D7F-A6E5-E68BF6BA1E37", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID4EA0DCCE-4D98-4876-9C6A-E5C563D0820A", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID446462BA-2AAD-4C88-BC63-5210E2F31465", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID0862E368-A40E-4E55-83EB-FBC5571BABA4", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDD2A96E3C-FFB3-4D38-9AC3-B127527BEA35", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID4B05B39A-9DDC-4650-A7F8-D5B134E5FFE5", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDC8E2574A-7BCE-4B93-A22E-61831DFD6DB8", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID659796C0-8B5D-48D7-A4EB-7E6874E26274", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID78071AB5-E729-414E-8D02-9C1D034F82E7", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDCC3F71E1-17F3-4C5B-997D-44CA56943197", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDE67D5C78-B2D4-4BA0-8D69-1C7AF4BB08B5", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFC5F3D7A-D321-412C-8A5D-9AD0C8041941", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID6EC5CD16-81BC-4515-9EDD-9265C906F56E", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID67CFB2C5-E491-4395-977B-CD45E4124655", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID73600569-52E6-4760-8BAB-B68202937D98", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDB02EBD42-6885-401A-9389-E089F7DDC872", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDBAE5CB8C-4075-4743-B2E4-78DA8D8CDC64", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID28B07B04-DA99-4FD3-BF27-4972F2B8142B", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID0D53448F-D12B-4102-8CE2-697DAE8D6643", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDE3266A47-A141-47B8-AAA8-5F16FB4F8CCD", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDB33AB7AF-76D7-4B1C-B709-5D6BF9E7B1C7", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID153B7451-0BB5-4B37-95C0-44D89E2F1F2B", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID3BBE8E21-0D3D-4BAA-AC6F-C7BCEF750849", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID9B5B4F2D-A7D9-4329-B0FE-92B301A8CAAD", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDA5C42921-8CD0-4924-97C3-01B5B0610BC6", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID06969252-F90F-4CF2-9074-33772EB64859", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFBF37655-1236-4C0D-96C5-F94E1724841B", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDC1A3F035-B68F-4B2B-9FD5-E36DAAAF26DD", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID368F3685-543E-4812-9FDE-96E097E453FC", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID43969873-56AA-4113-84CB-4AB2AEB9AA31", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDA205DD80-63D4-4E41-B785-26EC3D90B97B", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID068D43E7-7551-4A2F-AE96-4A38A9AD1953", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDF443E9CB-9EEC-456E-8AE7-F3102D5CD47D", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDE36A7B16-645D-4261-BFF8-3A7E69C5F7A5", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID379805E3-E0E2-40DC-B51B-6DC1AE5802AA", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDF6240D69-A06D-44A1-8003-8496CCEF2C53", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID26C3113D-5A71-4F1B-A2CB-BE59E1279DDA", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID92B97F2B-7565-4CE9-9AC7-0598DFD731F8", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID2AA5E7CF-9696-42F0-B76A-8655296EADF2", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID0AAACE0B-ACEF-4781-83F4-BFB52EEC995A", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID0D56FF58-A39D-4E8C-A40B-2E3711251772", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID946121C2-11F1-49DD-A7E3-CF793DE827A4", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDB853303D-1BAB-43F3-9D7D-101D0DA8E7A5", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID9E578247-FE29-4F8C-8202-A24A5688CF2A", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID6D065A8F-FFC0-4A0F-B863-1D724B8C786B", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID4451D291-6940-42CE-9D3C-CA1D4C96549C", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID064B722D-079D-4EBB-B3CF-9FCBF64FFF5D", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID38F8AB0F-5DFB-43D9-889E-8717CC4AB59B", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID4EC68CD1-0EF1-4CB9-9EF1-3D64AB266149", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID44F96B27-CFAD-41E1-83A1-6B28040C3BDE", "AllAccess");
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-11 21:51:03
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-682003330-839522115-1202660629-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:28,f8,9b,b5,bc,de,f7,9b,46,b4,e7,a3,44,13,e9,b5,81,19,5e,34,b8,31,2e,
70,e2,92,a3,ff,8c,15,07,04,fa,0b,cc,9d,ea,a4,07,a9,47,d6,d5,56,c0,85,d0,6c,\
"??"=hex:f6,11,8e,9f,03,82,b3,00,ab,6a,9a,ad,ba,36,8a,22
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(444)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\TGTSoft\StyleXP\StyleXPService.exe
c:\program files\ewido anti-spyware 4.0\guard.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\RioMSC.exe
c:\windows\system32\locator.exe
c:\program files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
c:\program files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
c:\program files\AIM6\aolsoftware.exe
c:\windows\system32\wscntfy.exe
c:\program files\AIM6\aolsoftware.exe
.
**************************************************************************
.
Completion time: 2009-04-11 21:59:45 - machine was rebooted [Milt]
ComboFix-quarantined-files.txt 2009-04-12 01:59:21

