Problems With Virus

[Fames]

Combofixlog
ComboFix 09-06-17.04 - Owner 06/18/2009 9:58.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.447.146 [GMT -7:00]
Running from: c:\documents and settings\Owner\Desktop\adsa.exe
AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\UACvxdpmylyxmynsms.sys
c:\windows\system32\UACdthjvrndakqgxvv.dll
c:\windows\system32\UACehjfenoeouudtkh.dll
c:\windows\system32\UACeoerrhuqspfsitu.dll
c:\windows\system32\UACgvpbifpfcidjtkq.log
c:\windows\system32\UACjduiwsippaqwkjx.dll
c:\windows\system32\UACkrgikjlhlpqtkba.dat
c:\windows\system32\UAClxutahdmdrltrdy.log
c:\windows\system32\UACobqoikqxwnkoobr.dll
c:\windows\system32\UACqcqmltensqimoyp.dll
c:\windows\system32\UACslkllaltgfbekwf.log
c:\windows\system32\UACvdsiqlhghkfkyxq.db
c:\windows\system32\drivers\SKYNETrnfvcxxl.sys
c:\windows\system32\drivers\UACvxdpmylyxmynsms.sys
c:\windows\system32\kungsfbyeqdwij.dat
c:\windows\system32\kungsfdvtyhosw.dll
c:\windows\system32\kungsfmbiimicg.dll
c:\windows\system32\UACdthjvrndakqgxvv.dll
c:\windows\system32\UACehjfenoeouudtkh.dll
c:\windows\system32\UACeoerrhuqspfsitu.dll
c:\windows\system32\UACgvpbifpfcidjtkq.log
c:\windows\system32\uacinit.dll
c:\windows\system32\UACjduiwsippaqwkjx.dll
c:\windows\system32\UACkrgikjlhlpqtkba.dat
c:\windows\system32\UAClxutahdmdrltrdy.log
c:\windows\system32\UACobqoikqxwnkoobr.dll
c:\windows\system32\UACqcqmltensqimoyp.dll
c:\windows\system32\UACslkllaltgfbekwf.log
c:\windows\system32\uactmp.db
c:\windows\system32\UACvdsiqlhghkfkyxq.db

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_UACd.sys
-------\Service_SKYNEToixjinix


((((((((((((((((((((((((( Files Created from 2009-05-18 to 2009-06-18 )))))))))))))))))))))))))))))))
.

