spybot wont start

**brian480** · 2009-08-31, 22:01

Hi there just wandered if anyone could help me.
i got a virus in my xp service pack 3 called a.exe i managed to get rid of it, but not before it shut down windows defender and it wont start again. Spybot wont start (windows cannot access the specified device, path, or file. You may not have the appropiate permissions to access the item) same with malwarebites anti malware every time i try installing new scans to try they install fine buut once started the suddenly vannish i got rootalyzer to run and saved the log to my desk top but don't know what to do with it any help is really appreciated

**Bio-Hazard** · 2009-08-31, 22:58

Hello and Welcome to forums!

My name is Bio-Hazard and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:

I will be working on your Malware issues this may or may not solve other issues you have with your machine.
The fixes are specific to your problem and should only be used for this issue on this machine.
I f you don't know or understand something please don't hesitate to ask.
Please DO NOT run any other tools or scans whilst I am helping you.
It is important that you reply to this thread. Do not start a new topic.
Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
Absence of symptoms does not mean that everything is clear.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

No Reply Within 4 Days Will Result In Your Topic Being Closed!!

Download and run Win32kDiag

Download Win32kDiag from any of the following locations and save it to your Desktop.
Double-click Win32kDiag.exe to run Win32kDiag and let it finish.
When it states "Finished! Press any key to exit...", press any key on your keyboard to close the program.
Double-click on the Win32kDiag.txt file that is located on your Desktop and post the entire contents of that log as a reply to this topic.

Download DDS

Please download DDS by sUBs from one of the links below and save it to your desktop:

Download DDS and save it to your desktop from:

Link 1
Link 2

Please disable any anti-malware program that will block scripts from running before running DDS.

Double-Click on dds.scr and a command window will appear. This is normal.
Shortly after two logs will appear:
- DDS.txt
- Attach.txt
A window will open instructing you save & post the logs
Save the logs to a convenient place such as your desktop
Copy the contents of both logs & post in your next reply

SysProt Antirootkit

Download SysProt Antirootkit from HERE (you will find it at the bottom of the page under attachments, or you can get it from one of the mirrors).

Unzip it into a folder on your desktop.
Double click Sysprot.exe to start the program.
Click on the Log tab.
In the Write to log box select the following items.
- Process
- Kernel Modules
- SSDT
- Kernel Hooks
- Hidden Files
At the bottom of the page slect
- Hidden Objects Only
Click on the Create Log button on the bottom right.
After a few seconds a new window should appear.
Select Scan Root Drive.
Click on the Start button.
When it is complete a new window will appear to indicate that the scan is finished.
The log will be saved automatically in the same folder Sysprot.exe was extracted to.
Open the text file and copy/paste the log here.

Next Reply

Please reply with:

DDS.txt
Attach.txt
Sysprot Log
Win32kDiag.txt

**brian480** · 2009-09-01, 01:10

Log file is located at: C:\Documents and Settings\change me\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...

Found mount point : C:\WINDOWS\addins\addins

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP126.tmp\ZAP126.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP13D.tmp\ZAP13D.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP145.tmp\ZAP145.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP150.tmp\ZAP150.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP15C.tmp\ZAP15C.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP17B.tmp\ZAP17B.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1B9.tmp\ZAP1B9.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1FB.tmp\ZAP1FB.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP22.tmp\ZAP22.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP225.tmp\ZAP225.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP24B.tmp\ZAP24B.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP261.tmp\ZAP261.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2A0.tmp\ZAP2A0.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2A7.tmp\ZAP2A7.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2C5.tmp\ZAP2C5.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2C8.tmp\ZAP2C8.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2E0.tmp\ZAP2E0.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP3BC.tmp\ZAP3BC.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP61.tmp\ZAP61.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP6B.tmp\ZAP6B.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9C.tmp\ZAP9C.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\temp\temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\tmp\BIOV18EL\BIOV18EL

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\tmp\DLSY5CIP\DLSY5CIP

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\tmp\LT07DKQX\LT07DKQX

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\tmp\V3AHNU07\V3AHNU07

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Config\Config

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d1\d1

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d2\d2

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d3\d3

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d4\d4

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d5\d5

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d6\d6

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d7\d7

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d8\d8

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Downloaded Program Files\CONFLICT.1\ODCTOOLS\ODCTOOLS

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Downloaded Program Files\ODCTOOLS\ODCTOOLS

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imejp\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imejp98\imejp98

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\2E43F6A45E9061642B72A4624A886A9F\10.0.1600\10.0.1600

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\3323515BEEA94DC4D9C2F4AA8C07BD2E\10.0.1600\10.0.1600

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\6BA4943F00966C14FA7528636228E78D\10.0.1600\10.0.1600

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\{55A29068-F2CE-456C-9148-C869879E2357}\{55A29068-F2CE-456C-9148-C869879E2357}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\java\classes\classes

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\java\trustlib\trustlib

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Logs\Logs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Minidump\Minidump

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\msapps\msinfo\msinfo

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\msdownld.tmp\msdownld.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\ERRORREP\ERRORREP

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\BATCH\BATCH

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\System\News\News

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\System_OEM\System_OEM

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Performance\WinSAT\DataStore\DataStore

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PIF\PIF

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\EventCache\EventCache

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SxsCaPendDel\SxsCaPendDel

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1025\1025

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1028\1028

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1031\1031

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1037\1037

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1041\1041

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1042\1042

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1054\1054

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\2052\2052

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\3076\3076

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\3com_dmi\3com_dmi

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\appmgmt\MACHINE\MACHINE

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\appmgmt\S-1-5-21-2025429265-436374069-725345543-1003\S-1-5-21-2025429265-436374069-725345543-1003

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\appmgmt\S-1-5-21-2025429265-436374069-725345543-1011\S-1-5-21-2025429265-436374069-725345543-1011

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\Original\Original

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\RCSBakup\RCSBakup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\regback\regback

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Avanquest\AntiMalware\logs\logs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\Quick Launch\Quick Launch

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\UserData\HLRRVRUP\HLRRVRUP

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\UserData\SX3DSC3J\SX3DSC3J

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\UserData\ZXIN4AF3\ZXIN4AF3

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Media Player\Media Player

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Yahoo!\Companion\Buttons\Buttons

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Desktop\Desktop

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~\WebSlices~

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Services\Services

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\My Documents\My Documents

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\NetHood\NetHood

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\PrintHood\PrintHood

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Recent\Recent

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\dhcp\dhcp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\drivers\disdn\disdn

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\system32\eventlog.dll

[1] 2007-12-31 11:03:17 56320 C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll (Microsoft Corporation)

[1] 2008-04-14 02:11:54 56320 C:\WINDOWS\ServicePackFiles\i386\eventlog.dll (Microsoft Corporation)

[1] 2008-04-14 02:11:54 62464 C:\WINDOWS\system32\eventlog.dll ()

