PDA

View Full Version : win32.fraudload.edt +?



Tassleh0ff
2010-09-10, 09:34
Hello,

Three days ago I ran Spybot and found win32.fraudload.edt on my computer. Today I found my laptop to be unusable, due to a fraudulent security center preventing me from opening any programs/internet/scanners etc. and set out to try to fix it. In that process, I ran combofix despite all warnings - it allowed me to use my laptop to post here and get help, at least, but I apologize for any extra work that may cause. I ran spybot again after the use of combofix and see that win32.fraudload.edt is still there! So here I am. I saved the log that combo fix created, as well. I did not uninstall combofix yet.

Here's my DDS log:

DDS (Ver_10-03-17.01) - NTFSx86
Run by Tom at 23:19:14.90 on Thu 09/09/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.388 [GMT -7:00]


============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Razer\razerhid.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Razer\DeathAdder\razerhid.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\SUPERAntiSpyware\lauren.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Razer\razerofa.exe
C:\Program Files\Razer\DeathAdder\razertra.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Razer\DeathAdder\razerofa.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Tom\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://www.inselkampf.com/
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:6092
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {348FE907-249E-4C65-A838-F34A193FE1D1} - No File
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
uRun: [DAEMON Tools] "c:\program files\daemon tools\daemon.exe" -lang 1033
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\lauren.exe
uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Skype] "c:\documents and settings\tom\application data\skype\phone\Skype.exe" /nosplash /minimized
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe
mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [EOUApp] "c:\program files\intel\wireless\bin\EOUWiz.exe"
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [razer] c:\program files\razer\razerhid.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd.exe"
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [DeathAdder] c:\program files\razer\deathadder\razerhid.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
StartupFolder: c:\docume~1\tom\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: ucsd.edu\vpn
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} - hxxps://www.e-games.com.my/com/EGamesPlugin.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://vpn-2.ucsd.edu/CACHE/stc/1/binaries/vpnweb.cab
DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.2.1.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: WB - c:\program files\alienguise\fastload.dll
AppInit_DLLs: c:\windows\system32\wbsys.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\tom\applic~1\mozilla\firefox\profiles\qi3diwq6.default\
FF - prefs.js: browser.search.selectedEngine - Fast Browser Search
FF - plugin: c:\documents and settings\tom\application data\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\opera\program\plugins\npqtplugin8.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-6-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-6-23 72944]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-10-7 24652]
R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\cisco\cisco anyconnect vpn client\vpnagent.exe [2008-5-19 370872]
R3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [2009-3-26 22784]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-6-23 7408]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\tom\locals~1\temp\soic4.tmp --> c:\docume~1\tom\locals~1\temp\SOIC4.tmp [?]
S3 Razerlow;Razerlow USB Filter Driver;c:\windows\system32\drivers\Razerlow.sys [2007-5-17 13225]

=============== Created Last 30 ================

2010-09-10 01:35:30 0 d-----w- c:\program files\SpywareBlaster
2010-09-10 01:31:24 0 d-sh--w- c:\documents and settings\tom\PrivacIE
2010-09-10 01:24:15 0 d-sh--w- c:\documents and settings\tom\IETldCache
2010-09-10 01:20:49 16896 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-09-10 01:20:26 0 d-----w- c:\windows\ie8updates
2010-09-10 01:18:50 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-09-10 01:18:50 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-09-10 01:18:50 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-09-10 01:16:53 0 dc-h--w- c:\windows\ie8
2010-09-10 00:43:36 98816 ----a-w- c:\windows\sed.exe
2010-09-10 00:43:36 77312 ----a-w- c:\windows\MBR.exe
2010-09-10 00:43:36 256512 ----a-w- c:\windows\PEV.exe
2010-09-10 00:43:36 161792 ----a-w- c:\windows\SWREG.exe
2010-08-27 21:00:04 0 d-----w- c:\docume~1\alluse~1\applic~1\Blizzard Entertainment
2010-08-27 18:22:53 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-26 20:47:32 188416 ----a-w- c:\windows\Akycub.exe
2010-08-26 10:09:17 188416 ----a-w- c:\windows\Akycua.exe

==================== Find3M ====================

2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\msxml3.dll

============= FINISH: 23:20:26.26 ===============

Blade81
2010-09-13, 21:43
Hi,

Post contents of c:\ComboFix.txt file, please.

Tassleh0ff
2010-09-16, 09:08
Thanks for the reply, blade. Here's the log from combofix.

ComboFix 10-09-09.03 - Tom 09/09/2010 17:47:13.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.687 [GMT -7:00]
Running from: c:\documents and settings\Tom\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Tom\Application Data\wiaserva.log
c:\documents and settings\Tom\Local Settings\Application Data\{E20DF3AC-47C5-45F4-BC8E-C2D65D42DF96}
c:\documents and settings\Tom\Local Settings\Application Data\{E20DF3AC-47C5-45F4-BC8E-C2D65D42DF96}\chrome.manifest
c:\documents and settings\Tom\Local Settings\Application Data\{E20DF3AC-47C5-45F4-BC8E-C2D65D42DF96}\chrome\content\_cfg.js
c:\documents and settings\Tom\Local Settings\Application Data\{E20DF3AC-47C5-45F4-BC8E-C2D65D42DF96}\chrome\content\overlay.xul
c:\documents and settings\Tom\Local Settings\Application Data\{E20DF3AC-47C5-45F4-BC8E-C2D65D42DF96}\install.rdf
c:\documents and settings\Tom\Local Settings\Application Data\skohdtrfh
c:\documents and settings\Tom\Local Settings\Application Data\skohdtrfh\plvaawquqiw.exe
c:\program files\WinPCap
c:\program files\WinPCap\rpcapd.exe
c:\windows\run.log
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\UACyxhixntfonldroblp.db
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
c:\windows\wednt950.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_npf


((((((((((((((((((((((((( Files Created from 2010-08-10 to 2010-09-10 )))))))))))))))))))))))))))))))
.

