Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Follow-up To trojan in my system


  • This topic is locked This topic is locked
2 replies to this topic

#1 tomymorgan

tomymorgan

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:55 PM

Posted 25 January 2010 - 05:47 PM

Referred from here: http://www.bleepingcomputer.com/forums/t/289839/trojan-and-virus-google-searches-being-redirected-slow-computer/ Do not know where advice to run ComboFix came from. ~ OB

This is a followup to my first post on this topic -

Hello,

I got myself a Trojan/Virus a few weeks ago and Have been trying to do everything to try and clean it up.

symptoms include Google searches being redirected, computer shutting down and comp running very sluggish .

I am a novice with any programming stuff and any help getting rid of this would be greatly appreciated !


My system is running Windows XP sp3.

I also run ZoneAlarm Firewall Suite ( includes antivirus/spyware and Forcefield)

I have tried to rid myself of this by running several programs that were recomended by others including:
Superantispyware
MalwareBytes
Combofix
Sbybot SD
and others --

But the symptoms persist . and My antispyware is still finding new viruses.

The latest being in the form of : Rootkit.Win32.TDSS.y
=================================================================


I have since run Malwarebytes- here is the log for it and Quarantine list.

ComboFix 10-01-25.01 - buddy 01/25/2010 16:21:08.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1372 [GMT -5:00]
Running from: c:\documents and settings\buddy\Desktop\ComboFix.exe
AV: ZoneAlarm Extreme Security Antivirus *On-access scanning disabled* (Updated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Extreme Security Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\_000006_.tmp.dll

Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected
Restored copy from - Kitty ate it tongue.gif
.
((((((((((((((((((((((((( Files Created from 2009-12-25 to 2010-01-25 )))))))))))))))))))))))))))))))
.

