Jump to content

oneafter909

Members
 View Profile  See their activity

  • Posts

    10

  • Joined

  • Last visited

 Content Type 

Everything posted by oneafter909

  1. oneafter909
    Thank you so much! I will follow all of those last instructions and I'll definitely make sure I'm better prepared next time. Again, thanks so much for all your help, it was really getting frustrating since I'm required to use my computer so much so you really have done a brilliant job.
  2. oneafter909
    Here's the combofix log: ComboFix 11-05-01.04 - EVAN 03/05/2011 0:12.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3583.3024 [GMT 10:00] Running from: d:\firefox downloads\ComboFix.exe Command switches used :: c:\documents and settings\EVAN\Desktop\CFScript.txt FW: Norton Internet Security *Enabled* {825036E0-9F94-4752-8789-8B92454AF49B} . FILE :: "c:\documents and settings\EVAN\Application Data\116.bat" "c:\documents and settings\EVAN\Application Data\1555.bat" "c:\documents and settings\EVAN\Application Data\1907.bat" "c:\documents and settings\EVAN\Application Data\2153.bat" "c:\documents and settings\EVAN\Application Data\2425.bat" "c:\documents and settings\EVAN\Application Data\2699.bat" "c:\documents and settings\EVAN\Application Data\272.bat" "c:\documents and settings\EVAN\Application Data\2830.bat" "c:\documents and settings\EVAN\Application Data\2834.bat" "c:\documents and settings\EVAN\Application Data\2845.bat" "c:\documents and settings\EVAN\Application Data\3203.bat" "c:\documents and settings\EVAN\Application Data\3967.bat" "c:\documents and settings\EVAN\Application Data\4014.bat" "c:\documents and settings\EVAN\Application Data\408.bat" "c:\documents and settings\EVAN\Application Data\4280.bat" "c:\documents and settings\EVAN\Application Data\4303.bat" "c:\documents and settings\EVAN\Application Data\4401.bat" "c:\documents and settings\EVAN\Application Data\4658.bat" "c:\documents and settings\EVAN\Application Data\4722.bat" "c:\documents and settings\EVAN\Application Data\494.bat" "c:\documents and settings\EVAN\Application Data\5673.bat" "c:\documents and settings\EVAN\Application Data\5889.bat" "c:\documents and settings\EVAN\Application Data\5961.bat" "c:\documents and settings\EVAN\Application Data\608.bat" "c:\documents and settings\EVAN\Application Data\6293.bat" "c:\documents and settings\EVAN\Application Data\6575.bat" "c:\documents and settings\EVAN\Application Data\7014.bat" "c:\documents and settings\EVAN\Application Data\7083.bat" "c:\documents and settings\EVAN\Application Data\7149.bat" "c:\documents and settings\EVAN\Application Data\7236.bat" "c:\documents and settings\EVAN\Application Data\7257.bat" "c:\documents and settings\EVAN\Application Data\7265.bat" "c:\documents and settings\EVAN\Application Data\7427.bat" "c:\documents and settings\EVAN\Application Data\7481.bat" "c:\documents and settings\EVAN\Application Data\8044.bat" "c:\documents and settings\EVAN\Application Data\904.bat" "c:\documents and settings\EVAN\Application Data\9604.bat" "c:\documents and settings\EVAN\Application Data\9855.bat" "c:\documents and settings\EVAN\Application Data\bd8lm.js" "c:\documents and settings\EVAN\Application Data\BeLVMi3.js" "c:\documents and settings\EVAN\Application Data\D2tvUv.js" "c:\documents and settings\EVAN\Application Data\DDlaz.js" "c:\documents and settings\EVAN\Application Data\f5lvogZO.js" "c:\documents and settings\EVAN\Application Data\fKiuQrs.js" "c:\documents and settings\EVAN\Application Data\giFjbR.js" "c:\documents and settings\EVAN\Application Data\GNdSRSl92.js" "c:\documents and settings\EVAN\Application Data\GqC6bmQ.js" "c:\documents and settings\EVAN\Application Data\h44DWNpot.js" "c:\documents and settings\EVAN\Application Data\IIMTLnoZ.js" "c:\documents and settings\EVAN\Application Data\J56C1.js" "c:\documents and settings\EVAN\Application Data\kbhIYv.js" "c:\documents and settings\EVAN\Application Data\lNCGu.js" "c:\documents and settings\EVAN\Application Data\mUe1YJ6.js" "c:\documents and settings\EVAN\Application Data\NpRh9bX7w.js" "c:\documents and settings\EVAN\Application Data\oOKy1ulmg.js" "c:\documents and settings\EVAN\Application Data\OQ99p.js" "c:\documents and settings\EVAN\Application Data\PehZZyryP.js" "c:\documents and settings\EVAN\Application Data\PiMHiR8S.js" "c:\documents and settings\EVAN\Application Data\qqzUE.js" "c:\documents and settings\EVAN\Application Data\R2MbbYzjU.js" "c:\documents and settings\EVAN\Application Data\SEdgTtg8SZ.js" "c:\documents and settings\EVAN\Application Data\SPd8FJa0.js" "c:\documents and settings\EVAN\Application Data\SQiStbP.js" "c:\documents and settings\EVAN\Application Data\tcbZ16.js" "c:\documents and settings\EVAN\Application Data\ucQQjxqLJC.js" "c:\documents and settings\EVAN\Application Data\uFuNGVV.js" "c:\documents and settings\EVAN\Application Data\UhviGuEejB.js" "c:\documents and settings\EVAN\Application Data\uvpPgqKw9C.js" "c:\documents and settings\EVAN\Application Data\wyzUICx.js" "c:\documents and settings\EVAN\Application Data\XpA9aGI.js" "c:\documents and settings\EVAN\Application Data\XSVuk.js" "c:\documents and settings\EVAN\Application Data\xuoqEsG3x.js" "c:\documents and settings\EVAN\Application Data\yKRZaW4ITJ.js" "c:\documents and settings\EVAN\Application Data\yRJQj.js" "c:\documents and settings\EVAN\Application Data\ZK1FypuCx.js" "c:\documents and settings\EVAN\Application Data\zQKMUe1A.js" "c:\documents and settings\NetworkService\Application Data\2498.bat" "c:\documents and settings\NetworkService\Application Data\2891.bat" "c:\documents and settings\NetworkService\Application Data\3176.bat" "c:\documents and settings\NetworkService\Application Data\4416.bat" "c:\documents and settings\NetworkService\Application Data\4802.bat" "c:\documents and settings\NetworkService\Application Data\4953.bat" "c:\documents and settings\NetworkService\Application Data\7101.bat" "c:\documents and settings\NetworkService\Application Data\72.bat" "c:\documents and settings\NetworkService\Application Data\7937.bat" "c:\documents and settings\NetworkService\Application Data\8787.bat" "c:\documents and settings\NetworkService\Application Data\8874.bat" "c:\documents and settings\NetworkService\Application Data\9544.bat" "c:\documents and settings\NetworkService\Application Data\BbKwl2M.js" "c:\documents and settings\NetworkService\Application Data\ceMjSHBi0h.js" "c:\documents and settings\NetworkService\Application Data\CY3VI7.js" "c:\documents and settings\NetworkService\Application Data\FtbGjlp.js" "c:\documents and settings\NetworkService\Application Data\ht6D7gcfcX.js" "c:\documents and settings\NetworkService\Application Data\J1Okl.js" "c:\documents and settings\NetworkService\Application Data\kiTv0SH.js" "c:\documents and settings\NetworkService\Application Data\MhyQzzz9.js" "c:\documents and settings\NetworkService\Application Data\ud62uqS.js" "c:\documents and settings\NetworkService\Application Data\vcR6U.js" "c:\documents and settings\NetworkService\Application Data\vXFTD8Ule.js" "c:\documents and settings\NetworkService\Application Data\YSZttppT4g.js" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\EVAN\Application Data\116.bat c:\documents and settings\EVAN\Application Data\1555.bat c:\documents and settings\EVAN\Application Data\1907.bat c:\documents and settings\EVAN\Application Data\2153.bat c:\documents and settings\EVAN\Application Data\2425.bat c:\documents and settings\EVAN\Application Data\2699.bat c:\documents and settings\EVAN\Application Data\272.bat c:\documents and settings\EVAN\Application Data\2830.bat c:\documents and settings\EVAN\Application Data\2834.bat c:\documents and settings\EVAN\Application Data\2845.bat c:\documents and settings\EVAN\Application Data\3203.bat c:\documents and settings\EVAN\Application Data\3967.bat c:\documents and settings\EVAN\Application Data\4014.bat c:\documents and settings\EVAN\Application Data\408.bat c:\documents and settings\EVAN\Application Data\4280.bat c:\documents and settings\EVAN\Application Data\4303.bat c:\documents and settings\EVAN\Application Data\4401.bat c:\documents and settings\EVAN\Application Data\4658.bat c:\documents and settings\EVAN\Application Data\4722.bat c:\documents and settings\EVAN\Application Data\494.bat c:\documents and settings\EVAN\Application Data\5673.bat c:\documents and settings\EVAN\Application Data\5889.bat c:\documents and settings\EVAN\Application Data\5961.bat c:\documents and settings\EVAN\Application Data\608.bat c:\documents and settings\EVAN\Application Data\6293.bat c:\documents and settings\EVAN\Application Data\6575.bat c:\documents and settings\EVAN\Application Data\7014.bat c:\documents and settings\EVAN\Application Data\7083.bat c:\documents and settings\EVAN\Application Data\7149.bat c:\documents and settings\EVAN\Application Data\7236.bat c:\documents and settings\EVAN\Application Data\7257.bat c:\documents and settings\EVAN\Application Data\7265.bat c:\documents and settings\EVAN\Application Data\7427.bat c:\documents and settings\EVAN\Application Data\7481.bat c:\documents and settings\EVAN\Application Data\8044.bat c:\documents and settings\EVAN\Application Data\904.bat c:\documents and settings\EVAN\Application Data\9604.bat c:\documents and settings\EVAN\Application Data\9855.bat c:\documents and settings\EVAN\Application Data\bd8lm.js c:\documents and settings\EVAN\Application Data\BeLVMi3.js c:\documents and settings\EVAN\Application Data\D2tvUv.js c:\documents and settings\EVAN\Application Data\DDlaz.js c:\documents and settings\EVAN\Application Data\f5lvogZO.js c:\documents and settings\EVAN\Application Data\fKiuQrs.js c:\documents and settings\EVAN\Application Data\giFjbR.js c:\documents and settings\EVAN\Application Data\GNdSRSl92.js c:\documents and settings\EVAN\Application Data\GqC6bmQ.js c:\documents and settings\EVAN\Application Data\h44DWNpot.js c:\documents and settings\EVAN\Application Data\IIMTLnoZ.js c:\documents and settings\EVAN\Application Data\J56C1.js c:\documents and settings\EVAN\Application Data\kbhIYv.js c:\documents and settings\EVAN\Application Data\lNCGu.js c:\documents and settings\EVAN\Application Data\mUe1YJ6.js c:\documents and settings\EVAN\Application Data\NpRh9bX7w.js c:\documents and settings\EVAN\Application Data\oOKy1ulmg.js c:\documents and settings\EVAN\Application Data\OQ99p.js c:\documents and settings\EVAN\Application Data\PehZZyryP.js c:\documents and settings\EVAN\Application Data\PiMHiR8S.js c:\documents and settings\EVAN\Application Data\qqzUE.js c:\documents and settings\EVAN\Application Data\R2MbbYzjU.js c:\documents and settings\EVAN\Application Data\SEdgTtg8SZ.js c:\documents and settings\EVAN\Application Data\SPd8FJa0.js c:\documents and settings\EVAN\Application Data\SQiStbP.js c:\documents and settings\EVAN\Application Data\tcbZ16.js c:\documents and settings\EVAN\Application Data\ucQQjxqLJC.js c:\documents and settings\EVAN\Application Data\uFuNGVV.js c:\documents and settings\EVAN\Application Data\UhviGuEejB.js c:\documents and settings\EVAN\Application Data\uvpPgqKw9C.js c:\documents and settings\EVAN\Application Data\wyzUICx.js c:\documents and settings\EVAN\Application Data\XpA9aGI.js c:\documents and settings\EVAN\Application Data\XSVuk.js c:\documents and settings\EVAN\Application Data\xuoqEsG3x.js c:\documents and settings\EVAN\Application Data\yKRZaW4ITJ.js c:\documents and settings\EVAN\Application Data\yRJQj.js c:\documents and settings\EVAN\Application Data\ZK1FypuCx.js c:\documents and settings\EVAN\Application Data\zQKMUe1A.js c:\documents and settings\NetworkService\Application Data\2498.bat c:\documents and settings\NetworkService\Application Data\2891.bat c:\documents and settings\NetworkService\Application Data\3176.bat c:\documents and settings\NetworkService\Application Data\4416.bat c:\documents and settings\NetworkService\Application Data\4802.bat c:\documents and settings\NetworkService\Application Data\4953.bat c:\documents and settings\NetworkService\Application Data\7101.bat c:\documents and settings\NetworkService\Application Data\72.bat c:\documents and settings\NetworkService\Application Data\7937.bat c:\documents and settings\NetworkService\Application Data\8787.bat c:\documents and settings\NetworkService\Application Data\8874.bat c:\documents and settings\NetworkService\Application Data\9544.bat c:\documents and settings\NetworkService\Application Data\BbKwl2M.js c:\documents and settings\NetworkService\Application Data\ceMjSHBi0h.js c:\documents and settings\NetworkService\Application Data\CY3VI7.js c:\documents and settings\NetworkService\Application Data\FtbGjlp.js c:\documents and settings\NetworkService\Application Data\ht6D7gcfcX.js c:\documents and settings\NetworkService\Application Data\J1Okl.js c:\documents and settings\NetworkService\Application Data\kiTv0SH.js c:\documents and settings\NetworkService\Application Data\MhyQzzz9.js c:\documents and settings\NetworkService\Application Data\ud62uqS.js c:\documents and settings\NetworkService\Application Data\vcR6U.js c:\documents and settings\NetworkService\Application Data\vXFTD8Ule.js c:\documents and settings\NetworkService\Application Data\YSZttppT4g.js . . ((((((((((((((((((((((((( Files Created from 2011-04-02 to 2011-05-02 ))))))))))))))))))))))))))))))) . . 2011-05-02 10:07 . 2010-09-06 16:10 18 ----a-w- c:\documents and settings\EVAN\unhide.bat 2011-05-01 08:44 . 2011-05-01 08:44 188416 --sha-w- c:\windows\system32\f3y32.dll 2011-04-30 15:29 . 2010-07-16 04:59 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys 2011-04-30 15:29 . 2010-07-16 04:59 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys 2011-04-29 07:07 . 2011-04-29 07:07 388096 ----a-r- c:\documents and settings\EVAN\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-04-29 07:07 . 2011-04-29 07:07 -------- d-----w- c:\program files\Trend Micro 2011-04-13 08:32 . 2011-04-13 08:32 -------- d-----w- c:\program files\IObit 2011-04-13 08:32 . 2011-04-13 08:32 -------- d-----w- c:\documents and settings\EVAN\Application Data\IObit 2011-04-13 08:17 . 2006-06-19 02:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll 2011-04-13 08:17 . 2006-05-25 04:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll 2011-04-13 08:17 . 2005-08-25 14:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll 2011-04-13 08:17 . 2003-02-02 09:06 153088 ----a-w- c:\windows\system32\unrar3.dll 2011-04-13 08:17 . 2002-03-05 14:00 75264 ----a-w- c:\windows\system32\unacev2.dll 2011-04-13 08:08 . 2011-04-13 08:14 -------- d-----w- c:\program files\RegistryFix8 2011-04-10 10:59 . 2010-09-06 16:10 18 ----a-w- c:\documents and settings\All Users\Application Data\unhide.bat . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-02-13 07:48 . 2011-02-13 07:48 169 ----a-w- c:\documents and settings\EVAN\Application Data\9022.bat 2011-02-13 07:48 . 2011-02-13 07:48 10482 ----a-w- c:\documents and settings\EVAN\Application Data\YqZn1.js 2011-02-13 07:30 . 2011-02-13 07:30 165 ----a-w- c:\documents and settings\EVAN\Application Data\4246.bat 2011-02-13 07:30 . 2011-02-13 07:30 10480 ----a-w- c:\documents and settings\EVAN\Application Data\UNG05.js 2011-02-13 07:23 . 2011-02-13 07:23 189 ----a-w- c:\documents and settings\NetworkService\Application Data\2732.bat 2011-02-13 07:23 . 2011-02-13 07:23 10482 ----a-w- c:\documents and settings\NetworkService\Application Data\lqjPuz5p.js 2011-02-13 07:03 . 2011-02-13 07:03 163 ----a-w- c:\documents and settings\EVAN\Application Data\2137.bat 2011-02-13 07:03 . 2011-02-13 07:03 10479 ----a-w- c:\documents and settings\EVAN\Application Data\sosvIp.js 2011-02-13 06:45 . 2011-02-13 06:45 165 ----a-w- c:\documents and settings\EVAN\Application Data\9918.bat 2011-02-13 06:45 . 2011-02-13 06:45 10480 ----a-w- c:\documents and settings\EVAN\Application Data\ZTmFbn.js 2011-02-13 06:23 . 2011-02-13 06:23 189 ----a-w- c:\documents and settings\NetworkService\Application Data\7000.bat 2011-02-13 06:23 . 2011-02-13 06:23 10482 ----a-w- c:\documents and settings\NetworkService\Application Data\gqAXOnth4.js 2011-02-13 06:11 . 2011-02-13 06:11 10477 ----a-w- c:\documents and settings\EVAN\Application Data\IedDrMU.js 2011-02-13 05:42 . 2011-02-13 05:42 169 ----a-w- c:\documents and settings\EVAN\Application Data\243.bat 2011-02-13 05:42 . 2011-02-13 05:42 10482 ----a-w- c:\documents and settings\EVAN\Application Data\JZOGBdn.js 2011-02-13 05:25 . 2011-02-13 05:25 161 ----a-w- c:\documents and settings\EVAN\Application Data\9292.bat 2011-02-13 05:25 . 2011-02-13 05:25 10478 ----a-w- c:\documents and settings\EVAN\Application Data\sI6iN.js 2011-02-13 05:23 . 2011-02-13 05:23 189 ----a-w- c:\documents and settings\NetworkService\Application Data\3719.bat 2011-02-13 05:23 . 2011-02-13 05:23 10482 ----a-w- c:\documents and settings\NetworkService\Application Data\slFjNN.js 2011-02-13 05:13 . 2011-02-13 05:13 163 ----a-w- c:\documents and settings\EVAN\Application Data\7725.bat 2011-02-13 05:13 . 2011-02-13 05:13 10479 ----a-w- c:\documents and settings\EVAN\Application Data\PNPUVnLVE.js 2011-02-13 05:08 . 2011-02-13 05:08 161 ----a-w- c:\documents and settings\EVAN\Application Data\1953.bat 2011-02-13 05:08 . 2011-02-13 05:08 10478 ----a-w- c:\documents and settings\EVAN\Application Data\UiiWWmZ7C.js 2011-02-13 05:00 . 2011-02-13 05:00 163 ----a-w- c:\documents and settings\EVAN\Application Data\6373.bat 2011-02-13 05:00 . 2011-02-13 05:00 10479 ----a-w- c:\documents and settings\EVAN\Application Data\C2jlqJlu.js 2011-02-13 04:52 . 2011-02-13 04:52 161 ----a-w- c:\documents and settings\EVAN\Application Data\4667.bat 2011-02-13 04:52 . 2011-02-13 04:52 10478 ----a-w- c:\documents and settings\EVAN\Application Data\UqnDg.js 2011-02-13 04:38 . 2011-02-13 04:38 165 ----a-w- c:\documents and settings\EVAN\Application Data\5170.bat 2011-02-13 04:38 . 2011-02-13 04:38 10480 ----a-w- c:\documents and settings\EVAN\Application Data\hjA3WJ4.js 2011-02-13 04:28 . 2011-02-13 04:28 165 ----a-w- c:\documents and settings\EVAN\Application Data\1542.bat 2011-02-13 04:28 . 2011-02-13 04:28 10480 ----a-w- c:\documents and settings\EVAN\Application Data\clBqH1a2.js 2011-02-13 04:23 . 2011-02-13 04:23 179 ----a-w- c:\documents and settings\NetworkService\Application Data\8371.bat 2011-02-13 04:23 . 2011-02-13 04:23 10477 ----a-w- c:\documents and settings\NetworkService\Application Data\CCSCJiZ.js 2011-02-13 04:19 . 2011-02-13 04:19 169 ----a-w- c:\documents and settings\EVAN\Application Data\6359.bat 2011-02-13 04:19 . 2011-02-13 04:19 10482 ----a-w- c:\documents and settings\EVAN\Application Data\n19EezstbX.js 2011-02-13 04:13 . 2011-02-13 04:13 169 ----a-w- c:\documents and settings\EVAN\Application Data\1800.bat 2011-02-13 04:13 . 2011-02-13 04:13 10482 ----a-w- c:\documents and settings\EVAN\Application Data\QCh3siZCQ.js 2011-02-13 03:57 . 2011-02-13 03:57 169 ----a-w- c:\documents and settings\EVAN\Application Data\1534.bat 2011-02-13 03:57 . 2011-02-13 03:57 10482 ----a-w- c:\documents and settings\EVAN\Application Data\syrkVaIN.js 2011-02-13 03:50 . 2011-02-13 03:50 159 ----a-w- c:\documents and settings\EVAN\Application Data\9998.bat 2011-02-13 03:50 . 2011-02-13 03:50 10477 ----a-w- c:\documents and settings\EVAN\Application Data\iTkAa64Ha.js 2011-02-13 03:30 . 2011-02-13 03:30 169 ----a-w- c:\documents and settings\EVAN\Application Data\5017.bat 2011-02-13 03:30 . 2011-02-13 03:30 10482 ----a-w- c:\documents and settings\EVAN\Application Data\FGe5bbsAEp.js 2011-02-13 03:23 . 2011-02-13 03:23 181 ----a-w- c:\documents and settings\NetworkService\Application Data\8207.bat 2011-02-13 03:23 . 2011-02-13 03:23 10478 ----a-w- c:\documents and settings\NetworkService\Application Data\ILeGL.js 2011-02-13 03:13 . 2011-02-13 03:13 165 ----a-w- c:\documents and settings\EVAN\Application Data\6657.bat 2011-02-13 03:13 . 2011-02-13 03:13 10480 ----a-w- c:\documents and settings\EVAN\Application Data\X7Fls.js 2011-02-13 02:44 . 2011-02-13 02:44 159 ----a-w- c:\documents and settings\EVAN\Application Data\4411.bat 2011-02-13 02:44 . 2011-02-13 02:44 10477 ----a-w- c:\documents and settings\EVAN\Application Data\fOIQV77TIR.js 2011-02-13 02:23 . 2011-02-13 02:23 185 ----a-w- c:\documents and settings\NetworkService\Application Data\2214.bat 2011-02-13 02:23 . 2011-02-13 02:23 10480 ----a-w- c:\documents and settings\NetworkService\Application Data\ZkRboiIbG9.js 2011-02-13 02:20 . 2011-02-13 02:20 159 ----a-w- c:\documents and settings\EVAN\Application Data\8140.bat 2011-02-13 02:20 . 2011-02-13 02:20 10477 ----a-w- c:\documents and settings\EVAN\Application Data\UYRyZZMRF.js 2011-02-13 02:12 . 2011-02-13 02:12 159 ----a-w- c:\documents and settings\EVAN\Application Data\5362.bat 2011-02-13 02:12 . 2011-02-13 02:12 10477 ----a-w- c:\documents and settings\EVAN\Application Data\csJZxpM.js 2011-02-13 01:57 . 2011-02-13 01:57 163 ----a-w- c:\documents and settings\EVAN\Application Data\2235.bat 2011-02-13 01:57 . 2011-02-13 01:57 10479 ----a-w- c:\documents and settings\EVAN\Application Data\k2HtWgT.js 2011-02-13 01:42 . 2011-02-13 01:42 165 ----a-w- c:\documents and settings\EVAN\Application Data\1773.bat 2011-02-13 01:42 . 2011-02-13 01:42 10480 ----a-w- c:\documents and settings\EVAN\Application Data\w4KuRW.js 2011-02-13 01:23 . 2011-02-13 01:23 181 ----a-w- c:\documents and settings\NetworkService\Application Data\9099.bat 2011-02-13 01:23 . 2011-02-13 01:23 10478 ----a-w- c:\documents and settings\NetworkService\Application Data\F70AgP.js 2011-02-13 01:19 . 2011-02-13 01:19 161 ----a-w- c:\documents and settings\EVAN\Application Data\4634.bat 2011-02-13 01:19 . 2011-02-13 01:19 10478 ----a-w- c:\documents and settings\EVAN\Application Data\TlbT9560G3.js 2011-02-13 00:59 . 2011-02-13 00:59 159 ----a-w- c:\documents and settings\EVAN\Application Data\9461.bat 2011-02-13 00:59 . 2011-02-13 00:59 10477 ----a-w- c:\documents and settings\EVAN\Application Data\ZCq2puj7YG.js 2011-02-13 00:31 . 2011-02-13 00:31 165 ----a-w- c:\documents and settings\EVAN\Application Data\915.bat 2011-02-13 00:31 . 2011-02-13 00:31 10480 ----a-w- c:\documents and settings\EVAN\Application Data\Z0fdMu.js 2011-02-13 00:23 . 2011-02-13 00:23 185 ----a-w- c:\documents and settings\NetworkService\Application Data\9732.bat 2011-02-13 00:23 . 2011-02-13 00:23 10480 ----a-w- c:\documents and settings\NetworkService\Application Data\T305OIJX.js 2011-02-13 00:14 . 2011-02-13 00:14 159 ----a-w- c:\documents and settings\EVAN\Application Data\9683.bat 2011-02-13 00:14 . 2011-02-13 00:14 10477 ----a-w- c:\documents and settings\EVAN\Application Data\zGf9i3Sci.js 2011-02-12 23:49 . 2011-02-12 23:49 165 ----a-w- c:\documents and settings\EVAN\Application Data\9132.bat 2011-02-12 23:49 . 2011-02-12 23:49 10480 ----a-w- c:\documents and settings\EVAN\Application Data\j7Q4yec.js 2011-02-12 23:41 . 2011-02-12 23:41 163 ----a-w- c:\documents and settings\EVAN\Application Data\8343.bat 2011-02-12 23:41 . 2011-02-12 23:41 10479 ----a-w- c:\documents and settings\EVAN\Application Data\l2IGImr70R.js 2011-02-12 23:28 . 2011-02-12 23:28 163 ----a-w- c:\documents and settings\EVAN\Application Data\4494.bat 2011-02-12 23:28 . 2011-02-12 23:28 10479 ----a-w- c:\documents and settings\EVAN\Application Data\B216Jgm.js 2011-02-12 23:23 . 2011-02-12 23:23 189 ----a-w- c:\documents and settings\NetworkService\Application Data\920.bat 2011-02-12 23:23 . 2011-02-12 23:23 10482 ----a-w- c:\documents and settings\NetworkService\Application Data\YnrdCG.js 2011-02-12 23:02 . 2011-02-12 23:02 165 ----a-w- c:\documents and settings\EVAN\Application Data\9472.bat 2011-02-12 23:02 . 2011-02-12 23:02 10480 ----a-w- c:\documents and settings\EVAN\Application Data\UFppIuTE.js 2011-02-12 22:39 . 2011-02-12 22:39 167 ----a-w- c:\documents and settings\EVAN\Application Data\207.bat 2011-02-12 22:39 . 2011-02-12 22:39 10481 ----a-w- c:\documents and settings\EVAN\Application Data\q86GnUipk.js 2011-02-12 22:24 . 2011-02-12 22:24 165 ----a-w- c:\documents and settings\EVAN\Application Data\1726.bat 2011-02-12 22:24 . 2011-02-12 22:24 10480 ----a-w- c:\documents and settings\EVAN\Application Data\BLOIMD0n4.js 2011-02-12 22:23 . 2011-02-12 22:23 185 ----a-w- c:\documents and settings\NetworkService\Application Data\5808.bat 2011-02-12 22:23 . 2011-02-12 22:23 10480 ----a-w- c:\documents and settings\NetworkService\Application Data\j4M6MB9.js 2011-02-12 22:07 . 2011-02-12 22:07 163 ----a-w- c:\documents and settings\EVAN\Application Data\3062.bat 2011-02-12 22:07 . 2011-02-12 22:07 10479 ----a-w- c:\documents and settings\EVAN\Application Data\cpxnynaU.js 2011-02-12 21:53 . 2011-02-12 21:53 159 ----a-w- c:\documents and settings\EVAN\Application Data\3959.bat 2011-02-12 21:53 . 2011-02-12 21:53 10477 ----a-w- c:\documents and settings\EVAN\Application Data\EDY0kXpcm8.js 2011-02-12 21:25 . 2011-02-12 21:25 169 ----a-w- c:\documents and settings\EVAN\Application Data\5512.bat 2011-02-12 21:25 . 2011-02-12 21:25 10482 ----a-w- c:\documents and settings\EVAN\Application Data\H0XaxbM8.js 2011-02-12 21:23 . 2011-02-12 21:23 179 ----a-w- c:\documents and settings\NetworkService\Application Data\3879.bat 2011-02-12 21:23 . 2011-02-12 21:23 10477 ----a-w- c:\documents and settings\NetworkService\Application Data\K5PHqKK.js 2011-02-12 21:19 . 2011-02-12 21:19 163 ----a-w- c:\documents and settings\EVAN\Application Data\535.bat 2011-02-12 21:19 . 2011-02-12 21:19 10479 ----a-w- c:\documents and settings\EVAN\Application Data\WU2CHgA6l.js 2011-02-12 21:12 . 2011-02-12 21:12 161 ----a-w- c:\documents and settings\EVAN\Application Data\9413.bat 2011-02-12 21:12 . 2011-02-12 21:12 10478 ----a-w- c:\documents and settings\EVAN\Application Data\PHd2OxD8vg.js 2011-02-12 20:50 . 2011-02-12 20:50 167 ----a-w- c:\documents and settings\EVAN\Application Data\8631.bat . . ((((((((((((((((((((((((((((( SnapShot@2011-05-02_13.20.04 ))))))))))))))))))))))))))))))))))))))))) . + 2011-05-02 14:16 . 2011-05-02 14:16 16384 c:\windows\temp\Perflib_Perfdata_6bc.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2004-09-07 1871872] "RealPlayer"="c:\program files\Real\RealPlayer\realplay.exe" [2006-05-27 1003520] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "GEST"="]" [X] "POINTER"="c:\program files\Microsoft Hardware\Mouse\point32.exe" [2002-04-11 176128] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "HPHUPD05"="c:\program files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-05-23 49152] "HPHmon05"="c:\windows\System32\hphmon05.exe" [2003-05-23 483328] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-05-07 188416] "HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2002-12-17 49152] "HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664] "CloneCDElbyCDFL"="c:\program files\Elaborate Bytes\CloneCD\ElbyCheck.exe" [2002-11-02 45056] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088] "nwiz"="nwiz.exe" [2008-05-03 1630208] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-11-18 180269] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-09 116040] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-10 289064] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2004-09-14 70776] "RTHDCPL"="RTHDCPL.EXE" [2008-12-09 18063872] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-03 86016] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360] "NvMediaCenter"="c:\windows\System32\NVMCTRAY.DLL" [2008-05-03 86016] . c:\documents and settings\JULIE & RICK\Start Menu\Programs\Startup\ Last.fm Helper.lnk - c:\program files\Last.fm\LastFMHelper.exe [2007-6-29 106496] . c:\documents and settings\EVAN\Start Menu\Programs\Startup\ DVD Region-Free.lnk - c:\program files\DVD Region-Free\DVDRegionFree.exe [2003-5-15 307200] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2004-1-2 82026] Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-1-2 113664] Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2004-8-11 757760] Kodak software updater.lnk - c:\program files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-2-13 16423] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2004-1-1 106560] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{93994DE8-8239-4655-B1D1-5F4E91300429}"= "c:\program files\DVD Region-Free\DVDShell.dll" [2003-01-29 40960] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableNotifications"= 1 (0x1) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\system32\\ccapp.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\FrostWire\\FrostWire.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "52113:TCP"= 52113:TCP:Azureus "52113:UDP"= 52113:UDP:Azureus . R0 ElbyVCD;ElbyVCD;c:\windows\system32\drivers\ElbyVCD.sys [28/11/2002 8:43 PM 22016] R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [19/01/2010 7:33 PM 239168] R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [1/05/2011 1:29 AM 338880] R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [1/05/2011 1:29 AM 656320] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [18/02/2010 4:25 AM 12872] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [11/05/2010 4:41 AM 67656] S3 ETDrv;ETDrv;c:\windows\system32\drivers\ETDrv.sys [2/01/2004 7:22 PM 170128] S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [19/01/2010 7:33 PM 366840] S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [13/03/2006 3:03 PM 642560] . Contents of the 'Scheduled Tasks' folder . 2011-03-22 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 07:57] . 2011-05-01 c:\windows\Tasks\HP DArC Task 2004-05-12 09:44ewlett-Packard76002004-05-12 04:18Y3421200Y84.job - c:\program files\HP\hpcoretech\comp\hpdarc.exe [2004-05-12 04:18] . 2011-05-02 c:\windows\Tasks\HP Usg Daily.job - c:\program files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\pexpress\hphped05.exe [2004-10-31 03:03] . 2011-05-02 c:\windows\Tasks\Symantec NetDetect.job - c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2003-12-31 06:26] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com.au/ uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = <local> LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll Trusted Zone: windowsmedia.com DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\EVAN\Application Data\Mozilla\Firefox\Profiles\hal6la1e.default\ FF - prefs.js: browser.search.selectedEngine - Wikipedia (en) FF - prefs.js: browser.startup.homepage - hxxp://en-GB.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-GB:official FF - prefs.js: network.proxy.type - 0 FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} FF - Ext: StumbleUpon: {AE93811A-5C9A-4d34-8462-F7B864FC4696} - %profile%\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-05-03 00:16 Windows 5.1.2600 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\5700c990] "imagepath"="\??\c:\windows\TEMP\222.tmp" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl] @DACL=(02 0000) . [HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ACTIVEX_REPURPOSEDETECTION] @DACL=(02 0000) "sllauncher.exe"=dword:00000001 "PresentationHost.exe"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ADDON_MANAGEMENT] @DACL=(02 0000) "WMPlayer.exe"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_IMG] @DACL=(02 0000) "sllauncher.exe"=dword:00000001 "PresentationHost.exe"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_OBJECT] @DACL=(02 0000) "sllauncher.exe"=dword:00000001 "PresentationHost.exe"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_SCRIPT] @DACL=(02 0000) "sllauncher.exe"=dword:00000001 "PresentationHost.exe"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION] @DACL=(02 0000) "sllauncher.exe"=dword:00001f40 . [HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_Cross_Domain_Redirect_Mitigation] @DACL=(02 0000) "sllauncher.exe"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_LEGACY_COMPRESSION] @DACL=(02 0000) "PresentationHost.exe"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_SQM_UPLOAD_FOR_APP] @DACL=(02 0000) "ieuser.exe"=dword:00000001 "iexplore.exe"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_TELNET_PROTOCOL] @DACL=(02 0000) "PresentationHost.exe"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK] @DACL=(02 0000) "YahooMusicEngine.exe"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMPT] @DACL=(02 0000) "devenv.exe"=dword:00000001 "dexplore.exe"=dword:00000001 "helppane.exe"=dword:00000001 "sllauncher.exe"=dword:00000000 "PresentationHost.exe"=dword:00000000 . [HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FEEDS] @DACL=(02 0000) "msfeedssync.exe"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FORCE_ADDR_AND_STATUS] @DACL=(02 0000) "PresentationHost.exe"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE] @DACL=(02 0000) "WMPlayer.exe"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IGNORE_XML_PROLOG] @DACL=(02 0000) "msiexec.exe"=dword:00000000 . [HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IMAGING_USE_ART] @DACL=(02 0000) @="" "waol.exe"=dword:00000001 "cs.exe"=dword:00000001 "wm.exe"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_INTERNET_SHELL_FOLDERS] @DACL=(02 0000) "iexplore.exe"=dword:00000000 . [HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LEGACY_DISPPARAMS] @DACL=(02 0000) "helppane.exe"=dword:00000000 . [HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LEGACY_DLCONTROL_BEHAVIORS] @DACL=(02 0000) "wlmail.exe"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPER1_0SERVER] @DACL=(02 0000) "explorer.exe"=dword:00000004 "sllauncher.exe"=dword:00000006 . [HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVER] @DACL=(02 0000) "explorer.exe"=dword:00000002 "sllauncher.exe"=dword:00000006 . [HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MSHTML_AUTOLOAD_IEFRAME] @DACL=(02 0000) "mshta.exe"=dword:00000001 "outlook.exe"=dword:00000001 "sidebar.exe"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTECT_DECOMPRESSION_FILTER_FROM_ABORT_KB942367] @DACL=(02 0000) @="" "*"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RELEASE_CALLBACK_ON_STOP_BINDING] @DACL=(02 0000) "communicator.exe"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ABOUT_PROTOCOL_IE7] @DACL=(02 0000) "sllauncher.exe"=dword:00000001 "PresentationHost.exe"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL] @DACL=(02 0000) "WMPlayer.exe"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD] @DACL=(02 0000) "WMPlayer.exe"=dword:00000001 "msimn.exe"=dword:00000001 "winmail.exe"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_OBJECT_DATA_ATTRIBUTE] @DACL=(02 0000) "sllauncher.exe"=dword:00000001 "PresentationHost.exe"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_RES_TO_LMZ] @DACL=(02 0000) "sllauncher.exe"=dword:00000001 "PresentationHost.exe"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SCRIPTURL_MITIGATION] @DACL=(02 0000) "sllauncher.exe"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND] @DACL=(02 0000) "WMPlayer.exe"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SHOW_APP_PROTOCOL_WARN_DIALOG] @DACL=(02 0000) "sllauncher.exe"=dword:00000001 "PresentationHost.exe"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SSLUX] @DACL=(02 0000) "PresentationHost.exe"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SUBDOWNLOAD_LOCKDOWN] @DACL=(02 0000) "msimn.exe"=dword:00000001 "outlook.exe"=dword:00000001 "winmail.exe"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_UNC_SAVEDFILECHECK] @DACL=(02 0000) "WMPlayer.exe"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_USE_WINDOWEDSELECTCONTROL] @DACL=(02 0000) "excel.exe"=dword:00000001 "infopath.exe"=dword:00000001 "powerpnt.exe"=dword:00000001 "winword.exe"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VALIDATE_NAVIGATE_URL] @DACL=(02 0000) "WMPlayer.exe"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VIEWLINKEDWEBOC_IS_UNSAFE] @DACL=(02 0000) "sllauncher.exe"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_MOVESIZECHILD] @DACL=(02 0000) "msn.exe"=dword:00000001 "msn6.exe"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_XSSFILTER] @DACL=(02 0000) "iexplore.exe"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\UrlTemplate] @DACL=(02 0000) "1"="www.%s.com" "2"="www.%s.org" "3"="www.%s.net" "4"="www.%s.edu" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(836) c:\program files\SUPERAntiSpyware\SASWINLO.DLL c:\windows\system32\WININET.dll . - - - - - - - > 'lsass.exe'(892) c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll . - - - - - - - > 'explorer.exe'(736) c:\windows\system32\WININET.dll c:\windows\system32\wpdshext.dll c:\windows\system32\PortableDeviceApi.dll c:\windows\system32\Audiodev.dll c:\windows\system32\WMVCore.DLL c:\windows\system32\WMASF.DLL c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll c:\windows\system32\PortableDeviceTypes.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\drivers\KodakCCS.exe c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe c:\windows\system32\nvsvc32.exe c:\windows\RTHDCPL.EXE c:\windows\system32\RUNDLL32.EXE c:\program files\iPod\bin\iPodService.exe c:\windows\System32\HPZipm12.exe c:\windows\system32\WgaTray.exe . ************************************************************************** . Completion time: 2011-05-03 00:19:33 - machine was rebooted ComboFix-quarantined-files.txt 2011-05-02 14:19 ComboFix2.txt 2011-05-02 13:21 . Pre-Run: 49,904,500,736 bytes free Post-Run: 49,893,298,176 bytes free . - - End Of File - - E0458C558B7B1EB7DB7C1C01F17F16DB However, opening the application data folder reveals a whole lot of those files are still there, including the example one I used earlier. I'm not really getting any issues with performance or popups or audio or strange errors or anything anymore though.
  3. oneafter909
    Basically the same this time I think, it says "Cannot find the path specified".
  4. oneafter909
    I'm not sure if I'm doing it right, because when I enter that I get an error which says "Windows cannot find 'del'". Have I done it wrong?
  5. oneafter909
    No, but that does ring a bell actually. I remember a while ago when I was first really badly infected I noticed that my application data folder kept coming up in my virus scans and that even if I manually deleted those .bat files (of which there are a lot it seems) they keep coming back. I honestly don't know what those are. There are also a whole lot of JScript files, seemingly randomly named (like A8Tde2.js) in that folder.
  6. oneafter909
    Okay, so I'm back! Combofix went straight into rebooting because it found a rootkit and then we went through the installing of Windows Recovery and the scan and it all seemed to go pretty smoothly. Here's the log: ComboFix 11-05-01.04 - EVAN 02/05/2011 23:14:37.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3583.3108 [GMT 10:00] Running from: d:\firefox downloads\ComboFix.exe FW: Norton Internet Security *Enabled* {825036E0-9F94-4752-8789-8B92454AF49B} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\CALLUM\WINDOWS c:\documents and settings\EVAN\Application Data\desktop.ini c:\documents and settings\EVAN\Local Settings\Application Data\{B49EAC5D-AFE9-4AD6-852F-020363BFB70B} c:\documents and settings\EVAN\Local Settings\Application Data\{B49EAC5D-AFE9-4AD6-852F-020363BFB70B}\chrome.manifest c:\documents and settings\EVAN\Local Settings\Application Data\{B49EAC5D-AFE9-4AD6-852F-020363BFB70B}\chrome\content\_cfg.js c:\documents and settings\EVAN\Local Settings\Application Data\{B49EAC5D-AFE9-4AD6-852F-020363BFB70B}\chrome\content\overlay.xul c:\documents and settings\EVAN\Local Settings\Application Data\{B49EAC5D-AFE9-4AD6-852F-020363BFB70B}\install.rdf c:\documents and settings\EVAN\Start Menu\Programs\Startup\Startup.js c:\documents and settings\EVAN\Start Menu\Programs\Windows Repair c:\documents and settings\EVAN\Start Menu\Programs\Windows Repair\Uninstall Windows Repair.lnk c:\documents and settings\EVAN\Start Menu\Programs\Windows Repair\Windows Repair.lnk c:\documents and settings\EVAN\Templates\10rjhjf803023yk6e34772j836a5 c:\documents and settings\EVAN\WINDOWS c:\program files\filesubmit c:\program files\filesubmit\The Simpsons Desktop Theme\fsi_install.ico c:\program files\filesubmit\The Simpsons Desktop Theme\fsi_uninstall.ico c:\program files\filesubmit\The Simpsons Desktop Theme\simpsonsthemexp.exe c:\program files\filesubmit\The Simpsons Desktop Theme\UNWISE.EXE c:\program files\filesubmit\The Simpsons Desktop Theme\UNWISE.INI c:\program files\INSTALL.LOG c:\windows\a3kebook.ini c:\windows\akebook.ini c:\windows\ANS2000.INI c:\windows\Debug\dcpromo.log c:\windows\jestertb.dll c:\windows\ST6UNST.000 c:\windows\system32\11478.exe c:\windows\system32\15724.exe c:\windows\system32\16827.exe c:\windows\system32\18467.exe c:\windows\system32\19169.exe c:\windows\system32\23281.exe c:\windows\system32\24464.exe c:\windows\system32\26500.exe c:\windows\system32\26962.exe c:\windows\system32\28145.exe c:\windows\system32\29358.exe c:\windows\system32\2995.exe c:\windows\system32\491.exe c:\windows\system32\5705.exe c:\windows\system32\6334.exe c:\windows\system32\9961.exe c:\windows\system32\system.dat c:\windows\Tasks\At1.job c:\windows\Tasks\At10.job c:\windows\Tasks\At11.job c:\windows\Tasks\At12.job c:\windows\Tasks\At13.job c:\windows\Tasks\At14.job c:\windows\Tasks\At15.job c:\windows\Tasks\At16.job c:\windows\Tasks\At17.job c:\windows\Tasks\At18.job c:\windows\Tasks\At19.job c:\windows\Tasks\At2.job c:\windows\Tasks\At20.job c:\windows\Tasks\At21.job c:\windows\Tasks\At22.job c:\windows\Tasks\At23.job c:\windows\Tasks\At24.job c:\windows\Tasks\At3.job c:\windows\Tasks\At4.job c:\windows\Tasks\At5.job c:\windows\Tasks\At6.job c:\windows\Tasks\At7.job c:\windows\Tasks\At8.job c:\windows\Tasks\At9.job D:\install.exe . Infected copy of c:\windows\system32\drivers\volsnap.sys was found and disinfected Restored copy from - Kitty had a snack . ((((((((((((((((((((((((( Files Created from 2011-04-02 to 2011-05-02 ))))))))))))))))))))))))))))))) . . 2011-05-02 10:07 . 2010-09-06 16:10 18 ----a-w- c:\documents and settings\EVAN\unhide.bat 2011-05-01 08:44 . 2011-05-01 08:44 188416 --sha-w- c:\windows\system32\f3y32.dll 2011-04-30 15:29 . 2010-07-16 04:59 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys 2011-04-30 15:29 . 2010-07-16 04:59 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys 2011-04-29 07:07 . 2011-04-29 07:07 388096 ----a-r- c:\documents and settings\EVAN\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-04-29 07:07 . 2011-04-29 07:07 -------- d-----w- c:\program files\Trend Micro 2011-04-13 08:32 . 2011-04-13 08:32 -------- d-----w- c:\program files\IObit 2011-04-13 08:32 . 2011-04-13 08:32 -------- d-----w- c:\documents and settings\EVAN\Application Data\IObit 2011-04-13 08:17 . 2006-06-19 02:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll 2011-04-13 08:17 . 2006-05-25 04:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll 2011-04-13 08:17 . 2005-08-25 14:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll 2011-04-13 08:17 . 2003-02-02 09:06 153088 ----a-w- c:\windows\system32\unrar3.dll 2011-04-13 08:17 . 2002-03-05 14:00 75264 ----a-w- c:\windows\system32\unacev2.dll 2011-04-13 08:08 . 2011-04-13 08:14 -------- d-----w- c:\program files\RegistryFix8 2011-04-10 10:59 . 2010-09-06 16:10 18 ----a-w- c:\documents and settings\All Users\Application Data\unhide.bat . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-02-14 06:49 . 2011-02-14 06:49 161 ----a-w- c:\documents and settings\EVAN\Application Data\5673.bat 2011-02-14 06:49 . 2011-02-14 06:49 10478 ----a-w- c:\documents and settings\EVAN\Application Data\SEdgTtg8SZ.js 2011-02-14 06:23 . 2011-02-14 06:23 181 ----a-w- c:\documents and settings\NetworkService\Application Data\7101.bat 2011-02-14 06:23 . 2011-02-14 06:23 10478 ----a-w- c:\documents and settings\NetworkService\Application Data\BbKwl2M.js 2011-02-14 06:22 . 2011-02-14 06:22 161 ----a-w- c:\documents and settings\EVAN\Application Data\1907.bat 2011-02-14 06:22 . 2011-02-14 06:22 10478 ----a-w- c:\documents and settings\EVAN\Application Data\SQiStbP.js 2011-02-14 06:04 . 2011-02-14 06:04 159 ----a-w- c:\documents and settings\EVAN\Application Data\1555.bat 2011-02-14 06:04 . 2011-02-14 06:04 10477 ----a-w- c:\documents and settings\EVAN\Application Data\qqzUE.js 2011-02-14 05:59 . 2011-02-14 05:59 169 ----a-w- c:\documents and settings\EVAN\Application Data\7427.bat 2011-02-14 05:59 . 2011-02-14 05:59 10482 ----a-w- c:\documents and settings\EVAN\Application Data\OQ99p.js 2011-02-14 05:30 . 2011-02-14 05:30 167 ----a-w- c:\documents and settings\EVAN\Application Data\5889.bat 2011-02-14 05:30 . 2011-02-14 05:30 10481 ----a-w- c:\documents and settings\EVAN\Application Data\bd8lm.js 2011-02-14 05:23 . 2011-02-14 05:23 187 ----a-w- c:\documents and settings\NetworkService\Application Data\2891.bat 2011-02-14 05:23 . 2011-02-14 05:23 10481 ----a-w- c:\documents and settings\NetworkService\Application Data\vXFTD8Ule.js 2011-02-14 05:01 . 2011-02-14 05:01 159 ----a-w- c:\documents and settings\EVAN\Application Data\494.bat 2011-02-14 05:01 . 2011-02-14 05:01 10477 ----a-w- c:\documents and settings\EVAN\Application Data\D2tvUv.js 2011-02-14 04:45 . 2011-02-14 04:45 165 ----a-w- c:\documents and settings\EVAN\Application Data\4658.bat 2011-02-14 04:45 . 2011-02-14 04:45 10480 ----a-w- c:\documents and settings\EVAN\Application Data\f5lvogZO.js 2011-02-14 04:35 . 2011-02-14 04:35 161 ----a-w- c:\documents and settings\EVAN\Application Data\4303.bat 2011-02-14 04:34 . 2011-02-14 04:34 10478 ----a-w- c:\documents and settings\EVAN\Application Data\lNCGu.js 2011-02-14 04:25 . 2011-02-14 04:25 165 ----a-w- c:\documents and settings\EVAN\Application Data\608.bat 2011-02-14 04:24 . 2011-02-14 04:24 10480 ----a-w- c:\documents and settings\EVAN\Application Data\yRJQj.js 2011-02-14 04:23 . 2011-02-14 04:23 179 ----a-w- c:\documents and settings\NetworkService\Application Data\3176.bat 2011-02-14 04:23 . 2011-02-14 04:23 10477 ----a-w- c:\documents and settings\NetworkService\Application Data\ht6D7gcfcX.js 2011-02-14 03:56 . 2011-02-14 03:56 165 ----a-w- c:\documents and settings\EVAN\Application Data\5961.bat 2011-02-14 03:55 . 2011-02-14 03:55 10480 ----a-w- c:\documents and settings\EVAN\Application Data\SPd8FJa0.js 2011-02-14 03:26 . 2011-02-14 03:26 163 ----a-w- c:\documents and settings\EVAN\Application Data\7014.bat 2011-02-14 03:25 . 2011-02-14 03:25 10479 ----a-w- c:\documents and settings\EVAN\Application Data\h44DWNpot.js 2011-02-14 03:23 . 2011-02-14 03:23 187 ----a-w- c:\documents and settings\NetworkService\Application Data\4953.bat 2011-02-14 03:23 . 2011-02-14 03:23 10481 ----a-w- c:\documents and settings\NetworkService\Application Data\ud62uqS.js 2011-02-14 03:04 . 2011-02-14 03:04 165 ----a-w- c:\documents and settings\EVAN\Application Data\408.bat 2011-02-14 03:03 . 2011-02-14 03:03 10480 ----a-w- c:\documents and settings\EVAN\Application Data\J56C1.js 2011-02-14 02:56 . 2011-02-14 02:56 161 ----a-w- c:\documents and settings\EVAN\Application Data\4401.bat 2011-02-14 02:56 . 2011-02-14 02:56 10478 ----a-w- c:\documents and settings\EVAN\Application Data\tcbZ16.js 2011-02-14 02:38 . 2011-02-14 02:38 161 ----a-w- c:\documents and settings\EVAN\Application Data\7149.bat 2011-02-14 02:38 . 2011-02-14 02:38 10478 ----a-w- c:\documents and settings\EVAN\Application Data\R2MbbYzjU.js 2011-02-14 02:23 . 2011-02-14 02:23 181 ----a-w- c:\documents and settings\NetworkService\Application Data\4802.bat 2011-02-14 02:23 . 2011-02-14 02:23 10478 ----a-w- c:\documents and settings\NetworkService\Application Data\kiTv0SH.js 2011-02-14 02:06 . 2011-02-14 02:06 165 ----a-w- c:\documents and settings\EVAN\Application Data\6293.bat 2011-02-14 02:05 . 2011-02-14 02:05 10480 ----a-w- c:\documents and settings\EVAN\Application Data\XpA9aGI.js 2011-02-14 01:42 . 2011-02-14 01:42 161 ----a-w- c:\documents and settings\EVAN\Application Data\8044.bat 2011-02-14 01:42 . 2011-02-14 01:42 10478 ----a-w- c:\documents and settings\EVAN\Application Data\kbhIYv.js 2011-02-14 01:23 . 2011-02-14 01:23 169 ----a-w- c:\documents and settings\EVAN\Application Data\9855.bat 2011-02-14 01:23 . 2011-02-14 01:23 10482 ----a-w- c:\documents and settings\EVAN\Application Data\PehZZyryP.js 2011-02-14 01:23 . 2011-02-14 01:23 189 ----a-w- c:\documents and settings\NetworkService\Application Data\2498.bat 2011-02-14 01:23 . 2011-02-14 01:23 10482 ----a-w- c:\documents and settings\NetworkService\Application Data\vcR6U.js 2011-02-14 01:17 . 2011-02-14 01:17 163 ----a-w- c:\documents and settings\EVAN\Application Data\2834.bat 2011-02-14 01:17 . 2011-02-14 01:17 10479 ----a-w- c:\documents and settings\EVAN\Application Data\PiMHiR8S.js 2011-02-14 01:06 . 2011-02-14 01:06 169 ----a-w- c:\documents and settings\EVAN\Application Data\2153.bat 2011-02-14 01:05 . 2011-02-14 01:05 10482 ----a-w- c:\documents and settings\EVAN\Application Data\ucQQjxqLJC.js 2011-02-14 01:01 . 2011-02-14 01:01 161 ----a-w- c:\documents and settings\EVAN\Application Data\2699.bat 2011-02-14 01:00 . 2011-02-14 01:00 10478 ----a-w- c:\documents and settings\EVAN\Application Data\DDlaz.js 2011-02-13 13:28 . 2011-02-13 13:28 163 ----a-w- c:\documents and settings\EVAN\Application Data\2830.bat 2011-02-13 13:28 . 2011-02-13 13:28 10479 ----a-w- c:\documents and settings\EVAN\Application Data\IIMTLnoZ.js 2011-02-13 13:23 . 2011-02-13 13:23 187 ----a-w- c:\documents and settings\NetworkService\Application Data\9544.bat 2011-02-13 13:23 . 2011-02-13 13:23 10481 ----a-w- c:\documents and settings\NetworkService\Application Data\FtbGjlp.js 2011-02-13 13:01 . 2011-02-13 13:01 169 ----a-w- c:\documents and settings\EVAN\Application Data\4722.bat 2011-02-13 13:01 . 2011-02-13 13:01 10482 ----a-w- c:\documents and settings\EVAN\Application Data\zQKMUe1A.js 2011-02-13 12:42 . 2011-02-13 12:42 161 ----a-w- c:\documents and settings\EVAN\Application Data\7257.bat 2011-02-13 12:42 . 2011-02-13 12:42 10478 ----a-w- c:\documents and settings\EVAN\Application Data\GqC6bmQ.js 2011-02-13 12:23 . 2011-02-13 12:23 181 ----a-w- c:\documents and settings\NetworkService\Application Data\4416.bat 2011-02-13 12:23 . 2011-02-13 12:23 10478 ----a-w- c:\documents and settings\NetworkService\Application Data\MhyQzzz9.js 2011-02-13 12:15 . 2011-02-13 12:15 163 ----a-w- c:\documents and settings\EVAN\Application Data\116.bat 2011-02-13 12:15 . 2011-02-13 12:15 10479 ----a-w- c:\documents and settings\EVAN\Application Data\UhviGuEejB.js 2011-02-13 12:06 . 2011-02-13 12:06 167 ----a-w- c:\documents and settings\EVAN\Application Data\4014.bat 2011-02-13 12:06 . 2011-02-13 12:06 10481 ----a-w- c:\documents and settings\EVAN\Application Data\yKRZaW4ITJ.js 2011-02-13 11:52 . 2011-02-13 11:52 159 ----a-w- c:\documents and settings\EVAN\Application Data\272.bat 2011-02-13 11:51 . 2011-02-13 11:51 10477 ----a-w- c:\documents and settings\EVAN\Application Data\giFjbR.js 2011-02-13 11:41 . 2011-02-13 11:41 163 ----a-w- c:\documents and settings\EVAN\Application Data\7265.bat 2011-02-13 11:41 . 2011-02-13 11:41 10479 ----a-w- c:\documents and settings\EVAN\Application Data\fKiuQrs.js 2011-02-13 11:23 . 2011-02-13 11:23 189 ----a-w- c:\documents and settings\NetworkService\Application Data\8874.bat 2011-02-13 11:23 . 2011-02-13 11:23 10482 ----a-w- c:\documents and settings\NetworkService\Application Data\J1Okl.js 2011-02-13 11:14 . 2011-02-13 11:14 161 ----a-w- c:\documents and settings\EVAN\Application Data\4280.bat 2011-02-13 11:14 . 2011-02-13 11:14 10478 ----a-w- c:\documents and settings\EVAN\Application Data\wyzUICx.js 2011-02-13 10:52 . 2011-02-13 10:52 163 ----a-w- c:\documents and settings\EVAN\Application Data\2845.bat 2011-02-13 10:51 . 2011-02-13 10:51 10479 ----a-w- c:\documents and settings\EVAN\Application Data\XSVuk.js 2011-02-13 10:26 . 2011-02-13 10:26 161 ----a-w- c:\documents and settings\EVAN\Application Data\2425.bat 2011-02-13 10:25 . 2011-02-13 10:25 10478 ----a-w- c:\documents and settings\EVAN\Application Data\BeLVMi3.js 2011-02-13 10:23 . 2011-02-13 10:23 189 ----a-w- c:\documents and settings\NetworkService\Application Data\7937.bat 2011-02-13 10:23 . 2011-02-13 10:23 10482 ----a-w- c:\documents and settings\NetworkService\Application Data\YSZttppT4g.js 2011-02-13 10:01 . 2011-02-13 10:01 163 ----a-w- c:\documents and settings\EVAN\Application Data\9604.bat 2011-02-13 10:01 . 2011-02-13 10:01 10479 ----a-w- c:\documents and settings\EVAN\Application Data\GNdSRSl92.js 2011-02-13 09:41 . 2011-02-13 09:41 169 ----a-w- c:\documents and settings\EVAN\Application Data\7236.bat 2011-02-13 09:41 . 2011-02-13 09:41 10482 ----a-w- c:\documents and settings\EVAN\Application Data\xuoqEsG3x.js 2011-02-13 09:34 . 2011-02-13 09:34 161 ----a-w- c:\documents and settings\EVAN\Application Data\6575.bat 2011-02-13 09:34 . 2011-02-13 09:34 10478 ----a-w- c:\documents and settings\EVAN\Application Data\uvpPgqKw9C.js 2011-02-13 09:26 . 2011-02-13 09:26 169 ----a-w- c:\documents and settings\EVAN\Application Data\904.bat 2011-02-13 09:25 . 2011-02-13 09:25 10482 ----a-w- c:\documents and settings\EVAN\Application Data\oOKy1ulmg.js 2011-02-13 09:23 . 2011-02-13 09:23 185 ----a-w- c:\documents and settings\NetworkService\Application Data\8787.bat 2011-02-13 09:23 . 2011-02-13 09:23 10480 ----a-w- c:\documents and settings\NetworkService\Application Data\ceMjSHBi0h.js 2011-02-13 09:12 . 2011-02-13 09:12 169 ----a-w- c:\documents and settings\EVAN\Application Data\7481.bat 2011-02-13 09:12 . 2011-02-13 09:12 10482 ----a-w- c:\documents and settings\EVAN\Application Data\uFuNGVV.js 2011-02-13 08:55 . 2011-02-13 08:55 159 ----a-w- c:\documents and settings\EVAN\Application Data\7083.bat 2011-02-13 08:55 . 2011-02-13 08:55 10477 ----a-w- c:\documents and settings\EVAN\Application Data\mUe1YJ6.js 2011-02-13 08:39 . 2011-02-13 08:39 165 ----a-w- c:\documents and settings\EVAN\Application Data\3203.bat 2011-02-13 08:39 . 2011-02-13 08:39 10480 ----a-w- c:\documents and settings\EVAN\Application Data\ZK1FypuCx.js 2011-02-13 08:23 . 2011-02-13 08:23 185 ----a-w- c:\documents and settings\NetworkService\Application Data\72.bat 2011-02-13 08:23 . 2011-02-13 08:23 10480 ----a-w- c:\documents and settings\NetworkService\Application Data\CY3VI7.js 2011-02-13 08:10 . 2011-02-13 08:10 169 ----a-w- c:\documents and settings\EVAN\Application Data\3967.bat 2011-02-13 08:10 . 2011-02-13 08:10 10482 ----a-w- c:\documents and settings\EVAN\Application Data\NpRh9bX7w.js . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2004-09-07 1871872] "RealPlayer"="c:\program files\Real\RealPlayer\realplay.exe" [2006-05-27 1003520] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "GEST"="]" [X] "POINTER"="c:\program files\Microsoft Hardware\Mouse\point32.exe" [2002-04-11 176128] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "HPHUPD05"="c:\program files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-05-23 49152] "HPHmon05"="c:\windows\System32\hphmon05.exe" [2003-05-23 483328] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-05-07 188416] "HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2002-12-17 49152] "HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664] "CloneCDElbyCDFL"="c:\program files\Elaborate Bytes\CloneCD\ElbyCheck.exe" [2002-11-02 45056] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088] "nwiz"="nwiz.exe" [2008-05-03 1630208] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-11-18 180269] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-09 116040] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-10 289064] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2004-09-14 70776] "RTHDCPL"="RTHDCPL.EXE" [2008-12-09 18063872] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-03 86016] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360] "NvMediaCenter"="c:\windows\System32\NVMCTRAY.DLL" [2008-05-03 86016] . c:\documents and settings\JULIE & RICK\Start Menu\Programs\Startup\ Last.fm Helper.lnk - c:\program files\Last.fm\LastFMHelper.exe [2007-6-29 106496] . c:\documents and settings\EVAN\Start Menu\Programs\Startup\ DVD Region-Free.lnk - c:\program files\DVD Region-Free\DVDRegionFree.exe [2003-5-15 307200] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2004-1-2 82026] Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-1-2 113664] Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2004-8-11 757760] Kodak software updater.lnk - c:\program files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-2-13 16423] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2004-1-1 106560] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{93994DE8-8239-4655-B1D1-5F4E91300429}"= "c:\program files\DVD Region-Free\DVDShell.dll" [2003-01-29 40960] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableNotifications"= 1 (0x1) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\system32\\ccapp.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\FrostWire\\FrostWire.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "52113:TCP"= 52113:TCP:Azureus "52113:UDP"= 52113:UDP:Azureus . R0 ElbyVCD;ElbyVCD;c:\windows\system32\drivers\ElbyVCD.sys [28/11/2002 8:43 PM 22016] R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [19/01/2010 7:33 PM 239168] R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [1/05/2011 1:29 AM 338880] R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [1/05/2011 1:29 AM 656320] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [18/02/2010 4:25 AM 12872] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [11/05/2010 4:41 AM 67656] S3 ETDrv;ETDrv;c:\windows\system32\drivers\ETDrv.sys [2/01/2004 7:22 PM 170128] S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [19/01/2010 7:33 PM 366840] S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [13/03/2006 3:03 PM 642560] . Contents of the 'Scheduled Tasks' folder . 2011-03-22 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 07:57] . 2011-05-01 c:\windows\Tasks\HP DArC Task 2004-05-12 09:44ewlett-Packard76002004-05-12 04:18Y3421200Y84.job - c:\program files\HP\hpcoretech\comp\hpdarc.exe [2004-05-12 04:18] . 2011-05-02 c:\windows\Tasks\HP Usg Daily.job - c:\program files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\pexpress\hphped05.exe [2004-10-31 03:03] . 2011-05-02 c:\windows\Tasks\Symantec NetDetect.job - c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2003-12-31 06:26] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com.au/ uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = <local> LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll Trusted Zone: windowsmedia.com DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\EVAN\Application Data\Mozilla\Firefox\Profiles\hal6la1e.default\ FF - prefs.js: browser.search.selectedEngine - Wikipedia (en) FF - prefs.js: browser.startup.homepage - hxxp://en-GB.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-GB:official FF - prefs.js: network.proxy.type - 0 FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} FF - Ext: StumbleUpon: {AE93811A-5C9A-4d34-8462-F7B864FC4696} - %profile%\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) HKLM-Run-VideoraiPodConverter - c:\program files\VideoraiPodConverter\VideoraiPodConverter.exe HKLM-Run-NWEReboot - (no file) AddRemove-Audacity 1.3 Beta (Unicode)_is1 - c:\program files\Audacity 1.3 Beta (Unicode)\unins000.exe AddRemove-AviSynth - c:\program files\AviSynth 2.5\Uninstall.exe AddRemove-Live 6.0.1 - c:\progra~1\Ableton\LIVE60~1.1\Install\UNWISE.EXE AddRemove-MP3-Xtreme - c:\program files\MP3-Xtreme\uninstall.exe AddRemove-PartyPoker - c:\program files\PartyGaming\PartyPoker\Uninstall.exe AddRemove-Pianoteq22 - c:\program files\Pianoteq 2.2\uninstall.exe AddRemove-RegistryFix_is1 - c:\program files\RegistryFix\unins000.exe AddRemove-Sonik Synth 2 Free - c:\progra~1\SONIKS~1\UNWISE.EXE AddRemove-Videora iPod Converter - c:\program files\VideoraiPodConverter\uninst.exe AddRemove-VLC media player - c:\program files\VideoLAN\VLC\uninstall.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-05-02 23:20 Windows 5.1.2600 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\5700c990] "imagepath"="\??\c:\windows\TEMP\222.tmp" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl] @DACL=(02 0000) . [HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ACTIVEX_REPURPOSEDETECTION] @DACL=(02 0000) "sllauncher.exe"=dword:00000001 "PresentationHost.exe"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ADDON_MANAGEMENT] @DACL=(02 0000) "WMPlayer.exe"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_IMG] @DACL=(02 0000) "sllauncher.exe"=dword:00000001 "PresentationHost.exe"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_OBJECT] @DACL=(02 0000) "sllauncher.exe"=dword:00000001 "PresentationHost.exe"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_SCRIPT] @DACL=(02 0000) "sllauncher.exe"=dword:00000001 "PresentationHost.exe"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION] @DACL=(02 0000) "sllauncher.exe"=dword:00001f40 . [HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_Cross_Domain_Redirect_Mitigation] @DACL=(02 0000) "sllauncher.exe"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_LEGACY_COMPRESSION] @DACL=(02 0000) "PresentationHost.exe"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_SQM_UPLOAD_FOR_APP] @DACL=(02 0000) "ieuser.exe"=dword:00000001 "iexplore.exe"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_TELNET_PROTOCOL] @DACL=(02 0000) "PresentationHost.exe"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK] @DACL=(02 0000) "YahooMusicEngine.exe"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMPT] @DACL=(02 0000) "devenv.exe"=dword:00000001 "dexplore.exe"=dword:00000001 "helppane.exe"=dword:00000001 "sllauncher.exe"=dword:00000000 "PresentationHost.exe"=dword:00000000 . [HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FEEDS] @DACL=(02 0000) "msfeedssync.exe"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FORCE_ADDR_AND_STATUS] @DACL=(02 0000) "PresentationHost.exe"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE] @DACL=(02 0000) "WMPlayer.exe"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IGNORE_XML_PROLOG] @DACL=(02 0000) "msiexec.exe"=dword:00000000 . [HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IMAGING_USE_ART] @DACL=(02 0000) @="" "waol.exe"=dword:00000001 "cs.exe"=dword:00000001 "wm.exe"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_INTERNET_SHELL_FOLDERS] @DACL=(02 0000) "iexplore.exe"=dword:00000000 . [HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LEGACY_DISPPARAMS] @DACL=(02 0000) "helppane.exe"=dword:00000000 . [HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LEGACY_DLCONTROL_BEHAVIORS] @DACL=(02 0000) "wlmail.exe"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPER1_0SERVER] @DACL=(02 0000) "explorer.exe"=dword:00000004 "sllauncher.exe"=dword:00000006 . [HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVER] @DACL=(02 0000) "explorer.exe"=dword:00000002 "sllauncher.exe"=dword:00000006 . [HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MSHTML_AUTOLOAD_IEFRAME] @DACL=(02 0000) "mshta.exe"=dword:00000001 "outlook.exe"=dword:00000001 "sidebar.exe"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTECT_DECOMPRESSION_FILTER_FROM_ABORT_KB942367] @DACL=(02 0000) @="" "*"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RELEASE_CALLBACK_ON_STOP_BINDING] @DACL=(02 0000) "communicator.exe"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ABOUT_PROTOCOL_IE7] @DACL=(02 0000) "sllauncher.exe"=dword:00000001 "PresentationHost.exe"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL] @DACL=(02 0000) "WMPlayer.exe"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD] @DACL=(02 0000) "WMPlayer.exe"=dword:00000001 "msimn.exe"=dword:00000001 "winmail.exe"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_OBJECT_DATA_ATTRIBUTE] @DACL=(02 0000) "sllauncher.exe"=dword:00000001 "PresentationHost.exe"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_RES_TO_LMZ] @DACL=(02 0000) "sllauncher.exe"=dword:00000001 "PresentationHost.exe"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SCRIPTURL_MITIGATION] @DACL=(02 0000) "sllauncher.exe"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND] @DACL=(02 0000) "WMPlayer.exe"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SHOW_APP_PROTOCOL_WARN_DIALOG] @DACL=(02 0000) "sllauncher.exe"=dword:00000001 "PresentationHost.exe"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SSLUX] @DACL=(02 0000) "PresentationHost.exe"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SUBDOWNLOAD_LOCKDOWN] @DACL=(02 0000) "msimn.exe"=dword:00000001 "outlook.exe"=dword:00000001 "winmail.exe"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_UNC_SAVEDFILECHECK] @DACL=(02 0000) "WMPlayer.exe"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_USE_WINDOWEDSELECTCONTROL] @DACL=(02 0000) "excel.exe"=dword:00000001 "infopath.exe"=dword:00000001 "powerpnt.exe"=dword:00000001 "winword.exe"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VALIDATE_NAVIGATE_URL] @DACL=(02 0000) "WMPlayer.exe"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VIEWLINKEDWEBOC_IS_UNSAFE] @DACL=(02 0000) "sllauncher.exe"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_MOVESIZECHILD] @DACL=(02 0000) "msn.exe"=dword:00000001 "msn6.exe"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_XSSFILTER] @DACL=(02 0000) "iexplore.exe"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\UrlTemplate] @DACL=(02 0000) "1"="www.%s.com" "2"="www.%s.org" "3"="www.%s.net" "4"="www.%s.edu" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(836) c:\program files\SUPERAntiSpyware\SASWINLO.DLL c:\windows\system32\WININET.dll . - - - - - - - > 'lsass.exe'(892) c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll . Completion time: 2011-05-02 23:21:40 ComboFix-quarantined-files.txt 2011-05-02 13:21 . Pre-Run: 45,380,136,960 bytes free Post-Run: 49,910,239,232 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn /usepmtimer . - - End Of File - - E7F9D020ED37D9625A3CD6B41E10AFD3 Checking out those problems I told you before, none of them seem to be present now as far as I can tell. The audio never started right away, but it hasn't happened since combofix finished.
  7. oneafter909
    Hi LDTate, thanks for your help. I did what you asked me to do with regards to Java and the ATF cleaner and all that. Also, because I was getting horribly fed up with my computer I did a scan earlier tonight on Malwarebytes and removed what it came up with (so I'm not exactly sure I did what you would have wanted there, but I didn't know at the time). Anyway, since I'm not getting any results scanning now, here's the log from earlier: Objects scanned: 228185 Time elapsed: 49 minute(s), 18 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 3 Folders Infected: 0 Files Infected: 2 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\EVAN\Local Settings\Application Data\jcj.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\EVAN\Local Settings\Application Data\jcj.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\EVAN\Local Settings\Application Data\jcj.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: c:\documents and settings\EVAN\local settings\application data\jcj.exe (Trojan.FakeMS) -> Quarantined and deleted successfully. c:\documents and settings\EVAN\local settings\application data\oye.exe (Trojan.FakeMS) -> Quarantined and deleted successfully. I'm still getting some issues though. I'm getting audio for advertisements popping up randomly in the background, when I google search I'm no longer getting redirected but I get a pop up window which has "Proc: click" at the top and then a long string of strange text, when I try and play video files I get a series of error boxes pop up which list my system info and then a long string of seemingly random letters. Oh, and I'm also getting this as a notepad file pop up at startup, but I don't know if that's an issue or related or anything, I just know it's only happened recently: [.ShellClassInfo] LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21787
  8. oneafter909
    Hi, I've been trying in vain to remove malware from my computer for about a month, but I can't seem to crack some of it. It started as something similar to Windows Repair, or one of those horrible programs, and while that's gone, I'm still getting browser redirects, some script errors for internet explorer (even though I only use firefox) and audio playing in the background sometimes. Here's my HijackThis log: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 1:10:08 PM, on 1/05/2011 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\drivers\KodakCCS.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\hphmon05.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Spyware Doctor\BDT\FGuard.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe C:\WINDOWS\system32\WgaTray.exe C:\Program Files\DVD Region-Free\DVDRegionFree.exe C:\Program Files\DVD Region-Free\DVDRegionFree.exe C:\WINDOWS\System32\WScript.exe C:\WINDOWS\system32\mshta.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\HPZipm12.exe C:\Program Files\Common Files\Java\Java Update\jucheck.exe C:\WINDOWS\system32\mshta.exe C:\WINDOWS\System32\mshta.exe C:\Program Files\Microsoft Office\Office10\WINWORD.EXE C:\WINDOWS\system32\mshta.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\WINDOWS\system32\mshta.exe C:\WINDOWS\system32\mshta.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R3 - URLSearchHook: PC Tools Browser Guard - {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file) O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll O4 - HKLM\..\Run: [POINTER] C:\Program Files\Microsoft Hardware\Mouse\point32.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [VideoraiPodConverter] C:\Program Files\VideoraiPodConverter\VideoraiPodConverter.exe -t O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [GEST] ] O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot O4 - HKLM\..\Run: [PCTools FGuard] C:\Program Files\Spyware Doctor\BDT\FGuard.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user') O4 - Startup: DVD Region-Free.lnk = C:\Program Files\DVD Region-Free\DVDRegionFree.exe O4 - Startup: Startup.js O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.miniclip.com/games/ricochet-lost-worlds/en/ReflexiveWebGameLoader.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://simcity.ea.com/update/EARTPX.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1114124550343 O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) - http://simcity.ea.com/update/MaxisSimCity4PatcherX.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe O23 - Service: ccProxy - Unknown owner - (no file) O23 - Service: ccPwdSvc - Unknown owner - (no file) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: SymWSC - Symantec Corporation - (no file) Any help is really appreciated, the work everyone does here is really great. Thanks! Evan
  9. oneafter909
    Thanks a heap for that! I'll make sure I get this in the right forum now.
  10. oneafter909
    Hi, My laptop is horrendously infected. Sometimes I can hear advertising playing in the background, there are several fake security programs including Windows Repair installed and I'm now being prevented from running .exe files, so I can't open the internet or run anything. Previously, I was unable to run Malwarebytes even when I downloaded it with a different name so I used Super Anti Spyware when I was able to run things (which was just after the malware started today). It seems to have gotten worse, and I'm unsure what I can do to show you any issues because I don't seem to be able to run things. Anyway, I'm sorry if I haven't provided enough info, but I hope there's enough of a description to start. Thanks, Evan
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.