2009-06-18 04:44 . 2009-06-18 04:44 -------- d-----w- c:\program files\UltraISO
2009-06-18 04:44 . 2009-06-18 04:44 -------- d-----w- c:\program files\Common Files\EZB Systems
2009-06-17 21:56 . 2009-06-17 21:56 -------- d-----w- C:\2.TEMPO
2009-06-17 21:56 . 2009-06-17 21:56 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2009-06-17 21:55 . 2009-06-17 21:54 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-17 21:52 . 2009-06-17 21:52 152576 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-17 20:46 . 2009-06-17 20:46 -------- d--h--w- c:\windows\PIF
2009-06-17 10:49 . 2009-06-17 10:50 -------- d-----w- C:\gmer
2009-06-17 08:05 . 2009-06-17 08:05 -------- d-----w- c:\program files\RFA
2009-06-17 06:15 . 2009-05-26 20:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 06:15 . 2009-06-17 06:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-17 06:15 . 2009-06-17 06:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-17 06:15 . 2009-05-26 20:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-17 03:50 . 2009-06-18 09:59 -------- d-----w- C:\1.Junk
2009-06-17 03:47 . 2009-06-17 22:00 -------- d-----w- c:\program files\uTorrent
2009-06-17 03:47 . 2009-06-17 22:00 -------- d-----w- c:\documents and settings\Owner\Application Data\uTorrent
2009-06-17 03:38 . 2009-06-18 09:22 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-17 03:38 . 2009-06-17 03:39 -------- d-----w- c:\program files\SpywareBlaster
2009-06-17 03:38 . 2009-06-17 22:01 -------- d-----w- c:\program files\PeerGuardian2
2009-06-17 03:38 . 2009-06-17 21:55 -------- d-----w- c:\program files\SpywareGuard
2009-06-17 03:20 . 2009-06-17 10:39 -------- d-----w- c:\documents and settings\All Users\Application Data\RFA_Backups
2009-06-17 00:35 . 2009-06-17 00:35 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-17 00:35 . 2009-06-17 00:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-17 00:25 . 2009-06-17 00:26 -------- d-----w- c:\documents and settings\Owner\Application Data\Media Player Classic
2009-06-17 00:25 . 2009-06-17 00:25 -------- d-----w- c:\program files\Trend Micro
2009-06-17 00:10 . 2008-12-09 04:45 92488 ----a-w- c:\windows\system32\drivers\SysPlant.sys
2009-06-17 00:10 . 2009-06-17 00:10 60800 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-06-17 00:10 . 2009-06-17 00:10 123952 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-06-17 00:06 . 2008-12-09 05:42 669000 -c--a-w- c:\documents and settings\All Users\Application Data\Symantec\Cached Installs\{3BAB4914-9CC1-4CC2-A3DA-56EF62DFD373}\smcinst.exe
2009-06-17 00:06 . 2006-05-16 18:58 2584848 -c--a-w- c:\documents and settings\All Users\Application Data\Symantec\Cached Installs\{3BAB4914-9CC1-4CC2-A3DA-56EF62DFD373}\WindowsInstaller-KB893803-x86.exe
2009-06-17 00:06 . 2008-12-12 03:18 300432 -c--a-w- c:\documents and settings\All Users\Application Data\Symantec\Cached Installs\{3BAB4914-9CC1-4CC2-A3DA-56EF62DFD373}\Setup.exe
2009-06-17 00:06 . 2008-06-30 23:36 927088 -c--a-w- c:\documents and settings\All Users\Application Data\Symantec\Cached Installs\{3BAB4914-9CC1-4CC2-A3DA-56EF62DFD373}\LuCheck.exe
2009-06-17 00:06 . 2008-06-30 23:37 3554472 -c--a-w- c:\documents and settings\All Users\Application Data\Symantec\Cached Installs\{3BAB4914-9CC1-4CC2-A3DA-56EF62DFD373}\LUSETUP.EXE
2009-06-17 00:05 . 2009-06-17 00:10 -------- d-----w- c:\program files\Symantec
2009-06-16 23:48 . 2004-05-26 21:53 15781 ----a-w- c:\windows\system32\drivers\mdc8021x.sys
2009-06-16 23:48 . 2004-05-07 20:47 79616 ----a-w- c:\windows\system32\rt2500usb.sys
2009-06-16 23:48 . 2004-05-07 20:47 79616 ----a-w- c:\windows\system32\drivers\rt2500usb.sys
2009-06-16 23:48 . 2004-04-24 05:43 374752 ----a-w- c:\windows\system32\WUSBGXP.sys
2009-06-16 23:48 . 2004-01-08 00:04 339488 ----a-w- c:\windows\system32\WUSB20XP.sys
2009-06-16 23:48 . 2003-10-13 22:30 94208 ----a-w- c:\windows\system32\GTW32N50.dll
2009-06-16 23:48 . 2003-09-26 05:15 15872 ----a-w- c:\windows\system32\GTNDIS5.sys
2009-06-16 23:48 . 2009-06-16 23:48 -------- d-----w- c:\program files\Linksys Wireless-G USB Wireless Network Monitor
2009-06-16 23:43 . 2004-08-04 04:58 14848 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2009-06-16 23:43 . 2004-08-04 04:58 14848 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2009-06-16 10:28 . 2009-06-16 10:28 60880 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-16 10:28 . 2009-06-16 10:28 -------- d-----w- c:\documents and settings\Administrator\Application Data\TuneUp Software
2009-06-16 10:06 . 2009-06-16 10:06 -------- d-----w- c:\documents and settings\Owner\Application Data\TuneUp Software
2009-06-16 10:06 . 2009-06-16 10:06 306432 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-06-16 10:06 . 2007-12-20 17:41 29440 ----a-w- c:\windows\system32\uxtuneup.dll
2009-06-16 10:05 . 2009-06-16 10:05 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software
2009-06-16 10:05 . 2009-06-16 10:06 -------- d-----w- c:\program files\TuneUp Utilities 2008
2009-06-16 10:04 . 2009-06-16 10:04 7406 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{376DA9DC-71B3-4AB7-A80C-8ED02A736172}\_613b295c.exe
2009-06-16 10:04 . 2009-06-16 10:04 7406 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{376DA9DC-71B3-4AB7-A80C-8ED02A736172}\_31c75249.exe
2009-06-16 10:04 . 2009-06-16 10:04 23558 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{376DA9DC-71B3-4AB7-A80C-8ED02A736172}\_12bb5fca.exe
2009-06-16 10:04 . 2009-06-16 10:04 -------- d-----w- c:\program files\Foxit Software
2009-06-16 10:02 . 2009-06-17 03:26 -------- d-----w- C:\Registry Back Up Files
2009-06-16 09:27 . 2009-06-16 09:27 -------- d-----w- c:\program files\Driver Magician
2009-06-16 09:27 . 2009-06-16 09:27 -------- d-----w- c:\program files\DAMN NFO Viewer
2009-06-16 09:24 . 2007-09-04 16:56 164352 ----a-w- c:\windows\system32\unrar.dll
2009-06-16 09:24 . 2009-06-16 09:26 6144 ----a-w- c:\documents and settings\All Users\Application Data\Spyware Terminator\sp_rsdel.exe
2009-06-16 09:24 . 2009-06-16 09:26 5632 ----a-w- c:\documents and settings\All Users\Application Data\Spyware Terminator\fileobjinfo.sys
2009-06-16 09:24 . 2009-06-16 09:25 141312 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2009-06-16 09:24 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2009-06-16 09:24 . 2008-01-10 12:16 159839 ----a-w- c:\windows\system32\xvidvfw.dll
2009-06-16 09:24 . 2008-01-10 12:15 755027 ----a-w- c:\windows\system32\xvidcore.dll
2009-06-16 09:24 . 2008-07-25 08:34 81920 ----a-w- c:\windows\system32\dpl100.dll
2009-06-16 09:24 . 2008-07-23 16:50 3596288 ----a-w- c:\windows\system32\qt-dx331.dll
2009-06-16 09:24 . 2008-07-25 08:34 683520 ----a-w- c:\windows\system32\divx.dll
2009-06-16 09:24 . 2008-06-12 18:36 7680 ----a-w- c:\windows\system32\ff_vfw.dll
2009-06-16 09:23 . 2009-06-16 09:24 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-06-16 09:23 . 2009-06-17 21:36 -------- d-----w- c:\documents and settings\Owner\Application Data\Spyware Terminator
2009-06-16 09:23 . 2009-06-17 20:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Spyware Terminator
2009-06-16 09:23 . 2009-06-17 22:16 -------- d-----w- c:\program files\Spyware Terminator
2009-06-16 09:20 . 2009-06-18 07:44 -------- d-----w- c:\program files\Registry Clean Expert
2009-06-16 09:18 . 2009-06-17 21:53 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-16 09:16 . 2009-06-17 00:38 -------- d-----w- c:\program files\CCleaner
2009-06-16 08:52 . 2009-06-16 08:52 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Help
2009-06-16 08:48 . 2009-06-16 08:48 -------- d-----w- c:\documents and settings\Administrator\Application Data\Template
2009-06-16 08:44 . 2009-06-16 08:44 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\AOL
2009-06-16 08:31 . 2003-01-03 13:20 65536 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{49FC50FC-F965-40D9-89B4-CBFF80941033}\ARPPRODUCTICON.exe
2009-06-08 23:22 . 2009-06-08 23:22 -------- d-----w- c:\documents and settings\Frankie & Thelma\Local Settings\Application Data\AOL Email Toolbar
2009-06-03 04:38 . 2009-06-03 04:38 -------- d-----w- c:\documents and settings\Owner\Application Data\acccore
2009-06-03 04:24 . 2009-06-03 04:24 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL OCP
2009-06-03 04:06 . 2009-06-03 04:06 686928 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\comps\SinfInst.exe
2009-06-03 04:06 . 2009-06-03 04:06 607392 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\comps\wbsetup.exe
2009-06-03 04:06 . 2009-06-03 04:06 7976 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\comps\wappchck.dll
2009-06-03 04:06 . 2009-06-03 04:06 95792 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\AOLFwMgr.dll
2009-06-03 04:06 . 2009-06-03 04:06 1174536 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\comps\prfrd.exe
2009-06-03 04:06 . 2009-06-03 04:06 383128 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\comps\tbsetup.exe
2009-06-03 04:05 . 2009-06-03 04:06 1651320 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\comps\reginst4.exe
2009-06-03 04:05 . 2009-06-03 04:05 205360 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\comps\maillang.exe
2009-06-03 04:04 . 2009-06-03 04:05 6363152 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\comps\ocpinst.exe
2009-06-03 04:04 . 2009-06-03 04:04 641960 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\comps\SLinst.exe
2009-06-03 04:03 . 2009-06-03 04:04 357304 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\comps\frntinst.exe