2010-01-24 11:29 . 2010-01-24 11:30 -------- d-----w- c:\program files\trend micro
2010-01-24 11:29 . 2010-01-24 11:30 -------- d-----w- C:\rsit
2010-01-24 09:24 . 2010-01-24 09:24 503808 ----a-w- c:\documents and settings\buddy\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-48937e9a-n\msvcp71.dll
2010-01-24 09:24 . 2010-01-24 09:24 499712 ----a-w- c:\documents and settings\buddy\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-48937e9a-n\jmc.dll
2010-01-24 09:24 . 2010-01-24 09:24 348160 ----a-w- c:\documents and settings\buddy\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-48937e9a-n\msvcr71.dll
2010-01-24 09:24 . 2010-01-24 09:24 61440 ----a-w- c:\documents and settings\buddy\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-110db124-n\decora-sse.dll
2010-01-24 09:24 . 2010-01-24 09:24 12800 ----a-w- c:\documents and settings\buddy\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-110db124-n\decora-d3d.dll
2010-01-24 09:19 . 2010-01-24 09:23 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-01-24 09:19 . 2010-01-24 09:19 -------- d-----w- c:\program files\NOS
2010-01-22 08:44 . 2010-01-22 08:44 54016 ----a-w- c:\windows\system32\drivers\otimlj.sys
2010-01-22 06:03 . 2010-01-22 06:03 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-20 21:34 . 2010-01-20 21:34 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-01-10 06:38 . 2010-01-10 06:47 -------- d-----w- c:\documents and settings\buddy\Application Data\FSAutoStart
2010-01-10 06:38 . 2010-01-10 06:38 -------- d-----w- c:\program files\FSAutoStart
2010-01-10 05:00 . 2010-01-10 05:15 -------- d-----w- C:\MGtools
2010-01-09 05:10 . 2010-01-09 05:11 3819182 ----a-w- C:\ComboFix.exe
2010-01-07 03:15 . 2010-01-07 03:15 -------- d-----w- c:\program files\Winamp Detect
2010-01-07 03:14 . 2010-01-07 03:42 -------- d-----w- c:\documents and settings\buddy\Application Data\Winamp
2010-01-07 03:14 . 2010-01-07 03:16 -------- d-----w- c:\program files\Winamp
2009-12-31 20:55 . 2009-12-31 20:55 52224 ----a-w- c:\documents and settings\buddy\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2009-12-31 20:55 . 2010-01-22 07:21 117760 ----a-w- c:\documents and settings\buddy\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-12-31 20:54 . 2009-12-31 20:54 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-12-31 20:54 . 2010-01-18 23:55 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-12-31 20:54 . 2009-12-31 20:54 -------- d-----w- c:\documents and settings\buddy\Application Data\SUPERAntiSpyware.com
2009-12-31 20:48 . 2009-12-31 20:48 -------- d-----w- c:\documents and settings\buddy\Application Data\Malwarebytes
2009-12-31 20:48 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-31 20:48 . 2009-12-31 20:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-12-31 20:48 . 2010-01-22 06:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-31 20:48 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-25 21:44 . 2009-10-20 08:31 236377376 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-01-25 21:35 . 2009-10-20 08:29 144 ----a-w- c:\windows\system32\pdfl.dat
2010-01-25 21:31 . 2009-10-20 08:31 3168452 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-01-25 20:39 . 2010-01-25 20:39 2785464 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2010-01-24 23:14 . 2008-10-11 15:54 -------- d-----w- c:\documents and settings\buddy\Application Data\Xfire
2010-01-24 21:17 . 2008-10-11 15:54 -------- d-----w- c:\program files\Xfire
2010-01-24 19:24 . 2008-12-01 20:08 -------- d-----w- c:\documents and settings\buddy\Application Data\uTorrent
2010-01-24 09:24 . 2008-10-12 03:19 -------- d-----w- c:\program files\Common Files\Java
2010-01-24 09:24 . 2008-10-12 03:20 -------- d-----w- c:\program files\Java
2010-01-24 06:29 . 2004-08-04 12:00 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-01-22 15:05 . 2008-10-11 16:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-01-22 02:04 . 2009-01-26 01:07 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-11 11:58 . 2009-07-22 06:44 -------- d-----w- c:\program files\Google
2010-01-07 22:31 . 2010-01-07 22:32 2365440 ----a-w- c:\windows\Internet Logs\xDBE.tmp
2010-01-07 22:31 . 2010-01-07 22:32 2810368 ----a-w- c:\windows\Internet Logs\xDBD.tmp
2010-01-01 23:52 . 2010-01-01 23:53 3459072 ----a-w- c:\windows\Internet Logs\xDBC.tmp
2009-12-31 20:53 . 2008-12-19 05:36 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-31 07:47 . 2008-10-11 16:56 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-31 05:37 . 2009-12-04 02:46 138384 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-12-31 05:36 . 2008-10-11 17:35 215128 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-12-31 00:14 . 2008-10-11 17:05 -------- d-----w- c:\program files\CCleaner
2009-12-22 23:59 . 2009-12-22 23:59 41872 ----a-w- c:\windows\system32\xfcodec.dll
2009-12-22 02:23 . 2008-10-27 23:28 -------- d-----w- c:\program files\DivX
2009-12-22 02:23 . 2009-12-22 02:22 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-12-21 19:14 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-17 22:14 . 2008-12-16 11:18 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-15 07:15 . 2009-12-15 07:39 2270720 ----a-w- c:\windows\Internet Logs\xDBB.tmp
2009-12-12 23:01 . 2008-10-11 18:10 -------- d-----w- c:\documents and settings\buddy\Application Data\Skype
2009-12-12 21:06 . 2008-10-11 18:11 -------- d-----w- c:\documents and settings\buddy\Application Data\skypePM
2009-12-05 21:26 . 2009-12-05 21:26 2221568 ----a-w- c:\windows\Internet Logs\xDBA.tmp
2009-12-04 02:54 . 2008-10-11 17:35 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-12-04 02:46 . 2009-09-29 20:04 22328 ----a-w- c:\documents and settings\buddy\Application Data\PnkBstrK.sys
2009-12-04 02:46 . 2009-09-29 20:04 22328 ----a-w- c:\documents and settings\buddy\Application Data\PnkBstrK.sys
2009-12-04 02:46 . 2009-12-04 02:46 674600 ----a-w- c:\windows\system32\pbsvc- old.exe
2009-12-04 02:26 . 2009-12-04 02:27 2854912 ----a-w- c:\windows\Internet Logs\xDB9.tmp
2009-11-30 20:21 . 2009-11-30 20:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Citrix
2009-11-30 20:20 . 2009-11-30 20:20 -------- d-----w- c:\program files\Citrix
2009-11-30 20:20 . 2009-11-30 20:20 61224 ----a-w- c:\documents and settings\buddy\GoToAssistDownloadHelper.exe
2009-11-30 17:17 . 2009-11-30 17:17 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2009-11-30 17:17 . 2009-11-30 17:17 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2009-11-30 17:17 . 2009-11-30 17:17 -------- d-----w- c:\program files\OpenAL
2009-11-30 17:16 . 2009-11-30 17:16 -------- d-----w- c:\program files\Common Files\Futuremark Shared
2009-11-30 17:16 . 2008-10-11 01:45 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-30 17:15 . 2009-11-30 17:15 -------- d-----w- c:\program files\Futuremark
2009-11-26 20:51 . 2009-11-26 20:51 10134 ----a-r- c:\documents and settings\buddy\Application Data\Microsoft\Installer\{20820A45-02A1-144C-21A3-A1812C5DDE23}\ARPPRODUCTICON.exe
2009-11-26 20:35 . 2009-11-26 20:37 1630208 ----a-w- c:\windows\Internet Logs\xDB8.tmp
2009-11-25 18:48 . 2009-11-25 18:49 1602560 ----a-w- c:\windows\Internet Logs\xDB7.tmp
2009-11-25 18:25 . 2009-11-25 18:25 0 ----a-w- c:\windows\ativpsrm.bin
2009-11-25 00:18 . 2009-11-25 00:19 2708480 ----a-w- c:\windows\Internet Logs\xDB5.tmp
2009-11-25 00:18 . 2009-11-25 00:19 2054144 ----a-w- c:\windows\Internet Logs\xDB6.tmp
2009-11-21 15:51 . 2004-08-04 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-20 21:49 . 2009-11-20 21:50 3341824 ----a-w- c:\windows\Internet Logs\xDB4.tmp
2009-11-14 00:47 . 2009-11-14 00:47 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-11-14 00:47 . 2009-11-14 00:47 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-11-14 00:47 . 2009-11-14 00:47 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-11-14 00:47 . 2009-11-14 00:47 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-11-14 00:47 . 2009-11-14 00:47 696320 ----a-w- c:\windows\system32\DivX.dll
2009-11-04 16:15 . 2008-10-11 02:38 4423168 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2009-11-04 15:45 . 2009-11-25 18:43 479232 ----a-w- c:\windows\system32\ATIDEMGX.dll
2009-11-04 15:44 . 2008-04-14 00:11 300032 ----a-w- c:\windows\system32\ati2dvag.dll
2009-11-04 15:29 . 2009-11-25 18:43 204800 ----a-w- c:\windows\system32\atipdlxx.dll
2009-11-04 15:29 . 2009-07-15 02:10 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2009-11-04 15:29 . 2009-11-25 18:43 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2009-11-04 15:29 . 2009-11-25 18:43 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2009-11-04 15:28 . 2009-07-15 02:09 155648 ----a-w- c:\windows\system32\ati2evxx.dll
2009-11-04 15:28 . 2009-11-25 18:43 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2009-11-04 15:27 . 2009-11-25 18:43 602112 ----a-w- c:\windows\system32\ati2evxx.exe
2009-11-04 15:26 . 2009-11-25 18:43 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2009-11-04 15:18 . 2008-04-14 00:11 3518304 ----a-w- c:\windows\system32\ati3duag.dll
2009-11-04 15:17 . 2009-11-25 18:43 13000704 ----a-w- c:\windows\system32\atioglxx.dll
2009-11-04 15:05 . 2008-04-14 00:11 2135680 ----a-w- c:\windows\system32\ativvaxx.dll
2009-11-04 15:04 . 2009-11-25 18:43 887724 ----a-w- c:\windows\system32\ativva6x.dat
2009-11-04 15:04 . 2009-11-25 18:43 3 ----a-w- c:\windows\system32\ativva5x.dat
2009-11-04 14:51 . 2009-11-25 18:43 65024 ----a-w- c:\windows\system32\atimpc32.dll
2009-11-04 14:51 . 2009-07-15 01:27 65024 ----a-w- c:\windows\system32\amdpcom32.dll
2009-11-04 14:47 . 2009-11-25 18:43 565248 ----a-w- c:\windows\system32\atikvmag.dll
2009-11-04 14:46 . 2009-11-25 18:43 45056 ----a-w- c:\windows\system32\aticalrt.dll
2009-11-04 14:46 . 2009-11-25 18:43 45056 ----a-w- c:\windows\system32\aticalcl.dll
2009-11-04 14:45 . 2009-11-25 18:43 172032 ----a-w- c:\windows\system32\atiadlxx.dll
2009-11-04 14:45 . 2009-11-25 18:43 3526656 ----a-w- c:\windows\system32\aticaldd.dll
2009-11-04 14:45 . 2009-11-25 18:43 17408 ----a-w- c:\windows\system32\atitvo32.dll
2009-11-04 14:44 . 2009-11-25 18:43 397312 ----a-w- c:\windows\system32\atiok3x2.dll
2009-11-04 14:44 . 2009-07-15 01:19 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2009-11-04 14:39 . 2008-04-14 00:11 638976 ----a-w- c:\windows\system32\ati2cqag.dll
2009-11-04 09:34 . 2008-10-11 01:39 29984 ----a-w- c:\documents and settings\buddy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-31 20:21 . 2009-06-17 02:15 256 ----a-w- c:\windows\system32\pool.bin
2009-10-31 14:44 . 2009-10-31 14:44 2895872 ----a-w- c:\windows\Internet Logs\xDB3.tmp
2009-10-31 14:39 . 2009-10-31 14:39 26694 ----a-r- c:\documents and settings\buddy\Application Data\Microsoft\Installer\{75C84C28-B112-40B2-8EE3-F452C66CF048}\BlackBerry.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2009-01-08 06:18 204248 ----a-w- c:\program files\Hotspot Shield\HssIE\HssIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-03-31 982408]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ZAFFRegisterTrustChecker"="-s" [X]
"ZAFFRegisterTrustCheckerIE"="-s" [X]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-11-30 20:20 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-09-04 17:08 935288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 09:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackBerryAutoUpdate]
2009-10-31 00:43 623960 ----a-w- c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2008-10-24 13:14 206112 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-04-02 20:11 342312 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-26 21:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2009-07-08 16:31 236016 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2004-10-14 19:42 1404928 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2009-11-04 14:52 98304 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-07-22 06:44 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"vsmon"=2 (0x2)
"RoxWatch9"=2 (0x2)
"RoxMediaDB9"=3 (0x3)
"RoxLiveShare9"=2 (0x2)
"Roxio Upnp Server 9"=2 (0x2)
"Roxio UPnP Renderer 9"=3 (0x3)
"PnkBstrB"=2 (0x2)
"PnkBstrA"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"IswSvc"=2 (0x2)
"iPod Service"=3 (0x3)
"IDriverT"=3 (0x3)
"HotspotShieldService"=2 (0x2)
"gusvc"=2 (0x2)
"gupdate1ca0a983d11f818"=2 (0x2)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\Program Files\\THQ\\Company of Heroes\\RelicCOH.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\THQ\\Company of Heroes\\RelicDownloader\\RelicDownloader.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\buddy\\Local Settings\\Application Data\\Dyyno Receiver\\DPPM.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6112:UDP"= 6112:UDP:coh
"30275:UDP"= 30275:UDP:coh
"9100:UDP"= 9100:UDP:coh
"30260:UDP"= 30260:UDP:coh