Pre-Run: 500,457,472 bytes free
Post-Run: 512,897,024 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

Current=3 Default=3 Failed=1 LastKnownGood=2 Sets=,1,2,3,4,5,6,7,8,9
434 --- E O F --- 2009-04-11 07:00:30




Logfile of random's system information tool 1.06 (written by random/random)
Run by Milt at 2009-04-12 12:28:51
Microsoft Windows XP Professional Service Pack 2
System drive C: has 316 MB (3%) free of 10 GB
Total RAM: 254 MB (44% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:29:21 PM, on 4/12/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\RioMSC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Documents and Settings\Milt\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Milt\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
C:\Documents and Settings\Milt\My Documents\Downloads\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Milt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [SkinClock] C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp /HIDEBL
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKUS\S-1-5-18\..\Run: [Wmxnmbr] C:\Documents and Settings\Milt\My Documents\?ppPatch\m?hta.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Wmxnmbr] C:\Documents and Settings\Milt\My Documents\?ppPatch\m?hta.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://*.download.microsoft.com
O15 - Trusted Zone: http://*.update.microsoft.com
O15 - Trusted Zone: http://*.windowsupdate.com
O15 - Trusted Zone: http://*.windowsupdate.microsoft.com
O16 - DPF: {195B4BBF-E1E4-4020-9773-0A8C6F65EA35} (CPlayFirstCookingDasControl Object) - http://games.bigfishgames.com/en_cooking-d...Web.1.0.0.9.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shock...ash/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Application Layer Gateway Service (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - (no file)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

--
End of file - 6391 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskUser.job
C:\WINDOWS\tasks\Microsoft_Hardware_Launch_IPoint_exe.job
C:\WINDOWS\tasks\XoftSpySE 2.job
C:\WINDOWS\tasks\XoftSpySE.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2009-02-10 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll [2008-07-07 654320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-02-10 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-02-10 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"=C:\Program Files\DAEMON Tools\daemon.exe [2006-11-12 157592]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SkinClock"=C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe [2008-05-21 1134592]
"Aim6"=C:\Program Files\AIM6\aim6.exe [2008-10-31 50480]
"Uniblue RegistryBooster 2009"=C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe [2008-08-26 2019624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
C:\Program Files\AIM6\aim6.exe [2008-10-31 50480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
C:\Program Files\DAEMON Tools\daemon.exe [2006-11-12 157592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2007-06-29 286720]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-05-26 183808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"=C:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll [2006-06-16 73728]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"EditLevel"=0
"NoCommonGroups"=0
"NoInstrumentation"=0
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoResolveSearch"=
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Documents and Settings\Milt\Application Data\PowerChallenge\PowerFootball\PowerFootball-OpenGL.exe"="C:\Documents and Settings\Milt\Application Data\PowerChallenge\PowerFootball\PowerFootball-OpenGL.exe:*:Enabled:PowerFootball-OpenGL"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 3 months======

