# My browsers won't keep me logged in.



## Crimm (Jun 16, 2010)

Ok, some background info first on what may have lead up to this.

My operating system is Windows XP, and I use the latest version of Firefox with Ad Block Plus and Greasemonkey add-ons.

I was looking for an MP4-WMV converter. I googled some up, and checked out some of the websites, but I didn't download or install any. I got a little nervous about visiting some sites I had never gone to before (my internet browsing routine is pretty limited, I check only a few websites that I know are safe) so I ran a full virus scan from Microsoft Security Essentials. It came up with Win32/Hilot, and after I removed it and restarted my computer, I ran another check, and Win32/Bredolab showed up. I told Security Essentials to remove that too, and then restarted my computer again and ran another check, and it comes up clean now. I restarted and rescanned a few more times just to be safe.

*I forgot to add that Win32/Daurso also appeared and got cleaned out on the second scan.

But now it seems like my browsers won't keep me logged in to websites like facebook and deviantart. It remembers my username and password, but despite having the "Keep me signed in" checked, it keeps making me log back in every time I exit and reopen the browser. It's not just firefox, internet explorer also has this problem. I tried uninstalling and reinstalling firefox but the problem is still there. It's not really vital, but it's incredibly annoying to have to sign back in every time.

I guess my question is, did one of those viruses mess something up that keeps my computer from keeping me signed in to websites? And is there a way to repair or fix it somehow?

Sorry for the massive wall of text. I hope it helps.


----------



## Cookiegal (Aug 27, 2003)

Please click * here* to download *HijackThis*.

Save the *HijackThis.msi* file to your desktop.
Double-click the * HijackThis.msi* file on your desktop. If you get a security warning asking if you want to run this software because the publisher couldn't be verified click on Run and follow the prompts to install the program.
It will install to C:\Program Files\Trend Micro\HijackThis by default. Please do not change this default destination. 
A HijackThis icon will be created on your desktop.
Double-click the *Hijackthis* icon to launch the program.
Click on the *Scan* button. It will scan and open the resulting log automatically in Notepad.
Save the log file and copy and paste the entire report in your next reply.
*Please do not fix anything with HijackThis unless you are instructed to do so. Most of what appears in the log will be harmless and/or necessary. 
*


----------



## Crimm (Jun 16, 2010)

I already had a copy of Hijackthis from a while ago, so I used that version. Here you go.


----------



## Cookiegal (Aug 27, 2003)

You did pick up an infection and it's a password stealer so you should immediately change all passwords for log-ins to all sites but especially those used for banking or other financial transactions using a different (clean) computer.

Please download Malwarebytes' Anti-Malware from *Here*.

Double Click *mbam-setup.exe* to install the application.
Make sure a checkmark is placed next to *Update Malwarebytes' Anti-Malware* and *Launch Malwarebytes' Anti-Malware*, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "*Perform Quick Scan*", then click *Scan*.
The scan may take some time to finish, so please be patient.
When the scan is complete, click *OK*, then *Show Results* to view the results.
Make sure that *everything is checked*, and click *Remove Selected*.
When disinfection is completed, a log will open in Notepad and you may be prompted to restart. (See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the entire report in your next reply.
Extra Note:

*If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.*


----------



## Cookiegal (Aug 27, 2003)

Also, please do not attach the logs unless instructed to or it's necessary because they are too large to fit into one post.


----------



## Crimm (Jun 16, 2010)

Ah, sorry. Here you go.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4206

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/16/2010 12:14:45 PM
mbam-log-2010-06-16 (12-14-45).txt

Scan type: Quick scan
Objects scanned: 167338
Time elapsed: 5 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 10
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8f9e2be3-766d-4831-bb0e-766d5b819995} (Adware.ISM) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f919fbd3-a96b-4679-af26-f551439bb5fd} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{ca4f0d8d-5f2b-4f16-838a-8d52249eab21} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\MS Juan (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\jkwslist (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Juan (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Fly (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Love (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


----------



## Cookiegal (Aug 27, 2003)

Please visit *Combofix Guide & Instructions * for instructions for installing the recovery console and downloading and running ComboFix.

The only thing different from the instructions there is that when downloading and saving the ComboFix.exe I would like you to rename it to puppy.exe please.

Post the log from ComboFix when you've accomplished that along with a new HijackThis log.

Important notes regarding ComboFix:

ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. This can easily be changed once we're finished.

ComboFix also prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know. This can be undone manually when we're finished. Read  *HERE * for an article written by dvk01 on why we disable autoruns.


----------



## Crimm (Jun 16, 2010)

Sorry for the delay. I read the instructions, saved combofix as puppy, and it was running well, but now it's stuck on "Preparing log report." It's been on that for about half an hour. I know it said this could take a while. Should I just let it keep doing this for a few hours? 

I'm also typing this from my laptop since it says not to run any programs until after it generates the log report.


----------



## Cookiegal (Aug 27, 2003)

Is it still hung up? If so, then see if the log has been created and if so post it please.


----------



## Crimm (Jun 16, 2010)

It's still stuck on it, but there was the ComboFix.txt.

ComboFix 10-06-18.03 - Kristina 06/19/2010 12:55:09.1.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.2932 [GMT -4:00]
Running from: E:\My Documents\Downloads\puppy.exe
AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: F-Secure Anti-Virus Client Security 5.55 *disabled* {D4747503-0346-49EB-9262-997542F79BF4}
.
The following files were disabled during the run:
C:\WINDOWS\system32\nbtsping.dll

Do you want me to run HiJackThis again, too?


----------



## Cookiegal (Aug 27, 2003)

Are you sure that's all that was in the log?

It could be because you didn't disable Microsft Security Essentials.

No, there's no need for another HijackThis log yet.


----------



## Crimm (Jun 16, 2010)

I tried to turn it off before I started but I accidentally told it to go ahead before I did, and I didn't want to turn it off while it was running. Do you want me to turn it off and run it again? Because yeah, that's all there was. :/


----------



## Cookiegal (Aug 27, 2003)

Yes please do.


----------



## Crimm (Jun 16, 2010)

Combofix won't move past the initial gray and green progress bar that shows up when I tell it to run, now. The green bar loads all the way, then it disappears, and the hourglass on my mouse shows up for a few seconds, but then everything just goes back to normal. Go me, I screwed up.


----------



## Cookiegal (Aug 27, 2003)

Download GMER from: http://gmer.net/index.php

Click on the Download exe button and save it on your desktop. It will create a oddly named exe file on your desktop. Double click that file to run it and select the rootkit tab and then press scan. When the scan is done, click *Save* and save the log in Notepad then copy and paste the log report back here please.

Note: It's important that all other windows be closed and that you don't touch the mouse or anything during the scan as it may cause it to freeze.

If you do have trouble with it freezing, try running a new scan with only "Sections" and the C drive selected on the right-hand side.


----------



## Crimm (Jun 16, 2010)

When I try to copy, paste, and post the reply, it keeps giving me a 503 server error on both the full reply and the quick reply. Should I attach the log instead?


----------



## Cookiegal (Aug 27, 2003)

Sure, if you can.


----------



## Crimm (Jun 16, 2010)

Um, weird. It won't let me attach it. When I click manage attachments and click on browse, nothing happens.


----------



## Cookiegal (Aug 27, 2003)

Try the copy and paste again. 503 server errors are usually temporary glitches.


----------



## Crimm (Jun 16, 2010)

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-19 19:38:39
Windows 5.1.2600 Service Pack 3
Running: 23re5w2r.exe; Driver: C:\DOCUME~1\KRISTI~1.KRI\LOCALS~1\Temp\fwldqpog.sys

---- System - GMER 1.0.15 ----

SSDT sppv.sys ZwCreateKey [0xB7EB50E0]
SSDT sppv.sys ZwEnumerateKey [0xB7ECDDA4]
SSDT sppv.sys ZwEnumerateValueKey [0xB7ECE132]
SSDT sppv.sys ZwOpenKey [0xB7EB50C0]
SSDT sppv.sys ZwQueryKey [0xB7ECE20A]
SSDT sppv.sys ZwQueryValueKey [0xB7ECE08A]
SSDT sppv.sys ZwSetValueKey [0xB7ECE29C]

INT 0x62 ? 8B4C7BF8
INT 0x63 ? 8B4C7BF8
INT 0x63 ? 8B4C7BF8
INT 0x63 ? 8B2CEF00
INT 0x63 ? 8B4C7BF8
INT 0x82 ? 8B4C7BF8
INT 0x83 ? 8B4C7BF8
INT 0x83 ? 8B4C7BF8
INT 0x83 ? 8B2CEF00
INT 0x83 ? 8B4C7BF8
INT 0x84 ? 8B2CEF00
INT 0xA4 ? 8B2CEF00
INT 0xB4 ? 8B2CEF00
INT 0xB4 ? 8B2CEF00
INT 0xB4 ?  8B2CEF00

---- Kernel code sections - GMER 1.0.15 ----

? sppv.sys The system cannot find the file specified. !
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB6701380, 0x566445, 0xE8000020]
.text USBPORT.SYS!DllUnload B66E18AC 5 Bytes JMP 8B2CE4E0 
.text a5vr3pad.SYS B6618386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text a5vr3pad.SYS B66183AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text a5vr3pad.SYS B66183C4 3 Bytes [00, 80, 02]
.text a5vr3pad.SYS B66183C9 1 Byte [30]
.text a5vr3pad.SYS B66183C9 11 Bytes [30, 00, 00, 00, 5E, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESI; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
.text ...