2010-08-27 21:00 . 2010-09-09 20:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment
2010-08-27 18:22 . 2010-07-17 12:00 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-26 20:47 . 2010-08-26 10:12 188416 ----a-w- c:\windows\Akycub.exe
2010-08-26 10:27 . 2010-08-26 10:27 -------- d-----w- c:\documents and settings\Tom\Application Data\Skype
2010-08-26 10:09 . 2010-08-26 10:09 188416 ----a-w- c:\windows\Akycua.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-10 00:56 . 2009-07-18 04:00 117760 ----a-w- c:\documents and settings\Tom\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-09-09 23:44 . 2007-05-21 08:02 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-09-09 20:08 . 2007-05-24 08:23 -------- d-----w- c:\program files\LimeWire
2010-09-09 11:35 . 2007-05-20 14:45 -------- d-----w- c:\program files\Warcraft III
2010-09-02 20:22 . 2009-07-30 01:28 -------- d-----w- c:\program files\Microsoft Silverlight
2010-08-31 19:44 . 2010-07-28 12:11 452104 ----a-w- c:\documents and settings\Tom\Application Data\Real\Update\setup3.12\setup.exe
2010-08-29 04:05 . 2010-08-29 04:05 47364 ----a-w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment\Battle.net\Cache\Download\Scan.dll
2010-08-29 04:04 . 2007-05-16 19:05 -------- d-----w- c:\documents and settings\Tom\Application Data\ATI
2010-08-28 18:36 . 2007-05-08 19:27 -------- d-----w- c:\program files\ATI Technologies
2010-08-27 18:23 . 2010-08-27 18:23 503808 ----a-w- c:\documents and settings\Tom\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1e26b5c8-n\msvcp71.dll
2010-08-27 18:23 . 2010-08-27 18:23 499712 ----a-w- c:\documents and settings\Tom\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1e26b5c8-n\jmc.dll
2010-08-27 18:23 . 2010-08-27 18:23 348160 ----a-w- c:\documents and settings\Tom\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1e26b5c8-n\msvcr71.dll
2010-08-27 18:23 . 2010-08-27 18:23 61440 ----a-w- c:\documents and settings\Tom\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-6b39f017-n\decora-sse.dll
2010-08-27 18:23 . 2010-08-27 18:23 12800 ----a-w- c:\documents and settings\Tom\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-6b39f017-n\decora-d3d.dll
2010-08-27 18:22 . 2007-05-21 05:08 -------- d-----w- c:\program files\Java
2010-08-27 18:01 . 2005-12-02 01:52 -------- d-----w- c:\program files\Messenger Plus! Live
2010-08-26 10:27 . 2010-08-26 10:27 181248 ----a-w- c:\documents and settings\Tom\Application Data\Skype\Phone\Skype.exe
2010-08-24 21:07 . 2007-07-15 19:06 -------- d-----w- c:\program files\uTorrent
2010-08-23 22:30 . 2007-07-15 19:06 -------- d-----w- c:\documents and settings\Tom\Application Data\uTorrent
2010-08-16 01:58 . 2007-12-10 06:42 -------- d-----w- c:\program files\Diablo II
2010-08-12 10:02 . 2010-01-09 04:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-06-30 20:39 . 2010-03-04 07:19 439816 ----a-w- c:\documents and settings\Tom\Application Data\Real\Update\setup3.10\setup.exe
2010-06-30 12:31 . 2004-08-10 12:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:10 . 2004-08-10 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-06-24 12:10 . 2004-08-10 12:00 667136 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2004-08-10 12:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2004-08-10 12:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2004-08-10 12:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2006-07-17 21:39 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2004-08-10 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-04-03 165784]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\lauren.exe" [2009-06-23 1830128]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-04-29 3338240]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-27 3883856]
"Skype"="c:\documents and settings\Tom\Application Data\Skype\Phone\Skype.exe" [2010-08-26 181248]
"Aim6"="c:\program files\AIM6\aim6.exe" [2009-05-19 49968]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-08 61952]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-10-10 729088]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-03 737369]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]
"EOUApp"="c:\program files\Intel\Wireless\Bin\EOUWiz.exe" [2005-11-28 569413]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 32768]
"razer"="c:\program files\Razer\razerhid.exe" [2005-05-18 147456]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd.exe" [2003-08-05 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-23 80896]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-23 16804864]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-01-21 185872]
"DeathAdder"="c:\program files\Razer\DeathAdder\razerhid.exe" [2007-09-07 159744]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-23 141608]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 45056]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 19:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-21 06:34 24576 ----a-w- c:\program files\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wbsys.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LapNetWizard.exe]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\LapNetWizard.exe
backup=c:\windows\pss\LapNetWizard.exeCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
2009-05-19 05:23 49968 ----a-w- c:\program files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-27 00:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [6/23/2009 11:01 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [6/23/2009 11:01 AM 72944]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [10/7/2007 11:58 AM 24652]
R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [5/19/2008 11:50 AM 370872]
R3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [3/26/2009 12:12 PM 22784]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [6/23/2009 11:01 AM 7408]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\Tom\LOCALS~1\Temp\SOIC4.tmp --> c:\docume~1\Tom\LOCALS~1\Temp\SOIC4.tmp [?]
S3 Razerlow;Razerlow USB Filter Driver;c:\windows\system32\drivers\Razerlow.sys [5/17/2007 8:38 PM 13225]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [6/24/2007 12:43 AM 691696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-09-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 19:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.tribalwars.net/
uInternet Connection Wizard,ShellNext = hxxp://www.inselkampf.com/
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:6092
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: ucsd.edu\vpn
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://vpn-2.ucsd.edu/CACHE/stc/1/binaries/vpnweb.cab
FF - ProfilePath - c:\documents and settings\Tom\Application Data\Mozilla\Firefox\Profiles\qi3diwq6.default\
FF - prefs.js: browser.search.selectedEngine - Fast Browser Search
FF - plugin: c:\documents and settings\Tom\Application Data\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Opera\program\plugins\npqtplugin8.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
HKCU-Run-IMC - c:\program files\FriendFinder\FriendFinder Messenger 4\imc.exe
HKCU-Run-vxmjsxol - c:\documents and settings\Tom\Local Settings\Application Data\skohdtrfh\plvaawquqiw.exe
HKLM-Run-LogitechVideoRepair - c:\program files\Logitech\Video\ISStart.exe
HKLM-Run-vxmjsxol - c:\documents and settings\Tom\Local Settings\Application Data\skohdtrfh\plvaawquqiw.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-09 17:54
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\Tom\LOCALS~1\Temp\SOIC4.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1310308745-4082162295-544860595-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
@SACL=

[HKEY_USERS\S-1-5-21-1310308745-4082162295-544860595-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:09,b1,f3,99,00,06,d7,2e,8f,88,44,da,64,74,bd,b4,ce,8e,f1,4f,60,74,68,
40,24,3b,09,be,a2,68,ed,e6,06,a4,e2,ae,5c,33,fc,86,05,ab,da,53,f2,9a,0d,dd,\
"??"=hex:98,92,76,c1,aa,88,4f,41,49,86,ff,73,28,c6,e6,0d

[HKEY_USERS\S-1-5-21-1310308745-4082162295-544860595-1005\Software\SecuROM\License information*]
"datasecu"=hex:cc,28,be,5a,cb,73,99,ec,af,63,c6,9e,75,03,17,58,a8,20,67,8a,a4,
cb,b2,1b,92,f6,a0,49,e3,ae,d2,16,2f,b0,23,93,84,cb,b1,6e,7f,14,1a,72,4d,66,\
"rkeysecu"=hex:46,d5,a2,b8,30,0b,62,99,6e,ef,1a,83,bf,16,a0,42

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(916)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
c:\program files\AlienGUIse\fastload.dll
c:\windows\system32\COMRes.dll

- - - - - - - > 'explorer.exe'(1512)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\eHome\ehmsas.exe
c:\windows\RTHDCPL.EXE
c:\program files\Razer\razerofa.exe
c:\program files\Razer\DeathAdder\razertra.exe
c:\program files\Razer\DeathAdder\razerofa.exe
c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Windows Live\Contacts\wlcomm.exe
.
**************************************************************************
.
Completion time: 2010-09-09 18:05:38 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-10 01:05

Pre-Run: 27,722,354,688 bytes free
Post-Run: 27,647,893,504 bytes free

- - End Of File - - 46C2D3BA8DDC53DB8D60038324637AF7

Blade81
2010-09-16, 13:18
Please run ComboFix again letting it update itself + install recovery console. Post back ComboFix log + fresh dds.txt log.

Tassleh0ff
2010-09-16, 23:34
Here's the new combofix log after updating/backup went through.

ComboFix 10-09-16.03 - Tom 09/16/2010 12:50:16.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.704 [GMT -7:00]
Running from: c:\documents and settings\Tom\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2010-08-16 to 2010-09-16 )))))))))))))))))))))))))))))))
.

