# I have some sort of virus, im a newbie, and need some help :( it devastates me..



## Rocky123 (May 22, 2010)

Hello, I am a newbie to computers and virus removing. I don't exactly know what is going on, but here is what I have observed:

When i turn on my computer, it loads and everything. Then, when the "Welcome" screen has passed, it shows my desktop backround, but no icons, and a small window appears in the Top left of my screen saying "Setting up personalized settings for C:\\WINDOWS\systen32\install\server.exe Then after a while, the icons and everything appear.

I am running on a Windows XP system. (Windows as the operating system)

This program opens up mozzila Firefox and puts it to MAX on the computer usage, making it Lag. Then, tons of "Server.exe" 's come on the task manager. I close all the Server.exe 's and more keep coming, until it stops. Then, the Mozzila firefox drops down to 0-40 computer usage, at random, Usually staying at the lowest. If I try to end the process, this whole step repeats.

I've tried going into C:\\WINDOWS\systen32\install\server.exe and deleting the server.exe file, but it just comes back to the install folder. I've tried renaming it, and it comes back as another icon, once again. I've tried deleting the "Install" Folder, but it comes back with the icon. I've tried closing Mozzila Firefox at the same time when deleting the Server.exe file. Nothing worked.

I've tried Spybot, Symantec AntiVirus, SUPERAntiSpyware.
I've also looked at this post, when I used the SUPERAntiSpyware. ( http://forums.techguy.org/virus-other-malware-removal/631853-need-help-remove-adware-lop.html )

Spybot says I am clean, Symantec says that I have Adware.Lop, and on the other hand, SUPERAntiSpyware removed some Adware and Spyware, but not this.

The mozzila Firefox that is opened is seperate -- I can open another one, and it has completely different usage from the other one, and works fine.

I do not know where to look for computer specs, but I know my harddrive is only 37.2 GBs. If you could tell me where to look for Computer Specs so it could help you, I will.

Any ideas? It would be HIGHLY appreciated if i could get some help ASAP. Thanks.


----------



## Rocky123 (May 22, 2010)

Bump.
I really need help.
Constantly checking this thread.


----------



## Rocky123 (May 22, 2010)

I still need help. Please, when you can, if you can, help me


----------



## SweetTech (Jan 1, 1970)

My name is *SweetTech.* I would be glad to take a look at your log and help you with solving any malware problems. I'd be grateful if you would note the following:


Logs from malware removal programs (DDS is one of them) can take some time to analyze. I need you to be *patient* while I analyze any logs you post.
Please make sure to *carefully read* any instruction that I give you.
Reading too lightly will cause you to miss important steps, which could have *destructive* effects.
*If you're not sure, or if something unexpected happens, do NOT continue!* Stop and ask!
These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. It's important to note that these instructions are not suitable for any other computer, even if the issues are fairly similar.
*Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!*
If I instruct you to download a specific tool in which you already have, _please delete the copy that you have and re-download the tool._ The reason I ask you to do this is because these tools are updated fairly regularly.
Please do _*not use*_ the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this *together  
Because of this, you must reply within three days* failure to reply will result in the topic being *closed!*
*Please do not PM me directly for help.* If you have any questions, post them in this topic. *The only time you can and should PM me is when I have not been replying to you for several days (usually around 4 days)* and you need an explanation. If that's the case, just send me a message on here. 
Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system. 
_Don't worry_, this only happens in severe cases, but it sadly does happen. *Be prepared to back up your data. Have means of backing up your data available.*

____________________________________________________

*OTL Custom Scan*


Download *OTL* to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath *Output* at the top change it to *Minimal Output*.
Check the boxes beside *LOP Check* and *Purity Check*.
Under Custom Scan paste this in
*
netsvcs
%SYSTEMDRIVE%\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\drivers\*.sys /180
*​
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. *OTL.Txt* and *Extras.Txt*. These are saved in the same location as OTL.
Please copy *(Edit->Select All, Edit->Copy)* the contents of these files, one at a time, and post it with your next reply.
You may need two posts to fit them both in.


*NEXT:*

*Scanning with GMER*

Please download *GMER* from one of the following locations and save it to your desktop:

Main Mirror
_This version will download a randomly named file (Recommended)_
Zipped Mirror
_This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop._


Disconnect from the Internet and close all running programs.
Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
Double-click on the *randomly named* GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
_Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe._










GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. _(do not use the computer while the scan is in progress)_
If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click *NO*.
Now click the *Scan* button. If you see a rootkit warning window, click OK.
When the scan is finished, click the *Save...* button to save the scan results to your Desktop. Save the file as *gmer.log*.
Click the *Copy* button and paste the results into your next reply.
Exit GMER and be sure to *re-enable* your anti-virus, Firewall and any other security programs you had disabled.
_-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, *uncheck* Devices on the right side before scanning_.

*NEXT:*

*Please make sure you include the following items in your next post:*
*1.* Any comments or questions you may have that you'd like for me to answer in my next post to you.
*2.* The logs that were produced after running the OTL scans. _(OTL.txt & Extras.txt)_
*3.* The log that was produced after running GMER
*4.* An update on how your computer is currently running.​*It would be helpful if you could answer each question in the order asked, as well as numbering your answers.*


----------



## Rocky123 (May 22, 2010)

Hello,
I have done the first scan (OTL) and i have the results saved. That's all done, and good. (I will post it when everything is done.)
I have NOT yet done the second scan because I have an Antivirus which I do not know how to disable, even when looking at the article. It is called Symantec Antivirus, and when I go to the tray, right click it,
"Enable Auto-protect" is Checked. Do i have to disable that? Or is it something else?

Thanks in advance


----------



## SweetTech (Jan 1, 1970)

*NORTON ANTIVIRUS*
Please navigate to the system tray on the bottom right hand corner and look for a







sign.

right-click it -> chose "*Disable Auto-Protect*."
select a duration of 5 hours (this assures no interference with the cleanup of your pc)
click "*Ok*."
a popup will warn that protection will now be disabled and the sign will now look like this:








You successfully disabled the Norton Antivirus Guard.


----------



## Rocky123 (May 22, 2010)

Okay, i'm starting the other scan right now


----------



## SweetTech (Jan 1, 1970)

Okay.


----------



## Rocky123 (May 22, 2010)

1. After doing all these scans, it means my computer is clean of this virus? If it's not, is there another soulution?

2. OTL Extras logfile created on: 5/23/2010 12:08:37 PM - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Administrator\My Documents\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.00 Mb Total Physical Memory | 229.00 Mb Available Physical Memory | 45.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 48.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 20.26 Gb Free Space | 54.36% Space Free | Partition Type: NTFS
Unable to calculate disk information.
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: COMPAQ2
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNetisabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNetisabledxpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*isabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Starcraft\StarCraft.exe" = C:\Program Files\Starcraft\StarCraft.exe:*:Enabled:Starcraft -- (Blizzard Entertainment)
"C:\Documents and Settings\Administrator\Desktop\zsnesw142\zsnesw.exe" = C:\Documents and Settings\Administrator\Desktop\zsnesw142\zsnesw.exe:*:Enabled:zsnesw -- File not found
"C:\Documents and Settings\Administrator\Desktop\TopGearCrap\Top Gear 3000\zsnesw142\zsnesw.exe" = C:\Documents and Settings\Administrator\Desktop\TopGearCrap\Top Gear 3000\zsnesw142\zsnesw.exe:*:Enabled:zsnesw -- File not found
"C:\Documents and Settings\Administrator\Desktop\RISK2\RISKII.EXE" = C:\Documents and Settings\Administrator\Desktop\RISK2\RISKII.EXE:*:Enabled:Risk II -- File not found
"C:\WINDOWS\system32\dplaysvr.exe" = C:\WINDOWS\system32\dplaysvr.exe:*isabled:Microsoft DirectPlay Helper -- (Microsoft Corporation)
"C:\Program Files\NetBattle Supremacy\PokeBattle.exe" = C:\Program Files\NetBattle Supremacy\PokeBattle.exe:*isabledokémon NetBattle: Supremacy -- (Bayleef00)
"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.)
"C:\Program Files\StarCraft II Beta\StarCraft II.exe" = C:\Program Files\StarCraft II Beta\StarCraft II.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7248640_server.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7248640_server.exe:*:Enabled:Windows Messanger -- File not found
"C:\WINDOWS\system32\updater.exe" = C:\WINDOWS\system32\updater.exe:*:Enabled:Windows Messanger -- File not found
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\22257890_server.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\22257890_server.exe:*:Enabled:Windows Messanger -- File not found
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{49FC50FC-F965-40D9-89B4-CBFF80941033}" = Windows Movie Maker 2.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Professional
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype 4.1
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"HyperCam 2" = HyperCam 2
"Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9)
"PkHonor_0" = PkHonor
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.0.5
"WinLiveSuite_Wave3" = Windows Live Essentials

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/21/2010 4:34:48 PM | Computer Name = COMPAQ2 | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Risk: Adware.Lop in File: C:\System Volume Information\_restore{054A0E39-6D15-4590-9748-4FABF0963AE1}\RP828\A0068672.exe
by: Auto-Protect scan. Action: Reboot Required. Action Description: The file 
was quarantined successfully.

Error - 5/21/2010 7:57:28 PM | Computer Name = COMPAQ2 | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!Risk: Trojan.Gen in File: C:\System Volume Information\_restore{054A0E39-6D15-4590-9748-4FABF0963AE1}\RP769\A0063357.exe
by: Auto-Protect scan. Action: Quarantine succeeded. Action Description: The 
file was quarantined successfully.

Error - 5/21/2010 7:57:34 PM | Computer Name = COMPAQ2 | Source = Symantec AntiVirus | ID = 16711685
Description = Risk Found!Risk: Trojan.Gen in File: C:\System Volume Information\_restore{054A0E39-6D15-4590-9748-4FABF0963AE1}\RP769\A0063357.exe
by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.

Error - 5/21/2010 7:57:48 PM | Computer Name = COMPAQ2 | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Risk: Trojan.Gen in File: C:\System Volume Information\_restore{054A0E39-6D15-4590-9748-4FABF0963AE1}\RP769\A0063357.exe
by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.

Error - 5/21/2010 7:58:35 PM | Computer Name = COMPAQ2 | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!Risk: Trojan.Gen in File: C:\System Volume Information\_restore{054A0E39-6D15-4590-9748-4FABF0963AE1}\RP769\A0063358.exe
by: Auto-Protect scan. Action: Quarantine succeeded. Action Description: The 
file was quarantined successfully.

Error - 5/21/2010 7:58:35 PM | Computer Name = COMPAQ2 | Source = Symantec AntiVirus | ID = 16711685
Description = Risk Found!Risk: Trojan.Gen in File: C:\System Volume Information\_restore{054A0E39-6D15-4590-9748-4FABF0963AE1}\RP769\A0063358.exe
by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.