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [12/16/2009 4:26 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/16/2009 4:26 PM 74480]
R2 ISWKL;ForceField ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2/12/2009 5:12 AM 21136]
R3 icsak;icsak;c:\program files\CheckPoint\ZAForceField\AK\icsak.sys [2/12/2009 5:11 AM 54928]
S3 cpuz130;cpuz130;\??\c:\docume~1\buddy\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\buddy\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12/16/2009 4:27 PM 7408]
S4 gupdate1ca0a983d11f818;Google Update Service (gupdate1ca0a983d11f818);c:\program files\Google\Update\GoogleUpdate.exe [7/22/2009 1:47 AM 133104]
S4 IswSvc;ForceField IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [2/12/2009 5:12 AM 390536]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-01-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-01-25 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-22 06:44]

2010-01-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-22 06:47]

2010-01-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-22 06:47]
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.google.com/accounts/ServiceLogi...mp;ltmplcache=2
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\documents and settings\buddy\Application Data\Mozilla\Firefox\Profiles\8g63chsd.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=zpwhtygjntrz&scc=1&ltmpl=default&ltmplcache=2
FF - component: c:\program files\CheckPoint\ZAForceField\TrustChecker\components\MozillaExtensions.dll
FF - component: c:\program files\CheckPoint\ZAForceField\TrustChecker\components\TrustCheckerMozillaPlugin.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\documents and settings\buddy\Application Data\Mozilla\Firefox\Profiles\8g63chsd.default\extensions\NPDyyno@dyyno.com\plugins\npDyyno.dll
FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-ATICustomerCare - c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe
MSConfigStartUp-NvCplDaemon - c:\windows\system32\NvCpl.dll
MSConfigStartUp-NvMediaCenter - c:\windows\system32\NvMcTray.dll
MSConfigStartUp-nwiz - c:\program files\NVIDIA Corporation\nView\nwiz.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
MSConfigStartUp-VeohPlugin - c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-25 16:44
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-484763869-796845957-1801674531-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(860)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
c:\program files\CheckPoint\ZAForceField\AK\icsak.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

- - - - - - - > 'lsass.exe'(916)
c:\program files\CheckPoint\ZAForceField\AK\icsak.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

- - - - - - - > 'explorer.exe'(3668)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-01-25 16:46:55 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-25 21:46

Pre-Run: 400,137,785,344 bytes free
Post-Run: 400,094,130,176 bytes free

- - End Of File - - 40AEEF70619E8D857D66E717FC6B5807
=========================================================
=========================================================
==========================================================




--------- HERE IS THE QUARANTINE LIST ----------------------- *

2010-01-25 21:45:58 . 2010-01-25 21:45:58 656 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-VeohPlugin.reg.dat
2010-01-25 21:45:58 . 2010-01-25 21:45:58 622 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-SunJavaUpdateSched.reg.dat
2010-01-25 21:45:57 . 2010-01-25 21:45:57 612 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-nwiz.reg.dat
2010-01-25 21:45:57 . 2010-01-25 21:45:57 636 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-NvMediaCenter.reg.dat
2010-01-25 21:45:57 . 2010-01-25 21:45:57 612 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-NvCplDaemon.reg.dat
2010-01-25 21:45:57 . 2010-01-25 21:45:57 658 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-ATICustomerCare.reg.dat
2010-01-25 21:27:40 . 2010-01-25 22:07:24 6,466 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2010-01-25 21:11:49 . 2010-01-25 22:02:34 204 ----a-w- C:\Qoobox\Quarantine\catchme.log
2010-01-22 08:44:48 . 2010-01-22 08:44:48 54,016 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\otimlj.sys.vir
2004-08-04 12:00:00 . 2008-04-14 00:12:05 144,384 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_000006_.tmp.dll.vir
2004-08-04 12:00:00 . 2010-01-24 06:29:09 96,512 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\atapi.sys.vir
2004-08-04 12:00:00 . 2010-01-24 06:29:09 96,512 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\atapi.sys.vir_


=======================================================



ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2010/01/25 17:43
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: ACPI.sys
Image Path: ACPI.sys
Address: 0xB7F79000 Size: 187776 File Visible: - Signed: -
Status: -

Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -
Status: -

Name: afd.sys
Image Path: C:\WINDOWS\System32\drivers\afd.sys
Address: 0xAAD79000 Size: 138496 File Visible: - Signed: -
Status: -

Name: atapi.sys
Image Path: atapi.sys
Address: 0xB7F0B000 Size: 96512 File Visible: - Signed: -
Status: -

Name: ati2cqag.dll
Image Path: C:\WINDOWS\System32\ati2cqag.dll
Address: 0xBD060000 Size: 638976 File Visible: - Signed: -
Status: -

