Antivirus System Pro

View previous topic View next topic Go down

Antivirus System Pro

Post by Kangah on Sun Nov 22, 2009 6:59 am

So it appears that there was a recent out break of this damn thing by the looks of all the posts and since I have tried about 5 different "sure fire" ways to get rid of it I think that mine is a new and improved version... So here is my experience so far.

Have run:

- Malware
- ZoneAlarm
- TrendMicro House Call
- PC Tools Spyware Doctor
- SuperAnti Spyware

And I still can't seem to get rid of this. I can only access the internet through FireFox, not IE or Google Chrome. Using FireFox I did manage to manually update the a fore mentioned AV tools.

Below I have HJT and DSS reports...

Any help on what do do?

HijackThis Log

Code:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:42:48 PM, on 11/22/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\SupportAppXL\AutoDect.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Jake\Local Settings\Application Data\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Program Files\Linksys\WUSB600N\WUSB600N.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.telstra.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigpond.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Telstra BigPond Home Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
O1 - Hosts: 64.72.196.2 avatarelite.interzone.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: ZoneAlarm Toolbar Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: BigPond Wireless Broadband 2.0 Auto Dial - {DB92EC3F-697D-4C3B-9A3B-3ABBD23D4A85} - C:\Program Files\Telstra\BigPond Wireless Broadband 2.13.11\bpwbb2ad.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: ZoneAlarm Toolbar - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [autodetect] C:\WINDOWS\system32\SupportAppXL\AutoDect.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MRC] "C:\Program Files\PC Tune-Up\PCTuneUp.exe" /MBRSTART
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Jake\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - Global Startup: Wireless Network Monitor.lnk = C:\Program Files\Linksys\WUSB600N\WUSB600N.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: ZoneAlarm ForceField IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: PC Tools Auxiliary Service (sdauxservice) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O24 - Desktop Component 0: (no name) - http://www.voguehost.com/ims/u/thez/misc/thez.jpg

--
End of file - 8390 bytes

DDS Report #1
Code:


DDS (Ver_09-10-26.01) - NTFSx86 
Run by Jake at 16:48:36.15 on Sun 11/22/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.3070.2255 [GMT 10:00]

AV: ZoneAlarm Security Suite Antivirus *On-access scanning enabled* (Outdated)  {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Security Suite Firewall *enabled*  {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\SupportAppXL\AutoDect.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Jake\Local Settings\Application Data\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Program Files\Linksys\WUSB600N\WUSB600N.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Jake\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Jake\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\DOCUME~1\Jake\LOCALS~1\Temp\IswTmp\DwlRun\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.bigpond.com/
uSearch Page = hxxp://www.telstra.com/
uWindow Title = Telstra BigPond Home Internet Explorer
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: ZoneAlarm Toolbar Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: BigPond Wireless Broadband 2.0 Auto Dial: {db92ec3f-697d-4c3b-9a3b-3abbd23d4a85} - c:\program files\telstra\bigpond wireless broadband 2.13.11\bpwbb2ad.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: ZoneAlarm Toolbar: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MRC] "c:\program files\pc tune-up\PCTuneUp.exe" /MBRSTART
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [Google Update] "c:\documents and settings\jake\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [Launch LGDCore] "c:\program files\logitech\g-series software\LGDCore.exe" /SHOWHIDE
mRun: [Launch LCDMon] "c:\program files\logitech\g-series software\LCDMon.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [autodetect] c:\windows\system32\supportappxl\AutoDect.exe
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wirele~1.lnk - c:\program files\linksys\wusb600n\WUSB600N.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000
IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jake\applic~1\mozilla\firefox\profiles\x6xfav5f.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/
FF - component: c:\documents and settings\jake\application data\mozilla\firefox\profiles\x6xfav5f.default\extensions\{81bf1d23-5f17-408d-ac6b-bd6df7caf670}\components\XpcomOpusConnector.dll
FF - component: c:\program files\checkpoint\zaforcefield\trustchecker\components\MozillaDownload.dll
FF - component: c:\program files\checkpoint\zaforcefield\trustchecker\components\MozillaExtensions.dll
FF - component: c:\program files\checkpoint\zaforcefield\trustchecker\components\TrustCheckerMozillaPlugin.dll
FF - plugin: c:\documents and settings\jake\local settings\application data\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPMFireLauncher.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-11-22 207280]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-11-11 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-11-11 74480]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2009-11-22 112592]
R2 ISWKL;ZoneAlarm ForceField ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2009-10-14 25208]
R2 IswSvc;ZoneAlarm ForceField IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2009-10-14 476528]
R2 sdauxservice;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-11-22 358600]
R3 icsak;icsak;c:\program files\checkpoint\zaforcefield\ak\icsak.sys [2009-10-14 35448]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-11-11 7408]
S1 HekkoVirtualCD;Hekko Virtual CD Driver;c:\windows\system32\drivers\hvcd.sys --> c:\windows\system32\drivers\hvcd.sys [?]
S3 AODDriver;AODDriver;\??\c:\program files\amd\overdrive\i386\aoddriver.sys --> c:\program files\amd\overdrive\i386\AODDriver.sys [?]
S3 EC168BDA;EC168BDA service;c:\windows\system32\drivers\ec168bda.sys --> c:\windows\system32\drivers\EC168BDA.sys [?]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2008-11-25 13224]
S3 GTwinUSB;GTwinUSB;c:\windows\system32\drivers\GTwinUSB.sys [2007-9-25 61776]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2009-10-16 7680]
S3 rt2870;Linksys 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2007-12-14 551680]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys --> c:\windows\system32\drivers\wg111v2.sys [?]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [2008-11-25 90408]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [2008-11-25 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [2008-11-25 122024]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [2008-11-25 115368]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [2008-11-25 25768]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [2008-11-25 111784]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [2008-11-25 117544]
S3 SWNC8UA3;Sierra Wireless MUX NDIS Driver (UMTSA3);c:\windows\system32\drivers\swnc8ua3.sys [2009-3-20 182784]
S3 SWUMXA3;Sierra Wireless USB MUX Driver (UMTSA3);c:\windows\system32\drivers\swumxa3.sys [2009-3-20 145536]
S4 Ati_rphqrwc;Ati_rphqrwc;c:\windows\system32\drivers\rasl2tp.sys [2004-8-4 51328]