[2] 2008-04-14 02:11:54 56320 C:\WINDOWS\system32\logevent.dll (Microsoft Corporation)

Found mount point : C:\WINDOWS\system32\export\export

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\ffdshow\languages\languages

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\GroupPolicy\Machine\Scripts\Shutdown\Shutdown

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\GroupPolicy\Machine\Scripts\Startup\Startup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\GroupPolicy\User\User

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\system32\MRT.exe

[1] 2009-07-29 17:49:16 24281536 C:\WINDOWS\system32\MRT.exe ()

[2] 2009-07-07 16:10:56 24539592 C:\System Volume Information\_restore{B5D1D133-8F97-4931-88CC-3FCE7C3F15F6}\RP255\A0068380.exe (Microsoft Corporation)

[2] 2009-07-30 01:49:14 24281536 C:\System Volume Information\_restore{B5D1D133-8F97-4931-88CC-3FCE7C3F15F6}\RP349\A0104509.exe (Microsoft Corporation)

Found mount point : C:\WINDOWS\system32\mui\dispspec\dispspec

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\oobe\html\ispsgnup\ispsgnup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\oobe\html\oemcust\oemcust

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\oobe\html\oemhw\oemhw

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\oobe\html\oemreg\oemreg

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\oobe\sample\sample

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\RegiCleanse\Backup\Favourite\Favourite

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\RegiCleanse\Backup\Registry\Registry

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\RsFx\RsFx

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\ShellExt\ShellExt

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\spool\drivers\w32x86\__SKIP_00BB\__SKIP_00BB

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\spool\PRINTERS\PRINTERS

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\wbem\mof\bad\bad

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\wbem\mof\good\good

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\wbem\snmp\snmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\wins\wins

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\xircom\xircom

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp

Mount point destination : \Device\__max++>\^

Finished!

**brian480** · 2009-09-01, 01:20

dds wont run it flashes a black screen then nothing happens here is the
SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

No Hidden Processes found

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \systemroot\win32k.sys:1
Service Name: ---
Module Base: A927E000
Module End: A9283000
Hidden: Yes

Module Name: \systemroot\win32k.sys:2
Service Name: ---
Module Base: F7800000
Module End: F780F000
Hidden: Yes

******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwCreateKey
Address: F73E60D0
Driver Base: F73E5000
Driver End: F74CF000
Driver Name: sptd.sys

Function Name: ZwEnumerateKey
Address: F73EBFB2
Driver Base: F73E5000
Driver End: F74CF000
Driver Name: sptd.sys

Function Name: ZwEnumerateValueKey
Address: F73EC340
Driver Base: F73E5000
Driver End: F74CF000
Driver Name: sptd.sys

Function Name: ZwOpenKey
Address: F73E60B0
Driver Base: F73E5000
Driver End: F74CF000
Driver Name: sptd.sys

Function Name: ZwQueryKey
Address: F73EC418
Driver Base: F73E5000
Driver End: F74CF000
Driver Name: sptd.sys

Function Name: ZwQueryValueKey
Address: F73EC298
Driver Base: F73E5000
Driver End: F74CF000
Driver Name: sptd.sys

Function Name: ZwSetValueKey
Address: F73EC4AA
Driver Base: F73E5000
Driver End: F74CF000
Driver Name: sptd.sys

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
No hidden files/folders found

thank you again for trying to find a solution for me

**Bio-Hazard** · 2009-09-01, 01:23

Download and Run ComboFix

Download ComboFix from one of these locations:

Link 1
Link 2

Here you can find a tutorial about Combofix: HOW TO USE COMBOFIX

You must download it to and run it from your Desktop
ComboFix SHOULD NOT be used unless requested by a forum helper.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. A guide to do this can be found HERE
Double click on ComboFix.exe and follow the prompts.
- As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
- Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
- If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
Combofix should never take more that 20 minutes including the reboot if malware is detected.

IMPORTANT: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.This tool is not a toy and not for everyday use.

Next Reply

Please reply with:

ComboFix log (found at C:\Combofix.txt)
New HijackThis log

**brian480** · 2009-09-01, 09:38

i could not attach them in rar format sorry

ComboFix 09-08-31.03 - ALLEN 09/01/2009 8:03.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.548 [GMT 1:00]
Running from: c:\documents and settings\change me\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\CHANGE~1\APPLIC~1\bcrypt.html
c:\docume~1\CHANGE~1\APPLIC~1\inst.exe
c:\documents and settings\change me\Application Data\bcrypt.html
c:\documents and settings\change me\Application Data\inst.exe
c:\program files\SGPSA
c:\program files\SGPSA\BHO.dll
c:\recycler\S-1-5-21-9055275616-0391393833-324449264-5056
c:\windows\Downloaded Program Files\ODCTOOLS
c:\windows\Installer\105660.msp
c:\windows\Installer\105661.msp
c:\windows\Installer\105662.msp
c:\windows\Installer\105663.msp
c:\windows\Installer\105664.msp
c:\windows\Installer\105665.msp
c:\windows\Installer\105666.msp
c:\windows\Installer\105667.msp
c:\windows\Installer\105668.msp
c:\windows\Installer\110c9f0.msi
c:\windows\Installer\110c9f5.msi
c:\windows\Installer\110c9fe.msi
c:\windows\Installer\110ca03.msi
c:\windows\Installer\110ca08.msi
c:\windows\Installer\110ca0d.msi
c:\windows\Installer\110ca12.msi
c:\windows\Installer\110ca1c.msi
c:\windows\Installer\110ca21.msi
c:\windows\Installer\110ca26.msi
c:\windows\Installer\110ca2b.msi
c:\windows\Installer\110ca34.msi
c:\windows\Installer\110ca39.msi
c:\windows\Installer\110ca3e.msi
c:\windows\Installer\110ca43.msi
c:\windows\Installer\110ca48.msi
c:\windows\Installer\110ca4d.msi
c:\windows\Installer\110ca52.msi
c:\windows\Installer\110ca57.msi
c:\windows\Installer\110ca5c.msi
c:\windows\Installer\110ca61.msi
c:\windows\Installer\110ca66.msi
c:\windows\Installer\110ca6b.msi
c:\windows\Installer\110ca70.msi
c:\windows\Installer\110ca75.msi
c:\windows\Installer\13a3e4.msi
c:\windows\Installer\188ad95.msi
c:\windows\Installer\189239.msp
c:\windows\Installer\18923a.msp
c:\windows\Installer\18923b.msp
c:\windows\Installer\18923c.msp
c:\windows\Installer\18923d.msp
c:\windows\Installer\18923e.msp
c:\windows\Installer\18923f.msp
c:\windows\Installer\189240.msp
c:\windows\Installer\189241.msp
c:\windows\Installer\18c7cf.msi
c:\windows\Installer\19d1fd.msp
c:\windows\Installer\19d1fe.msp
c:\windows\Installer\19d1ff.msp
c:\windows\Installer\19d200.msp
c:\windows\Installer\19d201.msp
c:\windows\Installer\19d202.msp
c:\windows\Installer\19d203.msp
c:\windows\Installer\19d204.msp
c:\windows\Installer\19d205.msp
c:\windows\Installer\1a1edb.msi
c:\windows\Installer\1a1edc.msp
c:\windows\Installer\1a1edd.msp
c:\windows\Installer\1a1ede.msp
c:\windows\Installer\1a1edf.msp
c:\windows\Installer\1a1ee0.msp
c:\windows\Installer\1a1ee1.msp
c:\windows\Installer\1a1ee2.msp
c:\windows\Installer\1a1ee3.msp
c:\windows\Installer\1a1ee4.msp
c:\windows\Installer\1c92d3f.msi
c:\windows\Installer\1c92d44.msi
c:\windows\Installer\1c92d4b.msi
c:\windows\Installer\1c92d50.msi
c:\windows\Installer\1de2d5.msi
c:\windows\Installer\1de2dc.msp
c:\windows\Installer\1e7e73.msi
c:\windows\Installer\1e7e74.msp
c:\windows\Installer\1e7e75.msp
c:\windows\Installer\1e7e76.msp
c:\windows\Installer\1e7e77.msp
c:\windows\Installer\1e7e78.msp
c:\windows\Installer\1e7e79.msp
c:\windows\Installer\1e7e7a.msp
c:\windows\Installer\1e7e7b.msp
c:\windows\Installer\1e7e7c.msp
c:\windows\Installer\1e7e7d.msp
c:\windows\Installer\201798.msi
c:\windows\Installer\20179e.msi
c:\windows\Installer\2030c2c.msi
c:\windows\Installer\215bf0.msi
c:\windows\Installer\215bfe.msp
c:\windows\Installer\215c08.msp
c:\windows\Installer\215c13.msp
c:\windows\Installer\250ee4.msi
c:\windows\Installer\250ee9.msi
c:\windows\Installer\250eee.msi
c:\windows\Installer\250ef3.msi
c:\windows\Installer\250ef8.msi
c:\windows\Installer\250efd.msi
c:\windows\Installer\250f02.msi
c:\windows\Installer\250f0b.msi
c:\windows\Installer\250f10.msi
c:\windows\Installer\250f15.msi
c:\windows\Installer\250f1f.msi
c:\windows\Installer\250f24.msi
c:\windows\Installer\250f29.msi
c:\windows\Installer\2d3d0.msi
c:\windows\Installer\3489c5.msp
c:\windows\Installer\3489c6.msp
c:\windows\Installer\3489c7.msp
c:\windows\Installer\3489c8.msp
c:\windows\Installer\3489c9.msp
c:\windows\Installer\3489ca.msp
c:\windows\Installer\3489cb.msp
c:\windows\Installer\3489cc.msp
c:\windows\Installer\3489cd.msp
c:\windows\Installer\3689bb.msi
c:\windows\Installer\3689bc.msp
c:\windows\Installer\3689bd.msp
c:\windows\Installer\3689be.msp
c:\windows\Installer\3689bf.msp
c:\windows\Installer\3689c0.msp
c:\windows\Installer\3689c1.msp
c:\windows\Installer\3689c2.msp
c:\windows\Installer\3689c3.msp
c:\windows\Installer\3689c4.msp
c:\windows\Installer\372a1.msi
c:\windows\Installer\39bc4.msi
c:\windows\Installer\642b1.msp
c:\windows\Installer\642b7.msi
c:\windows\Installer\642bd.msp
c:\windows\Installer\6794a.msp
c:\windows\Installer\6794b.msp
c:\windows\Installer\6794c.msp
c:\windows\Installer\6794d.msp
c:\windows\Installer\6794e.msp
c:\windows\Installer\6794f.msp
c:\windows\Installer\67950.msp
c:\windows\Installer\67951.msp
c:\windows\Installer\67952.msp
c:\windows\Installer\6d6c9f.msi
c:\windows\Installer\707ce.msi
c:\windows\Installer\79895.msp
c:\windows\Installer\79896.msp
c:\windows\Installer\79897.msp
c:\windows\Installer\79898.msp
c:\windows\Installer\79899.msp
c:\windows\Installer\7989a.msp
c:\windows\Installer\7989b.msp
c:\windows\Installer\7989c.msp
c:\windows\Installer\7989d.msp
c:\windows\Installer\82ff2.msi
c:\windows\Installer\82ff3.msp
c:\windows\Installer\82ff4.msp
c:\windows\Installer\82ff5.msp
c:\windows\Installer\82ff6.msp
c:\windows\Installer\82ff7.msp
c:\windows\Installer\82ff8.msp
c:\windows\Installer\82ff9.msp
c:\windows\Installer\82ffa.msp
c:\windows\Installer\82ffb.msp
c:\windows\Installer\9ac70.msi
c:\windows\Installer\a10a2.msi
c:\windows\Installer\a10a8.msi
c:\windows\Installer\d742ef.msi
c:\windows\system32\geyekrlpxrqpau.dat
c:\windows\system32\net32gdilib.dll
c:\windows\system32\wr42017.dll
c:\windows\system32\xa1029843.exe
c:\windows\system32\xa1030031.exe
c:\windows\system32\xa1054390.exe
c:\windows\system32\xa1054593.exe
c:\windows\system32\xa1078281.exe
c:\windows\system32\xa1078468.exe
c:\windows\system32\xa1079234.exe
c:\windows\system32\xa1079437.exe
c:\windows\system32\xa1079828.exe
c:\windows\system32\xa1080015.exe
c:\windows\system32\xa1080312.exe
c:\windows\system32\xa1155359.exe
c:\windows\system32\xa1155546.exe
c:\windows\system32\xa1599171.exe
c:\windows\system32\xa1599359.exe
c:\windows\system32\xa893562.exe
c:\windows\system32\xa893750.exe
c:\windows\system32\xa922812.exe
c:\windows\system32\xa923000.exe
c:\windows\system32\xa937859.exe
c:\windows\system32\xa938046.exe
c:\windows\system32\xa989031.exe
c:\windows\system32\xa989218.exe
c:\windows\system32\xwr42017.dll
c:\windows\system32\zip32.dll

Infected copy of c:\windows\system32\eventlog.dll was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\eventlog.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}

((((((((((((((((((((((((( Files Created from 2009-08-01 to 2009-09-01 )))))))))))))))))))))))))))))))
.