Error - 5/21/2010 7:58:47 PM | Computer Name = COMPAQ2 | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Risk: Trojan.Gen in File: C:\System Volume Information\_restore{054A0E39-6D15-4590-9748-4FABF0963AE1}\RP769\A0063358.exe
by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.

Error - 5/21/2010 9:12:19 PM | Computer Name = COMPAQ2 | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!Risk: Adware.Lop in File: Unavailable by: Invalid
: (15) scan. Action: Delete failed. Action Description: The file was left unchanged.

Error - 5/21/2010 9:12:32 PM | Computer Name = COMPAQ2 | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Risk: Adware.Lop in File: Unavailable by: Invalid
: (15) scan. Action: Delete failed : Leave Alone failed. Action Description:

Error - 5/21/2010 9:48:49 PM | Computer Name = COMPAQ2 | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.1.3726, faulting module
unknown, version 0.0.0.0, fault address 0x24017bde.

[ Application Events ]
Error - 5/21/2010 4:34:48 PM | Computer Name = COMPAQ2 | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Risk: Adware.Lop in File: C:\System Volume Information\_restore{054A0E39-6D15-4590-9748-4FABF0963AE1}\RP828\A0068672.exe
by: Auto-Protect scan. Action: Reboot Required. Action Description: The file 
was quarantined successfully.

Error - 5/21/2010 7:57:28 PM | Computer Name = COMPAQ2 | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!Risk: Trojan.Gen in File: C:\System Volume Information\_restore{054A0E39-6D15-4590-9748-4FABF0963AE1}\RP769\A0063357.exe
by: Auto-Protect scan. Action: Quarantine succeeded. Action Description: The 
file was quarantined successfully.

Error - 5/21/2010 7:57:34 PM | Computer Name = COMPAQ2 | Source = Symantec AntiVirus | ID = 16711685
Description = Risk Found!Risk: Trojan.Gen in File: C:\System Volume Information\_restore{054A0E39-6D15-4590-9748-4FABF0963AE1}\RP769\A0063357.exe
by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.

Error - 5/21/2010 7:57:48 PM | Computer Name = COMPAQ2 | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Risk: Trojan.Gen in File: C:\System Volume Information\_restore{054A0E39-6D15-4590-9748-4FABF0963AE1}\RP769\A0063357.exe
by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.

Error - 5/21/2010 7:58:35 PM | Computer Name = COMPAQ2 | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!Risk: Trojan.Gen in File: C:\System Volume Information\_restore{054A0E39-6D15-4590-9748-4FABF0963AE1}\RP769\A0063358.exe
by: Auto-Protect scan. Action: Quarantine succeeded. Action Description: The 
file was quarantined successfully.

Error - 5/21/2010 7:58:35 PM | Computer Name = COMPAQ2 | Source = Symantec AntiVirus | ID = 16711685
Description = Risk Found!Risk: Trojan.Gen in File: C:\System Volume Information\_restore{054A0E39-6D15-4590-9748-4FABF0963AE1}\RP769\A0063358.exe
by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.

Error - 5/21/2010 7:58:47 PM | Computer Name = COMPAQ2 | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Risk: Trojan.Gen in File: C:\System Volume Information\_restore{054A0E39-6D15-4590-9748-4FABF0963AE1}\RP769\A0063358.exe
by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.

Error - 5/21/2010 9:12:19 PM | Computer Name = COMPAQ2 | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!Risk: Adware.Lop in File: Unavailable by: Invalid
: (15) scan. Action: Delete failed. Action Description: The file was left unchanged.

Error - 5/21/2010 9:12:32 PM | Computer Name = COMPAQ2 | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Risk: Adware.Lop in File: Unavailable by: Invalid
: (15) scan. Action: Delete failed : Leave Alone failed. Action Description:

Error - 5/21/2010 9:48:49 PM | Computer Name = COMPAQ2 | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.1.3726, faulting module
unknown, version 0.0.0.0, fault address 0x24017bde.

[ System Events ]
Error - 5/21/2010 2:39:02 PM | Computer Name = COMPAQ2 | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC80.MFC. Reference error
message: The referenced assembly is not installed on your system. .

Error - 5/21/2010 2:39:02 PM | Computer Name = COMPAQ2 | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\Program Files\Logitech\SetPoint\SetPoint.exe.
Reference
error message: The operation completed successfully. .

Error - 5/21/2010 2:39:15 PM | Computer Name = COMPAQ2 | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 5/21/2010 2:42:16 PM | Computer Name = COMPAQ2 | Source = Service Control Manager | ID = 7024
Description = The Symantec SPBBCSvc service terminated with service-specific error
4294967295 (0xFFFFFFFF).

Error - 5/21/2010 9:08:45 PM | Computer Name = COMPAQ2 | Source = Service Control Manager | ID = 7024
Description = The Symantec SPBBCSvc service terminated with service-specific error
4294967295 (0xFFFFFFFF).

Error - 5/21/2010 9:08:51 PM | Computer Name = COMPAQ2 | Source = Service Control Manager | ID = 7024
Description = The Symantec SPBBCSvc service terminated with service-specific error
4294967295 (0xFFFFFFFF).

Error - 5/21/2010 9:10:45 PM | Computer Name = COMPAQ2 | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC80.MFC could not be found and Last 
Error was The referenced assembly is not installed on your system.

Error - 5/21/2010 9:10:45 PM | Computer Name = COMPAQ2 | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC80.MFC. Reference error
message: The referenced assembly is not installed on your system. .

Error - 5/21/2010 9:10:45 PM | Computer Name = COMPAQ2 | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\Program Files\Logitech\SetPoint\SetPoint.exe.
Reference
error message: The operation completed successfully. .

Error - 5/21/2010 9:10:53 PM | Computer Name = COMPAQ2 | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

< End of report >

OTL logfile created on: 5/23/2010 12:08:37 PM - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Administrator\My Documents\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.00 Mb Total Physical Memory | 229.00 Mb Available Physical Memory | 45.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 48.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 20.26 Gb Free Space | 54.36% Space Free | Partition Type: NTFS
Unable to calculate disk information.
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: COMPAQ2
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Administrator\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\ICCup\Launcher\Launcher.exe (ICCup)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Administrator\My Documents\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (SavRoam) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe (symantec)
SRV - (Symantec AntiVirus) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
SRV - (DefWatch) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE (Symantec Corporation)
SRV - (SNDSrvc) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Symantec Corporation)
SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
SRV - (SPBBCSvc) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation)
SRV - (SoundMAX Agent Service (default)) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)

========== Driver Services (SafeList) ==========

DRV - (NAVEX15) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100521.002\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100521.002\NAVENG.SYS (Symantec Corporation)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (LMouKE) -- C:\WINDOWS\system32\drivers\LMouKE.Sys (Logitech Inc.)
DRV - (LMouFilt) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (L8042mou) -- C:\WINDOWS\system32\drivers\L8042mou.Sys (Logitech Inc.)
DRV - (L8042Kbd) -- C:\WINDOWS\system32\drivers\L8042Kbd.sys (Logitech Inc.)
DRV - (SymEvent) -- C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Corporation)
DRV - (SAVRT) -- C:\Program Files\Symantec AntiVirus\savrt.sys (Symantec Corporation)
DRV - (SAVRTPEL) -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys (Symantec Corporation)
DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMREDRV) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (WUSB54GPV4SRV) -- C:\WINDOWS\system32\drivers\rt2500usb.sys (Ralink Technology Inc.)
DRV - (GTNDIS5) -- C:\WINDOWS\system32\GTNDIS5.sys (Printing Communications Assoc., Inc. (PCAUSA))

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/02 01:42:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/21 09:56:38 | 000,000,000 | ---D | M]

[2008/12/18 19:39:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2010/05/22 21:19:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7827xye5.default\extensions
[2008/07/16 16:32:31 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7827xye5.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/02/06 16:20:06 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7827xye5.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/12/11 21:38:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7827xye5.default\extensions\[email protected]
[2008/07/17 21:45:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7827xye5.default\extensions\[email protected]
[2010/05/23 11:30:23 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/13 17:37:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/05/13 17:36:35 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2004/08/04 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe (adi)
O4 - HKLM..\Run: [HKLM] C:\WINDOWS\system32\install\server.exe (N6k12H)
O4 - HKLM..\Run: [java] C:\WINDOWS\Iry0k.exe File not found
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKCU..\Run: [HKCU] C:\WINDOWS\system32\install\server.exe (N6k12H)
O4 - HKCU..\Run: [java] C:\WINDOWS\Iry0k.exe File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\WINDOWS\system32\install\server.exe (N6k12H)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\WINDOWS\system32\install\server.exe (N6k12H)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/06/03 14:14:54 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2007/06/03 14:14:18 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (54338281256517632)