=============== Created Last 30 ================

2009-11-22 05:52:07   0   d-----w-   c:\program files\Trend Micro
2009-11-22 05:21:34   0   d-----w-   C:\cmdcons
2009-11-22 05:19:08   98816   ----a-w-   c:\windows\sed.exe
2009-11-22 05:19:08   77312   ----a-w-   c:\windows\MBR.exe
2009-11-22 05:19:08   260608   ----a-w-   c:\windows\PEV.exe
2009-11-22 05:19:08   161792   ----a-w-   c:\windows\SWREG.exe
2009-11-22 03:54:40   882   ----a-w-   c:\windows\RegSDImport.xml
2009-11-22 03:54:40   880   ----a-w-   c:\windows\RegISSImport.xml
2009-11-22 03:54:40   767952   ----a-w-   c:\windows\BDTSupport.dll
2009-11-22 03:54:40   149456   ----a-w-   c:\windows\SGDetectionTool.dll
2009-11-22 03:54:40   131   ----a-w-   c:\windows\IDB.zip
2009-11-22 03:54:39   165840   ----a-w-   c:\windows\PCTBDRes.dll
2009-11-22 03:54:39   1636304   ----a-w-   c:\windows\PCTBDCore.dll
2009-11-22 03:54:39   1152470   ----a-w-   c:\windows\UDB.zip
2009-11-22 03:54:14   7387   ----a-w-   c:\windows\system32\drivers\pctgntdi.cat
2009-11-22 03:54:14   229304   ----a-w-   c:\windows\system32\drivers\pctgntdi.sys
2009-11-22 03:53:48   87784   ----a-w-   c:\windows\system32\drivers\PCTAppEvent.sys
2009-11-22 03:53:48   7412   ----a-w-   c:\windows\system32\drivers\PCTAppEvent.cat
2009-11-22 03:53:48   7383   ----a-w-   c:\windows\system32\drivers\pctcore.cat
2009-11-22 03:53:48   207280   ----a-w-   c:\windows\system32\drivers\PCTCore.sys
2009-11-22 03:53:36   7383   ----a-w-   c:\windows\system32\drivers\pctplsg.cat
2009-11-22 03:53:36   70408   ----a-w-   c:\windows\system32\drivers\pctplsg.sys
2009-11-22 03:53:26   0   d-----w-   c:\program files\common files\PC Tools
2009-11-22 03:53:26   0   d-----w-   c:\docume~1\jake\applic~1\PC Tools
2009-11-22 03:53:26   0   d-----w-   c:\docume~1\alluse~1\applic~1\PC Tools
2009-11-22 03:53:25   0   d-----w-   c:\program files\Spyware Doctor
2009-11-22 03:50:20   195456   ------w-   c:\windows\system32\MpSigStub.exe
2009-11-22 03:37:46   0   d-----w-   c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-11-22 03:37:37   0   d-----w-   c:\program files\SUPERAntiSpyware
2009-11-22 03:37:37   0   d-----w-   c:\docume~1\jake\applic~1\SUPERAntiSpyware.com
2009-11-22 02:22:24   0   d-----w-   c:\program files\Spybot - Search & Destroy
2009-11-22 02:22:24   0   d-----w-   c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-11-21 12:16:55   0   d-----w-   c:\docume~1\jake\applic~1\Malwarebytes
2009-11-21 12:14:19   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-21 12:14:18   19160   ----a-w-   c:\windows\system32\drivers\mbam.sys
2009-11-21 12:14:18   0   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2009-11-21 12:14:18   0   d-----w-   c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-11-21 08:51:54   0   d-----w-   c:\docume~1\jake\applic~1\#ISW.FS#
2009-11-21 05:57:41   0   d-----w-   c:\docume~1\alluse~1\applic~1\Kaspersky SDK
2009-11-21 03:40:01   128016   ----a-w-   c:\windows\system32\drivers\kl1.sys
2009-11-21 01:47:40   0   d-----w-   c:\program files\PC Tune-Up
2009-11-14 08:23:31   54156   ---ha-w-   c:\windows\QTFont.qfn
2009-11-14 08:23:31   1409   ----a-w-   c:\windows\QTFont.for
2009-11-11 11:02:35   0   d-----w-   c:\program files\Passware
2009-11-07 04:20:48   0   d-----w-   c:\program files\iSkysoft
2009-11-07 00:32:07   110080   ----a-w-   c:\windows\system32\drivers\ZTEusbnet.sys
2009-11-07 00:31:15   0   d-----w-   c:\program files\Telstra
2009-11-07 00:30:37   0   d-----w-   c:\program files\Sierra Wireless Inc
2009-11-07 00:30:37   0   d-----w-   c:\docume~1\jake\applic~1\Sierra Wireless
2009-10-29 14:32:49   23   --sha-w-   c:\windows\system32\edacded0.dat
2009-10-29 14:32:48   23   ----a-w-   c:\windows\system32\bcdadac7.xml