Name: ati2dvag.dll
Image Path: C:\WINDOWS\System32\ati2dvag.dll
Address: 0xBD012000 Size: 319488 File Visible: - Signed: -
Status: -

Name: ati2mtag.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
Address: 0xB72DF000 Size: 4747264 File Visible: - Signed: -
Status: -

Name: ati3duag.dll
Image Path: C:\WINDOWS\System32\ati3duag.dll
Address: 0xBD1FC000 Size: 3518464 File Visible: - Signed: -
Status: -

Name: AtiHdmi.sys
Image Path: C:\WINDOWS\system32\drivers\AtiHdmi.sys
Address: 0xAAF58000 Size: 110592 File Visible: - Signed: -
Status: -

Name: atikvmag.dll
Image Path: C:\WINDOWS\System32\atikvmag.dll
Address: 0xBD0FC000 Size: 630784 File Visible: - Signed: -
Status: -

Name: atiok3x2.dll
Image Path: C:\WINDOWS\System32\atiok3x2.dll
Address: 0xBD196000 Size: 417792 File Visible: - Signed: -
Status: -

Name: ativvaxx.dll
Image Path: C:\WINDOWS\System32\ativvaxx.dll
Address: 0xBD557000 Size: 2138112 File Visible: - Signed: -
Status: -

Name: atksgt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\atksgt.sys
Address: 0xA7971000 Size: 271872 File Visible: - Signed: -
Status: -

Name: ATMFD.DLL
Image Path: C:\WINDOWS\System32\ATMFD.DLL
Address: 0xBFFA0000 Size: 286720 File Visible: - Signed: -
Status: -

Name: audstub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\audstub.sys
Address: 0xB8751000 Size: 3072 File Visible: - Signed: -
Status: -

Name: b57xp32.sys
Image Path: C:\WINDOWS\system32\DRIVERS\b57xp32.sys
Address: 0xB7282000 Size: 132608 File Visible: - Signed: -
Status: -

Name: Beep.SYS
Image Path: C:\WINDOWS\System32\Drivers\Beep.SYS
Address: 0xB8606000 Size: 4224 File Visible: - Signed: -
Status: -

Name: BOOTVID.dll
Image Path: C:\WINDOWS\system32\BOOTVID.dll
Address: 0xB84B8000 Size: 12288 File Visible: - Signed: -
Status: -

Name: catchme.sys
Image Path: C:\DOCUME~1\buddy\LOCALS~1\Temp\catchme.sys
Address: 0xB8398000 Size: 31744 File Visible: No Signed: -
Status: -

Name: Cdfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Address: 0xB82A8000 Size: 63744 File Visible: - Signed: -
Status: -

Name: cdrom.sys
Image Path: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Address: 0xB8138000 Size: 62976 File Visible: - Signed: -
Status: -

Name: cercsr6.sys
Image Path: cercsr6.sys
Address: 0xB8338000 Size: 29120 File Visible: - Signed: -
Status: -

Name: CLASSPNP.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Address: 0xB80E8000 Size: 53248 File Visible: - Signed: -
Status: -

Name: disk.sys
Image Path: disk.sys
Address: 0xB80D8000 Size: 36352 File Visible: - Signed: -
Status: -

Name: dmio.sys
Image Path: dmio.sys
Address: 0xB7F23000 Size: 153344 File Visible: - Signed: -
Status: -

Name: dmload.sys
Image Path: dmload.sys
Address: 0xB85AC000 Size: 5888 File Visible: - Signed: -
Status: -

Name: drmk.sys
Image Path: C:\WINDOWS\system32\drivers\drmk.sys
Address: 0xB8318000 Size: 61440 File Visible: - Signed: -
Status: -

Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xAABD9000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xB8624000 Size: 8192 File Visible: No Signed: -
Status: -

Name: Dxapi.sys
Image Path: C:\WINDOWS\System32\drivers\Dxapi.sys
Address: 0xAAF3C000 Size: 12288 File Visible: - Signed: -
Status: -

Name: dxg.sys
Image Path: C:\WINDOWS\System32\drivers\dxg.sys
Address: 0xBD000000 Size: 73728 File Visible: - Signed: -
Status: -

Name: dxgthk.sys
Image Path: C:\WINDOWS\System32\drivers\dxgthk.sys
Address: 0xB8765000 Size: 4096 File Visible: - Signed: -
Status: -

Name: Fastfat.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fastfat.SYS
Address: 0xA7D44000 Size: 143744 File Visible: - Signed: -
Status: -

Name: fdc.sys
Image Path: C:\WINDOWS\system32\DRIVERS\fdc.sys
Address: 0xB8428000 Size: 27392 File Visible: - Signed: -
Status: -

Name: Fips.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fips.SYS
Address: 0xB8268000 Size: 44544 File Visible: - Signed: -
Status: -

Name: flpydisk.sys
Image Path: C:\WINDOWS\system32\DRIVERS\flpydisk.sys
Address: 0xB8470000 Size: 20480 File Visible: - Signed: -
Status: -

Name: fltmgr.sys
Image Path: fltmgr.sys
Address: 0xB7ED3000 Size: 129792 File Visible: - Signed: -
Status: -

Name: Fs_Rec.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Address: 0xB8604000 Size: 7936 File Visible: - Signed: -
Status: -

Name: ftdisk.sys
Image Path: ftdisk.sys
Address: 0xB7F49000 Size: 125056 File Visible: - Signed: -
Status: -

Name: GEARAspiWDM.sys
Image Path: C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys
Address: 0xB8158000 Size: 40960 File Visible: - Signed: -
Status: -

Name: hal.dll
Image Path: C:\WINDOWS\system32\hal.dll
Address: 0x806E4000 Size: 134400 File Visible: - Signed: -
Status: -

Name: HDAudBus.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
Address: 0xB72A3000 Size: 163840 File Visible: - Signed: -
Status: -

Name: HIDCLASS.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS
Address: 0xB8228000 Size: 36864 File Visible: - Signed: -
Status: -

Name: HIDPARSE.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS
Address: 0xB8478000 Size: 28672 File Visible: - Signed: -
Status: -

Name: hidusb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\hidusb.sys
Address: 0xB856C000 Size: 10368 File Visible: - Signed: -
Status: -

Name: HTTP.sys
Image Path: C:\WINDOWS\System32\Drivers\HTTP.sys
Address: 0xA7546000 Size: 265728 File Visible: - Signed: -
Status: -

Name: icsak.sys
Image Path: C:\Program Files\CheckPoint\ZAForceField\AK\icsak.sys
Address: 0xA79F4000 Size: 65536 File Visible: - Signed: -
Status: -

Name: imapi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\imapi.sys
Address: 0xB8128000 Size: 42112 File Visible: - Signed: -
Status: -

Name: intelppm.sys
Image Path: C:\WINDOWS\system32\DRIVERS\intelppm.sys
Address: 0xB8308000 Size: 36352 File Visible: - Signed: -
Status: -