2009-06-03 04:03 . 2009-06-03 04:03 2439824 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\comps\ocpinsti.exe
2009-06-03 04:03 . 2009-06-03 04:03 17192 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\comps\brwschk.dll
2009-06-03 04:03 . 2009-06-03 04:03 7976 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\comps\jgchck.dll
2009-06-03 04:03 . 2009-06-03 04:03 36136 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\postproc.exe
2009-06-03 04:03 . 2009-06-03 04:03 127224 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\comps\afixlang.exe
2009-06-03 04:03 . 2009-06-03 04:03 1362936 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\comps\msvc9rt.exe
2009-06-03 04:02 . 2009-06-03 04:03 964544 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\comps\acslaeu.exe
2009-06-03 04:02 . 2009-06-03 04:02 37672 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\comps\ACSInstC.dll
2009-06-03 04:02 . 2009-06-03 04:02 1218808 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\comps\mailinst.exe
2009-06-03 04:02 . 2009-06-03 04:02 80368 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\comps\alsetup.exe
2009-06-03 04:02 . 2009-06-03 04:02 15144 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\comps\ocpchk.dll
2009-06-03 04:02 . 2009-06-03 04:02 17704 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\comps\imappver.dll
2009-06-03 04:02 . 2009-06-03 04:02 849096 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\comps\muinst.exe
2009-06-03 04:02 . 2009-06-03 04:02 74536 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\comps\instSup.dll
2009-06-03 04:02 . 2009-06-03 04:02 49960 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\comps\SiNdInst.dll
2009-06-03 04:02 . 2009-06-03 04:02 8032 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\comps\vistachk.dll
2009-06-03 04:00 . 2009-06-03 04:00 1364064 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\comps\fdosetup.exe
2009-06-03 04:00 . 2009-06-03 04:00 11048 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\comps\ocfcheck.dll
2009-06-03 04:00 . 2009-06-03 04:00 294376 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\comps\iacinst.exe
2009-06-03 04:00 . 2009-06-03 04:00 45864 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\comps\ACSInstA.dll
2009-06-03 04:00 . 2009-06-03 04:00 74536 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\instSup.dll
2009-06-03 04:00 . 2009-06-03 04:00 1612544 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\comps\acslang.exe
2009-06-03 04:00 . 2009-06-03 04:00 83808 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\ProgUpd.dll
2009-06-03 03:58 . 2009-06-03 04:00 10533216 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\noneCodesignFilesBundle.exe
2009-06-03 03:58 . 2009-06-03 03:58 7976 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\suitedet.dll
2009-06-03 03:57 . 2009-06-03 03:58 1484136 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\comps\acscore.exe
2009-06-03 03:57 . 2009-06-03 03:57 420152 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\comps\AIMLang.exe
2009-06-03 03:57 . 2009-06-03 03:57 122832 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\comps\jginst.exe
2009-06-03 03:57 . 2009-06-03 03:57 7464 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\comps\ie7chck.dll
2009-06-03 03:57 . 2009-06-03 03:57 2426184 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\comps\frntlang.exe
2009-06-03 03:57 . 2009-06-03 03:57 11048 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\comps\tbinst.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-18 16:37 . 2006-11-30 22:24 -------- d-----w- c:\program files\Google
2009-06-18 16:21 . 2003-01-03 13:27 -------- d-----w- c:\program files\Common Files\Real
2009-06-18 16:20 . 2003-01-03 13:26 -------- d-----w- c:\program files\Common Files\aolshare
2009-06-18 16:20 . 2003-01-03 13:26 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
2009-06-18 16:18 . 2003-01-03 13:41 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-18 07:20 . 2006-10-20 19:30 -------- d-----w- c:\program files\LimeWire
2009-06-18 07:20 . 2003-01-03 13:26 -------- d-----w- c:\program files\America Online 9.0
2009-06-17 21:54 . 2003-01-03 13:44 -------- d-----w- c:\program files\Java
2009-06-17 00:13 . 2003-01-03 13:42 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-06-17 00:12 . 2003-01-03 13:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-06-17 00:10 . 2009-06-17 00:10 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-06-17 00:10 . 2009-06-17 00:10 10563 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-06-16 23:34 . 2008-02-06 03:14 -------- d-----w- c:\program files\MySpace
2009-06-16 09:02 . 2006-07-28 19:10 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-06-16 09:00 . 2009-06-16 08:30 -------- d-----w- c:\documents and settings\Administrator\Application Data\AOL
2009-06-16 08:48 . 2003-01-03 13:26 -------- d-----w- c:\program files\Common Files\AOL
2009-06-16 08:48 . 2009-06-16 08:48 44 ----a-w- c:\documents and settings\Administrator\Application Data\wklnhst.dat
2009-06-16 08:43 . 2003-01-03 13:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-06-09 08:24 . 2006-02-13 23:51 3994 -c--a-w- c:\documents and settings\Frankie & Thelma\Application Data\wklnhst.dat
2009-06-08 23:18 . 2006-02-13 23:51 60880 ----a-w- c:\documents and settings\Frankie & Thelma\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-03 04:02 . 2009-06-03 04:01 1983120 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\comps\toolbar.exe
2009-06-03 03:56 . 2006-07-28 18:56 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL Downloads
2009-06-02 02:34 . 2007-07-24 22:21 -------- d-----w- c:\documents and settings\Owner\Application Data\Simple Star
2009-06-02 02:33 . 2007-07-24 22:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Simple Star
2009-06-02 02:33 . 2007-07-24 22:21 -------- d-----w- c:\program files\Common Files\Simple Star Shared
2009-06-01 16:38 . 2006-08-04 19:24 6201 ----a-w- c:\documents and settings\All Users\Application Data\AOL\AOLszs.drv
2009-06-01 03:48 . 2004-10-13 19:18 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-01 03:22 . 2004-10-08 06:03 34968 ----a-w- c:\documents and settings\Owner\Application Data\wklnhst.dat
2009-05-07 15:44 . 2003-01-03 11:41 344064 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:56 . 2004-02-07 02:05 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2004-08-04 07:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-17 09:58 . 2003-01-03 11:42 1846656 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 15:26 . 2003-01-03 13:16 583168 ----a-w- c:\windows\system32\rpcrt4.dll
2007-01-22 02:19 . 2005-08-17 01:31 7168 -csha-w- c:\program files\Thumbs.db
2005-06-17 21:57 . 2005-05-03 01:54 205824 -c--a-w- c:\program files\GoodFaithEstimates[1].DOC.xls
2005-06-10 02:28 . 2005-05-09 21:00 235008 -c--a-w- c:\program files\GoodFaithEstimates(1).DOC.xls
2005-04-29 20:48 . 2005-04-29 20:48 131584 -c--a-w- c:\program files\ATTACHMENT1.doc
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WUSB54Gv4"="c:\program files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3.exe" [2004-04-19 24576]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-17 148888]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2004-03-03 46080]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-03-03 2904064]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-08-14 115560]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 71216]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2004-03-03 782336]
"nForce Tray Options"="sstray.exe" - c:\windows\system32\sstray.exe [2003-09-03 73728]
"CHotkey"="zHotkey.exe" - c:\windows\zHotkey.exe [2004-05-18 543232]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\2.tempo\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 19:05 356352 ----a-w- c:\2.tempo\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^Kevin & Joey^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
backup=c:\windows\pss\LimeWire On Startup.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^AOL Desktop.lnk]
backup=c:\windows\pss\AOL Desktop.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^SpywareGuard.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\SpywareGuard.lnk
backup=c:\windows\pss\SpywareGuard.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"=
"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1154027607\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [6/16/2009 6:04 PM 101936]
R3 WUSB54GV4SRV;Linksys Wireless-G USB Network Adapter Driver;c:\windows\system32\drivers\rt2500usb.sys [6/16/2009 4:48 PM 79616]
S2 Ca533av;Mega DV(Video);c:\windows\system32\Drivers\Ca533av.sys --> c:\windows\system32\Drivers\Ca533av.sys [?]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [11/18/2008 6:17 PM 23888]
S3 Radialpoint Security Services;Radialpoint Security Services;c:\windows\system32\dllhost.exe [1/3/2003 4:41 AM 5120]
S3 USBCamera;DSC Still Image Capture (CA533A);c:\windows\system32\Drivers\Bulk533.sys --> c:\windows\system32\Drivers\Bulk533.sys [?]
S4 Viewpoint Manager Service;Viewpoint Manager Service; [x]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - ATWPKT2
*NewlyCreated* - GTNDIS5
*Deregistered* - ATWPKT2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2009-06-16 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2008-01-08 20:31]
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-Symantec Antvirus