==================== Find3M  ====================

2009-11-22 05:05:46   4212   ---ha-w-   c:\windows\system32\zllictbl.dat
2009-10-16 15:39:40   72584   ----a-w-   c:\windows\zllsputility.exe
2009-10-16 15:39:32   1238408   ----a-w-   c:\windows\system32\zpeng25.dll
2009-09-25 16:41:26   856064   ----a-w-   c:\windows\system32\divx_xx0c.dll
2009-09-25 16:41:26   856064   ----a-w-   c:\windows\system32\divx_xx07.dll
2009-09-25 16:41:26   847872   ----a-w-   c:\windows\system32\divx_xx0a.dll
2009-09-25 16:41:26   843776   ----a-w-   c:\windows\system32\divx_xx16.dll
2009-09-25 16:41:26   839680   ----a-w-   c:\windows\system32\divx_xx11.dll
2009-09-25 16:41:26   696320   ----a-w-   c:\windows\system32\DivX.dll
2009-09-11 14:33:52   133632   ----a-w-   c:\windows\system32\msv1_0.dll
2009-09-04 20:45:26   58880   ----a-w-   c:\windows\system32\msasn1.dll
2009-08-29 08:08:21   916480   ----a-w-   c:\windows\system32\wininet.dll
2009-08-26 08:16:37   247326   ----a-w-   c:\windows\system32\strmdll.dll
2008-05-05 03:22:41   88   --sh--r-   c:\windows\system32\5E57C498A8.sys
2008-05-05 03:22:41   2516   --sha-w-   c:\windows\system32\KGyGaAvL.sys

============= FINISH: 16:51:21.04 ===============

DDS Report #2
Code:


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-10-26.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 7/20/2006 10:52:16 AM
System Uptime: 11/22/2009 4:36:38 PM (0 hours ago)

Motherboard: Dell Inc.          |  | 0HH807
Processor:              Intel(R) Pentium(R) D CPU 2.80GHz | Microprocessor | 2793/800mhz
Processor:              Intel(R) Pentium(R) D CPU 2.80GHz | Microprocessor | 2793/800mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 74 GiB total, 33.848 GiB free.
D: is CDROM (CDFS)

==== Disabled Device Manager Items =============

Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318}
Description: Hekko Virtual CD
Device ID: ROOT\HEKKOVIRTUALCD\0000
Manufacturer:
Name: Hekko Virtual CD
PNP Device ID: ROOT\HEKKOVIRTUALCD\0000
Service: HekkoVirtualCD

==== System Restore Points ===================

RP1: 11/21/2009 1:42:29 PM - System Checkpoint
RP2: 11/22/2009 1:01:13 PM - Removed Corel Paint Shop Pro Photo X2.
RP3: 11/22/2009 1:04:32 PM - Configured DVBT Driver
RP4: 11/22/2009 1:05:57 PM - Removed Windows Live Sign-in Assistant
RP5: 11/22/2009 1:06:13 PM - Removed Windows Live Upload Tool
RP6: 11/22/2009 1:29:40 PM - Installed Windows Defender
RP7: 11/22/2009 1:37:36 PM - Installed SUPERAntiSpyware Professional