2009-04-12 12:02:55 ----A---- C:\netstatx.exe
2009-04-11 22:35:14 ----D---- C:\WINDOWS\LastGood
2009-04-11 22:34:39 ----D---- C:\Program Files\Avira
2009-04-11 22:34:39 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2009-04-11 22:05:15 ----SHDC---- C:\RECYCLER
2009-04-11 21:59:49 ----AC---- C:\ComboFix.txt
2009-04-11 21:39:24 ----AC---- C:\Boot.bak
2009-04-11 21:39:07 ----RASHDC---- C:\cmdcons
2009-04-11 21:26:44 ----A---- C:\WINDOWS\zip.exe
2009-04-11 21:26:44 ----A---- C:\WINDOWS\VFIND.exe
2009-04-11 21:26:44 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-04-11 21:26:44 ----A---- C:\WINDOWS\SWSC.exe
2009-04-11 21:26:44 ----A---- C:\WINDOWS\SWREG.exe
2009-04-11 21:26:44 ----A---- C:\WINDOWS\sed.exe
2009-04-11 21:26:44 ----A---- C:\WINDOWS\NIRCMD.exe
2009-04-11 21:26:44 ----A---- C:\WINDOWS\grep.exe
2009-04-11 21:26:44 ----A---- C:\WINDOWS\fdsv.exe
2009-04-11 21:26:31 ----D---- C:\WINDOWS\ERDNT
2009-04-11 21:26:11 ----DC---- C:\Qoobox
2009-04-11 18:03:15 ----DC---- C:\rsit
2009-04-10 23:15:01 ----D---- C:\Program Files\Enigma Software Group
2009-04-10 22:07:12 ----D---- C:\Program Files\XoftSpySE
2009-04-10 19:37:34 ----A---- C:\WINDOWS\resetlog.txt
2009-04-04 03:06:41 ----D---- C:\WINDOWS\Chocolatier Decadence by Design
2009-04-04 03:06:40 ----D---- C:\Program Files\Chocolatier Decadence by Design
2009-04-04 03:06:21 ----A---- C:\WINDOWS\Chocolatier Decadence by Design Setup Log.txt
2009-03-28 14:33:01 ----D---- C:\WINDOWS\system32\Adobe
2009-03-28 13:45:13 ----D---- C:\Program Files\Trend Micro
2009-03-26 03:07:30 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2009-03-26 03:01:35 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-03-26 01:56:32 ----D---- C:\WINDOWS\Be a King
2009-03-26 01:56:32 ----D---- C:\Program Files\Be a King
2009-03-26 01:56:20 ----A---- C:\WINDOWS\Be a King Setup Log.txt
2009-03-26 01:32:10 ----A---- C:\WINDOWS\system32\javaws.exe
2009-03-26 01:32:10 ----A---- C:\WINDOWS\system32\javaw.exe
2009-03-26 01:32:10 ----A---- C:\WINDOWS\system32\java.exe
2009-03-26 00:12:45 ----D---- C:\Program Files\Common Files\Sandlot Shared
2009-03-26 00:08:54 ----D---- C:\Program Files\Cake Mania Back to the Bakery
2009-03-12 03:02:11 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2009-03-12 03:01:13 ----HDC---- C:\WINDOWS\$NtUninstallKB959772_WM11$
2009-03-06 20:09:30 ----D---- C:\WINDOWS\system32\CatRoot2
2009-03-06 20:07:26 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2009-03-06 20:06:55 ----D---- C:\Program Files\SUPERAntiSpyware
2009-03-06 20:06:55 ----D---- C:\Documents and Settings\Milt\Application Data\SUPERAntiSpyware.com
2009-03-06 18:31:09 ----D---- C:\WINDOWS\SoftwareDistribution
2009-03-06 16:26:18 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-02-25 04:06:12 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-02-24 22:28:57 ----D---- C:\Documents and Settings\All Users\Application Data\CardPlayer
2009-02-13 02:06:54 ----D---- C:\Program Files\Microsoft Silverlight
2009-02-12 04:01:01 ----A---- C:\WINDOWS\imsins.BAK
2009-02-12 04:00:55 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$
2009-02-10 02:23:33 ----D---- C:\Documents and Settings\Milt\Application Data\Boolat Games
2009-02-10 02:22:27 ----D---- C:\WINDOWS\Amelies Cafe
2009-02-10 02:22:27 ----D---- C:\Program Files\Amelies Cafe
2009-02-10 02:22:11 ----A---- C:\WINDOWS\Amelies Cafe Setup Log.txt
2009-02-10 02:14:45 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-02-09 04:01:31 ----A---- C:\WINDOWS\The Great Chocolate Chase Uninstall Log.txt
2009-02-09 04:01:14 ----A---- C:\WINDOWS\Governor of Poker Uninstall Log.txt
2009-01-29 00:52:51 ----D---- C:\Program Files\Intel
2009-01-29 00:52:32 ----D---- C:\Intel
2009-01-29 00:52:30 ----D---- C:\Drivers
2009-01-29 00:45:07 ----D---- C:\Program Files\Analog Devices
2009-01-29 00:45:07 ----A---- C:\WINDOWS\system32\DSndUp.exe
2009-01-29 00:45:07 ----A---- C:\WINDOWS\system32\CleanUp.exe
2009-01-29 00:45:07 ----A---- C:\WINDOWS\system32\a3d.dll
2009-01-29 00:45:03 ----D---- C:\Program Files\Microsoft IntelliPoint
2009-01-29 00:42:55 ----DC---- C:\dell
2009-01-29 00:29:28 ----D---- C:\Documents and Settings\All Users\Application Data\DriverScanner
2009-01-28 14:11:58 ----D---- C:\Documents and Settings\Milt\Application Data\Uniblue
2009-01-28 14:11:41 ----D---- C:\Program Files\Uniblue
2009-01-28 14:10:17 ----HDC---- C:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2009-01-26 20:09:50 ----HDC---- C:\Documents and Settings\All Users\Application Data\{D5ABFFAD-D592-4F98-B02B-587125B4801F}
2009-01-26 20:09:07 ----HDC---- C:\Documents and Settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
2009-01-26 20:04:47 ----SHDC---- C:\Config.Msi
2009-01-26 20:01:29 ----HDC---- C:\WINDOWS\$NtUninstallWIC$
2009-01-26 19:49:33 ----RHDC---- C:\AHCache