2010-09-16 06:12 . 2010-09-16 06:12 -------- d-----w- c:\documents and settings\Tom\Application Data\Foxit Software
2010-09-16 06:11 . 2010-09-16 06:12 -------- d-----w- c:\program files\Ask.com
2010-09-16 06:11 . 2010-09-16 06:11 -------- d-----w- c:\program files\Foxit Software
2010-09-16 01:48 . 2010-09-16 01:48 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2010-09-14 20:22 . 2010-09-14 20:22 -------- d-----w- c:\documents and settings\Tom\Application Data\LolClient
2010-09-14 20:10 . 2010-09-14 20:10 -------- d-----w- C:\Riot Games
2010-09-14 18:24 . 2010-09-16 19:55 -------- d-----w- c:\documents and settings\Tom\Local Settings\Application Data\PMB Files
2010-09-14 18:24 . 2010-09-14 18:24 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files
2010-09-14 18:23 . 2010-09-14 18:23 -------- d-----w- c:\program files\Pando Networks
2010-09-11 16:49 . 2010-09-11 16:49 -------- d-----w- c:\program files\iPod
2010-09-11 16:49 . 2010-09-11 16:50 -------- d-----w- c:\program files\iTunes
2010-09-11 16:49 . 2010-09-11 16:50 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-09-11 16:44 . 2010-09-11 16:45 -------- d-----w- c:\program files\QuickTime
2010-09-11 16:40 . 2010-09-11 16:40 -------- d-----w- c:\program files\Bonjour
2010-09-11 16:34 . 2010-09-11 16:34 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 10.0.0.68\SetupAdmin.exe
2010-09-10 08:25 . 2010-09-10 08:25 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-09-10 06:19 . 2010-09-10 06:19 388096 ----a-r- c:\documents and settings\Tom\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-09-10 06:17 . 2010-09-10 06:17 -------- d-----w- c:\program files\ERUNT
2010-09-10 01:49 . 2010-09-16 16:28 52224 ----a-w- c:\documents and settings\Tom\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-09-10 01:35 . 2010-09-10 01:35 -------- d-----w- c:\documents and settings\All Users\Application Data\TEMP
2010-09-10 01:35 . 2010-09-10 01:36 -------- d-----w- c:\program files\SpywareBlaster
2010-09-10 01:31 . 2010-09-10 01:31 -------- d-sh--w- c:\documents and settings\Tom\PrivacIE
2010-09-10 01:24 . 2010-09-10 01:24 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-09-10 01:24 . 2010-09-10 01:24 -------- d-sh--w- c:\documents and settings\Tom\IETldCache
2010-09-10 01:20 . 2010-06-18 11:39 16896 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-09-10 01:20 . 2010-09-11 16:12 -------- d-----w- c:\windows\ie8updates
2010-09-10 01:18 . 2010-06-24 12:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-09-10 01:18 . 2010-06-24 12:21 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-09-10 01:18 . 2010-06-24 12:21 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-09-10 01:16 . 2010-09-10 01:18 -------- dc-h--w- c:\windows\ie8
2010-08-29 04:05 . 2010-08-29 04:05 47364 ----a-w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment\Battle.net\Cache\Download\Scan.dll
2010-08-27 21:00 . 2010-09-09 20:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment
2010-08-27 18:23 . 2010-08-27 18:23 503808 ----a-w- c:\documents and settings\Tom\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1e26b5c8-n\msvcp71.dll
2010-08-27 18:23 . 2010-08-27 18:23 499712 ----a-w- c:\documents and settings\Tom\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1e26b5c8-n\jmc.dll
2010-08-27 18:23 . 2010-08-27 18:23 348160 ----a-w- c:\documents and settings\Tom\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1e26b5c8-n\msvcr71.dll
2010-08-27 18:23 . 2010-08-27 18:23 61440 ----a-w- c:\documents and settings\Tom\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-6b39f017-n\decora-sse.dll
2010-08-27 18:23 . 2010-08-27 18:23 12800 ----a-w- c:\documents and settings\Tom\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-6b39f017-n\decora-d3d.dll
2010-08-27 18:22 . 2010-07-17 12:00 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-26 20:47 . 2010-08-26 10:12 188416 ----a-w- c:\windows\Akycub.exe
2010-08-26 10:27 . 2010-08-26 10:27 181248 ----a-w- c:\documents and settings\Tom\Application Data\Skype\Phone\Skype.exe
2010-08-26 10:27 . 2010-08-26 10:27 -------- d-----w- c:\documents and settings\Tom\Application Data\Skype
2010-08-26 10:09 . 2010-08-26 10:09 188416 ----a-w- c:\windows\Akycua.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-16 16:28 . 2009-07-18 04:00 117760 ----a-w- c:\documents and settings\Tom\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-09-16 03:40 . 2010-07-28 12:11 452104 ----a-w- c:\documents and settings\Tom\Application Data\Real\Update\setup3.12\setup.exe
2010-09-16 01:48 . 2010-01-09 04:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-09-14 20:10 . 2006-07-17 21:50 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-14 07:43 . 2007-05-20 14:45 -------- d-----w- c:\program files\Warcraft III
2010-09-10 01:29 . 2007-05-25 04:40 -------- d-----w- c:\program files\Common Files\AOL
2010-09-10 01:28 . 2007-05-25 04:40 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
2010-09-09 23:44 . 2007-05-21 08:02 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-09-09 20:08 . 2007-05-24 08:23 -------- d-----w- c:\program files\LimeWire
2010-09-02 20:22 . 2009-07-30 01:28 -------- d-----w- c:\program files\Microsoft Silverlight
2010-08-29 04:04 . 2007-05-16 19:05 -------- d-----w- c:\documents and settings\Tom\Application Data\ATI
2010-08-28 18:36 . 2007-05-08 19:27 -------- d-----w- c:\program files\ATI Technologies
2010-08-27 18:22 . 2007-05-21 05:08 -------- d-----w- c:\program files\Java
2010-08-27 18:01 . 2005-12-02 01:52 -------- d-----w- c:\program files\Messenger Plus! Live
2010-08-24 21:07 . 2007-07-15 19:06 -------- d-----w- c:\program files\uTorrent
2010-08-23 22:30 . 2007-07-15 19:06 -------- d-----w- c:\documents and settings\Tom\Application Data\uTorrent
2010-08-17 13:17 . 2004-08-10 12:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 01:58 . 2007-12-10 06:42 -------- d-----w- c:\program files\Diablo II
2010-07-28 01:44 . 2010-07-28 01:44 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-07-28 01:44 . 2010-07-28 01:44 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-07-28 01:44 . 2010-07-28 01:44 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-07-22 15:49 . 2004-08-10 12:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57 . 2009-04-17 03:24 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-06-30 20:39 . 2010-03-04 07:19 439816 ----a-w- c:\documents and settings\Tom\Application Data\Real\Update\setup3.10\setup.exe
2010-06-30 12:31 . 2004-08-10 12:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22 . 2004-08-10 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2004-08-10 12:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2004-08-10 12:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-05-26 22:23 1385864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-04-03 165784]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\lauren.exe" [2009-06-23 1830128]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-04-29 3338240]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-27 3883856]
"Skype"="c:\documents and settings\Tom\Application Data\Skype\Phone\Skype.exe" [2010-08-26 181248]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-09-14 2969496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-08 61952]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-10-10 729088]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-03 737369]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]
"EOUApp"="c:\program files\Intel\Wireless\Bin\EOUWiz.exe" [2005-11-28 569413]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 32768]
"razer"="c:\program files\Razer\razerhid.exe" [2005-05-18 147456]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd.exe" [2003-08-05 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-23 80896]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-23 16804864]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-01-21 185872]
"DeathAdder"="c:\program files\Razer\DeathAdder\razerhid.exe" [2007-09-07 159744]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 45056]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]

c:\documents and settings\Tom\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 19:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-21 06:34 24576 ----a-w- c:\program files\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wbsys.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LapNetWizard.exe]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\LapNetWizard.exe
backup=c:\windows\pss\LapNetWizard.exeCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-27 00:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Riot Games\\League of Legends\\air\\LolClient.exe"=
"c:\\Riot Games\\League of Legends\\game\\League of Legends.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58369:TCP"= 58369:TCP:Pando Media Booster
"58369:UDP"= 58369:UDP:Pando Media Booster
"8380:TCP"= 8380:TCP:League of Legends Launcher
"8380:UDP"= 8380:UDP:League of Legends Launcher
"6944:TCP"= 6944:TCP:League of Legends Launcher
"6944:UDP"= 6944:UDP:League of Legends Launcher
"6897:TCP"= 6897:TCP:League of Legends Launcher
"6897:UDP"= 6897:UDP:League of Legends Launcher
"6970:TCP"= 6970:TCP:League of Legends Launcher
"6970:UDP"= 6970:UDP:League of Legends Launcher
"6900:TCP"= 6900:TCP:League of Legends Launcher
"6900:UDP"= 6900:UDP:League of Legends Launcher
"6991:TCP"= 6991:TCP:League of Legends Launcher
"6991:UDP"= 6991:UDP:League of Legends Launcher
"6923:TCP"= 6923:TCP:League of Legends Launcher
"6923:UDP"= 6923:UDP:League of Legends Launcher
"6910:TCP"= 6910:TCP:League of Legends Launcher
"6910:UDP"= 6910:UDP:League of Legends Launcher
"6955:TCP"= 6955:TCP:League of Legends Launcher
"6955:UDP"= 6955:UDP:League of Legends Launcher
"6929:TCP"= 6929:TCP:League of Legends Launcher
"6929:UDP"= 6929:UDP:League of Legends Launcher