==== Installed Programs ======================

µTorrent
AAC Decoder
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 7.0.9
Adobe Shockwave Player 11.5
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Control Panel
ATI Display Driver
AutoUpdate
AviSynth 2.5
BigPond Wireless Broadband 2.13.11
Broadcom Gigabit Integrated Controller
Browser Defender 2.0.6.10
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center HydraVision Full
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help English
Compatibility Pack for the 2007 Office system
Condition Zero
ConvertXtoDVD 3.0.0.1
Counter-Strike
Critical Update for Windows Media Player 11 (KB959772)
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
doPDF 6.3  printer
DVDFab 6.0.4.0 (28/07/2009)
dvdSanta 4.60
EverQuest Titanium
FrostWire 4.17.0
Google Chrome
H.264 Decoder
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB929120)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
HouseCall 6.6
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 3
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 14
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1
Legends of Norrath
Leisure Suit Larry Collection(TM)
Linksys Dual-Band Wireless-N USB Network Adapter
Linksys WUSB600N Dual-Band Wireless-N USB Network Adapter
Logitech G-series Keyboard Software
MacroQuest2
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Office XP Professional with FrontPage
Microsoft User-Mode Driver Framework Feature Pack 1.5
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
MKV Splitter
MMOBugs MacroQuest2
Mozilla Firefox (3.5.5)
MSVC80_x86
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6 Service Pack 2 (KB954459)
Notepad++
OpenOffice.org Installer 1.0
Passware Kit Professional 9.0
PC Connectivity Solution
PC Tune-Up
PowerDVD 5.5
QuickTime
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Segoe UI
Skins
Sony Ericsson Bluetooth Remote Control 4.00
Sony Ericsson PC Suite 4.005.00
SoundMAX
Spyware Doctor 7.0
Steam
SUPERAntiSpyware Professional
Team Fortress 2
Telstra Turbo Connection Manager
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows XP (KB894391)
Update for Windows XP (KB896256)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
Update Service
VC 9.0 Runtime
VC80CRTRedist - 8.0.50727.4053
Ventrilo Client
Visual C++ 8.0 CRT (x86) WinSXS MSM
Visual C++ 8.0 CRT.Policy (x86) WinSXS MSM
WavePad Uninstall
WebEx Support Manager for Internet Explorer
WebFldrs XP
Windows Defender
Windows Driver Package - Nokia Modem  (02/15/2007 3.1)
Windows Driver Package - Nokia Modem  (05/22/2008 3.8)
Windows Driver Package - Nokia pccsmcfd  (10/12/2007 6.85.4.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver
World of Warcraft FREE Trial
XML Paper Specification Shared Components Pack 1.0
Xvid 1.1.3 final uninstall
ZoneAlarm Extreme Security

==== Event Viewer Messages From Past Week ========

11/22/2009 9:56:29 AM, error: Service Control Manager [7034]  - The Ati HotKey Poller service terminated unexpectedly.  It has done this 1 time(s).
11/22/2009 9:39:30 AM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
11/22/2009 9:38:39 AM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
11/22/2009 9:21:19 AM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD Fips HekkoVirtualCD intelppm IPSec kl1 MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip vsdatant
11/22/2009 9:21:19 AM, error: Service Control Manager [7001]  - The TrueVector Internet Monitor service depends on the vsdatant service which failed to start because of the following error:  A device attached to the system is not functioning.
11/22/2009 9:21:19 AM, error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error:  A device attached to the system is not functioning.
11/22/2009 9:21:19 AM, error: Service Control Manager [7001]  - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error:  A device attached to the system is not functioning.
11/22/2009 9:21:19 AM, error: Service Control Manager [7001]  - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
11/22/2009 9:21:19 AM, error: Service Control Manager [7001]  - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error:  A device attached to the system is not functioning.
11/22/2009 9:20:44 AM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
11/22/2009 9:20:40 AM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/22/2009 3:06:06 PM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  Fips HekkoVirtualCD intelppm kl1 SASDIFSV SASKUTIL
11/22/2009 11:49:02 AM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
11/22/2009 11:47:21 AM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  Fips HekkoVirtualCD intelppm kl1
11/21/2009 9:39:30 PM, error: Service Control Manager [7034]  - The PC Tools Security Service service terminated unexpectedly.  It has done this 1 time(s).
11/18/2009 6:15:49 PM, error: Dhcp [1002]  - The IP address lease 192.168.1.100 for the Network Card with network address 00137279E9DC has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
11/18/2009 6:05:34 PM, error: Dhcp [1002]  - The IP address lease 192.168.1.100 for the Network Card with network address 00137279E9DC has been denied by the DHCP server 10.0.0.138 (The DHCP Server sent a DHCPNACK message).
11/18/2009 5:47:27 PM, error: Dhcp [1002]  - The IP address lease 10.0.0.1 for the Network Card with network address 00137279E9DC has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
11/16/2009 7:08:37 PM, error: Service Control Manager [7023]  - The Computer Browser service terminated with the following error:  This operation returned because the timeout period expired.
11/16/2009 7:03:40 PM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  HekkoVirtualCD

==== End Of File ===========================


Kangah
Beginner
Beginner

Posts Posts : 2
Joined Joined : 2009-11-22
OS OS : XP
Points Points : 25718
# Likes # Likes : 0

View user profile

Back to top Go down

ComboFix

Post by Kangah on Sun Nov 22, 2009 7:38 am

I have just finished running ComboFix and I *think* I may have got it this time...

Below is the log, is there anything else I should do?