.
------- Supplementary Scan -------
.
uStart Page = hxxp://yahoo.com/
mStart Page = hxxp://www.msn.com
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-18 10:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(796)
c:\2.tempo\SASWINLO.dll

- - - - - - - > 'explorer.exe'(3564)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\SpywareGuard\spywareguard.dll
c:\2.tempo\SASSEH.DLL
c:\windows\system32\browselc.dll
c:\program files\SpywareGuard\dlprotect.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCR80.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\BRSS01A.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Linksys Wireless-G USB Wireless Network Monitor\InfoMyCa.exe
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\wanmpsvc.exe
c:\program files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
c:\program files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\Common Files\AOL\1154027607\ee\aolsoftware.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-06-18 10:22 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-18 17:22

Pre-Run: 134,823,608,320 bytes free
Post-Run: 135,320,940,544 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptOut

347 --- E O F --- 2009-06-17 06:33

[Shaba]

To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.

You will now be presented with a screen similar to the one below:



5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply.

[Fames]

Thanks once again Shaba for the support,
Am able to run spybot ,Malwarebytes' Anti-Malware now etc.
Heres the uninstall list

Code:

Acrobat.com
Adobe AIR
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Flash Player ActiveX
Adobe Reader 9.1.1
Adobe® Photoshop® Album Starter Edition 3.0
AOL Uninstaller (Choose which Products to Remove)
Brother 1440
CA Pest Patrol Realtime Protection
CalyxLoanBridge11
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window DSLR 5 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon MovieEdit Task for ZoomBrowser EX
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon ZoomBrowser EX (E)
CCleaner (remove only)
Critical Update for Windows Media Player 11 (KB959772)
Driver Magician 3.21
Foxit Reader
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
iPod for Windows 2005-01-11
iTunes
J2SE Runtime Environment 5.0 Update 6
Java 2 Runtime Environment, SE v1.4.2
Java(TM) 6 Update 14
K-Lite Codec Pack 4.1.4 (Full)
Lexmark Photo Center
Lexmark Skin:  Nature TV2
Lexmark Z700-P700 Series
Linksys Wireless-G USB Network Adapter
LiveUpdate 3.3 (Symantec Corporation)
Luxor (remove only)
Luxor 2 (remove only)
Macromedia Shockwave Player
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Excel Viewer 97
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 97, Professional Edition
Microsoft Picture It! Express 7.0
Microsoft Picture It! Photo Premium 9
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Works
Microsoft WSE 2.0 SP3 Runtime
Mozilla Firefox (3.0.11)
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
Multimedia Keyboard Driver
Nero BurnRights
NVIDIA Display Driver
NVIDIA Drivers
NVIDIA Ethernet Driver
PeerGuardian 2.0
Point
PowerDVD
QuickTime
Radialpoint Security Services
Registry Clean Expert
Registry First Aid
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
SoftV92 Data Fax Modem with SmartCP
Spybot - Search & Destroy
Spyware Terminator
SpywareBlaster 4.2
SpywareGuard v2.2
SUPERAntiSpyware Free Edition
Symantec Endpoint Protection
TuneUp Utilities 2008
UltraISO Premium V9.3
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB953356)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Windows Backup Utility
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WINForms 2000
WINForms Desktop
WinRAR archiver

[Shaba]

Please don't use code tags as said here

"It is preferable, and the log easier to read, if you do not use the [code] or [php] options."

Open notepad and copy/paste the text in the codebox below into it:

Code:

Folder::
c:\program files\uTorrent
c:\documents and settings\Owner\Application Data\uTorrent
c:\program files\LimeWire

Save this as "CFScript"

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.



This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

[Fames]

HJT

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:32:14 PM, on 6/18/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InfoMyCa.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\2.TEMPO\SUPERAntiSpyware.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\AOL\1154027607\ee\aolsoftware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [WUSB54Gv4] C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\2.TEMPO\SUPERAntiSpyware.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/s...OS/tgctlcm.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://lupita1garcia.spaces.live.com...d/MsnPUpld.cab
O16 - DPF: {528C14CD-CF9E-489C-A365-5999F17B69B9} (LightSurfUploadCtl Class) - http://pictures.sprintpcs.com/active...oadControl.cab
O16 - DPF: {588031A3-94BF-4CDD-86D0-939F6F93910F} (FixItClient Class) - https://fixit.support.microsoft.com/...ixItClient.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1156544601250
O16 - DPF: {A30FBBDC-FA29-4606-8565-14AADCCA6708} (Rite Aid One Hour Photo Online Control) - https://photos.riteaid.com/control/R...hotoOnline.cab
O20 - Winlogon Notify: !SASWinLogon - C:\2.TEMPO\SASWINLO.dll
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WUSB54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

--
End of file - 6987 bytes

[Fames]

combofix2log

ComboFix 09-06-17.04 - Owner 06/18/2009 23:00.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.447.158 [GMT -7:00]
Running from: c:\documents and settings\Owner\Desktop\adsa.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Owner\Application Data\uTorrent
c:\program files\LimeWire
c:\program files\uTorrent
c:\documents and settings\Owner\Application Data\uTorrent\dht.dat
c:\documents and settings\Owner\Application Data\uTorrent\dht.dat.old
c:\documents and settings\Owner\Application Data\uTorrent\Microsoft.Windows.XP.Professional.SP3.Integrated.April.2009.Corporate.Unattended-UP2DATE.torrent
c:\documents and settings\Owner\Application Data\uTorrent\Registry.First.Aid.Platinum.v7.0.0.1648.Multilingual.Incl.Keymaker.torrent
c:\documents and settings\Owner\Application Data\uTorrent\resume.dat
c:\documents and settings\Owner\Application Data\uTorrent\resume.dat.old
c:\documents and settings\Owner\Application Data\uTorrent\rss.dat
c:\documents and settings\Owner\Application Data\uTorrent\rss.dat.old
c:\documents and settings\Owner\Application Data\uTorrent\settings.dat
c:\documents and settings\Owner\Application Data\uTorrent\settings.dat.old
c:\documents and settings\Owner\Application Data\uTorrent\SpyHunter Security Suite 3.5.11+Crack-HeartBug.torrent
c:\documents and settings\Owner\Application Data\uTorrent\Winrar.torrent
c:\program files\LimeWire\donotremove.htm
c:\program files\LimeWire\hashes
c:\program files\LimeWire\i18n.jar
c:\program files\LimeWire\jl011.jar
c:\program files\LimeWire\LimeWire20.dll
c:\program files\LimeWire\log4j.properties
c:\program files\LimeWire\MessagesBundle.properties
c:\program files\LimeWire\MessagesBundles.jar
c:\program files\LimeWire\mp3sp14.jar
c:\program files\LimeWire\update.ver
c:\program files\LimeWire\vorbis.jar
c:\program files\LimeWire\WindowsFirewall.dll
c:\program files\LimeWire\xerces.jar
c:\program files\LimeWire\xml-apis.jar
c:\program files\LimeWire\xml.war

.
((((((((((((((((((((((((( Files Created from 2009-05-19 to 2009-06-19 )))))))))))))))))))))))))))))))
.

