Spam problem...

Chipper0483 · January 25, 2008

My ISP keeps shutting off my service because they say they are detecting spam being sent from my computer. I've checked and rechecked but cant find anything... I need help. =(

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:41:28 AM, on 1/25/2008

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\Program Files\AIM6\aim6.exe

C:\Program Files\AIM6\aolsoftware.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearflix.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,ypgeanm.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: H - {22EE9F86-AAF0-4f11-80C8-859D8F53C3A0} - feeeww1.dll (file missing)

O2 - BHO: (no name) - {3E32C320-215B-4F2C-8E02-08B757EEFB19} - C:\WINDOWS\System32\rgvyyirp.dll (file missing)

O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - C:\WINDOWS\System32\setdphxb.dll (file missing)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: (no name) - {C6EE2B55-4894-45C7-B09D-873B557D24E4} - C:\WINDOWS\System32\gebyw.dll (file missing)

O2 - BHO: (no name) - {E416BCBE-B331-4AEE-B85A-877652B13A7A} - C:\WINDOWS\System32\jkkll.dll (file missing)

O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8684BB} - C:\Program Files\Helper\superfindout.dll

O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8684CC} - C:\Program Files\Helper\superfindout.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Search - {65DA622A-3F7B-F96A-8D2D-4F8246DC60B7} - C:\WINDOWS\zpmcqfwp.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\System32\ywvwgajj.dll",realset

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet

O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - (no file)

O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - (no file)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://cdn.downloadcontrol.com/files/insta...easeInstall.cab

O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/12119/CTSUEng.cab

O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAcc...e/bridge-c5.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409

O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://www.drivecleaner.com/.freeware/inst...leanerstart.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.shockwave.com/content/ricochetl...bGameLoader.cab

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/073fd2f710ba77...ip/RdxIE601.cab

O16 - DPF: {5F3B3060-09E0-44C6-86F7-BC7B02B57BEE} - http://downloads.shopathomeselect.com/adpe...tall_ap1001.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1100836101203

O16 - DPF: {68BCE50A-DC9B-4519-A118-6FDA19DB450D} (Info Class) - http://www.wow-europe.com/en/wowbeta/Si.cab

O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://download.shockwave.com/pub/otoy/OTOYAX.cab

O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.shockwave.com/content/luxor/mjolauncher.cab

O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://www.shockwave.com/content/tumblebugs/axhost.cab

O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://www.vzwpix.com/activex/VerizonWirel...loadControl.cab

O16 - DPF: {99802379-7362-40E2-9D28-8A3B9AF880B7} - http://hotsearchbar.com/toolbar2/winhot32.cab

O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab

O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/12119/CTPID.cab

O20 - Winlogon Notify: jkkll - C:\WINDOWS\System32\jkkll.dll (file missing)

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\System32\svchosts.exe (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe (file missing)

O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

O23 - Service: WMP54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Adapter\WLService.exe (file missing)

O24 - Desktop Component 0: (no name) - C:\WINDOWS\System32\ad.html

--

End of file - 8952 bytes

Tigger93 · January 25, 2008

Hello and Welcome to MalwareBytes!

Download ComboFix from one of the locations below, and save it to your Desktop.

Link 1

Link 2

Link 3

Double click combofix.exe and follow the prompts.

When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Chipper0483 · January 26, 2008

Here are the Logs you asked for.

ComboFix 08-01-23.1C - Sam 2008-01-25 17:07:15.1 - NTFSx86

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

Rootkit driver pe386 is present. ... attempting disinfection

pe386 ...... driver unloaded successfully.

ADS - system32: deleted 54764 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Documents and Settings\LocalService\Application Data\NetMon

C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt

C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt

C:\Documents and Settings\Sam\Application Data\macromedia\Flash Player\#SharedObjects\8DPZXU8V\www.broadcaster.com

C:\Documents and Settings\Sam\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com

C:\Documents and Settings\Sam\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol

C:\Documents and Settings\Sam\Application Data\MCROSO~1

C:\Documents and Settings\Sam\Application Data\PPPATC~1

C:\Documents and Settings\Sam\Application Data\RACLE~1

C:\Documents and Settings\Sam\My Documents\CURITY~1

C:\Program Files\Common Files\{3C243~1

C:\Program Files\Common Files\{3C243~2

C:\Program Files\Common Files\{EC243~1

C:\Program Files\Common Files\{EC243~2

C:\Program Files\Common Files\dobe~1

C:\Program Files\Common Files\fnts~1

C:\Program Files\Common Files\scurit~1

C:\Program Files\cowabanga

C:\Program Files\cowabanga\License.txt

C:\Program Files\cowabanga\uninstaller.exe

C:\Program Files\eqadvice

C:\Program Files\eqadvice\Uninstall.exe

C:\Program Files\Helper

C:\Program Files\Helper\superfindout.dll

C:\Program Files\iMeshBar

C:\Program Files\iMeshBar\bar\History\search

C:\Program Files\spycrush 3.2

C:\Program Files\SpyCrush 3.2\sd.ini

C:\temp\17o7

C:\temp\17o7\tmpTF.log

C:\WINDOWS\Downloaded Program Files\UERS_9999_N91S1502NetInstaller.exe

C:\WINDOWS\Downloaded Program Files\UERS_9999_N91S2507NetInstaller.exe

C:\WINDOWS\Downloaded Program Files\UERT_0001_D19M2109NetInstaller.exe

C:\WINDOWS\Downloaded Program Files\USDR6_9999_N18M1603NetInstaller.exe

C:\WINDOWS\Downloaded Program Files\UWA7P_0001_N91M0809NetInstaller.exe

C:\WINDOWS\Downloaded Program Files\WinAntiSpyware2007FreeInstall.exe

C:\WINDOWS\keyboard191.dat

C:\WINDOWS\keyboard61.dat

C:\WINDOWS\mcroso~1.net

C:\WINDOWS\system32\0_exception.nls

C:\WINDOWS\system32\boa.dat

C:\WINDOWS\system32\cimm.dll

C:\WINDOWS\system32\commands.xml

C:\WINDOWS\system32\cookie.dat

C:\WINDOWS\system32\cr3m.dll

C:\WINDOWS\system32\dobe~1

C:\WINDOWS\system32\egyfsgdu.dll

C:\WINDOWS\system32\fkpbfrtm.ini

C:\WINDOWS\system32\gixcqnat.dll

C:\WINDOWS\system32\help.txt

C:\WINDOWS\system32\hoxvsoxu.dll

C:\WINDOWS\system32\jjagwvwy.ini

C:\WINDOWS\system32\mcrh.tmp

C:\WINDOWS\system32\mtrfbpkf.dll

C:\WINDOWS\system32\ps.dat

C:\WINDOWS\system32\smbols~1

C:\WINDOWS\system32\smpi1

C:\WINDOWS\system32\tanqcxig.ini

C:\WINDOWS\system32\udgsfyge.ini

C:\WINDOWS\system32\unsvchosts.lzma

C:\WINDOWS\system32\uxosvxoh.ini

C:\WINDOWS\system32\ystem~1

C:\WINDOWS\system32\ywvwgajj.dll

C:\WINDOWS\uninst2.htm

C:\WINDOWS\uninstall_nmon.vbs

C:\WINDOWS\unist1.htm

C:\WINDOWS\wallpap.exe

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\LEGACY_CMDSERVICE

-------\LEGACY_COM+_MESSAGES

-------\LEGACY_DRIVER

-------\LEGACY_EXAMPLE1

-------\LEGACY_NETWORK_MONITOR

-------\LEGACY_RUNTIME

-------\LEGACY_WINDOWS_OVERLAY_COMPONENTS

-------\COM+ Messages

-------\Driver

-------\EXAMPLE1

-------\Runtime

((((((((((((((((((((((((( Files Created from 2007-12-25 to 2008-01-25 )))))))))))))))))))))))))))))))

.

2008-01-25 17:04 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe

2008-01-25 00:41 . 2008-01-25 00:41 <DIR> d-------- C:\Program Files\Trend Micro

2008-01-04 23:52 . 2008-01-04 23:52 268 --ah----- C:\sqmdata19.sqm

2008-01-04 23:52 . 2008-01-04 23:52 244 --ah----- C:\sqmnoopt19.sqm

2007-12-28 00:59 . 2007-12-28 00:59 268 --ah----- C:\sqmdata18.sqm

2007-12-28 00:59 . 2007-12-28 00:59 244 --ah----- C:\sqmnoopt18.sqm

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-01-23 01:28 --------- d-----w C:\Program Files\World of Warcraft

2007-12-15 01:49 --------- d-----w C:\Program Files\AIM6

2007-12-15 01:48 --------- d-----w C:\Program Files\Viewpoint

1989-12-12 14:10 690,000 --sh--r C:\WINDOWS\qcnrvro.exe

1989-12-12 14:10 830,000 --sh--r C:\WINDOWS\rpnoxwg.exe

2004-11-25 04:58 32 --sha-w C:\WINDOWS\{A6C436B5-F7B7-40D0-AF3D-4F8495D035CD}.dat

2004-11-19 03:07 12,497,456 --sha-w C:\WINDOWS\addins\bkalue.bak1

2004-11-24 18:30 125,278,932 --sh--w C:\WINDOWS\addins\bkalue.bak2

2004-11-17 03:06 6,808 --sh--w C:\WINDOWS\Config\dvdsp.bak2

2004-11-25 03:35 62,603,781 --sha-w C:\WINDOWS\Config\vrsca.bak1

2004-11-25 04:36 62,603,732 --sh--w C:\WINDOWS\Config\vrsca.bak2

2004-11-23 17:51 1,178,527 --sh--w C:\WINDOWS\Config\xafbv.bak2

2005-07-29 21:24 472 --sha-r C:\WINDOWS\Q2hpcHBlcg\kZ1DwJ15w0.vbs

2007-01-11 20:03 9,625 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys

2004-11-25 04:58 32 --sha-w C:\WINDOWS\system32\{C5F0516D-45F1-40A9-A351-6017A7730779}.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{22EE9F86-AAF0-4f11-80C8-859D8F53C3A0}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3E32C320-215B-4F2C-8E02-08B757EEFB19}]

C:\WINDOWS\System32\rgvyyirp.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C6EE2B55-4894-45C7-B09D-873B557D24E4}]

C:\WINDOWS\System32\gebyw.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E416BCBE-B331-4AEE-B85A-877652B13A7A}]

C:\WINDOWS\System32\jkkll.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{8E718888-423F-11D2-876E-00A0C9082467}

{65DA622A-3F7B-F96A-8D2D-4F8246DC60B7}

[HKEY_CLASSES_ROOT\clsid\{65da622a-3f7b-f96a-8d2d-4f8246dc60b7}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-01-19 12:49 4670968]

"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-10-04 10:20 50528]

"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]

"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 15:45 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2005-04-01 15:16 5562368]

"nwiz"="nwiz.exe" [2006-10-22 12:22 1622016 C:\WINDOWS\system32\nwiz.exe]

"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2005-04-01 15:16 86016]

"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-27 11:27 579072]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 08:41 282624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-23 08:45 219136]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"SpecifyDefaultButtons"= 0 (0x0)

"Btn_Search"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]

Source= C:\WINDOWS\System32\ad.html

FriendlyName=

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkll]

C:\WINDOWS\System32\jkkll.dll

S1 SABKUTIL;SABKUTIL;C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys []

S2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 16:38]

S3 NPDriver;Norton Unerase Protection Driver;C:\WINDOWS\System32\Drivers\NPDRIVER.SYS [2002-08-14 06:03]

.

Contents of the 'Scheduled Tasks' folder

"2008-01-26 06:00:00 C:\WINDOWS\Tasks\80CD69A5896F1BAD.job"

- c:\progra~1\oozesa~1\ScrDeleteHtm.exe

"2008-01-26 05:00:01 C:\WINDOWS\Tasks\At1.job"