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [6/23/2009 11:01 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [6/23/2009 11:01 AM 72944]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [10/7/2007 11:58 AM 24652]
R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [5/19/2008 11:50 AM 370872]
R3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [3/26/2009 12:12 PM 22784]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [6/23/2009 11:01 AM 7408]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\Tom\LOCALS~1\Temp\SOIC4.tmp --> c:\docume~1\Tom\LOCALS~1\Temp\SOIC4.tmp [?]
S3 Razerlow;Razerlow USB Filter Driver;c:\windows\system32\drivers\Razerlow.sys [5/17/2007 8:38 PM 13225]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [6/24/2007 12:43 AM 691696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-09-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 19:34]

2010-09-16 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-05-26 22:23]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://www.inselkampf.com/
uInternet Settings,ProxyOverride = <local>;*.local
uInternet Settings,ProxyServer = http=127.0.0.1:6092
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: ucsd.edu\vpn
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://vpn-2.ucsd.edu/CACHE/stc/1/binaries/vpnweb.cab
FF - ProfilePath - c:\documents and settings\Tom\Application Data\Mozilla\Firefox\Profiles\qi3diwq6.default\
FF - prefs.js: browser.search.selectedEngine - Fast Browser Search
FF - plugin: c:\documents and settings\Tom\Application Data\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\Opera\program\plugins\npqtplugin8.dll
FF - plugin: c:\program files\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-Aim6 - c:\program files\AIM6\aim6.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-16 12:55
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\Tom\LOCALS~1\Temp\SOIC4.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1310308745-4082162295-544860595-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
@SACL=

[HKEY_USERS\S-1-5-21-1310308745-4082162295-544860595-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:09,b1,f3,99,00,06,d7,2e,8f,88,44,da,64,74,bd,b4,ce,8e,f1,4f,60,74,68,
40,24,3b,09,be,a2,68,ed,e6,06,a4,e2,ae,5c,33,fc,86,05,ab,da,53,f2,9a,0d,dd,\
"??"=hex:98,92,76,c1,aa,88,4f,41,49,86,ff,73,28,c6,e6,0d

[HKEY_USERS\S-1-5-21-1310308745-4082162295-544860595-1005\Software\SecuROM\License information*]
"datasecu"=hex:cc,28,be,5a,cb,73,99,ec,af,63,c6,9e,75,03,17,58,a8,20,67,8a,a4,
cb,b2,1b,92,f6,a0,49,e3,ae,d2,16,2f,b0,23,93,84,cb,b1,6e,7f,14,1a,72,4d,66,\
"rkeysecu"=hex:46,d5,a2,b8,30,0b,62,99,6e,ef,1a,83,bf,16,a0,42

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(908)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\program files\AlienGUIse\fastload.dll

- - - - - - - > 'explorer.exe'(1760)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-09-16 12:59:45
ComboFix-quarantined-files.txt 2010-09-16 19:59
ComboFix2.txt 2010-09-10 01:05

Pre-Run: 23,866,724,352 bytes free
Post-Run: 23,878,479,872 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

- - End Of File - - 82AA14C09F4D8171F64BDC766FA774A6

Tassleh0ff
2010-09-16, 23:35
Here's the fresh DDS.txt log

DDS (Ver_10-03-17.01) - NTFSx86
Run by Tom at 13:17:32.14 on Thu 09/16/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.597 [GMT -7:00]


============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Razer\razerhid.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Razer\DeathAdder\razerhid.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Razer\razerofa.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Razer\DeathAdder\razertra.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\SUPERAntiSpyware\lauren.exe
C:\Program Files\Razer\DeathAdder\razerofa.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Tom\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://www.inselkampf.com/
uInternet Settings,ProxyOverride = <local>;*.local
uInternet Settings,ProxyServer = http=127.0.0.1:6092
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {348FE907-249E-4C65-A838-F34A193FE1D1} - No File
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Foxit Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Foxit Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
uRun: [DAEMON Tools] "c:\program files\daemon tools\daemon.exe" -lang 1033
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\lauren.exe
uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Skype] "c:\documents and settings\tom\application data\skype\phone\Skype.exe" /nosplash /minimized
uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe
mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [EOUApp] "c:\program files\intel\wireless\bin\EOUWiz.exe"
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [razer] c:\program files\razer\razerhid.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd.exe"
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [DeathAdder] c:\program files\razer\deathadder\razerhid.exe
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\tom\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: ucsd.edu\vpn
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} - hxxps://www.e-games.com.my/com/EGamesPlugin.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://vpn-2.ucsd.edu/CACHE/stc/1/binaries/vpnweb.cab
DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.2.1.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: WB - c:\program files\alienguise\fastload.dll
AppInit_DLLs: c:\windows\system32\wbsys.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\tom\applic~1\mozilla\firefox\profiles\qi3diwq6.default\
FF - prefs.js: browser.search.selectedEngine - Fast Browser Search
FF - plugin: c:\documents and settings\tom\application data\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\opera\program\plugins\npqtplugin8.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-6-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-6-23 72944]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-10-7 24652]
R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\cisco\cisco anyconnect vpn client\vpnagent.exe [2008-5-19 370872]
R3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [2009-3-26 22784]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-6-23 7408]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\tom\locals~1\temp\soic4.tmp --> c:\docume~1\tom\locals~1\temp\SOIC4.tmp [?]
S3 Razerlow;Razerlow USB Filter Driver;c:\windows\system32\drivers\Razerlow.sys [2007-5-17 13225]

=============== Created Last 30 ================

2010-09-16 19:33:19 0 d-sha-r- C:\cmdcons
2010-09-16 06:12:24 0 d-----w- c:\docume~1\tom\applic~1\Foxit Software
2010-09-16 06:11:58 0 d-----w- c:\program files\Ask.com
2010-09-16 06:11:20 0 d-----w- c:\program files\Foxit Software
2010-09-14 20:22:22 0 d-----w- c:\docume~1\tom\applic~1\LolClient
2010-09-14 20:10:09 0 d-----w- C:\Riot Games
2010-09-14 18:24:21 0 d-----w- c:\docume~1\alluse~1\applic~1\PMB Files
2010-09-14 18:23:23 0 d-----w- c:\program files\Pando Networks
2010-09-11 16:49:26 0 d-----w- c:\program files\iPod
2010-09-11 16:49:21 0 d-----w- c:\program files\iTunes
2010-09-11 16:49:21 0 d-----w- c:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-09-11 16:40:44 0 d-----w- c:\program files\Bonjour
2010-09-10 01:35:30 0 d-----w- c:\program files\SpywareBlaster
2010-09-10 01:31:24 0 d-sh--w- c:\documents and settings\tom\PrivacIE
2010-09-10 01:24:15 0 d-sh--w- c:\documents and settings\tom\IETldCache
2010-09-10 01:20:49 16896 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-09-10 01:20:26 0 d-----w- c:\windows\ie8updates
2010-09-10 01:18:50 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-09-10 01:18:50 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-09-10 01:18:50 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-09-10 01:16:53 0 dc-h--w- c:\windows\ie8
2010-09-10 00:43:36 98816 ----a-w- c:\windows\sed.exe
2010-09-10 00:43:36 77312 ----a-w- c:\windows\MBR.exe
2010-09-10 00:43:36 256512 ----a-w- c:\windows\PEV.exe
2010-09-10 00:43:36 161792 ----a-w- c:\windows\SWREG.exe
2010-08-27 21:00:04 0 d-----w- c:\docume~1\alluse~1\applic~1\Blizzard Entertainment
2010-08-27 18:22:53 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-26 20:47:32 188416 ----a-w- c:\windows\Akycub.exe
2010-08-26 10:09:17 188416 ----a-w- c:\windows\Akycua.exe

==================== Find3M ====================

2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-07-28 01:44:10 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-07-28 01:44:10 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-07-28 01:44:10 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-07-22 15:49:15 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57:20 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys

============= FINISH: 13:18:08.98 ===============

Blade81
2010-09-17, 10:31
Hi again,

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

µTorrent
Limewire


I'd like you to read this thread (http://forums.spybot.info/showthread.php?t=282).