======List of files/folders modified in the last 3 months======

2009-04-12 05:35:01 ----A---- C:\Documents and Settings\Milt\Application Data\alarms.ini
2009-04-12 03:21:15 ----D---- C:\WINDOWS\system32\CatRoot_bak
2009-04-12 03:21:15 ----D---- C:\WINDOWS\system32\CatRoot
2009-04-12 03:20:57 ----HD---- C:\WINDOWS\inf
2009-04-12 03:20:48 ----D---- C:\WINDOWS\Temp
2009-04-11 22:35:18 ----D---- C:\WINDOWS\system32\drivers
2009-04-11 22:35:14 ----D---- C:\WINDOWS
2009-04-11 22:34:39 ----RD---- C:\Program Files
2009-04-11 22:32:07 ----D---- C:\Documents and Settings\Milt\Application Data\Azureus
2009-04-11 22:29:59 ----SHD---- C:\WINDOWS\Installer
2009-04-11 22:29:53 ----D---- C:\WINDOWS\WinSxS
2009-04-11 22:29:47 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-04-11 22:00:08 ----D---- C:\WINDOWS\system32
2009-04-11 21:51:22 ----AC---- C:\WINDOWS\system.ini
2009-04-11 21:50:36 ----A---- C:\Documents and Settings\Milt\Application Data\AtomicAlarmClock.ini
2009-04-11 21:45:56 ----D---- C:\WINDOWS\system32\config
2009-04-11 21:43:28 ----D---- C:\WINDOWS\AppPatch
2009-04-11 21:43:23 ----D---- C:\Program Files\Common Files
2009-04-11 21:39:24 ----RASHC---- C:\boot.ini
2009-04-11 21:35:35 ----D---- C:\Program Files\Lavasoft
2009-04-11 21:35:35 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-04-11 21:23:28 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2009-04-11 21:23:25 ----D---- C:\Program Files\Viewpoint
2009-04-10 23:06:00 ----SD---- C:\WINDOWS\Tasks
2009-04-10 19:58:04 ----D---- C:\WINDOWS\system32\1033
2009-04-10 19:56:29 ----D---- C:\Program Files\Mozilla Firefox
2009-04-08 15:43:24 ----D---- C:\Documents and Settings\All Users\Application Data\PlayFirst
2009-04-08 15:43:23 ----D---- C:\Documents and Settings\Milt\Application Data\PlayFirst
2009-04-08 15:32:30 ----D---- C:\Documents and Settings\Milt\Application Data\SolSuite
2009-04-07 17:46:35 ----D---- C:\WINDOWS\Minidump
2009-03-28 14:13:04 ----D---- C:\Documents and Settings\Milt\Application Data\Macromedia
2009-03-28 14:13:00 ----D---- C:\WINDOWS\system32\Macromed
2009-03-26 03:02:28 ----D---- C:\WINDOWS\Debug
2009-03-26 03:01:40 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-03-26 01:32:09 ----D---- C:\Program Files\Java
2009-03-26 00:12:43 ----D---- C:\Documents and Settings\All Users\Application Data\Sandlot Games
2009-03-23 23:20:29 ----D---- C:\Program Files\Azureus
2009-03-23 00:55:06 ----D---- C:\WINDOWS\.jagex_cache_32
2009-03-11 15:23:08 ----HD---- C:\WINDOWS\$hf_mig$
2009-03-11 15:16:49 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-03-07 04:16:57 ----D---- C:\Program Files\SwiftSwitch
2009-03-07 03:03:49 ----D---- C:\Documents and Settings\Milt\Application Data\Lavasoft
2009-03-06 18:31:06 ----D---- C:\WINDOWS\system32\oldcatroot2
2009-03-06 17:50:47 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-26 06:50:24 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-02-25 12:55:00 ----AC---- C:\WINDOWS\system32\MRT.exe
2009-02-11 02:22:40 ----D---- C:\SEGA
2009-02-11 01:17:40 ----D---- C:\SNES
2009-02-11 01:05:19 ----D---- C:\Program Files\WinRAR
2009-02-09 04:16:02 ----D---- C:\Program Files\GameBoost
2009-02-09 04:12:43 ----D---- C:\WINDOWS\Help
2009-02-09 03:40:21 ----D---- C:\Program Files\Graboid
2009-02-09 03:38:59 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-01-29 00:53:14 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-01-29 00:45:06 ----HD---- C:\Program Files\InstallShield Installation Information
2009-01-28 15:45:50 ----D---- C:\WINDOWS\Microsoft.NET
2009-01-28 15:43:32 ----RSD---- C:\WINDOWS\assembly
2009-01-26 20:07:50 ----D---- C:\WINDOWS\system32\mui
2009-01-26 20:07:50 ----D---- C:\Program Files\Internet Explorer