2009-08-31 20:10 . 2009-08-31 20:10 117760 ----a-w- c:\documents and settings\change me\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-08-31 20:08 . 2009-08-31 20:08 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-08-31 20:08 . 2009-09-01 07:07 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-08-31 20:08 . 2009-08-31 20:08 -------- d-----w- c:\documents and settings\change me\Application Data\SUPERAntiSpyware.com
2009-08-31 20:08 . 2009-08-31 20:08 -------- d-----w- c:\docume~1\CHANGE~1\APPLIC~1\SUPERAntiSpyware.com
2009-08-31 20:08 . 2009-08-31 20:08 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-08-31 18:20 . 2009-08-31 18:20 9830 ----a-w- C:\exefix.reg
2009-08-31 17:42 . 2009-08-31 17:42 -------- d-----w- c:\program files\Windows Defender
2009-08-31 17:10 . 2009-08-31 17:10 -------- d-----w- c:\documents and settings\admin\Application Data\Yahoo!
2009-08-31 17:04 . 2009-08-31 17:04 -------- d-sh--w- c:\documents and settings\admin\PrivacIE
2009-08-31 17:03 . 2009-08-31 17:03 19576 ----a-w- c:\documents and settings\admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-31 17:03 . 2009-08-31 17:03 -------- d-sh--w- c:\documents and settings\admin\IETldCache
2009-08-31 17:00 . 2009-08-31 17:04 -------- d-----w- c:\documents and settings\admin
2009-08-31 14:17 . 2009-08-31 14:17 -------- d-----w- c:\program files\Windows X
2009-08-31 14:15 . 2009-08-31 14:35 -------- d-----w- c:\program files\a-squared Free
2009-08-31 13:21 . 2009-08-31 13:21 -------- d-----w- c:\documents and settings\change me\Local Settings\Application Data\Runscanner.net
2009-08-31 13:13 . 2009-08-31 13:13 -------- d-----w- c:\program files\ESET
2009-08-31 13:02 . 2009-08-31 13:02 65536 ----a-r- c:\documents and settings\change me\Application Data\Microsoft\Installer\{A6F4DE62-BA95-45B5-B27D-39E5ABB4E77D}\NewShortcut1_6D307F405A8B42488CCA5C8E4FA8753B.exe
2009-08-31 13:02 . 2009-08-31 13:02 10134 ----a-r- c:\documents and settings\change me\Application Data\Microsoft\Installer\{A6F4DE62-BA95-45B5-B27D-39E5ABB4E77D}\ARPPRODUCTICON.exe
2009-08-31 13:02 . 2009-08-31 13:02 -------- d-----w- c:\program files\Hydra Networks
2009-08-31 13:02 . 2009-08-31 14:17 -------- d-----w- c:\windows\Downloaded Installations
2009-08-31 12:31 . 2009-08-31 12:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec(2)(3)
2009-08-31 12:31 . 2009-08-31 12:31 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee(4)
2009-08-31 12:31 . 2009-08-31 12:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec(4)
2009-08-31 12:31 . 2009-08-31 12:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Slapdash Games(3)
2009-08-31 12:31 . 2009-08-31 12:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software(3)
2009-08-31 12:31 . 2009-08-31 12:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Roxio(3)
2009-08-31 12:31 . 2009-08-31 12:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Real(3)
2009-08-31 12:31 . 2009-08-31 12:31 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller(3)
2009-08-31 12:31 . 2009-08-31 12:31 -------- d-----w- c:\documents and settings\All Users\Application Data\LightScribe(3)
2009-08-31 12:31 . 2009-08-31 12:31 -------- d-----w- c:\documents and settings\All Users\Application Data\HiddenSecretsNightmare(3)
2009-08-31 12:31 . 2009-08-31 12:31 -------- d-----w- c:\documents and settings\All Users\Application Data\BVRP Software(3)
2009-08-31 12:31 . 2009-08-31 12:31 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU(3)
2009-08-31 12:31 . 2009-08-31 12:31 -------- d--h--w- c:\documents and settings\All Users\Application Data\{C4C0E335-EDDF-46A0-A57D-F3802AE44275}(3)
2009-08-31 11:32 . 2009-08-31 11:32 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee(2)
2009-08-31 10:36 . 2009-08-31 12:25 -------- d-----w- c:\program files\Exterminate It!
2009-08-31 09:03 . 2009-08-31 09:03 -------- d-----w- c:\documents and settings\Administrator\Application Data\DNA
2009-08-31 08:49 . 2009-08-31 08:59 -------- d-----w- c:\program files\EsetOnlineScanner
2009-08-31 08:41 . 2009-08-31 08:41 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-08-31 08:03 . 2009-08-31 08:31 -------- d-----w- c:\windows\BDOSCAN8
2009-08-30 18:02 . 2009-08-30 18:02 -------- d-----w- c:\documents and settings\change me\Application Data\PlayFirst
2009-08-30 18:02 . 2009-08-30 18:02 -------- d-----w- c:\documents and settings\All Users\Application Data\PlayFirst
2009-08-30 18:02 . 2009-08-30 18:02 -------- d-----w- c:\docume~1\CHANGE~1\APPLIC~1\PlayFirst
2009-08-30 17:40 . 2009-08-30 17:40 -------- d-----w- c:\program files\The Mystery of the Mary Celeste
2009-08-30 17:40 . 2009-08-30 17:40 -------- d-----w- c:\windows\The Mystery of the Mary Celeste
2009-08-30 05:43 . 2009-08-30 05:43 -------- d-----w- c:\documents and settings\change me\Application Data\Malwarebytes
2009-08-30 05:43 . 2009-08-30 05:43 -------- d-----w- c:\docume~1\CHANGE~1\APPLIC~1\Malwarebytes
2009-08-30 05:43 . 2009-08-03 12:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-30 05:43 . 2009-08-30 05:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-30 05:43 . 2009-08-03 12:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-30 05:43 . 2009-08-30 05:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-30 04:50 . 2009-06-10 21:11 342016 ------w- c:\windows\system32\MC14.exe
2009-08-30 04:50 . 2009-05-12 18:13 585728 ------w- c:\windows\system32\AReadyLB.dll
2009-08-30 04:50 . 2009-05-12 18:13 53248 ------w- c:\windows\system32\BBInstaller.exe
2009-08-30 04:50 . 2009-05-12 18:13 229376 ------w- c:\windows\system32\AudDevicePlugin.dll
2009-08-30 04:50 . 2009-08-30 04:50 -------- d-----w- c:\program files\J River
2009-08-30 04:49 . 2009-08-30 04:50 -------- d-----w- c:\documents and settings\change me\Application Data\J River
2009-08-30 04:49 . 2009-08-30 04:50 -------- d-----w- c:\docume~1\CHANGE~1\APPLIC~1\J River
2009-08-29 17:16 . 2009-08-29 17:16 -------- d-----w- c:\documents and settings\change me\Application Data\GlarySoft
2009-08-29 17:16 . 2009-08-29 17:16 -------- d-----w- c:\docume~1\CHANGE~1\APPLIC~1\GlarySoft
2009-08-29 17:14 . 2009-08-29 17:14 -------- d-----w- c:\program files\Glary Utilities
2009-08-29 17:01 . 2009-08-29 17:01 -------- d-----w- c:\documents and settings\change me\Application Data\DAEMON Tools Pro