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

Uninstall Foxit Toolbar if not installed on purpose.

Open notepad and copy/paste the text in the quotebox below into it:



http://forums.spybot.info/showthread.php?p=383595#post383595
Collect::
c:\windows\Akycub.exe
c:\windows\Akycua.exe
Folder::
c:\program files\LimeWire
c:\program files\uTorrent
c:\documents and settings\Tom\Application Data\uTorrent
DDS::
uInternet Settings,ProxyOverride = <local>;*.local
uInternet Settings,ProxyServer = http=127.0.0.1:6092
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: {348FE907-249E-4C65-A838-F34A193FE1D1} - No File
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
Firefox::
FF - ProfilePath - c:\docume~1\tom\applic~1\mozilla\firefox\profiles\qi3diwq6.default\
FF - prefs.js: browser.search.selectedEngine - Fast Browser Search
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\uTorrent\\uTorrent.exe"=-
Reglock::
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]



Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.


Uninstall old Adobe Reader versions and get the latest one with updates (9.3 and updates 9.3.2 & 9.3.3 & 9.3.4) here (http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows) or get Foxit Reader here (http://www.foxitsoftware.com/pdf/reader_2/down_reader.htm). Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here (http://pdfreaders.org/).

Uninstall your current Adobe shockwave player and get the fresh one here (http://get.adobe.com/shockwave/) if needed.

Uninstall these old Javas:
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1


Download ATF (Atribune Temp File) Cleanerİ by Atribune (http://www.atribune.org/ccount/click.php?id=1) to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.


Please run an online scan with Kaspersky Online Scanner (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) as instructed in the screenshot here (http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif).


Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.

Tassleh0ff
2010-09-18, 10:41
I removed Limewire a few months ago, but I guess there was still trace marks left. I didn't realize that Utorrent was as dangerous as the old P2P software like Limewire and Kazaa. I guess it really is as dangerous, huh?

Anyway, here's the combofix report.

ComboFix 10-09-16.04 - Tom 09/17/2010 1:50.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.685 [GMT -7:00]
Running from: c:\documents and settings\Tom\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Tom\Desktop\CFscript.txt

file zipped: c:\windows\Akycua.exe
file zipped: c:\windows\Akycub.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Tom\Application Data\uTorrent
c:\documents and settings\Tom\Application Data\uTorrent\(Classic).Love.Bites.(Traci.Lords-Ali.Moore-Amber.Lynn-Buffy.Davis-Heather.Wayne).mpg.torrent
c:\documents and settings\Tom\Application Data\uTorrent\Asian Pictures.torrent
c:\documents and settings\Tom\Application Data\uTorrent\dht.dat
c:\documents and settings\Tom\Application Data\uTorrent\dht.dat.old
c:\documents and settings\Tom\Application Data\uTorrent\Diablo II + Diablo II LoD(EXP).torrent
c:\documents and settings\Tom\Application Data\uTorrent\Diablo_2_Lord_Of_Destruction-Razor1911.torrent
c:\documents and settings\Tom\Application Data\uTorrent\Hajime no Ippo (Complete).torrent
c:\documents and settings\Tom\Application Data\uTorrent\Hot Teens.torrent
c:\documents and settings\Tom\Application Data\uTorrent\O2Jam Songs.torrent
c:\documents and settings\Tom\Application Data\uTorrent\Pokemon Season 1.torrent
c:\documents and settings\Tom\Application Data\uTorrent\PYE-Pussies-1800-Pix-PornBay.zip.torrent
c:\documents and settings\Tom\Application Data\uTorrent\resume.dat
c:\documents and settings\Tom\Application Data\uTorrent\resume.dat.old
c:\documents and settings\Tom\Application Data\uTorrent\rss.dat
c:\documents and settings\Tom\Application Data\uTorrent\rss.dat.old
c:\documents and settings\Tom\Application Data\uTorrent\settings.dat
c:\documents and settings\Tom\Application Data\uTorrent\settings.dat.old
c:\documents and settings\Tom\Application Data\uTorrent\Swedish nude pictures - pornbay.org.torrent
c:\documents and settings\Tom\Application Data\uTorrent\ToTD.torrent
c:\documents and settings\Tom\Application Data\uTorrent\utorrent.lng
c:\documents and settings\Tom\Application Data\uTorrent\WarmKiss - Amateur Creampie - Edith.wmv.torrent
c:\documents and settings\Tom\Application Data\uTorrent\WarmKiss - Ariana mounts and drains Kyle.torrent
c:\documents and settings\Tom\Application Data\uTorrent\Young Amateur Teen Pics 4.torrent
c:\program files\LimeWire
c:\program files\LimeWire\hs_err_pid1000.log
c:\program files\LimeWire\hs_err_pid1012.log
c:\program files\LimeWire\hs_err_pid1072.log
c:\program files\LimeWire\hs_err_pid1180.log
c:\program files\LimeWire\hs_err_pid1248.log
c:\program files\LimeWire\hs_err_pid1276.log
c:\program files\LimeWire\hs_err_pid1380.log
c:\program files\LimeWire\hs_err_pid1392.log
c:\program files\LimeWire\hs_err_pid1700.log
c:\program files\LimeWire\hs_err_pid1704.log
c:\program files\LimeWire\hs_err_pid1724.log
c:\program files\LimeWire\hs_err_pid1760.log
c:\program files\LimeWire\hs_err_pid1808.log
c:\program files\LimeWire\hs_err_pid1964.log
c:\program files\LimeWire\hs_err_pid1996.log
c:\program files\LimeWire\hs_err_pid2004.log
c:\program files\LimeWire\hs_err_pid2024.log
c:\program files\LimeWire\hs_err_pid2052.log
c:\program files\LimeWire\hs_err_pid2116.log
c:\program files\LimeWire\hs_err_pid2120.log
c:\program files\LimeWire\hs_err_pid2172.log
c:\program files\LimeWire\hs_err_pid220.log
c:\program files\LimeWire\hs_err_pid2232.log
c:\program files\LimeWire\hs_err_pid2332.log
c:\program files\LimeWire\hs_err_pid2464.log
c:\program files\LimeWire\hs_err_pid2520.log
c:\program files\LimeWire\hs_err_pid2528.log
c:\program files\LimeWire\hs_err_pid2572.log
c:\program files\LimeWire\hs_err_pid2600.log
c:\program files\LimeWire\hs_err_pid2628.log
c:\program files\LimeWire\hs_err_pid2652.log
c:\program files\LimeWire\hs_err_pid2676.log
c:\program files\LimeWire\hs_err_pid2728.log
c:\program files\LimeWire\hs_err_pid2760.log
c:\program files\LimeWire\hs_err_pid2780.log
c:\program files\LimeWire\hs_err_pid2788.log
c:\program files\LimeWire\hs_err_pid2800.log
c:\program files\LimeWire\hs_err_pid2804.log
c:\program files\LimeWire\hs_err_pid2888.log
c:\program files\LimeWire\hs_err_pid2952.log
c:\program files\LimeWire\hs_err_pid2996.log
c:\program files\LimeWire\hs_err_pid3008.log
c:\program files\LimeWire\hs_err_pid3048.log
c:\program files\LimeWire\hs_err_pid3056.log
c:\program files\LimeWire\hs_err_pid3064.log
c:\program files\LimeWire\hs_err_pid3080.log
c:\program files\LimeWire\hs_err_pid3184.log
c:\program files\LimeWire\hs_err_pid320.log
c:\program files\LimeWire\hs_err_pid3220.log
c:\program files\LimeWire\hs_err_pid3244.log
c:\program files\LimeWire\hs_err_pid3268.log
c:\program files\LimeWire\hs_err_pid3312.log
c:\program files\LimeWire\hs_err_pid3320.log
c:\program files\LimeWire\hs_err_pid3376.log
c:\program files\LimeWire\hs_err_pid3392.log
c:\program files\LimeWire\hs_err_pid3412.log
c:\program files\LimeWire\hs_err_pid3476.log
c:\program files\LimeWire\hs_err_pid3520.log
c:\program files\LimeWire\hs_err_pid3532.log
c:\program files\LimeWire\hs_err_pid3652.log
c:\program files\LimeWire\hs_err_pid3676.log
c:\program files\LimeWire\hs_err_pid3688.log
c:\program files\LimeWire\hs_err_pid3692.log
c:\program files\LimeWire\hs_err_pid3728.log
c:\program files\LimeWire\hs_err_pid3804.log
c:\program files\LimeWire\hs_err_pid3812.log
c:\program files\LimeWire\hs_err_pid3868.log
c:\program files\LimeWire\hs_err_pid3880.log
c:\program files\LimeWire\hs_err_pid3884.log
c:\program files\LimeWire\hs_err_pid3936.log
c:\program files\LimeWire\hs_err_pid3940.log
c:\program files\LimeWire\hs_err_pid3972.log
c:\program files\LimeWire\hs_err_pid4292.log
c:\program files\LimeWire\hs_err_pid4640.log
c:\program files\LimeWire\hs_err_pid496.log
c:\program files\LimeWire\hs_err_pid516.log
c:\program files\LimeWire\hs_err_pid5160.log
c:\program files\LimeWire\hs_err_pid5888.log
c:\program files\LimeWire\hs_err_pid5976.log
c:\program files\LimeWire\hs_err_pid632.log
c:\program files\LimeWire\hs_err_pid6420.log
c:\program files\LimeWire\hs_err_pid736.log
c:\program files\LimeWire\hs_err_pid796.log
c:\program files\LimeWire\hs_err_pid872.log
c:\program files\uTorrent
c:\windows\Akycua.exe
c:\windows\Akycub.exe