2009-06-18 17:36 . 2009-06-19 05:52 117760 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-06-18 17:35 . 2009-06-18 17:35 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-06-18 17:30 . 2009-06-18 17:30 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Symantec
2009-06-18 17:29 . 2009-06-18 17:29 3561743 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-06-18 17:28 . 2009-06-18 17:28 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2009-06-18 04:44 . 2009-06-18 04:44 -------- d-----w- c:\program files\UltraISO
2009-06-18 04:44 . 2009-06-18 04:44 -------- d-----w- c:\program files\Common Files\EZB Systems
2009-06-17 21:56 . 2009-06-17 21:56 -------- d-----w- C:\2.TEMPO
2009-06-17 21:56 . 2009-06-17 21:56 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2009-06-17 21:55 . 2009-06-17 21:54 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-17 21:52 . 2009-06-17 21:52 152576 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-17 20:46 . 2009-06-17 20:46 -------- d--h--w- c:\windows\PIF
2009-06-17 10:49 . 2009-06-17 10:50 -------- d-----w- C:\gmer
2009-06-17 08:05 . 2009-06-17 08:05 -------- d-----w- c:\program files\RFA
2009-06-17 06:15 . 2009-06-17 18:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 06:15 . 2009-06-18 17:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-17 06:15 . 2009-06-17 18:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-17 06:15 . 2009-06-17 06:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-17 03:50 . 2009-06-18 17:30 -------- d-----w- C:\1.Junk
2009-06-17 03:38 . 2009-06-18 17:34 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-17 03:38 . 2009-06-17 03:39 -------- d-----w- c:\program files\SpywareBlaster
2009-06-17 03:38 . 2009-06-17 22:01 -------- d-----w- c:\program files\PeerGuardian2
2009-06-17 03:38 . 2009-06-17 21:55 -------- d-----w- c:\program files\SpywareGuard
2009-06-17 03:20 . 2009-06-17 10:39 -------- d-----w- c:\documents and settings\All Users\Application Data\RFA_Backups
2009-06-17 00:35 . 2009-06-19 00:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-17 00:35 . 2009-06-17 00:35 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-17 00:25 . 2009-06-17 00:26 -------- d-----w- c:\documents and settings\Owner\Application Data\Media Player Classic
2009-06-17 00:25 . 2009-06-17 00:25 -------- d-----w- c:\program files\Trend Micro
2009-06-17 00:10 . 2008-12-09 04:45 92488 ----a-w- c:\windows\system32\drivers\SysPlant.sys
2009-06-17 00:10 . 2009-06-17 00:10 60800 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-06-17 00:10 . 2009-06-17 00:10 123952 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-06-17 00:06 . 2008-12-09 05:42 669000 -c--a-w- c:\documents and settings\All Users\Application Data\Symantec\Cached Installs\{3BAB4914-9CC1-4CC2-A3DA-56EF62DFD373}\smcinst.exe
2009-06-17 00:06 . 2006-05-16 18:58 2584848 -c--a-w- c:\documents and settings\All Users\Application Data\Symantec\Cached Installs\{3BAB4914-9CC1-4CC2-A3DA-56EF62DFD373}\WindowsInstaller-KB893803-x86.exe
2009-06-17 00:06 . 2008-12-12 03:18 300432 -c--a-w- c:\documents and settings\All Users\Application Data\Symantec\Cached Installs\{3BAB4914-9CC1-4CC2-A3DA-56EF62DFD373}\Setup.exe
2009-06-17 00:06 . 2008-06-30 23:36 927088 -c--a-w- c:\documents and settings\All Users\Application Data\Symantec\Cached Installs\{3BAB4914-9CC1-4CC2-A3DA-56EF62DFD373}\LuCheck.exe
2009-06-17 00:06 . 2008-06-30 23:37 3554472 -c--a-w- c:\documents and settings\All Users\Application Data\Symantec\Cached Installs\{3BAB4914-9CC1-4CC2-A3DA-56EF62DFD373}\LUSETUP.EXE
2009-06-17 00:05 . 2009-06-17 00:10 -------- d-----w- c:\program files\Symantec
2009-06-16 23:48 . 2004-05-26 21:53 15781 ----a-w- c:\windows\system32\drivers\mdc8021x.sys
2009-06-16 23:48 . 2004-05-07 20:47 79616 ----a-w- c:\windows\system32\rt2500usb.sys
2009-06-16 23:48 . 2004-05-07 20:47 79616 ----a-w- c:\windows\system32\drivers\rt2500usb.sys
2009-06-16 23:48 . 2004-04-24 05:43 374752 ----a-w- c:\windows\system32\WUSBGXP.sys
2009-06-16 23:48 . 2004-01-08 00:04 339488 ----a-w- c:\windows\system32\WUSB20XP.sys
2009-06-16 23:48 . 2003-10-13 22:30 94208 ----a-w- c:\windows\system32\GTW32N50.dll
2009-06-16 23:48 . 2003-09-26 05:15 15872 ----a-w- c:\windows\system32\GTNDIS5.sys
2009-06-16 23:48 . 2009-06-16 23:48 -------- d-----w- c:\program files\Linksys Wireless-G USB Wireless Network Monitor
2009-06-16 23:43 . 2004-08-04 04:58 14848 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2009-06-16 23:43 . 2004-08-04 04:58 14848 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2009-06-16 10:28 . 2009-06-16 10:28 60880 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-16 10:28 . 2009-06-16 10:28 -------- d-----w- c:\documents and settings\Administrator\Application Data\TuneUp Software
2009-06-16 10:06 . 2009-06-16 10:06 -------- d-----w- c:\documents and settings\Owner\Application Data\TuneUp Software
2009-06-16 10:06 . 2009-06-16 10:06 306432 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-06-16 10:06 . 2007-12-20 17:41 29440 ----a-w- c:\windows\system32\uxtuneup.dll
2009-06-16 10:05 . 2009-06-16 10:05 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software
2009-06-16 10:05 . 2009-06-16 10:06 -------- d-----w- c:\program files\TuneUp Utilities 2008
2009-06-16 10:04 . 2009-06-16 10:04 7406 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{376DA9DC-71B3-4AB7-A80C-8ED02A736172}\_613b295c.exe
2009-06-16 10:04 . 2009-06-16 10:04 7406 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{376DA9DC-71B3-4AB7-A80C-8ED02A736172}\_31c75249.exe
2009-06-16 10:04 . 2009-06-16 10:04 23558 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{376DA9DC-71B3-4AB7-A80C-8ED02A736172}\_12bb5fca.exe
2009-06-16 10:04 . 2009-06-16 10:04 -------- d-----w- c:\program files\Foxit Software
2009-06-16 10:02 . 2009-06-17 03:26 -------- d-----w- C:\Registry Back Up Files
2009-06-16 09:27 . 2009-06-16 09:27 -------- d-----w- c:\program files\Driver Magician
2009-06-16 09:27 . 2009-06-16 09:27 -------- d-----w- c:\program files\DAMN NFO Viewer
2009-06-16 09:24 . 2007-09-04 16:56 164352 ----a-w- c:\windows\system32\unrar.dll
2009-06-16 09:24 . 2009-06-16 09:26 6144 ----a-w- c:\documents and settings\All Users\Application Data\Spyware Terminator\sp_rsdel.exe
2009-06-16 09:24 . 2009-06-16 09:26 5632 ----a-w- c:\documents and settings\All Users\Application Data\Spyware Terminator\fileobjinfo.sys
2009-06-16 09:24 . 2009-06-16 09:25 141312 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2009-06-16 09:24 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2009-06-16 09:24 . 2008-01-10 12:16 159839 ----a-w- c:\windows\system32\xvidvfw.dll
2009-06-16 09:24 . 2008-01-10 12:15 755027 ----a-w- c:\windows\system32\xvidcore.dll
2009-06-16 09:24 . 2008-07-25 08:34 81920 ----a-w- c:\windows\system32\dpl100.dll
2009-06-16 09:24 . 2008-07-23 16:50 3596288 ----a-w- c:\windows\system32\qt-dx331.dll
2009-06-16 09:24 . 2008-07-25 08:34 683520 ----a-w- c:\windows\system32\divx.dll
2009-06-16 09:24 . 2008-06-12 18:36 7680 ----a-w- c:\windows\system32\ff_vfw.dll
2009-06-16 09:23 . 2009-06-16 09:24 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-06-16 09:23 . 2009-06-17 21:36 -------- d-----w- c:\documents and settings\Owner\Application Data\Spyware Terminator
2009-06-16 09:23 . 2009-06-17 20:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Spyware Terminator
2009-06-16 09:23 . 2009-06-17 22:16 -------- d-----w- c:\program files\Spyware Terminator
2009-06-16 09:20 . 2009-06-18 07:44 -------- d-----w- c:\program files\Registry Clean Expert
2009-06-16 09:18 . 2009-06-17 21:53 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-16 09:16 . 2009-06-17 00:38 -------- d-----w- c:\program files\CCleaner
2009-06-16 08:52 . 2009-06-16 08:52 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Help
2009-06-16 08:48 . 2009-06-16 08:48 -------- d-----w- c:\documents and settings\Administrator\Application Data\Template
2009-06-16 08:44 . 2009-06-16 08:44 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\AOL
2009-06-16 08:31 . 2003-01-03 13:20 65536 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{49FC50FC-F965-40D9-89B4-CBFF80941033}\ARPPRODUCTICON.exe
2009-06-08 23:22 . 2009-06-08 23:22 -------- d-----w- c:\documents and settings\Frankie & Thelma\Local Settings\Application Data\AOL Email Toolbar
