Jump to content

Mbam cannot delete mrxdavv.sys (Rootkit.Agent.H)


Recommended Posts

So for awhile now, Mbam has been finding this one problem, saying I have Rootkit.Agent.H in this one file mrxdavv.sys, and it's always unable to delete the file - it says it will on reboot, but it always finds it again when I rescan. When I search for the file myself, it has never existed. There's a file with one V in the file name, but the file it finds always has 2 V's before the .sys extension.

I saw a few other threads that got closed (and never fully solved) in the past with people with similar problems, but I've never seen a solution. Was this ever figured out whether or not it was a false positive?

Malwarebytes' Anti-Malware 1.30

Database version: 1367

Windows 5.1.2600 Service Pack 3

11/7/2008 7:41:10 AM

mbam-log-2008-11-07 (07-41-10).txt

Scan type: Quick Scan

Objects scanned: 65512

Time elapsed: 9 minute(s), 53 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\drivers\mrxdavv.sys (Rootkit.Agent.H) -> Delete on reboot.

Here's a Hijackthis log:

Logfile of HijackThis v1.99.0

Scan saved at 8:16:25 AM, on 11/7/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\PreSonus\1394AudioDriver_FIREPOD\FIREPOD.exe

C:\Program Files\Cerberus\Cerberus.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Documents and Settings\Deege\Desktop\Deege's Stuff\Programs\tools\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mms.beer.com/

N3 - Netscape 7: # Mozilla User Preferences

/* Do not edit this file.

*

* If you make changes to this file while the browser is running,

* the changes will be overwritten when the browser exits.

*

* To make a manual change to preferences, you can visit the URL about:config

* For more information, see http://www.mozilla.org/unix/customizing.html#prefs

*/

user_pref("browser.activation.checkedNNFlag", true);

user_pref("browser.bookmarks.added_static_root", true);

user_pref("browser.cache.disk.parent_directory", "C:\\DOCUMENTS AND SETTINGS\\DEEGE\\APPLICATION DATA\\Mozilla\\Profiles\\default\\ivskorpv.slt");

user_pref("browser.download.dir", "C:\\Documents and Settings\\Deege\\Desktop");

user_pref("browser.search.defaultengine", "http://www.google.com/");

user_pref("browser.startup.homepage", "http://home.netscape.com/");

user_pref("browser.startup.homepage_override.mstone", "rv:1.4");

user_pref("browser.turbo.showDialog", true);

user_pref("editor.history_title_0", "www.SDMFworldwide.com ~ View topic - T

N3 - Netscape 7: # Mozilla User Preferences

/* Do not edit this file.

*

* If you make changes to this file while the browser is running,

* the changes will be overwritten when the browser exits.

*

* To make a manual change to preferences, you can visit the URL about:config

* For more information, see http://www.mozilla.org/unix/customizing.html#prefs

*/

user_pref("browser.activation.checkedNNFlag", true);

user_pref("browser.bookmarks.added_static_root", true);

user_pref("browser.cache.disk.parent_directory", "C:\\DOCUMENTS AND SETTINGS\\DEEGE\\APPLICATION DATA\\Mozilla\\Profiles\\default\\ivskorpv.slt");

user_pref("browser.download.dir", "C:\\Documents and Settings\\Deege\\Desktop");

user_pref("browser.search.defaultengine", "http://www.google.com/");

user_pref("browser.startup.homepage", "http://home.netscape.com/");

user_pref("browser.startup.homepage_override.mstone", "rv:1.4");

user_pref("browser.turbo.showDialog", true);

user_pref("editor.history_title_0", "www.SDMFworldwide.com ~ View topic - T

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - Startup: Shortcut to Cerberus.exe.lnk = C:\Program Files\Cerberus\Cerberus.exe

O4 - Global Startup: FirePod Control Panel.lnk = C:\Program Files\PreSonus\1394AudioDriver_FIREPOD\FIREPOD.exe

O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM

O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM

O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm

O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm

O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll

O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab

O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-48.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1163579087109

O16 - DPF: {CE74A05D-ED12-473A-97F8-85FB0E2F479F} (dlControl.UserControl1) - http://www.livemetallica.com/nugster/dlControl.CAB

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

Link to post
Share on other sites

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.

Hi SDMFdeegerand welcome to the Malwarebytes Security Forums ;)

I'm Dakeyras and I am going to try to assist you with your problem. Please take note of the below:

  • I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.

  • The fixes are specific to your problem and should only be used for this issue on this machine!.

  • The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.

  • If you don't know, stop and ask! Don't keep going on.

  • Please reply to this thread. Do not start a new topic.

  • It may prove beneficial if you print of the following instructions or save them to notepad as I post them.

  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

Extra note: Please be aware as I am still in training all of my fixes/posts require prior checking by a Expert. So some delays may be inevitable, please be patient and I will reply again asap.

Link to post
Share on other sites

I actually somehow managed to get rid of it - Malwarebytes never finds it. I ran a program called Avenger which finds rootkits, and can delete files - it found no rootkits and couldnt remove the file since it didn't exist (Though it did restart in the middle of checking). Avenger said it didnt' do anything - but then everytime after that, Malwarebytes no longer finds the problem. Not sure why if Avenger didn't do anything - but somehow, the file is gone!

Link to post
Share on other sites

Hi ;)

Please bare in mind what I posted in my welcome post:

Absence of symptoms does not mean that everything is clear.

The choice to carry out the below is yours alone. Please let myself know either way, thank you.

Before commencing with any of the below please make sure you are logged into the Computer Administrator account for this machine.

Very Important!

You appear to have no Anti-Virus software installed and running. This is a very unsafe practice when accessing the internet and most likely the cause of your malware problems. Download just one only of the two free anti-virus programs listed below please and Install>> Update >> Carry Out a Complete Scan. Have it fix anything it finds.

Note: If you actually do have a Anti-Virus software installed and it is either been disabled or inactive due to the malware infections present, do not carry out the below and inform myself in your next reply please, thank you.

Next:

Your current version of HijackThis is out of date and currently in a undesirable location. However do not remove the older version for now until I ask please. Reason being any backups present may be required.

Please download the newer version HiJackThis from here.

  • Now double-click on HJTInstall.exe.
  • Choose the default location of C:\Program Files\Trend Micro\HijackThis as the destination. HJT needs to be in its own folder so that the program itself isn't deleted by accident. Having the backups could be VITAL to restoring your system if something went wrong in the FIX process!
  • Click the Install button.
  • Accept the license agreement .
  • The program will place a shortcut on your desktop. This will make it easier for you to access the tool when required.
  • Now close the application as we do need to use this yet!

Next:

  • Please download Random's System Information Tool by random/random from here and save it to your desktop.

Please make sure that RSIT.exe is on the your Desktop before running the application.

  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open:
    • log.txt will be opened maximized.
    • info.txt will be opened minimized.

    [*]Please post the contents of both log.txt and info.txt.

Next:

  • Please download GMER by GMER from here
  • Unzip it to a folder on your desktop
  • Double click on gmer.exe to launch GMER
  • If asked, allow the gmer.sys driver load
  • If it warns you about rootkit activity and asks if you want to run scan, click OK
  • If you don't get a warning then
    • Click the rootkit tab
    • Click Scan

    [*]Once the scan has finished, click copy

    [*]Paste the log into notepad using Ctrl+V

    [*]Save it to your desktop as gmerrk.txt

    [*]Click on the >>> tab

    [*]This will open up the rest of the tabs for you

    [*]Click on the Autostart tab

    [*]Click on Scan

    [*]Once the scan has finished, click copy

    [*]Paste the log into notepad using Ctrl+V

    [*]Save it to your desktop as gmerautos.txt

    [*]Copy and paste the contents of gmerautos.txt and gmerrk.txt as a reply to this topic

When completed the above, please post back the following:

  • Both RSIT logs.
  • Both GMER logs.
Link to post
Share on other sites

I am going to do this in several steps so I can do one tool at a time. Here is the log.txt and info.txt from RSIT:

Logfile of random's system information tool 1.04 (written by random/random)

Run by Deege at 2008-11-08 14:35:21

Microsoft Windows XP Professional Service Pack 3

System drive C: has 50 GB (38%) free of 131 GB

Total RAM: 1023 MB (50% free)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 2:35:29 PM, on 11/8/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\BitTornado\btdownloadgui.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Deege\Desktop\RSIT.exe

C:\Program Files\Trend Micro\HijackThis\Deege.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mms.beer.com/

N3 - Netscape 7: # Mozilla User Preferences

/* Do not edit this file.

*

* If you make changes to this file while the browser is running,

* the changes will be overwritten when the browser exits.

*

* To make a manual change to preferences, you can visit the URL about:config

* For more information, see http://www.mozilla.org/unix/customizing.html#prefs

*/

user_pref("browser.activation.checkedNNFlag", true);

user_pref("browser.bookmarks.added_static_root", true);

user_pref("browser.cache.disk.parent_directory", "C:\\DOCUMENTS AND SETTINGS\\DEEGE\\APPLICATION DATA\\Mozilla\\Profiles\\default\\ivskorpv.slt");

user_pref("browser.download.dir", "C:\\Documents and Settings\\Deege\\Desktop");

user_pref("browser.search.defaultengine", "http://www.google.com/");

user_pref("browser.startup.homepage", "http://home.netscape.com/");

user_pref("browser.startup.homepage_override.mstone", "rv:1.4");

user_pref("browser.turbo.showDialog", true);

user_pref("editor.history_title_0", "www.SDMFworldwide.com ~ View topic - T

N3 - Netscape 7: # Mozilla User Preferences

/* Do not edit this file.

*

* If you make changes to this file while the browser is running,

* the changes will be overwritten when the browser exits.