.
((((((((((((((((((((((((( Files Created from 2010-08-17 to 2010-09-17 )))))))))))))))))))))))))))))))
.

2010-09-16 21:31 . 2010-09-17 08:42 -------- d-----w- c:\documents and settings\Tom\Local Settings\Application Data\AskToolbar
2010-09-16 06:12 . 2010-09-16 06:12 -------- d-----w- c:\documents and settings\Tom\Application Data\Foxit Software
2010-09-16 06:11 . 2010-09-16 06:12 -------- d-----w- c:\program files\Ask.com
2010-09-16 06:11 . 2010-09-16 06:11 -------- d-----w- c:\program files\Foxit Software
2010-09-16 01:48 . 2010-09-16 01:48 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2010-09-14 20:22 . 2010-09-14 20:22 -------- d-----w- c:\documents and settings\Tom\Application Data\LolClient
2010-09-14 20:10 . 2010-09-14 20:10 -------- d-----w- C:\Riot Games
2010-09-14 18:24 . 2010-09-17 08:58 -------- d-----w- c:\documents and settings\Tom\Local Settings\Application Data\PMB Files
2010-09-14 18:24 . 2010-09-14 18:24 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files
2010-09-14 18:23 . 2010-09-14 18:23 -------- d-----w- c:\program files\Pando Networks
2010-09-11 16:49 . 2010-09-11 16:49 -------- d-----w- c:\program files\iPod
2010-09-11 16:49 . 2010-09-11 16:50 -------- d-----w- c:\program files\iTunes
2010-09-11 16:49 . 2010-09-11 16:50 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-09-11 16:44 . 2010-09-11 16:45 -------- d-----w- c:\program files\QuickTime
2010-09-11 16:40 . 2010-09-11 16:40 -------- d-----w- c:\program files\Bonjour
2010-09-11 16:34 . 2010-09-11 16:34 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 10.0.0.68\SetupAdmin.exe
2010-09-10 08:25 . 2010-09-10 08:25 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-09-10 06:19 . 2010-09-10 06:19 388096 ----a-r- c:\documents and settings\Tom\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-09-10 06:17 . 2010-09-10 06:17 -------- d-----w- c:\program files\ERUNT
2010-09-10 01:49 . 2010-09-16 16:28 52224 ----a-w- c:\documents and settings\Tom\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-09-10 01:35 . 2010-09-10 01:35 -------- d-----w- c:\documents and settings\All Users\Application Data\TEMP
2010-09-10 01:35 . 2010-09-10 01:36 -------- d-----w- c:\program files\SpywareBlaster
2010-09-10 01:31 . 2010-09-10 01:31 -------- d-sh--w- c:\documents and settings\Tom\PrivacIE
2010-09-10 01:24 . 2010-09-10 01:24 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-09-10 01:24 . 2010-09-10 01:24 -------- d-sh--w- c:\documents and settings\Tom\IETldCache
2010-09-10 01:20 . 2010-06-18 11:39 16896 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-09-10 01:20 . 2010-09-11 16:12 -------- d-----w- c:\windows\ie8updates
2010-09-10 01:18 . 2010-06-24 12:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-09-10 01:18 . 2010-06-24 12:21 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-09-10 01:18 . 2010-06-24 12:21 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-09-10 01:16 . 2010-09-10 01:18 -------- dc-h--w- c:\windows\ie8
2010-08-29 04:05 . 2010-08-29 04:05 47364 ----a-w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment\Battle.net\Cache\Download\Scan.dll
2010-08-27 21:00 . 2010-09-09 20:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment
2010-08-27 18:23 . 2010-08-27 18:23 503808 ----a-w- c:\documents and settings\Tom\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1e26b5c8-n\msvcp71.dll
2010-08-27 18:23 . 2010-08-27 18:23 499712 ----a-w- c:\documents and settings\Tom\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1e26b5c8-n\jmc.dll
2010-08-27 18:23 . 2010-08-27 18:23 348160 ----a-w- c:\documents and settings\Tom\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1e26b5c8-n\msvcr71.dll
2010-08-27 18:23 . 2010-08-27 18:23 61440 ----a-w- c:\documents and settings\Tom\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-6b39f017-n\decora-sse.dll
2010-08-27 18:23 . 2010-08-27 18:23 12800 ----a-w- c:\documents and settings\Tom\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-6b39f017-n\decora-d3d.dll
2010-08-27 18:22 . 2010-07-17 12:00 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-26 10:27 . 2010-08-26 10:27 181248 ----a-w- c:\documents and settings\Tom\Application Data\Skype\Phone\Skype.exe
2010-08-26 10:27 . 2010-08-26 10:27 -------- d-----w- c:\documents and settings\Tom\Application Data\Skype