Code:

ComboFix 09-11-21.01 - Jake 11/22/2009 17:05.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.3070.2445 [GMT 10:00]
Running from: c:\docume~1\Jake\LOCALS~1\Temp\IswTmp\DwlRun\ComboFix.exe
AV: ZoneAlarm Security Suite Antivirus *On-access scanning enabled* (Outdated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Security Suite Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

(((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\Jake\Application Data\inst.exe
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\wpcap.dll

----- BITS: Possible infected sites -----

hxxp://patch.everquest.com:7001
.
(((((((((((((((((((((((((((((((((((((((  Drivers/Services  )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_npf


(((((((((((((((((((((((((  Files Created from 2009-10-22 to 2009-11-22  )))))))))))))))))))))))))))))))
.

2009-11-22 06:41 . 2009-11-22 06:41   --------   d-----w-   c:\documents and settings\Jake\Local Settings\Application Data\Threat Expert
2009-11-22 05:52 . 2009-11-22 05:52   --------   d-----w-   c:\program files\Trend Micro
2009-11-22 03:54 . 2009-10-08 01:31   149456   ----a-w-   c:\windows\SGDetectionTool.dll
2009-11-22 03:54 . 2009-10-08 01:31   767952   ----a-w-   c:\windows\BDTSupport.dll
2009-11-22 03:54 . 2008-11-26 02:08   131   ----a-w-   c:\windows\IDB.zip
2009-11-22 03:54 . 2009-10-08 01:31   165840   ----a-w-   c:\windows\PCTBDRes.dll
2009-11-22 03:54 . 2009-10-08 01:31   1636304   ----a-w-   c:\windows\PCTBDCore.dll
2009-11-22 03:54 . 2009-10-02 04:19   1152470   ----a-w-   c:\windows\UDB.zip
2009-11-22 03:54 . 2009-09-23 22:55   229304   ----a-w-   c:\windows\system32\drivers\pctgntdi.sys
2009-11-22 03:53 . 2009-10-06 06:31   87784   ----a-w-   c:\windows\system32\drivers\PCTAppEvent.sys
2009-11-22 03:53 . 2009-09-23 06:10   207280   ----a-w-   c:\windows\system32\drivers\PCTCore.sys
2009-11-22 03:53 . 2009-09-02 23:45   70408   ----a-w-   c:\windows\system32\drivers\pctplsg.sys
2009-11-22 03:53 . 2009-11-22 03:55   --------   d-----w-   c:\program files\Common Files\PC Tools
2009-11-22 03:53 . 2009-11-22 03:53   --------   d-----w-   c:\documents and settings\Jake\Application Data\PC Tools
2009-11-22 03:53 . 2009-11-22 03:53   --------   d-----w-   c:\documents and settings\All Users\Application Data\PC Tools
2009-11-22 03:53 . 2009-11-22 07:03   --------   d-----w-   c:\program files\Spyware Doctor
2009-11-22 03:50 . 2009-11-02 10:42   195456   ------w-   c:\windows\system32\MpSigStub.exe
2009-11-22 03:37 . 2009-11-22 03:37   117760   ----a-w-   c:\documents and settings\Jake\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-11-22 03:37 . 2009-11-22 03:37   --------   d-----w-   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-11-22 03:37 . 2009-11-22 03:37   --------   d-----w-   c:\program files\SUPERAntiSpyware
2009-11-22 03:37 . 2009-11-22 03:37   --------   d-----w-   c:\documents and settings\Jake\Application Data\SUPERAntiSpyware.com
2009-11-22 03:29 . 2009-11-22 03:29   --------   d-----w-   c:\program files\Windows Defender
2009-11-22 02:22 . 2009-11-22 03:07   --------   d-----w-   c:\program files\Spybot - Search & Destroy
2009-11-22 02:22 . 2009-11-22 03:06   --------   d-----w-   c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-21 23:23 . 2009-11-21 23:23   --------   d-----w-   c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-11-21 23:21 . 2009-11-21 23:21   --------   d-----w-   c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2009-11-21 12:16 . 2009-11-21 12:16   --------   d-----w-   c:\documents and settings\Jake\Application Data\Malwarebytes
2009-11-21 12:14 . 2009-09-10 04:54   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-21 12:14 . 2009-11-21 12:16   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2009-11-21 12:14 . 2009-11-21 12:14   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-21 12:14 . 2009-09-10 04:53   19160   ----a-w-   c:\windows\system32\drivers\mbam.sys
2009-11-21 10:33 . 2009-11-22 07:19   --------   d---a-w-   c:\documents and settings\All Users\Application Data\TEMP
2009-11-21 10:12 . 2009-11-22 02:50   --------   d-----w-   c:\documents and settings\Jake\Local Settings\Application Data\ykxfbv
2009-11-21 08:51 . 2009-11-22 05:03   --------   d-----w-   c:\documents and settings\Jake\Application Data\#ISW.FS#
2009-11-21 05:57 . 2009-11-21 05:57   --------   d-----w-   c:\documents and settings\All Users\Application Data\Kaspersky SDK
2009-11-21 03:40 . 2009-10-12 08:15   128016   ----a-w-   c:\windows\system32\drivers\kl1.sys
2009-11-21 01:47 . 2009-11-21 23:47   --------   d-----w-   c:\program files\PC Tune-Up
2009-11-11 11:02 . 2009-11-11 11:02   367686   ----a-r-   c:\documents and settings\Jake\Application Data\Microsoft\Installer\{8B71DB49-720C-4C7A-B902-2D112BE23E8F}\icon.exe
2009-11-11 11:02 . 2009-11-11 11:02   --------   d-----w-   c:\program files\Passware
2009-11-07 04:20 . 2009-11-07 23:42   --------   d-----w-   c:\program files\iSkysoft
2009-11-07 00:32 . 2008-08-22 11:59   110080   ----a-w-   c:\windows\system32\drivers\ZTEusbnet.sys
2009-11-07 00:31 . 2009-11-07 00:31   --------   d-----w-   c:\program files\Telstra
2009-11-07 00:30 . 2009-11-07 00:30   --------   d-----w-   c:\program files\Sierra Wireless Inc
2009-11-07 00:30 . 2009-11-07 00:30   --------   d-----w-   c:\documents and settings\Jake\Application Data\Sierra Wireless
2009-10-29 14:32 . 2009-10-29 14:32   23   --sha-w-   c:\windows\system32\edacded0.dat
2009-10-27 20:40 . 2009-10-27 20:40   --------   d-----w-   c:\documents and settings\Guest Account\Local Settings\Application Data\Adobe