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B7EB6042] sppv.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B7EB613E] sppv.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B7EB60C0] sppv.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B7EB6800] sppv.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B7EB66D6] sppv.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B7EC5B90] sppv.sys
IAT \SystemRoot\System32\Drivers\a5vr3pad.SYS[HAL.dll!KfAcquireSpinLock] 18C4830E
IAT \SystemRoot\System32\Drivers\a5vr3pad.SYS[HAL.dll!READ_PORT_UCHAR] 1C959E88
IAT \SystemRoot\System32\Drivers\a5vr3pad.SYS[HAL.dll!KeGetCurrentIrql] 9E880000
IAT \SystemRoot\System32\Drivers\a5vr3pad.SYS[HAL.dll!KfRaiseIrql] 00001CB1
IAT \SystemRoot\System32\Drivers\a5vr3pad.SYS[HAL.dll!KfLowerIrql] 0E798366
IAT \SystemRoot\System32\Drivers\a5vr3pad.SYS[HAL.dll!HalGetInterruptVector] 74AAB000
IAT \SystemRoot\System32\Drivers\a5vr3pad.SYS[HAL.dll!HalTranslateBusAddress] 8986C636
IAT \SystemRoot\System32\Drivers\a5vr3pad.SYS[HAL.dll!KeStallExecutionProcessor] 1A00001C
IAT \SystemRoot\System32\Drivers\a5vr3pad.SYS[HAL.dll!KfReleaseSpinLock] 1C8B86C6
IAT \SystemRoot\System32\Drivers\a5vr3pad.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] C6020000
IAT \SystemRoot\System32\Drivers\a5vr3pad.SYS[HAL.dll!READ_PORT_USHORT] 001C9686
IAT \SystemRoot\System32\Drivers\a5vr3pad.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 86C60200
IAT \SystemRoot\System32\Drivers\a5vr3pad.SYS[HAL.dll!WRITE_PORT_UCHAR] 00001CB2
IAT \SystemRoot\System32\Drivers\a5vr3pad.SYS[WMILIB.SYS!WmiSystemControl] 8800001C
IAT \SystemRoot\System32\Drivers\a5vr3pad.SYS[WMILIB.SYS!WmiCompleteRequest] 001CB99E

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\Explorer.EXE[192] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[192] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[192] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [7C884205] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[192] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[192] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[192] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [7C884205] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[192] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[192] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!CreateProcessAsUserA] [77E45605] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[192] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [77E45600] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[192] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[192] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] [77E45600] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[192] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\32788R22FWJFW\ATTRIB.cfxxe[2248] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [7C884205] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\32788R22FWJFW\ATTRIB.cfxxe[2248] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\32788R22FWJFW\ATTRIB.cfxxe[2248] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\32788R22FWJFW\ATTRIB.cfxxe[2248] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [7C884205] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\32788R22FWJFW\ATTRIB.cfxxe[2248] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\32788R22FWJFW\ATTRIB.cfxxe[2248] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [77E45600] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\32788R22FWJFW\ATTRIB.cfxxe[2248] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\32788R22FWJFW\cmd.cfxxe[2296] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [7C884205] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\32788R22FWJFW\cmd.cfxxe[2296] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\32788R22FWJFW\cmd.cfxxe[2296] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\32788R22FWJFW\cmd.cfxxe[2296] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [7C884205] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\32788R22FWJFW\cmd.cfxxe[2296] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\32788R22FWJFW\cmd.cfxxe[2296] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [77E45600] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\32788R22FWJFW\cmd.cfxxe[2296] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Documents and Settings\Kristina.KRISSY\Desktop\23re5w2r.exe[2756] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [7C884205] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Documents and Settings\Kristina.KRISSY\Desktop\23re5w2r.exe[2756] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Documents and Settings\Kristina.KRISSY\Desktop\23re5w2r.exe[2756] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Documents and Settings\Kristina.KRISSY\Desktop\23re5w2r.exe[2756] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [7C884205] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Documents and Settings\Kristina.KRISSY\Desktop\23re5w2r.exe[2756] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Documents and Settings\Kristina.KRISSY\Desktop\23re5w2r.exe[2756] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [77E45600] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\Documents and Settings\Kristina.KRISSY\Desktop\23re5w2r.exe[2756] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Documents and Settings\Kristina.KRISSY\Desktop\23re5w2r.exe[2756] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Documents and Settings\Kristina.KRISSY\Desktop\23re5w2r.exe[2756] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] [77E45600] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\Documents and Settings\Kristina.KRISSY\Desktop\23re5w2r.exe[2756] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\RTHDCPL.EXE[2872] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [7C884205] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\RTHDCPL.EXE[2872] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\RTHDCPL.EXE[2872] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\RTHDCPL.EXE[2872] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\RTHDCPL.EXE[2872] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [77E45600] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\RTHDCPL.EXE[2872] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\RTHDCPL.EXE[2872] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [7C884205] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\RTHDCPL.EXE[2872] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Common Files\Java\Java Update\jusched.exe[2884] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Common Files\Java\Java Update\jusched.exe[2884] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!CreateProcessAsUserA] [77E45605] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\Program Files\Common Files\Java\Java Update\jusched.exe[2884] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [7C884205] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Common Files\Java\Java Update\jusched.exe[2884] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Common Files\Java\Java Update\jusched.exe[2884] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [7C884205] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Common Files\Java\Java Update\jusched.exe[2884] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Common Files\Java\Java Update\jusched.exe[2884] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Common Files\Java\Java Update\jusched.exe[2884] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [77E45600] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\Program Files\Common Files\Java\Java Update\jusched.exe[2884] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\iTunes\iTunesHelper.exe[2980] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\iTunes\iTunesHelper.exe[2980] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [7C884205] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\iTunes\iTunesHelper.exe[2980] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\iTunes\iTunesHelper.exe[2980] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [7C884205] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\iTunes\iTunesHelper.exe[2980] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\iTunes\iTunesHelper.exe[2980] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [77E45600] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\Program Files\iTunes\iTunesHelper.exe[2980] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\iTunes\iTunesHelper.exe[2980] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\iTunes\iTunesHelper.exe[2980] @ C:\WINDOWS\system32\WININET.DLL [ADVAPI32.dll!CreateProcessAsUserA] [77E45605] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\system32\RUNDLL32.EXE[3080] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [7C884205] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\RUNDLL32.EXE[3080] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\RUNDLL32.EXE[3080] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\RUNDLL32.EXE[3080] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\RUNDLL32.EXE[3080] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [77E45600] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\system32\RUNDLL32.EXE[3080] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\RUNDLL32.EXE[3080] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [7C884205] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\RUNDLL32.EXE[3080] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\RUNDLL32.EXE[3080] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] [77E45600] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\system32\RUNDLL32.EXE[3080] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[3264] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[3264] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[3264] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [7C884205] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[3264] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[3264] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [7C884205] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[3264] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[3264] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [77E45600] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[3264] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[3264] @ C:\WINDOWS\system32\WININET.DLL [ADVAPI32.dll!CreateProcessAsUserA] [77E45605] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[3264] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] [77E45600] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[3264] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8B4C61F8
Device \FileSystem\Fastfat \FatCdrom 8A6411F8
Device \FileSystem\Udfs \UdfsCdRom 8AE51500
Device \FileSystem\Udfs \UdfsDisk 8AE51500
Device \Driver\usbuhci \Device\USBPDO-0 8B2CC1F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon  8B4511F8
Device \Driver\dmio \Device\DmControl\DmConfig 8B4511F8
Device \Driver\dmio \Device\DmControl\DmPnP 8B4511F8
Device \Driver\dmio \Device\DmControl\DmInfo 8B4511F8
Device \Driver\usbuhci \Device\USBPDO-1 8B2CC1F8
Device \Driver\usbuhci \Device\USBPDO-2 8B2CC1F8
Device \Driver\usbehci \Device\USBPDO-3 8B26C1F8
Device \Driver\usbuhci \Device\USBPDO-4 8B2CC1F8
Device \Driver\usbuhci \Device\USBPDO-5 8B2CC1F8
Device \Driver\PCI_PNP6650 \Device\00000056 sppv.sys
Device \Driver\usbuhci \Device\USBPDO-6 8B2CC1F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 8B4C81F8
Device \Driver\usbehci \Device\USBPDO-7 8B26C1F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8B4C81F8
Device \Driver\Cdrom \Device\CdRom0 8B2211F8
Device \Driver\Cdrom \Device\CdRom1 8B2211F8
Device \Driver\atapi \Device\Ide\IdePort0 [B7E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [B7E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort2 [B7E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort3 [B7E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort4 [B7E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort5 [B7E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-16 [B7E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-7 [B7E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\NetBT \Device\NetBt_Wins_Export 8AE2B1F8
Device \Driver\NetBT \Device\NetbiosSmb 8AE2B1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{BF5294C5-BEC1-49BE-8426-4A214F6DF64A} 8AE2B1F8
Device \Driver\sptd \Device\1362016650 sppv.sys
Device \Driver\usbuhci \Device\USBFDO-0 8B2CC1F8
Device \Driver\usbuhci \Device\USBFDO-1 8B2CC1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8B15F500
Device \Driver\usbuhci \Device\USBFDO-2 8B2CC1F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8B15F500
Device \Driver\usbehci \Device\USBFDO-3 8B26C1F8
Device \Driver\usbuhci \Device\USBFDO-4 8B2CC1F8
Device \Driver\Ftdisk \Device\FtControl 8B4C81F8
Device \Driver\usbuhci \Device\USBFDO-5 8B2CC1F8
Device \Driver\usbuhci \Device\USBFDO-6 8B2CC1F8
Device \Driver\usbehci \Device\USBFDO-7 8B26C1F8
Device \Driver\a5vr3pad \Device\Scsi\a5vr3pad1Port6Path0Target0Lun0 8B2131F8
Device \Driver\a5vr3pad \Device\Scsi\a5vr3pad1 8B2131F8
Device \FileSystem\Fastfat \Fat 8A6411F8

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs 8AE35500

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0xAD 0xB4 0x3B 0x26 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC 
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0xE3 0x5D 0xDB 0x25 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0xBE 0x78 0x9A 0xA8 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\[email protected] 0x8D 0x27 0xED 0xA8 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) 
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\[email protected] 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\[email protected] 0xAD 0xB4 0x3B 0x26 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) 
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\[email protected] 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\[email protected] 1
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\[email protected] 0xE3 0x5D 0xDB 0x25 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) 
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0xBE 0x78 0x9A 0xA8 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) 
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\[email protected] 0x8D 0x27 0xED 0xA8 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 10000

---- EOF - GMER 1.0.15 ----


----------



## Crimm (Jun 16, 2010)

If you'd like to take the day off, please, be my guest. I really appreciate all the help, but it is a sunday after all, and I don't want to take up your weekend. I can afford to wait another day.