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-02-13 95576]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 ewido anti-spyware 4.0 driver;ewido anti-spyware 4.0 driver; \??\C:\Program Files\ewido anti-spyware 4.0\guard.sys []
R1 is-P3JUOdrv;is-P3JUOdrv; C:\WINDOWS\system32\DRIVERS\95110920.sys [2008-07-08 148496]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
R1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\System32\DRIVERS\p3.sys [2004-08-03 42496]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-02-13 28376]
R1 StyleXPHelper;StyleXPHelper; \??\C:\Program Files\TGTSoft\StyleXP\StyleXPHelper.exe []
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-23 12032]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.3.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-06-16 20747]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-02-13 55640]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
R3 GTNDIS5;GTNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\GTNDIS5.SYS []
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-06-23 9168]
R3 i81x;i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [2002-07-23 161020]
R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\WINDOWS\system32\DRIVERS\mcdbus.sys [2008-07-28 116736]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2008-06-23 12160]
R3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2008-06-10 31048]
R3 RT61;Linksys Wireless-G PCI Adapter Driver(RT61); C:\WINDOWS\system32\DRIVERS\RT61.sys [2005-10-27 356096]
R3 smbusp;Intel® SMBus 2.0 Driver; C:\WINDOWS\system32\DRIVERS\intelsmb.sys [2006-12-28 45184]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2002-12-19 539008]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R4 catchme;catchme; \??\C:\DOCUME~1\Milt\LOCALS~1\Temp\catchme.sys []
S3 ac97intc;Intel® 82801 Audio Driver Install Service (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter; \??\C:\WINDOWS\system32\drivers\NSDriver.sys []
S3 aeske1gp;aeske1gp; C:\WINDOWS\system32\drivers\aeske1gp.sys []
S3 aj8c87uu;aj8c87uu; C:\WINDOWS\system32\drivers\aj8c87uu.sys []
S3 BCM42RLY;BCM42RLY; \??\C:\WINDOWS\System32\BCM42RLY.SYS []
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-10-21 21568]
S3 iAimFP0;iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [2002-07-23 12415]
S3 iAimFP1;iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [2002-07-23 12127]
S3 iAimFP2;iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [2002-07-23 11775]
S3 iAimFP3;iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [2002-07-23 12063]
S3 iAimFP4;iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [2002-07-23 19455]
S3 iAimFP5;iAimFP5; C:\WINDOWS\system32\DRIVERS\wADV07nt.sys [2002-07-23 11807]
S3 iAimFP6;iAimFP6; C:\WINDOWS\system32\DRIVERS\wADV08nt.sys [2002-07-23 11295]
S3 iAimFP7;iAimFP7; C:\WINDOWS\system32\DRIVERS\wADV09nt.sys [2002-07-23 11871]
S3 iAimFP8;iAimFP8; C:\WINDOWS\system32\DRIVERS\wADV11nt.sys [2002-07-23 11935]
S3 iAimTV0;iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [2002-07-23 29311]
S3 iAimTV1;iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [2002-07-23 19551]
S3 iAimTV2;iAimTV2; C:\WINDOWS\system32\drivers\iAimTV2.sys []
S3 iAimTV3;iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [2002-07-23 33599]
S3 iAimTV4;iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [2002-07-23 23615]
S3 iAimTV5;iAimTV5; C:\WINDOWS\system32\DRIVERS\wATV10nt.sys [2002-07-23 25471]
S3 iAimTV6;iAimTV6; C:\WINDOWS\system32\DRIVERS\wATV06nt.sys [2002-07-23 22271]
S3 msloop;Microsoft Loopback Adapter Driver; C:\WINDOWS\system32\DRIVERS\loop.sys [2001-08-17 4992]
S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-10-13 47360]
S3 RIOUNIV;Rio universal USB driver; C:\WINDOWS\System32\Drivers\RIOUNIV.sys [2004-02-16 16128]
S3 samhid;samhid; C:\WINDOWS\system32\drivers\samhid.sys [2006-01-06 7548]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20061113.031\symidsco.sys []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-03-05 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-03-02 185089]
R2 AntiVirWebService;Avira AntiVir WebGuard; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2009-02-12 432897]
R2 ewido anti-spyware 4.0 guard;ewido anti-spyware 4.0 guard; C:\Program Files\ewido anti-spyware 4.0\guard.exe [2006-06-16 172032]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-02-10 152984]
R2 RioMSC;Rio MSC Manager; C:\WINDOWS\system32\RioMSC.exe [2004-08-26 282624]
S2 StyleXPService;StyleXPService; C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe [2005-03-17 348160]
S2 WMP54Gv4SVC;WMP54Gv4SVC; C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe [2004-02-06 41025]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S4 AntiVirMailService;Avira AntiVir MailGuard; C:\Program Files\Avira\AntiVir Desktop\avmailc.exe [2009-02-24 186625]