========== Files/Folders - Created Within 30 Days ==========

[2010/05/21 18:43:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/05/21 18:42:44 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/05/21 18:42:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
[2010/05/21 11:10:35 | 000,000,000 | ---D | C] -- C:\04cf981f6e2a4c5ebf9dcab746
[2010/05/20 20:45:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Foldah Chaos Loncah
[2010/05/15 11:44:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Downloads
[2010/05/14 20:30:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\vlc
[2010/05/13 21:11:38 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2010/05/13 17:47:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/05/13 17:36:59 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/05/13 17:36:59 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/05/13 17:36:59 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/05/13 17:36:59 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/05/13 07:25:30 | 000,000,000 | ---D | C] -- C:\61ec5e43d0f984e8aa54
[2010/05/09 01:02:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\apocalyptism.org
[2010/05/08 21:03:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Universal Rs v1
[2010/05/06 21:06:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\New Video content
[2010/05/02 21:51:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\My Games
[2010/05/02 21:48:21 | 035,450,316 | ---- | C] (PkHonor) -- C:\Documents and Settings\Administrator\Desktop\Install_PkHonor.exe
[2010/05/01 10:35:23 | 049,029,080 | ---- | C] (Near Reality ) -- C:\Documents and Settings\Administrator\Desktop\Nr82ClientSetup.exe
[2010/05/01 01:13:54 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Desktop\Files
[2010/04/29 18:08:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Everything that doesnt Fit anywhere else
[2010/04/29 18:06:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Picutres, Music
[2010/04/29 17:00:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\.pc_store_32
[43 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/23 12:04:34 | 000,000,075 | ---- | M] () -- C:\Documents and Settings\Administrator\jagex_runescape_preferences2.dat
[2010/05/23 12:04:15 | 002,690,489 | -H-- | M] () -- C:\Documents and Settings\Administrator\Application Data\logs.dat
[2010/05/23 12:02:13 | 000,000,069 | ---- | M] () -- C:\Documents and Settings\Administrator\jagex_runescape_preferences.dat
[2010/05/23 04:10:08 | 006,324,464 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\ASDFSDAASSSSASD.wmv
[2010/05/23 04:00:03 | 000,022,528 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/23 03:38:18 | 000,043,905 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\mariokartwii12peopletooomany.jpg
[2010/05/23 03:32:22 | 000,143,670 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\loul.bmp
[2010/05/23 03:23:28 | 000,012,363 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\chicago_dark.jpg
[2010/05/23 03:14:53 | 000,049,238 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\KIRA-1.jpg
[2010/05/23 03:03:36 | 004,456,448 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010/05/22 22:46:52 | 000,252,274 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\FlashFace.png
[2010/05/22 12:31:41 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/05/21 21:08:46 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/21 21:06:56 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/21 21:06:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/21 21:05:07 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/05/21 21:04:42 | 004,231,220 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2010/05/21 18:42:56 | 000,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Professional.lnk
[2010/05/21 15:52:56 | 000,016,251 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\kuhzam.gif
[2010/05/21 00:04:23 | 000,027,540 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\k.jpg
[2010/05/18 22:54:34 | 000,000,507 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\RSBot Accounts.ini
[2010/05/17 20:56:59 | 000,089,286 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\jaedong.jpg
[2010/05/17 08:36:10 | 000,000,123 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\WorldWideMinerSettings.ini
[2010/05/16 21:00:48 | 001,607,094 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\i tried.bmp
[2010/05/14 08:34:57 | 001,340,171 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\RSBot-117.jar
[2010/05/13 21:13:21 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2010/05/13 17:36:33 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/05/13 17:36:33 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/05/13 17:36:32 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/05/13 17:36:32 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/05/13 17:36:32 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/05/09 01:52:54 | 000,000,006 | ---- | M] () -- C:\Documents and Settings\Administrator\APOCALYPTISM_SETTINGS.dat
[2010/05/09 01:45:05 | 000,004,510 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\mq835.png
[2010/05/07 21:18:54 | 000,494,896 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\LOLRS.gif
[2010/05/07 18:32:40 | 001,350,287 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\RSBot.jar
[2010/05/06 21:42:15 | 001,555,254 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Kylebo.bmp
[2010/05/02 21:52:30 | 000,001,766 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PkHonor.lnk
[2010/05/02 21:49:47 | 035,450,316 | ---- | M] (PkHonor) -- C:\Documents and Settings\Administrator\Desktop\Install_PkHonor.exe
[2010/05/01 11:18:13 | 075,054,610 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\562.exe
[2010/05/01 10:41:51 | 049,029,080 | ---- | M] (Near Reality ) -- C:\Documents and Settings\Administrator\Desktop\Nr82ClientSetup.exe
[43 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/23 04:04:52 | 006,324,464 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\ASDFSDAASSSSASD.wmv
[2010/05/23 03:36:39 | 000,043,905 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\mariokartwii12peopletooomany.jpg
[2010/05/23 03:32:22 | 000,143,670 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\loul.bmp
[2010/05/23 03:23:19 | 000,012,363 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\chicago_dark.jpg
[2010/05/23 03:08:17 | 000,049,238 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\KIRA-1.jpg
[2010/05/22 22:46:46 | 000,252,274 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\FlashFace.png
[2010/05/21 18:42:56 | 000,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Professional.lnk
[2010/05/21 15:52:47 | 000,016,251 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\kuhzam.gif
[2010/05/21 00:04:16 | 000,027,540 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\k.jpg
[2010/05/17 20:56:51 | 000,089,286 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\jaedong.jpg
[2010/05/16 21:00:47 | 001,607,094 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\i tried.bmp
[2010/05/16 20:40:40 | 000,000,123 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\WorldWideMinerSettings.ini
[2010/05/13 21:13:19 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2010/05/13 17:16:48 | 001,340,171 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\RSBot-117.jar
[2010/05/09 01:45:05 | 000,004,510 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\mq835.png
[2010/05/09 01:02:35 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\Administrator\APOCALYPTISM_SETTINGS.dat
[2010/05/07 21:18:47 | 000,494,896 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\LOLRS.gif
[2010/05/07 18:32:32 | 001,350,287 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\RSBot.jar
[2010/05/06 21:42:07 | 001,555,254 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Kylebo.bmp
[2010/05/02 21:52:30 | 000,001,766 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PkHonor.lnk
[2010/05/01 11:10:46 | 075,054,610 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\562.exe
[2010/05/01 01:14:29 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Play SilentX PVP.bat
[2010/02/25 19:28:40 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2007/12/15 19:01:40 | 000,715,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2007/07/02 21:41:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2007/06/03 15:38:04 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2007/06/03 15:24:03 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2005/09/01 00:49:54 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\NBAsm.dll
[2004/10/07 11:50:50 | 000,072,704 | ---- | C] () -- C:\WINDOWS\System32\nbzlib.dll
[2001/06/21 13:13:48 | 000,081,332 | ---- | C] () -- C:\WINDOWS\System32\bass.dll

========== LOP Check ==========

[2010/02/15 16:43:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\1
[2008/05/03 14:59:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DAEMON Tools
[2010/02/15 22:58:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Leadertech
[2010/03/08 17:14:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Toolbar4
[2010/04/18 22:28:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\uTorrent
[2010/03/08 16:46:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2007/06/03 14:14:54 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2008/05/31 15:00:42 | 001,072,113 | ---- | M] () -- C:\blood_file_store_32.zip
[2008/05/03 15:04:05 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2007/06/03 14:14:54 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2007/06/03 14:14:54 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/05/03 14:50:09 | 000,000,125 | ---- | M] () -- C:\ioSpecial.ini
[2008/11/05 17:51:30 | 000,008,435 | ---- | M] () -- C:\kevy
[2008/11/07 19:08:47 | 000,008,435 | ---- | M] () -- C:\kevy.jar
[2008/11/05 17:40:25 | 000,007,168 | ---- | M] () -- C:\mitb.exe
[2007/06/03 14:14:54 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/07/16 12:49:19 | 000,274,047 | ---- | M] () -- C:\nettemp.zst
[2004/08/04 08:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2004/08/04 08:00:00 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2010/05/21 21:06:32 | 792,723,456 | -HS- | M] () -- C:\pagefile.sys
[2008/11/07 19:09:40 | 000,008,435 | ---- | M] () -- C:\prefetch.jar
[2008/11/02 14:18:31 | 000,000,214 | ---- | M] () -- C:\rominfo.txt

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2007/06/03 09:49:39 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2007/06/03 09:49:39 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2007/06/03 09:49:39 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /180 >
[2010/02/24 08:31:30 | 000,454,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxsmb.sys
[2009/12/31 12:14:12 | 000,352,640 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\srv.sys
[2010/02/11 08:01:43 | 000,226,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tcpip6.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0A8E2C33
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:79C33200
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7FB468B7
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:12DCF8FC
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A3E39C6A
< End of report >

3.
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-23 15:01:06
Windows 5.1.2600 Service Pack 2
Running: w24fj07x.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\uxddqpoc.sys

---- System - GMER 1.0.15 ----

SSDT 82ECCBE8 ZwConnectPort
SSDT spqo.sys ZwCreateKey [0xF84A30E0]
SSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xEFD59350]
SSDT spqo.sys ZwEnumerateKey [0xF84C0CA2]
SSDT spqo.sys ZwEnumerateValueKey [0xF84C1030]
SSDT spqo.sys ZwOpenKey [0xF84A30C0]
SSDT spqo.sys ZwQueryKey [0xF84C1108]
SSDT spqo.sys ZwQueryValueKey [0xF84C0F88]
SSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xEFD59580]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xEF9AD950]

INT 0x62 ? 82F8BBF8
INT 0x63 ? 82E85BF8
INT 0x82 ? 82F8BBF8
INT 0xB4 ? 82E85BF8

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + C8 804E2734 4 Bytes CALL 86D11404 
? spqo.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload F81A362C 5 Bytes JMP 82E851D8

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint]  82F902D8
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F84C96D0] spqo.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F84CD708] spqo.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F84A4046] spqo.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F84A4142] spqo.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F84A40C4] spqo.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F84A47CE] spqo.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F84A46A4] spqo.sys
IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 82E852D8
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F84AFD7A] spqo.sys

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 82F891F8

AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)

Device \FileSystem\Fastfat \FatCdrom 82CC11F8

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\usbuhci \Device\USBPDO-0 82E841F8
Device \Driver\usbuhci \Device\USBPDO-1 82E841F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 82F8C1F8
Device \Driver\dmio \Device\DmControl\DmConfig 82F8C1F8
Device \Driver\dmio \Device\DmControl\DmPnP 82F8C1F8
Device \Driver\dmio \Device\DmControl\DmInfo 82F8C1F8
Device \Driver\usbehci \Device\USBPDO-2 82E2D1F8

AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\Ftdisk \Device\HarddiskVolume1 82F8D1F8
Device \Driver\Cdrom \Device\CdRom0 82E631F8
Device \Driver\atapi \Device\Ide\IdePort0 82F8B1F8
Device \Driver\atapi \Device\Ide\IdePort1 82F8B1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-e 82F8B1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-6 82F8B1F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 82DF4500
Device \Driver\NetBT \Device\NetbiosSmb 82DF4500

AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\usbuhci \Device\USBFDO-0 82E841F8
Device \Driver\usbuhci \Device\USBFDO-1 82E841F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 82E1E500
Device \Driver\usbehci \Device\USBFDO-2 82E2D1F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 82E1E500
Device \Driver\Ftdisk \Device\FtControl 82F8D1F8
Device \FileSystem\Fastfat \Fat 82CC11F8

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)

Device \FileSystem\Cdfs \Cdfs 82DE91F8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) 
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\[email protected] 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\[email protected] 0xC8 0x33 0x84 0x5D ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) 
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected] 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected] 0xC8 0x33 0x84 0x5D ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) 
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\[email protected] 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\[email protected] 0xC8 0x33 0x84 0x5D ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) 
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\[email protected] 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\[email protected]  0xC8 0x33 0x84 0x5D ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) 
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\[email protected] 0
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\[email protected] 0xC8 0x33 0x84 0x5D ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) 
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\[email protected] 0
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\[email protected] 0xC8 0x33 0x84 0x5D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0xC8 0x33 0x84 0x5D ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) 
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\[email protected] 0
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\[email protected] 0xC8 0x33 0x84 0x5D ...