2009-06-03 04:38 . 2009-06-03 04:38 -------- d-----w- c:\documents and settings\Owner\Application Data\acccore
2009-06-03 04:24 . 2009-06-03 04:24 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL OCP
2009-06-03 04:06 . 2009-06-03 04:06 686928 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\comps\SinfInst.exe
2009-06-03 04:06 . 2009-06-03 04:06 607392 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\comps\wbsetup.exe
2009-06-03 04:06 . 2009-06-03 04:06 7976 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\comps\wappchck.dll
2009-06-03 04:06 . 2009-06-03 04:06 95792 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\AOLFwMgr.dll
2009-06-03 04:06 . 2009-06-03 04:06 1174536 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\comps\prfrd.exe
2009-06-03 04:06 . 2009-06-03 04:06 383128 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\comps\tbsetup.exe
2009-06-03 04:05 . 2009-06-03 04:06 1651320 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\comps\reginst4.exe
2009-06-03 04:05 . 2009-06-03 04:05 205360 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\comps\maillang.exe
2009-06-03 04:04 . 2009-06-03 04:05 6363152 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\comps\ocpinst.exe
2009-06-03 04:04 . 2009-06-03 04:04 641960 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\comps\SLinst.exe
2009-06-03 04:03 . 2009-06-03 04:04 357304 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\comps\frntinst.exe
2009-06-03 04:03 . 2009-06-03 04:03 2439824 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\comps\ocpinsti.exe
2009-06-03 04:03 . 2009-06-03 04:03 17192 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\comps\brwschk.dll
2009-06-03 04:03 . 2009-06-03 04:03 7976 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\comps\jgchck.dll
2009-06-03 04:03 . 2009-06-03 04:03 36136 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\postproc.exe
2009-06-03 04:03 . 2009-06-03 04:03 127224 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\comps\afixlang.exe
2009-06-03 04:03 . 2009-06-03 04:03 1362936 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\comps\msvc9rt.exe
2009-06-03 04:02 . 2009-06-03 04:03 964544 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\comps\acslaeu.exe
2009-06-03 04:02 . 2009-06-03 04:02 37672 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\comps\ACSInstC.dll
2009-06-03 04:02 . 2009-06-03 04:02 1218808 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\comps\mailinst.exe
2009-06-03 04:02 . 2009-06-03 04:02 80368 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\comps\alsetup.exe
2009-06-03 04:02 . 2009-06-03 04:02 15144 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\comps\ocpchk.dll
2009-06-03 04:02 . 2009-06-03 04:02 17704 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\comps\imappver.dll
2009-06-03 04:02 . 2009-06-03 04:02 849096 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\comps\muinst.exe
2009-06-03 04:02 . 2009-06-03 04:02 74536 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\comps\instSup.dll
2009-06-03 04:02 . 2009-06-03 04:02 49960 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\comps\SiNdInst.dll
2009-06-03 04:02 . 2009-06-03 04:02 8032 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\comps\vistachk.dll
2009-06-03 04:00 . 2009-06-03 04:00 1364064 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\comps\fdosetup.exe
2009-06-03 04:00 . 2009-06-03 04:00 11048 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\comps\ocfcheck.dll
2009-06-03 04:00 . 2009-06-03 04:00 294376 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\comps\iacinst.exe
2009-06-03 04:00 . 2009-06-03 04:00 45864 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\comps\ACSInstA.dll
2009-06-03 04:00 . 2009-06-03 04:00 74536 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\instSup.dll
2009-06-03 04:00 . 2009-06-03 04:00 1612544 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\comps\acslang.exe
2009-06-03 04:00 . 2009-06-03 04:00 83808 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\ProgUpd.dll
2009-06-03 03:58 . 2009-06-03 04:00 10533216 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\noneCodesignFilesBundle.exe
2009-06-03 03:58 . 2009-06-03 03:58 7976 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\suitedet.dll
2009-06-03 03:57 . 2009-06-03 03:58 1484136 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\comps\acscore.exe
2009-06-03 03:57 . 2009-06-03 03:57 420152 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\comps\AIMLang.exe
2009-06-03 03:57 . 2009-06-03 03:57 122832 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\comps\jginst.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-18 16:37 . 2006-11-30 22:24 -------- d-----w- c:\program files\Google
2009-06-18 16:21 . 2003-01-03 13:27 -------- d-----w- c:\program files\Common Files\Real
2009-06-18 16:20 . 2003-01-03 13:26 -------- d-----w- c:\program files\Common Files\aolshare
2009-06-18 16:20 . 2003-01-03 13:26 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
2009-06-18 16:18 . 2003-01-03 13:41 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-18 07:20 . 2003-01-03 13:26 -------- d-----w- c:\program files\America Online 9.0
2009-06-17 21:54 . 2003-01-03 13:44 -------- d-----w- c:\program files\Java
2009-06-17 00:13 . 2003-01-03 13:42 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-06-17 00:12 . 2003-01-03 13:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-06-17 00:10 . 2009-06-17 00:10 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-06-17 00:10 . 2009-06-17 00:10 10563 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-06-16 23:34 . 2008-02-06 03:14 -------- d-----w- c:\program files\MySpace
2009-06-16 09:02 . 2006-07-28 19:10 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-06-16 09:00 . 2009-06-16 08:30 -------- d-----w- c:\documents and settings\Administrator\Application Data\AOL
2009-06-16 08:48 . 2003-01-03 13:26 -------- d-----w- c:\program files\Common Files\AOL
2009-06-16 08:48 . 2009-06-16 08:48 44 ----a-w- c:\documents and settings\Administrator\Application Data\wklnhst.dat
2009-06-16 08:43 . 2003-01-03 13:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-06-09 08:24 . 2006-02-13 23:51 3994 -c--a-w- c:\documents and settings\Frankie & Thelma\Application Data\wklnhst.dat
2009-06-08 23:18 . 2006-02-13 23:51 60880 ----a-w- c:\documents and settings\Frankie & Thelma\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-03 04:02 . 2009-06-03 04:01 1983120 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\NexusSuite\2.1.84.1\comps\toolbar.exe
2009-06-03 03:56 . 2006-07-28 18:56 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL Downloads
2009-06-02 02:34 . 2007-07-24 22:21 -------- d-----w- c:\documents and settings\Owner\Application Data\Simple Star
2009-06-02 02:33 . 2007-07-24 22:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Simple Star
2009-06-02 02:33 . 2007-07-24 22:21 -------- d-----w- c:\program files\Common Files\Simple Star Shared
2009-06-01 16:38 . 2006-08-04 19:24 6201 ----a-w- c:\documents and settings\All Users\Application Data\AOL\AOLszs.drv
2009-06-01 03:48 . 2004-10-13 19:18 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-01 03:22 . 2004-10-08 06:03 34968 ----a-w- c:\documents and settings\Owner\Application Data\wklnhst.dat
2009-05-07 15:44 . 2003-01-03 11:41 344064 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:56 . 2004-02-07 02:05 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2004-08-04 07:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-21 05:12 . 2008-06-20 06:12 149768 ----a-w- c:\windows\system32\drivers\WpsHelper.sys
2009-04-17 09:58 . 2003-01-03 11:42 1846656 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 15:26 . 2003-01-03 13:16 583168 ----a-w- c:\windows\system32\rpcrt4.dll
2007-01-22 02:19 . 2005-08-17 01:31 7168 -csha-w- c:\program files\Thumbs.db
2005-06-17 21:57 . 2005-05-03 01:54 205824 -c--a-w- c:\program files\GoodFaithEstimates[1].DOC.xls
2005-06-10 02:28 . 2005-05-09 21:00 235008 -c--a-w- c:\program files\GoodFaithEstimates(1).DOC.xls
2005-04-29 20:48 . 2005-04-29 20:48 131584 -c--a-w- c:\program files\ATTACHMENT1.doc
.