2009-08-29 17:01 . 2009-08-29 17:01 -------- d-----w- c:\docume~1\CHANGE~1\APPLIC~1\DAEMON Tools Pro
2009-08-29 16:51 . 2009-08-29 16:51 685816 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-08-29 15:55 . 2009-08-29 15:55 -------- d-----w- c:\program files\Microsoft Silverlight
2009-08-29 12:48 . 2009-08-29 12:48 4141117 ----a-w- c:\documents and settings\change me\Application Data\Azureus\plugins\vuzexcode\mediainfo.exe
2009-08-29 12:48 . 2009-08-29 12:48 6516755 ----a-w- c:\documents and settings\change me\Application Data\Azureus\plugins\vuzexcode\ffmpeg.exe
2009-08-29 12:44 . 2009-08-29 12:44 15884 ----a-w- c:\documents and settings\change me\Application Data\Azureus\plugins\azitunes\libProcessAccess.dll
2009-08-29 12:44 . 2009-08-29 12:44 102400 ----a-w- c:\documents and settings\change me\Application Data\Azureus\plugins\azitunes\jacob-1.14.3-x86.dll
2009-08-28 16:30 . 2009-08-28 19:06 -------- d-----w- c:\program files\Common Files\Real
2009-08-28 14:21 . 2009-08-28 14:21 -------- d-----w- c:\documents and settings\change me\Application Data\TuneUp Software
2009-08-28 14:21 . 2009-08-28 14:21 -------- d-----w- c:\docume~1\CHANGE~1\APPLIC~1\TuneUp Software
2009-08-28 13:43 . 2009-08-28 13:43 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2009-08-28 13:43 . 2009-08-28 13:43 -------- d-----w- c:\documents and settings\Administrator\Application Data\Yahoo!
2009-08-28 12:44 . 2009-08-28 12:57 -------- d-----w- c:\documents and settings\change me\Application Data\Smart PC Solutions
2009-08-28 12:44 . 2009-08-28 12:57 -------- d-----w- c:\docume~1\CHANGE~1\APPLIC~1\Smart PC Solutions
2009-08-28 05:09 . 2009-08-28 05:09 10684866 ----a-w- c:\documents and settings\change me\Application Data\Azureus\plugins\azump\mplayer.exe
2009-08-27 17:34 . 2009-08-27 17:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Azureus
2009-08-27 17:34 . 2009-08-31 12:04 -------- d-----w- c:\documents and settings\change me\Application Data\Azureus
2009-08-27 17:34 . 2009-08-31 12:04 -------- d-----w- c:\docume~1\CHANGE~1\APPLIC~1\Azureus
2009-08-27 17:34 . 2009-08-27 17:34 -------- d-----w- c:\program files\Vuze
2009-08-27 11:37 . 2009-08-31 11:09 -------- d-----w- c:\documents and settings\change me\.housecall6.6
2009-08-26 23:23 . 2009-08-27 00:07 -------- d-----w- c:\documents and settings\change me\Application Data\.ABC
2009-08-26 23:23 . 2009-08-27 00:07 -------- d-----w- c:\docume~1\CHANGE~1\APPLIC~1\.ABC
2009-08-26 15:46 . 2009-08-31 13:03 -------- d--h--w- C:\$AVG8.VAULT$
2009-08-26 08:50 . 2009-08-26 08:50 -------- d-----w- c:\program files\Xilisoft
2009-08-25 09:10 . 2009-08-25 09:10 -------- d-----w- c:\documents and settings\change me\Application Data\Ahead
2009-08-25 09:10 . 2009-08-25 09:10 -------- d-----w- c:\docume~1\CHANGE~1\APPLIC~1\Ahead
2009-08-25 08:54 . 2003-10-08 09:51 1298432 ----a-w- c:\windows\UNNMP.exe
2009-08-25 08:54 . 2003-10-08 09:51 1298432 ----a-w- c:\windows\UNNMP(3).exe
2009-08-25 08:54 . 2003-10-08 09:51 1298432 ----a-w- c:\windows\UNNMP(2).exe
2009-08-25 08:44 . 2009-08-25 15:09 -------- d-----w- c:\program files\Common Files\Ahead
2009-08-25 07:57 . 2009-08-25 07:57 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-25 07:57 . 2009-08-25 07:57 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-08-25 07:57 . 2009-08-25 07:57 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-25 07:57 . 2009-08-25 07:57 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-25 07:56 . 2009-08-31 07:09 -------- d-----w- c:\windows\system32\drivers\Avg
2009-08-25 07:56 . 2009-08-25 07:56 -------- d-----w- c:\program files\AVG
2009-08-25 07:55 . 2009-09-01 06:52 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-08-25 07:46 . 2009-08-25 07:46 -------- d-----w- c:\documents and settings\change me\Application Data\AVG8
2009-08-25 07:46 . 2009-08-25 07:46 -------- d-----w- c:\docume~1\CHANGE~1\APPLIC~1\AVG8
2009-08-24 07:58 . 2009-08-24 08:02 47360 ----a-w- c:\documents and settings\change me\Application Data\pcouffin.sys
2009-08-24 07:58 . 2009-08-24 07:58 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-08-24 07:58 . 2009-08-24 08:02 -------- d-----w- c:\documents and settings\change me\Application Data\Vso
2009-08-24 07:58 . 2009-08-24 08:02 -------- d-----w- c:\docume~1\CHANGE~1\APPLIC~1\Vso
2009-08-23 07:00 . 2009-08-23 07:00 -------- d-----w- c:\documents and settings\LocalService\Application Data\Roxio
2009-08-23 06:52 . 2009-08-23 06:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Uninstall
2009-08-23 06:52 . 2008-08-06 01:50 606208 ----a-w- c:\documents and settings\All Users\Application Data\Uninstall\{7919D8D9-69FB-4E94-B330-04C4AF251867}\bin\setupresENU.dll
2009-08-23 06:52 . 2008-08-05 13:42 4717040 ----a-w- c:\documents and settings\All Users\Application Data\Uninstall\{7919D8D9-69FB-4E94-B330-04C4AF251867}\setup.exe
2009-08-23 06:43 . 2009-08-23 06:43 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
2009-08-23 06:37 . 2009-08-23 06:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Sonic
2009-08-22 19:45 . 2009-08-22 19:45 -------- d-----w- c:\documents and settings\change me\Application Data\Azuaz Games
2009-08-22 19:45 . 2009-08-22 19:45 -------- d-----w- c:\docume~1\CHANGE~1\APPLIC~1\Azuaz Games
2009-08-22 19:36 . 2009-08-22 19:36 -------- d-----w- c:\program files\GameTop.com
2009-08-22 06:25 . 2009-08-22 06:25 -------- d-----w- c:\program files\Defraggler
2009-08-21 16:58 . 2009-08-21 16:58 -------- d-----w- c:\program files\CCleaner
2009-08-21 09:12 . 2001-08-17 12:48 12160 -c----w- c:\windows\system32\dllcache\mouhid.sys
2009-08-21 09:12 . 2001-08-17 12:48 12160 ------w- c:\windows\system32\drivers\mouhid.sys
2009-08-20 06:51 . 2009-08-20 06:51 -------- d-----w- c:\windows\system32\wbem\Repository
2009-08-20 06:51 . 2009-08-20 06:51 -------- d-----w- C:\4fff99b4a3a7072f67382f9eaf43c24f
2009-08-17 08:17 . 2009-08-29 13:02 -------- d-----w- c:\program files\VS Revo Group
2009-08-16 11:00 . 2009-08-16 11:00 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Avanquest
2009-08-15 12:44 . 2009-08-15 12:45 -------- d--h--w- c:\windows\ie8
2009-08-15 11:12 . 2009-08-15 12:44 -------- dc----w- c:\windows\ie8(2)
2009-08-15 09:25 . 2009-08-15 09:25 -------- d-----w- c:\documents and settings\change me\ErrorLogs