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-22 07:22 . 2008-11-16 21:39   144   ----a-w-   c:\windows\system32\pdfl.dat
2009-11-22 07:20 . 2006-07-20 23:51   4212   ---ha-w-   c:\windows\system32\zllictbl.dat
2009-11-22 03:37 . 2008-03-25 00:56   --------   d-----w-   c:\program files\Common Files\Wise Installation Wizard
2009-11-22 03:02 . 2008-05-05 03:13   --------   d-----w-   c:\program files\Corel
2009-11-22 03:02 . 2008-05-05 03:22   --------   d-----w-   c:\documents and settings\Jake\Application Data\Corel
2009-11-22 02:59 . 2006-07-20 01:05   --------   d--h--w-   c:\program files\InstallShield Installation Information
2009-11-22 01:05 . 2009-11-22 01:06   3329024   ----a-w-   c:\windows\Internet Logs\xDB43.tmp
2009-11-22 00:55 . 2009-11-22 00:56   3327488   ----a-w-   c:\windows\Internet Logs\xDB42.tmp
2009-11-22 00:54 . 2009-11-22 00:55   3327488   ----a-w-   c:\windows\Internet Logs\xDB41.tmp
2009-11-22 00:53 . 2009-11-22 00:54   3327488   ----a-w-   c:\windows\Internet Logs\xDB40.tmp
2009-11-21 03:50 . 2009-03-13 08:21   --------   d-----w-   c:\program files\MacroQuest2
2009-11-21 03:48 . 2008-11-16 21:41   --------   d-----w-   c:\documents and settings\Jake\Application Data\CheckPoint
2009-11-21 03:40 . 2008-11-16 21:39   272   ----a-w-   c:\windows\system32\lkfl.dat
2009-11-17 09:39 . 2008-08-07 05:03   --------   d-----w-   c:\documents and settings\Jake\Application Data\uTorrent
2009-11-14 09:16 . 2009-11-14 09:17   2842624   ----a-w-   c:\windows\Internet Logs\xDB3F.tmp
2009-11-11 10:54 . 2008-03-02 06:55   --------   d-----w-   c:\program files\Steam
2009-10-20 09:13 . 2009-10-20 09:13   --------   d-----w-   c:\documents and settings\Guest Account\Application Data\MailFrontier
2009-10-20 09:11 . 2009-10-20 09:11   23088   ----a-w-   c:\documents and settings\Guest Account\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-20 09:10 . 2009-10-20 09:10   --------   d-----w-   c:\documents and settings\Guest Account\Application Data\ATI
2009-10-17 12:39 . 2006-07-24 08:57   --------   d-----w-   c:\program files\DivX
2009-10-17 12:38 . 2009-03-19 08:10   --------   d-----w-   c:\program files\Common Files\DivX Shared
2009-10-16 15:39 . 2006-07-24 22:56   72584   ----a-w-   c:\windows\zllsputility.exe
2009-10-16 15:39 . 2008-10-30 21:50   1238408   ----a-w-   c:\windows\system32\zpeng25.dll
2009-10-16 15:39 . 2008-07-14 02:46   69000   ----a-w-   c:\windows\system32\zlcomm.dll
2009-10-16 15:39 . 2008-07-14 02:46   103816   ----a-w-   c:\windows\system32\zlcommdb.dll
2009-10-16 09:55 . 2009-10-16 09:54   --------   d-----w-   c:\program files\Telstra Turbo Connection Manager
2009-10-14 08:38 . 2009-10-14 21:06   2825216   ----a-w-   c:\windows\Internet Logs\xDB3E.tmp
2009-10-10 14:57 . 2006-07-21 12:53   23088   ----a-w-   c:\documents and settings\Jake\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-10 14:18 . 2009-10-10 14:18   --------   d-----w-   c:\program files\Microsoft
2009-10-10 14:18 . 2009-10-10 14:17   --------   d-----w-   c:\program files\Windows Live
2009-10-10 14:11 . 2009-10-10 14:11   --------   d-----w-   c:\program files\Common Files\Windows Live
2009-10-10 04:26 . 2009-10-10 04:28   505344   ----a-w-   c:\windows\Internet Logs\xDB3D.tmp
2009-10-05 08:45 . 2006-11-23 11:35   34933883   ----a-w-   c:\windows\Internet Logs\tvDebug.zip
2009-09-30 19:44 . 2009-04-15 08:24   --------   d-----w-   c:\documents and settings\Jake\Application Data\MailFrontier
2009-09-25 21:51 . 2009-09-25 21:52   3024896   ----a-w-   c:\windows\Internet Logs\xDB3C.tmp
2009-09-25 16:41 . 2009-09-25 16:41   856064   ----a-w-   c:\windows\system32\divx_xx0c.dll
2009-09-25 16:41 . 2009-09-25 16:41   856064   ----a-w-   c:\windows\system32\divx_xx07.dll
2009-09-25 16:41 . 2009-09-25 16:41   847872   ----a-w-   c:\windows\system32\divx_xx0a.dll
2009-09-25 16:41 . 2009-09-25 16:41   843776   ----a-w-   c:\windows\system32\divx_xx16.dll
2009-09-25 16:41 . 2009-09-25 16:41   839680   ----a-w-   c:\windows\system32\divx_xx11.dll
2009-09-25 16:41 . 2009-09-25 16:41   696320   ----a-w-   c:\windows\system32\DivX.dll
2009-09-11 14:33 . 2004-08-04 12:00   133632   ----a-w-   c:\windows\system32\msv1_0.dll
2009-09-04 20:45 . 2004-08-04 12:00   58880   ----a-w-   c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2004-08-04 12:00   916480   ----a-w-   c:\windows\system32\wininet.dll
2009-08-26 08:16 . 2004-08-04 12:00   247326   ----a-w-   c:\windows\system32\strmdll.dll
2009-09-25 16:41 . 2009-09-25 16:41   1044480   ----a-w-   c:\program files\mozilla firefox\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41   200704   ----a-w-   c:\program files\mozilla firefox\plugins\ssldivx.dll
2008-05-05 03:22 . 2008-05-05 03:22   88   --sh--r-   c:\windows\system32\5E57C498A8.sys
2008-05-05 03:22 . 2008-05-05 03:15   2516   --sha-w-   c:\windows\system32\KGyGaAvL.sys
.