---- EOF - GMER 1.0.15 ----

4. I havent gotten the chance to restart my computer etc, but when i do, ill let you know.. I just have to go pretty much right now. Thanks for all you're help, and i'll PM you with computer status when i have a chance to reboot it. Thank you soo much once again,


----------



## SweetTech (Jan 1, 1970)

Hello,

We still have some work to complete.

*Disable SpyBot TeaTimer*
*We need to disable Spybot S&D's "TeaTimer"*
TeaTimer works by preventing _*ANY*_ changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.

In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can reenable it when we're done if you like.


Open SpyBot Search and Destroy by going to *Start* -> *All Programs* -> *Spybot Search and Destroy* -> *Spybot Search and Destroy*.
If prompted with a legal dialog, accept the warning.
Click







and then on "Advanced Mode"








You may be presented with a warning dialog. If so, press








Click on








Click on








Uncheck this checkbox:








Close/Exit Spybot Search and Destroy

*NEXT:*

*Please Set Your System to Show Hidden Files*


Go to Start -> My Computer (Or click the My Computer icon on your desktop)
Go to the Tools Menu -> Folder Options.
Select the "View" tab.
Where you see







, click the







radio button.
Uncheck "Hide extensions for known file types"
Uncheck "Hide protected operating system files"
Click Ok.
Exit/Close My Computer.

*NEXT:*

*VirusTotal File Scan*
Please go to: *VirusTotal*












Click the *Browse* button and search for the following file: *C:\WINDOWS\system32\install\server.exe*
Click *Open*
Then click *Send File*
Please be patient while the file is scanned.
Once the scan results appear, please provide them in your next reply.

If it says already scanned -- click "reanalyze now"

Please post the results in your next reply

*NEXT:*

*OTL Fix*

*We need to run an OTL Fix*


Please reopen







on your desktop.
*Copy* and *Paste* the following code into the







textbox. Do not include the word "*Code*"


```
:Services
:OTL
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O4 - HKLM..\Run: [HKLM] C:\WINDOWS\system32\install\server.exe (N6k12H)
O4 - HKLM..\Run: [java] C:\WINDOWS\Iry0k.exe File not found
O4 - HKCU..\Run: [HKCU] C:\WINDOWS\system32\install\server.exe (N6k12H)
O4 - HKCU..\Run: [java] C:\WINDOWS\Iry0k.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\WINDOWS\system32\install\server.exe (N6k12H)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\WINDOWS\system32\install\server.exe (N6k12H)
[43 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2010/05/01 11:18:13 | 075,054,610 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\562.exe
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0A8E2C33
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:79C33200
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7FB468B7
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:12DCF8FC
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A3E39C6A
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[start explorer]
[Reboot]
```

*Push*








*OTL may ask to reboot the machine. Please do so if asked.*
*Click*







.
A report will open. *Copy* and *Paste* that report in your next reply.
If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

*NEXT:*

*Running ComboFix*
Download *ComboFix* from one of the following locations:
*Link 1* 
*Link 2 *

*VERY IMPORTANT !!!* Save ComboFix.exe to your *Desktop *

* IMPORTANT - *Disable your Anti-Virus and Anti-Spyware applications*, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here 


Double click on *ComboFix.exe* & follow the prompts.

As part of it's process, *ComboFix will check to see if the Microsoft Windows Recovery Console* is installed. With malware infections being as they are today, it's *strongly recommended *to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.


Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.











Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:











*Click on Yes*, to continue scanning for malware.

When finished, it shall produce a log for you.* Please include the C:\ComboFix.txt in your next reply.*
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

*Please make sure you include the ComboFix log in your next reply as well as describe how your computer is running now*

*NEXT:*

*Please make sure you include the following items in your next post:*
*1.* Any comments or questions you may have that you'd like for me to answer in my next post to you.
*2.* The results of the VirusTotal scan.
*3.* The log that is produced after running the OTL fix.
*4.* The log that is produced after running the ComboFix scan.
*5.* An update on how your computer is currently running.​*It would be helpful if you could answer each question in the order asked, as well as numbering your answers.*

Cheers,
SweetTech.


----------



## Rocky123 (May 22, 2010)

Hello again,
Very nice of you to report back to me almost ASAP. I do not have the time tonight to run all these scans, but i can do everything tommorow, and if needed, the day after. I will report back to you as soon as possible
Thank you very much, once again


----------



## SweetTech (Jan 1, 1970)

Okay.


----------



## Rocky123 (May 22, 2010)

Hello! 
I have done The VirusTotal Scan, and the OTL Fix.
OTL asked to reboot my computer, which i did. I forgot to save the results for VirusTotal scan, and accidentily closed the OTL Fix scan results..but, after rebooting after OTL Fix, C:\\WINDOWS\systen32\install\server.exe does not appear, and the desktop icons just come immediately. It also turns on smoothly.
Server.exe does not appear anymore in the Install folder, and nor does the mozzila firefox or anything else appear. Do i still need to run the other scans? I think I'm clean.
I'll post results of the OTL Fix in next post.

Thank you sincerely, I cannot show my gratitude... you are so kind, and accurate, you should keep doing what you are doing because you know your job. Thanks 
Sincerely,
Kyle

P.S your awesome.


----------



## SweetTech (Jan 1, 1970)

Hello,

Yes please proceed with the other scans. You could still have stuff hiding on your computer.


----------



## Rocky123 (May 22, 2010)

ok


----------



## Rocky123 (May 22, 2010)

I just opened ComboFix, and accepted the disclamer agreement. Then it says something about CD emulation drives, and it needs to currently disable them. Is that Ok?


----------



## SweetTech (Jan 1, 1970)

Yes it is.


----------



## Rocky123 (May 22, 2010)

-SORRY IF DOUBLE POST
I just ran Combofix and accepted the liscense agreement. However, a window comes open after that, and it says that it needs to temporarily disable CD emulation drivers because they are currently running on my computer.
Is that ok?
Thanks in advance


----------



## SweetTech (Jan 1, 1970)

Yes, it is okay.


----------



## Rocky123 (May 22, 2010)

1. Is there anything else i need to do?

2.Accidentily deleted..
3.Accidentily deleted..
4.ComboFix 10-05-24.07 - Administrator 05/25/2010 16:59:03.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.503.88 [GMT -4:00]
Running from: c:\documents and settings\Administrator\My Documents\Downloads\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\Application Data\1
c:\documents and settings\Administrator\Application Data\1\AcroRd31199991439494.32.c.ico
c:\documents and settings\Administrator\Application Data\1\EXCEL1166470672330.32.c.ico
c:\documents and settings\Administrator\Application Data\1\iexplor1166535360057.32.c.ico
c:\documents and settings\Administrator\Application Data\1\iexplor1181920610091.32.c.ico
c:\documents and settings\Administrator\Application Data\1\wm1254248564104.32.c.ico
c:\documents and settings\Administrator\Application Data\logs.dat
c:\documents and settings\Administrator\Application Data\SQLite3.dll
c:\windows\system32\data.dat

.
((((((((((((((((((((((((( Files Created from 2010-04-25 to 2010-05-25 )))))))))))))))))))))))))))))))
.

2010-05-25 19:58 . 2010-05-25 19:58 -------- d-----w- C:\_OTL
2010-05-21 22:43 . 2010-05-21 22:46 63488 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-05-21 22:43 . 2010-05-21 22:43 52224 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-05-21 22:43 . 2010-05-21 22:45 117760 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-05-21 22:43 . 2010-05-21 22:43 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-05-21 22:42 . 2010-05-21 22:42 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-05-21 22:42 . 2010-05-21 22:42 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2010-05-21 15:10 . 2010-05-21 15:10 -------- d-----w- C:\04cf981f6e2a4c5ebf9dcab746
2010-05-15 00:30 . 2010-05-24 05:37 -------- d-----w- c:\documents and settings\Administrator\Application Data\vlc
2010-05-14 01:11 . 2010-05-14 01:11 -------- d-----w- c:\program files\VideoLAN
2010-05-13 21:47 . 2010-05-13 21:47 61440 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-169da91f-n\decora-sse.dll
2010-05-13 21:47 . 2010-05-13 21:47 503808 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3e73eb80-n\msvcp71.dll
2010-05-13 21:47 . 2010-05-13 21:47 499712 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3e73eb80-n\jmc.dll
2010-05-13 21:47 . 2010-05-13 21:47 348160 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3e73eb80-n\msvcr71.dll
2010-05-13 21:47 . 2010-05-13 21:47 12800 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-169da91f-n\decora-d3d.dll
2010-05-13 21:36 . 2010-05-13 21:36 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-13 11:25 . 2010-05-13 11:25 -------- d-----w- C:\61ec5e43d0f984e8aa54
2010-05-09 05:02 . 2010-05-09 05:52 6 ----a-w- c:\documents and settings\Administrator\APOCALYPTISM_SETTINGS.dat
2010-05-09 05:02 . 2010-05-09 05:11 -------- d-----w- c:\documents and settings\Administrator\apocalyptism.org
2010-04-29 21:00 . 2010-04-29 21:10 -------- d-----w- c:\documents and settings\Administrator\.pc_store_32

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-25 20:53 . 2007-06-03 21:07 -------- d-----w- c:\program files\Symantec AntiVirus
2010-05-25 20:45 . 2007-12-24 03:21 -------- d-----w- c:\documents and settings\Administrator\Application Data\Skype
2010-05-25 20:33 . 2009-09-02 15:04 81 ----a-w- c:\documents and settings\Administrator\jagex_runescape_preferences2.dat
2010-05-25 20:30 . 2008-07-01 23:33 69 ----a-w- c:\documents and settings\Administrator\jagex_runescape_preferences.dat
2010-05-25 20:04 . 2007-12-24 03:22 -------- d-----w- c:\documents and settings\Administrator\Application Data\skypePM
2010-05-25 00:57 . 2007-12-15 23:14 -------- d-----w- c:\program files\Starcraft
2010-05-21 22:41 . 2010-02-15 20:42 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-05-13 21:47 . 2007-06-03 21:34 -------- d-----w- c:\program files\Common Files\Java
2010-05-13 21:36 . 2007-06-03 21:35 -------- d-----w- c:\program files\Java
2010-05-08 00:34 . 2010-02-25 23:54 -------- d-----w- c:\documents and settings\Administrator\Application Data\Ventrilo
2010-04-20 16:40 . 2009-04-25 13:21 -------- d-----w- c:\program files\NetBattle Supremacy
2010-04-19 02:28 . 2010-04-02 19:42 -------- d-----w- c:\documents and settings\Administrator\Application Data\uTorrent
2010-04-11 03:07 . 2010-03-01 20:24 -------- d-----w- c:\program files\StarCraft II Beta
2010-04-06 02:43 . 2010-04-06 02:43 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-04-04 21:16 . 2007-06-03 18:28 12912 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-04 21:16 . 2010-04-04 21:16 -------- d-----w- c:\program files\Microsoft
2010-04-04 21:16 . 2010-04-04 21:15 -------- d-----w- c:\program files\Windows Live
2010-04-04 21:15 . 2010-04-04 21:15 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-04-04 21:12 . 2010-04-04 21:12 -------- d-----w- c:\program files\Common Files\Windows Live
2010-04-02 19:43 . 2010-04-02 19:43 -------- d-----w- c:\program files\uTorrent
2010-03-27 12:28 . 2010-03-27 12:28 0 ----a-w- c:\documents and settings\Administrator\jagex__preferences3.dat
2010-03-11 12:38 . 2004-08-04 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:38 . 2004-08-04 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:38 . 2004-08-04 12:00 17408 ------w- c:\windows\system32\corpol.dll
2010-03-09 11:09 . 2004-08-04 12:00 430080 ----a-w- c:\windows\system32\vbscript.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2009-10-09 25623336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DrvLsnr"="c:\program files\Analog Devices\SoundMAX\DrvLsnr.exe" [2003-05-08 69632]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-21 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-21 126976]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 52896]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-09-28 125168]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 56080]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 56080]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-2-15 692224]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2007-05-11 07:06 40048 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Starcraft\\StarCraft.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\NetBattle Supremacy\\PokeBattle.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\StarCraft II Beta\\StarCraft II.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/6/2010 5:10 PM 68168]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/12/2010 9:04 PM 102448]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12/15/2007 7:01 PM 715248]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [9/27/2006 8:33 PM 116464]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
mStart Page = hxxp://www.yahoo.com
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7827xye5.default\
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
- - - - ORPHANS REMOVED - - - -