-----------------EOF-----------------

#8 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:02 PM

Posted 12 April 2009 - 12:41 PM

Hi Roqowicz,



Step1
  • Close any open browsers
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Go to Here for your reference.
  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text inside the code box below:
File::
C:\windows\system32\drivers\95110920.sys 
C:\WINDOWS\system32\drivers\aeske1gp.sys 
C:\WINDOWS\system32\drivers\aj8c87uu.sys 

Driver::
is-P3JUOdrv
aeske1gp
aj8c87uu


Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop

Posted Image

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you at "C:\ComboFix.txt". Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.



Step2


Start>Run>and copy/paste the following bold into run box, hit enter.

C:\Documents and Settings\Milt\My Documents\?ppPatch

A folder should open, double click that folder. Are you aware of those contents in that folder? If not, delete the ?ppPatch folder.


Please run HijackThis! and click "Do a system scan only." Place checks next to the following entries,(if present):

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O4 - HKUS\S-1-5-18\..\Run: [Wmxnmbr] C:\Documents and Settings\Milt\My Documents\?ppPatch\m?hta.exe (User 'SYSTEM') (if you delete that folder, then fix checked this entry)
O15 - Trusted Zone: http://*.download.microsoft.com
O15 - Trusted Zone: http://*.update.microsoft.com
O15 - Trusted Zone: http://*.windowsupdate.com
O15 - Trusted Zone: http://*.windowsupdate.microsoft.com


Close all browsers and other windows except for HijackThis!, and click "Fix Checked".