(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MRC"="c:\program files\PC Tune-Up\PCTuneUp.exe" [2009-10-06 2960704]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-11-11 2001648]
"Google Update"="c:\documents and settings\Jake\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-11-22 135664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-31 344064]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"Launch LGDCore"="c:\program files\Logitech\G-series Software\LGDCore.exe" [2006-03-06 1122304]
"Launch LCDMon"="c:\program files\Logitech\G-series Software\LCDMon.exe" [2006-03-06 497152]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
"autodetect"="c:\windows\system32\SupportAppXL\AutoDect.exe" [2008-08-07 91648]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-10-16 1037192]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Wireless Network Monitor.lnk - c:\program files\Linksys\WUSB600N\WUSB600N.exe [2008-1-9 6922240]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-12 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 04:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CircleVirtualCD
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISW
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LELA
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MP3 CD Extractor
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPodService"=3 (0x3)
"dmadmin"=3 (0x3)
"iPod Service"=3 (0x3)
"Apple Mobile Device"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Telstra\\BigPond Wireless Broadband 2.13.11\\SwiApiMux.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [11/22/2009 1:53 PM 207280]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [11/11/2009 10:44 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [11/11/2009 10:44 AM 74480]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [11/22/2009 1:54 PM 112592]
R2 ISWKL;ZoneAlarm ForceField ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [10/14/2009 11:30 PM 25208]
R2 IswSvc;ZoneAlarm ForceField IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [10/14/2009 11:30 PM 476528]
R3 icsak;icsak;c:\program files\CheckPoint\ZAForceField\AK\icsak.sys [10/14/2009 11:29 PM 35448]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [11/11/2009 10:44 AM 7408]
S1 HekkoVirtualCD;Hekko Virtual CD Driver;c:\windows\system32\Drivers\hvcd.sys --> c:\windows\system32\Drivers\hvcd.sys [?]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S3 AODDriver;AODDriver;\??\c:\program files\AMD\OverDrive\i386\AODDriver.sys --> c:\program files\AMD\OverDrive\i386\AODDriver.sys [?]
S3 EC168BDA;EC168BDA service;c:\windows\system32\DRIVERS\EC168BDA.sys --> c:\windows\system32\DRIVERS\EC168BDA.sys [?]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [11/25/2008 6:53 PM 13224]
S3 GTwinUSB;GTwinUSB;c:\windows\system32\drivers\GTwinUSB.sys [9/25/2007 7:32 PM 61776]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [10/16/2009 7:54 PM 7680]
S3 rt2870;Linksys 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [12/14/2007 6:04 PM 551680]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\DRIVERS\wg111v2.sys --> c:\windows\system32\DRIVERS\wg111v2.sys [?]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [11/25/2008 6:37 PM 90408]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [11/25/2008 6:37 PM 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [11/25/2008 6:37 PM 122024]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [11/25/2008 6:37 PM 115368]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [11/25/2008 6:37 PM 25768]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [11/25/2008 6:37 PM 111784]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [11/25/2008 6:37 PM 117544]
S3 sdauxservice;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [11/22/2009 1:53 PM 358600]
S3 SWNC8UA3;Sierra Wireless MUX NDIS Driver (UMTSA3);c:\windows\system32\drivers\swnc8ua3.sys [3/20/2009 4:53 PM 182784]
S3 SWUMXA3;Sierra Wireless USB MUX Driver (UMTSA3);c:\windows\system32\drivers\swumxa3.sys [3/20/2009 4:53 PM 145536]
S4 Ati_rphqrwc;Ati_rphqrwc;c:\windows\system32\drivers\rasl2tp.sys [8/4/2004 10:00 PM 51328]
.
Contents of the 'Scheduled Tasks' folder