ActiveSetup-{3AW626HY-6M72-7WE0-7028-XT5B18VHK8JA} - c:\windows\system32\install\server.exe
ActiveSetup-{DCCD0BE2-C39F-567A-C1AF-0BC7C4C5F3FD} - c:\windows\system32\updater.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-25 17:05
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(640)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
.
Completion time: 2010-05-25 17:09:03
ComboFix-quarantined-files.txt 2010-05-25 21:08

Pre-Run: 22,328,238,080 bytes free
Post-Run: 22,293,811,200 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

Current=7 Default=7 Failed=6 LastKnownGood=8 Sets=1,2,3,4,5,6,7,8
- - End Of File - - C55480A2F358A2775B59FF66A6396F5B

5. My computer is running smoothly, and the virus seems to be gone. It is running faster than before, and the hassle is gone.

My regards :
Thank you sincerely, I cannot show my gratitude... you are so kind, and accurate, you should keep doing what you are doing because you know what you are doing Thanks 
Sincerely,
Kyle

P.S I will hang around these forums, everyone is so kind


----------



## SweetTech (Jan 1, 1970)

Hello,

*ComboFix Script*


Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. 
They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".


*Copy/paste the text inside the Codebox below into notepad:*

Here's how to do that:
Click* Start > Run* type *Notepad* click *OK.*
This will open an empty notepad file:

*Copy* all the text *inside of the code box* - *Press Ctrl+C* (or right click on the highlighted section and choose 'copy')


```
KillAll::
DirLook::
C:\04cf981f6e2a4c5ebf9dcab746
C:\61ec5e43d0f984e8aa54
```
Now *paste* the copied text into the open notepad - press *CTRL+V* (or right click and choose 'paste')
*
Save this file to your desktop, Save this as "CFScript"*

Here's how to do that:

1.Click *File*;
2.Click *Save As*... Change the directory to your *desktop*;
3.Change the* Save as type* to *"All Files";*
4.Type in the file name: *CFScript*
5.Click *Save ...*











Referring to the *screenshot* above, *drag CFScript.txt* into *ComboFix.exe.*
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you. 
*Copy and paste the contents of the log in your next reply.*

CAUTION: *Do not* mouse-click ComboFix's window while it is running. That may cause it to stall.

*NEXT:*

*Scanning with MalwareBytes' Anti-Malware*
Please download *Malwarebytes' Anti-Malware* to your desktop.


Double-click *mbam-setup.exe* and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to *Update Malwarebytes' Anti-Malware* and *Launch Malwarebytes' Anti-Malware*, then click *Finish*.
If an update is found, it will download and install the latest version.
Once the program has loaded, select *Perform quick scan*, then click *Scan*.
When the scan is complete, click *OK*, then *Show Results* to view the results.
Be sure that everything is checked, and click *Remove Selected*.
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.

*Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. *

*NEXT:*

*ESET Online Scanner*
*I'd like us to scan your machine with ESET Online Scan*

*Note:* *It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.*



Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
Click the







button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
Click on







to download the ESET Smart Installer. *Save* it to your desktop.
Double click on the







icon on your desktop.

Check








Click the







button.
Accept any security warnings from your browser.
Check








Make sure that the option "Remove found threats" is Unchecked
Push the *Start* button.
ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time.
When the scan completes, push








Push







, and save the file to your desktop using a unique name, such as
ESETScan. Include the contents of this report in your next reply.
Push the







button.
Push









*NEXT:*

*OTL Custom Scan*

*We need to run an OTL Custom Scan*


Please reopen







on your desktop.
*Copy* and *Paste* the following bolded text into the







textbox.

*
netsvcs
%SYSTEMDRIVE%\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\drivers\*.sys /180
*​
*Push*








A report will open. *Copy* and *Paste* that report in your next reply.

*NEXT:*

*Please make sure you include the following items in your next post:*
*1.* Any comments or questions you may have that you'd like for me to answer in my next post to you.
*2.* The log that was produced after running the ComboFix scan.
*3.* The log that was produced after running the updated MalwareBytes' Anti-Malware scan.
*4.* The log that was produced after running the ESET Online Virus Scanner.
*5.* The log that was produced after running the OTL scan.
*6.* An update on how your computer is currently running.​*It would be helpful if you could answer each question in the order asked, as well as numbering your answers.*

Cheers,
SweetTech.


----------



## Rocky123 (May 22, 2010)

My Symantec Antivirus icon does not appear in the tray, does this mean its disabled? If not, where can I find it to disable it?


----------



## SweetTech (Jan 1, 1970)

It looks like it is still disabled. Please proceed with running my instructions above.


----------



## Rocky123 (May 22, 2010)

1. None.

2.*ComboFix 10-05-24.07 - Administrator 05/26/2010 16:28:03.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.503.124 [GMT -4:00]
Running from: c:\documents and settings\Administrator\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
.

((((((((((((((((((((((((( Files Created from 2010-04-26 to 2010-05-26 )))))))))))))))))))))))))))))))
.

2010-05-25 19:58 . 2010-05-25 19:58 -------- d-----w- C:\_OTL
2010-05-21 22:43 . 2010-05-21 22:43 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-05-21 22:42 . 2010-05-21 22:42 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-05-21 22:42 . 2010-05-21 22:42 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2010-05-21 15:10 . 2010-05-21 15:10 -------- d-----w- C:\04cf981f6e2a4c5ebf9dcab746
2010-05-15 00:30 . 2010-05-24 05:37 -------- d-----w- c:\documents and settings\Administrator\Application Data\vlc
2010-05-14 01:11 . 2010-05-14 01:11 -------- d-----w- c:\program files\VideoLAN
2010-05-13 21:36 . 2010-05-13 21:36 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-13 11:25 . 2010-05-13 11:25 -------- d-----w- C:\61ec5e43d0f984e8aa54
2010-05-09 05:02 . 2010-05-09 05:52 6 ----a-w- c:\documents and settings\Administrator\APOCALYPTISM_SETTINGS.dat
2010-05-09 05:02 . 2010-05-09 05:11 -------- d-----w- c:\documents and settings\Administrator\apocalyptism.org
2010-04-29 21:00 . 2010-04-29 21:10 -------- d-----w- c:\documents and settings\Administrator\.pc_store_32

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-26 20:41 . 2007-12-24 03:21 -------- d-----w- c:\documents and settings\Administrator\Application Data\Skype
2010-05-26 20:37 . 2007-06-03 21:07 -------- d-----w- c:\program files\Symantec AntiVirus
2010-05-26 20:21 . 2007-12-24 03:22 -------- d-----w- c:\documents and settings\Administrator\Application Data\skypePM
2010-05-26 02:25 . 2008-07-01 23:33 69 ----a-w- c:\documents and settings\Administrator\jagex_runescape_preferences.dat
2010-05-26 00:54 . 2007-12-15 23:14 -------- d-----w- c:\program files\Starcraft
2010-05-25 22:42 . 2009-09-02 15:04 81 ----a-w- c:\documents and settings\Administrator\jagex_runescape_preferences2.dat
2010-05-21 22:46 . 2010-05-21 22:43 63488 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-05-21 22:45 . 2010-05-21 22:43 117760 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-05-21 22:43 . 2010-05-21 22:43 52224 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-05-21 22:41 . 2010-02-15 20:42 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-05-13 21:47 . 2007-06-03 21:34 -------- d-----w- c:\program files\Common Files\Java
2010-05-13 21:47 . 2010-05-13 21:47 61440 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-169da91f-n\decora-sse.dll
2010-05-13 21:47 . 2010-05-13 21:47 503808 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3e73eb80-n\msvcp71.dll
2010-05-13 21:47 . 2010-05-13 21:47 499712 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3e73eb80-n\jmc.dll
2010-05-13 21:47 . 2010-05-13 21:47 348160 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3e73eb80-n\msvcr71.dll
2010-05-13 21:47 . 2010-05-13 21:47 12800 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-169da91f-n\decora-d3d.dll
2010-05-13 21:36 . 2007-06-03 21:35 -------- d-----w- c:\program files\Java
2010-05-08 00:34 . 2010-02-25 23:54 -------- d-----w- c:\documents and settings\Administrator\Application Data\Ventrilo
2010-04-20 16:40 . 2009-04-25 13:21 -------- d-----w- c:\program files\NetBattle Supremacy
2010-04-19 02:28 . 2010-04-02 19:42 -------- d-----w- c:\documents and settings\Administrator\Application Data\uTorrent
2010-04-11 03:07 . 2010-03-01 20:24 -------- d-----w- c:\program files\StarCraft II Beta
2010-04-06 02:43 . 2010-04-06 02:43 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-04-04 21:16 . 2007-06-03 18:28 12912 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-04 21:16 . 2010-04-04 21:16 -------- d-----w- c:\program files\Microsoft
2010-04-04 21:16 . 2010-04-04 21:15 -------- d-----w- c:\program files\Windows Live
2010-04-04 21:15 . 2010-04-04 21:15 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-04-04 21:12 . 2010-04-04 21:12 -------- d-----w- c:\program files\Common Files\Windows Live
2010-04-02 19:43 . 2010-04-02 19:43 -------- d-----w- c:\program files\uTorrent
2010-03-27 12:28 . 2010-03-27 12:28 0 ----a-w- c:\documents and settings\Administrator\jagex__preferences3.dat
2010-03-11 12:38 . 2004-08-04 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:38 . 2004-08-04 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:38 . 2004-08-04 12:00 17408 ------w- c:\windows\system32\corpol.dll
2010-03-09 11:09 . 2004-08-04 12:00 430080 ----a-w- c:\windows\system32\vbscript.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of C:\04cf981f6e2a4c5ebf9dcab746 ----

2006-11-02 11:42 . 2006-11-02 11:42 177 ----a-w- c:\04cf981f6e2a4c5ebf9dcab746\update\update.ver
2006-11-02 11:30 . 2006-11-02 11:30 8374 ----a-w- c:\04cf981f6e2a4c5ebf9dcab746\update\wdf01005.cat
2006-11-02 11:22 . 2006-11-02 11:22 492000 ----a-w- c:\04cf981f6e2a4c5ebf9dcab746\wdf01000.sys
2006-11-02 11:22 . 2006-11-02 11:22 51680 ----a-w- c:\04cf981f6e2a4c5ebf9dcab746\kmdfcustom.dll
2006-11-02 11:22 . 2006-11-02 11:22 32224 ----a-w- c:\04cf981f6e2a4c5ebf9dcab746\wdfldr.sys
2006-11-02 11:22 . 2006-11-02 11:22 51680 ----a-w- c:\04cf981f6e2a4c5ebf9dcab746\update\kmdfcustom.dll
2006-11-02 03:40 . 2006-11-02 03:40 4172 ----a-w- c:\04cf981f6e2a4c5ebf9dcab746\update\update.inf
2006-10-09 01:51 . 2006-10-09 01:51 14640 ----a-w- c:\04cf981f6e2a4c5ebf9dcab746\spmsg.dll
2006-10-09 01:51 . 2006-10-09 01:51 221488 ----a-w- c:\04cf981f6e2a4c5ebf9dcab746\spuninst.exe
2006-10-09 01:51 . 2006-10-09 01:51 23856 ----a-w- c:\04cf981f6e2a4c5ebf9dcab746\spupdsvc.exe
2006-10-09 01:51 . 2006-10-09 01:51 742192 ----a-w- c:\04cf981f6e2a4c5ebf9dcab746\update\update.exe
2006-10-09 01:51 . 2006-10-09 01:51 379184 ----a-w- c:\04cf981f6e2a4c5ebf9dcab746\update\updspapi.dll

---- Directory of C:\61ec5e43d0f984e8aa54 ----

2010-04-30 16:09 . 2010-04-30 16:09 1198499 ----a-w- c:\61ec5e43d0f984e8aa54\mrt.exe._p
2010-04-30 15:51 . 2010-04-30 15:51 58312 ----a-w- c:\61ec5e43d0f984e8aa54\mrtstub.exe

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2009-10-09 25623336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DrvLsnr"="c:\program files\Analog Devices\SoundMAX\DrvLsnr.exe" [2003-05-08 69632]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-21 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-21 126976]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 52896]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-09-28 125168]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 56080]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 56080]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-2-15 692224]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2007-05-11 07:06 40048 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Starcraft\\StarCraft.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\NetBattle Supremacy\\PokeBattle.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\StarCraft II Beta\\StarCraft II.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12/15/2007 7:01 PM 715248]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/6/2010 5:10 PM 68168]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/12/2010 9:04 PM 102448]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [9/27/2006 8:33 PM 116464]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
mStart Page = hxxp://www.yahoo.com
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7827xye5.default\
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-26 16:38
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x82F8B1F8]<< 
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf8605fc3
\Driver\ACPI -> ACPI.sys @ 0xf8462cb8
\Driver\atapi -> 0x82f8b1f8
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a18f6
ParseProcedure -> ntoskrnl.exe @ 0x8056f26d
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a18f6
ParseProcedure -> ntoskrnl.exe @ 0x8056f26d
NDIS: -> SendCompleteHandler -> 0x0
PacketIndicateHandler -> 0x0
SendHandler -> 0x0
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(660)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll

- - - - - - - > 'explorer.exe'(2316)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\windows\system32\wscntfy.exe
c:\program files\Skype\Phone\Skype.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2010-05-26 16:45:21 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-26 20:45
ComboFix2.txt 2010-05-25 21:09

Pre-Run: 22,304,632,832 bytes free
Post-Run: 22,274,035,712 bytes free

Current=7 Default=7 Failed=6 LastKnownGood=8 Sets=1,2,3,4,5,6,7,8
- - End Of File - - 7FED7FBBEB1567C4952A8F86AE0FC1D7

3.Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4146

Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.13

5/26/2010 4:59:21 PM
mbam-log-2010-05-26 (16-59-21).txt

Scan type: Quick scan
Objects scanned: 110062
Time elapsed: 5 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

4.C:\System Volume Information\_restore{054A0E39-6D15-4590-9748-4FABF0963AE1}\RP774\A0063487.exe multiple threats
C:\System Volume Information\_restore{054A0E39-6D15-4590-9748-4FABF0963AE1}\RP774\A0063514.exe a variant of Win32/Injector.AZJ trojan
C:\System Volume Information\_restore{054A0E39-6D15-4590-9748-4FABF0963AE1}\RP777\A0063572.exe a variant of Win32/Injector.BER trojan
C:\System Volume Information\_restore{054A0E39-6D15-4590-9748-4FABF0963AE1}\RP778\A0063608.exe a variant of Win32/Injector.BER trojan
C:\System Volume Information\_restore{054A0E39-6D15-4590-9748-4FABF0963AE1}\RP778\A0064608.exe a variant of Win32/Injector.BER trojan
C:\System Volume Information\_restore{054A0E39-6D15-4590-9748-4FABF0963AE1}\RP779\A0064676.exe a variant of Win32/Injector.BER trojan
C:\System Volume Information\_restore{054A0E39-6D15-4590-9748-4FABF0963AE1}\RP779\A0064700.exe a variant of Win32/Injector.BER trojan
C:\System Volume Information\_restore{054A0E39-6D15-4590-9748-4FABF0963AE1}\RP780\A0064727.exe a variant of Win32/Injector.BER trojan
C:\System Volume Information\_restore{054A0E39-6D15-4590-9748-4FABF0963AE1}\RP781\A0064750.exe a variant of Win32/Injector.BER trojan
C:\System Volume Information\_restore{054A0E39-6D15-4590-9748-4FABF0963AE1}\RP781\A0065749.exe a variant of Win32/Injector.BER trojan
C:\System Volume Information\_restore{054A0E39-6D15-4590-9748-4FABF0963AE1}\RP782\A0065773.exe a variant of Win32/Injector.BER trojan
C:\System Volume Information\_restore{054A0E39-6D15-4590-9748-4FABF0963AE1}\RP782\A0065802.exe a variant of Win32/Injector.BER trojan
C:\System Volume Information\_restore{054A0E39-6D15-4590-9748-4FABF0963AE1}\RP783\A0065847.exe a variant of Win32/Injector.BER trojan
C:\System Volume Information\_restore{054A0E39-6D15-4590-9748-4FABF0963AE1}\RP783\A0065848.exe a variant of Win32/Injector.BER trojan
C:\System Volume Information\_restore{054A0E39-6D15-4590-9748-4FABF0963AE1}\RP784\A0065877.exe a variant of Win32/Injector.BER trojan
C:\System Volume Information\_restore{054A0E39-6D15-4590-9748-4FABF0963AE1}\RP784\A0065901.exe a variant of Win32/Injector.BER trojan
C:\System Volume Information\_restore{054A0E39-6D15-4590-9748-4FABF0963AE1}\RP784\A0065923.exe a variant of Win32/Injector.BER trojan
C:\System Volume Information\_restore{054A0E39-6D15-4590-9748-4FABF0963AE1}\RP785\A0065947.exe a variant of Win32/Injector.BER trojan
C:\System Volume Information\_restore{054A0E39-6D15-4590-9748-4FABF0963AE1}\RP787\A0066088.exe a variant of Win32/Injector.BER trojan
C:\System Volume Information\_restore{054A0E39-6D15-4590-9748-4FABF0963AE1}\RP787\A0066114.exe a variant of Win32/Injector.BER trojan
C:\System Volume Information\_restore{054A0E39-6D15-4590-9748-4FABF0963AE1}\RP787\A0066137.exe a variant of Win32/Injector.BER trojan
C:\System Volume Information\_restore{054A0E39-6D15-4590-9748-4FABF0963AE1}\RP787\A0066158.exe a variant of Win32/Injector.BER trojan
C:\System Volume Information\_restore{054A0E39-6D15-4590-9748-4FABF0963AE1}\RP788\A0066193.exe a variant of Win32/Injector.BER trojan
C:\System Volume Information\_restore{054A0E39-6D15-4590-9748-4FABF0963AE1}\RP788\A0066211.exe a variant of Win32/Injector.BER trojan
C:\System Volume Information\_restore{054A0E39-6D15-4590-9748-4FABF0963AE1}\RP789\A0066264.exe a variant of Win32/Injector.BER trojan
C:\System Volume Information\_restore{054A0E39-6D15-4590-9748-4FABF0963AE1}\RP790\A0066277.exe a variant of Win32/Injector.BER trojan
C:\System Volume Information\_restore{054A0E39-6D15-4590-9748-4FABF0963AE1}\RP791\A0066309.exe a variant of Win32/Injector.BER trojan
C:\System Volume Information\_restore{054A0E39-6D15-4590-9748-4FABF0963AE1}\RP793\A0066445.exe a variant of Win32/Injector.BER trojan
C:\System Volume Information\_restore{054A0E39-6D15-4590-9748-4FABF0963AE1}\RP793\A0066463.exe a variant of Win32/Injector.BER trojan
C:\System Volume Information\_restore{054A0E39-6D15-4590-9748-4FABF0963AE1}\RP794\A0066486.exe a variant of Win32/Injector.BER trojan
C:\System Volume Information\_restore{054A0E39-6D15-4590-9748-4FABF0963AE1}\RP794\A0066509.exe a variant of Win32/Injector.BER trojan
C:\System Volume Information\_restore{054A0E39-6D15-4590-9748-4FABF0963AE1}\RP794\A0066520.exe a variant of Win32/Injector.BER trojan
C:\System Volume Information\_restore{054A0E39-6D15-4590-9748-4FABF0963AE1}\RP795\A0066562.exe a variant of Win32/Injector.BER trojan
C:\System Volume Information\_restore{054A0E39-6D15-4590-9748-4FABF0963AE1}\RP795\A0066579.exe a variant of Win32/Injector.BER trojan
C:\System Volume Information\_restore{054A0E39-6D15-4590-9748-4FABF0963AE1}\RP795\A0066584.exe a variant of Win32/Injector.BER trojan
C:\System Volume Information\_restore{054A0E39-6D15-4590-9748-4FABF0963AE1}\RP796\A0066602.exe a variant of Win32/Injector.BER trojan
C:\System Volume Information\_restore{054A0E39-6D15-4590-9748-4FABF0963AE1}\RP797\A0067621.exe a variant of Win32/Injector.BER trojan
C:\System Volume Information\_restore{054A0E39-6D15-4590-9748-4FABF0963AE1}\RP797\A0067622.exe a variant of Win32/Injector.BER trojan
C:\System Volume Information\_restore{054A0E39-6D15-4590-9748-4FABF0963AE1}\RP799\A0067657.exe a variant of Win32/Injector.BER trojan
C:\System Volume Information\_restore{054A0E39-6D15-4590-9748-4FABF0963AE1}\RP800\A0067716.exe a variant of Win32/Injector.BER trojan
C:\System Volume Information\_restore{054A0E39-6D15-4590-9748-4FABF0963AE1}\RP801\A0067740.exe a variant of Win32/Injector.BER trojan
C:\System Volume Information\_restore{054A0E39-6D15-4590-9748-4FABF0963AE1}\RP801\A0067773.exe a variant of Win32/Injector.BER trojan
C:\System Volume Information\_restore{054A0E39-6D15-4590-9748-4FABF0963AE1}\RP801\A0067805.exe a variant of Win32/Injector.BER trojan
C:\System Volume Information\_restore{054A0E39-6D15-4590-9748-4FABF0963AE1}\RP802\A0067829.exe a variant of Win32/Injector.BER trojan
C:\System Volume Information\_restore{054A0E39-6D15-4590-9748-4FABF0963AE1}\RP806\A0068032.exe a variant of Win32/Injector.BER trojan
C:\System Volume Information\_restore{054A0E39-6D15-4590-9748-4FABF0963AE1}\RP807\A0068053.exe a variant of Win32/Injector.BER trojan
C:\System Volume Information\_restore{054A0E39-6D15-4590-9748-4FABF0963AE1}\RP807\A0068054.exe a variant of Win32/Injector.BER trojan
C:\System Volume Information\_restore{054A0E39-6D15-4590-9748-4FABF0963AE1}\RP807\A0068065.exe a variant of Win32/Injector.BER trojan
C:\System Volume Information\_restore{054A0E39-6D15-4590-9748-4FABF0963AE1}\RP808\A0068088.exe a variant of Win32/Injector.BER trojan
C:\System Volume Information\_restore{054A0E39-6D15-4590-9748-4FABF0963AE1}\RP808\A0068096.exe a variant of Win32/Injector.BER trojan
C:\System Volume Information\_restore{054A0E39-6D15-4590-9748-4FABF0963AE1}\RP809\A0068118.exe a variant of Win32/Injector.BER trojan
C:\System Volume Information\_restore{054A0E39-6D15-4590-9748-4FABF0963AE1}\RP810\A0068157.exe a variant of Win32/Injector.BER trojan
C:\System Volume Information\_restore{054A0E39-6D15-4590-9748-4FABF0963AE1}\RP810\A0068158.exe a variant of Win32/Injector.BER trojan
C:\System Volume Information\_restore{054A0E39-6D15-4590-9748-4FABF0963AE1}\RP811\A0068170.exe a variant of Win32/Injector.BER trojan
C:\System Volume Information\_restore{054A0E39-6D15-4590-9748-4FABF0963AE1}\RP811\A0068183.exe a variant of Win32/Injector.BER trojan
C:\System Volume Information\_restore{054A0E39-6D15-4590-9748-4FABF0963AE1}\RP812\A0068205.exe a variant of Win32/Injector.BER trojan
C:\System Volume Information\_restore{054A0E39-6D15-4590-9748-4FABF0963AE1}\RP818\A0068324.exe a variant of Win32/Injector.BER trojan
C:\System Volume Information\_restore{054A0E39-6D15-4590-9748-4FABF0963AE1}\RP836\A0069910.exe a variant of Win32/Injector.BIN trojan
C:\System Volume Information\_restore{054A0E39-6D15-4590-9748-4FABF0963AE1}\RP836\A0069912.exe a variant of Win32/Injector.BIN trojan
C:\System Volume Information\_restore{054A0E39-6D15-4590-9748-4FABF0963AE1}\RP836\A0069913.exe a variant of Win32/Injector.BIN trojan
C:\_OTL\MovedFiles\05252010_155818\C_WINDOWS\system32\install\server.exe a variant of Win32/Injector.BIN trojan

5.OTL logfile created on: 5/26/2010 8:56:43 PM - Run 2
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Administrator\Desktop\Everything that doesnt Fit anywhere else
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.00 Mb Total Physical Memory | 95.00 Mb Available Physical Memory | 19.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 67.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 20.69 Gb Free Space | 55.53% Space Free | Partition Type: NTFS
Unable to calculate disk information.
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: COMPAQ2
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Administrator\Desktop\Everything that doesnt Fit anywhere else\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Administrator\Desktop\Everything that doesnt Fit anywhere else\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (SavRoam) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe (symantec)
SRV - (Symantec AntiVirus) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
SRV - (DefWatch) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE (Symantec Corporation)
SRV - (SNDSrvc) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Symantec Corporation)
SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
SRV - (SPBBCSvc) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation)
SRV - (SoundMAX Agent Service (default)) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)

========== Driver Services (SafeList) ==========

DRV - (catchme) -- File not found
DRV - (NAVEX15) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100521.002\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100521.002\NAVENG.SYS (Symantec Corporation)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (LMouKE) -- C:\WINDOWS\system32\drivers\LMouKE.Sys (Logitech Inc.)
DRV - (LMouFilt) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (L8042mou) -- C:\WINDOWS\system32\drivers\L8042mou.Sys (Logitech Inc.)
DRV - (L8042Kbd) -- C:\WINDOWS\system32\drivers\L8042Kbd.sys (Logitech Inc.)
DRV - (SymEvent) -- C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Corporation)
DRV - (SAVRT) -- C:\Program Files\Symantec AntiVirus\savrt.sys (Symantec Corporation)
DRV - (SAVRTPEL) -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys (Symantec Corporation)
DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMREDRV) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (WUSB54GPV4SRV) -- C:\WINDOWS\system32\drivers\rt2500usb.sys (Ralink Technology Inc.)
DRV - (GTNDIS5) -- C:\WINDOWS\system32\GTNDIS5.sys (Printing Communications Assoc., Inc. (PCAUSA))

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/02 01:42:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/21 09:56:38 | 000,000,000 | ---D | M]

[2008/12/18 19:39:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2010/05/26 17:10:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7827xye5.default\extensions
[2008/07/16 16:32:31 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7827xye5.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/02/06 16:20:06 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7827xye5.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/12/11 21:38:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7827xye5.default\extensions\[email protected]
[2008/07/17 21:45:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7827xye5.default\extensions\[email protected]
[2010/05/26 17:00:27 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/13 17:37:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/05/13 17:36:35 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/05/26 16:38:15 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe (adi)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/06/03 14:14:54 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2007/06/03 14:14:18 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (54338281256517632)

========== Files/Folders - Created Within 30 Days ==========

[2010/05/26 17:04:04 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/05/26 16:52:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2010/05/26 16:51:53 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/05/26 16:51:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/05/26 16:51:50 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/05/26 16:51:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/26 16:49:59 | 006,153,376 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup-1.46.exe
[2010/05/26 16:33:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/05/25 16:57:37 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/05/25 16:54:26 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/05/25 16:54:26 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/05/25 16:54:25 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/05/25 16:54:25 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/05/25 16:54:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/05/25 16:44:10 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/05/25 15:58:18 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/05/21 18:43:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/05/21 18:42:44 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/05/21 18:42:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
[2010/05/21 11:10:35 | 000,000,000 | ---D | C] -- C:\04cf981f6e2a4c5ebf9dcab746
[2010/05/20 20:45:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Foldah Chaos Loncah
[2010/05/15 11:44:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Downloads
[2010/05/14 20:30:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\vlc
[2010/05/13 21:11:38 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2010/05/13 17:47:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/05/13 17:36:59 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/05/13 17:36:59 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/05/13 17:36:59 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/05/13 17:36:59 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/05/13 07:25:30 | 000,000,000 | ---D | C] -- C:\61ec5e43d0f984e8aa54
[2010/05/09 01:02:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\apocalyptism.org
[2010/05/06 21:06:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\New Video content
[2010/05/02 21:51:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\My Games
[2010/05/01 01:13:54 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Desktop\Files
[2010/04/29 18:08:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Everything that doesnt Fit anywhere else
[2010/04/29 18:06:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Picutres, Music
[2010/04/29 17:00:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\.pc_store_32

========== Files - Modified Within 30 Days ==========

[2010/05/26 17:02:23 | 002,672,312 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\esetsmartinstaller_enu.exe
[2010/05/26 16:52:02 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/26 16:50:20 | 006,153,376 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup-1.46.exe
[2010/05/26 16:38:47 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/05/26 16:38:15 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/05/26 16:38:00 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/26 16:36:22 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/26 16:36:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/26 16:35:03 | 004,456,448 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010/05/26 16:34:37 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/05/26 16:22:28 | 005,321,296 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2010/05/26 15:46:04 | 000,000,684 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to ComboFix.exe.lnk
[2010/05/25 22:25:55 | 000,000,069 | ---- | M] () -- C:\Documents and Settings\Administrator\jagex_runescape_preferences.dat
[2010/05/25 19:38:03 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/05/25 18:42:15 | 000,000,081 | ---- | M] () -- C:\Documents and Settings\Administrator\jagex_runescape_preferences2.dat
[2010/05/25 16:57:44 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/05/23 04:00:03 | 000,022,528 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/18 22:54:34 | 000,000,507 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\RSBot Accounts.ini
[2010/05/14 08:34:57 | 001,340,171 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\RSBot-117.jar
[2010/05/14 03:02:23 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/05/13 17:36:33 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/05/13 17:36:33 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/05/13 17:36:32 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/05/13 17:36:32 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/05/13 17:36:32 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/05/09 01:52:54 | 000,000,006 | ---- | M] () -- C:\Documents and Settings\Administrator\APOCALYPTISM_SETTINGS.dat
[2010/05/07 18:32:40 | 001,350,287 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\RSBot.jar
[2010/05/02 21:52:30 | 000,001,766 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PkHonor.lnk
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2010/05/26 17:02:12 | 002,672,312 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\esetsmartinstaller_enu.exe
[2010/05/26 16:52:02 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/26 15:46:04 | 000,000,684 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to ComboFix.exe.lnk
[2010/05/25 16:57:44 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/05/25 16:57:39 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/05/25 16:54:26 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/05/25 16:54:26 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/05/25 16:54:26 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/05/25 16:54:25 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/05/25 16:54:25 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/05/13 17:16:48 | 001,340,171 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\RSBot-117.jar
[2010/05/09 01:02:35 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\Administrator\APOCALYPTISM_SETTINGS.dat
[2010/05/07 18:32:32 | 001,350,287 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\RSBot.jar
[2010/05/02 21:52:30 | 000,001,766 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PkHonor.lnk
[2010/02/25 19:28:40 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2007/12/15 19:01:40 | 000,715,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2007/07/02 21:41:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2007/06/03 15:38:04 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2007/06/03 15:24:03 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2005/09/01 00:49:54 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\NBAsm.dll
[2004/10/07 11:50:50 | 000,072,704 | ---- | C] () -- C:\WINDOWS\System32\nbzlib.dll
[2001/06/21 13:13:48 | 000,081,332 | ---- | C] () -- C:\WINDOWS\System32\bass.dll

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2007/06/03 14:14:54 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2008/05/31 15:00:42 | 001,072,113 | ---- | M] () -- C:\blood_file_store_32.zip
[2008/05/03 15:04:05 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/05/25 16:57:44 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2010/05/26 16:45:22 | 000,014,957 | ---- | M] () -- C:\ComboFix.txt
[2007/06/03 14:14:54 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2007/06/03 14:14:54 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/05/03 14:50:09 | 000,000,125 | ---- | M] () -- C:\ioSpecial.ini
[2008/11/05 17:51:30 | 000,008,435 | ---- | M] () -- C:\kevy
[2008/11/07 19:08:47 | 000,008,435 | ---- | M] () -- C:\kevy.jar
[2008/11/05 17:40:25 | 000,007,168 | ---- | M] () -- C:\mitb.exe
[2007/06/03 14:14:54 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/07/16 12:49:19 | 000,274,047 | ---- | M] () -- C:\nettemp.zst
[2004/08/04 08:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2004/08/04 08:00:00 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2010/05/26 16:36:01 | 792,723,456 | -HS- | M] () -- C:\pagefile.sys
[2008/11/07 19:09:40 | 000,008,435 | ---- | M] () -- C:\prefetch.jar
[2008/11/02 14:18:31 | 000,000,214 | ---- | M] () -- C:\rominfo.txt

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2007/06/03 09:49:39 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2007/06/03 09:49:39 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2007/06/03 09:49:39 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /180 >
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
[2010/02/24 08:31:30 | 000,454,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxsmb.sys
[2009/12/31 12:14:12 | 000,352,640 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\srv.sys
[2010/02/11 08:01:43 | 000,226,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tcpip6.sys
< End of report >

6. It seems to be running pretty much like before. 
*


----------



## SweetTech (Jan 1, 1970)

Hello,

*Update FireFox*
While in *Firefox* go to the *Help* menu.
Locate *Check for Updates.*
Allow Firefox to install the latest update. Which is 3.6.3

*NEXT:*

*Remove Program*
We need to remove a program. To do this please do the following:

 Click Start
 Go to Control Panel
 Go to Add/Remove Programs
 Find and click Remove for the following (if present):
Java(TM) SE Runtime Environment 6 Update 1
Java(TM) SE Runtime Environment 6 Update 3
Java(TM) SE Runtime Environment 6 Update 5
Java(TM) SE Runtime Environment 6 Update 7



*OTL Fix*

*We need to run an OTL Fix*

Please reopen







on your desktop.
*Copy* and *Paste* the following code into the







textbox. Do not include the word "*Code*"


```
:Services
:OTL
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
[2010/05/26 16:49:59 | 006,153,376 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup-1.46.exe
[2010/05/26 17:02:23 | 002,672,312 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\esetsmartinstaller_enu.exe
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[start explorer]
[Reboot]
```

*Push*








*OTL may ask to reboot the machine. Please do so if asked.*
*Click*







.
A report will open. *Copy* and *Paste* that report in your next reply.
If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

*NEXT:*

*The log that was produced after running the OTL fix.*


----------



## Rocky123 (May 22, 2010)

Hello,
I updated firefox
I went to the Control panel to try and remove the Java Runtime enviorment updates, but it does not show "Remove" Beside any of them when i highlight them. 
What should i do?


----------



## SweetTech (Jan 1, 1970)

Try and use this program below:

*RevoUninstaller*
Download and install Revo Uninstaller

Double click the *Revo Uninstaller* icon on your desktop to start the program
Scroll through the listed programs and *Right Click* on the program you wish to uninstall
From the pop out menu choose *Uninstall*
Click *Yes* to the confirmation dialogue
In the next window select the *Advanced mode*
Click *Next* to start uninstalling the program
Answer *Yes* to confirm the uninstall
When the program has completed the four steps, click *Next* to allow the program to search for leftovers
Once complete, click *Next,* then *Finish*
Repeat the above steps for any other programs you wish to remove.


----------



## Rocky123 (May 22, 2010)

I have done as you instructed with Revo, however, When i am uninstalling the Java, the window that comes up after saying that i can modify the Java.. but on the top, it shows that it is installing it? I'm not sure if i want to continue, and wanted to ask you.


----------



## SweetTech (Jan 1, 1970)

Yeah, let it proceed.


----------



## Rocky123 (May 22, 2010)

I let it proceed and it just Installs it again, as it says on the last window before clicking finish. This did not add another icon to the ADD\Remove Programs, but it didn't remove it. 
What should i do?


----------



## SweetTech (Jan 1, 1970)

Try this:

Please download *JavaRa* and unzip it to your desktop.

****Please close any instances of Internet Explorer before continuing!****


Double-click on *JavaRa.exe* to start the program.
From the drop-down menu, choose *English* and click on *Select.*
JavaRa will open; click on *Remove Older Versions* to remove the older versions of Java installed on your computer.
Click *Yes* when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click *OK.*
A logfile will pop up. Please save it to a convenient location and post it in your next reply.


----------



## Rocky123 (May 22, 2010)

Okay, I did as i was instructed and here is the log:


JavaRa 1.15 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Wed May 26 22:31:59 2010

Found and removed: C:\Program Files\Java\jre1.6.0_01

Found and removed: C:\Program Files\Java\jre1.6.0_03

Found and removed: C:\Program Files\Java\jre1.6.0_05

Found and removed: C:\Program Files\Java\jre1.6.0_07

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610001

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610001

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610001

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Classes\JavaPlugin.160_01

Found and removed: SOFTWARE\Classes\JavaPlugin.160_03

Found and removed: SOFTWARE\Classes\JavaPlugin.160_05

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_01

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_03

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_05

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_01

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_03

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_05

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610001

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610001

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610003

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610005

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610001

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160010}

Found and removed: Software\Classes\JavaPlugin.160_01

Found and removed: Software\Classes\JavaPlugin.160_03

Found and removed: Software\Classes\JavaPlugin.160_05

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_01

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_05

Found and removed: Software\JavaSoft\Java2D\1.6.0_01

Found and removed: Software\JavaSoft\Java2D\1.6.0_03

Found and removed: Software\JavaSoft\Java2D\1.6.0_05

Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_01

Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_03

Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_05

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_07

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_07

Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610007

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610007

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_01\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_03\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_05\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_01\bin\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_03\bin\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_05\bin\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_07\bin\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_01.b06\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_03.b05\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_05.b13\

------------------------------------

Finished reporting.


----------



## SweetTech (Jan 1, 1970)

Hello,

That seems to have done the trick.

*If you have no further issues with your computer, then please proceed with the following housekeeping procedures outlined below.*

*NEXT:*

*Time for some housekeeping*
The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK: *ComboFix /Uninstall *

*NEXT:*

*OTL Clean-Up*
Clean up with *OTL:*

Double-click *OTL.exe* to start the program.
Close all other programs apart from OTL as this step will require a reboot
On the OTL main screen, press the *CLEANUP* button
Say *Yes* to the prompt and then allow the program to reboot your computer.
*If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.*

*NEXT:*

*All Clean Speech*

*===> Make sure you've re-enabled any Security Programs that we may have disabled during the malware removal process. <===*​Below I have included a number of recommendations for how to protect your computer against malware infections.

It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article*
Strong passwords: How to create and use them* then consider a *password keeper,* to keep all your passwords safe.

Keep Windows updated by regularly checking their website at: http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.

*SpywareBlaster* protects against bad ActiveX, it immunizes your PC against them.

*SpywareGuard* offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict.

*Make Internet Explorer more secure*
Click *Start* > *Run*
Type *Inetcpl.cpl* & click *OK*
Click on the *Security* tab
Click *Reset all zones to default level*
Make sure the *Internet Zone* is selected & Click *Custom level*
In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
Next Click *OK*, then *Apply* button and then *OK* to exit the Internet Properties page.

*ATF Cleaner* - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.

*MVPS Hosts file* replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.
*WOT*, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
*Green* to go
*Yellow* for caution
*Red* to stop
WOT has an addon available for both Firefox and IE
Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from *Here*
If you choose to use Firefox, I highly recommend this add-on to keep your PC even more secure.
*NoScript* - for blocking ads and other potential website attacks


*Keep a backup of your important files* - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

*ERUNT* (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:
*Think Prevention.*
*PC Safety and Security--What Do I Need?.*

***Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them. *

Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Cheers,
SweetTech.


----------



## Rocky123 (May 22, 2010)

Before i do anything above --- When you told me to remove the Old java updates, there was a step after that (OTL Fix) Do i still need to do that? (My computer seems fine.)


----------



## SweetTech (Jan 1, 1970)

You can proceed without running the OTL fix in my previous post to you. All I was doing was removing a few of the installation files for the programs we installed. But those can be removed manually by you via right click and delete.


----------



## Rocky123 (May 22, 2010)

Okay, great. I'll get on with Post #33.


----------



## Rocky123 (May 22, 2010)

I have removed OTL and ComboFix successfully. 
I have considered you're Speech, and I will use it, 100%.
My computer is amazing, and I give you my regards. It is running faster than before, and I'm speechless.

I cannot express how thankful I am for you cooperating with my Newbieness. Thank you once again, and best of luck to you in the future. I will close this thread now, and thank you once again. 
Farewell, thank you so much.
-Kyle


----------



## SweetTech (Jan 1, 1970)

You are more than welcome. I am glad that I was able to be of assistance to you.

Take Care.

Cheers,
SweetTech.


----------