*

* To make a manual change to preferences, you can visit the URL about:config

* For more information, see http://www.mozilla.org/unix/customizing.html#prefs

*/

user_pref("browser.activation.checkedNNFlag", true);

user_pref("browser.bookmarks.added_static_root", true);

user_pref("browser.cache.disk.parent_directory", "C:\\DOCUMENTS AND SETTINGS\\DEEGE\\APPLICATION DATA\\Mozilla\\Profiles\\default\\ivskorpv.slt");

user_pref("browser.download.dir", "C:\\Documents and Settings\\Deege\\Desktop");

user_pref("browser.search.defaultengine", "http://www.google.com/");

user_pref("browser.startup.homepage", "http://home.netscape.com/");

user_pref("browser.startup.homepage_override.mstone", "rv:1.4");

user_pref("browser.turbo.showDialog", true);

user_pref("editor.history_title_0", "www.SDMFworldwide.com ~ View topic - T

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')

O4 - Startup: Shortcut to Cerberus.exe.lnk = C:\Program Files\Cerberus\Cerberus.exe

O4 - Global Startup: FirePod Control Panel.lnk = C:\Program Files\PreSonus\1394AudioDriver_FIREPOD\FIREPOD.exe

O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM

O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM

O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm

O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm

O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll

O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab

O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-48.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1163579087109

O16 - DPF: {CE74A05D-ED12-473A-97F8-85FB0E2F479F} (dlControl.UserControl1) - http://www.livemetallica.com/nugster/dlControl.CAB

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

--

End of file - 6327 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\859B293E9A10D756.job

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

C:\WINDOWS\tasks\Malwarebytes' Scheduled Scan for Deege.job

C:\WINDOWS\tasks\Malwarebytes' Scheduled Update for Deege.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

Java Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-06 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-06 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-06 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-06 136600]

"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2008-10-22 399504]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]

C:\Program Files\AIM\aim.exe [2004-08-10 61440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-22 116040]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeadAIM]

C:\PROGRA~1\AIM\\DeadAIM.ocm [2004-04-10 144896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gkityqda]

C:\Documents and Settings\Deege\My Documents\?ymbols\t?skmgr.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2005-02-16 221184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

C:\Program Files\iTunes\iTunesHelper.exe [2008-07-30 289064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kdx]

C:\Program Files\Kontiki\KHost.exe [2007-03-15 1033800]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

C:\Program Files\MSN Messenger\MsnMsgr.Exe [2007-01-19 5674352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]

C:\Program Files\MySpace\IM\MySpaceIM.exe [2007-12-18 8720384]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]

C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]

C:\Program Files\PowerISO\PWRISOVM.EXE [2008-01-20 217088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2005-01-12 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [2007-09-25 132496]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwPrnMon]

C:\Program Files\Common Files\Sowedoo Shared\Sowedoo PDF Printer V4\SwPrnMon.exe [2005-09-29 548864]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-08-12 185896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinDVR SchSvr]

C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe [2005-02-16 106496]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFast Schedule]

C:\Program Files\WinFast\WFTVFM\WFWIZ.exe [2005-05-04 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]

C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2006-11-30 4662776]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Deege^Start Menu^Programs^Startup^Adobe Gamma.lnk]

C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [2005-03-16 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Deege^Start Menu^Programs^Startup^Cerberus FTP Server.lnk]

C:\Documents and Settings\Deege\Application Data\Microsoft\Installer\{5C635813-A908-4F35-9699-A30F34DCF7A9}\_5D784EEFB0D8F564BDBC41.exe [2007-01-27 90126]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Deege^Start Menu^Programs^Startup^GetRight - Tray Icon.lnk]

C:\PROGRA~1\GetRight\getright.exe [2004-03-24 2121728]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Deege^Start Menu^Programs^Startup^Shortcut to Cerberus.exe.lnk]

C:\PROGRA~1\Cerberus\Cerberus.exe [2006-09-11 3481600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"IDriverT"=3

"iPodService"=3

"ZuneNetworkSvc"=3

"iPod Service"=3

"Apple Mobile Device"=2

"WMPNetworkSvc"=3

"usnjsvc"=3

"Adobe LM Service"=3

C:\Documents and Settings\All Users\Start Menu\Programs\Startup

FirePod Control Panel.lnk - C:\Program Files\PreSonus\1394AudioDriver_FIREPOD\FIREPOD.exe

C:\Documents and Settings\Deege\Start Menu\Programs\Startup

Shortcut to Cerberus.exe.lnk - C:\Program Files\Cerberus\Cerberus.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]

C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-07-23 352256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\system32\WgaLogon.dll [2007-04-10 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TMPassthru.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TMPassthru.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=

"NoDrives"=

"NoDriveAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"

"C:\Program Files\Cerberus\Cerberus.exe"="C:\Program Files\Cerberus\Cerberus.exe:*:Enabled:Cerberus FTP Server Application"

"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"

"C:\Program Files\ICQ\Icq.exe"="C:\Program Files\ICQ\Icq.exe:*:Enabled:ICQ"

"C:\Program Files\SmartFTP\SmartFTP.exe"="C:\Program Files\SmartFTP\SmartFTP.exe:*:Enabled:SmartFTP"

"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"

"C:\Program Files\Soulseek\slsk.exe"="C:\Program Files\Soulseek\slsk.exe:*:Enabled:SoulSeek"

"C:\Program Files\mIRC\mirc.exe"="C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC"

"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"

"C:\Program Files\Direct Connect\Direct Connect.exe"="C:\Program Files\Direct Connect\Direct Connect.exe:*:Enabled:Direct Connect"

"C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe"="C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe:*:Enabled:Dreamweaver MX"

"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"

"C:\Program Files\BitTornado\btdownloadgui.exe"="C:\Program Files\BitTornado\btdownloadgui.exe:*:Enabled:btdownloadgui"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"

"C:\Program Files\Kontiki\KService.exe"="C:\Program Files\Kontiki\KService.exe:*:Enabled:Delivery Manager Service"

"C:\Program Files\Team MediaPortal\MediaPortal\MediaPortal.exe"="C:\Program Files\Team MediaPortal\MediaPortal\MediaPortal.exe:*:Disabled: "

"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"

"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

"C:\Program Files\GlobalSCAPE\CuteFTP 8 Professional\ftpte.exe"="C:\Program Files\GlobalSCAPE\CuteFTP 8 Professional\ftpte.exe:*:Enabled:FTP Transfer Engine"

"C:\Program Files\MySpace\IM\MySpaceIM.exe"="C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpace Instant Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]

shell\AutoRun\command - H:\Setup.exe -auto

======File associations======

.js - open - "C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe" "%1"

======List of files/folders created in the last 1 months======

2008-11-08 14:35:20 ----D---- C:\rsit

2008-11-07 17:55:43 ----D---- C:\WINDOWS\LastGood

2008-11-06 10:58:58 ----SHD---- C:\RECYCLER

2008-11-06 02:12:12 ----A---- C:\ComboFix.txt

2008-11-06 01:50:59 ----D---- C:\Program Files\XoftSpySE

2008-11-06 01:42:31 ----A---- C:\WINDOWS\SchedLgU.Txt

2008-11-06 00:25:55 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

2008-11-06 00:25:50 ----D---- C:\Program Files\SUPERAntiSpyware

2008-11-06 00:25:50 ----D---- C:\Documents and Settings\Deege\Application Data\SUPERAntiSpyware.com

2008-11-06 00:25:27 ----A---- C:\WINDOWS\system32\javaws.exe

2008-11-06 00:25:27 ----A---- C:\WINDOWS\system32\javaw.exe

2008-11-06 00:25:27 ----A---- C:\WINDOWS\system32\java.exe

2008-11-06 00:25:27 ----A---- C:\WINDOWS\system32\deploytk.dll

2008-11-06 00:14:49 ----D---- C:\Program Files\CCleaner

2008-11-03 02:32:24 ----D---- C:\Program Files\QuickTime Alternative

2008-10-26 02:47:49 ----D---- C:\WINDOWS\temp

2008-10-26 02:11:03 ----D---- C:\Program Files\EsetOnlineScanner

2008-10-26 02:08:52 ----D---- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage

2008-10-26 02:07:09 ----A---- C:\Boot.bak

2008-10-26 02:07:01 ----D---- C:\cmdcons

2008-10-26 02:05:58 ----A---- C:\WINDOWS\zip.exe

2008-10-26 02:05:58 ----A---- C:\WINDOWS\VFIND.exe

2008-10-26 02:05:58 ----A---- C:\WINDOWS\SWXCACLS.exe

2008-10-26 02:05:58 ----A---- C:\WINDOWS\SWSC.exe

2008-10-26 02:05:58 ----A---- C:\WINDOWS\SWREG.exe

2008-10-26 02:05:58 ----A---- C:\WINDOWS\sed.exe

2008-10-26 02:05:58 ----A---- C:\WINDOWS\NIRCMD.exe

2008-10-26 02:05:58 ----A---- C:\WINDOWS\grep.exe

2008-10-26 02:05:58 ----A---- C:\WINDOWS\fdsv.exe

2008-10-26 02:05:54 ----D---- C:\WINDOWS\ERDNT

2008-10-26 02:05:54 ----D---- C:\Qoobox

2008-10-25 19:56:54 ----A---- C:\WINDOWS\system32\TweakUI.exe

2008-10-25 05:08:56 ----D---- C:\Program Files\Sophos

2008-10-25 05:01:02 ----A---- C:\WINDOWS\gmer.ini

2008-10-25 05:00:49 ----A---- C:\WINDOWS\gmer_uninstall.cmd

2008-10-25 05:00:49 ----A---- C:\WINDOWS\gmer.exe

2008-10-25 05:00:49 ----A---- C:\WINDOWS\gmer.dll

2008-10-18 06:38:30 ----A---- C:\WINDOWS\rinopref.txt

2008-10-16 03:10:12 ----D---- C:\Program Files\coverXP

======List of files/folders modified in the last 1 months======

2008-11-08 14:35:25 ----D---- C:\WINDOWS\Prefetch

2008-11-08 14:34:26 ----D---- C:\Program Files\Trend Micro

2008-11-08 00:36:27 ----D---- C:\Documents and Settings\Deege\Application Data\dvdcss

2008-11-07 17:58:19 ----HD---- C:\WINDOWS\inf

2008-11-07 17:58:19 ----D---- C:\WINDOWS\system32

2008-11-07 17:58:12 ----RSHDC---- C:\WINDOWS\system32\dllcache

2008-11-07 17:58:12 ----D---- C:\WINDOWS

2008-11-07 17:58:10 ----D---- C:\WINDOWS\system32\CatRoot

2008-11-07 17:55:51 ----D---- C:\WINDOWS\Help

2008-11-07 17:55:43 ----D---- C:\WINDOWS\system32\CatRoot2

2008-11-07 08:54:24 ----D---- C:\Program Files\Mozilla Firefox

2008-11-07 08:08:14 ----D---- C:\Temp

2008-11-07 08:08:07 ----SD---- C:\WINDOWS\Downloaded Program Files

2008-11-07 07:53:42 ----D---- C:\Program Files\Google

2008-11-07 07:53:26 ----D---- C:\WINDOWS\system32\drivers

2008-11-07 07:44:41 ----SD---- C:\WINDOWS\Tasks

2008-11-07 07:44:00 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2008-11-06 10:59:47 ----RD---- C:\Program Files

2008-11-06 10:59:47 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP

2008-11-06 02:06:43 ----A---- C:\WINDOWS\system.ini

2008-11-06 02:05:06 ----D---- C:\WINDOWS\AppPatch

2008-11-06 02:05:06 ----D---- C:\Program Files\Common Files

2008-11-06 01:40:22 ----D---- C:\WINDOWS\system32\LogFiles

2008-11-06 01:08:22 ----SHD---- C:\WINDOWS\Installer

2008-11-06 01:08:21 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe

2008-11-06 01:08:21 ----D---- C:\Config.Msi

2008-11-06 01:07:58 ----D---- C:\Program Files\Common Files\Adobe

2008-11-06 01:07:43 ----D---- C:\Program Files\Adobe

2008-11-06 00:48:22 ----SHD---- C:\System Volume Information

2008-11-06 00:48:22 ----D---- C:\WINDOWS\system32\Restore

2008-11-06 00:25:28 ----D---- C:\Program Files\Common Files\Wise Installation Wizard