2009-11-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-920026266-839522115-1003Core.job
- c:\documents and settings\Jake\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-22 04:27]

2009-11-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-920026266-839522115-1003UA.job
- c:\documents and settings\Jake\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-22 04:27]

2007-10-04 c:\windows\Tasks\WinEQ2.job
- c:\program files\WinEQ2\WinEQ2.exe [2006-02-13 09:47]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bigpond.com/
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Jake\Application Data\Mozilla\Firefox\Profiles\x6xfav5f.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/
FF - component: c:\documents and settings\Jake\Application Data\Mozilla\Firefox\Profiles\x6xfav5f.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}\components\XpcomOpusConnector.dll
FF - component: c:\program files\CheckPoint\ZAForceField\TrustChecker\components\MozillaDownload.dll
FF - component: c:\program files\CheckPoint\ZAForceField\TrustChecker\components\MozillaExtensions.dll
FF - component: c:\program files\CheckPoint\ZAForceField\TrustChecker\components\TrustCheckerMozillaPlugin.dll
FF - plugin: c:\documents and settings\Jake\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMFireLauncher.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -

AddRemove-HijackThis - c:\docume~1\Jake\LOCALS~1\Temp\IswTmp\DwlRun\HijackThis.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-22 17:22
Windows 5.1.2600 Service Pack 2 NTFS

scanning hȋdden processes ... 

scanning hȋdden autostart entries ...

scanning hȋdden files ... 

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(692)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\documents and settings\Jake\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
c:\windows\system32\Ati2evxx.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\program files\CheckPoint\ZAForceField\AK\icsak.dll

- - - - - - - > 'lsass.exe'(748)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\program files\CheckPoint\ZAForceField\AK\icsak.dll

- - - - - - - > 'explorer.exe'(3700)
c:\windows\system32\WININET.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\program files\CheckPoint\ZAForceField\AK\icsak.dll
c:\program files\Zone Labs\ZoneAlarm\MailFrontier\mlfhook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll

- - - - - - - > 'csrss.exe'(660)
c:\program files\CheckPoint\ZAForceField\AK\akconsole.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\PSIService.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Logitech\G-series Software\Applets\LCDClock.exe
c:\program files\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exe
c:\documents and settings\Jake\Local Settings\Application Data\Google\Update\1.2.183.13\GoogleCrashHandler.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe
c:\program files\CheckPoint\ZAForceField\ForceField.exe
.
**************************************************************************
.
Completion time: 2009-11-22 17:30 - machine was rebooted
ComboFix-quarantined-files.txt  2009-11-22 07:30

Pre-Run: 36,390,240,256 bytes free
Post-Run: 37,142,253,568 bytes free

- - End Of File - - 52A81D871E67DE5C26536EFBBAA494DC

Kangah
Beginner
Beginner

Posts Posts : 2
Joined Joined : 2009-11-22
OS OS : XP
Points Points : 25718
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus System Pro

Post by Belahzur on Sun Nov 22, 2009 7:20 pm

Hello.

I see that you are running Frostwire.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

If Frostwire is not removed, then I won't help you.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    µTorrent
    FrostWire 4.17.0
    J2SE Runtime Environment 5.0 Update 10
    J2SE Runtime Environment 5.0 Update 3
    J2SE Runtime Environment 5.0 Update 6
    J2SE Runtime Environment 5.0 Update 9
    Java 2 Runtime Environment, SE v1.4.2_03
    Java(TM) 6 Update 14
    Java(TM) 6 Update 2
    Java(TM) 6 Update 3
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7
    Java(TM) SE Runtime Environment 6 Update 1

How is the machine now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum