%$&@ recomended for you pop up !

[carolinanewbe]

MrC

Finally got updates to load . First time I ever had to disable microsoft securites essentuals to update :-)

[MrCharlie]

Please download Listparts

Run the tool, click Scan and post the log (Result.txt) it makes

MrC

[carolinanewbe]

MrC

I assume list BCD option stays off ?

[MrCharlie]

yes....MrC

[carolinanewbe]

MrC

Results of scan

ListParts by Farbar Version: 12-03-2012 03

Ran by bobby (administrator) on 23-05-2012 at 17:03:10

Windows XP (X86)

Running From: C:\Documents and Settings\bobby\Desktop

Language: 0409

************************************************************

========================= Memory info ======================

Percentage of memory in use: 23%

Total physical RAM: 2047.48 MB

Available physical RAM: 1557.24 MB

Total Pagefile: 3430.24 MB

Available Pagefile: 3090.61 MB

Total Virtual: 2047.88 MB

Available Virtual: 2009.67 MB

======================= Partitions =========================

2 Drive c: () (Fixed) (Total:92.25 GB) (Free:7.07 GB) NTFS ==>[Drive with boot components (Windows XP)]

3 Drive d: (xp game 2) (Fixed) (Total:97.66 GB) (Free:3.95 GB) NTFS

Disk ### Status Size Free Dyn Gpt

-------- ---------- ------- ------- --- ---

Disk 0 Online 190 GB 0 B

Partitions of Disk 0:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 92 GB 32 KB

Partition 2 Primary 98 GB 92 GB

======================================================================================================

Disk: 0

Partition 1

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 1 C NTFS Partition 92 GB Healthy System (partition with boot components)

======================================================================================================

Disk: 0

Partition 2

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 D xp game 2 NTFS Partition 98 GB Healthy

======================================================================================================

****** End Of Log ******

[MrCharlie]

That looks OK, let me think about this...be back asap....MrC

[carolinanewbe]

MrC

Question if I deleted all 4 of these programs

Malwarebytes, and Viperrescue, and TDSSkiller. And Superantispyware free edition

would I release all of the malware and virous that was in quarteen ?

was wondering if I deleated the 4 programs and tried to run any of the programs i have had trouble running would this help ?

Thanks

[MrCharlie]

We can give it a try, you won't "release all of the malware", there should be a option in the program to delete the files that are in quarantine.

I would leave Malwarebytes and TDSSKiller, uninstall Viperrescue and Superantispyware free edition.

Let me know, MrC

[carolinanewbe]

MrC

Uninstalled viper & super still same problem locking up / stopping

I even tried while offline and no firewall as well in safe mode

Nada !!

[MrCharlie]

Run another Random's System Information Tool scan. MrC

[carolinanewbe]

MrC

RSIT scan results

Logfile of random's system information tool 1.09 (written by random/random)

Run by bobby at 2012-05-25 14:57:16

Microsoft Windows XP Professional Service Pack 3

System drive C: has 7 GB (8%) free of 94 GB

Total RAM: 2047 MB (46% free)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 2:57:27 PM, on 5/25/2012

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\NLSSRV32.EXE

C:\WINDOWS\system32\svchost.exe

C:\Program Files\UPHClean\uphclean.exe

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\bobby\Local Settings\Application Data\Akamai\netsession_win.exe

C:\Documents and Settings\bobby\Local Settings\Application Data\Akamai\netsession_win.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Documents and Settings\bobby\Desktop\RSIT.exe

C:\Program Files\trend micro\HiJackThis\bobby.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"

O4 - HKCU\..\Run: [search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Documents and Settings\bobby\Local Settings\Application Data\Akamai\netsession_win.exe"

O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: (no name) - {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra 'Tools' menuitem: Yahoo! Search Protection - {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: SW Distributed TS Coordinator Service (CoordinatorServiceHost) - Unknown owner - C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe (file missing)

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: NLS Service (nlsX86cc) - Nalpeiron Ltd. - C:\WINDOWS\system32\NLSSRV32.EXE

O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe

O23 - Service: User Profile Hive Cleanup (UPHClean) - Windows ® Codename Longhorn DDK provider - C:\Program Files\UPHClean\uphclean.exe