----------



## Cookiegal (Aug 27, 2003)

Let's try removing ComboFix by dragging it to the recycle bin and redownload it again using the same instructions. Be sure to disable MSE and all other security programs this time when running the scan and post the log.


----------



## Crimm (Jun 16, 2010)

ComboFix 10-06-20.06 - Kristina 06/21/2010 10:02:01.2.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.2932 [GMT -4:00]
Running from: e:\my documents\Downloads\puppy.exe
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: F-Secure Anti-Virus Client Security 5.55 *disabled* {D4747503-0346-49EB-9262-997542F79BF4}
.
The following files were disabled during the run:
c:\windows\system32\nbtsping.dll

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\IE8-WI~1.EXE
c:\windows\system32\disk.dll

.
((((((((((((((((((((((((( Files Created from 2010-05-21 to 2010-06-21 )))))))))))))))))))))))))))))))
.

2010-06-16 16:05 . 2010-06-16 16:05 -------- d-----w- c:\documents and settings\Kristina.KRISSY\Application Data\Malwarebytes
2010-06-16 16:04 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-16 16:04 . 2010-06-16 16:04 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2010-06-16 16:04 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-16 16:04 . 2010-06-16 16:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-15 19:46 . 2010-06-15 19:46 25214 ----a-r- c:\documents and settings\Kristina.KRISSY\Application Data\Microsoft\Installer\{CE378F36-E404-4244-A33F-F50A2A6D31BD}\ARPPRODUCTICON.exe
2010-06-15 19:13 . 2010-06-15 19:13 -------- d-sh--w- c:\documents and settings\Kristina.KRISSY\PrivacIE
2010-06-15 19:09 . 2010-06-15 19:09 -------- d-sh--w- c:\documents and settings\NetworkService.NT AUTHORITY\IETldCache
2010-06-15 19:09 . 2010-06-15 19:09 -------- d-sh--w- c:\documents and settings\Kristina.KRISSY\IETldCache
2010-06-15 19:05 . 2010-06-15 19:05 -------- d-----w- c:\windows\ie8updates
2010-06-15 19:04 . 2010-06-15 19:05 -------- dc-h--w- c:\windows\ie8
2010-06-15 19:01 . 2010-05-06 10:41 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-06-15 19:01 . 2010-05-06 10:41 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-06-15 19:01 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-15 19:01 . 2010-04-16 11:43 41984 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-06-13 11:31 . 2010-06-15 19:13 8354440 ----a-w- C:\Firefox Setup 3.6.3.exe
2010-06-13 05:35 . 2004-08-04 02:31 20992 -c--a-w- c:\windows\system32\dllcache\rtl8139.sys
2010-06-13 05:35 . 2004-08-04 02:31 20992 ----a-w- c:\windows\system32\drivers\rtl8139.sys
2010-06-13 05:35 . 2008-04-13 18:40 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2010-06-13 05:35 . 2008-04-13 18:40 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2010-06-13 05:35 . 2008-04-13 18:41 8576 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys
2010-06-13 05:35 . 2008-04-13 18:41 8576 ----a-w- c:\windows\system32\drivers\i2omgmt.sys
2010-06-13 05:35 . 2008-04-13 18:40 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2010-06-13 05:35 . 2008-04-13 18:40 8192 ----a-w- c:\windows\system32\drivers\changer.sys
2010-06-13 05:34 . 2010-06-13 05:34 46592 ----a-w- c:\windows\system32\nbtsping.dll.vir
2010-06-13 05:09 . 2010-06-13 05:09 50354 ----a-w- c:\documents and settings\Kristina.KRISSY\Application Data\Facebook\uninstall.exe
2010-06-13 05:09 . 2010-06-13 05:09 -------- d-----w- c:\documents and settings\Kristina.KRISSY\Application Data\Facebook
2010-06-13 05:09 . 2010-06-13 05:09 1990728 ----a-w- C:\Install_Facebook_Plug-In_1.0.3.exe
2010-06-13 03:20 . 2010-06-13 03:21 5265686 ----a-w- C:\ffdshow_rev3452_20100524.exe
2010-06-13 03:11 . 2010-06-13 03:12 -------- d-----w- C:\c17befc199ce76070830
2010-06-13 03:10 . 2010-06-13 03:11 -------- d-----w- C:\1cf8182737c2fef1f4bbb44e32
2010-06-13 02:52 . 2010-06-13 02:53 25740144 ----a-w- C:\wmp11-windowsxp-x86-enu.exe
2010-06-13 02:37 . 2010-06-13 02:37 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-06-13 02:37 . 2010-06-13 02:37 11862896 ----a-w- C:\mssefullinstall-x86fre-en-us-xp.exe
2010-06-09 10:45 . 2010-06-09 10:45 5591040 ----a-w- c:\documents and settings\Kristina.KRISSY\Application Data\Facebook\npfbplugin_1_0_3.dll
2010-06-05 19:36 . 2010-06-05 19:36 -------- d-----w- c:\documents and settings\Kristina.KRISSY\Local Settings\Application Data\PCHealth
2010-06-05 19:36 . 2010-06-05 19:36 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\PCHealth
2010-06-04 16:25 . 2010-06-04 16:25 77312 ----a-w- c:\documents and settings\Kristina.KRISSY\Application Data\SystemRequirementsLab\srlproxy_cyri_4.1.72.0A.dll
2010-06-03 19:40 . 2010-06-03 19:40 45828 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Blizzard Entertainment\Battle.net\Cache\Download\Scan.dll
2010-05-25 03:56 . 2010-05-25 03:56 -------- d-----w- c:\documents and settings\Kristina.KRISSY\Application Data\NVIDIA
2010-05-23 00:48 . 2010-05-23 00:48 61440 ----a-w- c:\documents and settings\Kristina.KRISSY\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-6475fcbd-n\decora-sse.dll
2010-05-23 00:48 . 2010-05-23 00:48 503808 ----a-w- c:\documents and settings\Kristina.KRISSY\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-30292047-n\msvcp71.dll
2010-05-23 00:48 . 2010-05-23 00:48 499712 ----a-w- c:\documents and settings\Kristina.KRISSY\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-30292047-n\jmc.dll
2010-05-23 00:48 . 2010-05-23 00:48 348160 ----a-w- c:\documents and settings\Kristina.KRISSY\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-30292047-n\msvcr71.dll
2010-05-23 00:48 . 2010-05-23 00:48 12800 ----a-w- c:\documents and settings\Kristina.KRISSY\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-6475fcbd-n\decora-d3d.dll
2010-05-23 00:40 . 2010-05-23 00:40 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\NVIDIA Corporation
2010-05-23 00:39 . 2010-05-23 00:41 -------- d-----w- c:\program files\NVIDIA Corporation
2010-05-23 00:39 . 2010-04-03 22:55 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-05-23 00:39 . 2010-04-03 22:55 2646632 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-05-23 00:39 . 2010-04-03 22:55 2183470 ----a-w- c:\windows\system32\nvdata.bin
2010-05-23 00:39 . 2010-04-03 22:55 2030184 ----a-w- c:\windows\system32\nvcuvid.dll
2010-05-23 00:39 . 2010-04-03 22:55 11647592 ----a-w- c:\windows\system32\nvcompiler.dll
2010-05-23 00:36 . 2010-05-23 00:36 290816 ----a-w- c:\documents and settings\Kristina.KRISSY\Application Data\SystemRequirementsLab\SRLProxy_nvd_4.dll
2010-05-23 00:36 . 2010-05-23 00:36 290816 ----a-w- c:\documents and settings\Kristina.KRISSY\Application Data\SystemRequirementsLab\SRLProxy_nvd_3.dll
2010-05-23 00:36 . 2010-05-23 00:36 290816 ----a-w- c:\documents and settings\Kristina.KRISSY\Application Data\SystemRequirementsLab\SRLProxy_nvd_2.dll
2010-05-23 00:36 . 2010-05-23 00:36 290816 ----a-w- c:\documents and settings\Kristina.KRISSY\Application Data\SystemRequirementsLab\SRLProxy_nvd_1.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-21 13:58 . 2009-06-29 19:40 -------- d-----w- c:\documents and settings\Kristina.KRISSY\Application Data\WTablet
2010-06-21 13:58 . 2009-06-29 19:41 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY\Application Data\WTablet
2010-06-16 14:54 . 2008-01-24 04:17 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-06-13 11:30 . 2006-04-05 20:41 107134 ----a-w- c:\windows\UninstallFirefox.exe
2010-06-13 11:30 . 2005-08-21 02:23 4869 -c--a-w- c:\windows\mozver.dat
2010-06-13 05:34 . 2010-06-13 05:34 20 ----a-w- c:\documents and settings\Kristina.KRISSY\Application Data\qcopjv.dat
2010-06-13 03:12 . 2007-02-17 02:18 -------- d-----w- c:\program files\Windows Media Connect 2
2010-06-04 16:25 . 2009-10-02 14:28 -------- d-----w- c:\documents and settings\Kristina.KRISSY\Application Data\SystemRequirementsLab
2010-06-04 14:04 . 2007-08-28 05:36 -------- d-----w- c:\program files\Microsoft Silverlight
2010-05-23 00:40 . 2008-01-15 23:09 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-05-23 00:36 . 2009-10-02 14:28 -------- d-----w- c:\program files\SystemRequirementsLab
2010-05-23 00:34 . 2010-05-02 02:43 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Blizzard Entertainment
2010-05-21 18:14 . 2010-03-02 01:39 221568 ----a-w- c:\windows\system32\MpSigStub.exe
2010-05-18 16:40 . 2010-05-18 16:40 -------- d-----w- c:\documents and settings\Kristina.KRISSY\Application Data\Amazon
2010-05-18 16:40 . 2010-05-18 16:40 -------- d-----w- c:\program files\Amazon
2010-05-18 16:40 . 2010-05-18 16:40 1008936 ----a-w- C:\AmazonMP3Installer.exe
2010-05-10 23:32 . 2007-06-16 21:54 -------- d-----w- c:\program files\Common Files\Java
2010-05-10 23:32 . 2010-05-10 23:32 61440 ----a-w- c:\documents and settings\Kristina.KRISSY\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-45b51bfb-n\decora-sse.dll
2010-05-10 23:32 . 2010-05-10 23:32 503808 ----a-w- c:\documents and settings\Kristina.KRISSY\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-38b3babe-n\msvcp71.dll
2010-05-10 23:32 . 2010-05-10 23:32 499712 ----a-w- c:\documents and settings\Kristina.KRISSY\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-38b3babe-n\jmc.dll
2010-05-10 23:32 . 2010-05-10 23:32 348160 ----a-w- c:\documents and settings\Kristina.KRISSY\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-38b3babe-n\msvcr71.dll
2010-05-10 23:32 . 2010-05-10 23:32 12800 ----a-w- c:\documents and settings\Kristina.KRISSY\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-45b51bfb-n\decora-d3d.dll
2010-05-10 23:32 . 2007-06-16 21:54 -------- d-----w- c:\program files\Java
2010-05-10 23:20 . 2010-05-10 23:20 1364522 ----a-w- C:\wrar393.exe
2010-05-10 23:00 . 2009-11-05 22:21 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\BioWare
2010-05-10 23:00 . 2010-05-10 21:12 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Electronic Arts
2010-05-10 22:58 . 2010-05-10 22:25 -------- d-----w- c:\program files\Dragon Age
2010-05-10 22:56 . 2010-05-10 21:09 -------- d-----w- c:\program files\Electronic Arts
2010-05-10 22:40 . 2009-10-16 20:51 -------- d-----w- c:\program files\Common Files\BioWare
2010-05-10 22:13 . 2010-05-10 21:15 502792 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\EA Core\cache\EADM\{ [email protected] }\dragonage_na\DirectX\DXSETUP.exe
2010-05-10 22:13 . 2010-05-10 21:15 1673224 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\EA Core\cache\EADM\{ [email protected] }\dragonage_na\DirectX\dsetup32.dll
2010-05-10 22:13 . 2010-05-10 21:15 76808 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\EA Core\cache\EADM\{ [email protected] }\dragonage_na\DirectX\DSETUP.dll
2010-05-10 21:55 . 2010-05-10 21:15 386320 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\EA Core\cache\EADM\{ [email protected] }\dragonage_na\data\Dragon Age_code.exe
2010-05-10 21:55 . 2010-05-10 21:15 958072 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\EA Core\cache\EADM\{ [email protected] }\dragonage_na\data\Dragon Age Uninstaller.exe
2010-05-10 21:55 . 2010-05-10 21:15 554214 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\EA Core\cache\EADM\{ [email protected] }\dragonage_na\data\DataSetup.exe
2010-05-10 21:15 . 2010-05-10 21:15 2130160 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\EA Core\cache\EADM\{ [email protected] }\dragonage_na\Setup.exe
2010-05-10 21:13 . 2010-05-10 21:09 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-05-10 21:13 . 2010-05-10 21:13 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\EA Core
2010-05-06 10:41 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-03 20:53 . 2007-05-20 22:01 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-05-02 05:22 . 2004-08-04 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 21:51 . 2010-04-29 21:51 -------- d-----w- c:\program files\iTunes
2010-04-29 21:51 . 2010-04-29 21:51 -------- d-----w- c:\program files\iPod
2010-04-29 21:51 . 2009-07-07 01:13 -------- d-----w- c:\program files\Common Files\Apple
2010-04-29 21:49 . 2010-04-29 21:49 -------- d-----w- c:\program files\Bonjour
2010-04-29 21:48 . 2010-04-29 21:48 73000 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
2010-04-25 18:21 . 2006-01-06 19:55 -------- d-----w- c:\documents and settings\Kristina.KRISSY\Application Data\Canon
2010-04-20 05:30 . 2004-08-04 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-15 19:42 . 2005-12-26 01:55 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-04-15 16:34 . 2010-04-15 16:34 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-04-12 21:29 . 2010-05-10 23:32 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-08 17:20 . 2010-04-08 17:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 17:20 . 2010-04-08 17:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-04-05 12:41 . 2005-10-01 18:08 1974352 ----a-w- c:\documents and settings\VisualBoyAdvance-1.8.0-beta3\VisualBoyAdvance.exe
2010-04-03 23:23 . 2010-04-03 23:23 278120 ----a-w- c:\windows\system32\nvmccs.dll
2010-04-03 23:23 . 2010-04-03 23:23 154216 ----a-w- c:\windows\system32\nvsvc32.exe
2010-04-03 23:23 . 2010-04-03 23:23 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-04-03 23:23 . 2010-04-03 23:23 13670504 ----a-w- c:\windows\system32\nvcpl.dll
2010-04-03 23:23 . 2010-04-03 23:23 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-04-03 23:22 . 2010-04-03 23:22 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-04-03 22:55 . 2007-12-19 00:55 4075520 ----a-w- c:\windows\system32\nvcuda.dll
2010-04-03 22:55 . 2007-06-29 04:43 1097728 ----a-w- c:\windows\system32\nvapi.dll
2010-04-03 22:55 . 2005-07-03 03:33 600680 -c--a-w- c:\windows\system32\nvudisp.exe
2010-04-03 22:55 . 2005-07-02 21:04 6432128 ----a-w- c:\windows\system32\nv4_disp.dll
2010-04-03 22:55 . 2005-07-02 21:04 10232128 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2010-04-03 22:55 . 2005-06-15 21:20 227944 ----a-w- c:\windows\system32\nvcodins.dll
2010-04-03 22:55 . 2005-06-15 21:20 227944 ----a-w- c:\windows\system32\nvcod.dll
2010-04-03 22:55 . 2005-06-15 21:20 14757888 ----a-w- c:\windows\system32\nvoglnt.dll
2010-04-02 20:54 . 2007-09-19 01:34 600680 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-03-25 16:00 . 2010-03-25 16:00 152576 ----a-w- c:\documents and settings\Kristina.KRISSY\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-03-25 16:00 . 2010-03-25 16:00 79488 ----a-w- c:\documents and settings\Kristina.KRISSY\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-03-25 15:54 . 2010-03-25 15:54 152576 ----a-w- c:\documents and settings\Kristina.KRISSY\Application Data\Sun\Java\jre1.6.0_16\lzma.dll
.

```
<pre>
c:\program files\Spybot - Search & Destroy\TeaTimer .exe
c:\program files\SUPERAntiSpyware\SUPERAntiSpyware .exe
c:\windows\PCHEALTH\HELPCTR\Binaries\MSConfig .exe
</pre>
```
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 1318912]
"Aim6"="" [N/A]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-05-30 868352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 16380416]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
"nwiz"="nwiz.exe" [N/A]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-03 13670504]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-04-03 110696]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\Kristina.KRISSY\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-5-16 113664]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-5-16 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
Shortcut to WinColor.lnk - c:\program files\Pro Imaging Powertoys\Microsoft Color Control Panel Applet for Windows XP\WinColor.exe [2005-10-31 371456]
TabUserW.exe.lnk - c:\windows\system32\Wtablet\TabUserW.exe [2003-5-29 77824]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 18:41 294912 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sprestrt