Name: ipnat.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipnat.sys
Address: 0xAAE06000 Size: 152832 File Visible: - Signed: -
Status: -

Name: ipsec.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipsec.sys
Address: 0xAAED5000 Size: 75264 File Visible: - Signed: -
Status: -

Name: isapnp.sys
Image Path: isapnp.sys
Address: 0xB80A8000 Size: 37248 File Visible: - Signed: -
Status: -

Name: ISWKL.sys
Image Path: C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
Address: 0xB8370000 Size: 28672 File Visible: - Signed: -
Status: -

Name: kbdclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Address: 0xB8458000 Size: 24576 File Visible: - Signed: -
Status: -

Name: kbdhid.sys
Image Path: C:\WINDOWS\system32\DRIVERS\kbdhid.sys
Address: 0xB8578000 Size: 14592 File Visible: - Signed: -
Status: -

Name: KDCOM.DLL
Image Path: C:\WINDOWS\system32\KDCOM.DLL
Address: 0xB85A8000 Size: 8192 File Visible: - Signed: -
Status: -

Name: klif.sys
Image Path: C:\WINDOWS\System32\DRIVERS\klif.sys
Address: 0xAAF08000 Size: 163840 File Visible: - Signed: -
Status: -

Name: kmixer.sys
Image Path: C:\WINDOWS\system32\drivers\kmixer.sys
Address: 0xA7074000 Size: 172416 File Visible: - Signed: -
Status: -

Name: ks.sys
Image Path: C:\WINDOWS\system32\drivers\ks.sys
Address: 0xB71D7000 Size: 143360 File Visible: - Signed: -
Status: -

Name: KSecDD.sys
Image Path: KSecDD.sys
Address: 0xB7EAA000 Size: 92928 File Visible: - Signed: -
Status: -

Name: lirsgt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\lirsgt.sys
Address: 0xB83B8000 Size: 18048 File Visible: - Signed: -
Status: -

Name: mnmdd.SYS
Image Path: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Address: 0xB8608000 Size: 4224 File Visible: - Signed: -
Status: -

Name: Modem.SYS
Image Path: C:\WINDOWS\System32\Drivers\Modem.SYS
Address: 0xB8430000 Size: 30080 File Visible: - Signed: -
Status: -

Name: mouclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mouclass.sys
Address: 0xB8460000 Size: 23040 File Visible: - Signed: -
Status: -

Name: mouhid.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mouhid.sys
Address: 0xB8598000 Size: 12160 File Visible: - Signed: -
Status: -

Name: MountMgr.sys
Image Path: MountMgr.sys
Address: 0xB80B8000 Size: 42368 File Visible: - Signed: -
Status: -

Name: mrxdav.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mrxdav.sys
Address: 0xA7A54000 Size: 180608 File Visible: - Signed: -
Status: -

Name: mrxsmb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Address: 0xAACB9000 Size: 455296 File Visible: - Signed: -
Status: -

Name: Msfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Msfs.SYS
Address: 0xB8490000 Size: 19072 File Visible: - Signed: -
Status: -

Name: msgpc.sys
Image Path: C:\WINDOWS\system32\DRIVERS\msgpc.sys
Address: 0xB8198000 Size: 35072 File Visible: - Signed: -
Status: -

Name: mssmbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Address: 0xB777E000 Size: 15488 File Visible: - Signed: -
Status: -

Name: Mup.sys
Image Path: Mup.sys
Address: 0xB7DC2000 Size: 105344 File Visible: - Signed: -
Status: -

Name: NDIS.sys
Image Path: NDIS.sys
Address: 0xB7DF0000 Size: 182656 File Visible: - Signed: -
Status: -

Name: ndistapi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Address: 0xB853C000 Size: 10112 File Visible: - Signed: -
Status: -

Name: ndisuio.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndisuio.sys
Address: 0xA80B0000 Size: 14592 File Visible: - Signed: -
Status: -

Name: ndiswan.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Address: 0xB70F9000 Size: 91520 File Visible: - Signed: -
Status: -

Name: NDProxy.SYS
Image Path: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Address: 0xB81E8000 Size: 40576 File Visible: - Signed: -
Status: -

Name: netbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbios.sys
Address: 0xB8258000 Size: 34688 File Visible: - Signed: -
Status: -

Name: netbt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbt.sys
Address: 0xAAE2C000 Size: 162816 File Visible: - Signed: -
Status: -

Name: Npfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Npfs.SYS
Address: 0xB8498000 Size: 30848 File Visible: - Signed: -
Status: -

Name: Ntfs.sys
Image Path: Ntfs.sys
Address: 0xB7E1D000 Size: 574976 File Visible: - Signed: -
Status: -

Name: ntkrnlpa.exe
Image Path: C:\WINDOWS\system32\ntkrnlpa.exe
Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -
Status: -

Name: Null.SYS
Image Path: C:\WINDOWS\System32\Drivers\Null.SYS
Address: 0xB86A5000 Size: 2944 File Visible: - Signed: -
Status: -

Name: parport.sys
Image Path: C:\WINDOWS\system32\DRIVERS\parport.sys
Address: 0xB7110000 Size: 80128 File Visible: - Signed: -
Status: -

Name: PartMgr.sys
Image Path: PartMgr.sys
Address: 0xB8330000 Size: 19712 File Visible: - Signed: -
Status: -

Name: ParVdm.SYS
Image Path: C:\WINDOWS\System32\Drivers\ParVdm.SYS
Address: 0xB866E000 Size: 6784 File Visible: - Signed: -
Status: -

Name: pci.sys
Image Path: pci.sys
Address: 0xB7F68000 Size: 68224 File Visible: - Signed: -
Status: -

Name: pciide.sys
Image Path: pciide.sys
Address: 0xB8670000 Size: 3328 File Visible: - Signed: -
Status: -

Name: PCIIDEX.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Address: 0xB8328000 Size: 28672 File Visible: - Signed: -
Status: -

Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -
Status: -

Name: portcls.sys
Image Path: C:\WINDOWS\system32\drivers\portcls.sys
Address: 0xB71FA000 Size: 147456 File Visible: - Signed: -
Status: -

Name: PROCEXP113.SYS
Image Path: C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
Address: 0xB8642000 Size: 7872 File Visible: No Signed: -
Status: -

Name: psched.sys
Image Path: C:\WINDOWS\system32\DRIVERS\psched.sys
Address: 0xB70E8000 Size: 69120 File Visible: - Signed: -
Status: -

Name: ptilink.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ptilink.sys
Address: 0xB8440000 Size: 17792 File Visible: - Signed: -
Status: -

Name: PxHelp20.sys
Image Path: PxHelp20.sys
Address: 0xB80F8000 Size: 37376 File Visible: - Signed: -
Status: -

Name: rasacd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasacd.sys
Address: 0xB857C000 Size: 8832 File Visible: - Signed: -
Status: -