Reboot your pc.


Step3


Older versions Java have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 13...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) the following Java Runtime Environment (JRE or J2SE) in the name, and the following update:
    • J2SE Runtime Environment 5.0 Update 6
      Jane's Hotel. Family Hero
      Java™ 6 Update 12
      Java™ 6 Update 5
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u13-windows-i586-p.exe to install the newest version.



Step4


Let's clean some temp files. Please do the following:

Please download ATF Cleaner by Atribune.

Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.


If you use Firefox browser
Click Firefox at the top and choose: Select All
Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.


Step5


Please do an online scan with Kaspersky Online Scanner.
  • Please go to Kaspersky Online Scanner and perform an online antivirus scan.
  • Click Accept button on the "Requirements and limitations".
  • When Java warning " The applcation digital signature has been verified. Do you want to run the application " appears, Click on "Run" button.
  • It will be Downloading and installing the program and Updating the database.
  • When Updating the database have finished, click on Settings.
  • Make sure all boxes are checked. then click on the Save button.
  • Click on My Computer under Scan menu. It will start scanning, so be patient and let it run.
  • Once the scan is completed, Click on View Scan Report.
  • You may see a list of infected items over there. Click on Save Report As.
  • Click "Desktop" , Name the file as "KAS", Change the Files of type to Text file (.txt) and Click on Save button.
  • Please post the contents in your next reply.
  • You can refer to this animation
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.





Please post back the logs in your next reply.

1.Combodfix
2.KAS Scan Report
3.Fresh HJT log

Tell me how your pc is running now.

#9 Rogowicz

Rogowicz
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:02 PM

Posted 12 April 2009 - 03:09 PM

I cannot find this folder on my computer anywhere, but hijackthis located files in that folder???

Step2


Start>Run>and copy/paste the following bold into run box, hit enter.

C:\Documents and Settings\Milt\My Documents\?ppPatch

#10 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:02 PM

Posted 12 April 2009 - 03:20 PM

Hi Roqowicz,


You should show all files and use Windows Explorer to find the following folder(if found):

C:\Documents and Settings\Milt\My Documents\?ppPatch

If still not working, just fix checked that entry. Maybe it's just an orphaned entry. That folder had been removed already. Please proceed the next step as instructed. Good luck! :thumbup2:

#11 Rogowicz

Rogowicz
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:02 PM

Posted 12 April 2009 - 04:07 PM

i cannot download the newest version of java. the link says it is broken when i try to download it. what should i do?

#12 Rogowicz

Rogowicz
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:02 PM

Posted 12 April 2009 - 04:17 PM

when i try downloading it using firefox, i get the following message


Connection Interrupted

The connection to the server was reset while the page was loading.

The network link was interrupted while negotiating a connection. Please try again.

#13 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:02 PM

Posted 12 April 2009 - 04:23 PM

Right Click Here , select save target as to your desktop.

It works for me. :thumbup2:

Let's search that file to make sure that file is around.

Please open Notepad (Start -> Run -> type notepad in the Open field -> OK), and copy and paste the text present inside the code box below:

dir C:\Documents and Settings\Milt\My Documents\?ppPatch\m?hta.exe  /a h > files.txt
notepad files.txt

Save this as search.bat. Choose to save as "All files" and place it on your desktop. It should look like this: Posted Image

Double-click search.bat on your desktop.

Notepad should open with text in it. Please post the contents of that text in your next reply.

#14 Rogowicz

Rogowicz
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:02 PM

Posted 12 April 2009 - 04:34 PM

when i tried it the 2nd way, i got another error, this time saying i couldn't download the file because the server was reset... what should i do?i tried it several times and got the same result

Edited by Rogowicz, 12 April 2009 - 04:36 PM.


#15 Rogowicz

Rogowicz
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:02 PM

Posted 12 April 2009 - 04:40 PM

i also did that search.bat and the notepad it opened was empty, the dospromt said "the system cannot find the path specified"




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users