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\Kristina\\Desktop\\Ghost_Gameplay2005-downloader.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1140500000\\ee\\aim6.exe"=
"c:\\Program Files\\F-Secure\\BackWeb\\7681197\\program\\F-Secure Automatic Update.exe"=
"e:\\Dungeon Keeper 2\\DKII.icd"=
"e:\\FEAR\\FEAR.exe"=
"e:\\FEAR\\FEARMP.exe"=
"e:\\FEAR\\FEARXP\\FEARXP.exe"=
"e:\\Star Wars KotOR II\\swupdate.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"e:\\Warhammer\\DarkCrusade\\DarkCrusade.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\World of Warcraft Trial\\Launcher.exe"=
"e:\\Warcraft III\\Frozen Throne.exe"=
"e:\\Neverwinter Nights 2\\nwn2main.exe"=
"e:\\Neverwinter Nights 2\\nwn2main_amdxp.exe"=
"e:\\Neverwinter Nights 2\\nwupdate.exe"=
"e:\\Neverwinter Nights 2\\nwn2server.exe"=
"c:\\Program Files\\Dragon Age Origins Character Creator\\bin_ship\\DAOCharacterCreator.exe"=
"c:\\Program Files\\Dragon Age Origins Character Creator\\DAOriginsLauncher.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\StarCraft2\\StarCraft II Beta\\StarCraft II.exe"=
"c:\\StarCraft2\\StarCraft II Beta\\Versions\\Base15133\\SC2.exe"=
"c:\\StarCraft2\\StarCraft II Beta\\Versions\\Base15250\\SC2.exe"=
"c:\\Program Files\\Dragon Age\\bin_ship\\daorigins.exe"=
"c:\\Program Files\\Dragon Age\\DAOriginsLauncher.exe"=
"c:\\Program Files\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"=
"c:\\Program Files\\Dragon Age\\bin_ship\\EACoreServer.exe"=
"c:\\StarCraft2\\StarCraft II Beta\\Versions\\Base15343\\SC2.exe"=
"c:\\StarCraft2\\StarCraft II Beta\\Versions\\Base15392\\SC2.exe"=
"c:\\StarCraft2\\StarCraft II Beta\\Versions\\Base15449\\SC2.exe"=
"c:\\StarCraft2\\StarCraft II Beta\\Versions\\Base15580\\SC2.exe"=
"c:\\StarCraft2\\StarCraft II Beta\\Versions\\Base15623\\SC2.exe"=
"c:\\StarCraft2\\StarCraft II Beta\\Versions\\Base15655\\SC2.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"14003:TCP"= 14003:TCP:BitComet 14003 TCP
"14003:UDP"= 14003:UDP:BitComet 14003 UDP
"6112:TCP"= 6112:TCP:Starcraft
"6112:UDP"= 6112:UDP:Starcraft

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [10/10/2006 2:53 PM 5632]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/27/2007 1:39 PM 32256]
R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [6/29/2009 3:39 PM 2749224]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2/16/2008 9:08 PM 24652]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/16/2006 6:51 PM 4096]
R3 scrcap;scrcap;c:\windows\system32\drivers\scrcap.sys [12/27/2006 10:47 AM 9006]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [6/29/2009 3:39 PM 15656]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [4/15/2010 12:34 PM 691696]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\Dragon Age\bin_ship\daupdatersvc.service.exe [12/15/2009 4:07 PM 25832]
S3 JL2005;JL2005A Toy Camera;c:\windows\system32\drivers\toywdm.sys [6/4/2004 1:21 PM 70888]
.
Contents of the 'Scheduled Tasks' folder

2010-06-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-06-21 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-12-09 22:02]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\documents and settings\Kristina.KRISSY\Application Data\Mozilla\Firefox\Profiles\mgi92poc.default\
FF - plugin: c:\documents and settings\Kristina.KRISSY\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

AddRemove-HijackThis - c:\program files\Trend Micro\HijackThis\HijackThis.exe
AddRemove-Macromedia Shockwave Player - c:\windows\system32\Macromed\SHOCKW~1\UNWISE.EXE
AddRemove-NVIDIA Display Control Panel - c:\program files\NVIDIA Corporation\Uninstall\nvuninst.exe
AddRemove-ShockwaveFlash - c:\windows\system32\Macromed\Flash\UninstFl.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-21 10:05
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1004336348-1035525444-1801674531-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:c4,04,1f,11,bc,c8,ff,53,1a,0f,64,9f,80,ff,ea,8b,87,b9,94,b4,e3,1f,b4,
f7,f2,15,80,f5,96,ba,b9,84,48,fa,da,ea,a4,aa,62,52,0c,1c,80,22,97,27,9d,ff,\
"??"=hex:e4,79,11,ee,59,46,62,16,d2,45,66,4a,b9,49,72,19

[HKEY_USERS\S-1-5-21-1004336348-1035525444-1801674531-1004\Software\SecuROM\License information*]
"datasecu"=hex:01,d7,05,f3,46,34,7a,74,db,99,b3,cb,4f,7c,a7,9b,28,33,3d,d9,be,
0d,b6,7e,96,28,7c,bd,01,3e,55,ce,8a,31,65,f0,61,b2,37,6c,2e,5f,f3,4c,eb,87,\
"rkeysecu"=hex:21,0e,06,11,8a,02,e1,9e,c6,e0,cf,82,59,b0,06,24
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(764)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(236)
c:\windows\system32\WININET.dll
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-06-21 10:07:12
ComboFix-quarantined-files.txt 2010-06-21 14:07

Pre-Run: 129,340,530,688 bytes free
Post-Run: 129,298,825,216 bytes free

- - End Of File - - 57FC2FA296F91EBA7C33487B49E13ED5


----------



## Cookiegal (Aug 27, 2003)

Open Notepad and copy and paste the text in the code box below into it:


```
File::
c:\windows\system32\nbtsping.dll
c:\windows\system32\nbtsping.dll.vir

RenV::
c:\program files\Spybot - Search & Destroy\TeaTimer .exe
c:\program files\SUPERAntiSpyware\SUPERAntiSpyware .exe
c:\windows\PCHEALTH\HELPCTR\Binaries\MSConfig .exe
```
Save the file to your desktop and name it CFScript.txt

Referring to the picture below, drag CFScript.txt into ComboFix.exe










This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply together with a new HijackThis log.


----------



## Crimm (Jun 16, 2010)

ComboFix 10-06-23.05 - Kristina 06/24/2010 13:08:53.3.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.2998 [GMT -4:00]
Running from: c:\documents and settings\Kristina.KRISSY\Desktop\puppy.exe
Command switches used :: c:\documents and settings\Kristina.KRISSY\Desktop\CFScript.txt
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: F-Secure Anti-Virus Client Security 5.55 *disabled* {D4747503-0346-49EB-9262-997542F79BF4}
* Created a new restore point

FILE ::
"c:\windows\system32\nbtsping.dll"
"c:\windows\system32\nbtsping.dll.vir"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\nbtsping.dll

.
((((((((((((((((((((((((( Files Created from 2010-05-24 to 2010-06-24 )))))))))))))))))))))))))))))))
.

2010-06-16 16:05 . 2010-06-16 16:05 -------- d-----w- c:\documents and settings\Kristina.KRISSY\Application Data\Malwarebytes
2010-06-16 16:04 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-16 16:04 . 2010-06-16 16:04 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2010-06-16 16:04 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-16 16:04 . 2010-06-16 16:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-15 19:46 . 2010-06-15 19:46 25214 ----a-r- c:\documents and settings\Kristina.KRISSY\Application Data\Microsoft\Installer\{CE378F36-E404-4244-A33F-F50A2A6D31BD}\ARPPRODUCTICON.exe
2010-06-15 19:13 . 2010-06-15 19:13 -------- d-sh--w- c:\documents and settings\Kristina.KRISSY\PrivacIE
2010-06-15 19:09 . 2010-06-15 19:09 -------- d-sh--w- c:\documents and settings\NetworkService.NT AUTHORITY\IETldCache
2010-06-15 19:09 . 2010-06-15 19:09 -------- d-sh--w- c:\documents and settings\Kristina.KRISSY\IETldCache
2010-06-15 19:05 . 2010-06-15 19:05 -------- d-----w- c:\windows\ie8updates
2010-06-15 19:04 . 2010-06-15 19:05 -------- dc-h--w- c:\windows\ie8
2010-06-15 19:01 . 2010-05-06 10:41 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-06-15 19:01 . 2010-05-06 10:41 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-06-15 19:01 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-15 19:01 . 2010-04-16 11:43 41984 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-06-13 11:31 . 2010-06-15 19:13 8354440 ----a-w- C:\Firefox Setup 3.6.3.exe
2010-06-13 05:35 . 2004-08-04 02:31 20992 -c--a-w- c:\windows\system32\dllcache\rtl8139.sys
2010-06-13 05:35 . 2004-08-04 02:31 20992 ----a-w- c:\windows\system32\drivers\rtl8139.sys
2010-06-13 05:35 . 2008-04-13 18:40 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2010-06-13 05:35 . 2008-04-13 18:40 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2010-06-13 05:35 . 2008-04-13 18:41 8576 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys
2010-06-13 05:35 . 2008-04-13 18:41 8576 ----a-w- c:\windows\system32\drivers\i2omgmt.sys
2010-06-13 05:35 . 2008-04-13 18:40 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2010-06-13 05:35 . 2008-04-13 18:40 8192 ----a-w- c:\windows\system32\drivers\changer.sys
2010-06-13 05:09 . 2010-06-13 05:09 50354 ----a-w- c:\documents and settings\Kristina.KRISSY\Application Data\Facebook\uninstall.exe
2010-06-13 05:09 . 2010-06-13 05:09 -------- d-----w- c:\documents and settings\Kristina.KRISSY\Application Data\Facebook
2010-06-13 05:09 . 2010-06-13 05:09 1990728 ----a-w- C:\Install_Facebook_Plug-In_1.0.3.exe
2010-06-13 03:20 . 2010-06-13 03:21 5265686 ----a-w- C:\ffdshow_rev3452_20100524.exe
2010-06-13 03:11 . 2010-06-13 03:12 -------- d-----w- C:\c17befc199ce76070830
2010-06-13 03:10 . 2010-06-13 03:11 -------- d-----w- C:\1cf8182737c2fef1f4bbb44e32
2010-06-13 02:52 . 2010-06-13 02:53 25740144 ----a-w- C:\wmp11-windowsxp-x86-enu.exe
2010-06-13 02:37 . 2010-06-13 02:37 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-06-13 02:37 . 2010-06-13 02:37 11862896 ----a-w- C:\mssefullinstall-x86fre-en-us-xp.exe
2010-06-09 10:45 . 2010-06-09 10:45 5591040 ----a-w- c:\documents and settings\Kristina.KRISSY\Application Data\Facebook\npfbplugin_1_0_3.dll
2010-06-05 19:36 . 2010-06-05 19:36 -------- d-----w- c:\documents and settings\Kristina.KRISSY\Local Settings\Application Data\PCHealth
2010-06-05 19:36 . 2010-06-05 19:36 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\PCHealth
2010-06-04 16:25 . 2010-06-04 16:25 77312 ----a-w- c:\documents and settings\Kristina.KRISSY\Application Data\SystemRequirementsLab\srlproxy_cyri_4.1.72.0A.dll
2010-06-03 19:40 . 2010-06-03 19:40 45828 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Blizzard Entertainment\Battle.net\Cache\Download\Scan.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-24 17:08 . 2008-01-24 04:17 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-06-24 17:08 . 2004-04-09 22:14 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-06-24 17:05 . 2009-06-29 19:40 -------- d-----w- c:\documents and settings\Kristina.KRISSY\Application Data\WTablet
2010-06-24 16:54 . 2009-06-29 19:41 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY\Application Data\WTablet
2010-06-13 11:30 . 2006-04-05 20:41 107134 ----a-w- c:\windows\UninstallFirefox.exe
2010-06-13 11:30 . 2005-08-21 02:23 4869 -c--a-w- c:\windows\mozver.dat
2010-06-13 05:34 . 2010-06-13 05:34 20 ----a-w- c:\documents and settings\Kristina.KRISSY\Application Data\qcopjv.dat
2010-06-13 03:12 . 2007-02-17 02:18 -------- d-----w- c:\program files\Windows Media Connect 2
2010-06-04 16:25 . 2009-10-02 14:28 -------- d-----w- c:\documents and settings\Kristina.KRISSY\Application Data\SystemRequirementsLab
2010-06-04 14:04 . 2007-08-28 05:36 -------- d-----w- c:\program files\Microsoft Silverlight
2010-05-25 03:56 . 2010-05-25 03:56 -------- d-----w- c:\documents and settings\Kristina.KRISSY\Application Data\NVIDIA
2010-05-23 00:48 . 2010-05-23 00:48 61440 ----a-w- c:\documents and settings\Kristina.KRISSY\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-6475fcbd-n\decora-sse.dll
2010-05-23 00:48 . 2010-05-23 00:48 503808 ----a-w- c:\documents and settings\Kristina.KRISSY\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-30292047-n\msvcp71.dll
2010-05-23 00:48 . 2010-05-23 00:48 499712 ----a-w- c:\documents and settings\Kristina.KRISSY\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-30292047-n\jmc.dll
2010-05-23 00:48 . 2010-05-23 00:48 348160 ----a-w- c:\documents and settings\Kristina.KRISSY\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-30292047-n\msvcr71.dll
2010-05-23 00:48 . 2010-05-23 00:48 12800 ----a-w- c:\documents and settings\Kristina.KRISSY\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-6475fcbd-n\decora-d3d.dll
2010-05-23 00:41 . 2010-05-23 00:39 -------- d-----w- c:\program files\NVIDIA Corporation
2010-05-23 00:40 . 2008-01-15 23:09 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-05-23 00:40 . 2010-05-23 00:40 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\NVIDIA Corporation
2010-05-23 00:36 . 2009-10-02 14:28 -------- d-----w- c:\program files\SystemRequirementsLab
2010-05-23 00:36 . 2010-05-23 00:36 290816 ----a-w- c:\documents and settings\Kristina.KRISSY\Application Data\SystemRequirementsLab\SRLProxy_nvd_4.dll
2010-05-23 00:36 . 2010-05-23 00:36 290816 ----a-w- c:\documents and settings\Kristina.KRISSY\Application Data\SystemRequirementsLab\SRLProxy_nvd_3.dll
2010-05-23 00:36 . 2010-05-23 00:36 290816 ----a-w- c:\documents and settings\Kristina.KRISSY\Application Data\SystemRequirementsLab\SRLProxy_nvd_2.dll
2010-05-23 00:36 . 2010-05-23 00:36 290816 ----a-w- c:\documents and settings\Kristina.KRISSY\Application Data\SystemRequirementsLab\SRLProxy_nvd_1.dll
2010-05-23 00:34 . 2010-05-02 02:43 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Blizzard Entertainment
2010-05-21 18:14 . 2010-03-02 01:39 221568 ----a-w- c:\windows\system32\MpSigStub.exe
2010-05-18 16:40 . 2010-05-18 16:40 -------- d-----w- c:\documents and settings\Kristina.KRISSY\Application Data\Amazon
2010-05-18 16:40 . 2010-05-18 16:40 -------- d-----w- c:\program files\Amazon
2010-05-18 16:40 . 2010-05-18 16:40 1008936 ----a-w- C:\AmazonMP3Installer.exe
2010-05-10 23:32 . 2007-06-16 21:54 -------- d-----w- c:\program files\Common Files\Java
2010-05-10 23:32 . 2010-05-10 23:32 61440 ----a-w- c:\documents and settings\Kristina.KRISSY\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-45b51bfb-n\decora-sse.dll
2010-05-10 23:32 . 2010-05-10 23:32 503808 ----a-w- c:\documents and settings\Kristina.KRISSY\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-38b3babe-n\msvcp71.dll
2010-05-10 23:32 . 2010-05-10 23:32 499712 ----a-w- c:\documents and settings\Kristina.KRISSY\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-38b3babe-n\jmc.dll
2010-05-10 23:32 . 2010-05-10 23:32 348160 ----a-w- c:\documents and settings\Kristina.KRISSY\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-38b3babe-n\msvcr71.dll
2010-05-10 23:32 . 2010-05-10 23:32 12800 ----a-w- c:\documents and settings\Kristina.KRISSY\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-45b51bfb-n\decora-d3d.dll
2010-05-10 23:32 . 2007-06-16 21:54 -------- d-----w- c:\program files\Java
2010-05-10 23:20 . 2010-05-10 23:20 1364522 ----a-w- C:\wrar393.exe
2010-05-10 23:00 . 2009-11-05 22:21 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\BioWare
2010-05-10 23:00 . 2010-05-10 21:12 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Electronic Arts
2010-05-10 22:58 . 2010-05-10 22:25 -------- d-----w- c:\program files\Dragon Age
2010-05-10 22:56 . 2010-05-10 21:09 -------- d-----w- c:\program files\Electronic Arts
2010-05-10 22:40 . 2009-10-16 20:51 -------- d-----w- c:\program files\Common Files\BioWare
2010-05-10 22:13 . 2010-05-10 21:15 502792 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\EA Core\cache\EADM\{ [email protected] }\dragonage_na\DirectX\DXSETUP.exe
2010-05-10 22:13 . 2010-05-10 21:15 1673224 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\EA Core\cache\EADM\{ [email protected] }\dragonage_na\DirectX\dsetup32.dll
2010-05-10 22:13 . 2010-05-10 21:15 76808 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\EA Core\cache\EADM\{ [email protected] }\dragonage_na\DirectX\DSETUP.dll
2010-05-10 21:55 . 2010-05-10 21:15 386320 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\EA Core\cache\EADM\{ [email protected] }\dragonage_na\data\Dragon Age_code.exe
2010-05-10 21:55 . 2010-05-10 21:15 958072 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\EA Core\cache\EADM\{ [email protected] }\dragonage_na\data\Dragon Age Uninstaller.exe
2010-05-10 21:55 . 2010-05-10 21:15 554214 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\EA Core\cache\EADM\{ [email protected] }\dragonage_na\data\DataSetup.exe
2010-05-10 21:15 . 2010-05-10 21:15 2130160 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\EA Core\cache\EADM\{ [email protected] }\dragonage_na\Setup.exe
2010-05-10 21:13 . 2010-05-10 21:09 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-05-10 21:13 . 2010-05-10 21:13 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\EA Core
2010-05-06 10:41 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-03 20:53 . 2007-05-20 22:01 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-05-02 05:22 . 2004-08-04 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 21:51 . 2010-04-29 21:51  -------- d-----w- c:\program files\iTunes
2010-04-29 21:51 . 2010-04-29 21:51 -------- d-----w- c:\program files\iPod
2010-04-29 21:51 . 2009-07-07 01:13 -------- d-----w- c:\program files\Common Files\Apple
2010-04-29 21:49 . 2010-04-29 21:49 -------- d-----w- c:\program files\Bonjour
2010-04-29 21:48 . 2010-04-29 21:48 73000 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
2010-04-25 18:21 . 2006-01-06 19:55 -------- d-----w- c:\documents and settings\Kristina.KRISSY\Application Data\Canon
2010-04-20 05:30 . 2004-08-04 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-15 19:42 . 2005-12-26 01:55 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-04-15 16:34 . 2010-04-15 16:34 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-04-12 21:29 . 2010-05-10 23:32 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-08 17:20 . 2010-04-08 17:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 17:20 . 2010-04-08 17:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-04-05 12:41 . 2005-10-01 18:08 1974352 ----a-w- c:\documents and settings\VisualBoyAdvance-1.8.0-beta3\VisualBoyAdvance.exe
2010-04-03 23:23 . 2010-04-03 23:23 278120 ----a-w- c:\windows\system32\nvmccs.dll
2010-04-03 23:23 . 2010-04-03 23:23 154216 ----a-w- c:\windows\system32\nvsvc32.exe
2010-04-03 23:23 . 2010-04-03 23:23 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-04-03 23:23 . 2010-04-03 23:23 13670504 ----a-w- c:\windows\system32\nvcpl.dll
2010-04-03 23:23 . 2010-04-03 23:23 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-04-03 23:22 . 2010-04-03 23:22 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-04-02 20:54 . 2007-09-19 01:34 600680 ----a-w- c:\windows\system32\NVUNINST.EXE
.

((((((((((((((((((((((((((((( [email protected]_14.05.35 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-06-24 17:05 . 2010-06-24 17:05 16384 c:\windows\Temp\Perflib_Perfdata_784.dat
+ 2008-01-23 05:35 . 2008-01-23 06:24 158208 c:\windows\system32\dllcache\msconfig.exe
+ 2008-01-23 05:35 . 2008-01-23 06:24 158208 c:\windows\PCHEALTH\HELPCTR\Binaries\MSConfig.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-01-24 1318912]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-05-30 868352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 16380416]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-03 13670504]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-04-03 110696]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\Kristina.KRISSY\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-5-16 113664]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-5-16 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
Shortcut to WinColor.lnk - c:\program files\Pro Imaging Powertoys\Microsoft Color Control Panel Applet for Windows XP\WinColor.exe [2005-10-31 371456]
TabUserW.exe.lnk - c:\windows\system32\Wtablet\TabUserW.exe [2003-5-29 77824]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 18:41 294912 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sprestrt

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\Kristina\\Desktop\\Ghost_Gameplay2005-downloader.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1140500000\\ee\\aim6.exe"=
"c:\\Program Files\\F-Secure\\BackWeb\\7681197\\program\\F-Secure Automatic Update.exe"=
"e:\\Dungeon Keeper 2\\DKII.icd"=
"e:\\FEAR\\FEAR.exe"=
"e:\\FEAR\\FEARMP.exe"=
"e:\\FEAR\\FEARXP\\FEARXP.exe"=
"e:\\Star Wars KotOR II\\swupdate.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"e:\\Warhammer\\DarkCrusade\\DarkCrusade.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\World of Warcraft Trial\\Launcher.exe"=
"e:\\Warcraft III\\Frozen Throne.exe"=
"e:\\Neverwinter Nights 2\\nwn2main.exe"=
"e:\\Neverwinter Nights 2\\nwn2main_amdxp.exe"=
"e:\\Neverwinter Nights 2\\nwupdate.exe"=
"e:\\Neverwinter Nights 2\\nwn2server.exe"=
"c:\\Program Files\\Dragon Age Origins Character Creator\\bin_ship\\DAOCharacterCreator.exe"=
"c:\\Program Files\\Dragon Age Origins Character Creator\\DAOriginsLauncher.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\StarCraft2\\StarCraft II Beta\\StarCraft II.exe"=
"c:\\StarCraft2\\StarCraft II Beta\\Versions\\Base15133\\SC2.exe"=
"c:\\StarCraft2\\StarCraft II Beta\\Versions\\Base15250\\SC2.exe"=
"c:\\Program Files\\Dragon Age\\bin_ship\\daorigins.exe"=
"c:\\Program Files\\Dragon Age\\DAOriginsLauncher.exe"=
"c:\\Program Files\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"=
"c:\\Program Files\\Dragon Age\\bin_ship\\EACoreServer.exe"=
"c:\\StarCraft2\\StarCraft II Beta\\Versions\\Base15343\\SC2.exe"=
"c:\\StarCraft2\\StarCraft II Beta\\Versions\\Base15392\\SC2.exe"=
"c:\\StarCraft2\\StarCraft II Beta\\Versions\\Base15449\\SC2.exe"=
"c:\\StarCraft2\\StarCraft II Beta\\Versions\\Base15580\\SC2.exe"=
"c:\\StarCraft2\\StarCraft II Beta\\Versions\\Base15623\\SC2.exe"=
"c:\\StarCraft2\\StarCraft II Beta\\Versions\\Base15655\\SC2.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"14003:TCP"= 14003:TCP:BitComet 14003 TCP
"14003:UDP"= 14003:UDP:BitComet 14003 UDP
"6112:TCP"= 6112:TCP:Starcraft
"6112:UDP"= 6112:UDP:Starcraft

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [10/10/2006 2:53 PM 5632]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/27/2007 1:39 PM 32256]
R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [6/29/2009 3:39 PM 2749224]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2/16/2008 9:08 PM 24652]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/16/2006 6:51 PM 4096]
R3 scrcap;scrcap;c:\windows\system32\drivers\scrcap.sys [12/27/2006 10:47 AM 9006]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [6/29/2009 3:39 PM 15656]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [4/15/2010 12:34 PM 691696]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\Dragon Age\bin_ship\daupdatersvc.service.exe [12/15/2009 4:07 PM 25832]
S3 JL2005;JL2005A Toy Camera;c:\windows\system32\drivers\toywdm.sys [6/4/2004 1:21 PM 70888]
.
Contents of the 'Scheduled Tasks' folder

2010-06-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-06-24 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-12-09 22:02]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\documents and settings\Kristina.KRISSY\Application Data\Mozilla\Firefox\Profiles\mgi92poc.default\
FF - plugin: c:\documents and settings\Kristina.KRISSY\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Aim6 - (no file)
HKLM-Run-nwiz - nwiz.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-24 13:12
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1004336348-1035525444-1801674531-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:c4,04,1f,11,bc,c8,ff,53,1a,0f,64,9f,80,ff,ea,8b,87,b9,94,b4,e3,1f,b4,
f7,f2,15,80,f5,96,ba,b9,84,48,fa,da,ea,a4,aa,62,52,0c,1c,80,22,97,27,9d,ff,\
"??"=hex:e4,79,11,ee,59,46,62,16,d2,45,66,4a,b9,49,72,19

[HKEY_USERS\S-1-5-21-1004336348-1035525444-1801674531-1004\Software\SecuROM\License information*]
"datasecu"=hex:01,d7,05,f3,46,34,7a,74,db,99,b3,cb,4f,7c,a7,9b,28,33,3d,d9,be,
0d,b6,7e,96,28,7c,bd,01,3e,55,ce,8a,31,65,f0,61,b2,37,6c,2e,5f,f3,4c,eb,87,\
"rkeysecu"=hex:21,0e,06,11,8a,02,e1,9e,c6,e0,cf,82,59,b0,06,24
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(760)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
.
Completion time: 2010-06-24 13:13:48
ComboFix-quarantined-files.txt 2010-06-24 17:13
ComboFix2.txt 2010-06-21 14:07

Pre-Run: 129,482,317,824 bytes free
Post-Run: 129,466,281,984 bytes free

- - End Of File - - 31599EF1E64BA82F5EFCB665BF3A14FE

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:17:49 PM, on 6/24/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HJT.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Adobe Media Player.lnk = C:\Program Files\Adobe Media Player\Adobe Media Player.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Shortcut to WinColor.lnk = C:\Program Files\Pro Imaging Powertoys\Microsoft Color Control Panel Applet for Windows XP\WinColor.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\Wtablet\TabUserW.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - 
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15106/CTPID.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\WINDOWS\system32\Wacom_Tablet.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: (no name) - http://ic1.deviantart.com/fs8/i/2005/356/f/c/Icecream_by_Nocturnal_Devil.jpg
O24 - Desktop Component 1: (no name) - http://blizzard.com/images/broodwar/popup/darchon.gif
O24 - Desktop Component 2: (no name) - http://blizzard.com/images/broodwar/popup/valkyrie.gif
O24 - Desktop Component 3: (no name) - http://blizzard.com/images/broodwar/popup/corsair.gif
O24 - Desktop Component 5: (no name) - http://gamercard.xbox.com/Queen 0f Blades.card

--
End of file - 7721 bytes


----------



## Cookiegal (Aug 27, 2003)

Please do an online scan with Kaspersky WebScanner

Kaspersky online scanner uses JAVA tecnology to perform the scan. If you do not have Java then you will need to go to the following link and download the latest version:

*JRE 6 Update 20 *

Instructions for Kaspersky scan:


Read through the requirements and privacy statement and click on *Accept* button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click *Run*.
When the downloads have finished, click on *Settings*.
Make sure the following is checked. 
*Spyware, Adware, Dialers, and other potentially dangerous programs 
Archives
Mail databases*

Click on *My Computer* under *Scan*.
Once the scan is complete, it will display the results. Click on *View Scan Report*.
You will see a list of infected items there. Click on *Save Report As...*.
Save this report to a convenient place. Change the *Files of type* to *Text file (.txt)* before clicking on the *Save* button.
Please post this log in your next reply.


----------



## Crimm (Jun 16, 2010)

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Friday, June 25, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Friday, June 25, 2010 14:56:40
Records in database: 4301363
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\

Scan statistics:
Objects scanned: 152651
Threats found: 1
Infected objects found: 4
Suspicious objects found: 0
Scan duration: 03:11:18


File name / Threat / Threats count
C:\Qoobox\Quarantine\C\WINDOWS\system32\nbtsping.dll.vir Infected: Backdoor.Win32.Papras.gp 1
C:\System Volume Information\_restore{3448EF98-0BB8-4E23-BEFB-E02AFD14C182}\RP1\snapshot\MFEX-1.DAT Infected: Backdoor.Win32.Papras.gp 1
C:\System Volume Information\_restore{3448EF98-0BB8-4E23-BEFB-E02AFD14C182}\RP3\A0001130.dll Infected: Backdoor.Win32.Papras.gp 1
C:\System Volume Information\_restore{3448EF98-0BB8-4E23-BEFB-E02AFD14C182}\RP4\A0001334.dll Infected: Backdoor.Win32.Papras.gp 1

Selected area has been scanned.


----------



## Cookiegal (Aug 27, 2003)

Please post a new HijackThis log.


----------



## Crimm (Jun 16, 2010)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:17:57 PM, on 6/25/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Program Files\Trend Micro\HijackThis\HJT.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Adobe Media Player.lnk = C:\Program Files\Adobe Media Player\Adobe Media Player.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Shortcut to WinColor.lnk = C:\Program Files\Pro Imaging Powertoys\Microsoft Color Control Panel Applet for Windows XP\WinColor.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\Wtablet\TabUserW.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - 
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15106/CTPID.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\WINDOWS\system32\Wacom_Tablet.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: (no name) - http://ic1.deviantart.com/fs8/i/2005/356/f/c/Icecream_by_Nocturnal_Devil.jpg
O24 - Desktop Component 1: (no name) - http://blizzard.com/images/broodwar/popup/darchon.gif
O24 - Desktop Component 2: (no name) - http://blizzard.com/images/broodwar/popup/valkyrie.gif
O24 - Desktop Component 3: (no name) - http://blizzard.com/images/broodwar/popup/corsair.gif
O24 - Desktop Component 5: (no name) - http://gamercard.xbox.com/Queen 0f Blades.card

--
End of file - 7663 bytes


----------



## Cookiegal (Aug 27, 2003)

Open HijackThis and click on the *Open Misc Tools section* button. Click on the *Open Uninstall Manager* button. Click the *Save List* button. Save the list then copy and paste it here.


----------



## Crimm (Jun 16, 2010)

3DMark06
Adobe AIR
Adobe AIR
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader 7.1.0
Adobe Shockwave Player 11.5
Adobe Stock Photos 1.0
AIM 6
Amazon MP3 Downloader 1.0.10
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AudibleManager
Autodesk SketchBookExpress 2010
Baldur's Gate
Baldur's Gate(TM) II - Shadows of Amn(TM)
BioWare Premium Module: Neverwinter Nights(TM) Kingmaker
Black & White® 2
Blender (remove only)
Bonjour
Brother HL-4070CDW
Canon CanoScan Toolbox 4.6
CCleaner (remove only)
CDisplay 1.8
Color Efex Pro 3.0 Wacom Edition 6
Combined Community Codec Pack 2008-09-21 16:18
Compatibility Pack for the 2007 Office system
Corel Painter X
Creative Mass Storage Drivers
Creative MediaSource
Creative MediaSource 5
Creative Removable Disk Manager
Creative System Information
Creative Zen Nano Plus
Creative ZEN V Series (R2)
Critical Update for Windows Media Player 11 (KB959772)
DarkCrusade
Diablo II
DivX
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
Dragon Age: Origins
Dragon Age: Origins Character Creator
Dungeon Keeper 2
EA Download Manager
EA Download Manager UI
EA Download Manager UI
EA Shared Game Component: Activation
EA Shared Game Component: Activation
FEAR
FEAR Extraction Point
FEAR Public Tools
FEAR Standalone Server
Fraps
gmax
Guild Wars
Handbrake 0.9.4
Heroes of Might and Magic V
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB938759)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
iPhone Configuration Utility
iTunes
Java(TM) 6 Update 2
Java(TM) 6 Update 20
Java(TM) 6 Update 3
Java(TM) SE Runtime Environment 6 Update 1
Malwarebytes' Anti-Malware
Manual CanoScan 4200F
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Color Control Panel Applet for Windows XP
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft MPEG-4 VKI Video Codec V1/V2/V3
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Professional
Microsoft Security Essentials
Microsoft Security Essentials
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.6.4)
MSN Music Assistant
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB933579)
MSXML4 Parser
Neverwinter Nights
Neverwinter Nights 2
NVIDIA Drivers
NVIDIA nView Desktop Manager
NVIDIA PhysX
Oblivion
OGA Notifier 2.0.0048.0
OmniPage SE 2.0
Pen Tablet
procreate(TM) Painter Classic(TM)
QuickTime
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981349)
Star Wars(R) Knights of the Old Republic(R) II: The Sith Lords(TM)
StarCraft
StarCraft II Beta
SUPERAntiSpyware Free Edition
System Requirements Lab
System Requirements Lab
System Requirements Lab
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB982632)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Viewpoint Media Player
Wacom Tablet
Warcraft III
Warhammer 40,000: Dawn Of War - Platinum Edition
Windows Defender Signatures
Windows Internet Explorer 8
Windows Live OneCare safety scanner
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows PowerShell(TM) 1.0
Windows XP Service Pack 3
WinRAR archiver
World of Warcraft
ZEN V Series Media Explorer


----------



## Cookiegal (Aug 27, 2003)

Your *Java* is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of *Java* components and upgrade the application.

*Upgrading Java*:


Download the latest version of *Java Runtime Environment (JRE) 6 Update 20 *.
Click the "*Download*" button to the right.
Select your Platform and check the box that says: "*I agree to the Java SE Runtime Environment 20 License Agreement.*".
Click on *Continue*.
Click on the link to download Windows Offline Installation (jre-6u20-windows-i586.exe) and save it to your desktop. *Do NOT use the Sun Download Manager.*
Close any programs you may have running - especially your web browser.
Go to *Start* > *Control Panel*, double-click on *Add/Remove *programs and remove all older versions of Java.
Check any item with * Java Runtime Environment, JRE, J2SE or Java(TM)* in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java version.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on the download to install the newest version.

These are the older versions of Java that you need to remove:

Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) SE Runtime Environment 6 Update 1

Also, uninstall this which is foistware:

Viewpoint Media Player

Then reboot and post a new regular HijackThis log please.


----------



## Crimm (Jun 16, 2010)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:19:28 PM, on 6/28/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Trend Micro\HijackThis\HJT.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Adobe Media Player.lnk = C:\Program Files\Adobe Media Player\Adobe Media Player.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Shortcut to WinColor.lnk = C:\Program Files\Pro Imaging Powertoys\Microsoft Color Control Panel Applet for Windows XP\WinColor.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\Wtablet\TabUserW.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - 
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15106/CTPID.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\WINDOWS\system32\Wacom_Tablet.exe
O24 - Desktop Component 0: (no name) - http://ic1.deviantart.com/fs8/i/2005/356/f/c/Icecream_by_Nocturnal_Devil.jpg
O24 - Desktop Component 1: (no name) - http://blizzard.com/images/broodwar/popup/darchon.gif
O24 - Desktop Component 2: (no name) - http://blizzard.com/images/broodwar/popup/valkyrie.gif
O24 - Desktop Component 3: (no name) - http://blizzard.com/images/broodwar/popup/corsair.gif
O24 - Desktop Component 5: (no name) - http://gamercard.xbox.com/Queen 0f Blades.card

--
End of file - 7402 bytes


----------



## Cookiegal (Aug 27, 2003)

How are things now?


----------



## Crimm (Jun 16, 2010)

It seems to be remembering everything now, which is awesome. Thank you very much.  I'll go drop a donation.

I saw something called Backdoor in one of the logs I sent you though, should I be worried about that? Should I run another scan with Security Essentials or something?


----------



## Cookiegal (Aug 27, 2003)

The Backdoor was in the Kaspersky scan and it was in a file that has already been quarantined by ComboFix so is no longer a threat. There were other things in system restore but we are going to flush the restore points which will take care of those.

I would recommend though that you change all passwords for logging into sites and especially anything to do with banking or other financial transactions.

Here are some final instructions for you.

*Follow these steps to uninstall Combofix and all of its files and components.*

 Click *START* then *RUN*
 Now type *ComboFix /uninstall* in the runbox and click *OK*. Note the *space* between the *X* and the */uninstall*, it needs to be there (the screenshot is just for illustration purposes but the actual command uses the entire word "uninstall" and not just the "u").










Now you should turn system restore off to flush out all previous system restore points, then turn it back on and create a new restore point:

To turn off system restore, on the Desktop, right click on *My Computer* and click on *Properties.*
Click the *System Restore* tab.
Check *Turn off System Restore.*
Click Apply and then click OK.

Restart your computer, turn System Restore back on and create a restore point.

To create a new restore point, click on *Start*  *All Programs*  *Accessories*  *System Tools* and then select *System Restore*.

In the System Restore wizard, select *Create a restore point* and click the Next button.

Type a name for your new restore point then click on Create.

I also recommend downloading  *SPYWAREBLASTER* for added protection.

*Read here* for info on how to tighten your security.


----------



## Crimm (Jun 16, 2010)

Ok, I did those.


----------



## Cookiegal (Aug 27, 2003)

Happy and safe computing then.


----------



## Crimm (Jun 16, 2010)

Awesome. Thanks very much for all the help. I really appreciate it.


----------



## Cookiegal (Aug 27, 2003)

It's my pleasure.


----------



## Crimm (Jun 16, 2010)

Hey, I totally forgot, is autorun still turned off for discs and stuff? I can live without it but if it's just a quick fix, I'd like to turn it back on. Sorry to bug you again.


----------



## Cookiegal (Aug 27, 2003)

It is still turned off and is a security risk to have it enabled. But I will attach the fix for you to enable it if you wish. You just have to save the zipped file to your desktop. Then unzip it and double-click the .reg file it contains and allow it to merge into the registry.


----------



## Crimm (Jun 16, 2010)

Thanks.


----------



## Cookiegal (Aug 27, 2003)

You're welcome.


----------