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-16 16:28 . 2009-07-18 04:00 117760 ----a-w- c:\documents and settings\Tom\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-09-16 03:40 . 2010-07-28 12:11 452104 ----a-w- c:\documents and settings\Tom\Application Data\Real\Update\setup3.12\setup.exe
2010-09-16 01:48 . 2010-01-09 04:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-09-14 20:10 . 2006-07-17 21:50 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-14 07:43 . 2007-05-20 14:45 -------- d-----w- c:\program files\Warcraft III
2010-09-10 01:29 . 2007-05-25 04:40 -------- d-----w- c:\program files\Common Files\AOL
2010-09-10 01:28 . 2007-05-25 04:40 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
2010-09-09 23:44 . 2007-05-21 08:02 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-09-02 20:22 . 2009-07-30 01:28 -------- d-----w- c:\program files\Microsoft Silverlight
2010-08-29 04:04 . 2007-05-16 19:05 -------- d-----w- c:\documents and settings\Tom\Application Data\ATI
2010-08-28 18:36 . 2007-05-08 19:27 -------- d-----w- c:\program files\ATI Technologies
2010-08-27 18:22 . 2007-05-21 05:08 -------- d-----w- c:\program files\Java
2010-08-27 18:01 . 2005-12-02 01:52 -------- d-----w- c:\program files\Messenger Plus! Live
2010-08-17 13:17 . 2004-08-10 12:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 01:58 . 2007-12-10 06:42 -------- d-----w- c:\program files\Diablo II
2010-07-28 01:44 . 2010-07-28 01:44 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-07-28 01:44 . 2010-07-28 01:44 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-07-28 01:44 . 2010-07-28 01:44 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-07-22 15:49 . 2004-08-10 12:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57 . 2009-04-17 03:24 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-06-30 20:39 . 2010-03-04 07:19 439816 ----a-w- c:\documents and settings\Tom\Application Data\Real\Update\setup3.10\setup.exe
2010-06-30 12:31 . 2004-08-10 12:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22 . 2004-08-10 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2004-08-10 12:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2004-08-10 12:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-05-26 22:23 1385864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-04-03 165784]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\lauren.exe" [2009-06-23 1830128]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-04-29 3338240]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-27 3883856]
"Skype"="c:\documents and settings\Tom\Application Data\Skype\Phone\Skype.exe" [2010-08-26 181248]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-09-14 2969496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-08 61952]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-10-10 729088]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-03 737369]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]
"EOUApp"="c:\program files\Intel\Wireless\Bin\EOUWiz.exe" [2005-11-28 569413]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 32768]
"razer"="c:\program files\Razer\razerhid.exe" [2005-05-18 147456]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd.exe" [2003-08-05 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-23 80896]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-23 16804864]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-01-21 185872]
"DeathAdder"="c:\program files\Razer\DeathAdder\razerhid.exe" [2007-09-07 159744]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 45056]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-08-10 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]

c:\documents and settings\Tom\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 19:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-21 06:34 24576 ----a-w- c:\program files\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wbsys.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LapNetWizard.exe]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\LapNetWizard.exe
backup=c:\windows\pss\LapNetWizard.exeCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-27 00:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Riot Games\\League of Legends\\air\\LolClient.exe"=
"c:\\Riot Games\\League of Legends\\game\\League of Legends.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58369:TCP"= 58369:TCP:Pando Media Booster
"58369:UDP"= 58369:UDP:Pando Media Booster
"8380:TCP"= 8380:TCP:League of Legends Launcher
"8380:UDP"= 8380:UDP:League of Legends Launcher
"6944:TCP"= 6944:TCP:League of Legends Launcher
"6944:UDP"= 6944:UDP:League of Legends Launcher
"6897:TCP"= 6897:TCP:League of Legends Launcher
"6897:UDP"= 6897:UDP:League of Legends Launcher
"6900:TCP"= 6900:TCP:League of Legends Launcher
"6900:UDP"= 6900:UDP:League of Legends Launcher
"6991:TCP"= 6991:TCP:League of Legends Launcher
"6991:UDP"= 6991:UDP:League of Legends Launcher
"6923:TCP"= 6923:TCP:League of Legends Launcher
"6923:UDP"= 6923:UDP:League of Legends Launcher
"6910:TCP"= 6910:TCP:League of Legends Launcher
"6910:UDP"= 6910:UDP:League of Legends Launcher
"6955:TCP"= 6955:TCP:League of Legends Launcher
"6955:UDP"= 6955:UDP:League of Legends Launcher
"6929:TCP"= 6929:TCP:League of Legends Launcher
"6929:UDP"= 6929:UDP:League of Legends Launcher

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [6/23/2009 11:01 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [6/23/2009 11:01 AM 72944]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [10/7/2007 11:58 AM 24652]
R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [5/19/2008 11:50 AM 370872]
R3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [3/26/2009 12:12 PM 22784]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [6/23/2009 11:01 AM 7408]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\Tom\LOCALS~1\Temp\SOIC4.tmp --> c:\docume~1\Tom\LOCALS~1\Temp\SOIC4.tmp [?]
S3 Razerlow;Razerlow USB Filter Driver;c:\windows\system32\drivers\Razerlow.sys [5/17/2007 8:38 PM 13225]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [6/24/2007 12:43 AM 691696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-09-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 19:34]

2010-09-17 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-05-26 22:23]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://www.inselkampf.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: ucsd.edu\vpn
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://vpn-2.ucsd.edu/CACHE/stc/1/binaries/vpnweb.cab
FF - ProfilePath - c:\documents and settings\Tom\Application Data\Mozilla\Firefox\Profiles\qi3diwq6.default\
FF - plugin: c:\documents and settings\Tom\Application Data\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\Opera\program\plugins\npqtplugin8.dll
FF - plugin: c:\program files\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\Tom\LOCALS~1\Temp\SOIC4.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1310308745-4082162295-544860595-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
@SACL=

[HKEY_USERS\S-1-5-21-1310308745-4082162295-544860595-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:09,b1,f3,99,00,06,d7,2e,8f,88,44,da,64,74,bd,b4,ce,8e,f1,4f,60,74,68,
40,24,3b,09,be,a2,68,ed,e6,06,a4,e2,ae,5c,33,fc,86,05,ab,da,53,f2,9a,0d,dd,\
"??"=hex:98,92,76,c1,aa,88,4f,41,49,86,ff,73,28,c6,e6,0d

[HKEY_USERS\S-1-5-21-1310308745-4082162295-544860595-1005\Software\SecuROM\License information*]
"datasecu"=hex:cc,28,be,5a,cb,73,99,ec,af,63,c6,9e,75,03,17,58,a8,20,67,8a,a4,
cb,b2,1b,92,f6,a0,49,e3,ae,d2,16,2f,b0,23,93,84,cb,b1,6e,7f,14,1a,72,4d,66,\
"rkeysecu"=hex:46,d5,a2,b8,30,0b,62,99,6e,ef,1a,83,bf,16,a0,42

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(908)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\program files\AlienGUIse\fastload.dll
.
Completion time: 2010-09-17 02:01:34
ComboFix-quarantined-files.txt 2010-09-17 09:01
ComboFix2.txt 2010-09-16 19:59
ComboFix3.txt 2010-09-10 01:05

Pre-Run: 23,931,416,576 bytes free
Post-Run: 23,921,139,712 bytes free

- - End Of File - - 08E4E1345F127F1F8759E13AEF4C0E28
Upload was successful

Tassleh0ff
2010-09-18, 10:42
Here's the fresh DDS log.


DDS (Ver_10-03-17.01) - NTFSx86
Run by Tom at 13:17:32.14 on Thu 09/16/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.597 [GMT -7:00]


============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Razer\razerhid.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Razer\DeathAdder\razerhid.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Razer\razerofa.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Razer\DeathAdder\razertra.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\SUPERAntiSpyware\lauren.exe
C:\Program Files\Razer\DeathAdder\razerofa.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Tom\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://www.inselkampf.com/
uInternet Settings,ProxyOverride = <local>;*.local
uInternet Settings,ProxyServer = http=127.0.0.1:6092
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {348FE907-249E-4C65-A838-F34A193FE1D1} - No File
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Foxit Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Foxit Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
uRun: [DAEMON Tools] "c:\program files\daemon tools\daemon.exe" -lang 1033
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\lauren.exe
uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Skype] "c:\documents and settings\tom\application data\skype\phone\Skype.exe" /nosplash /minimized
uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe
mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [EOUApp] "c:\program files\intel\wireless\bin\EOUWiz.exe"
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [razer] c:\program files\razer\razerhid.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd.exe"
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [DeathAdder] c:\program files\razer\deathadder\razerhid.exe
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\tom\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: ucsd.edu\vpn
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} - hxxps://www.e-games.com.my/com/EGamesPlugin.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://vpn-2.ucsd.edu/CACHE/stc/1/binaries/vpnweb.cab
DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.2.1.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: WB - c:\program files\alienguise\fastload.dll
AppInit_DLLs: c:\windows\system32\wbsys.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\tom\applic~1\mozilla\firefox\profiles\qi3diwq6.default\
FF - prefs.js: browser.search.selectedEngine - Fast Browser Search
FF - plugin: c:\documents and settings\tom\application data\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\opera\program\plugins\npqtplugin8.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-6-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-6-23 72944]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-10-7 24652]
R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\cisco\cisco anyconnect vpn client\vpnagent.exe [2008-5-19 370872]
R3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [2009-3-26 22784]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-6-23 7408]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\tom\locals~1\temp\soic4.tmp --> c:\docume~1\tom\locals~1\temp\SOIC4.tmp [?]
S3 Razerlow;Razerlow USB Filter Driver;c:\windows\system32\drivers\Razerlow.sys [2007-5-17 13225]