2008-11-06 00:25:09 ----D---- C:\Program Files\Java

2008-11-06 00:21:58 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-11-06 00:21:32 ----D---- C:\Program Files\GetRight

2008-11-06 00:21:32 ----D---- C:\Documents and Settings\Deege\Application Data\ImgBurn

2008-11-06 00:20:42 ----D---- C:\WINDOWS\Debug

2008-11-06 00:20:40 ----D---- C:\WINDOWS\Minidump

2008-11-03 03:17:12 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer

2008-11-03 02:56:14 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2008-11-03 02:54:46 ----D---- C:\Program Files\Apple Software Update

2008-11-03 02:36:18 ----D---- C:\Documents and Settings\All Users\Application Data\WholeSecurity

2008-11-03 02:32:15 ----D---- C:\Documents and Settings\Deege\Application Data\Apple Computer

2008-10-29 19:47:08 ----D---- C:\Documents and Settings\All Users\Application Data\DVD Shrink

2008-10-28 04:56:32 ----D---- C:\Program Files\Xara

2008-10-28 04:56:32 ----D---- C:\Program Files\Windows Media Player

2008-10-28 04:56:31 ----D---- C:\Program Files\Windows Media Connect 2

2008-10-28 04:56:31 ----D---- C:\Program Files\Winamp

2008-10-28 04:56:31 ----D---- C:\Program Files\Waves

2008-10-28 04:56:31 ----D---- C:\Program Files\Wal-Mart Music Downloads Store

2008-10-28 04:56:28 ----D---- C:\Program Files\PC Inspector File Recovery

2008-10-28 04:56:27 ----D---- C:\Program Files\Movie Maker

2008-10-28 04:56:21 ----D---- C:\Program Files\Cerberus

2008-10-28 04:56:21 ----D---- C:\Program Files\Bass Chorus

2008-10-28 04:56:21 ----D---- C:\Program Files\AIM

2008-10-28 04:56:20 ----D---- C:\Program Files\DivX

2008-10-28 04:56:19 ----D---- C:\Program Files\Direct Connect

2008-10-28 04:56:18 ----D---- C:\Program Files\Drumagog40

2008-10-28 04:56:17 ----D---- C:\Program Files\Fx ReSound

2008-10-28 04:56:16 ----D---- C:\Program Files\FLAC

2008-10-28 04:56:14 ----D---- C:\Program Files\Kazaa Lite Revolution

2008-10-28 04:56:13 ----D---- C:\Program Files\MicModDX

2008-10-28 04:56:13 ----D---- C:\Program Files\Messenger

2008-10-28 04:56:13 ----D---- C:\Program Files\LiveUpdate

2008-10-28 04:56:13 ----D---- C:\Program Files\LimeWire

2008-10-28 04:56:12 ----D---- C:\Program Files\mobile PhoneTools

2008-10-28 04:56:12 ----D---- C:\Program Files\MKVtoolnix

2008-10-28 04:56:12 ----D---- C:\Program Files\ICQ

2008-10-28 04:56:09 ----AD---- C:\Program Files\ACM

2008-10-26 02:36:02 ----D---- C:\WINDOWS\system32\config

2008-10-26 02:07:09 ----RASH---- C:\boot.ini

2008-10-25 04:20:03 ----D---- C:\Program Files\Soulseek

2008-10-25 02:00:25 ----HD---- C:\WINDOWS\$hf_mig$

2008-10-21 15:24:35 ----A---- C:\WINDOWS\win.ini

2008-10-18 01:13:17 ----D---- C:\Documents and Settings\Deege\Application Data\Vso

2008-10-17 03:03:08 ----D---- C:\Program Files\mIRC

2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuweb.dll

2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuaueng.dll

2008-10-16 14:12:22 ----A---- C:\WINDOWS\system32\wucltui.dll

2008-10-16 14:12:20 ----A---- C:\WINDOWS\system32\wuapi.dll

2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wuauclt.exe

2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\cdm.dll

2008-10-16 14:09:40 ----A---- C:\WINDOWS\system32\wucltui.dll.mui

2008-10-16 14:07:44 ----A---- C:\WINDOWS\system32\wuapi.dll.mui

2008-10-16 14:07:14 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui

2008-10-16 14:06:48 ----A---- C:\WINDOWS\system32\muweb.dll

2008-10-16 14:06:48 ----A---- C:\WINDOWS\system32\mucltui.dll.mui

2008-10-16 14:06:48 ----A---- C:\WINDOWS\system32\mucltui.dll

2008-10-16 02:46:19 ----D---- C:\Program Files\Internet Explorer

2008-10-15 11:34:24 ----A---- C:\WINDOWS\system32\netapi32.dll

2008-10-09 22:16:58 ----D---- C:\My Music

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2008-04-13 37760]

R1 GEARAspiWDM;GEAR CDRom Filter; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2008-01-29 16168]

R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []

R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []

R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2008-01-20 33292]

R2 Aspi32;Aspi32; C:\WINDOWS\System32\drivers\aspi32.sys [2005-11-21 16512]

R2 BT848;WinFast TV2000 XP WDM Video Capture; C:\WINDOWS\system32\drivers\wf2kvcap.sys [2004-10-04 75925]

R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []

R2 tv2ktunr;WinFast TV2000 XP WDM TVTuner; C:\WINDOWS\system32\drivers\wf2ktunr.sys [2004-10-04 36423]

R2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar; C:\WINDOWS\system32\drivers\wf2kxbar.sys [2004-10-04 10005]

R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]

R3 ews88mt;EWS88 WDM Audio; C:\WINDOWS\system32\drivers\ews88wdm.sys [2002-06-13 149256]

R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]

R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys []

R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]

R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]

R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]

R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]

R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-10-05 47360]

R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2004-04-01 10368]

R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-04 20992]

R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]

R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]

R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]

R3 VIAudio;VIA AC'97 Enhanced Audio Controller (WDM); C:\WINDOWS\system32\drivers\viaudio.sys [2001-09-10 42880]

R3 vulfnths;VIA USB Host Controller Lower Filter; C:\WINDOWS\System32\Drivers\vulfnth.sys [2002-10-24 6912]

R3 vulfntrs;VIA USB Roothub Lower Filter; C:\WINDOWS\System32\Drivers\vulfntr.sys [2003-05-24 11392]

S1 HWIONT;HWIONT; \??\C:\DOCUME~1\Deege\LOCALS~1\Temp\Rar$EX00.016\HWIONT.sys []

S1 SANDRA;SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\Sandra.sys []

S1 TMPassthruMP;TMPassthruMP; C:\WINDOWS\system32\DRIVERS\TMPassthru.sys []

S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []

S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]

S3 DSDrv4;DSDrv4; \??\C:\PROGRA~1\DScaler\DSDrv4.sys []

S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2008-10-25 85969]

S3 MEMSWEEP2;MEMSWEEP2; \??\C:\WINDOWS\system32\5.tmp []

S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]

S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]

S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]

S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]

S3 nv4;nv4; C:\WINDOWS\System32\DRIVERS\nv4.sys [2001-08-17 731648]

S3 pae_1394;pae_1394; C:\WINDOWS\System32\Drivers\pae_1394.sys [2005-06-09 111616]

S3 pae_avs;pae_avs; C:\WINDOWS\System32\Drivers\pae_avs.sys [2005-06-09 27136]

S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []

S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]

S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]

S3 usbbus;LGE CDMA Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys [2007-04-09 12672]

S3 UsbDiag;LGE CDMA USB Serial Port; C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys [2007-04-09 21248]

S3 USBModem;LGE CDMA USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys [2007-04-09 22912]

S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]

S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

S3 WFIOCTL;WFIOCTL; \??\C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS []

S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]

S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-06 152984]

R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2008-10-22 170640]

R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

S2 spupdsvc;Windows Service Pack Installer update service; C:\WINDOWS\system32\spupdsvc.exe [2007-08-10 26488]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]

S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-07-30 532264]

S4 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-02-15 72704]

S4 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-22 116040]

S4 BNNQWP;BNNQWP; C:\DOCUME~1\Deege\LOCALS~1\Temp\BNNQWP.exe [2008-11-06 498560]

S4 BTDZ;BTDZ; C:\DOCUME~1\Deege\LOCALS~1\Temp\BTDZ.exe []

S4 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]

S4 KService;KService; C:\Program Files\Kontiki\KService.exe [2007-03-15 3069512]

S4 NFSTE;NFSTE; C:\DOCUME~1\Deege\LOCALS~1\Temp\NFSTE.exe []

S4 QBQKRDDKN;QBQKRDDKN; C:\DOCUME~1\Deege\LOCALS~1\Temp\QBQKRDDKN.exe []

S4 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2004-10-29 86016]

S4 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]

S4 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.04 2008-11-08 14:35:32

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

Ac3Tool (remove only)-->"C:\Program Files\BlackSunSoft.net\Ac3Tool\uninstall-Ac3Tool.EXE"

Ad-Aware SE Personal-->C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG

Adobe Audition 1.0-->MsiExec.exe /I{81E76DE9-BBCB-449C-91BB-6E4E5436D496}

Adobe Audition 2.0-->msiexec /I {01CEC7E5-70FD-4D06-8FAD-BF21DF0CC6DC}

Adobe Audition 3.0-->msiexec /I {53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}

Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5102}

Adobe Flash Player 9 ActiveX-->MsiExec.exe /X{58BAA8D0-404E-4585-9FD3-ED1BB72AC2EE}

Adobe Help Center 2.0-->MsiExec.exe /I{8FFC924C-ED06-44CB-8867-3CA778ECE903}

Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}

Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}

Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}

Ahead Nero Burning ROM-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL

AMP Font Viewer-->"C:\Program Files\AMP Font Viewer\uninstall.exe"

AmpegSVX-->C:\Program Files\InstallShield Installation Information\{CF1D7323-8A0A-49C7-83B0-088DB90721E2}\setup.exe -runfromtemp -l0x0009 uninstall -removeonly

AmpliTube2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB6691DA-66D3-412E-9853-641CF7D0C35A}\Setup.exe" -l0x9 uninstall

Antares Autotune DX v4.12-->C:\PROGRA~1\Antares\AUTOTU~1\ANTARE~1\UNWISE.EXE C:\PROGRA~1\Antares\AUTOTU~1\ANTARE~1\INSTALL.LOG