((((((((((((((((((((((((((((( SnapShot@2009-06-18_17.15.57 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-19 03:58 . 2009-06-19 03:58 16384 c:\windows\temp\Perflib_Perfdata_d0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"SUPERAntiSpyware"="c:\2.tempo\SUPERAntiSpyware.exe" [2009-05-26 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WUSB54Gv4"="c:\program files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3.exe" [2004-04-19 24576]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-17 148888]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2004-03-03 46080]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-03-03 2904064]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-08-14 115560]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 71216]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2004-03-03 782336]
"nForce Tray Options"="sstray.exe" - c:\windows\system32\sstray.exe [2003-09-03 73728]
"CHotkey"="zHotkey.exe" - c:\windows\zHotkey.exe [2004-05-18 543232]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\2.tempo\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 19:05 356352 ----a-w- c:\2.tempo\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^Kevin & Joey^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
backup=c:\windows\pss\LimeWire On Startup.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^AOL Desktop.lnk]
backup=c:\windows\pss\AOL Desktop.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^SpywareGuard.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\SpywareGuard.lnk
backup=c:\windows\pss\SpywareGuard.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"=
"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1154027607\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=

R1 SASDIFSV;SASDIFSV;c:\2.tempo\sasdifsv.sys [5/26/2009 10:05 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\2.tempo\SASKUTIL.SYS [5/26/2009 10:05 AM 72944]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [6/16/2009 6:04 PM 101936]
R3 SASENUM;SASENUM;c:\2.tempo\SASENUM.SYS [5/26/2009 10:05 AM 7408]
S2 Ca533av;Mega DV(Video);c:\windows\system32\Drivers\Ca533av.sys --> c:\windows\system32\Drivers\Ca533av.sys [?]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [11/18/2008 6:17 PM 23888]
S3 Radialpoint Security Services;Radialpoint Security Services;c:\windows\system32\dllhost.exe [1/3/2003 4:41 AM 5120]
S3 USBCamera;DSC Still Image Capture (CA533A);c:\windows\system32\Drivers\Bulk533.sys --> c:\windows\system32\Drivers\Bulk533.sys [?]
S3 WUSB54GV4SRV;Linksys Wireless-G USB Network Adapter Driver;c:\windows\system32\drivers\rt2500usb.sys [6/16/2009 4:48 PM 79616]
S4 Viewpoint Manager Service;Viewpoint Manager Service; [x]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - GTNDIS5