=============== Created Last 30 ================

2010-09-16 19:33:19 0 d-sha-r- C:\cmdcons
2010-09-16 06:12:24 0 d-----w- c:\docume~1\tom\applic~1\Foxit Software
2010-09-16 06:11:58 0 d-----w- c:\program files\Ask.com
2010-09-16 06:11:20 0 d-----w- c:\program files\Foxit Software
2010-09-14 20:22:22 0 d-----w- c:\docume~1\tom\applic~1\LolClient
2010-09-14 20:10:09 0 d-----w- C:\Riot Games
2010-09-14 18:24:21 0 d-----w- c:\docume~1\alluse~1\applic~1\PMB Files
2010-09-14 18:23:23 0 d-----w- c:\program files\Pando Networks
2010-09-11 16:49:26 0 d-----w- c:\program files\iPod
2010-09-11 16:49:21 0 d-----w- c:\program files\iTunes
2010-09-11 16:49:21 0 d-----w- c:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-09-11 16:40:44 0 d-----w- c:\program files\Bonjour
2010-09-10 01:35:30 0 d-----w- c:\program files\SpywareBlaster
2010-09-10 01:31:24 0 d-sh--w- c:\documents and settings\tom\PrivacIE
2010-09-10 01:24:15 0 d-sh--w- c:\documents and settings\tom\IETldCache
2010-09-10 01:20:49 16896 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-09-10 01:20:26 0 d-----w- c:\windows\ie8updates
2010-09-10 01:18:50 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-09-10 01:18:50 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-09-10 01:18:50 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-09-10 01:16:53 0 dc-h--w- c:\windows\ie8
2010-09-10 00:43:36 98816 ----a-w- c:\windows\sed.exe
2010-09-10 00:43:36 77312 ----a-w- c:\windows\MBR.exe
2010-09-10 00:43:36 256512 ----a-w- c:\windows\PEV.exe
2010-09-10 00:43:36 161792 ----a-w- c:\windows\SWREG.exe
2010-08-27 21:00:04 0 d-----w- c:\docume~1\alluse~1\applic~1\Blizzard Entertainment
2010-08-27 18:22:53 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-26 20:47:32 188416 ----a-w- c:\windows\Akycub.exe
2010-08-26 10:09:17 188416 ----a-w- c:\windows\Akycua.exe

==================== Find3M ====================

2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-07-28 01:44:10 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-07-28 01:44:10 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-07-28 01:44:10 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-07-22 15:49:15 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57:20 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys

============= FINISH: 13:18:08.98 ===============

Tassleh0ff
2010-09-18, 10:43
I wasn't sure if this was the format you wanted for the kaspersky scan, but here it is.

Saturday, September 18, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Friday, September 17, 2010 16:42:31
Records in database: 4217416
Scan settings
scan using the following database extended
Scan archives yes
Scan e-mail databases yes
Scan area My Computer
C:\
D:\
Scan statistics
Objects scanned 93286
Threats found 9
Infected objects found 19
Suspicious objects found 0
Scan duration 03:24:28

File name Threat Threats count
C:\Documents and Settings\All Users\Documents\My Music\Lime Music\Bauhaus - Antonin Artaud.wma Infected: Trojan-Downloader.WMA.GetCodec.a 1
C:\Documents and Settings\All Users\Documents\My Music\Lime Music\Cocteau Twins - Feet-Like Fins.wma Infected: Trojan-Downloader.WMA.GetCodec.a 1
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Eluveitie - Slania 2008.wma Infected: Trojan-Downloader.WMA.GetCodec.a 1
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Fatboy Slim - Incredible Adventures In Brazil 2008.wma Infected: Trojan-Downloader.WMA.GetCodec.a 1
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Flobots-Happy Together.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Sonata Artica - The End of this Chapter.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\Documents and Settings\Tom\Application Data\Sun\Java\Deployment\cache\6.0\37\301cb0e5-4c30d581 Infected: Exploit.Java.Agent.f 1
C:\Documents and Settings\Tom\Application Data\Sun\Java\Deployment\cache\6.0\49\6b800f31-7d9e5605 Infected: Trojan-Downloader.Java.OpenConnection.at 1
C:\Documents and Settings\Tom\Application Data\Sun\Java\Deployment\cache\6.0\49\6b800f31-7d9e5605 Infected: Exploit.Java.Agent.f 1
C:\Documents and Settings\Tom\My Documents\Downloads\XvidSetup.exe Infected: not-a-virus:WebToolbar.Win32.Zango.jq 1
C:\Documents and Settings\Tom\My Documents\My Music\Larissa Music\The Arcade Fire - The Woodlands National Anthem.mp3 Infected: Trojan-Downloader.WMA.GetCodec.a 1
C:\Documents and Settings\Tom\My Documents\My Music\Lime\The Arcade Fire - The Woodlands National Anthem.mp3 Infected: Trojan-Downloader.WMA.GetCodec.a 1
C:\Qoobox\Quarantine\C\Documents and Settings\Tom\Local Settings\Application Data\skohdtrfh\plvaawquqiw.exe.vir Infected: Trojan.Win32.FraudPack.bjqq 1
C:\Qoobox\Quarantine\C\Documents and Settings\Tom\Local Settings\Application Data\{E20DF3AC-47C5-45F4-BC8E-C2D65D42DF96}\chrome\content\overlay.xul.vir Infected: Trojan.JS.Gord.a 1
C:\Qoobox\Quarantine\C\WINDOWS\wednt950.dll.vir Infected: Trojan-Downloader.Win32.Mufanom.jjz 1
C:\Qoobox\Quarantine\[4]-Submit_2010-09-17_01.50.22.zip Infected: Packed.Win32.Katusha.n 2
C:\System Volume Information\_restore{7EF2AD34-1EE0-4051-B9D3-93D3BA46F90C}\RP20\A0007803.exe Infected: Trojan.Win32.FraudPack.bjqq 1
C:\System Volume Information\_restore{7EF2AD34-1EE0-4051-B9D3-93D3BA46F90C}\RP20\A0007810.dll Infected: Trojan-Downloader.Win32.Mufanom.jjz 1
Selected area has been scanned.

Blade81
2010-09-18, 11:56
Hi,

Open notepad and copy/paste the text in the quotebox below into it:



File::
C:\Documents and Settings\All Users\Documents\My Music\Lime Music\Bauhaus - Antonin Artaud.wma
C:\Documents and Settings\All Users\Documents\My Music\Lime Music\Cocteau Twins - Feet-Like Fins.wma
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Eluveitie - Slania 2008.wma
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Fatboy Slim - Incredible Adventures In Brazil 2008.wma
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Flobots-Happy Together.mp3
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Sonata Artica - The End of this Chapter.mp3
C:\Documents and Settings\Tom\Application Data\Sun\Java\Deployment\cache\6.0\37\301cb0e5-4c30d581
C:\Documents and Settings\Tom\Application Data\Sun\Java\Deployment\cache\6.0\49\6b800f31-7d9e5605
C:\Documents and Settings\Tom\My Documents\Downloads\XvidSetup.exe
C:\Documents and Settings\Tom\My Documents\My Music\Larissa Music\The Arcade Fire - The Woodlands National Anthem.mp3
C:\Documents and Settings\Tom\My Documents\My Music\Lime\The Arcade Fire - The Woodlands National Anthem.mp3



Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log. Post also fresh dds.txt log (the one you posted above was an old one).

Blade81
2010-09-24, 07:51
Are you still around?

Blade81
2010-09-30, 08:05
Due to inactivity, this thread will now be closed.

Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.

If it has been less than three days since your last response and you need the thread re-opened, please send me or other MOD a private message (pm). A valid, working link to the closed topic is required.