Antares Microphone Modeler 1.31 DirectX-->C:\PROGRA~1\MicModDX\UNWISE.EXE C:\PROGRA~1\MicModDX\INSTALL.LOG

AOL HI-Q Video-->C:\Program Files\Kontiki\HiQUninstaller.exe

AOL Instant Messenger-->C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=

Apple Mobile Device Support-->MsiExec.exe /I{49C88E44-1B38-4FC6-824E-2BDA3063B0E3}

Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}

AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"

Axialis AX CDPlayer 2.6-->C:\Program Files\Axialis\AXCDPlayer\UnInstall.exe "AXCDPlayer" "AXCDPlay.exe"

BadCopy Pro-->C:\PROGRA~1\Jufsoft\BadCopy\UNWISE.EXE C:\PROGRA~1\Jufsoft\BadCopy\INSTALL.LOG

BBE Sonic Maximizer Plugin-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\BBE\BBE Sonic Maximizer Plugin\Uninst.isu"

BitTornado 0.3.17-->C:\Program Files\BitTornado\uninst.exe

Canon IXY 300a, PowerShot S330, IXUS 330 WIA Driver-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{EC801A21-7DDA-4730-ADCF-ADD403C405A7}

CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"

CDex extraction audio-->"C:\Program Files\CDex_150\uninstall.exe"

Cerberus FTP Server-->MsiExec.exe /I{5C635813-A908-4F35-9699-A30F34DCF7A9}

Cool Edit Pro 2.0-->C:\Program Files\coolpro2\cep2unin.exe

CoreFLAC Audio Decoder+Source Filter (remove only)-->"C:\WINDOWS\system32\CoreFLACDecoder-uninstall.exe"

Corel Business Applications-->E:\Corel\AppMan\Setup\remove.exe

Corel Paint Shop Pro X-->MsiExec.exe /I{1A15507A-8551-4626-915D-3D5FA095CC1B}

coverXP (remove only)-->"C:\Program Files\coverXP\cxp-uninst.exe"

CuteFTP 8 Professional-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{91F34319-08DE-457A-99C0-0BCDFAC145B9}\Setup.exe" -l0x9

DeadAIM-->MsiExec.exe /I{0F8F3415-CB0A-49A6-A23A-D8390444B127}

Digital Media Converter 2.57-->"C:\Program Files\Deskshare\Digital Media Converter\unins000.exe"

Direct Connect 2.0-->C:\WINDOWS\iun6002.exe "C:\Program Files\Direct Connect\irunin.ini"

DiscWizard for Windows-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1BC8E02-6B5B-4B4A-A75F-B27A16918C2B}\Setup.exe"

DivX Content Uploader-->C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER

DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN

Drumagog 4-->C:\WINDOWS\iun6002.exe "C:\Program Files\Drumagog40\irunin.ini"

DScaler 4.1.10-->"C:\Program Files\DScaler\unins000.exe"

DVD Decrypter (Remove Only)-->"C:\Program Files\DVD Decrypter\uninstall.exe"

DVD Flick-->"C:\Program Files\DVD Flick\unins000.exe"

DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe"

DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.0.6.0-->"C:\Program Files\DVDFab 5\unins000.exe"

DVDFab Platinum 3.0.5.0-->"C:\Program Files\DVDFab Platinum 3\unins000.exe"

Easy AVI/VCD/DVD/MPEG Converter-->"C:\Program Files\Easy AVI VCD DVD MPEG Converter\unins000.exe"

EasyRecovery Professional-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{268723B7-A994-4286-9F85-B974D5CAFC7B} /l1033

eMule-->"C:\Program Files\eMule\Uninstall.exe"

ESET Online Scanner-->C:\WINDOWS\system32\OnlineScannerUninstaller.exe

EWS88 MT/D ControlPanel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{70FED6A0-574B-11D4-8398-0800096F616B}\Setup.exe" -uninst

EZdrummer-->MsiExec.exe /I{43E8D9E7-AFC9-4BA3-8106-B95E02B87AB7}

FLAC Installer 1.1.3b (remove only)-->C:\Program Files\FLAC\uninstall.exe

FontFrenzy-->MsiExec.exe /X{A52ACD6B-238E-44C8-90B5-C57BA8926C57}

Fx ReSound-->C:\PROGRA~1\FXRESO~1\UNWISE.EXE C:\PROGRA~1\FXRESO~1\INSTALL.LOG

GetRight-->C:\Program Files\GetRight\GETRIGHT.EXE /UNINSTALL

Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}

HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall

Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"

Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"

Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"

HxD Hex Editor version 1.7.6.3-->"C:\Program Files\HxD\unins000.exe"

ICQ-->C:\PROGRA~1\ICQ\ICQUninstall.EXE

ieSpell 2.2.0 (build 647)-->"C:\Program Files\ieSpell\uninst.exe"

IK Multimedia Amplitube DX/VST/RTAS v2.0-->C:\PROGRA~1\IKMULT~1\AMPLIT~1\UNWISE.EXE C:\PROGRA~1\IKMULT~1\AMPLIT~1\INSTALL.LOG

ImgBurn (Remove Only)-->"C:\Program Files\ImgBurn\uninstall.exe"

InterActual Player-->C:\Program Files\InterActual\InterActual Player\inuninst.exe

InterVideo WinDVR 3-->"C:\Program Files\InstallShield Installation Information\{6BF4613C-0A46-43AA-8FA8-0CB9F2C1A548}\setup.exe" REMOVEALL

IsoBuster 2.0-->"C:\Program Files\Smart Projects\IsoBuster\Uninst\unins000.exe"

iTunes-->MsiExec.exe /I{3DE0053C-FD9A-483E-B7C9-B06E4392206E}

iZotope Ozone DX v2.0.1-->C:\PROGRA~1\iZotope\OzoneDX2\UNWISE.EXE C:\PROGRA~1\iZotope\OzoneDX2\INSTALL.LOG

Java 6 Update 10-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}

Java 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}

Kazaa Lite Revolution 2.6 English-->"C:\Program Files\Kazaa Lite Revolution\unins000.exe"

K-Lite Codec Pack 4.1.7 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"

LG USB Modem driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C3ABE126-2BB2-4246-BFE1-6797679B3579}\Setup.exe" -l0x9 LG

LimeWire PRO 4.10.0-->"C:\Program Files\LimeWire\uninstall.exe"

LiveUpdate BVRP Software-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe" -l0x9

Macromedia Dreamweaver MX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8B4AB829-DFD3-436D-B808-D9733D76C590}\Setup.exe" -l0x9 mmUninstall

Macromedia Extension Manager-->MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}

Macromedia Flash 8 Video Encoder-->MsiExec.exe /X{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}

Macromedia Flash 8-->MsiExec.exe /I{2BD5C305-1B27-4D41-B690-7A61172D2FEB}

Macromedia Flash MX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}\Setup.exe" -l0x9 UNINSTALL

Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"

MediaPortal-->MsiExec.exe /I{E95FD367-B0A7-420B-A95A-E8888D3C0C99}

Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"

Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}

Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"

Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"

Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"

Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}

mIRC-->"C:\Program Files\mIRC\mirc.exe" -uninstall

MKVtoolnix 2.2.0-->C:\Program Files\MKVtoolnix\uninst.exe

mobile PhoneTools-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F18E8A0F-BE99-4305-96A5-6C0FD9D7D999}\setup.exe" -l0x9

Motorola Handset USB Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44B3522B-195C-488D-84AC-9526FA99CB73}\Setup.exe"

Move Networks Player for Internet Explorer-->"C:\Documents and Settings\Deege\Application Data\Move Networks\ie_bin\unins000.exe"

Mozilla Firefox (2.0.0.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe

Mpeg2Decoder 1.1-->"C:\Program Files\Mpeg2Decoder\unins000.exe"

MSN Music Assistant-->rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall

MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}

MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}

MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}

MySpaceIM-->C:\Program Files\MySpace\IM\Uninstall.exe

neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}

Netscape (7.1)-->C:\WINDOWS\NSUninst.exe /ua "7.1b1 (en)"

Nomad Factory Rock Amp Legends VST v1.0-->C:\PROGRA~1\STEINB~1\VSTPLU~1\NOMADF~1\UNWISE.EXE C:\PROGRA~1\STEINB~1\VSTPLU~1\NOMADF~1\INSTALL.LOG

Paint Shop Pro 7 Try And Buy-->MsiExec.exe /I{D6DE02C7-1F47-11D4-9515-00105AE4B89A}

PayPal Plug-In-->C:\Program Files\InstallShield Installation Information\{73317C31-2B6E-4B88-9865-B97C1331A39D}\setup.exe -runfromtemp -l0x0009 -removeonly

PC Inspector File Recovery-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0DD140D3-9563-481E-AA75-BA457CBDAEF2}\Setup.exe" -l0x9

PE Builder 3.1.10-->"c:\pebuilder3110a\unins000.exe"

PHASE 88 ControlPanel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FEF82C7B-A738-4EE2-9600-39895B21506F}\setup.exe" -l0x9

PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall

PowerISO-->"C:\Program Files\PowerISO\uninstall.exe"

PreSonus 1394 Audio Driver V2.14.25 (FIREPOD)-->C:\Program Files\PreSonus\1394AudioDriver_FIREPOD\uninst.exe Software\PreSonus\1394AudioDriver_FIREPOD\Setup

PrimoPDF Redistribution Package-->MsiExec.exe /I{885744A4-1A01-44B0-858A-0AE6738CBCF7}

PrimoPDF-->"C:\WINDOWS\PrimoPDF\uninstall.exe" "/U:C:\Program Files\activePDF\PrimoPDF\Uninstall\uninstall.xml"

PSP VintageWarmer 2.0.0-->"C:\Program Files\PSPaudioware\PSP VintageWarmer 2.0.0\uninstall.exe" "/U:C:\Program Files\PSPaudioware\PSP VintageWarmer 2.0.0\irunin.xml"

QuickTime Alternative 2.7.0-->"C:\Program Files\QuickTime Alternative\unins000.exe"

RapidLeecher-->MsiExec.exe /I{B3940EA5-7872-487E-AF15-CF20DBD65F1B}

RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

Renamer (remove only)-->"C:\Program Files\Renamer\UnInstall.exe"

ReValver-->C:\Audio\ReValver\UNWISE.EXE C:\Audio\ReValver\INSTALL.LOG

RichFX Player-->RunDll32 C:\PROGRA~1\COMMON~1\RichFX\npvpg004.dll,Uninstall_Player

Riva FLV Encoder 2.0-->"C:\Program Files\Riva\Riva FLV Encoder 2.0\unins000.exe"

Riva Producer Lite-->"C:\Program Files\Riva\Riva Producer Lite\unins000.exe"

River Past Audio Converter-->C:\WINDOWS\Audio Converter Uninstaller.exe

SeaTools for Windows-->MsiExec.exe /I{98613C99-1399-416C-A07C-1EE1C585D872}

Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"

Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"

Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"

Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"

Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"

Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"

Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"

Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"

Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"

Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"

Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"

Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"

Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"

Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"

Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"

Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"

Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"

Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"

Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"

Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"

Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"

SmartFTP-->MsiExec.exe /I{11C762F9-95EA-486A-A8E7-683A50C231C1}

Sophos Anti-Rootkit 1.3.1-->C:\Program Files\Sophos\Sophos Anti-Rootkit\helper.exe remove

Sothink SWF Decompiler-->"C:\Program Files\SourceTec\Sothink SWF Decompiler\unins000.exe"

Soulseek Client 152-->C:\WINDOWS\UnGins.exe "C:\Program Files\Soulseek\install.log"

SoulSeek Client 156c-->"C:\Program Files\Soulseek\uninstall.exe"

Sowedoo Easy PDF Converter 6.0-->MsiExec.exe /I{91C6161E-1F6E-4907-B37A-27D520BDC070}

SpinAudio VSTDX Wrapper 1.0 Demo-->C:\Program Files\Spin Audio\VSTDX Wrapper\wruninst.exe

SpinAudio VST-DX Wrapper Lite-->C:\Program Files\Spin Audio\VSTDX Wrapper Lite\wluninst.exe

Spybot - Search & Destroy 1.5.2.20-->"C:\WINDOWS\unins001.exe"

Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins001.exe"

Steinberg Cubase LE-->"C:\Program Files\Steinberg\Cubase LE\Uninstall.exe" "C:\Program Files\Steinberg\Cubase LE\Install.log"

Steinberg Freefilter v1.2-->C:\PROGRA~1\SPECTR~1\FREEFI~1\UNWISE.EXE C:\PROGRA~1\SPECTR~1\FREEFI~1\INSTALL.LOG

Streambox Vcr Suite 2-->"C:\Program Files\StreamboxVcrSuite2\unins000.exe"

SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}

SurfOffline (remove only)-->"C:\Program Files\SurfOffline\uninstall.exe"

The FilmMachine 1.5.4-->"C:\Program Files\The FilmMachine\unins000.exe"

TMPGEnc 4.0 XPress-->MsiExec.exe /I{FC5495CB-CDA5-4DCE-99DF-D1567DAF5A86}

T-RackS 24 Demo-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IK Multimedia\T-RackS 24 Demo\Uninst.isu"

T-RackS 24 v2.0.1-->C:\Audio\IKMULT~1\T-RACK~1\UNWISE.EXE C:\Audio\IKMULT~1\T-RACK~1\INSTALL.LOG

Tweak UI-->"C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta"

Ulead Straight-to-Disc SDK-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8D2C1E44-7685-4D05-8342-B0DC6422FA47}\Setup.exe" -l0x9

Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"

Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"

URL Snooper v2.03.08-->"C:\Program Files\URLSnooper2\unins000.exe"

V CAST Music Manager -->C:\PROGRA~1\VERIZO~1\VCASTM~1\Setup.exe /remove /q0

VB:FFX-4 Rack-->C:\Program Files\VB\FFX4\uninst.exe C:\Program Files\VB\FFX4

VideoLAN VLC media player 0.8.2-->C:\Program Files\VideoLAN\VLC\uninstall.exe

VOB2MPG 2.3-->MsiExec.exe /I{78EFA95D-3310-4035-815B-A46BA4D0C6FA}

VobSub v2.23 (Remove Only)-->"C:\Program Files\Gabest\VobSub\uninstall.exe"

Wal-Mart Music Downloads Store-->MsiExec.exe /I{DC9E2F1C-CC14-41B0-AFF5-2AFE87B76A1F}

Warp VST V1.0-->C:\WARPVS~1.0\UNWISE.EXE C:\WARPVS~1.0\INSTALL.LOG

Waves Diamond Bundle v5.0-->C:\PROGRA~1\Waves\UNINST~1\UNWISE.EXE C:\PROGRA~1\Waves\UNINST~1\INSTALL.LOG

Waves Vocal Bundle v1.1-->C:\PROGRA~1\Waves\AIRLOG~1\WAVESV~1\UNWISE.EXE C:\PROGRA~1\Waves\AIRLOG~1\WAVESV~1\INSTALL.LOG

Web Album Generator 1.6.5-->"C:\Program Files\Web Album Generator\unins000.exe"

Web Image Guru, version 5.5.7-->C:\PROGRA~1\VIMAS\WEBIMA~1\UNWISE.EXE C:\PROGRA~1\VIMAS\WEBIMA~1\INSTALL.LOG

Winamp-->"C:\Program Files\Winamp\UninstWA.exe"

WinAVIVideoConverter-->"C:\Program Files\WinAVIVideoConverter\unins000.exe"

Windows Live Messenger-->MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}

Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll

Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"

Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall

Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"

Windows Support Tools-->MsiExec.exe /I{89B078C4-50B0-453E-BF53-3A7E6A0D85FA}

Windows Vista Upgrade Advisor-->MsiExec.exe /I{B79FBFDD-8B0C-4B8E-B70E-499E39978281}

Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

WinFast Entertainment Center(WDM Driver)-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BE4AA694-815A-4045-BD49-C94F2BED7458}\setup.exe"

WinFast PVR-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C882DE6B-1482-42D6-A7C2-A9F946EDBAF6}\setup.exe"

WinFast TV USB II(Driver)-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5F3D1B82-82EE-410B-8BD3-38671F6B64F8}\Setup.exe" -l0x9 -removeonly

WinPcap 3.1 beta4-->"C:\Program Files\WinPcap\Uninstall.exe" "C:\Program Files\WinPcap\install.log"

WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

Xara Dreamweaver Extension 1.03-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4498655A-94A6-4F12-929B-D8D6DCA5E0AF}\setup.exe" -l0x9

Xara Menu Maker 1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{123D74B2-4F4F-4056-8313-5F1C9FEE332E}\setup.exe"

Xara Webstyle 4-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B1656A3E-2744-48B2-95EA-52C4A316551B}\setup.exe" -l0x9

Yahoo! Internet Mail-->C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\ymmapi.dll

Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG

Yahoo! Photos Print-at-Home Tool-->C:\WINDOWS\unins000.exe

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe

"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\Support Tools;C:\Program Files\QuickTime\QTSystem

"windir"=%SystemRoot%

"OS"=Windows_NT

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_LEVEL"=6

"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 10 Stepping 0, AuthenticAMD

"PROCESSOR_REVISION"=0a00

"NUMBER_OF_PROCESSORS"=1

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"FP_NO_HOST_CHECK"=NO

-----------------EOF-----------------

Link to post
Share on other sites

Hi ;)

GMER does not warn me of rootkit activity - however, after a minute or two into the rootkit scan, my computer automatically restarts itself with no warning. I tried it twice - the 2nd time it restarted right around the time it was scanning the /devices/

Ok I will address this issue in my next post, in the meantime please refrain from running any self fixes and or installing any security related applications please. As this will actually hinder the malware removal process, thank you.

Also you appear to have several P2P applications installed, please refrain form using these please for this reason:

P2P may be a great way to get lots of stuff, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well. My advice avoid these types of software applications.

In the meantime please carry out one of my prior instructions as this is very necessary!

Note: If you actually do have a Anti-Virus software installed and it is either been disabled or inactive due to the malware infections present, do not carry out the below and inform myself in your next reply please, thank you.

Please bare in mind the fact I am unavailable all day Sunday and I will post back with the next course of action this coming Monday, thank you.

Link to post
Share on other sites

Hi ;)

Some advice about the recently installed application SUPERAntiSpyware:

CAUTION: SuperAntiSpyware comes with a program called Bootsafe, do not for any reason use this program, if used on an infected computer it could render it UNBOOTABLE.

Next:

Since you have recently run the application ComboFix, I would like to view the log produced please, it can be located here:

Using Windows Explorer (to get there right-click your Start button and go to "Explore")

C:\ComboFix.txt

When completed the above, please post back the following:

  • ComboFix.txt
  • A new HijackThis Log
Link to post
Share on other sites

ComboFix 08-11-05.02 - Deege 2008-11-06 2:02:53.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.639 [GMT -5:00]

Running from: c:\documents and settings\Deege\Desktop\ComboFix.exe

* Created a new restore point

.

((((((((((((((((((((((((( Files Created from 2008-10-06 to 2008-11-06 )))))))))))))))))))))))))))))))

.

2008-11-06 01:50 . 2008-11-06 01:55 <DIR> d-------- c:\program files\XoftSpySE

2008-11-06 01:38 . 2008-11-06 01:38 <DIR> d-------- c:\windows\system32\drivers\moved

2008-11-06 00:25 . 2008-11-06 00:25 <DIR> d-------- c:\program files\SUPERAntiSpyware

2008-11-06 00:25 . 2008-11-06 00:25 <DIR> d-------- c:\documents and settings\Deege\Application Data\SUPERAntiSpyware.com

2008-11-06 00:25 . 2008-11-06 00:25 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2008-11-06 00:25 . 2008-11-06 00:25 410,976 --a------ c:\windows\system32\deploytk.dll

2008-11-06 00:14 . 2008-11-06 00:14 <DIR> d-------- c:\program files\CCleaner

2008-11-06 00:04 . 2008-11-06 01:04 <DIR> d-------- c:\documents and settings\All Users\Application Data\Google Updater

2008-11-03 03:17 . 2008-09-06 15:09 90,112 --a------ c:\windows\system32\QuickTimeVR.qtx

2008-11-03 03:17 . 2008-09-06 15:09 57,344 --a------ c:\windows\system32\QuickTime.qts

2008-11-03 02:32 . 2008-11-03 03:17 <DIR> d-------- c:\program files\QuickTime Alternative

2008-10-26 02:11 . 2008-10-26 02:19 <DIR> d-------- c:\program files\EsetOnlineScanner

2008-10-26 02:08 . 2008-10-26 02:08 <DIR> d-------- c:\documents and settings\All Users\Application Data\Office Genuine Advantage

2008-10-25 19:56 . 2003-06-25 15:05 266,360 --a------ c:\windows\system32\TweakUI.exe

2008-10-25 19:56 . 2002-06-21 14:09 160,217 --a------ c:\windows\system32\PowerToysLicense.rtf

2008-10-25 19:42 . 2008-10-25 19:42 <DIR> d-------- c:\documents and settings\Administrator.DEEGER\Application Data\Malwarebytes

2008-10-25 19:34 . 2008-10-25 19:34 0 --a------ c:\windows\system32\SEF

2008-10-25 05:08 . 2008-10-25 05:08 <DIR> d-------- c:\program files\Sophos

2008-10-25 05:01 . 2008-10-25 19:51 250 --a------ c:\windows\gmer.ini

2008-10-24 04:25 . 2008-10-15 11:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll

2008-10-21 18:42 . 2008-10-21 18:42 0 --a------ c:\windows\system32\CIYZYF

2008-10-21 18:39 . 2008-10-21 18:39 0 --a------ c:\windows\system32\ERRYNGLEYNC

2008-10-21 10:54 . 2008-10-21 15:43 7 --a------ c:\windows\system32\axt.bin

2008-10-21 10:34 . 2008-10-21 10:34 8,576 --a------ c:\windows\system32\drivers\TMPassthru.sys

2008-10-21 10:34 . 2008-10-21 10:34 664 --a------ c:\windows\system32\adr95.bin

2008-10-16 03:10 . 2008-10-16 03:10 <DIR> d-------- c:\program files\coverXP

2008-10-15 20:51 . 2008-09-08 05:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys

2008-10-15 20:50 . 2008-08-14 05:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe

2008-10-15 20:50 . 2008-08-14 05:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe

2008-10-15 20:50 . 2008-08-14 04:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe

2008-10-15 20:50 . 2008-08-14 04:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe

2008-10-15 20:50 . 2008-09-15 07:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-11-06 06:07 --------- d-----w c:\program files\Common Files\Adobe

2008-11-06 06:06 --------- d-----w c:\program files\Google

2008-11-06 05:25 --------- d-----w c:\program files\Java

2008-11-06 05:25 --------- d-----w c:\program files\Common Files\Wise Installation Wizard

2008-11-06 05:21 --------- d-----w c:\program files\GetRight

2008-11-06 05:21 --------- d-----w c:\documents and settings\Deege\Application Data\ImgBurn

2008-11-06 05:21 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2008-11-06 05:06 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP

2008-11-05 07:13 --------- d-----w c:\documents and settings\Deege\Application Data\dvdcss

2008-11-03 08:17 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer

2008-11-03 07:54 --------- d-----w c:\program files\Apple Software Update

2008-11-03 07:36 --------- d-----w c:\documents and settings\All Users\Application Data\WholeSecurity

2008-11-03 07:32 --------- d-----w c:\documents and settings\Deege\Application Data\Apple Computer

2008-10-30 00:47 --------- d-----w c:\documents and settings\All Users\Application Data\DVD Shrink

2008-10-25 09:56 --------- d-----w c:\program files\Malwarebytes' Anti-Malware

2008-10-25 09:20 --------- d-----w c:\program files\Soulseek

2008-10-22 20:10 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys

2008-10-22 20:10 15,504 ----a-w c:\windows\system32\drivers\mbam.sys

2008-10-18 06:13 --------- d-----w c:\documents and settings\Deege\Application Data\Vso

2008-10-17 08:03 --------- d-----w c:\program files\mIRC

2008-10-05 06:54 --------- d-----w c:\program files\DVDFab 5

2008-10-05 06:47 --------- d-----w c:\program files\DVDFab Platinum 3

2008-10-05 06:46 87,608 ----a-w c:\documents and settings\Deege\Application Data\ezpinst.exe

2008-10-05 06:46 47,360 ----a-w c:\windows\system32\drivers\pcouffin.sys

2008-10-05 06:46 47,360 ----a-w c:\documents and settings\Deege\Application Data\pcouffin.sys

2008-10-04 21:08 --------- d-----w c:\documents and settings\Deege\Application Data\DVD Flick

2008-09-29 06:44 --------- d-----w c:\program files\MSN Messenger

2008-09-29 05:37 --------- d-----w c:\documents and settings\Deege\Application Data\Media Player Classic

2008-09-17 05:47 --------- d-----w c:\program files\Common Files\Ahead

2008-09-17 05:47 --------- d-----w c:\program files\Ahead

2008-09-17 05:29 --------- d-----w c:\documents and settings\All Users\Application Data\zozqrebg

2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys

2008-09-15 02:32 --------- d--h--w c:\program files\InstallShield Installation Information

2008-09-14 12:21 --------- d-----w c:\program files\Trend Micro

2008-09-14 12:12 --------- d-----w c:\program files\FTP Explorer

2008-09-14 11:55 --------- d-----w c:\documents and settings\Deege\Application Data\GlobalSCAPE

2008-09-14 11:53 --------- d-----w c:\program files\GlobalSCAPE

2008-09-14 08:18 --------- d-----w c:\program files\SmartFTP Client 2.0 Setup Files

2008-09-13 08:00 102,664 ----a-w c:\windows\system32\drivers\tmcomm.sys

2008-09-13 01:56 --------- d-----w c:\documents and settings\Deege\Application Data\Malwarebytes

2008-09-13 01:56 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes

2008-09-13 00:51 --------- d-----w c:\program files\Spybot - Search & Destroy

2008-09-08 10:41 333,824 ----a-w c:\windows\system32\drivers\srv.sys

2008-08-26 07:24 826,368 ----a-w c:\windows\system32\wininet.dll

2008-08-14 10:11 2,189,184 ----a-w c:\windows\system32\ntoskrnl.exe

2008-08-14 09:33 2,066,048 ----a-w c:\windows\system32\ntkrnlpa.exe

2005-12-14 06:13 36 ----a-w c:\documents and settings\Deege\klextlock.dat

2002-04-16 15:26 333 ----a-w c:\program files\about

2002-04-16 14:35 195,072 ----a-w c:\program files\lame.exe

2002-04-16 14:35 145,920 ----a-w c:\program files\lame_enc.dll

2002-01-22 05:24 25,632 ----a-w c:\program files\USAGE

2002-01-22 05:19 1,801 ----a-w c:\program files\README

2001-02-05 10:56 707 ----a-w c:\program files\LICENSE

2000-03-08 12:37 30 ----a-w c:\program files\FILE_ID.DIZ

1999-11-24 17:40 25,292 ----a-w c:\program files\COPYING

2008-06-21 06:18 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008062120080622\index.dat

.

((((((((((((((((((((((((((((( snapshot@2008-10-26_ 3.46.52.98 )))))))))))))))))))))))))))))))))))))))))

.

- 2005-10-21 00:02:28 163,328 ----a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE

+ 2005-10-21 01:02:28 163,328 ----a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE

+ 2008-11-06 06:06:45 26,694 ----a-r c:\windows\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\ARPPRODUCTICON.exe

+ 2008-11-06 06:06:45 26,694 ----a-r c:\windows\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\googleearth.exe_407B9B5CDAC54F44A756B57CAB4E6A8B.exe

+ 2008-11-06 06:06:45 26,694 ----a-r c:\windows\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\googleearth.exe1_407B9B5CDAC54F44A756B57CAB4E6A8B.exe

+ 2008-11-06 06:06:45 26,694 ----a-r c:\windows\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\ShortcutDX_EB071909B9884F8CBF3D6115D4ADEE5E.exe

+ 2008-11-06 06:06:45 26,694 ----a-r c:\windows\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\ShortcutOGL_EB071909B9884F8CBF3D6115D4ADEE5E.exe

+ 2008-11-06 06:06:45 26,694 ----a-r c:\windows\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\UNINST_Uninstall_G_408FFBEED62349E08B232864A94D2864.exe

+ 2008-11-03 07:53:13 27,136 ----a-r c:\windows\Installer\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}\AppleSoftwareUpdateIco.exe

+ 2008-11-06 06:08:20 295,606 ----a-r c:\windows\Installer\{AC76BA86-7AD7-1033-7B44-A81200000003}\SC_Reader.exe

+ 2008-11-06 05:25:53 18,944 ----a-r c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe

+ 2008-11-06 05:25:53 65,024 ----a-r c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe

- 2000-08-31 12:00:00 28,672 ----a-w c:\windows\NIRCMD.exe

+ 2000-08-31 13:00:00 28,672 ----a-w c:\windows\NIRCMD.exe

- 2000-08-31 12:00:00 161,792 ----a-w c:\windows\SWREG.exe

+ 2000-08-31 13:00:00 161,792 ----a-w c:\windows\SWREG.exe

- 2007-09-25 03:30:28 135,168 ----a-w c:\windows\system32\java.exe

+ 2008-11-06 05:25:12 144,792 ----a-w c:\windows\system32\java.exe

- 2007-09-25 03:30:30 135,168 ----a-w c:\windows\system32\javaw.exe

+ 2008-11-06 05:25:12 144,792 ----a-w c:\windows\system32\javaw.exe

- 2007-09-25 04:31:42 139,264 ----a-w c:\windows\system32\javaws.exe

+ 2008-11-06 05:25:12 148,888 ----a-w c:\windows\system32\javaws.exe

- 2008-06-21 06:20:32 63,528 ----a-w c:\windows\system32\perfc009.dat

+ 2008-11-03 07:56:14 63,528 ----a-w c:\windows\system32\perfc009.dat

- 2008-06-21 06:20:32 406,328 ----a-w c:\windows\system32\perfh009.dat

+ 2008-11-03 07:56:14 406,328 ----a-w c:\windows\system32\perfh009.dat

+ 2008-11-06 06:42:45 16,384 ----atw c:\windows\temp\Perflib_Perfdata_770.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-06 136600]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2007-12-18 8720384]

c:\documents and settings\Deege\Start Menu\Programs\Startup\

Shortcut to Cerberus.exe.lnk - c:\program files\Cerberus\Cerberus.exe [2006-09-11 3481600]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

FirePod Control Panel.lnk - c:\program files\PreSonus\1394AudioDriver_FIREPOD\FIREPOD.exe [2007-03-09 1069056]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2008-07-23 16:28 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TMPassthru.sys]

@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^Deege^Start Menu^Programs^Startup^Adobe Gamma.lnk]

path=c:\documents and settings\Deege\Start Menu\Programs\Startup\Adobe Gamma.lnk

backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Deege^Start Menu^Programs^Startup^Cerberus FTP Server.lnk]

path=c:\documents and settings\Deege\Start Menu\Programs\Startup\Cerberus FTP Server.lnk

backup=c:\windows\pss\Cerberus FTP Server.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Deege^Start Menu^Programs^Startup^GetRight - Tray Icon.lnk]

path=c:\documents and settings\Deege\Start Menu\Programs\Startup\GetRight - Tray Icon.lnk

backup=c:\windows\pss\GetRight - Tray Icon.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Deege^Start Menu^Programs^Startup^Shortcut to Cerberus.exe.lnk]

path=c:\documents and settings\Deege\Start Menu\Programs\Startup\Shortcut to Cerberus.exe.lnk

backup=c:\windows\pss\Shortcut to Cerberus.exe.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gkityqda]

c:\documents and settings\Deege\My Documents\?ymbols\t?skmgr.exe [?]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]

--a------ 2004-08-10 10:37 61440 c:\program files\AIM\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]

--a------ 2008-07-22 19:42 116040 c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

--a------ 2008-04-13 19:12 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeadAIM]

--a------ 2004-04-10 22:51 144896 c:\progra~1\AIM\DeadAIM.ocm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

--a------ 2005-02-16 16:15 221184 c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

--a------ 2008-07-30 09:47 289064 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kdx]

--a------ 2007-03-15 14:57 1033800 c:\program files\Kontiki\KHost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

--a------ 2007-01-19 11:54 5674352 c:\program files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]

--a------ 2007-12-18 20:47 8720384 c:\program files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]

--a------ 2001-07-09 10:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]

--a------ 2008-01-20 02:05 217088 c:\program files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

--a------ 2005-01-12 02:01 32768 c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2007-09-25 01:11 132496 c:\program files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwPrnMon]

-ra------ 2005-09-29 14:20 548864 c:\program files\Common Files\Sowedoo Shared\Sowedoo PDF Printer V4\SwPrnMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

--a------ 2008-08-12 04:23 185896 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinDVR SchSvr]

--a------ 2005-02-16 23:03 106496 c:\program files\Common Files\InterVideo\SchSvr\SchSvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFast Schedule]

--a------ 2005-05-04 16:51 282624 c:\program files\WinFast\WFTVFM\WFWIZ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]

--a------ 2006-11-30 21:49 4662776 c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"IDriverT"=3 (0x3)

"iPodService"=3 (0x3)

"ZuneNetworkSvc"=3 (0x3)

"iPod Service"=3 (0x3)

"Apple Mobile Device"=2 (0x2)

"WMPNetworkSvc"=3 (0x3)

"usnjsvc"=3 (0x3)

"Adobe LM Service"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\AIM\\aim.exe"=

"c:\\Program Files\\Cerberus\\Cerberus.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=

"c:\\Program Files\\ICQ\\Icq.exe"=

"c:\\Program Files\\SmartFTP\\SmartFTP.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\\Program Files\\Soulseek\\slsk.exe"=

"c:\\Program Files\\mIRC\\mirc.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Direct Connect\\Direct Connect.exe"=

"c:\\Program Files\\Macromedia\\Dreamweaver MX\\Dreamweaver.exe"=

"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

"c:\\Program Files\\BitTornado\\btdownloadgui.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\Kontiki\\KService.exe"=

"c:\\Program Files\\Team MediaPortal\\MediaPortal\\MediaPortal.exe"=

"c:\\Program Files\\eMule\\emule.exe"=

"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"c:\\Program Files\\MSN Messenger\\livecall.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\GlobalSCAPE\\CuteFTP 8 Professional\\ftpte.exe"=

"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=

R1 TMPassthruMP;TMPassthruMP;c:\windows\system32\DRIVERS\TMPassthru.sys [2008-10-21 8576]

R2 BT848;WinFast TV2000 XP WDM Video Capture;c:\windows\system32\drivers\wf2kvcap.sys [2004-10-04 75925]

R2 JavaQuickStarterService;Java Quick Starter;c:\program files\Java\jre6\bin\jqs.exe [2008-11-06 152984]

R2 tv2ktunr;WinFast TV2000 XP WDM TVTuner;c:\windows\system32\drivers\wf2ktunr.sys [2004-10-04 36423]

R2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar;c:\windows\system32\drivers\wf2kxbar.sys [2004-10-04 10005]

R3 ews88mt;EWS88 WDM Audio;c:\windows\system32\drivers\ews88wdm.sys [2002-06-13 149256]

S3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\5.tmp [ ]

S3 pae_1394;pae_1394;c:\windows\system32\Drivers\pae_1394.sys [2005-06-09 111616]

S3 pae_avs;pae_avs;c:\windows\system32\Drivers\pae_avs.sys [2005-06-09 27136]

S3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFTVFM\WFIOCTL.SYS [2005-01-06 9446]

S4 BTDZ;BTDZ;c:\docume~1\Deege\LOCALS~1\Temp\BTDZ.exe [ ]

S4 NFSTE;NFSTE;c:\docume~1\Deege\LOCALS~1\Temp\NFSTE.exe [ ]

S4 QBQKRDDKN;QBQKRDDKN;c:\docume~1\Deege\LOCALS~1\Temp\QBQKRDDKN.exe [ ]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]

\Shell\AutoRun\command - H:\Setup.exe -auto

.

Contents of the 'Scheduled Tasks' folder

2008-11-06 c:\windows\Tasks\859B293E9A10D756.job

- c:\docume~1\deege\applic~1\2comp~1\roam vc mfcd.exe []

2008-11-04 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

.

- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\qttask.exe

.

------- Supplementary Scan -------

.

FireFox -: Profile - c:\documents and settings\Deege\Application Data\Mozilla\Firefox\Profiles\8kqe0byr.default\

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-11-06 02:06:47

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MEMSWEEP2]

"ImagePath"="\??\c:\windows\system32\5.tmp"

.

Completion time: 2008-11-06 2:12:10

ComboFix-quarantined-files.txt 2008-11-06 07:11:08

ComboFix2.txt 2008-10-26 07:47:48

Pre-Run: 53,312,679,936 bytes free

Post-Run: 53,318,746,112 bytes free

279 --- E O F --- 2008-10-25 07:01:15

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 8:13:08 AM, on 11/10/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\BitTornado\btdownloadgui.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mms.beer.com/

N3 - Netscape 7: # Mozilla User Preferences

/* Do not edit this file.

*

* If you make changes to this file while the browser is running,

* the changes will be overwritten when the browser exits.

*

* To make a manual change to preferences, you can visit the URL about:config

* For more information, see http://www.mozilla.org/unix/customizing.html#prefs

*/

user_pref("browser.activation.checkedNNFlag", true);

user_pref("browser.bookmarks.added_static_root", true);

user_pref("browser.cache.disk.parent_directory", "C:\\DOCUMENTS AND SETTINGS\\DEEGE\\APPLICATION DATA\\Mozilla\\Profiles\\default\\ivskorpv.slt");

user_pref("browser.download.dir", "C:\\Documents and Settings\\Deege\\Desktop");

user_pref("browser.search.defaultengine", "http://www.google.com/");

user_pref("browser.startup.homepage", "http://home.netscape.com/");

user_pref("browser.startup.homepage_override.mstone", "rv:1.4");

user_pref("browser.turbo.showDialog", true);

user_pref("editor.history_title_0", "www.SDMFworldwide.com ~ View topic - T

N3 - Netscape 7: # Mozilla User Preferences

/* Do not edit this file.

*

* If you make changes to this file while the browser is running,

* the changes will be overwritten when the browser exits.

*

* To make a manual change to preferences, you can visit the URL about:config

* For more information, see http://www.mozilla.org/unix/customizing.html#prefs

*/

user_pref("browser.activation.checkedNNFlag", true);

user_pref("browser.bookmarks.added_static_root", true);

user_pref("browser.cache.disk.parent_directory", "C:\\DOCUMENTS AND SETTINGS\\DEEGE\\APPLICATION DATA\\Mozilla\\Profiles\\default\\ivskorpv.slt");

user_pref("browser.download.dir", "C:\\Documents and Settings\\Deege\\Desktop");

user_pref("browser.search.defaultengine", "http://www.google.com/");

user_pref("browser.startup.homepage", "http://home.netscape.com/");

user_pref("browser.startup.homepage_override.mstone", "rv:1.4");

user_pref("browser.turbo.showDialog", true);

user_pref("editor.history_title_0", "www.SDMFworldwide.com ~ View topic - T

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')

O4 - Startup: Shortcut to Cerberus.exe.lnk = C:\Program Files\Cerberus\Cerberus.exe

O4 - Global Startup: FirePod Control Panel.lnk = C:\Program Files\PreSonus\1394AudioDriver_FIREPOD\FIREPOD.exe

O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM

O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM

O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm

O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm

O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll

O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab

O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-48.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1163579087109

O16 - DPF: {CE74A05D-ED12-473A-97F8-85FB0E2F479F} (dlControl.UserControl1) - http://www.livemetallica.com/nugster/dlControl.CAB

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: ZKMP - Sysinternals - www.sysinternals.com - C:\DOCUME~1\Deege\LOCALS~1\Temp\ZKMP.exe

--

End of file - 6491 bytes

Link to post
Share on other sites

Hi ;)

Could you explain please as too the reason no Anti-Virus software has been installed. Is this due to your own choice and or some problem installing the aforementioned?

Next:

Before commencing with any of the below please make sure you are logged into the Computer Administrator account for this machine.

Your Adobe Reader is out of date:

Older versions may have vulnerabilities that malware can use to infect your system.

Please download Adobe Reader 9 to your PC's desktop.

  • Uninstall Adobe Reader 8.1.2 via Start > Control Panel > Add/Remove Programs
  • Install the new downloaded updated software.

Note: Adobe (Acrobat) 9 is a large program and if you prefer a smaller program you can get Foxit 2.3 instead.

Next:

You have a old version of Java presently installed. Older versions may have vulnerabilities that malware can use to infect your system. Removing this will not affect your current up to date version.

Now please go to Start >> Control Panel >> Add/Remove Programs and remove the following (if present):

Java

Link to post
Share on other sites

I don't have any antivirus programs installed, because quite frankly, they bug me. They usually tend to slow down my computer and bother me more than viruses do LOL (But I do use online scanners very frequently), not to mention Malwarebytes, Spybot, Adaware, etc.

I will run these scanners and post these logs in a few mins.

Link to post
Share on other sites

# version=4

# OnlineScanner.ocx=1.0.0.56

# OnlineScannerDLLA.dll=1, 0, 0, 51

# OnlineScannerDLLW.dll=1, 0, 0, 51

# OnlineScannerUninstaller.exe=1, 0, 0, 49

# vers_standard_module=3602 (20081111)

# vers_arch_module=1.064 (20080214)

# vers_adv_heur_module=1.066 (20070917)

# EOSSerial=aa1c40cf4095634183a71abf3849a6c6

# end=finished

# remove_checked=false

# unwanted_checked=true

# utc_time=2008-11-11 03:37:31

# local_time=2008-11-11 10:37:31 (-0500, Eastern Standard Time)

# country="United States"

# osver=5.1.2600 NT Service Pack 3

# scanned=462888

# found=7

# scan_time=5040

C:\Documents and Settings\Deege\Desktop\Deege's Stuff\Programs\overnet0.52.exe Win32/Adware.UCmore application C86B34078C12A472F5C1933EEA714B7A

C:\Documents and Settings\Deege\Desktop\Deege's Stuff\Programs\overnet0.52.exe

Link to post
Share on other sites

Hi :blink:

I don't have any antivirus programs installed, because quite frankly, they bug me. They usually tend to slow down my computer and bother me more than viruses do LOL (But I do use online scanners very frequently), not to mention Malwarebytes, Spybot, Adaware, etc.

It really is not a good idea not to install a Anti-Virus application and just relying on the various on-line scanners as these for the most part merely highlight a infection and do not remove malware.

Anti-Virus or Anti-Virus Software, this type of software utility is designed to protect a stand alone computer or within a networked environment against computer virus vulnerabilities, if access to the Internet (world wide web) is in use.

Viruses are constantly being evolved by spurious types to attack, mimic and take advantage of flaws in operating systems with out adequate updated security patches and or a updated frequently used protection utility.

If and when a virus is detected the computer will prompt the user for a course of action to be taken, depending on the type of software utility installed/in use.

Since re-infection under your present conditions is a certainty, when you need help again due to running P2P programs and/or no AntiVirus, you may be refused help. You really need to be ready to Reformat and Re-install Windows.

I am only posting this with a interest to both your own and systems online safety.

Before commencing with any of the below please make sure you are logged into the Computer Administrator account for this machine.

Please download OTMoveIT3 to your Desktop.

  • Double-click OTMoveIt3.exe to start the program.
  • Copy the lines from the codebox to the clipboard by highlighting ALL of them and pressing CTRL + B (or, after highlighting, right-click and choose Copy):
:processesexplorer.exe
:FilesC:\WINDOWS\system32\drivers\moved\TMPassthru.sys C:\Program Files\AIM\Sysfiles\WxBug.EXEC:\Documents and Settings\Deege\Desktop\Deege's Stuff\Programs\overnet0.52.exe
:Commands[Purity][EmptyTemp][start Explorer][Reboot]
  • Return to OTMoveIt3, right-click in the "Paste instructions for items to be moved" window (under the yellow bar) and choose Paste
  • Then click the red MoveIt! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of it and pressing CTRL + C (or, after highlighting, right-click and choose Copy), and paste it into your next response.
  • If OTMoveIt asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
  • Close OTMoveIt3.

When completed the above, please post back the following:

  • Inform myself how your computer is running.
  • OTMoveIt3 Log.
  • A new HijackThis Log.
Link to post
Share on other sites

========== PROCESSES ==========

Process explorer.exe killed successfully.

========== FILES ==========

C:\WINDOWS\system32\drivers\moved\TMPassthru.sys moved successfully.

C:\Program Files\AIM\Sysfiles\WxBug.EXE moved successfully.

C:\Documents and Settings\Deege\Desktop\Deege's Stuff\Programs\overnet0.52.exe moved successfully.

========== COMMANDS ==========

User's Temp folder emptied.

User's Temporary Internet Files folder emptied.

User's Internet Explorer cache folder emptied.

Local Service Temp folder emptied.

File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.

Local Service Temporary Internet Files folder emptied.

File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_798.dat scheduled to be deleted on reboot.

Windows Temp folder emptied.

Java cache emptied.

FireFox cache emptied.

Temp folders emptied.

Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.7.0 log created on 11122008_191256

Files moved on Reboot...

File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.

File C:\WINDOWS\temp\Perflib_Perfdata_798.dat not found!

Link to post
Share on other sites

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 7:21:12 PM, on 11/12/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\notepad.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\PreSonus\1394AudioDriver_FIREPOD\FIREPOD.exe

C:\Program Files\Cerberus\Cerberus.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mms.beer.com/

N3 - Netscape 7: # Mozilla User Preferences

/* Do not edit this file.

*

* If you make changes to this file while the browser is running,

* the changes will be overwritten when the browser exits.

*

* To make a manual change to preferences, you can visit the URL about:config

* For more information, see http://www.mozilla.org/unix/customizing.html#prefs

*/

user_pref("browser.activation.checkedNNFlag", true);

user_pref("browser.bookmarks.added_static_root", true);

user_pref("browser.cache.disk.parent_directory", "C:\\DOCUMENTS AND SETTINGS\\DEEGE\\APPLICATION DATA\\Mozilla\\Profiles\\default\\ivskorpv.slt");

user_pref("browser.download.dir", "C:\\Documents and Settings\\Deege\\Desktop");

user_pref("browser.search.defaultengine", "http://www.google.com/");

user_pref("browser.startup.homepage", "http://home.netscape.com/");

user_pref("browser.startup.homepage_override.mstone", "rv:1.4");

user_pref("browser.turbo.showDialog", true);

user_pref("editor.history_title_0", "www.SDMFworldwide.com ~ View topic - T

N3 - Netscape 7: # Mozilla User Preferences

/* Do not edit this file.

*

* If you make changes to this file while the browser is running,

* the changes will be overwritten when the browser exits.

*

* To make a manual change to preferences, you can visit the URL about:config

* For more information, see http://www.mozilla.org/unix/customizing.html#prefs

*/

user_pref("browser.activation.checkedNNFlag", true);

user_pref("browser.bookmarks.added_static_root", true);

user_pref("browser.cache.disk.parent_directory", "C:\\DOCUMENTS AND SETTINGS\\DEEGE\\APPLICATION DATA\\Mozilla\\Profiles\\default\\ivskorpv.slt");

user_pref("browser.download.dir", "C:\\Documents and Settings\\Deege\\Desktop");

user_pref("browser.search.defaultengine", "http://www.google.com/");

user_pref("browser.startup.homepage", "http://home.netscape.com/");

user_pref("browser.startup.homepage_override.mstone", "rv:1.4");

user_pref("browser.turbo.showDialog", true);

user_pref("editor.history_title_0", "www.SDMFworldwide.com ~ View topic - T

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')

O4 - Startup: Shortcut to Cerberus.exe.lnk = C:\Program Files\Cerberus\Cerberus.exe

O4 - Global Startup: FirePod Control Panel.lnk = C:\Program Files\PreSonus\1394AudioDriver_FIREPOD\FIREPOD.exe

O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM

O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM

O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm

O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm

O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll

O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab

O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-48.cab

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/OnlineScanner.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1163579087109

O16 - DPF: {CE74A05D-ED12-473A-97F8-85FB0E2F479F} (dlControl.UserControl1) - http://www.livemetallica.com/nugster/dlControl.CAB

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: ZKMP - Unknown owner - C:\DOCUME~1\Deege\LOCALS~1\Temp\ZKMP.exe (file missing)

--

End of file - 6690 bytes

Link to post
Share on other sites

Hi :blink:

Also, when I started internet explorer, it gave me some warning saying that the system had recovered from a serious error (probably had to do with the attempted delete of that index.dat file maybe?

That is fine.

My computer does seem to be running faster than it has in awhile - could be my imagination though lol

Good :blink:

Congratulations your computer appears to be malware free!

I just have a few clean up process's for your good self to carry out and advice about security and on-line safety etc.

Reset the system restore points:

  • Create a new, clean System Restore point which you can use in case of future system problems:
  • Press Start >> All Programs >> Accessories >> System Tools >> System Restore
  • Select Create a restore point, then Next, type a name like All Clean then press the Create button and once it's done press Close

Now remove old, infected System Restore points:

  • Next click Start >> Run and type cleanmgr in the box and press OK
  • Ensure the boxes for Recycle Bin, Temporary Files and Temporary Internet Files are checked, you can choose to check other boxes if you wish but they are not required.
  • Select the More Options tab, under System Restore press Clean up... and say Yes to the prompt
  • Press OK and Yes to confirm

Clean up with OTMoveIt3

  • Double-click OTMoveIt3.exe to start the program.
  • Close all other programs apart from OTMoveIt2 as this step will require a reboot
  • On the OTMoveIt main screen, press the CleanUp! button
  • Say Yes to the prompt and then allow the program to reboot your computer.

Next:

There is no sign of a software firewall installed on your system. Regardless if using a hardware type and or using the inbuilt Windows Service Pack 3 firewall this is a necessary application as it will also provide outbound protection where as the aforementioned do not..

I highly advise you download ONE of the following firewalls and install it. Restart the computer for changes to take effect.

Very Important!:

You appear to have no Anti-Virus software installed and running. This is a very unsafe practice when accessing the internet and most likely the cause of your malware problems. Download just one only of the two free anti-virus programs listed below please and Install>> Update >> Carry Out a Complete Scan. Have it fix anything it finds.

Next:

This article is a excellent resource regarding the aforementioned firewalls: Understanding and Using Firewalls

Now some advice for on-line safety:

Malwarebyte's Anti-Malware:

This is a excellent application and I advise you keep this installed. Check for updates and run a scan once a week.

Keep your system updated:

Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office products loopholes and fix any bugs found. Please ensure that you visit the following websites regularly or do update your system regularly.

Install the updates immediately if they are found. Reboot your computer if necessary, revisit Windows Update and Office update sites until there are no more updates to be installed.

To update Windows

Go to Start > All Programs > Windows Update

Alternatively, you can visit the link below to update Windows:

Windows Update

Be careful when opening attachments and downloading files:

  • Never open email attachments, not even if they are from someone you know. If you need to open them, scan them with your antivirus program before opening.
  • Never open emails from unknown senders.
  • Beware of emails that warn about viruses that are spreading, especially those from antivirus vendors. These email addresses can be easily spoofed. Check the antivirus vendor websites to be sure.
  • Be careful of what you download. Only download files from known sources. Also, avoid cracked programs. If you need a particular program that costs too much for you, try finding free alternatives on Sourceforge or Pricelessware.

Stop malicious scripts:

Windows by default allow scripts (which is VBScript and JavaScript) to run and some of these scripts are malicious. Use Noscript by Symantec or Script Defender by AnalogX to handle these scripts.

Backup regularly:

You never know when your PC will become unstable or become so infected that you can't recover it. Follow this Microsoft article to learn how to backup. Follow this article by Microsoft to restore your backups.

Alternatively, you can use 3rd-party programs to back up your data. One example can be found at Bleeping Computer.

Make your Internet Explorer safer:

For Internet Explorer 7

Please read this article to configure Internet Explorer 7 properly.

Avoid Peer to Peer software:

P2P may be a great way to get lots of stuffs, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well. My advice avoid these types of software applications.

Prevent a re-infection:

  • Winpatrol
    Winpatrol is heuristic protection program, meaning it looks for patterns in codes that work like malware. It also takes a snapshot of your system's critical resources and alerts you to any changes that may occur without you knowing. You can read more about Winpatrol's features here.
    You can get a free copy of Winpatrol or use the Plus version for more features.
    You can read Winpatrol's FAQ if you run into problems.
  • Hosts File:
    A Hosts file is like a phone book. You look up someone's name in the phone book before calling him/her. Similarly, your PC will look up the website's IP address before you can view the website.
    Hosts file will replace your current Hosts file with another one containing well-known advertisement sites, spyware sites and other bad sites. This new Hosts file will protect you by re-directing these bad sites to 127.0.0.1.
    Here are some Hosts files:
  • MVPS Hosts File
  • Bluetack's Hosts File
  • Bluetack's Host Manager
  • hpHosts.

Only use one of the above.

Finally a educational source:

To learn more about how to protect yourself while on the internet read this article by Tony Klein: So how did I get infected in the first place?

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.