Name: rasl2tp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Address: 0xB8168000 Size: 51328 File Visible: - Signed: -
Status: -

Name: raspppoe.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Address: 0xB8178000 Size: 41472 File Visible: - Signed: -
Status: -

Name: raspptp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspptp.sys
Address: 0xB8188000 Size: 48384 File Visible: - Signed: -
Status: -

Name: raspti.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspti.sys
Address: 0xB8448000 Size: 16512 File Visible: - Signed: -
Status: -

Name: RAW
Image Path: \FileSystem\RAW
Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -
Status: -

Name: rdbss.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rdbss.sys
Address: 0xAAD29000 Size: 175744 File Visible: - Signed: -
Status: -

Name: RDPCDD.sys
Image Path: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Address: 0xB860A000 Size: 4224 File Visible: - Signed: -
Status: -

Name: rdpdr.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rdpdr.sys
Address: 0xB70B8000 Size: 196224 File Visible: - Signed: -
Status: -

Name: redbook.sys
Image Path: C:\WINDOWS\system32\DRIVERS\redbook.sys
Address: 0xB8148000 Size: 57600 File Visible: - Signed: -
Status: -

Name: RimSerial.sys
Image Path: C:\WINDOWS\system32\DRIVERS\RimSerial.sys
Address: 0xB8450000 Size: 27136 File Visible: - Signed: -
Status: -

Name: RootMdm.sys
Image Path: C:\WINDOWS\System32\Drivers\RootMdm.sys
Address: 0xB85FC000 Size: 5888 File Visible: - Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA7140000 Size: 49152 File Visible: No Signed: -
Status: -

Name: SASDIFSV.SYS
Image Path: C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
Address: 0xB84A8000 Size: 24576 File Visible: - Signed: -
Status: -

Name: SASKUTIL.sys
Image Path: C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
Address: 0xAAD54000 Size: 151552 File Visible: - Signed: -
Status: -

Name: SCSIPORT.SYS
Image Path: C:\WINDOWS\System32\Drivers\SCSIPORT.SYS
Address: 0xB7EF3000 Size: 98304 File Visible: - Signed: -
Status: -

Name: senfilt.sys
Image Path: C:\WINDOWS\system32\drivers\senfilt.sys
Address: 0xB7124000 Size: 732928 File Visible: - Signed: -
Status: -

Name: serenum.sys
Image Path: C:\WINDOWS\system32\DRIVERS\serenum.sys
Address: 0xB7D6D000 Size: 15744 File Visible: - Signed: -
Status: -

Name: serial.sys
Image Path: C:\WINDOWS\system32\DRIVERS\serial.sys
Address: 0xB8118000 Size: 64512 File Visible: - Signed: -
Status: -

Name: smwdm.sys
Image Path: C:\WINDOWS\system32\drivers\smwdm.sys
Address: 0xB721E000 Size: 260352 File Visible: - Signed: -
Status: -

Name: sr.sys
Image Path: sr.sys
Address: 0xB7EC1000 Size: 73472 File Visible: - Signed: -
Status: -

Name: srescan.sys
Image Path: srescan.sys
Address: 0xB7DDC000 Size: 81920 File Visible: No Signed: -
Status: -

Name: srv.sys
Image Path: C:\WINDOWS\system32\DRIVERS\srv.sys
Address: 0xA78F7000 Size: 333952 File Visible: - Signed: -
Status: -

Name: swenum.sys
Image Path: C:\WINDOWS\system32\DRIVERS\swenum.sys
Address: 0xB85FE000 Size: 4352 File Visible: - Signed: -
Status: -

Name: sysaudio.sys
Image Path: C:\WINDOWS\system32\drivers\sysaudio.sys
Address: 0xA7D78000 Size: 60800 File Visible: - Signed: -
Status: -

Name: tapvpn.sys
Image Path: C:\WINDOWS\system32\DRIVERS\tapvpn.sys
Address: 0xB81A8000 Size: 45056 File Visible: - Signed: -
Status: -

Name: tcpip.sys
Image Path: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Address: 0xAAE7C000 Size: 361600 File Visible: - Signed: -
Status: -

Name: TDI.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\TDI.SYS
Address: 0xB8438000 Size: 20480 File Visible: - Signed: -
Status: -

Name: termdd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\termdd.sys
Address: 0xB81B8000 Size: 40704 File Visible: - Signed: -
Status: -

Name: update.sys
Image Path: C:\WINDOWS\system32\DRIVERS\update.sys
Address: 0xB705A000 Size: 384768 File Visible: - Signed: -
Status: -

Name: USBD.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBD.SYS
Address: 0xB8602000 Size: 8192 File Visible: - Signed: -
Status: -

Name: usbehci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Address: 0xB8420000 Size: 30208 File Visible: - Signed: -
Status: -

Name: usbhub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbhub.sys
Address: 0xB8208000 Size: 59520 File Visible: - Signed: -
Status: -

Name: USBPORT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS
Address: 0xB725E000 Size: 147456 File Visible: - Signed: -
Status: -

Name: usbuhci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Address: 0xB8418000 Size: 20608 File Visible: - Signed: -
Status: -

Name: vga.sys
Image Path: C:\WINDOWS\System32\drivers\vga.sys
Address: 0xB8488000 Size: 20992 File Visible: - Signed: -
Status: -

Name: VIDEOPRT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Address: 0xB72CB000 Size: 81920 File Visible: - Signed: -
Status: -

Name: VolSnap.sys
Image Path: VolSnap.sys
Address: 0xB80C8000 Size: 52352 File Visible: - Signed: -
Status: -

Name: vsdatant.sys
Image Path: C:\WINDOWS\System32\vsdatant.sys
Address: 0xAAD9B000 Size: 438272 File Visible: - Signed: -
Status: -

Name: wanarp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\wanarp.sys
Address: 0xB8248000 Size: 34560 File Visible: - Signed: -
Status: -

Name: watchdog.sys
Image Path: C:\WINDOWS\System32\watchdog.sys
Address: 0xB8378000 Size: 20480 File Visible: - Signed: -
Status: -

Name: wdmaud.sys
Image Path: C:\WINDOWS\system32\drivers\wdmaud.sys
Address: 0xA7BEF000 Size: 83072 File Visible: - Signed: -
Status: -

Name: Win32k
Image Path: \Driver\Win32k
Address: 0xBF800000 Size: 1851392 File Visible: - Signed: -
Status: -

Name: win32k.sys
Image Path: C:\WINDOWS\System32\win32k.sys
Address: 0xBF800000 Size: 1851392 File Visible: - Signed: -
Status: -

Name: WMILIB.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\WMILIB.SYS
Address: 0xB85AA000 Size: 8192 File Visible: - Signed: -
Status: -

Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -
Status: -

========================================================


DDS (Ver_09-12-01.01) - NTFSx86
Run by buddy at 17:45:07.03 on Mon 01/25/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1499 [GMT -5:00]