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2009-06-16 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2008-01-08 20:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://yahoo.com/
mStart Page = hxxp://www.msn.com
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-18 23:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid]
@DACL=(02 0000)
@="{00020420-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid32]
@DACL=(02 0000)
@="{00020420-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib]
@DACL=(02 0000)
@="{29D67D3C-509A-4544-903F-C8C1B8236554}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(860)
c:\2.tempo\SASWINLO.dll
.
Completion time: 2009-06-19 23:11
ComboFix-quarantined-files.txt 2009-06-19 06:11
ComboFix2.txt 2009-06-18 17:22

Pre-Run: 135,289,364,480 bytes free
Post-Run: 135,273,381,888 bytes free

324 --- E O F --- 2009-06-17 06:33

[Fames]

Malwarebytes' Anti-Malware

Malwarebytes' Anti-Malware 1.38
Database version: 2304
Windows 5.1.2600 Service Pack 2

6/18/2009 5:13:55 PM
mbam-log-2009-06-18 (17-13-55).txt

Scan type: Full Scan (C:\|)
Objects scanned: 196767
Time elapsed: 3 hour(s), 10 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 14

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Qoobox\quarantine\C\WINDOWS\system32\kungsfdvtyhosw.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\system32\kungsfmbiimicg.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\qoobox\quarantine\c\windows\system32\UACobqoikqxwnkoobr.dll.vir (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\system32\drivers\UACvxdpmylyxmynsms.sys.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\symantec\srtsp\quarantine\APQ27.tmp (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ab52bd40-7182-4e6d-a2d3-98415849e1a9}\RP0\A0000001.sys (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ab52bd40-7182-4e6d-a2d3-98415849e1a9}\RP0\A0000002.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ab52bd40-7182-4e6d-a2d3-98415849e1a9}\RP0\A0000003.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ab52bd40-7182-4e6d-a2d3-98415849e1a9}\RP0\A0000004.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ab52bd40-7182-4e6d-a2d3-98415849e1a9}\RP0\A0000005.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ab52bd40-7182-4e6d-a2d3-98415849e1a9}\RP0\A0000006.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ab52bd40-7182-4e6d-a2d3-98415849e1a9}\RP0\A0000007.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ab52bd40-7182-4e6d-a2d3-98415849e1a9}\RP0\A0000028.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ab52bd40-7182-4e6d-a2d3-98415849e1a9}\RP0\A0000029.dll (Trojan.TDSS) -> Quarantined and deleted successfully.

[Fames]

Superantispyware Log

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/18/2009 at 08:55 PM

Application Version : 4.26.1004

Core Rules Database Version : 3946
Trace Rules Database Version: 1888

Scan type : Custom Scan
Total Scan Time : 03:01:02

Memory items scanned : 287
Memory threats detected : 0
Registry items scanned : 5872
Registry threats detected : 14
File items scanned : 22590
File threats detected : 1

Adware.MyWebSearch
HKU\S-1-5-21-1998469870-2949107309-3658109023-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D}
HKU\S-1-5-21-1998469870-2949107309-3658109023-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
HKU\S-1-5-21-1998469870-2949107309-3658109023-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
HKU\S-1-5-21-1998469870-2949107309-3658109023-501\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D}
HKU\S-1-5-21-1998469870-2949107309-3658109023-501\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA}

Adware.ZToolbar
HKU\S-1-5-21-1998469870-2949107309-3658109023-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB}
HKU\S-1-5-21-1998469870-2949107309-3658109023-501\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB}

Adware.MyWebSearch/FunWebProducts
HKU\S-1-5-21-1998469870-2949107309-3658109023-1007\SOFTWARE\FunWebProducts
HKU\S-1-5-21-1998469870-2949107309-3658109023-501\SOFTWARE\FunWebProducts
HKU\S-1-5-21-1998469870-2949107309-3658109023-501\SOFTWARE\MyWebSearch
HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid
HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid32
HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib

Adware.Accoona
C:\SYSTEM VOLUME INFORMATION\_RESTORE{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP0\A0000157.EXE

[Shaba]

1. Please download this tool from Microsoft.
2. Double click on MGADiag.exe to run it.
3. Click Continue.
4. The program will run. It takes a while to finish the diagnosis, please be patient.
5. Once done, click on Copy.
6. Open Notepad and paste the contents in. Save this file and post it in your next reply.

[Fames]

Diagnostic Report (1.9.0006.1):
-----------------------------------------
WGA Data-->
Validation Status: Genuine
Validation Code: 0
Online Validation Code: N/A
Cached Validation Code: N/A
Windows Product Key: *****-*****-J8BM6-MXPH6-3R2BW
Windows Product Key Hash: YMRVitCEjlJfwDQfjDvm97FbWA4=
Windows Product ID: 55277-OEM-2111907-00103
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 5.1.2600.2.00010300.2.0.hom
ID: {46B148B4-8AD6-459B-83D8-53540B7B0D8C}(1)
Is Admin: Yes
TestCab: 0x0
WGA Version: Registered, 1.7.18.5
Signed By: Microsoft
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-230-1
Resolution Status: N/A

WgaER Data-->
ThreatID(s): N/A
Version: N/A

WGA Notifications Data-->
Cached Result: 0
File Exists: Yes
Version: 1.7.18.5
WgaTray.exe Signed By: Microsoft
WgaLogon.dll Signed By: Microsoft

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
WGATray.exe Signed By: Microsoft
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: Registered, 1.6.21.0
Signed By: Microsoft
Office Diagnostics: 025D1FF3-230-1

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Win32)
Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{46B148B4-8AD6-459B-83D8-53540B7B0D8C}</UGUID><Version>1.9.0006.1</Version><OS>5.1.2600.2.00010300.2.0.hom</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-3R2BW</PKey><PID>55277-OEM-2111907-00103</PID><PIDType>2</PIDType><SID>S-1-5-21-1998469870-2949107309-3658109023</SID><SYSTEM><Manufacturer>eMachines</Manufacturer><Model>Product Name</Model></SYSTEM><BIOS><Manufacturer>Phoenix Technologies, LTD</Manufacturer><Version>TCB432C</Version><SMBIOSVersion major="2" minor="3"/><Date>20040806000000.000000+000</Date><SLPBIOS>Gateway,Gateway,Gateway,Gateway</SLPBIOS></BIOS><HWID>287736570184AE5F</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Pacific Standard Time(GMT-08:00)</TimeZone><iJoin>0</iJoin><SBID><stat>2</stat><msppid></msppid><name>eMachines</name><model>T3256</model></SBID><OEM/><GANotification><File Name="WgaTray.exe" Version="1.7.18.5"/><File Name="WgaLogon.dll" Version="1.7.18.5"/></GANotification></MachineData> <Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Licensing Data-->
N/A

HWID Data-->
N/A

OEM Activation 1.0 Data-->
BIOS string matches: yes
Marker string from BIOS: 1005B:emachines inc|1005B:Gateway, Inc
Marker string from OEMBIOS.DAT: Gateway,Gateway,Gateway,Gateway

OEM Activation 2.0 Data-->
N/A