O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--

End of file - 7075 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job

C:\WINDOWS\tasks\Uxgveksgfo.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\bobby\Application Data\Mozilla\Firefox\Profiles\0rfsbnp3.default

prefs.js - "browser.search.useDBForOrder" - true

prefs.js - "browser.startup.homepage" - "http://www.google.com/"

prefs.js - "extensions.enabledItems" - "jqs@sun.com:1.0, {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21, {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22, avg@igeared:6.103.018.001, searchtoolbar@zugo.com:1.2, {20a82645-c095-46ed-80e3-08825760534b}:0.0.0, {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655, {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.16"

prefs.js - "keyword.URL" - "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=937811&p="

"avg@igeared"=C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared

"{20a82645-c095-46ed-80e3-08825760534b}"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff

"fmconverter@gmail.com"=C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\

"fmdownloader@gmail.com"=C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\

"{8FF5ADEC-B7B1-4948-B8F4-11CBE0DBDF79}"=C:\Documents and Settings\bobby\Local Settings\Application Data\{8FF5ADEC-B7B1-4948-B8F4-11CBE0DBDF79}

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]

"Description"=Adobe® Flash® Player 11.2.202.235 Plugin

"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0]

"Description"=DivX VOD Helper Plug-in

"Path"=C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]

"Description"=Google Earth in your browser

"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]

"Description"=Oracle® Next Generation Java™ Plug-In

"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6]

"Description"=Yahoo Messenger State Plugin

"Path"=C:\Program Files\Yahoo!\Shared\npYState.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]

"Description"=Windows Presentation Foundation plug-in for Mozilla browsers

"Path"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@mozilla.zeniko.ch/PDFlite_Browser_Plugin]

"Description"=PDFlite Browser Plugin

"Path"=C:\Program Files\PDFlite\npPdfViewer.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]

"Description"=Google Update

"Path"=C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]

"Description"=Google Update

"Path"=C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]

"Description"=Handles PDFs in-place in Firefox

"Path"=C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\

{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\

binary.manifest

browsercomps.dll

nsILegitCheckPlugin.xpt

nsIQTScriptablePlugin.xpt

C:\Program Files\Mozilla Firefox\plugins\

np32dsw.dll

npdeployJava1.dll

npEModelPlugin.dll

npLegitCheckPlugin.dll

npMozCouponPrinter.dll

nppdf32.dll

npqtplugin.dll

npqtplugin2.dll

npqtplugin3.dll

npqtplugin4.dll

npqtplugin5.dll

npqtplugin6.dll

npqtplugin7.dll

nsEModelPlugin.xpt

QuickTimePlugin.class

ShockwavePlugin.class

WMP Firefox Plugin License.rtf

WMP Firefox Plugin RelNotes.txt

C:\Program Files\Mozilla Firefox\searchplugins\

amazondotcom.xml

avg_igeared.xml

bing.xml

eBay.xml

fcmdSrch.xml

google.xml

twitter.xml

wikipedia.xml

yahoo.xml

C:\Documents and Settings\bobby\Application Data\Mozilla\Firefox\Profiles\0rfsbnp3.default\extensions\

searchtoolbar@zugo.com

{635abd67-4fe9-1b23-4f01-e679fa7484c1}

C:\Documents and Settings\bobby\Application Data\Mozilla\Firefox\Profiles\0rfsbnp3.default\searchplugins\

bing-zugo.xml

googlecom-in-english.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-03-26 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2012-03-15 192112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]

Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll [2012-01-12 1003576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2012-03-15 192112]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"YSearchProtection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2009-02-23 111856]

"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe []

"NeroCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-02-10 61440]

"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2010-11-29 421888]

"DivXUpdate"=C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2011-03-21 1230704]

""= []

"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2012-03-27 37296]

"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-02 843712]

"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2012-03-26 931200]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"ATI Launchpad"=C:\Program Files\ATI Multimedia\main\launchpd.exe []

"Search Protection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2009-02-23 111856]

"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-12-27 39408]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

"Akamai NetSession Interface"=C:\Documents and Settings\bobby\Local Settings\Application Data\Akamai\netsession_win.exe [2012-05-08 3331872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X1100 Series]

C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe [2003-08-19 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2012-03-07 3905920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^bobby^Start Menu^Programs^Startup^ERUNT AutoBackup.lnk]

C:\PROGRA~1\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup

Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]

C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2011-05-04 551296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]

C:\WINDOWS\system32\Ati2evxx.dll [2010-02-11 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2011-07-18 113024]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\79279868.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\79279868.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=323

"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"HonorAutoRunSetting"=1

"NoDriveTypeAutoRun"=323

"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\AVG\AVG9\avgam.exe"="C:\Program Files\AVG\AVG9\avgam.exe:*:Enabled:avgam.exe"

"C:\Program Files\AVG\AVG9\avgdiagex.exe"="C:\Program Files\AVG\AVG9\avgdiagex.exe:*:Enabled:avgdiagex.exe"

"C:\Program Files\AVG\AVG9\avgemc.exe"="C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe"

"C:\Program Files\AVG\AVG9\avgupd.exe"="C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe"

"C:\Program Files\AVG\AVG9\avgnsx.exe"="C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe"

"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\ATCS Monitor\atcsmon.exe"="C:\Program Files\ATCS Monitor\atcsmon.exe:*:Enabled:ATCS Monitor for Windows"

"C:\Program Files\EA GAMES\Battlefield 2 Demo\BF2.exe"="C:\Program Files\EA GAMES\Battlefield 2 Demo\BF2.exe:*:Enabled:Battlefield 2"

"C:\Program Files\BitTorrent\BitTorrent.exe"="C:\Program Files\BitTorrent\BitTorrent.exe:*:Enabled:BitTorrent"

"C:\WINDOWS\system32\LEXPPS.EXE"="C:\WINDOWS\system32\LEXPPS.EXE:*:Disabled:LEXPPS.EXE"

"C:\Documents and Settings\bobby\Desktop\Battlefield 2\BF2.exe"="C:\Documents and Settings\bobby\Desktop\Battlefield 2\BF2.exe:*:Disabled:BF2"

"C:\Documents and Settings\bobby\My Documents\games old\Battlefield 2\BF2.exe"="C:\Documents and Settings\bobby\My Documents\games old\Battlefield 2\BF2.exe:*:Disabled:BF2"

"C:\Documents and Settings\bobby\My Documents\games old\Battlefield 2\Bf2_w32ded.exe"="C:\Documents and Settings\bobby\My Documents\games old\Battlefield 2\Bf2_w32ded.exe:*:Disabled:Bf2_w32ded"

"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"

"C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Disabled:Java Platform SE binary"

"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Disabled:Java Platform SE binary"

"C:\Documents and Settings\bobby\Local Settings\Application Data\Akamai\netsession_win.exe"="C:\Documents and Settings\bobby\Local Settings\Application Data\Akamai\netsession_win.exe:*:Enabled:Akamai NetSession Interface"

"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe"="C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]

"midimapper"=midimap.dll

"msacm.imaadpcm"=imaadp32.acm

"msacm.msadpcm"=msadp32.acm

"msacm.msg711"=msg711.acm

"msacm.msgsm610"=msgsm32.acm

"msacm.trspch"=tssoft32.acm

"vidc.cvid"=iccvid.dll

"VIDC.I420"=msh263.drv

"vidc.iv31"=ir32_32.dll

"vidc.iv32"=ir32_32.dll

"vidc.iv41"=ir41_32.ax

"VIDC.IYUV"=iyuv_32.dll

"vidc.mrle"=msrle32.dll

"vidc.msvc"=msvidc32.dll

"VIDC.UYVY"=msyuv.dll

"VIDC.YUY2"=msyuv.dll

"VIDC.YVU9"=tsbyuv.dll

"VIDC.YVYU"=msyuv.dll

"wavemapper"=msacm32.drv

"midi"=wdmaud.drv

"msacm.msg723"=msg723.acm

"vidc.M263"=msh263.drv

"vidc.M261"=msh261.drv

"msacm.msaudio1"=msaud32.acm

"msacm.sl_anet"=sl_anet.acm

"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax

"vidc.iv50"=ir50_32.dll

"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm

"VIDC.wmv3"=wmv9vcm.dll

"vidc.MPG4"=mpg4c32.dll

"vidc.MP42"=mpg4c32.dll

"vidc.MP43"=mpg4c32.dll

"vidc.dvsd"=dvc.dll

"msacm.avis"=ff_acm.acm

"VIDC.JPEG"=jpegCode.dll

"VIDC.MJPG"=jpegCode.dll

"MSVideo8"=VfWWDM32.dll

"wave"=wdmaud.drv

"midi1"=wdmaud.drv

"mixer"=wdmaud.drv

"vidc.DIVX"=DivX.dll

"vidc.yv12"=DivX.dll

======List of files/folders created in the last 3 months======

2012-05-24 19:14:15 ----D---- C:\Documents and Settings\bobby\Application Data\SUPERAntiSpyware.com

2012-05-24 19:12:59 ----D---- C:\Program Files\SUPERAntiSpyware

2012-05-24 19:12:59 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

2012-05-24 18:29:40 ----SD---- C:\ComboFix

2012-05-22 02:26:44 ----D---- C:\WINDOWS\system32\BWKDLogs

2012-05-22 02:17:15 ----D---- C:\Documents and Settings\All Users\Application Data\Kodak

2012-05-22 02:17:03 ----D---- C:\Program Files\Kodak

2012-05-21 22:58:30 ----D---- C:\Program Files\ESET

2012-05-20 19:41:47 ----ASH---- C:\hiberfil.sys

2012-05-20 14:20:54 ----A---- C:\TDSSKiller.2.7.35.0_20.05.2012_14.20.54_log.txt

2012-05-20 08:34:12 ----A---- C:\TDSSKiller.2.7.35.0_20.05.2012_08.34.12_log.txt

2012-05-20 08:33:54 ----A---- C:\TDSSKiller.2.7.35.0_20.05.2012_08.33.54_log.txt

2012-05-19 22:59:44 ----RASHD---- C:\cmdcons

2012-05-19 22:57:50 ----A---- C:\WINDOWS\zip.exe

2012-05-19 22:57:50 ----A---- C:\WINDOWS\SWXCACLS.exe

2012-05-19 22:57:50 ----A---- C:\WINDOWS\SWSC.exe

2012-05-19 22:57:50 ----A---- C:\WINDOWS\SWREG.exe

2012-05-19 22:57:50 ----A---- C:\WINDOWS\sed.exe

2012-05-19 22:57:50 ----A---- C:\WINDOWS\PEV.exe

2012-05-19 22:57:50 ----A---- C:\WINDOWS\NIRCMD.exe

2012-05-19 22:57:50 ----A---- C:\WINDOWS\MBR.exe

2012-05-19 22:57:50 ----A---- C:\WINDOWS\grep.exe

2012-05-19 22:18:41 ----A---- C:\Boot.bak

2012-05-19 22:18:24 ----A---- C:\WINDOWS\UPGRADE.TXT

2012-05-19 22:18:22 ----D---- C:\WINDOWS\setup.pss

2012-05-19 22:18:07 ----D---- C:\WINDOWS\setupupd

2012-05-19 22:03:03 ----D---- C:\Qoobox

2012-05-19 17:55:05 ----A---- C:\TDSSKiller.2.7.35.0_19.05.2012_17.55.05_log.txt

2012-05-19 17:21:46 ----D---- C:\WINDOWS\ERDNT

2012-05-19 17:19:50 ----D---- C:\Program Files\ERUNT

2012-05-19 03:35:34 ----D---- C:\rsit

2012-05-19 03:35:34 ----D---- C:\Program Files\trend micro

2012-05-10 23:33:57 ----HDC---- C:\WINDOWS\$NtUninstallKB2659262$

2012-05-10 23:19:11 ----HDC---- C:\WINDOWS\$NtUninstallKB2686509$

2012-05-10 23:18:52 ----HDC---- C:\WINDOWS\$NtUninstallKB2695962$

2012-05-10 23:11:44 ----HDC---- C:\WINDOWS\$NtUninstallKB2676562$

2012-05-08 15:54:21 ----D---- C:\Documents and Settings\All Users\Application Data\Mozilla

2012-05-08 15:54:20 ----D---- C:\Program Files\Mozilla Maintenance Service

2012-04-11 06:57:33 ----HDC---- C:\WINDOWS\$NtUninstallKB2675157$

2012-04-11 06:48:13 ----HDC---- C:\WINDOWS\$NtUninstallKB2653956$

2012-04-10 06:27:05 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe

2012-04-05 18:53:01 ----A---- C:\systemscandata.txt

2012-04-05 18:26:34 ----D---- C:\Documents and Settings\bobby\Application Data\dvdcss

2012-04-05 18:04:49 ----D---- C:\Documents and Settings\bobby\Application Data\BabylonToolbar

2012-03-31 20:59:47 ----A---- C:\user.js

2012-03-31 20:59:34 ----A---- C:\WINDOWS\system32\unredmon.exe

2012-03-31 20:59:34 ----A---- C:\WINDOWS\system32\redmonnt.dll

2012-03-31 20:59:28 ----D---- C:\Documents and Settings\All Users\Application Data\Babylon

2012-03-31 20:59:27 ----D---- C:\Documents and Settings\bobby\Application Data\Babylon

2012-03-31 19:31:22 ----D---- C:\Documents and Settings\bobby\Application Data\Remote

2012-03-14 10:32:09 ----HDC---- C:\WINDOWS\$NtUninstallKB2641653$

2012-03-14 10:28:24 ----HDC---- C:\WINDOWS\$NtUninstallKB2621440$

2012-03-14 10:28:09 ----HDC---- C:\WINDOWS\$NtUninstallKB2647518$

2012-03-13 00:52:22 ----HD---- C:\WINDOWS\PIF

2012-02-28 22:47:27 ----N---- C:\WINDOWS\system32\6.tmp

2012-02-28 22:46:27 ----N---- C:\WINDOWS\system32\5.tmp

2012-02-28 22:46:16 ----N---- C:\WINDOWS\system32\4.tmp

2012-02-28 22:18:39 ----D---- C:\spoolerlogs

======List of files/folders modified in the last 3 months======

2012-05-25 13:48:15 ----SD---- C:\WINDOWS\Tasks

2012-05-25 13:39:13 ----D---- C:\WINDOWS\Temp

2012-05-25 13:39:07 ----D---- C:\WINDOWS\system32\CatRoot2

2012-05-25 13:38:26 ----D---- C:\WINDOWS\system32\drivers

2012-05-25 12:04:55 ----A---- C:\WINDOWS\SchedLgU.Txt

2012-05-25 08:51:41 ----D---- C:\WINDOWS\Prefetch

2012-05-24 19:27:31 ----RASH---- C:\boot.ini

2012-05-24 19:27:31 ----A---- C:\WINDOWS\win.ini

2012-05-24 19:27:31 ----A---- C:\WINDOWS\system.ini

2012-05-24 19:25:45 ----D---- C:\WINDOWS\pss

2012-05-24 19:12:59 ----RD---- C:\Program Files

2012-05-24 18:30:46 ----D---- C:\WINDOWS\system32

2012-05-24 18:30:46 ----AD---- C:\WINDOWS

2012-05-23 07:15:51 ----D---- C:\WINDOWS\Microsoft.NET

2012-05-23 06:58:36 ----D---- C:\Documents and Settings\bobby\Application Data\gtk-2.0

2012-05-23 06:57:23 ----D---- C:\Program Files\Lexmark X1100 Series

2012-05-22 23:49:28 ----D---- C:\Program Files\Free CraigsList Reader Pro from CraigsPal

2012-05-22 20:39:33 ----SHD---- C:\WINDOWS\Installer

2012-05-22 20:38:25 ----D---- C:\Config.Msi

2012-05-22 20:33:50 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2012-05-22 20:33:42 ----RSD---- C:\WINDOWS\assembly

2012-05-22 20:33:33 ----D---- C:\WINDOWS\WinSxS

2012-05-22 10:00:44 ----DC---- C:\WINDOWS\system32\DRVSTORE

2012-05-22 10:00:44 ----D---- C:\WINDOWS\Help

2012-05-22 10:00:43 ----D---- C:\WINDOWS\inf

2012-05-22 10:00:16 ----D---- C:\Program Files\Common Files

2012-05-22 05:11:51 ----D---- C:\Program Files\ATCS Monitor

2012-05-22 02:25:54 ----RSHDC---- C:\WINDOWS\system32\dllcache

2012-05-21 22:30:08 ----D---- C:\WINDOWS\system32\config

2012-05-20 18:21:32 ----D---- C:\VIPRERESCUE

2012-05-20 14:40:19 ----A---- C:\WINDOWS\ntbtlog.txt

2012-05-20 13:08:25 ----D---- C:\Program Files\Common Files\Services

2012-05-19 05:08:26 ----D---- C:\WINDOWS\system32\drivers\etc

2012-05-15 12:52:42 ----D---- C:\Program Files\Mozilla Firefox

2012-05-13 22:21:06 ----D---- C:\Documents and Settings\bobby\Application Data\PhotoScape

2012-05-13 03:37:06 ----A---- C:\WINDOWS\ROCKSIM.INI

2012-05-13 02:12:46 ----D---- C:\Program Files\Windows Media Connect 2

2012-05-13 01:56:38 ----D---- C:\Program Files\Zero G Registry

2012-05-10 23:33:14 ----D---- C:\WINDOWS\system32\XPSViewer

2012-05-10 23:27:43 ----A---- C:\WINDOWS\system32\MRT.exe

2012-05-10 23:19:14 ----A---- C:\WINDOWS\imsins.BAK

2012-05-10 23:19:10 ----D---- C:\WINDOWS\$hf_mig$

2012-05-03 01:03:04 ----D---- C:\Program Files\vReveal

2012-05-03 01:03:02 ----D---- C:\Program Files\Search Toolbar

2012-05-03 01:03:02 ----D---- C:\Program Files\QuickTime(3)

2012-05-03 01:03:02 ----D---- C:\Program Files\QuickTime(2)(2)

2012-05-03 01:03:02 ----D---- C:\Program Files\QuickTime

2012-05-03 01:03:00 ----D---- C:\Program Files\eVGADrv

2012-05-03 01:02:59 ----D---- C:\Program Files\Messenger

2012-05-02 23:12:24 ----D---- C:\Documents and Settings\All Users\Application Data\Freemake

2012-04-30 21:27:25 ----D---- C:\Program Files\Microsoft Security Client

2012-04-27 23:09:37 ----D---- C:\Documents and Settings\bobby\Application Data\playitall

2012-04-27 14:19:55 ----D---- C:\Documents and Settings\bobby\Application Data\vlc

2012-04-15 20:41:05 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2012-04-11 09:10:58 ----A---- C:\WINDOWS\system32\ntoskrnl.exe

2012-04-11 08:35:52 ----A---- C:\WINDOWS\system32\ntkrnlpa.exe

2012-04-10 12:54:37 ----D---- C:\Program Files\Common Files\Akamai

2012-03-25 13:20:20 ----RD---- C:\My Pictures

2012-03-25 03:30:05 ----D---- C:\WINDOWS\Minidump

2012-03-11 19:32:47 ----D---- C:\Program Files\AutoCAD 2000i

2012-03-05 12:44:50 ----RD---- C:\WINDOWS\Web

2012-03-05 12:44:48 ----D---- C:\WINDOWS\ShellNew

2012-03-03 05:07:30 ----DC---- C:\WINDOWS\$NtUninstallKB952954$

2012-03-03 01:03:16 ----D---- C:\WINDOWS\system32\wbem

2012-03-03 01:03:16 ----D---- C:\WINDOWS\Registration

2012-03-02 21:43:30 ----DC---- C:\WINDOWS\$NtUninstallKB941569$

2012-02-29 10:10:16 ----A---- C:\WINDOWS\system32\wintrust.dll

2012-02-29 10:10:16 ----A---- C:\WINDOWS\system32\imagehlp.dll

2012-02-29 00:17:29 ----DC---- C:\WINDOWS\$NtUninstallKB2467659$

2012-02-28 22:33:01 ----SHD---- C:\RECYCLER

2012-02-28 22:32:01 ----DC---- C:\WINDOWS\$NtUninstallKB2360131$

2012-02-28 14:50:30 ----A---- C:\WINDOWS\system32\wininet.dll

2012-02-28 14:50:30 ----A---- C:\WINDOWS\system32\urlmon.dll

2012-02-28 14:50:30 ----A---- C:\WINDOWS\system32\url.dll

2012-02-28 14:50:30 ----A---- C:\WINDOWS\system32\shdocvw.dll

2012-02-28 14:50:30 ----A---- C:\WINDOWS\system32\mstime.dll

2012-02-28 14:50:30 ----A---- C:\WINDOWS\system32\mshtmled.dll

2012-02-28 14:50:30 ----A---- C:\WINDOWS\system32\mshtml.dll

2012-02-28 14:50:30 ----A---- C:\WINDOWS\system32\iepeers.dll

2012-02-28 14:50:29 ----A---- C:\WINDOWS\system32\ieencode.dll

2012-02-28 14:50:29 ----A---- C:\WINDOWS\system32\browseui.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 49653952;49653952 Boot Guard Driver; C:\WINDOWS\system32\DRIVERS\49653952.sys [2009-10-22 37392]

R0 85656582;85656582 Boot Guard Driver; C:\WINDOWS\system32\DRIVERS\85656582.sys [2009-10-22 37392]

R0 MpFilter;Microsoft Malware Protection Driver; C:\WINDOWS\system32\DRIVERS\MpFilter.sys [2012-03-20 171064]

R0 nv_agp;NVIDIA nForce AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\nv_agp.sys [2003-03-19 18688]

R0 nvatabus;nvatabus; C:\WINDOWS\system32\DRIVERS\nvatabus.sys [2003-09-02 54656]

R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2010-07-12 45648]

R1 49653951;49653951; C:\WINDOWS\system32\DRIVERS\49653951.sys [2009-09-25 128016]

R1 85656581;85656581; C:\WINDOWS\system32\DRIVERS\85656581.sys [2009-09-25 128016]

R1 MpKsl1f228708;MpKsl1f228708; \??\c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5355D609-34F5-4F7F-9DF2-0A2AB225732C}\MpKsl1f228708.sys []

R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []

R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS []

R1 SBRE;SBRE; C:\WINDOWS\system32\drivers\SBREDrv.sys [2010-11-09 98392]

R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]

R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2010-02-11 3565056]

R3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2003-09-29 754496]

R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]

R3 ltmodem5;LT Modem Driver; C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys [2004-08-03 606684]

R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]

R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]

R3 NVENET;NVIDIA nForce MCP Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENET.sys [2003-06-06 70656]

S3 catchme;catchme; \??\C:\DOCUME~1\bobby\LOCALS~1\Temp\catchme.sys []

S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]

S3 CoachUsb;Coach Digital Camera on USB; C:\WINDOWS\system32\DRIVERS\CoachUsb.sys [2003-07-03 41184]

S3 CoachVc;Coach Video Capture; C:\WINDOWS\system32\DRIVERS\CoachVc.sys [2003-07-03 45664]

S3 iteio;iteio; \??\C:\WINDOWS\system32\drivers\iteio.sys []

S3 itsernum;itsernum Filter ÅX°Êµ{¦¡; C:\WINDOWS\system32\DRIVERS\itsernum.sys [2001-08-21 20133]

S3 KMWDKUSB;KM-WDK USB; C:\WINDOWS\System32\Drivers\KMWDKUSB.sys [2003-02-24 41667]

S3 MEMSWEEP2;MEMSWEEP2; \??\C:\WINDOWS\system32\6.tmp []

S3 motccgp;Motorola USB Composite Device Driver; C:\WINDOWS\system32\DRIVERS\motccgp.sys [2008-08-21 18688]

S3 motccgpfl;MotCcgpFlService; C:\WINDOWS\system32\DRIVERS\motccgpfl.sys [2008-08-21 8320]

S3 motmodem;Motorola USB CDC ACM Driver; C:\WINDOWS\system32\DRIVERS\motmodem.sys [2007-06-18 23680]

S3 motport;Motorola USB Diagnostic Port; C:\WINDOWS\system32\DRIVERS\motport.sys [2007-06-18 23680]

S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]

S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]

S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]

S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]

S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]

S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]

S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]

S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]

S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 !SASCORE;SAS Core Service; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2010-02-11 602112]

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-01-30 153376]

R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2003-08-18 303104]

R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2012-03-26 11552]

R2 nlsX86cc;NLS Service; C:\WINDOWS\system32\NLSSRV32.EXE [2011-03-21 68928]

R2 UPHClean;User Profile Hive Cleanup; C:\Program Files\UPHClean\uphclean.exe [2010-09-13 399872]

R2 YahooAUService;Yahoo! Updater; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]

S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2010-02-10 593920]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-12-27 135664]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]

S3 CoordinatorServiceHost;SW Distributed TS Coordinator Service; C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe []

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]

S3 gupdatem;Google Update Service (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-12-27 135664]

S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-12-27 182768]

S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]

S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-08 129976]

S3 SolidWorks Licensing Service;SolidWorks Licensing Service; C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [2010-12-09 79360]

S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

S4 msvsmon80;Visual Studio 2005 Remote Debugger; C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2005-09-23 2799808]

S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[MrCharlie]

See if you can delete these files:

C:\WINDOWS\tasks\Uxgveksgfo.job

C:\WINDOWS\system32\6.tmp

C:\WINDOWS\system32\5.tmp

C:\WINDOWS\system32\4.tmp

and do a search for this file:

79279868.sys

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\79279868.sys]

If you can find it.....

Upload it to VirusTotal for a free scan, post back the results (just copy back the url)

http://www.virustotal.com/

MrC

[carolinanewbe]

MrC

sorry for the delay in geting back to you

I found and deleted all files except

C:\WINDOWS\tasks\Uxgveksgfo.job

could not find it

also how do you attach the link for the file

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\79279868.sys

up so virustotal can scan it ?

Thanks

[MrCharlie]

No you don't have to do that.

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1

Download Mirror #2

• Double-click SystemLook.exe to run it.
  
• Copy the content of the following codebox into the main textfield:
  

  
  :Filefind
  Uxgveksgfo.job
  

  
  

• Click the Look button to start the scan.
  
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
  

Note: The log can also be found on your Desktop entitled SystemLook.txt

MrC

[carolinanewbe]

MrC

system look scan results

SystemLook 30.07.11 by jpshortstuff

Log created at 16:20 on 27/05/2012 by bobby

Administrator - Elevation successful

========== Filefind ==========

Searching for "Uxgveksgfo.job"

C:\WINDOWS\Tasks\Uxgveksgfo.job --ahs-- 306 bytes [15:40 04/03/2011] [16:55 27/05/2012] (Unable to calculate MD5)

-= EOF =-

[MrCharlie]

It's there:

Searching for "Uxgveksgfo.job"

C:\WINDOWS\Tasks\Uxgveksgfo.job --ahs-- 306 bytes [15:40 04/03/2011] [16:55 27/05/2012] (Unable to calculate MD5)

Enable hidden file and maybe you can see it:

http://www.howtogeek...-folders-in-xp/

Let me know, MrC

[carolinanewbe]

view hidden files is turned on and show hidden system files is enabled and still nada show

[carolinanewbe]

view settings

[MrCharlie]

Download the Pocket Killbox form the link below to you desktop:

http://www.softpedia...load-27315.html

Run Pocket Killbox and copy and paste this in where it says full path of file to delete

C:\WINDOWS\Tasks\Uxgveksgfo.job

Then hit the red circle with the x in it.

That should delete it, let me know, MrC

[carolinanewbe]

MrC

file does not exsist ?

[MrCharlie]

OK, can you use MalwareBytes?

If so open it up and click on More tools

Run Tool

Copy and paste this in:

C:\WINDOWS\Tasks\Uxgveksgfo.job

Now click Open

What does it say?? MrC

[carolinanewbe]

MrC

malware free tools

[MrCharlie]

OK run System Look again and see if it still finds it. MrC

[carolinanewbe]

MrC

same as before

SystemLook 30.07.11 by jpshortstuff

Log created at 17:24 on 27/05/2012 by bobby

Administrator - Elevation successful

========== Filefind ==========

Searching for "Uxgveksgfo.job"

C:\WINDOWS\Tasks\Uxgveksgfo.job --ahs-- 306 bytes [15:40 04/03/2011] [21:10 27/05/2012] (Unable to calculate MD5)

-= EOF =-

[MrCharlie]

Download, unzip and run the attached fix.zip (fix.reg)

Download BlitzBlank and save it to your desktop:

http://download1.ems.../BlitzBlank.exe

Open Blitzblank.exe

Click OK at the warning (and take note of it, this is a VERY powerful tool!).

Click the Script tab and copy/paste the following text there:

DeleteFile:

C:\WINDOWS\Tasks\Uxgveksgfo.job

Click Execute Now. Your computer will need to reboot in order to replace the files.

When done, post me the report created by Blitzblank. you can find it at the root of the drive Normaly C:\

Let me know, MrC