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-31 15:26 . 2009-06-14 07:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-31 12:42 . 2009-08-31 12:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec(2)
2009-08-31 12:42 . 2009-08-31 12:42 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-08-31 12:42 . 2009-08-31 12:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-08-31 12:42 . 2009-08-31 12:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Slapdash Games
2009-08-31 12:42 . 2009-08-31 12:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software
2009-08-31 12:42 . 2009-08-31 12:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Roxio
2009-08-31 12:42 . 2009-08-31 12:42 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-08-31 12:42 . 2009-08-31 12:42 -------- d-----w- c:\documents and settings\All Users\Application Data\LightScribe
2009-08-31 12:42 . 2009-08-31 12:42 -------- d-----w- c:\documents and settings\All Users\Application Data\HiddenSecretsNightmare
2009-08-31 12:42 . 2009-08-31 12:42 -------- d-----w- c:\documents and settings\All Users\Application Data\BVRP Software
2009-08-31 12:42 . 2009-08-31 12:42 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU
2009-08-31 12:42 . 2009-08-31 12:42 -------- d--h--w- c:\documents and settings\All Users\Application Data\{C4C0E335-EDDF-46A0-A57D-F3802AE44275}
2009-08-31 09:03 . 2009-06-27 09:59 -------- d-----w- c:\program files\DNA
2009-08-30 08:20 . 2009-07-28 16:20 -------- d-----w- c:\program files\MpcStar
2009-08-29 18:30 . 2009-06-09 11:37 -------- d-----w- c:\program files\Yahoo!
2009-08-28 17:10 . 2009-06-09 11:37 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-08-28 17:10 . 2009-06-09 11:37 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-08-28 14:21 . 2009-06-28 22:49 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-08-28 13:19 . 2009-07-16 10:47 -------- d-----w- c:\program files\Common Files\McAfee
2009-08-27 00:31 . 2009-05-30 14:41 19576 -c--a-w- c:\documents and settings\change me\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-24 08:02 . 2009-08-24 07:58 47360 ----a-w- c:\docume~1\CHANGE~1\APPLIC~1\pcouffin.sys
2009-08-23 14:56 . 2009-07-21 09:58 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-23 12:26 . 2009-07-14 15:15 1034056 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-08-23 06:52 . 2009-06-09 11:37 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-23 06:39 . 2009-06-09 11:37 -------- d-----w- c:\program files\Common Files\InstallShield
2009-08-21 16:49 . 2009-06-14 19:00 411368 -c----w- c:\windows\system32\deploytk.dll
2009-08-17 09:55 . 2009-06-21 09:47 -------- d-----w- c:\program files\Windows Desktop Search
2009-08-17 08:29 . 2009-06-09 11:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-08-15 22:04 . 2009-06-23 14:31 -------- d-----w- c:\program files\Lx_cats
2009-08-15 20:33 . 2009-06-14 07:21 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-15 09:06 . 2009-07-08 15:26 -------- d-----w- c:\program files\Intel
2009-08-15 07:42 . 2009-07-25 06:16 -------- d-----w- c:\documents and settings\All Users\Application Data\page
2009-08-13 14:44 . 2009-07-14 09:07 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2009-08-11 15:00 . 2009-08-11 15:00 0 ------w- c:\windows\system32\drivers\Msft_User_M4iPodWPDDriver_01_07_00.Wdf
2009-08-11 15:00 . 2009-08-11 15:00 0 ------w- c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
2009-08-09 20:02 . 2009-06-09 11:42 -------- d-----w- c:\documents and settings\change me\Application Data\Motive
2009-08-09 20:02 . 2009-06-09 11:42 -------- d-----w- c:\docume~1\CHANGE~1\APPLIC~1\Motive
2009-08-09 09:10 . 2009-06-10 06:36 -------- d-----w- c:\documents and settings\change me\Application Data\Media Player Classic
2009-08-09 09:10 . 2009-06-10 06:36 -------- d-----w- c:\docume~1\CHANGE~1\APPLIC~1\Media Player Classic
2009-08-07 10:40 . 2009-07-07 16:34 -------- d-----w- c:\program files\Microsoft.NET
2009-08-05 09:47 . 2009-07-28 16:27 -------- d-----w- c:\documents and settings\change me\Application Data\CometNetwork
2009-08-05 09:47 . 2009-07-28 16:27 -------- d-----w- c:\docume~1\CHANGE~1\APPLIC~1\CometNetwork
2009-08-05 09:01 . 2004-08-04 12:00 204800 ------w- c:\windows\system32\mswebdvd.dll
2009-08-05 07:48 . 2009-06-09 16:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-08-02 20:07 . 2009-06-09 20:24 -------- d-----w- c:\program files\Common Files\AVSMedia
2009-08-02 15:50 . 2009-08-31 17:00 38208 ----a-w- c:\documents and settings\admin\Application Data\Macromedia\Flash Player\http://www.macromedia.com\bin\airapp...pinstaller.exe
2009-08-02 10:04 . 2009-08-01 10:50 239 ----a-w- c:\windows\PowerReg.dat
2009-07-28 16:35 . 2009-07-28 16:22 -------- d-----w- c:\documents and settings\change me\Application Data\TigerPlayer
2009-07-28 16:35 . 2009-07-28 16:22 -------- d-----w- c:\docume~1\CHANGE~1\APPLIC~1\TigerPlayer
2009-07-28 16:27 . 2009-07-28 16:27 0 ----a-w- c:\windows\nsreg.dat
2009-07-28 09:20 . 2009-07-28 08:47 -------- d-----w- c:\program files\ffdshow
2009-07-28 08:57 . 2009-06-12 07:18 -------- d-----w- c:\program files\SourceTec
2009-07-26 09:26 . 2009-07-14 13:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-07-26 07:55 . 2009-07-26 07:55 3888 ------w- c:\windows\system32\drivers\NTHANDLE.SYS
2009-07-24 09:22 . 2009-07-24 09:22 -------- d-----w- c:\program files\Search Guard Plus
2009-07-24 06:50 . 2009-07-21 10:46 -------- d-----w- c:\program files\iolo
2009-07-24 06:50 . 2009-07-21 00:01 -------- d-----w- c:\documents and settings\All Users\Application Data\iolo
2009-07-21 13:28 . 2009-07-20 15:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Systweak
2009-07-21 13:28 . 2009-07-20 14:51 -------- d-----w- c:\documents and settings\change me\Application Data\Systweak
2009-07-21 13:28 . 2009-07-20 14:51 -------- d-----w- c:\docume~1\CHANGE~1\APPLIC~1\Systweak
2009-07-21 11:05 . 2009-07-21 00:21 518 ----a-w- c:\documents and settings\change me\Application Data\iolo\Registry\Last\restore.bat
2009-07-21 00:19 . 2009-07-21 00:19 1531 ----a-w- c:\documents and settings\change me\Application Data\iolo\restore.bat
2009-07-21 00:13 . 2009-07-21 00:01 -------- d-----w- c:\documents and settings\change me\Application Data\iolo
2009-07-21 00:13 . 2009-07-21 00:01 -------- d-----w- c:\docume~1\CHANGE~1\APPLIC~1\iolo
2009-07-21 00:06 . 2009-07-21 00:06 -------- d-----w- c:\documents and settings\LocalService\Application Data\iolo
2009-07-21 00:02 . 2009-07-21 00:02 74703 ------w- c:\windows\system32\mfc45.dll
2009-07-20 20:59 . 2004-08-04 12:00 182656 -c----w- c:\windows\system32\drivers\ndis.sys
2009-07-20 18:20 . 2009-07-20 18:20 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Yahoo!
2009-07-20 18:20 . 2009-06-09 11:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-07-20 15:08 . 2009-07-20 15:06 30996544 ----a-w- c:\documents and settings\change me\Application Data\Systweak\ASO 2\UpdateASPnew.exe
2009-07-19 18:17 . 2009-07-19 18:17 -------- d-----w- c:\documents and settings\LocalService\Application Data\agi
2009-07-19 18:15 . 2009-07-19 18:15 339968 ------w- c:\windows\system32\pythoncom25.dll
2009-07-19 18:15 . 2009-07-19 18:15 114688 ------w- c:\windows\system32\pywintypes25.dll
2009-07-19 18:15 . 2009-07-19 18:15 2117632 ------w- c:\windows\system32\python25.dll
2009-07-17 19:23 . 2009-07-17 19:23 -------- d-----w- c:\documents and settings\change me\Application Data\Windows Live Writer
2009-07-17 19:23 . 2009-07-17 19:23 -------- d-----w- c:\docume~1\CHANGE~1\APPLIC~1\Windows Live Writer
2009-07-17 19:22 . 2009-06-09 18:40 -------- d-----w- c:\program files\Windows Live
2009-07-17 19:21 . 2009-07-17 19:21 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-07-17 19:01 . 2004-08-04 12:00 58880 ------w- c:\windows\system32\atl.dll
2009-07-17 17:58 . 2009-07-17 17:58 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2009-07-17 09:56 . 2009-06-12 00:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Trymedia
2009-07-16 13:17 . 2009-07-06 18:18 1474832 ------w- c:\windows\system32\drivers\sfi.dat
2009-07-14 14:41 . 2009-07-14 13:55 -------- d-----w- c:\program files\Microsoft SQL Server
2009-07-14 14:03 . 2009-07-14 14:03 -------- d-----w- c:\program files\MSXML 6.0
2009-07-14 13:53 . 2009-07-14 13:53 193824 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VBExpress\9.0\1033\ResourceCache.dll
2009-07-14 13:51 . 2009-07-14 13:51 416 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\MSDN\9.0\1033\ResourceCache.dll
2009-07-14 08:21 . 2009-07-14 08:21 -------- d-----w- c:\documents and settings\All Users\Application Data\SiteAdvisor
2009-07-13 22:43 . 2007-12-31 10:31 286208 ------w- c:\windows\system32\wmpdxm.dll
2009-07-13 13:22 . 2009-07-13 13:22 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe
2009-07-11 17:24 . 2009-06-09 11:36 -------- d-----w- c:\program files\Common Files\Motive
2009-07-09 10:37 . 2009-07-09 10:37 -------- d-----w- c:\program files\Microsoft SDKs
2009-07-08 14:48 . 2009-07-08 14:48 23600 ------w- c:\windows\system32\drivers\TVICHW32.SYS
2009-07-08 14:28 . 2009-07-08 14:28 -------- d-----w- c:\program files\Intel Corporation
2009-07-08 13:50 . 2009-07-08 13:50 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2009-07-08 13:50 . 2009-07-08 13:50 -------- d-----w- c:\program files\PC Drivers HeadQuarters
2009-07-06 03:40 . 2009-08-15 09:04 2838454 ----a-w- c:\documents and settings\All Users\Application Data\{C4C0E335-EDDF-46A0-A57D-F3802AE44275}\speedupmypc2009.exe
2009-07-06 03:40 . 2009-08-15 09:04 2838454 ----a-w- c:\documents and settings\All Users\Application Data\{C4C0E335-EDDF-46A0-A57D-F3802AE44275}(3)\speedupmypc2009.exe
2009-07-06 03:40 . 2009-08-15 09:04 2838454 ----a-w- c:\documents and settings\All Users\Application Data\{C4C0E335-EDDF-46A0-A57D-F3802AE44275}(2)\speedupmypc2009.exe
2009-07-04 08:19 . 2009-07-04 08:19 -------- d-----w- c:\documents and settings\All Users\Application Data\NeptunesAdve
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-08-05 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-25 2007832]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoFileAssociate"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-25 07:57 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"Search Protection"=c:\program files\Yahoo!\Search Protection\SearchProtection.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\lxddamon.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\App4R.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\lxddmon.exe"=
"c:\\Program Files\\BT Broadband Desktop Help\\btbb\\BTHelpBrowser.exe"=
"c:\\Program Files\\BT Broadband Desktop Help\\btbb\\BTHelpNotifier.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddtime.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddjswx.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"25766:TCP"= 25766:TCP:BitComet 25766 TCP
"25766:UDP"= 25766:UDP:BitComet 25766 UDP
"65535:TCP"= 65535:TCP:BitComet 65535 TCP
"65535:UDP"= 65535:UDP:BitComet 65535 UDP
"12863:TCP"= 12863:TCP:BitComet 12863 TCP
"12863:UDP"= 12863:UDP:BitComet 12863 UDP
"20422:TCP"= 20422:TCP:BitComet 20422 TCP
"20422:UDP"= 20422:UDP:BitComet 20422 UDP

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [8/25/2009 08:57 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [8/25/2009 08:57 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [8/5/2009 16:06 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [8/5/2009 16:06 74480]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [8/25/2009 08:56 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [8/25/2009 08:56 297752]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [7/17/2009 20:22 55152]
R2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?]
R3 CAM1690;USB 2.0 Compliance JPEG Video Camera;c:\windows\system32\drivers\cam1690.sys [4/10/2008 11:31 177280]
S2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxddserv.exe [6/23/2009 16:07 99248]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 19:19 13592]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [7/28/2009 15:17 16512]
S3 DIGIRPS;Digi PortServer Driver;c:\windows\system32\drivers\digirlpt.sys [8/10/2009 07:03 42432]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2/6/2009 18:08 533360]
S3 getPlusHelper;getPlus(R) Helper;c:\windows\System32\svchost.exe -k getPlusHelper [8/4/2004 13:00 14336]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [8/5/2009 16:06 7408]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [7/11/2008 01:28 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [3/30/2009 03:09 239336]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [3/30/2009 03:23 366936]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2009-09-01 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2009-08-29 15:09]

2009-08-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2025429265-436374069-725345543-1003Core.job
- c:\documents and settings\change me\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-10 07:33]

2009-09-01 c:\windows\Tasks\User_Feed_Synchronization-{C696E61C-6D6E-4E34-97DF-FF9D5594657B}.job
- c:\windows\system32\msfeedssync.exe [2007-12-31 03:31]
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{3b419ee1-1fa8-47b9-9aec-6b60ac2e3fca} - (no file)
Toolbar-Locked - (no file)
WebBrowser-{3B419EE1-1FA8-47B9-9AEC-6B60AC2E3FCA} - (no file)
SafeBoot-MCODS

.
------- Supplementary Scan -------
.
uStart Page = hxxp://home.bt.yahoo.com/
uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://uk.search.yahoo.com
LSP: c:\windows\system32\SecureNet.dll
Trusted Zone: motive.com\pbttbc.bt
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: {680285A8-96D3-43DA-9D3D-51DD987D0B77}
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-01 08:14
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8d,84,93,df,33,82,70,46,8e,9b,18,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8d,84,93,df,33,82,70,46,8e,9b,18,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1016)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(3444)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\a-squared Free\a2service.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\lxddcoms.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-09-01 8:17 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-01 07:17

Pre-Run: 94,239,412,224 bytes free
Post-Run: 102,049,869,824 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

633 --- E O F --- 2009-09-01 06:47

**Bio-Hazard** · 2009-09-01, 11:03

Use of P2P (Person to Person) file sharing programs

I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Vuze
DNA

Please read HERE the Safer Networking Forums policy on the use of P2P file sharing programs. Please remove it before we can continue any further. Post back when you have done it so we can continue the cleaning process.

NOTE: Even if you are using a safe P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

Download HijackThis

To get things going i need you to download HijackThis see the instructions below.

Click HERE to download HijackThis Installer
Save HijackThis Installer to your desktop.
Doubleclick on the HijackThis Installer icon on your desktop.
By default it will install to C:\Program Files\Trend Micro\HijackThis .
Click on Install.
It will create a HijackThis icon on the desktop.
Once installed it will launch Hijackthis.
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.

DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

**brian480** · 2009-09-01, 12:35

i have removed vuse but i dont know what dna is i can not find it in add or remove

**brian480** · 2009-09-01, 12:40

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:37:18, on 9/1/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxddcoms.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bt.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ie/...arch.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolb...lerControl.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {680285A8-96D3-43DA-9D3D-51DD987D0B77} -
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxddCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe
O23 - Service: lxdd_device - - C:\WINDOWS\system32\lxddcoms.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: Windows Defender (WinDefend) - Unknown owner - C:\Program Files\Windows Defender\MsMpEng.exe

--
End of file - 8461 bytes
could you please explain what dna is and how do i get rid of it thanks

**Bio-Hazard** · 2009-09-01, 13:45

Hello!

It is a P2P program like Vuze. I will remove it for you.

Run CFScript

Close any open browsers.
Open Notepad by click start
Click Run
Type notepad into the box and click enter
Notepad will open
Copy and Paste everything from the Code box into Notepad:

Code:

File::
C:\exefix.reg

Folder::
c:\program files\DNA
c:\documents and settings\Administrator\Application Data\DNA
c:\documents and settings\change me\Application Data\Azureus
c:\documents and settings\All Users\Application Data\Azureus
c:\docume~1\CHANGE~1\APPLIC~1\Azureus
c:\program files\Vuze
c:\program files\Exterminate It!
c:\documents and settings\change me\Application Data\Smart PC Solutions
c:\docume~1\CHANGE~1\APPLIC~1\Smart PC Solutions
c:\documents and settings\change me\Application Data\.ABC
c:\docume~1\CHANGE~1\APPLIC~1\.ABC

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Vuze\\Azureus.exe"=-
"c:\\Program Files\\DNA\\btdna.exe"=-

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"25766:TCP"=-
"25766:UDP"=-
"65535:TCP"=-
"65535:UDP"=-
"12863:TCP"=-
"12863:UDP"=-
"20422:TCP"=-
"20422:UDP"=-

DDS:
DPF: {680285A8-96D3-43DA-9D3D-51DD987D0B77}

Save this as CFScript.txt, in the same location as ComboFix.exe (on your desktop)
Refering to the picture below, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt

NOTE: Do not mouseclick combofix's window whilst it's running. That may cause it to stall it.

ATF-Cleaner

Please download ATF Cleaner by Atribune.

Save it to your desktop
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser
Click Firefox at the top and choose: Select All
Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords please click No at the prompt.
Click Exit on the Main menu to close the program.

Kaspersky Online Scan

You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Please go to Kaspersky website and perform an online antivirus scan.
Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
- Spyware, Adware, Dialers, and other potentially dangerous programs
- Archives
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply along with a fresh HijackThis log.

Logs/Information to Post in Next Reply

Please post the following logs/Information in your reply:

ComboFix log (found at C:\Combofix.txt)
Kaspersky Log
A fresh HijackThis Log ( after all the above has been done)
A description of how your computer is behaving

Thread: spybot wont start

Thread Tools

Display

spybot wont start

win32kdiag

here is as requested

Posting Permissions