AV: ZoneAlarm Extreme Security Antivirus *On-access scanning disabled* (Updated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Extreme Security Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe
C:\Documents and Settings\buddy\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = https://www.google.com/accounts/ServiceLogi...mp;ltmplcache=2
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: ForceField Toolbar Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - c:\program files\hotspot shield\hssie\HssIE.dll
TB: {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - No File
TB: ForceField Toolbar: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRunOnce: [RunNarrator] Narrator.exe
dRunOnce: [ZAFFRegisterTrustChecker] "c:\windows\system32\regsvr32.exe" -s "c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustChecker.dll"
dRunOnce: [ZAFFRegisterTrustCheckerIE] "c:\windows\system32\regsvr32.exe" -s "c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll"
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1223918520015
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\buddy\applic~1\mozilla\firefox\profiles\8g63chsd.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=zpwhtygjntrz&scc=1&ltmpl=default&ltmplcache=2
FF - component: c:\program files\checkpoint\zaforcefield\trustchecker\components\MozillaExtensions.dll
FF - component: c:\program files\checkpoint\zaforcefield\trustchecker\components\TrustCheckerMozillaPlugin.dll
FF - plugin: c:\documents and settings\buddy\application data\mozilla\firefox\profiles\8g63chsd.default\extensions\npdyyno@dyyno.com\plugins\npDyyno.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1636.7222\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 KLIF;KLIF;c:\windows\system32\drivers\klif.sys [2009-10-20 150544]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-12-16 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-12-16 74480]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2009-10-20 353672]
R2 ISWKL;ForceField ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2009-2-12 21136]
R3 icsak;icsak;c:\program files\checkpoint\zaforcefield\ak\icsak.sys [2009-2-12 54928]
S2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
S3 cpuz130;cpuz130;\??\c:\docume~1\buddy\locals~1\temp\cpuz130\cpuz_x32.sys --> c:\docume~1\buddy\locals~1\temp\cpuz130\cpuz_x32.sys [?]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-12-16 7408]
S4 gupdate1ca0a983d11f818;Google Update Service (gupdate1ca0a983d11f818);c:\program files\google\update\GoogleUpdate.exe [2009-7-22 133104]
S4 IswSvc;ForceField IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2009-2-12 390536]

=============== Created Last 30 ================

2010-01-25 21:49:38 0 d-sha-r- C:\cmdcons
2010-01-25 21:12:07 98816 ----a-w- c:\windows\sed.exe
2010-01-25 21:12:07 77312 ----a-w- c:\windows\MBR.exe
2010-01-25 21:12:07 261632 ----a-w- c:\windows\PEV.exe
2010-01-25 21:12:07 161792 ----a-w- c:\windows\SWREG.exe
2010-01-24 11:29:59 0 d-----w- c:\program files\trend micro
2010-01-10 06:38:19 0 d-----w- c:\program files\FSAutoStart
2010-01-10 06:38:19 0 d-----w- c:\docume~1\buddy\applic~1\FSAutoStart
2010-01-10 05:00:03 0 d-----w- C:\MGtools
2010-01-09 05:10:41 3819182 ----a-w- C:\ComboFix.exe
2010-01-07 03:15:05 0 d-----w- c:\program files\Winamp Detect
2009-12-31 20:54:23 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-12-31 20:54:04 0 d-----w- c:\program files\SUPERAntiSpyware
2009-12-31 20:54:03 0 d-----w- c:\docume~1\buddy\applic~1\SUPERAntiSpyware.com
2009-12-31 20:48:51 0 d-----w- c:\docume~1\buddy\applic~1\Malwarebytes
2009-12-31 20:48:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-31 20:48:21 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-12-31 20:48:08 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-31 20:48:08 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

==================== Find3M ====================

2010-01-25 21:54:45 237531424 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-01-25 21:31:16 3168452 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-01-24 06:29:09 96512 ------w- c:\windows\system32\drivers\atapi.sys
2009-12-31 05:37:22 138384 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-12-31 05:36:16 215128 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-12-22 23:59:32 41872 ----a-w- c:\windows\system32\xfcodec.dll
2009-12-21 19:14:05 916480 ------w- c:\windows\system32\wininet.dll
2009-12-17 22:14:00 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-04 02:54:28 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-12-04 02:46:49 22328 ----a-w- c:\docume~1\buddy\applic~1\PnkBstrK.sys
2009-12-04 02:46:27 674600 ----a-w- c:\windows\system32\pbsvc- old.exe
2009-11-30 20:20:45 61224 ----a-w- c:\documents and settings\buddy\GoToAssistDownloadHelper.exe
2009-11-30 17:17:47 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2009-11-30 17:17:47 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2009-11-14 00:47:32 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-11-14 00:47:28 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-11-14 00:47:28 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-11-14 00:47:28 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-11-14 00:47:28 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-11-14 00:47:28 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-11-14 00:47:28 696320 ----a-w- c:\windows\system32\DivX.dll
2009-11-04 15:45:14 479232 ----a-w- c:\windows\system32\ATIDEMGX.dll
2009-11-04 15:44:14 300032 ----a-w- c:\windows\system32\ati2dvag.dll
2009-11-04 15:29:44 204800 ----a-w- c:\windows\system32\atipdlxx.dll
2009-11-04 15:29:28 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2009-11-04 15:29:16 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2009-11-04 15:29:08 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2009-11-04 15:28:54 155648 ----a-w- c:\windows\system32\ati2evxx.dll
2009-11-04 15:28:16 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2009-11-04 15:27:40 602112 ----a-w- c:\windows\system32\ati2evxx.exe
2009-11-04 15:26:18 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2009-11-04 15:18:50 3518304 ----a-w- c:\windows\system32\ati3duag.dll
2009-11-04 15:17:48 13000704 ----a-w- c:\windows\system32\atioglxx.dll
2009-11-04 15:05:10 2135680 ----a-w- c:\windows\system32\ativvaxx.dll
2009-11-04 15:04:46 887724 ----a-w- c:\windows\system32\ativva6x.dat
2009-11-04 14:51:08 65024 ----a-w- c:\windows\system32\atimpc32.dll
2009-11-04 14:51:08 65024 ----a-w- c:\windows\system32\amdpcom32.dll
2009-11-04 14:47:16 565248 ----a-w- c:\windows\system32\atikvmag.dll
2009-11-04 14:46:58 45056 ----a-w- c:\windows\system32\aticalrt.dll
2009-11-04 14:46:44 45056 ----a-w- c:\windows\system32\aticalcl.dll
2009-11-04 14:45:30 172032 ----a-w- c:\windows\system32\atiadlxx.dll
2009-11-04 14:45:08 3526656 ----a-w- c:\windows\system32\aticaldd.dll
2009-11-04 14:45:04 17408 ----a-w- c:\windows\system32\atitvo32.dll
2009-11-04 14:44:48 397312 ----a-w- c:\windows\system32\atiok3x2.dll
2009-11-04 14:39:26 638976 ----a-w- c:\windows\system32\ati2cqag.dll

============= FINISH: 17:45:33.03 ===============




UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 10/10/2008 9:37:03 PM
System Uptime: 1/25/2010 4:57:38 PM (1 hours ago)

Motherboard: Dell Inc. | | 0F8101
Processor: Intel® Pentium® D CPU 3.20GHz | Microprocessor | 3192/800mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 466 GiB total, 372.6 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 1/25/2010 4:12:06 PM - System Checkpoint

==== Installed Programs ======================

µTorrent
3DMark06
AAC Decoder
Acrobat.com
Adobe AIR
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.2
Adobe Shockwave Player 11
Apple Mobile Device Support
Apple Software Update
Assassin's Creed
ATI Catalyst Install Manager
ATI Display Driver
AutoUpdate
Battlefield 2™
Battlefield 2: Special Forces
BlackBerry Desktop Software 5.0.1
BlackBerry Device Software v4.5.0 for the BlackBerry 8320 smartphone
BlackBerry Device Software v4.6.1 for the BlackBerry 8900 smartphone
BlackBerry Media Sync
BlackBerry® Media Sync
Bonjour
Broadcom Gigabit Integrated Controller
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center HydraVision Full
Catalyst Control Center InstallProxy
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help English
CCleaner
Company of Heroes
Company of Heroes - FAKEMSI
Critical Update for Windows Media Player 11 (KB959772)
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Plus Web Player
DivX Version Checker
Driver Sweeper 2.0.5
Fallout 3
FSAutoStart
Futuremark SystemInfo
Google Earth
Google Update Helper
Google Updater
GoToAssist 8.0.0.514
H.264 Decoder
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotspot Shield 1.10
iTunes
J2SE Runtime Environment 5.0 Update 3
Java Auto Updater
Java™ 6 Update 18
Java™ 6 Update 7
LimeWire PRO 4.12.11
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Games for Windows - LIVE Redistributable
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft XML Parser
MKV Splitter
Mozilla Firefox (3.6)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB925673)
OpenAL
PunkBuster Services
QuickTime
Roxio Media Manager
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Skype web features
Skypeâ„¢ 4.1
SoundMAX
Spelling Dictionaries Support For Adobe Reader 9
Spybot - Search & Destroy
SUPERAntiSpyware Free Edition
TeamSpeak 2 RC2
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC 9.0 Runtime
VC80CRTRedist - 8.0.50727.4053
Ventrilo Client
VideoLAN VLC media player 0.8.6
WebFldrs XP
Winamp
Winamp Application Detect
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows System Scanner
Windows XP Service Pack 3
WinRAR archiver
Xfire (remove only)
XML Paper Specification Shared Components Pack 1.0
ZoneAlarm Extreme Security

==== Event Viewer Messages From Past Week ========

1/25/2010 4:58:58 PM, error: System Error [1003] - Error code 100000d1, parameter1 b83492a4, parameter2 000000ff, parameter3 00000008, parameter4 b83492a4.
1/25/2010 4:18:00 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Google Software Updater service to connect.
1/23/2010 7:38:55 AM, error: Service Control Manager [7000] - The ATI Smart service failed to start due to the following error: The system cannot find the file specified.
1/23/2010 7:38:53 AM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
1/23/2010 7:38:53 AM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
1/23/2010 6:27:07 PM, information: Windows File Protection [64004] - The protected system file atapi.sys could not be restored to its original, valid version. The file version of the bad file is unknown The specific error code is 0x000003e3 [The I/O operation has been aborted because of either a thread exit or an application request. ].
1/23/2010 6:26:53 PM, information: Windows File Protection [64004] - The protected system file atapi.sys could not be restored to its original, valid version. The file version of the bad file is unknown The specific error code is 0x00000000 [The operation completed successfully. ].
1/23/2010 6:26:47 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file atapi.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.
1/22/2010 12:44:49 AM, error: Service Control Manager [7034] - The Terminal Services service terminated unexpectedly. It has done this 1 time(s).
1/22/2010 12:44:49 AM, error: Service Control Manager [7031] - The DCOM Server Process Launcher service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
1/19/2010 3:54:12 AM, error: Service Control Manager [7000] - The SASDIFSV service failed to start due to the following error: Cannot create a file when that file already exists.

==== End Of File ===========================

Also wanted to add that since i have just run COMBOFIX

the Google search rerouting symptoms seem to have dissappeared

When i said at the begining of this post that i ran MALWAREBYTES - I meant to say COMBOFIX..

all these programs are mixxing me up ..


===========

Hello

While we understand your frustration at having to wait, please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large as are other comparable sites that help others with malware issues. Although our HJT Team members work on hundreds of requests each day, they are all volunteers who work logs when they can and are able to do so. No one is paid by Bleeping Computer for their assistance to our members.

Further, our malware removal staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Although we try to take DDS/HJT logs in order (starting with the oldest), it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In either case, neither of us want someone to assist you who is not familiar with your issue and attempt to fix it.

We ask that once you have posted your log and are waiting, please DO NOT "bump" your thread or make further replies until it has been responded to by a member of the HJT Team. The reason we ask this or do not respond to your requests is because that would remove you from the active queue that Techs and Staff have access to. The malware staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response, there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

That is why I have made an edit to your last post, instead of a reply. Please do not multiple post here, as that only pushes you further down the queue and causes confusion to the staff.

Please be patient. It may take several days, up to more than a week, perhaps less, to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

Thank you for understanding.

Elise - forum moderator


update :

My ZoneAlarm keeps notifying me that : GoogleUpdate.exe is a malicious program trying to run ..



I was told not to Make nay deletions of any programs until I have been advised by a tech . So i will leave it alone until i have been instructed to do otherwise.

Fortunately it seems that at least Zonealarm is preventing it from executing..

--

Edited by garmanma, 29 January 2010 - 02:25 PM.


BC AdBot (Login to Remove)

 


#2 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:55 PM

Posted 01 February 2010 - 07:02 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS or GMER log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

Also, please subscribe to this topic, so you are notified when someone replies. Please continue to check manually on occasion, as every now and then the email may be caught by your spam filter.
To enable topic notifications you should do the following:
  1. Click on the My Controls link at the top of the page to enter your control panel.
  2. Scroll down to the Options category in the left hand side menu bar and click on the Email Settings link.
  3. Put a checkmark in the checkbox labeled Enable 'Email Notification' by default?.
  4. Set the If ticked, choose default type: menu option to Immediate Email Notification to have an email sent immediately when someone replied.

Information on A/V control HERE


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#3 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:12:55 AM

Posted 07 February 2010 - 05:45 PM

Due to the lack of feedback, this topic is now closed.
If you need this topic reopened, please PM a staff member and we will reopen it for you (include the address of this thread in your request). This applies to the original topic starter only. Everyone else with similar problems, please start a new topic.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users