Active Zeus infection strikes again...

SxRacer108 · 2010/02/17

[Active] Zeus infection strikes again...

well to start off, red flags flew when the false login pages appeared at both my banking website and eBay so I did some research and from what I've been finding this is the ZeuS virus. I ran MalwareBytes, spybot, AVG, Ad-Aware, Exterminate-It!, CCleaner, and SuperAntiSpyware. which all have removed a few trojans, but none have fixed my Zeus problem. Here is my HijackThis Log file from about 3 mins ago.

Thank you guys in advance for any input, I'm new here and i can't quite seem to shake ZeuS off my shoulders.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:37:17 PM, on 2/17/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\csrss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\nvsvc32.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
H:\WINDOWS\system32\spoolsv.exe
H:\WINDOWS\system32\svchost.exe
H:\Program Files\a-squared Anti-Malware\a2service.exe
H:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
H:\Program Files\Bonjour\mDNSResponder.exe
H:\Program Files\Common Files\LightScribe\LSSrvc.exe
H:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
H:\PROGRA~1\AVG\AVG8\avgrsx.exe
H:\PROGRA~1\AVG\AVG8\avgnsx.exe
H:\WINDOWS\system32\svchost.exe
H:\Program Files\Viewpoint\Common\ViewpointService.exe
H:\PROGRA~1\AVG\AVG8\avgemc.exe
H:\WINDOWS\Explorer.EXE
H:\Program Files\AVG\AVG8\avgcsrvx.exe
H:\WINDOWS\system32\wbem\unsecapp.exe
H:\WINDOWS\system32\wbem\wmiprvse.exe
H:\WINDOWS\System32\alg.exe
H:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
H:\PROGRA~1\AVG\AVG8\avgtray.exe
H:\WINDOWS\system32\RUNDLL32.EXE
H:\WINDOWS\system32\ctfmon.exe
H:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2guard.exe
H:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
H:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
H:\Program Files\Trend Micro\HijackThis\HijackThis.exe
H:\WINDOWS\system32\wbem\wmiprvse.exe
H:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=70026
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.inbox.com/search/ie.aspx?tb_id=70026
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.inbox.com/support/sa_customize.aspx?TbId=70026
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.inbox.com/search/ie.aspx?tb_id=70026
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.inbox.com/support/sa_customize.aspx?TbId=70026
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - H:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - H:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - H:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - H:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - H:\Program Files\MSN\Toolbar\3.0.1303.0\msneshellx.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - H:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Program Files\Java\jre1.6.0_05\bin\jusched.exe "
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] H:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [nwiz] H:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE H:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [a-squared] "H:\Program Files\a-squared Anti-Malware\a2guard.exe "
O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NVIDIA nTune] "H:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - Startup: IMVU.lnk = H:\Program Files\IMVU\IMVUClient.exe
O4 - Global Startup: Logitech SetPoint.lnk = H:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - H:\Documents and Settings\Nemesis\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Garmin Communicator Plug-In - https://my.garmin.com/static/m/cab/2.6.4/GarminAxControl.CAB
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.8.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://games.myspace.com/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - H:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - H:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - H:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - H:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Apple Mobile Device - Apple Inc. - H:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - H:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - H:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - H:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Software Updater (gusvc) - Google - H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - H:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - H:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - H:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - H:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - H:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - H:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - H:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - H:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - H:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - H:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - H:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - H:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 10431 bytes

Admin. · 2010/02/17

Hi,

Read this post as indicated at the top of this forum & follow the instructions.

SxRacer108 · 2010/02/17

DDS.txt

DDS (Ver_09-12-01.01) - NTFSx86
Run by Nemesis at 18:18:28.89 on Wed 02/17/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1291 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: a-squared Anti-Malware *On-access scanning enabled* (Updated) {0F8591BB-342B-4493-91C3-4E948ED21255}

============== Running Processes ===============

H:\WINDOWS\system32\nvsvc32.exe
H:\WINDOWS\system32\svchost -k DcomLaunch
H:\WINDOWS\system32\svchost -k rpcss
H:\WINDOWS\System32\svchost.exe -k netsvcs
H:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
H:\WINDOWS\system32\svchost.exe -k NetworkService
H:\WINDOWS\system32\svchost.exe -k LocalService
H:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
H:\WINDOWS\system32\spoolsv.exe
H:\WINDOWS\system32\svchost.exe -k LocalService
H:\Program Files\a-squared Anti-Malware\a2service.exe
H:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
H:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
H:\Program Files\Bonjour\mDNSResponder.exe
H:\Program Files\Common Files\LightScribe\LSSrvc.exe
H:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
H:\PROGRA~1\AVG\AVG8\avgrsx.exe
H:\PROGRA~1\AVG\AVG8\avgnsx.exe
H:\WINDOWS\system32\PnkBstrA.exe
H:\WINDOWS\system32\PnkBstrB.exe
H:\WINDOWS\system32\svchost.exe -k imgsvc
H:\Program Files\Viewpoint\Common\ViewpointService.exe
H:\PROGRA~1\AVG\AVG8\avgemc.exe
H:\WINDOWS\system32\wuauclt.exe
H:\Program Files\AVG\AVG8\avgcsrvx.exe
H:\WINDOWS\system32\wbem\unsecapp.exe
H:\WINDOWS\System32\alg.exe
H:\WINDOWS\system32\wbem\wmiprvse.exe
H:\WINDOWS\Explorer.EXE
H:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
H:\PROGRA~1\AVG\AVG8\avgtray.exe
H:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
H:\WINDOWS\system32\RUNDLL32.EXE
H:\Program Files\a-squared Anti-Malware\a2guard.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
H:\WINDOWS\system32\NOTEPAD.EXE
H:\Program Files\Mozilla Firefox\firefox.exe
H:\Documents and Settings\Nemesis\My Documents\Downloads\FireFox Downloads\dds.scr
H:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.myspace.com/
uSearch Bar = hxxp://www.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=70026
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.inbox.com/search/ie.aspx?tb_id=70026
mCustomizeSearch = hxxp://dnl.inbox.com/support/sa_customize.aspx?TbId=70026
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - h:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - h:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - h:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - h:\progra~1\spybot~1\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - h:\program files\java\jre1.6.0_05\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - h:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - h:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - h:\program files\msn\toolbar\3.0.1303.0\msneshellx.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - h:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [ctfmon.exe] h:\windows\system32\ctfmon.exe
uRun: [NVIDIA nTune] "h:\program files\nvidia corporation\ntune\nTuneCmd.exe" clear
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [SunJavaUpdateSched] "h:\program files\java\jre1.6.0_05\bin\jusched.exe "
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [AVG8_TRAY] h:\progra~1\avg\avg8\avgtray.exe
mRun: [Adobe Reader Speed Launcher] "h:\program files\adobe\reader 9.0\reader\Reader_sl.exe "
mRun: [nwiz] h:\program files\nvidia corporation\nview\nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE h:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE h:\windows\system32\NvCpl.dll,NvStartup
mRun: [a-squared] "h:\program files\a-squared anti-malware\a2guard.exe "
StartupFolder: h:\docume~1\nemesis\startm~1\programs\startup\imvu.lnk - h:\program files\imvu\IMVUClient.exe
StartupFolder: h:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - h:\program files\logitech\setpoint\SetPoint.exe
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - h:\documents and settings\nemesis\start menu\programs\imvu\Run IMVU.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - h:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - h:\program files\java\jre1.6.0_05\bin\ssv.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - h:\progra~1\spybot~1\SDHelper.dll
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.6.4/GarminAxControl.CAB
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.8.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} - hxxp://games.myspace.com/Gameshell/GameHost/1.0/OberonGameHost.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - h:\program files\avg\avg8\avgpp.dll
Notify: !SASWinLogon - h:\program files\superantispyware\SASWINLO.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - h:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - h:\program files\superantispyware\SASSEH.DLL
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - h:\docume~1\nemesis\applic~1\mozilla\firefox\profiles\8z68sdyq.default\
FF - prefs.js: browser.startup.homepage - www.Dropzone.com
FF - component: h:\documents and settings\nemesis\application data\mozilla\firefox\profiles\8z68sdyq.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
FF - plugin: h:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
FF - plugin: h:\documents and settings\nemesis\application data\mozilla\firefox\profiles\8z68sdyq.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: h:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - h:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
h:\program files\mozilla firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
h:\program files\mozilla firefox\greprefs\all.js - pref( "ui.use_native_popup_windows ", false);
h:\program files\mozilla firefox\greprefs\all.js - pref( "browser.enable_click_image_resizing ", true);
h:\program files\mozilla firefox\greprefs\all.js - pref( "accessibility.browsewithcaret_shortcut.enabled ", true);
h:\program files\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.high_water_mark ", 32);
h:\program files\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.gc_frequency ", 1600);
h:\program files\mozilla firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
h:\program files\mozilla firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
h:\program files\mozilla firefox\greprefs\all.js - pref( "ui.trackpoint_hack.enabled ", -1);
h:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.debug ", false);
h:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.agedWeight ", 2);
h:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.bucketSize ", 1);
h:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.maxTimeGroupings ", 25);
h:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.timeGroupingSize ", 604800);
h:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.boundaryWeight ", 25);
h:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.prefixWeight ", 5);
h:\program files\mozilla firefox\greprefs\all.js - pref( "html5.enable ", false);
h:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl3.rsa_seed_sha ", true);
h:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.download.backgroundInterval ", 600);
h:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.url.manual ", "http://www.firefox.com ");
h:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "browser.search.param.yahoo-fr-ja ", "mozff ");
h:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
h:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
h:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add ", "addons.mozilla.org ");
h:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add.36 ", "getpersonas.com ");
h:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "lightweightThemes.update.enabled ", true);
h:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.allTabs.previews ", false);
h:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.hide_infobar_for_outdated_plugin ", false);
h:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
h:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "toolbar.customization.usesheet ", false);
h:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.enable ", false);
h:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.max ", 20);
h:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.cachetime ", 20);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;h:\windows\system32\drivers\Lbd.sys [2010-2-15 64288]
R1 AvgLdx86;AVG AVI Loader Driver x86;h:\windows\system32\drivers\avgldx86.sys [2008-7-1 335240]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;h:\windows\system32\drivers\avgmfx86.sys [2008-7-1 27784]
R1 AvgTdiX;AVG8 Network Redirector;h:\windows\system32\drivers\avgtdix.sys [2008-7-1 108552]
R1 SASDIFSV;SASDIFSV;h:\program files\superantispyware\sasdifsv.sys [2010-1-5 9968]
R1 SASKUTIL;SASKUTIL;h:\program files\superantispyware\SASKUTIL.SYS [2010-1-5 74480]
R2 a2AntiMalware;a-squared Anti-Malware Service;h:\program files\a-squared anti-malware\a2service.exe [2010-2-17 1858144]
R2 avg8emc;AVG8 E-mail Scanner;h:\progra~1\avg\avg8\avgemc.exe [2008-7-2 908056]
R2 avg8wd;AVG8 WatchDog;h:\progra~1\avg\avg8\avgwdsvc.exe [2008-7-2 297752]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;h:\program files\lavasoft\ad-aware\AAWService.exe [2009-12-2 1181328]
R2 LBeepKE;LBeepKE;h:\windows\system32\drivers\LBeepKE.sys [2007-6-13 3712]
R2 Viewpoint Manager Service;Viewpoint Manager Service;h:\program files\viewpoint\common\ViewpointService.exe [2008-4-12 24652]
S2 Akamai;Akamai;h:\windows\system32\svchost.exe -k Akamai [2006-2-28 14336]
S3 SASENUM;SASENUM;h:\program files\superantispyware\SASENUM.SYS [2010-1-5 7408]
S3 SRS_ViewSonic;SRS Labs WOW HD ViewSonic;h:\windows\system32\drivers\SRS_ViewSonic_i386.sys [2009-12-17 37504]

=============== Created Last 30 ================

2010-02-17 11:00:21 0 d-----w- h:\program files\a-squared Anti-Malware
2010-02-17 01:48:16 0 d-----w- h:\docume~1\nemesis\applic~1\QuickScan
2010-02-17 00:08:36 0 d-----w- h:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-02-17 00:08:19 0 d-----w- h:\program files\SUPERAntiSpyware
2010-02-17 00:08:19 0 d-----w- h:\docume~1\nemesis\applic~1\SUPERAntiSpyware.com
2010-02-16 23:53:00 0 d-----w- h:\program files\Trend Micro
2010-02-16 22:35:36 0 d-----w- h:\program files\Exterminate It!
2010-02-16 00:39:30 0 d-----w- h:\docume~1\nemesis\applic~1\Malwarebytes
2010-02-16 00:39:25 38224 ----a-w- h:\windows\system32\drivers\mbamswissarmy.sys
2010-02-16 00:39:24 0 d-----w- h:\docume~1\alluse~1\applic~1\Malwarebytes
2010-02-16 00:39:22 19160 ----a-w- h:\windows\system32\drivers\mbam.sys
2010-02-16 00:39:22 0 d-----w- h:\program files\Malwarebytes' Anti-Malware
2010-02-15 23:11:29 64288 ----a-w- h:\windows\system32\drivers\Lbd.sys
2010-02-15 23:10:27 0 dc-h--w- h:\docume~1\alluse~1\applic~1\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-02-15 23:10:05 0 d-----w- h:\program files\Lavasoft
2010-02-14 23:38:56 0 d-----w- h:\program files\CCleaner
2010-02-11 22:41:20 0 d-----w- h:\program files\ReflexiveArcade
2010-02-10 19:02:25 0 d-----w- h:\docume~1\alluse~1\applic~1\WOP
2010-01-23 15:00:54 0 d-----w- h:\program files\Ventrilo
2010-01-23 15:00:47 262 ----a-w- h:\windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini

==================== Find3M ====================

2010-01-15 03:17:52 215104 ----a-w- h:\windows\system32\PnkBstrB.exe
2010-01-15 02:47:02 138576 ----a-w- h:\windows\system32\drivers\PnkBstrK.sys
2009-12-31 16:50:03 353792 ----a-w- h:\windows\system32\drivers\srv.sys
2009-12-24 20:53:29 445016 ----a-w- h:\windows\system32\wrap_oal.dll
2009-12-24 20:53:29 109144 ----a-w- h:\windows\system32\OpenAL32.dll
2009-12-22 23:59:32 41872 ----a-w- h:\windows\system32\xfcodec.dll
2009-12-21 19:14:05 916480 ----a-w- h:\windows\system32\wininet.dll
2009-12-16 18:43:27 343040 ----a-w- h:\windows\system32\mspaint.exe
2009-12-14 07:08:23 33280 ----a-w- h:\windows\system32\csrsrv.dll
2009-12-08 19:26:15 2145280 ----a-w- h:\windows\system32\ntoskrnl.exe
2009-12-08 18:43:51 2023936 ----a-w- h:\windows\system32\ntkrnlpa.exe
2009-11-27 17:11:44 17920 ----a-w- h:\windows\system32\msyuv.dll
2009-11-27 17:11:44 1291776 ----a-w- h:\windows\system32\quartz.dll
2009-11-27 16:07:35 8704 ----a-w- h:\windows\system32\tsbyuv.dll
2009-11-27 16:07:35 28672 ----a-w- h:\windows\system32\msvidc32.dll
2009-11-27 16:07:34 84992 ----a-w- h:\windows\system32\avifil32.dll
2009-11-27 16:07:34 48128 ----a-w- h:\windows\system32\iyuv_32.dll
2009-11-27 16:07:34 11264 ----a-w- h:\windows\system32\msrle32.dll
2009-11-21 08:46:32 86016 ----a-w- h:\windows\system32\frapsvid.dll
2008-12-18 22:56:52 61 -csh--w- h:\windows\cnerolf.dat
2008-07-02 16:09:09 32768 -csha-w- h:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008070220080703\index.dat

============= FINISH: 18:19:36.26 ===============

SxRacer108 · 2010/02/17

ATTACH
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 6/13/2007 11:06:15 AM
System Uptime: 2/17/2010 6:12:52 PM (0 hours ago)

Motherboard: http://www.abit.com.tw/ | | IP-95
Processor: Intel(R) Pentium(R) D CPU 3.20GHz | CPU 1 | 3199/200mhz

==== Disk Partitions =========================

C: is Removable
D: is Removable
E: is Removable
F: is Removable
G: is CDROM ()
H: is FIXED (NTFS) - 233 GiB total, 130.558 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP88: 11/19/2009 6:00:15 PM - System Checkpoint
RP89: 11/22/2009 11:56:06 AM - System Checkpoint
RP90: 11/23/2009 6:35:37 PM - System Checkpoint
RP91: 11/24/2009 5:38:59 PM - Software Distribution Service 3.0
RP92: 11/25/2009 12:11:31 PM - Avg8 Update
RP93: 11/28/2009 3:54:42 PM - System Checkpoint
RP94: 11/29/2009 3:40:04 PM - Installed DirectX
RP95: 11/30/2009 6:24:46 PM - System Checkpoint
RP96: 12/4/2009 6:46:02 PM - System Checkpoint
RP97: 12/6/2009 12:56:42 PM - System Checkpoint
RP98: 12/9/2009 5:14:40 PM - Avg8 Update
RP99: 12/9/2009 6:17:52 PM - Software Distribution Service 3.0
RP100: 12/10/2009 8:01:49 PM - System Checkpoint
RP101: 12/11/2009 5:11:25 PM - Avg8 Update
RP102: 12/11/2009 5:12:06 PM - Avg8 Update
RP103: 12/14/2009 6:48:59 PM - System Checkpoint
RP104: 12/15/2009 7:20:18 PM - System Checkpoint
RP105: 12/16/2009 8:18:32 PM - System Checkpoint
RP106: 12/17/2009 5:04:21 AM - Installed ViewSonic Monitor Drivers
RP107: 12/17/2009 5:13:58 AM - Installed SRS WOW HD for ViewSonic
RP108: 12/18/2009 7:58:14 PM - System Checkpoint
RP109: 12/20/2009 2:10:59 PM - System Checkpoint
RP110: 12/21/2009 5:24:06 PM - Avg8 Update
RP111: 12/22/2009 7:49:00 PM - System Checkpoint
RP112: 12/24/2009 1:15:28 PM - System Checkpoint
RP113: 12/24/2009 3:52:36 PM - Installed DirectX
RP114: 12/27/2009 12:10:10 PM - System Checkpoint
RP115: 12/28/2009 5:22:01 PM - Avg8 Update
RP116: 12/30/2009 8:03:13 PM - System Checkpoint
RP117: 12/31/2009 4:29:52 PM - Software Distribution Service 3.0
RP118: 12/31/2009 4:33:01 PM - Installed DirectX
RP119: 12/31/2009 4:41:02 PM - Removed Microsoft Games for Windows - LIVE
RP120: 12/31/2009 4:41:36 PM - Removed Microsoft Games for Windows - LIVE Redistributable
RP121: 1/3/2010 2:21:19 PM - System Checkpoint
RP122: 1/4/2010 5:28:03 PM - Avg8 Update
RP123: 1/5/2010 6:27:47 PM - System Checkpoint
RP124: 1/8/2010 5:51:50 PM - System Checkpoint
RP125: 1/11/2010 6:22:25 PM - System Checkpoint
RP126: 1/12/2010 6:34:33 PM - System Checkpoint
RP127: 1/13/2010 3:00:18 AM - Software Distribution Service 3.0
RP128: 1/19/2010 6:17:58 PM - System Checkpoint
RP129: 1/21/2010 12:22:53 AM - System Checkpoint
RP130: 1/21/2010 9:33:39 PM - Software Distribution Service 3.0
RP131: 1/23/2010 10:00:52 AM - Installed Ventrilo Client
RP132: 1/27/2010 6:42:36 PM - System Checkpoint
RP133: 1/29/2010 4:42:28 AM - System Checkpoint
RP134: 1/31/2010 3:30:05 PM - System Checkpoint
RP135: 2/1/2010 6:41:52 PM - System Checkpoint
RP136: 2/2/2010 5:18:05 PM - Avg8 Update
RP137: 2/9/2010 5:45:26 PM - Software Distribution Service 3.0
RP138: 2/10/2010 2:02:02 PM - Installed DirectX
RP139: 2/11/2010 12:51:22 PM - Software Distribution Service 3.0
RP140: 2/11/2010 8:29:26 PM - Installed DirectX
RP141: 2/13/2010 7:25:34 AM - System Checkpoint
RP142: 2/14/2010 5:51:22 PM - Free Registry Fix restore point
RP143: 2/15/2010 9:21:00 PM - System Checkpoint
RP144: 2/16/2010 7:08:17 PM - Installed SUPERAntiSpyware Free Edition

==== Installed Programs ======================

a-squared Anti-Malware 4.5
Acrobat.com
Ad-Aware
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9
Adobe Shockwave Player
AGEIA GAME System Software
AH F9F Panther for Fs2004
AIM 6
AiO_Scan_CDA
AOPA's Real-Time Flight Planner 1.2.2
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AVG Free 8.5
AVS DVD Player version 2.4
AVS4YOU Software Navigator 1.2
Bonjour
Call of Duty(R) 4 - Modern Warfare(TM)
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
Call of Duty: Modern Warfare 2
Call of Duty: Modern Warfare 2 - Multiplayer
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities ZoomBrowser EX
CCleaner
CDDRV_Installer
Christen Eagle II 1.0
Comcast High-Speed Internet Install Wizard
Critical Update for Windows Media Player 11 (KB959772)
DVD Flick
Exterminate It!
Fraps
FrostWire 4.13.5
Garmin City Navigator North America NT 2010.10 Update
Google Toolbar for Internet Explorer
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
HP Photosmart, Officejet and Deskjet 7.0.A
iTunes
Jasc Paint Shop Pro 9
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) SE Runtime Environment 6 Update 1
KhalInstallWrapper
Left 4 Dead 2 Demo
LightScribe 1.4.136.1
Logitech SetPoint
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Baseball 2000
Microsoft Combat Flight Simulator 3.1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Money 2001
Microsoft Motocross Madness 2
Microsoft National Language Support Downlevel APIs
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works 6.0
Microsoft Works and Money 2001 Setup Launcher
Mozilla Firefox (3.6)
MP3 Player Utilities 4.00
MSN Toolbar
Nero 7 Essentials
NVIDIA Drivers
NVIDIA nTune
NVIDIA nView Desktop Manager
NVIDIA PhysX
OpenAL
Pando Media Booster
Pdf995 (installed by TaxCut)
PdfEdit995 (installed by TaxCut)
Planesimulation Diego Garcia
Playsushi
Pool Sharks
QFolder
QuickTime
Realtek AC'97 Audio
REALTEK GbE & FE Ethernet PCI NIC Driver
Scan
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978706)
Spybot - Search & Destroy
SRS WOW HD for ViewSonic
Steam
Sun Download Manager 2.0 (web)
SUPERAntiSpyware Free Edition
TaxCut Pennsylvania 2007
TaxCut Premium + State + Efile 2007
TeamSpeak 2 RC2
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Ventrilo Client
Viewpoint Media Player
ViewSonic Monitor Drivers
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 0.9.2
Vuze
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
Wings of Prey
Wings of Prey 1.0.2.8
Works Suite OS Pack
Xfire (remove only)
yuPlay client 0.7.8

==== Event Viewer Messages From Past Week ========

2/17/2010 5:36:13 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file h:\windows\system32\wbem\unsecapp.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.0.
2/13/2010 6:38:42 AM, error: Service Control Manager [7023] - The Akamai service terminated with the following error: The specified module could not be found.
2/12/2010 9:57:50 PM, error: Service Control Manager [7034] - The PnkBstrB service terminated unexpectedly. It has done this 1 time(s).
2/12/2010 9:57:47 PM, error: Service Control Manager [7034] - The PnkBstrA service terminated unexpectedly. It has done this 1 time(s).
2/12/2010 9:57:13 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

==== End Of File ===========================

SxRacer108 · 2010/02/17

as per previous postings on herehttp://www.windowsbbs.com/malware-virus-removal/73968-resolved-virus-help-ebay-login-asking-personal-info.html.
I ran mbr.exe and got this log file:
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\ACPI -> 0x8a34d860
NDIS: Realtek RTL8139/810x Family Fast Ethernet NIC -> SendCompleteHandler -> 0x89fb5330
Warning: possible MBR rootkit infection !
copy of MBR has been found in sector 30 !
copy of MBR has been found in sector 0x01D1C06C0
malicious code @ sector 0x01D1C06C3 !
PE file found in sector at 0x01D1C06D9 !
MBR rootkit infection detected ! Use: "mbr.exe -f" to fix.

I then typed the command into the RUN section in start menu (the one posted on the previous thread) and REBOOTED as directed. and now have THIS log file after reboot:

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
copy of MBR has been found in sector 0x01D1C06C0
malicious code @ sector 0x01D1C06C3 !
PE file found in sector at 0x01D1C06D9 !

and thats where i am as to speak.
Thanks again

broni · 2010/02/17

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE 1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

WARNING: Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt " along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

SxRacer108 · 2010/02/18

just going to add after i ran mbr the logins are all fine now. seemed to have fixed the problem, just not sure why its still finding a malware trace...

Here is the log from ComboFix:

ComboFix 10-02-17.01 - Nemesis 02/18/2010 7:34.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1329 [GMT -5:00]
Running from: h:\documents and settings\Nemesis\Desktop\ComboFix.exe
AV: a-squared Anti-Malware *On-access scanning disabled* (Outdated) {0F8591BB-342B-4493-91C3-4E948ED21255}
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((( Files Created from 2010-01-18 to 2010-02-18 )))))))))))))))))))))))))))))))
.

2010-02-17 11:00 . 2010-02-17 11:34 -------- d-----w- h:\program files\a-squared Anti-Malware
2010-02-17 01:48 . 2010-02-18 12:26 -------- d-----w- h:\documents and settings\Nemesis\Application Data\QuickScan
2010-02-17 01:48 . 2010-01-11 22:33 789320 ----a-w- h:\documents and settings\Nemesis\Application Data\Mozilla\Firefox\Profiles\8z68sdyq.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
2010-02-17 01:48 . 2010-01-11 22:32 698184 ----a-w- h:\documents and settings\Nemesis\Application Data\Mozilla\Firefox\Profiles\8z68sdyq.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
2010-02-17 00:09 . 2010-02-17 00:09 52224 ----a-w- h:\documents and settings\Nemesis\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-02-17 00:09 . 2010-02-17 00:09 117760 ----a-w- h:\documents and settings\Nemesis\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-02-17 00:08 . 2010-02-17 00:08 -------- d-----w- h:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-02-17 00:08 . 2010-02-17 00:08 -------- d-----w- h:\program files\SUPERAntiSpyware
2010-02-17 00:08 . 2010-02-17 00:08 -------- d-----w- h:\documents and settings\Nemesis\Application Data\SUPERAntiSpyware.com
2010-02-16 23:53 . 2010-02-16 23:53 -------- d-----w- h:\program files\Trend Micro
2010-02-16 22:35 . 2010-02-16 22:50 -------- d-----w- h:\program files\Exterminate It!
2010-02-16 00:39 . 2010-02-16 00:39 -------- d-----w- h:\documents and settings\Nemesis\Application Data\Malwarebytes
2010-02-16 00:39 . 2010-01-07 21:07 38224 ----a-w- h:\windows\system32\drivers\mbamswissarmy.sys
2010-02-16 00:39 . 2010-02-16 00:39 -------- d-----w- h:\documents and settings\All Users\Application Data\Malwarebytes
2010-02-16 00:39 . 2010-02-16 00:39 -------- d-----w- h:\program files\Malwarebytes' Anti-Malware
2010-02-16 00:39 . 2010-01-07 21:07 19160 ----a-w- h:\windows\system32\drivers\mbam.sys
2010-02-15 23:10 . 2010-02-15 23:10 -------- dc-h--w- h:\documents and settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-02-15 23:10 . 2009-12-07 14:10 2953352 -c--a-w- h:\documents and settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}\Ad-AwareInstallation.exe
2010-02-15 23:10 . 2010-02-15 23:11 -------- d-----w- h:\documents and settings\All Users\Application Data\Lavasoft
2010-02-15 23:10 . 2010-02-15 23:10 -------- d-----w- h:\program files\Lavasoft
2010-02-14 23:38 . 2010-02-14 23:38 -------- d-----w- h:\program files\CCleaner
2010-02-14 22:38 . 2010-02-14 22:57 -------- d-----w- h:\documents and settings\Nemesis\Local Settings\Application Data\Promosoft Corporation
2010-02-11 22:41 . 2010-02-11 22:41 -------- d-----w- h:\program files\ReflexiveArcade
2010-02-10 22:39 . 2010-02-10 22:39 -------- d-----w- h:\documents and settings\HelpAssistant\WINDOWS
2010-02-10 22:39 . 2010-02-10 22:39 -------- d-----w- h:\documents and settings\HelpAssistant\UserData
2010-02-10 22:23 . 2009-08-22 05:46 -------- d-sh--w- h:\documents and settings\HelpAssistant\IETldCache
2010-02-10 19:04 . 2010-02-18 01:54 -------- d-----w- h:\documents and settings\Nemesis\Local Settings\Application Data\Wings of Prey
2010-02-10 19:02 . 2010-02-10 19:02 -------- d-----w- h:\documents and settings\Nemesis\Local Settings\Application Data\WOP
2010-02-10 19:02 . 2010-02-10 19:02 -------- d-----w- h:\documents and settings\All Users\Application Data\WOP
2010-01-23 15:01 . 2010-01-23 15:02 -------- d-----w- h:\documents and settings\Nemesis\Application Data\Ventrilo
2010-01-23 15:00 . 2010-01-23 15:00 -------- d-----w- h:\program files\Ventrilo

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-18 03:35 . 2007-08-09 20:32 -------- d-----w- h:\program files\LFS
2010-02-18 02:23 . 2009-11-11 00:49 -------- d-----w- h:\program files\Steam
2010-02-17 00:07 . 2009-08-04 21:32 -------- d-----w- h:\program files\Common Files\Wise Installation Wizard
2010-02-16 00:37 . 2008-04-02 20:33 -------- d---a-w- h:\documents and settings\All Users\Application Data\TEMP
2010-02-14 23:06 . 2008-11-08 02:03 -------- d-----w- h:\documents and settings\Nemesis\Application Data\Azureus
2010-02-11 22:01 . 2009-07-14 15:57 -------- d-----w- h:\program files\Microsoft Silverlight
2010-02-11 03:29 . 2008-07-01 23:34 -------- d-----w- h:\program files\Spybot - Search & Destroy
2010-02-11 03:27 . 2008-07-01 23:34 -------- d-----w- h:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-02-04 00:46 . 2008-09-07 04:05 -------- d-----w- h:\program files\Pool Sharks
2010-01-25 01:49 . 2008-12-08 22:12 -------- d-----w- h:\documents and settings\Nemesis\Application Data\Xfire
2010-01-15 22:39 . 2008-12-08 22:11 -------- d-----w- h:\program files\Xfire
2010-01-15 03:17 . 2008-12-09 23:44 215104 ----a-w- h:\windows\system32\PnkBstrB.exe
2010-01-15 02:47 . 2008-12-09 23:44 138576 ----a-w- h:\windows\system32\drivers\PnkBstrK.sys
2010-01-14 22:47 . 2007-12-30 20:25 -------- d-----w- h:\documents and settings\Nemesis\Application Data\Apple Computer
2010-01-14 22:45 . 2010-01-14 22:44 -------- d-----w- h:\program files\iTunes
2010-01-14 22:45 . 2010-01-14 22:44 -------- d-----w- h:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-01-14 22:44 . 2010-01-14 22:44 -------- d-----w- h:\program files\iPod
2010-01-14 22:44 . 2007-12-30 20:24 -------- d-----w- h:\program files\Common Files\Apple
2010-01-14 22:43 . 2010-01-14 22:43 -------- d-----w- h:\program files\QuickTime
2010-01-14 22:38 . 2010-01-14 22:38 79144 ----a-w- h:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-12-31 21:33 . 2009-12-31 21:33 -------- d-----w- h:\documents and settings\All Users\Application Data\Codemasters
2009-12-31 16:50 . 2006-02-28 12:00 353792 ----a-w- h:\windows\system32\drivers\srv.sys
2009-12-31 00:46 . 2008-11-09 23:59 -------- d-----w- h:\documents and settings\Nemesis\Application Data\DVD Flick
2009-12-27 19:39 . 2008-11-08 02:03 -------- d-----w- h:\program files\Vuze
2009-12-24 20:53 . 2009-09-15 22:25 445016 ----a-w- h:\windows\system32\wrap_oal.dll
2009-12-24 20:53 . 2009-09-15 22:25 109144 ----a-w- h:\windows\system32\OpenAL32.dll
2009-12-24 20:53 . 2009-09-15 22:25 -------- d-----w- h:\program files\OpenAL
2009-12-22 23:59 . 2009-12-22 23:59 41872 ----a-w- h:\windows\system32\xfcodec.dll
2009-12-21 23:37 . 2009-12-21 23:00 -------- d-----w- h:\program files\FRAPS
2009-12-21 23:00 . 2007-06-23 21:43 -------- d-----w- h:\program files\Google
2009-12-21 19:14 . 2006-02-28 12:00 916480 ----a-w- h:\windows\system32\wininet.dll
2009-12-16 18:43 . 2007-06-13 15:00 343040 ----a-w- h:\windows\system32\mspaint.exe
2009-12-14 07:08 . 2006-02-28 12:00 33280 ----a-w- h:\windows\system32\csrsrv.dll
2009-12-08 19:26 . 2006-02-28 12:00 2145280 ----a-w- h:\windows\system32\ntoskrnl.exe
2009-12-08 18:43 . 2004-08-03 22:59 2023936 ----a-w- h:\windows\system32\ntkrnlpa.exe
2009-12-06 22:37 . 2008-11-10 11:53 10686001 ----a-w- h:\documents and settings\Nemesis\Application Data\Azureus\plugins\azump\mplayer.exe
2009-12-04 18:22 . 2006-02-28 12:00 455424 ----a-w- h:\windows\system32\drivers\mrxsmb.sys
2009-12-02 13:19 . 2010-02-15 23:11 64288 ----a-w- h:\windows\system32\drivers\Lbd.sys
2009-11-27 17:11 . 2006-02-28 12:00 1291776 ----a-w- h:\windows\system32\quartz.dll
2009-11-27 17:11 . 2004-08-04 00:56 17920 ----a-w- h:\windows\system32\msyuv.dll
2009-11-27 16:07 . 2006-02-28 12:00 28672 ----a-w- h:\windows\system32\msvidc32.dll
2009-11-27 16:07 . 2001-08-17 22:36 8704 ----a-w- h:\windows\system32\tsbyuv.dll
2009-11-27 16:07 . 2006-02-28 12:00 84992 ----a-w- h:\windows\system32\avifil32.dll
2009-11-27 16:07 . 2006-02-28 12:00 11264 ----a-w- h:\windows\system32\msrle32.dll
2009-11-27 16:07 . 2004-08-04 00:56 48128 ----a-w- h:\windows\system32\iyuv_32.dll
2009-11-21 15:51 . 2006-02-28 12:00 471552 ----a-w- h:\windows\AppPatch\aclayers.dll
2009-11-21 08:46 . 2009-11-21 08:46 86016 ----a-w- h:\windows\system32\frapsvid.dll
2008-12-18 22:56 . 2008-12-18 22:56 61 -csh--w- h:\windows\cnerolf.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829} "= "h:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune "= "h:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan "= "SOUNDMAN.EXE" [2006-08-02 577536]
"Kernel and Hardware Abstraction Layer "= "KHALMNPR.EXE" [2008-02-29 76304]
"SunJavaUpdateSched "= "h:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"Logitech Hardware Abstraction Layer "= "KHALMNPR.EXE" [2008-02-29 76304]
"AVG8_TRAY "= "h:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-11 2043160]
"Adobe Reader Speed Launcher "= "h:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"nwiz "= "h:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-07-09 1657376]
"NvMediaCenter "= "h:\windows\system32\NvMcTray.dll" [2009-07-14 86016]
"NvCplDaemon "= "h:\windows\system32\NvCpl.dll" [2009-07-14 13877248]
"a-squared "= "h:\program files\a-squared Anti-Malware\a2guard.exe" [2010-01-02 3280712]

h:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - h:\program files\Logitech\SetPoint\SetPoint.exe [2009-5-18 805392]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "h:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- h:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-17 16:44 11952 ----a-w- h:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=" "

[HKLM\~\startupfolder\H:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
path=h:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
backup=h:\windows\pss\Microsoft Works Calendar Reminders.lnkCommon Startup

[HKLM\~\startupfolder\H:^Documents and Settings^Nemesis^Start Menu^Programs^Startup^IMVU.lnk]
path=h:\documents and settings\Nemesis\Start Menu\Programs\Startup\IMVU.lnk
backup=h:\windows\pss\IMVU.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
2009-05-19 05:23 49968 ----a-w- h:\program files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 19:40 155648 ----a-w- h:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]
2007-09-04 23:25 81920 ----a-w- h:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Apple Mobile Device "=2 (0x2)
"CCALib8 "=2 (0x2)
"iPod Service "=3 (0x3)
"RoxLiveShare9 "=2 (0x2)
"PnkBstrB "=2 (0x2)
"PnkBstrA "=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SUPERAntiSpyware "=h:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
"SpybotSD TeaTimer "=h:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"WorksFUD "=h:\program files\Microsoft Works\wkfud.exe
"Microsoft Works Update Detection "=h:\program files\Microsoft Works\WkDetect.exe
"Microsoft Works Portfolio "=h:\program files\Microsoft Works\WksSb.exe /AllUsers

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"h:\\Program Files\\Messenger\\msmsgs.exe "=
"h:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe "=
"h:\\Program Files\\AIM6\\aim6.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"h:\\Program Files\\LFS\\LFS.exe "=
"h:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe "=
"h:\\WINDOWS\\system32\\dpnsvr.exe "=
"h:\\Program Files\\FrostWire\\FrostWire.exe "=
"h:\\Program Files\\AVG\\AVG8\\avgupd.exe "=
"h:\\Program Files\\AVG\\AVG8\\avgemc.exe "=
"h:\\Program Files\\Microsoft Games\\Combat Flight Simulator 3\\cfs3.exe "=
"h:\\Documents and Settings\\Nemesis\\Local Settings\\Application Data\\Xenocode\\ApplianceCaches\\KumaClient.exe_v60664C46\\Native\\STUBEXE\\@PROGRAMFILES@\\Kuma Games\\KumaWar\\KumaWar.exe "=
"h:\\Program Files\\Vuze\\Azureus.exe "=
"h:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe "=
"h:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe "=
"h:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe "=
"h:\\Program Files\\Xfire\\Xfire.exe "=
"h:\\WINDOWS\\system32\\PnkBstrA.exe "=
"h:\\WINDOWS\\system32\\PnkBstrB.exe "=
"h:\\WINDOWS\\system32\\dpvsetup.exe "=
"h:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"h:\\Documents and Settings\\Nemesis\\Local Settings\\Application Data\\Xenocode\\ApplianceCaches\\KumaClient.exe_v21EC7D1F\\Native\\STUBEXE\\@PROGRAMFILES@\\Kuma Games\\Kuma.exe "=
"h:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe "=
"h:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe "=
"h:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe "=
"h:\\Program Files\\iTunes\\iTunes.exe "=
"h:\\Program Files\\Ventrilo\\Ventrilo.exe "=
"h:\\Program Files\\Steam\\SteamApps\\common\\wings of prey\\launcher.exe "=
"h:\\Program Files\\Steam\\SteamApps\\common\\wings of prey\\acess.exe "=
"h:\\Program Files\\Steam\\SteamApps\\common\\call of duty modern warfare 2\\iw4sp.exe "=
"h:\\Program Files\\Steam\\SteamApps\\common\\call of duty modern warfare 2\\iw4mp.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9420:TCP "= 9420:TCP:Akamai NetSession Interface
"5000:UDP "= 5000:UDP:Akamai NetSession Interface
"1885:TCP "= 1885:TCP:Akamai NetSession Interface
"1039:TCP "= 1039:TCP:Akamai NetSession Interface
"1839:TCP "= 1839:TCP:Akamai NetSession Interface
"2783:TCP "= 2783:TCP:Akamai NetSession Interface
"4491:TCP "= 4491:TCP:Akamai NetSession Interface
"1672:TCP "= 1672:TCP:Akamai NetSession Interface
"1891:TCP "= 1891:TCP:Akamai NetSession Interface
"4508:TCP "= 4508:TCP:Akamai NetSession Interface
"4528:TCP "= 4528:TCP:Akamai NetSession Interface
"1508:TCP "= 1508:TCP:Akamai NetSession Interface
"2861:TCP "= 2861:TCP:Akamai NetSession Interface
"1662:TCP "= 1662:TCP:Akamai NetSession Interface
"3902:TCP "= 3902:TCP:Akamai NetSession Interface
"3922:TCP "= 3922:TCP:Akamai NetSession Interface
"1546:TCP "= 1546:TCP:Akamai NetSession Interface
"2276:TCP "= 2276:TCP:Akamai NetSession Interface
"3416:TCP "= 3416:TCP:Akamai NetSession Interface
"3493:TCP "= 3493:TCP:Akamai NetSession Interface
"1651:TCP "= 1651:TCP:Akamai NetSession Interface
"4009:TCP "= 4009:TCP:Akamai NetSession Interface
"2838:TCP "= 2838:TCP:Akamai NetSession Interface
"2376:TCP "= 2376:TCP:Akamai NetSession Interface
"2168:TCP "= 2168:TCP:Akamai NetSession Interface
"1383:TCP "= 1383:TCP:Akamai NetSession Interface
"3482:TCP "= 3482:TCP:Akamai NetSession Interface
"2407:TCP "= 2407:TCP:Akamai NetSession Interface
"2479:TCP "= 2479:TCP:Services
"3956:TCP "= 3956:TCP:Akamai NetSession Interface
"2297:TCP "= 2297:TCP:Akamai NetSession Interface
"3771:TCP "= 3771:TCP:Akamai NetSession Interface
"3789:TCP "= 3789:TCP:Akamai NetSession Interface
"2231:TCP "= 2231:TCP:Akamai NetSession Interface
"1038:TCP "= 1038:TCP:Akamai NetSession Interface
"1722:TCP "= 1722:TCP:Akamai NetSession Interface
"3990:TCP "= 3990:TCP:Akamai NetSession Interface
"2210:TCP "= 2210:TCP:Akamai NetSession Interface
"4062:TCP "= 4062:TCP:Akamai NetSession Interface
"1556:TCP "= 1556:TCP:Akamai NetSession Interface
"1790:TCP "= 1790:TCP:Akamai NetSession Interface
"1804:TCP "= 1804:TCP:Akamai NetSession Interface
"1050:TCP "= 1050:TCP:Akamai NetSession Interface
"1064:TCP "= 1064:TCP:Akamai NetSession Interface
"1663:TCP "= 1663:TCP:Akamai NetSession Interface
"2756:TCP "= 2756:TCP:Akamai NetSession Interface
"3492:TCP "= 3492:TCP:Akamai NetSession Interface
"1500:TCP "= 1500:TCP:Akamai NetSession Interface
"3674:TCP "= 3674:TCP:Akamai NetSession Interface
"4853:TCP "= 4853:TCP:Akamai NetSession Interface
"1088:TCP "= 1088:TCP:Akamai NetSession Interface
"2154:TCP "= 2154:TCP:Akamai NetSession Interface
"4315:TCP "= 4315:TCP:Akamai NetSession Interface
"3253:TCP "= 3253:TCP:Akamai NetSession Interface
"1040:TCP "= 1040:TCP:Akamai NetSession Interface
"1637:TCP "= 1637:TCP:Akamai NetSession Interface
"3152:TCP "= 3152:TCP:Akamai NetSession Interface
"3440:TCP "= 3440:TCP:Akamai NetSession Interface
"1068:TCP "= 1068:TCP:Akamai NetSession Interface
"1605:TCP "= 1605:TCP:Akamai NetSession Interface
"4592:TCP "= 4592:TCP:Akamai NetSession Interface
"2257:TCP "= 2257:TCP:Akamai NetSession Interface
"4446:TCP "= 4446:TCP:Akamai NetSession Interface
"4018:TCP "= 4018:TCP:Akamai NetSession Interface
"1094:TCP "= 1094:TCP:Akamai NetSession Interface
"2519:TCP "= 2519:TCP:Akamai NetSession Interface
"4767:TCP "= 4767:TCP:Akamai NetSession Interface
"1648:TCP "= 1648:TCP:Akamai NetSession Interface
"1439:TCP "= 1439:TCP:Akamai NetSession Interface
"1968:TCP "= 1968:TCP:Akamai NetSession Interface
"2418:TCP "= 2418:TCP:Akamai NetSession Interface
"4506:TCP "= 4506:TCP:Akamai NetSession Interface
"3629:TCP "= 3629:TCP:Akamai NetSession Interface
"3327:TCP "= 3327:TCP:Akamai NetSession Interface
"2617:TCP "= 2617:TCP:Akamai NetSession Interface
"2289:TCP "= 2289:TCP:Akamai NetSession Interface
"1844:TCP "= 1844:TCP:Akamai NetSession Interface
"2247:TCP "= 2247:TCP:Akamai NetSession Interface
"2148:TCP "= 2148:TCP:Akamai NetSession Interface
"3396:TCP "= 3396:TCP:Akamai NetSession Interface
"2129:TCP "= 2129:TCP:Akamai NetSession Interface
"2155:TCP "= 2155:TCP:Akamai NetSession Interface
"3783:TCP "= 3783:TCP:Akamai NetSession Interface
"2141:TCP "= 2141:TCP:Akamai NetSession Interface
"1811:TCP "= 1811:TCP:Akamai NetSession Interface
"4991:TCP "= 4991:TCP:Akamai NetSession Interface
"3364:TCP "= 3364:TCP:Akamai NetSession Interface
"2439:TCP "= 2439:TCP:Akamai NetSession Interface
"1767:TCP "= 1767:TCP:Akamai NetSession Interface
"3569:TCP "= 3569:TCP:Akamai NetSession Interface
"1943:TCP "= 1943:TCP:Akamai NetSession Interface
"2986:TCP "= 2986:TCP:Akamai NetSession Interface
"3232:TCP "= 3232:TCP:Akamai NetSession Interface
"4541:TCP "= 4541:TCP:Akamai NetSession Interface
"1056:TCP "= 1056:TCP:Akamai NetSession Interface
"4623:TCP "= 4623:TCP:Akamai NetSession Interface
"4029:TCP "= 4029:TCP:Akamai NetSession Interface
"3928:TCP "= 3928:TCP:Akamai NetSession Interface
"3078:TCP "= 3078:TCP:Akamai NetSession Interface
"1830:TCP "= 1830:TCP:Akamai NetSession Interface
"1249:TCP "= 1249:TCP:Akamai NetSession Interface
"1358:TCP "= 1358:TCP:Akamai NetSession Interface
"1063:TCP "= 1063:TCP:Akamai NetSession Interface
"1467:TCP "= 1467:TCP:Akamai NetSession Interface
"2896:TCP "= 2896:TCP:Akamai NetSession Interface
"2870:TCP "= 2870:TCP:Akamai NetSession Interface
"1243:TCP "= 1243:TCP:Akamai NetSession Interface
"2798:TCP "= 2798:TCP:Akamai NetSession Interface
"2111:TCP "= 2111:TCP:Akamai NetSession Interface
"4220:TCP "= 4220:TCP:Akamai NetSession Interface
"2162:TCP "= 2162:TCP:Akamai NetSession Interface
"1964:TCP "= 1964:TCP:Akamai NetSession Interface
"4268:TCP "= 4268:TCP:Akamai NetSession Interface
"3971:TCP "= 3971:TCP:Akamai NetSession Interface
"2290:TCP "= 2290:TCP:Akamai NetSession Interface
"4572:TCP "= 4572:TCP:Akamai NetSession Interface
"2777:TCP "= 2777:TCP:Akamai NetSession Interface
"1334:TCP "= 1334:TCP:Akamai NetSession Interface
"4096:TCP "= 4096:TCP:Akamai NetSession Interface
"1176:TCP "= 1176:TCP:Akamai NetSession Interface
"1327:TCP "= 1327:TCP:Akamai NetSession Interface
"2788:TCP "= 2788:TCP:Akamai NetSession Interface
"1638:TCP "= 1638:TCP:Akamai NetSession Interface
"1742:TCP "= 1742:TCP:Akamai NetSession Interface
"1959:TCP "= 1959:TCP:Akamai NetSession Interface
"4250:TCP "= 4250:TCP:Akamai NetSession Interface
"4750:TCP "= 4750:TCP:Akamai NetSession Interface
"1304:TCP "= 1304:TCP:Akamai NetSession Interface
"4292:TCP "= 4292:TCP:Akamai NetSession Interface
"1539:TCP "= 1539:TCP:Akamai NetSession Interface
"4992:TCP "= 4992:TCP:Akamai NetSession Interface
"4953:TCP "= 4953:TCP:Akamai NetSession Interface
"3168:TCP "= 3168:TCP:Akamai NetSession Interface
"2015:TCP "= 2015:TCP:Akamai NetSession Interface
"4584:TCP "= 4584:TCP:Akamai NetSession Interface
"1786:TCP "= 1786:TCP:Akamai NetSession Interface
"4074:TCP "= 4074:TCP:Akamai NetSession Interface
"2681:TCP "= 2681:TCP:Akamai NetSession Interface
"1751:TCP "= 1751:TCP:Akamai NetSession Interface
"1042:TCP "= 1042:TCP:Akamai NetSession Interface
"1374:TCP "= 1374:TCP:Akamai NetSession Interface
"3994:TCP "= 3994:TCP:Akamai NetSession Interface
"3985:TCP "= 3985:TCP:Akamai NetSession Interface
"4004:TCP "= 4004:TCP:Akamai NetSession Interface
"4746:TCP "= 4746:TCP:Akamai NetSession Interface
"1229:TCP "= 1229:TCP:Akamai NetSession Interface
"4495:TCP "= 4495:TCP:Akamai NetSession Interface
"3879:TCP "= 3879:TCP:Akamai NetSession Interface
"1634:TCP "= 1634:TCP:Akamai NetSession Interface
"2484:TCP "= 2484:TCP:Akamai NetSession Interface
"2131:TCP "= 2131:TCP:Akamai NetSession Interface
"1501:TCP "= 1501:TCP:Akamai NetSession Interface
"1523:TCP "= 1523:TCP:Akamai NetSession Interface
"3381:TCP "= 3381:TCP:Akamai NetSession Interface
"4481:TCP "= 4481:TCP:Akamai NetSession Interface
"4499:TCP "= 4499:TCP:Akamai NetSession Interface
"4100:TCP "= 4100:TCP:Akamai NetSession Interface
"1808:TCP "= 1808:TCP:Akamai NetSession Interface
"2066:TCP "= 2066:TCP:Akamai NetSession Interface
"1710:TCP "= 1710:TCP:Akamai NetSession Interface
"2384:TCP "= 2384:TCP:Akamai NetSession Interface
"3715:TCP "= 3715:TCP:Akamai NetSession Interface
"3721:TCP "= 3721:TCP:Akamai NetSession Interface
"3743:TCP "= 3743:TCP:Akamai NetSession Interface
"2461:TCP "= 2461:TCP:Akamai NetSession Interface
"1151:TCP "= 1151:TCP:Akamai NetSession Interface
"3710:TCP "= 3710:TCP:Akamai NetSession Interface
"1032:TCP "= 1032:TCP:Akamai NetSession Interface
"1372:TCP "= 1372:TCP:Akamai NetSession Interface
"1379:TCP "= 1379:TCP:Akamai NetSession Interface
"4304:TCP "= 4304:TCP:Akamai NetSession Interface
"3826:TCP "= 3826:TCP:Akamai NetSession Interface
"1646:TCP "= 1646:TCP:Akamai NetSession Interface
"3141:TCP "= 3141:TCP:Akamai NetSession Interface
"3696:TCP "= 3696:TCP:Akamai NetSession Interface
"2851:TCP "= 2851:TCP:Akamai NetSession Interface
"3737:TCP "= 3737:TCP:Akamai NetSession Interface
"2893:TCP "= 2893:TCP:Akamai NetSession Interface
"1843:TCP "= 1843:TCP:Akamai NetSession Interface
"1221:TCP "= 1221:TCP:Akamai NetSession Interface
"3075:TCP "= 3075:TCP:Akamai NetSession Interface
"1341:TCP "= 1341:TCP:Akamai NetSession Interface
"3726:TCP "= 3726:TCP:Akamai NetSession Interface
"2993:TCP "= 2993:TCP:Akamai NetSession Interface
"3000:TCP "= 3000:TCP:Akamai NetSession Interface
"3006:TCP "= 3006:TCP:Akamai NetSession Interface
"56770:TCP "= 56770:TCPando Media Booster
"56770:UDP "= 56770:UDPando Media Booster
"65533:TCP "= 65533:TCP:Services
"52344:TCP "= 52344:TCP:Services
"3246:TCP "= 3246:TCP:Services
"3389:TCP "= 3389:TCP:Remote Desktop

R0 Lbd;Lbd;h:\windows\system32\drivers\Lbd.sys [2/15/2010 6:11 PM 64288]
R1 AvgLdx86;AVG AVI Loader Driver x86;h:\windows\system32\drivers\avgldx86.sys [7/1/2008 4:01 PM 335240]
R1 AvgTdiX;AVG8 Network Redirector;h:\windows\system32\drivers\avgtdix.sys [7/1/2008 4:02 PM 108552]
R1 SASDIFSV;SASDIFSV;h:\program files\SUPERAntiSpyware\sasdifsv.sys [1/5/2010 7:56 AM 9968]
R1 SASKUTIL;SASKUTIL;h:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/5/2010 7:56 AM 74480]
R2 a2AntiMalware;a-squared Anti-Malware Service;h:\program files\a-squared Anti-Malware\a2service.exe [2/17/2010 6:00 AM 1858144]
R2 avg8emc;AVG8 E-mail Scanner;h:\progra~1\AVG\AVG8\avgemc.exe [7/2/2008 9:25 AM 908056]
R2 avg8wd;AVG8 WatchDog;h:\progra~1\AVG\AVG8\avgwdsvc.exe [7/2/2008 9:25 AM 297752]
R2 LBeepKE;LBeepKE;h:\windows\system32\drivers\LBeepKE.sys [6/13/2007 10:16 AM 3712]
R2 Viewpoint Manager Service;Viewpoint Manager Service;h:\program files\Viewpoint\Common\ViewpointService.exe [4/12/2008 3:36 PM 24652]
S2 Akamai;Akamai;h:\windows\System32\svchost.exe -k Akamai [2/28/2006 7:00 AM 14336]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;h:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/2/2009 8:19 AM 1181328]
S3 SASENUM;SASENUM;h:\program files\SUPERAntiSpyware\SASENUM.SYS [1/5/2010 7:56 AM 7408]
S3 SRS_ViewSonic;SRS Labs WOW HD ViewSonic;h:\windows\system32\drivers\SRS_ViewSonic_i386.sys [12/17/2009 5:14 AM 37504]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder

2010-02-17 h:\windows\Tasks\Ad-Aware Update (Daily 1).job
- h:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 23:11]

2010-02-18 h:\windows\Tasks\Ad-Aware Update (Daily 2).job
- h:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 23:11]

2010-02-18 h:\windows\Tasks\Ad-Aware Update (Daily 3).job
- h:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 23:11]

2010-02-17 h:\windows\Tasks\Ad-Aware Update (Daily 4).job
- h:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 23:11]

2010-02-17 h:\windows\Tasks\Ad-Aware Update (Weekly).job
- h:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 23:11]

2009-12-31 h:\windows\Tasks\AppleSoftwareUpdate.job
- h:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2008-07-02 h:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- h:\program files\Spybot - Search & Destroy\SpybotSD.exe [2008-07-01 20:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.myspace.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - h:\documents and settings\Nemesis\Start Menu\Programs\IMVU\Run IMVU.lnk
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.6.4/GarminAxControl.CAB
FF - ProfilePath - h:\documents and settings\Nemesis\Application Data\Mozilla\Firefox\Profiles\8z68sdyq.default\
FF - prefs.js: browser.startup.homepage - www.Dropzone.com
FF - component: h:\documents and settings\Nemesis\Application Data\Mozilla\Firefox\Profiles\8z68sdyq.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
FF - plugin: h:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: h:\documents and settings\Nemesis\Application Data\Mozilla\Firefox\Profiles\8z68sdyq.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: h:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - h:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
h:\program files\Mozilla Firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
h:\program files\Mozilla Firefox\greprefs\all.js - pref( "ui.use_native_popup_windows ", false);
h:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.enable_click_image_resizing ", true);
h:\program files\Mozilla Firefox\greprefs\all.js - pref( "accessibility.browsewithcaret_shortcut.enabled ", true);
h:\program files\Mozilla Firefox\greprefs\all.js - pref( "javascript.options.mem.high_water_mark ", 32);
h:\program files\Mozilla Firefox\greprefs\all.js - pref( "javascript.options.mem.gc_frequency ", 1600);
h:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
h:\program files\Mozilla Firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
h:\program files\Mozilla Firefox\greprefs\all.js - pref( "ui.trackpoint_hack.enabled ", -1);
h:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.debug ", false);
h:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.agedWeight ", 2);
h:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.bucketSize ", 1);
h:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.maxTimeGroupings ", 25);
h:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.timeGroupingSize ", 604800);
h:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.boundaryWeight ", 25);
h:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.prefixWeight ", 5);
h:\program files\Mozilla Firefox\greprefs\all.js - pref( "html5.enable ", false);
h:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref( "app.update.download.backgroundInterval ", 600);
h:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref( "app.update.url.manual ", "http://www.firefox.com ");
h:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref( "browser.search.param.yahoo-fr-ja ", "mozff ");
h:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
h:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
h:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add ", "addons.mozilla.org ");
h:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add.36 ", "getpersonas.com ");
h:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "lightweightThemes.update.enabled ", true);
h:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.allTabs.previews ", false);
h:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "plugins.hide_infobar_for_outdated_plugin ", false);
h:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
h:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "toolbar.customization.usesheet ", false);
h:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.enable ", false);
h:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.max ", 20);
h:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.cachetime ", 20);
.
- - - - ORPHANS REMOVED - - - -

Notify-WgaLogon - (no file)
AddRemove-Playsushi - h:\program files\PlaySushi\psuninst.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-18 07:38
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

h:\docume~1\Nemesis\LOCALS~1\Temp\catchme.dll 53248 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(644)
h:\program files\SUPERAntiSpyware\SASWINLO.dll
h:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(5624)
h:\windows\system32\WININET.dll
h:\windows\system32\ieframe.dll
h:\windows\system32\webcheck.dll
h:\windows\system32\WPDShServiceObj.dll
h:\windows\system32\PortableDeviceTypes.dll
h:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-02-18 07:41:15
ComboFix-quarantined-files.txt 2010-02-18 12:41

Pre-Run: 141,272,772,608 bytes free
Post-Run: 142,039,904,256 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
h:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS= "Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 9CF93A7A09D16C18E068C073F85E2596

SxRacer108 · 2010/02/18

New HijackThis log file:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:17:09 PM, on 2/18/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\csrss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\nvsvc32.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
H:\WINDOWS\system32\spoolsv.exe
H:\WINDOWS\Explorer.EXE
H:\WINDOWS\system32\svchost.exe
H:\Program Files\a-squared Anti-Malware\a2service.exe
H:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
H:\Program Files\Bonjour\mDNSResponder.exe
H:\Program Files\Common Files\LightScribe\LSSrvc.exe
H:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
H:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
H:\PROGRA~1\AVG\AVG8\avgtray.exe
H:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
H:\WINDOWS\system32\RUNDLL32.EXE
H:\WINDOWS\system32\svchost.exe
H:\Program Files\Viewpoint\Common\ViewpointService.exe
H:\PROGRA~1\AVG\AVG8\avgemc.exe
H:\Program Files\a-squared Anti-Malware\a2guard.exe
H:\PROGRA~1\AVG\AVG8\avgrsx.exe
H:\Program Files\AVG\AVG8\avgcsrvx.exe
H:\WINDOWS\system32\wbem\unsecapp.exe
H:\WINDOWS\system32\wbem\wmiprvse.exe
H:\WINDOWS\System32\alg.exe
H:\Program Files\Mozilla Firefox\firefox.exe
H:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
H:\PROGRA~1\AVG\AVG8\avgnsx.exe
H:\Program Files\Trend Micro\HijackThis\HijackThis.exe
H:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.inbox.com/search/ie.aspx?tb_id=70026
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.inbox.com/support/sa_customize.aspx?TbId=70026
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - H:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - H:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - H:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - H:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - H:\Program Files\MSN\Toolbar\3.0.1303.0\msneshellx.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - H:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Program Files\Java\jre1.6.0_05\bin\jusched.exe "
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] H:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [nwiz] H:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE H:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [a-squared] "H:\Program Files\a-squared Anti-Malware\a2guard.exe "
O4 - HKCU\..\Run: [NVIDIA nTune] "H:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - Global Startup: Logitech SetPoint.lnk = H:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - H:\Documents and Settings\Nemesis\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Garmin Communicator Plug-In - https://my.garmin.com/static/m/cab/2.6.4/GarminAxControl.CAB
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.8.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://games.myspace.com/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - H:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - H:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - H:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - H:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - H:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - H:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - H:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Software Updater (gusvc) - Google - H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - H:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - H:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - H:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - H:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - H:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - H:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - H:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - H:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 9302 bytes

broni · 2010/02/18

1. Please open Notepad

Click Start , then Run

Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:
Code:
File::
h:\windows\cnerolf.dat


Folder::

Driver::

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
 "SoundMan "=-

RegLockDel::
3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

A new HijackThis log.

SxRacer108 · 2010/02/19

ok here is the new CF log:
ComboFix 10-02-17.01 - Nemesis 02/19/2010 7:04.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1498 [GMT -5:00]
Running from: h:\documents and settings\Nemesis\Desktop\ComboFix.exe
Command switches used :: h:\documents and settings\Nemesis\Desktop\CFScript.txt
AV: a-squared Anti-Malware *On-access scanning disabled* (Updated) {0F8591BB-342B-4493-91C3-4E948ED21255}
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FILE ::
"h:\windows\cnerolf.dat "
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

h:\windows\cnerolf.dat

.
((((((((((((((((((((((((( Files Created from 2010-01-19 to 2010-02-19 )))))))))))))))))))))))))))))))
.

2010-02-19 12:02 . 2010-02-19 12:03 -------- d-----w- H:\32788R22FWJFW
2010-02-17 11:00 . 2010-02-18 23:44 -------- d-----w- h:\program files\a-squared Anti-Malware
2010-02-17 01:48 . 2010-02-18 12:26 -------- d-----w- h:\documents and settings\Nemesis\Application Data\QuickScan
2010-02-17 01:48 . 2010-01-11 22:33 789320 ----a-w- h:\documents and settings\Nemesis\Application Data\Mozilla\Firefox\Profiles\8z68sdyq.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
2010-02-17 01:48 . 2010-01-11 22:32 698184 ----a-w- h:\documents and settings\Nemesis\Application Data\Mozilla\Firefox\Profiles\8z68sdyq.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
2010-02-17 00:09 . 2010-02-17 00:09 52224 ----a-w- h:\documents and settings\Nemesis\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-02-17 00:09 . 2010-02-17 00:09 117760 ----a-w- h:\documents and settings\Nemesis\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-02-17 00:08 . 2010-02-17 00:08 -------- d-----w- h:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-02-17 00:08 . 2010-02-17 00:08 -------- d-----w- h:\program files\SUPERAntiSpyware
2010-02-17 00:08 . 2010-02-17 00:08 -------- d-----w- h:\documents and settings\Nemesis\Application Data\SUPERAntiSpyware.com
2010-02-16 23:53 . 2010-02-16 23:53 -------- d-----w- h:\program files\Trend Micro
2010-02-16 22:35 . 2010-02-16 22:50 -------- d-----w- h:\program files\Exterminate It!
2010-02-16 00:39 . 2010-02-16 00:39 -------- d-----w- h:\documents and settings\Nemesis\Application Data\Malwarebytes
2010-02-16 00:39 . 2010-01-07 21:07 38224 ----a-w- h:\windows\system32\drivers\mbamswissarmy.sys
2010-02-16 00:39 . 2010-02-16 00:39 -------- d-----w- h:\documents and settings\All Users\Application Data\Malwarebytes
2010-02-16 00:39 . 2010-02-16 00:39 -------- d-----w- h:\program files\Malwarebytes' Anti-Malware
2010-02-16 00:39 . 2010-01-07 21:07 19160 ----a-w- h:\windows\system32\drivers\mbam.sys
2010-02-15 23:10 . 2010-02-15 23:10 -------- dc-h--w- h:\documents and settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-02-15 23:10 . 2009-12-07 14:10 2953352 -c--a-w- h:\documents and settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}\Ad-AwareInstallation.exe
2010-02-15 23:10 . 2010-02-15 23:11 -------- d-----w- h:\documents and settings\All Users\Application Data\Lavasoft
2010-02-15 23:10 . 2010-02-15 23:10 -------- d-----w- h:\program files\Lavasoft
2010-02-14 23:38 . 2010-02-14 23:38 -------- d-----w- h:\program files\CCleaner
2010-02-14 22:38 . 2010-02-14 22:57 -------- d-----w- h:\documents and settings\Nemesis\Local Settings\Application Data\Promosoft Corporation
2010-02-11 22:41 . 2010-02-11 22:41 -------- d-----w- h:\program files\ReflexiveArcade
2010-02-10 22:39 . 2010-02-10 22:39 -------- d-----w- h:\documents and settings\HelpAssistant\WINDOWS
2010-02-10 22:39 . 2010-02-10 22:39 -------- d-----w- h:\documents and settings\HelpAssistant\UserData
2010-02-10 22:23 . 2009-08-22 05:46 -------- d-sh--w- h:\documents and settings\HelpAssistant\IETldCache
2010-02-10 19:04 . 2010-02-18 01:54 -------- d-----w- h:\documents and settings\Nemesis\Local Settings\Application Data\Wings of Prey
2010-02-10 19:02 . 2010-02-10 19:02 -------- d-----w- h:\documents and settings\Nemesis\Local Settings\Application Data\WOP
2010-02-10 19:02 . 2010-02-10 19:02 -------- d-----w- h:\documents and settings\All Users\Application Data\WOP
2010-01-23 15:01 . 2010-01-23 15:02 -------- d-----w- h:\documents and settings\Nemesis\Application Data\Ventrilo
2010-01-23 15:00 . 2010-01-23 15:00 -------- d-----w- h:\program files\Ventrilo

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-18 23:12 . 2007-08-09 20:32 -------- d-----w- h:\program files\LFS
2010-02-18 02:23 . 2009-11-11 00:49 -------- d-----w- h:\program files\Steam
2010-02-17 00:07 . 2009-08-04 21:32 -------- d-----w- h:\program files\Common Files\Wise Installation Wizard
2010-02-16 00:37 . 2008-04-02 20:33 -------- d---a-w- h:\documents and settings\All Users\Application Data\TEMP
2010-02-14 23:06 . 2008-11-08 02:03 -------- d-----w- h:\documents and settings\Nemesis\Application Data\Azureus
2010-02-11 22:01 . 2009-07-14 15:57 -------- d-----w- h:\program files\Microsoft Silverlight
2010-02-11 03:29 . 2008-07-01 23:34 -------- d-----w- h:\program files\Spybot - Search & Destroy
2010-02-11 03:27 . 2008-07-01 23:34 -------- d-----w- h:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-02-04 00:46 . 2008-09-07 04:05 -------- d-----w- h:\program files\Pool Sharks
2010-01-25 01:49 . 2008-12-08 22:12 -------- d-----w- h:\documents and settings\Nemesis\Application Data\Xfire
2010-01-15 22:39 . 2008-12-08 22:11 -------- d-----w- h:\program files\Xfire
2010-01-15 03:17 . 2008-12-09 23:44 215104 ----a-w- h:\windows\system32\PnkBstrB.exe
2010-01-15 02:47 . 2008-12-09 23:44 138576 ----a-w- h:\windows\system32\drivers\PnkBstrK.sys
2010-01-14 22:47 . 2007-12-30 20:25 -------- d-----w- h:\documents and settings\Nemesis\Application Data\Apple Computer
2010-01-14 22:45 . 2010-01-14 22:44 -------- d-----w- h:\program files\iTunes
2010-01-14 22:45 . 2010-01-14 22:44 -------- d-----w- h:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-01-14 22:44 . 2010-01-14 22:44 -------- d-----w- h:\program files\iPod
2010-01-14 22:44 . 2007-12-30 20:24 -------- d-----w- h:\program files\Common Files\Apple
2010-01-14 22:43 . 2010-01-14 22:43 -------- d-----w- h:\program files\QuickTime
2010-01-14 22:38 . 2010-01-14 22:38 79144 ----a-w- h:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-12-31 21:33 . 2009-12-31 21:33 -------- d-----w- h:\documents and settings\All Users\Application Data\Codemasters
2009-12-31 16:50 . 2006-02-28 12:00 353792 ----a-w- h:\windows\system32\drivers\srv.sys
2009-12-31 00:46 . 2008-11-09 23:59 -------- d-----w- h:\documents and settings\Nemesis\Application Data\DVD Flick
2009-12-27 19:39 . 2008-11-08 02:03 -------- d-----w- h:\program files\Vuze
2009-12-24 20:53 . 2009-09-15 22:25 445016 ----a-w- h:\windows\system32\wrap_oal.dll
2009-12-24 20:53 . 2009-09-15 22:25 109144 ----a-w- h:\windows\system32\OpenAL32.dll
2009-12-24 20:53 . 2009-09-15 22:25 -------- d-----w- h:\program files\OpenAL
2009-12-22 23:59 . 2009-12-22 23:59 41872 ----a-w- h:\windows\system32\xfcodec.dll
2009-12-21 23:37 . 2009-12-21 23:00 -------- d-----w- h:\program files\FRAPS
2009-12-21 23:00 . 2007-06-23 21:43 -------- d-----w- h:\program files\Google
2009-12-21 19:14 . 2006-02-28 12:00 916480 ------w- h:\windows\system32\wininet.dll
2009-12-16 18:43 . 2007-06-13 15:00 343040 ----a-w- h:\windows\system32\mspaint.exe
2009-12-14 07:08 . 2006-02-28 12:00 33280 ----a-w- h:\windows\system32\csrsrv.dll
2009-12-08 19:26 . 2006-02-28 12:00 2145280 ------w- h:\windows\system32\ntoskrnl.exe
2009-12-08 18:43 . 2004-08-03 22:59 2023936 ------w- h:\windows\system32\ntkrnlpa.exe
2009-12-06 22:37 . 2008-11-10 11:53 10686001 ----a-w- h:\documents and settings\Nemesis\Application Data\Azureus\plugins\azump\mplayer.exe
2009-12-04 18:22 . 2006-02-28 12:00 455424 ----a-w- h:\windows\system32\drivers\mrxsmb.sys
2009-12-02 13:19 . 2010-02-15 23:11 64288 ----a-w- h:\windows\system32\drivers\Lbd.sys
2009-11-27 17:11 . 2006-02-28 12:00 1291776 ----a-w- h:\windows\system32\quartz.dll
2009-11-27 17:11 . 2004-08-04 00:56 17920 ----a-w- h:\windows\system32\msyuv.dll
2009-11-27 16:07 . 2006-02-28 12:00 28672 ----a-w- h:\windows\system32\msvidc32.dll
2009-11-27 16:07 . 2001-08-17 22:36 8704 ----a-w- h:\windows\system32\tsbyuv.dll
2009-11-27 16:07 . 2006-02-28 12:00 84992 ----a-w- h:\windows\system32\avifil32.dll
2009-11-27 16:07 . 2006-02-28 12:00 11264 ----a-w- h:\windows\system32\msrle32.dll
2009-11-27 16:07 . 2004-08-04 00:56 48128 ----a-w- h:\windows\system32\iyuv_32.dll
2009-11-21 15:51 . 2006-02-28 12:00 471552 ----a-w- h:\windows\AppPatch\aclayers.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-02-18_12.38.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-19 11:55 . 2010-02-19 11:55 16384 h:\windows\Temp\Perflib_Perfdata_9c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829} "= "h:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune "= "h:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kernel and Hardware Abstraction Layer "= "KHALMNPR.EXE" [2008-02-29 76304]
"SunJavaUpdateSched "= "h:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"Logitech Hardware Abstraction Layer "= "KHALMNPR.EXE" [2008-02-29 76304]
"AVG8_TRAY "= "h:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-11 2043160]
"Adobe Reader Speed Launcher "= "h:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"nwiz "= "h:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-07-09 1657376]
"NvMediaCenter "= "h:\windows\system32\NvMcTray.dll" [2009-07-14 86016]
"NvCplDaemon "= "h:\windows\system32\NvCpl.dll" [2009-07-14 13877248]
"a-squared "= "h:\program files\a-squared Anti-Malware\a2guard.exe" [2010-01-02 3280712]

h:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - h:\program files\Logitech\SetPoint\SetPoint.exe [2009-5-18 805392]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "h:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- h:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-17 16:44 11952 ----a-w- h:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=" "

[HKLM\~\startupfolder\H:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
path=h:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
backup=h:\windows\pss\Microsoft Works Calendar Reminders.lnkCommon Startup

[HKLM\~\startupfolder\H:^Documents and Settings^Nemesis^Start Menu^Programs^Startup^IMVU.lnk]
path=h:\documents and settings\Nemesis\Start Menu\Programs\Startup\IMVU.lnk
backup=h:\windows\pss\IMVU.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
2009-05-19 05:23 49968 ----a-w- h:\program files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 19:40 155648 ----a-w- h:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]
2007-09-04 23:25 81920 ----a-w- h:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Apple Mobile Device "=2 (0x2)
"CCALib8 "=2 (0x2)
"iPod Service "=3 (0x3)
"RoxLiveShare9 "=2 (0x2)
"PnkBstrB "=2 (0x2)
"PnkBstrA "=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SUPERAntiSpyware "=h:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
"SpybotSD TeaTimer "=h:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"WorksFUD "=h:\program files\Microsoft Works\wkfud.exe
"Microsoft Works Update Detection "=h:\program files\Microsoft Works\WkDetect.exe
"Microsoft Works Portfolio "=h:\program files\Microsoft Works\WksSb.exe /AllUsers

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"h:\\Program Files\\Messenger\\msmsgs.exe "=
"h:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe "=
"h:\\Program Files\\AIM6\\aim6.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"h:\\Program Files\\LFS\\LFS.exe "=
"h:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe "=
"h:\\WINDOWS\\system32\\dpnsvr.exe "=
"h:\\Program Files\\FrostWire\\FrostWire.exe "=
"h:\\Program Files\\AVG\\AVG8\\avgupd.exe "=
"h:\\Program Files\\AVG\\AVG8\\avgemc.exe "=
"h:\\Program Files\\Microsoft Games\\Combat Flight Simulator 3\\cfs3.exe "=
"h:\\Documents and Settings\\Nemesis\\Local Settings\\Application Data\\Xenocode\\ApplianceCaches\\KumaClient.exe_v60664C46\\Native\\STUBEXE\\@PROGRAMFILES@\\Kuma Games\\KumaWar\\KumaWar.exe "=
"h:\\Program Files\\Vuze\\Azureus.exe "=
"h:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe "=
"h:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe "=
"h:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe "=
"h:\\Program Files\\Xfire\\Xfire.exe "=
"h:\\WINDOWS\\system32\\PnkBstrA.exe "=
"h:\\WINDOWS\\system32\\PnkBstrB.exe "=
"h:\\WINDOWS\\system32\\dpvsetup.exe "=
"h:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"h:\\Documents and Settings\\Nemesis\\Local Settings\\Application Data\\Xenocode\\ApplianceCaches\\KumaClient.exe_v21EC7D1F\\Native\\STUBEXE\\@PROGRAMFILES@\\Kuma Games\\Kuma.exe "=
"h:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe "=
"h:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe "=
"h:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe "=
"h:\\Program Files\\iTunes\\iTunes.exe "=
"h:\\Program Files\\Ventrilo\\Ventrilo.exe "=
"h:\\Program Files\\Steam\\SteamApps\\common\\wings of prey\\launcher.exe "=
"h:\\Program Files\\Steam\\SteamApps\\common\\wings of prey\\acess.exe "=
"h:\\Program Files\\Steam\\SteamApps\\common\\call of duty modern warfare 2\\iw4sp.exe "=
"h:\\Program Files\\Steam\\SteamApps\\common\\call of duty modern warfare 2\\iw4mp.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9420:TCP "= 9420:TCP:Akamai NetSession Interface
"5000:UDP "= 5000:UDP:Akamai NetSession Interface
"1885:TCP "= 1885:TCP:Akamai NetSession Interface
"1039:TCP "= 1039:TCP:Akamai NetSession Interface
"1839:TCP "= 1839:TCP:Akamai NetSession Interface
"2783:TCP "= 2783:TCP:Akamai NetSession Interface
"4491:TCP "= 4491:TCP:Akamai NetSession Interface
"1672:TCP "= 1672:TCP:Akamai NetSession Interface
"1891:TCP "= 1891:TCP:Akamai NetSession Interface
"4508:TCP "= 4508:TCP:Akamai NetSession Interface
"4528:TCP "= 4528:TCP:Akamai NetSession Interface
"1508:TCP "= 1508:TCP:Akamai NetSession Interface
"2861:TCP "= 2861:TCP:Akamai NetSession Interface
"1662:TCP "= 1662:TCP:Akamai NetSession Interface
"3902:TCP "= 3902:TCP:Akamai NetSession Interface
"3922:TCP "= 3922:TCP:Akamai NetSession Interface
"1546:TCP "= 1546:TCP:Akamai NetSession Interface
"2276:TCP "= 2276:TCP:Akamai NetSession Interface
"3416:TCP "= 3416:TCP:Akamai NetSession Interface
"3493:TCP "= 3493:TCP:Akamai NetSession Interface
"1651:TCP "= 1651:TCP:Akamai NetSession Interface
"4009:TCP "= 4009:TCP:Akamai NetSession Interface
"2838:TCP "= 2838:TCP:Akamai NetSession Interface
"2376:TCP "= 2376:TCP:Akamai NetSession Interface
"2168:TCP "= 2168:TCP:Akamai NetSession Interface
"1383:TCP "= 1383:TCP:Akamai NetSession Interface
"3482:TCP "= 3482:TCP:Akamai NetSession Interface
"2407:TCP "= 2407:TCP:Akamai NetSession Interface
"2479:TCP "= 2479:TCP:Services
"3956:TCP "= 3956:TCP:Akamai NetSession Interface
"2297:TCP "= 2297:TCP:Akamai NetSession Interface
"3771:TCP "= 3771:TCP:Akamai NetSession Interface
"3789:TCP "= 3789:TCP:Akamai NetSession Interface
"2231:TCP "= 2231:TCP:Akamai NetSession Interface
"1038:TCP "= 1038:TCP:Akamai NetSession Interface
"1722:TCP "= 1722:TCP:Akamai NetSession Interface
"3990:TCP "= 3990:TCP:Akamai NetSession Interface
"2210:TCP "= 2210:TCP:Akamai NetSession Interface
"4062:TCP "= 4062:TCP:Akamai NetSession Interface
"1556:TCP "= 1556:TCP:Akamai NetSession Interface
"1790:TCP "= 1790:TCP:Akamai NetSession Interface
"1804:TCP "= 1804:TCP:Akamai NetSession Interface
"1050:TCP "= 1050:TCP:Akamai NetSession Interface
"1064:TCP "= 1064:TCP:Akamai NetSession Interface
"1663:TCP "= 1663:TCP:Akamai NetSession Interface
"2756:TCP "= 2756:TCP:Akamai NetSession Interface
"3492:TCP "= 3492:TCP:Akamai NetSession Interface
"1500:TCP "= 1500:TCP:Akamai NetSession Interface
"3674:TCP "= 3674:TCP:Akamai NetSession Interface
"4853:TCP "= 4853:TCP:Akamai NetSession Interface
"1088:TCP "= 1088:TCP:Akamai NetSession Interface
"2154:TCP "= 2154:TCP:Akamai NetSession Interface
"4315:TCP "= 4315:TCP:Akamai NetSession Interface
"3253:TCP "= 3253:TCP:Akamai NetSession Interface
"1040:TCP "= 1040:TCP:Akamai NetSession Interface
"1637:TCP "= 1637:TCP:Akamai NetSession Interface
"3152:TCP "= 3152:TCP:Akamai NetSession Interface
"3440:TCP "= 3440:TCP:Akamai NetSession Interface
"1068:TCP "= 1068:TCP:Akamai NetSession Interface
"1605:TCP "= 1605:TCP:Akamai NetSession Interface
"4592:TCP "= 4592:TCP:Akamai NetSession Interface
"2257:TCP "= 2257:TCP:Akamai NetSession Interface
"4446:TCP "= 4446:TCP:Akamai NetSession Interface
"4018:TCP "= 4018:TCP:Akamai NetSession Interface
"1094:TCP "= 1094:TCP:Akamai NetSession Interface
"2519:TCP "= 2519:TCP:Akamai NetSession Interface
"4767:TCP "= 4767:TCP:Akamai NetSession Interface
"1648:TCP "= 1648:TCP:Akamai NetSession Interface
"1439:TCP "= 1439:TCP:Akamai NetSession Interface
"1968:TCP "= 1968:TCP:Akamai NetSession Interface
"2418:TCP "= 2418:TCP:Akamai NetSession Interface
"4506:TCP "= 4506:TCP:Akamai NetSession Interface
"3629:TCP "= 3629:TCP:Akamai NetSession Interface
"3327:TCP "= 3327:TCP:Akamai NetSession Interface
"2617:TCP "= 2617:TCP:Akamai NetSession Interface
"2289:TCP "= 2289:TCP:Akamai NetSession Interface
"1844:TCP "= 1844:TCP:Akamai NetSession Interface
"2247:TCP "= 2247:TCP:Akamai NetSession Interface
"2148:TCP "= 2148:TCP:Akamai NetSession Interface
"3396:TCP "= 3396:TCP:Akamai NetSession Interface
"2129:TCP "= 2129:TCP:Akamai NetSession Interface
"2155:TCP "= 2155:TCP:Akamai NetSession Interface
"3783:TCP "= 3783:TCP:Akamai NetSession Interface
"2141:TCP "= 2141:TCP:Akamai NetSession Interface
"1811:TCP "= 1811:TCP:Akamai NetSession Interface
"4991:TCP "= 4991:TCP:Akamai NetSession Interface
"3364:TCP "= 3364:TCP:Akamai NetSession Interface
"2439:TCP "= 2439:TCP:Akamai NetSession Interface
"1767:TCP "= 1767:TCP:Akamai NetSession Interface
"3569:TCP "= 3569:TCP:Akamai NetSession Interface
"1943:TCP "= 1943:TCP:Akamai NetSession Interface
"2986:TCP "= 2986:TCP:Akamai NetSession Interface
"3232:TCP "= 3232:TCP:Akamai NetSession Interface
"4541:TCP "= 4541:TCP:Akamai NetSession Interface
"1056:TCP "= 1056:TCP:Akamai NetSession Interface
"4623:TCP "= 4623:TCP:Akamai NetSession Interface
"4029:TCP "= 4029:TCP:Akamai NetSession Interface
"3928:TCP "= 3928:TCP:Akamai NetSession Interface
"3078:TCP "= 3078:TCP:Akamai NetSession Interface
"1830:TCP "= 1830:TCP:Akamai NetSession Interface
"1249:TCP "= 1249:TCP:Akamai NetSession Interface
"1358:TCP "= 1358:TCP:Akamai NetSession Interface
"1063:TCP "= 1063:TCP:Akamai NetSession Interface
"1467:TCP "= 1467:TCP:Akamai NetSession Interface
"2896:TCP "= 2896:TCP:Akamai NetSession Interface
"2870:TCP "= 2870:TCP:Akamai NetSession Interface
"1243:TCP "= 1243:TCP:Akamai NetSession Interface
"2798:TCP "= 2798:TCP:Akamai NetSession Interface
"2111:TCP "= 2111:TCP:Akamai NetSession Interface
"4220:TCP "= 4220:TCP:Akamai NetSession Interface
"2162:TCP "= 2162:TCP:Akamai NetSession Interface
"1964:TCP "= 1964:TCP:Akamai NetSession Interface
"4268:TCP "= 4268:TCP:Akamai NetSession Interface
"3971:TCP "= 3971:TCP:Akamai NetSession Interface
"2290:TCP "= 2290:TCP:Akamai NetSession Interface
"4572:TCP "= 4572:TCP:Akamai NetSession Interface
"2777:TCP "= 2777:TCP:Akamai NetSession Interface
"1334:TCP "= 1334:TCP:Akamai NetSession Interface
"4096:TCP "= 4096:TCP:Akamai NetSession Interface
"1176:TCP "= 1176:TCP:Akamai NetSession Interface
"1327:TCP "= 1327:TCP:Akamai NetSession Interface
"2788:TCP "= 2788:TCP:Akamai NetSession Interface
"1638:TCP "= 1638:TCP:Akamai NetSession Interface
"1742:TCP "= 1742:TCP:Akamai NetSession Interface
"1959:TCP "= 1959:TCP:Akamai NetSession Interface
"4250:TCP "= 4250:TCP:Akamai NetSession Interface
"4750:TCP "= 4750:TCP:Akamai NetSession Interface
"1304:TCP "= 1304:TCP:Akamai NetSession Interface
"4292:TCP "= 4292:TCP:Akamai NetSession Interface
"1539:TCP "= 1539:TCP:Akamai NetSession Interface
"4992:TCP "= 4992:TCP:Akamai NetSession Interface
"4953:TCP "= 4953:TCP:Akamai NetSession Interface
"3168:TCP "= 3168:TCP:Akamai NetSession Interface
"2015:TCP "= 2015:TCP:Akamai NetSession Interface
"4584:TCP "= 4584:TCP:Akamai NetSession Interface
"1786:TCP "= 1786:TCP:Akamai NetSession Interface
"4074:TCP "= 4074:TCP:Akamai NetSession Interface
"2681:TCP "= 2681:TCP:Akamai NetSession Interface
"1751:TCP "= 1751:TCP:Akamai NetSession Interface
"1042:TCP "= 1042:TCP:Akamai NetSession Interface
"1374:TCP "= 1374:TCP:Akamai NetSession Interface
"3994:TCP "= 3994:TCP:Akamai NetSession Interface
"3985:TCP "= 3985:TCP:Akamai NetSession Interface
"4004:TCP "= 4004:TCP:Akamai NetSession Interface
"4746:TCP "= 4746:TCP:Akamai NetSession Interface
"1229:TCP "= 1229:TCP:Akamai NetSession Interface
"4495:TCP "= 4495:TCP:Akamai NetSession Interface
"3879:TCP "= 3879:TCP:Akamai NetSession Interface
"1634:TCP "= 1634:TCP:Akamai NetSession Interface
"2484:TCP "= 2484:TCP:Akamai NetSession Interface
"2131:TCP "= 2131:TCP:Akamai NetSession Interface
"1501:TCP "= 1501:TCP:Akamai NetSession Interface
"1523:TCP "= 1523:TCP:Akamai NetSession Interface
"3381:TCP "= 3381:TCP:Akamai NetSession Interface
"4481:TCP "= 4481:TCP:Akamai NetSession Interface
"4499:TCP "= 4499:TCP:Akamai NetSession Interface
"4100:TCP "= 4100:TCP:Akamai NetSession Interface
"1808:TCP "= 1808:TCP:Akamai NetSession Interface
"2066:TCP "= 2066:TCP:Akamai NetSession Interface
"1710:TCP "= 1710:TCP:Akamai NetSession Interface
"2384:TCP "= 2384:TCP:Akamai NetSession Interface
"3715:TCP "= 3715:TCP:Akamai NetSession Interface
"3721:TCP "= 3721:TCP:Akamai NetSession Interface
"3743:TCP "= 3743:TCP:Akamai NetSession Interface
"2461:TCP "= 2461:TCP:Akamai NetSession Interface
"1151:TCP "= 1151:TCP:Akamai NetSession Interface
"3710:TCP "= 3710:TCP:Akamai NetSession Interface
"1032:TCP "= 1032:TCP:Akamai NetSession Interface
"1372:TCP "= 1372:TCP:Akamai NetSession Interface
"1379:TCP "= 1379:TCP:Akamai NetSession Interface
"4304:TCP "= 4304:TCP:Akamai NetSession Interface
"3826:TCP "= 3826:TCP:Akamai NetSession Interface
"1646:TCP "= 1646:TCP:Akamai NetSession Interface
"3141:TCP "= 3141:TCP:Akamai NetSession Interface
"3696:TCP "= 3696:TCP:Akamai NetSession Interface
"2851:TCP "= 2851:TCP:Akamai NetSession Interface
"3737:TCP "= 3737:TCP:Akamai NetSession Interface
"2893:TCP "= 2893:TCP:Akamai NetSession Interface
"1843:TCP "= 1843:TCP:Akamai NetSession Interface
"1221:TCP "= 1221:TCP:Akamai NetSession Interface
"3075:TCP "= 3075:TCP:Akamai NetSession Interface
"1341:TCP "= 1341:TCP:Akamai NetSession Interface
"3726:TCP "= 3726:TCP:Akamai NetSession Interface
"2993:TCP "= 2993:TCP:Akamai NetSession Interface
"3000:TCP "= 3000:TCP:Akamai NetSession Interface
"3006:TCP "= 3006:TCP:Akamai NetSession Interface
"56770:TCP "= 56770:TCPando Media Booster
"56770:UDP "= 56770:UDPando Media Booster
"65533:TCP "= 65533:TCP:Services
"52344:TCP "= 52344:TCP:Services
"3246:TCP "= 3246:TCP:Services
"3389:TCP "= 3389:TCP:Remote Desktop

R0 Lbd;Lbd;h:\windows\system32\drivers\Lbd.sys [2/15/2010 6:11 PM 64288]
R1 AvgLdx86;AVG AVI Loader Driver x86;h:\windows\system32\drivers\avgldx86.sys [7/1/2008 4:01 PM 335240]
R1 AvgTdiX;AVG8 Network Redirector;h:\windows\system32\drivers\avgtdix.sys [7/1/2008 4:02 PM 108552]
R1 SASDIFSV;SASDIFSV;h:\program files\SUPERAntiSpyware\sasdifsv.sys [1/5/2010 7:56 AM 9968]
R1 SASKUTIL;SASKUTIL;h:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/5/2010 7:56 AM 74480]
R2 a2AntiMalware;a-squared Anti-Malware Service;h:\program files\a-squared Anti-Malware\a2service.exe [2/17/2010 6:00 AM 1858144]
R2 avg8emc;AVG8 E-mail Scanner;h:\progra~1\AVG\AVG8\avgemc.exe [7/2/2008 9:25 AM 908056]
R2 avg8wd;AVG8 WatchDog;h:\progra~1\AVG\AVG8\avgwdsvc.exe [7/2/2008 9:25 AM 297752]
R2 LBeepKE;LBeepKE;h:\windows\system32\drivers\LBeepKE.sys [6/13/2007 10:16 AM 3712]
R2 Viewpoint Manager Service;Viewpoint Manager Service;h:\program files\Viewpoint\Common\ViewpointService.exe [4/12/2008 3:36 PM 24652]
S2 Akamai;Akamai;h:\windows\System32\svchost.exe -k Akamai [2/28/2006 7:00 AM 14336]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;h:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/2/2009 8:19 AM 1181328]
S3 SASENUM;SASENUM;h:\program files\SUPERAntiSpyware\SASENUM.SYS [1/5/2010 7:56 AM 7408]
S3 SRS_ViewSonic;SRS Labs WOW HD ViewSonic;h:\windows\system32\drivers\SRS_ViewSonic_i386.sys [12/17/2009 5:14 AM 37504]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder

2010-02-19 h:\windows\Tasks\Ad-Aware Update (Daily 1).job
- h:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 23:11]

2010-02-19 h:\windows\Tasks\Ad-Aware Update (Daily 2).job
- h:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 23:11]

2010-02-19 h:\windows\Tasks\Ad-Aware Update (Daily 3).job
- h:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 23:11]

2010-02-19 h:\windows\Tasks\Ad-Aware Update (Daily 4).job
- h:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 23:11]

2010-02-19 h:\windows\Tasks\Ad-Aware Update (Weekly).job
- h:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 23:11]

2009-12-31 h:\windows\Tasks\AppleSoftwareUpdate.job
- h:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2008-07-02 h:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- h:\program files\Spybot - Search & Destroy\SpybotSD.exe [2008-07-01 20:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.myspace.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - h:\documents and settings\Nemesis\Start Menu\Programs\IMVU\Run IMVU.lnk
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.6.4/GarminAxControl.CAB
FF - ProfilePath - h:\documents and settings\Nemesis\Application Data\Mozilla\Firefox\Profiles\8z68sdyq.default\
FF - prefs.js: browser.startup.homepage - www.Dropzone.com
FF - component: h:\documents and settings\Nemesis\Application Data\Mozilla\Firefox\Profiles\8z68sdyq.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
FF - plugin: h:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: h:\documents and settings\Nemesis\Application Data\Mozilla\Firefox\Profiles\8z68sdyq.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: h:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - h:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
h:\program files\Mozilla Firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
h:\program files\Mozilla Firefox\greprefs\all.js - pref( "ui.use_native_popup_windows ", false);
h:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.enable_click_image_resizing ", true);
h:\program files\Mozilla Firefox\greprefs\all.js - pref( "accessibility.browsewithcaret_shortcut.enabled ", true);
h:\program files\Mozilla Firefox\greprefs\all.js - pref( "javascript.options.mem.high_water_mark ", 32);
h:\program files\Mozilla Firefox\greprefs\all.js - pref( "javascript.options.mem.gc_frequency ", 1600);
h:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
h:\program files\Mozilla Firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
h:\program files\Mozilla Firefox\greprefs\all.js - pref( "ui.trackpoint_hack.enabled ", -1);
h:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.debug ", false);
h:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.agedWeight ", 2);
h:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.bucketSize ", 1);
h:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.maxTimeGroupings ", 25);
h:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.timeGroupingSize ", 604800);
h:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.boundaryWeight ", 25);
h:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.prefixWeight ", 5);
h:\program files\Mozilla Firefox\greprefs\all.js - pref( "html5.enable ", false);
h:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref( "app.update.download.backgroundInterval ", 600);
h:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref( "app.update.url.manual ", "http://www.firefox.com ");
h:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref( "browser.search.param.yahoo-fr-ja ", "mozff ");
h:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
h:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
h:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add ", "addons.mozilla.org ");
h:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add.36 ", "getpersonas.com ");
h:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "lightweightThemes.update.enabled ", true);
h:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.allTabs.previews ", false);
h:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "plugins.hide_infobar_for_outdated_plugin ", false);
h:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
h:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "toolbar.customization.usesheet ", false);
h:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.enable ", false);
h:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.max ", 20);
h:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.cachetime ", 20);
.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(644)
h:\program files\SUPERAntiSpyware\SASWINLO.dll
h:\windows\system32\WININET.dll
.
Completion time: 2010-02-19 07:13:04
ComboFix-quarantined-files.txt 2010-02-19 12:13
ComboFix2.txt 2010-02-18 12:41

Pre-Run: 141,970,944,000 bytes free
Post-Run: 141,918,982,144 bytes free

- - End Of File - - 4BDC1987721799E6DC51F16302D24610

NEW hijackThis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:13:39 AM, on 2/19/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\csrss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\nvsvc32.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\spoolsv.exe
H:\WINDOWS\system32\svchost.exe
H:\Program Files\a-squared Anti-Malware\a2service.exe
H:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
H:\Program Files\Bonjour\mDNSResponder.exe
H:\Program Files\Common Files\LightScribe\LSSrvc.exe
H:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
H:\PROGRA~1\AVG\AVG8\avgrsx.exe
H:\PROGRA~1\AVG\AVG8\avgnsx.exe
H:\WINDOWS\system32\svchost.exe
H:\Program Files\Viewpoint\Common\ViewpointService.exe
H:\PROGRA~1\AVG\AVG8\avgemc.exe
H:\Program Files\AVG\AVG8\avgcsrvx.exe
H:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
H:\WINDOWS\system32\ctfmon.exe
H:\WINDOWS\System32\alg.exe
H:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
H:\WINDOWS\system32\wscntfy.exe
H:\ComboFix\CF24806.cfxxe
H:\ComboFix\mbr.cfxxe
H:\WINDOWS\system32\wbem\wmiprvse.exe
H:\WINDOWS\system32\notepad.exe
H:\WINDOWS\explorer.exe
H:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.inbox.com/search/ie.aspx?tb_id=70026
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.inbox.com/support/sa_customize.aspx?TbId=70026
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - H:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - H:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - H:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - H:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - H:\Program Files\MSN\Toolbar\3.0.1303.0\msneshellx.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - H:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Program Files\Java\jre1.6.0_05\bin\jusched.exe "
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] H:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [nwiz] H:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE H:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [a-squared] "H:\Program Files\a-squared Anti-Malware\a2guard.exe "
O4 - HKCU\..\Run: [NVIDIA nTune] "H:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - Global Startup: Logitech SetPoint.lnk = H:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - H:\Documents and Settings\Nemesis\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Garmin Communicator Plug-In - https://my.garmin.com/static/m/cab/2.6.4/GarminAxControl.CAB
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.8.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://games.myspace.com/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - H:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - H:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - H:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - H:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - H:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - H:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - H:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Software Updater (gusvc) - Google - H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - H:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - H:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - H:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - H:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - H:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - H:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - H:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - H:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 9058 bytes

broni · 2010/02/19

How are the issues?

Uninstall Combofix:
Go Start > Run [Vista users, go Start> "Start search"]
Type in:
Combofix /Uninstall
Note the space between the "Combofix" and the "/Uninstall "
Click OK (Vista users - press Enter).
Restart computer.

==============================================================

1. Download Temp File Cleaner (TFC)
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

2. Go to Kaspersky website and perform an online antivirus scan.

1. Disable your active antivirus program.
2. Read through the requirements and privacy statement and click on Accept button.
3. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
4. When the downloads have finished, click on Settings.
5. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

Spyware, Adware, Dialers, and other potentially dangerous programs
[*] Archives
[*] Mail databases

6. Click on My Computer under Scan.
7. Once the scan is complete, it will display the results. Click on View Scan Report.
8. You will see a list of infected items there. Click on Save Report As....
9. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

Post fresh HijackThis log as well.

SxRacer108 · 2010/02/20

The issues have gone away..everything is running smooth. ill update again once Kaspersky's scan is done..the only thing im wondering is about the mbr log...it still says

malicious code @ sector 0x01D1C06C3 !
PE file found in sector at 0x01D1C06D9 !

broni · 2010/02/20

Good
The above mbr log section only says, that there WAS an infection, but as long, as the first part reads:

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
Click to expand...

...all is clean.

SxRacer108 · 2010/02/21

then it looks like I'm clean Broni!

broni · 2010/02/21

I still need you to follow steps from my reply #11.

SxRacer108 · 2010/02/22

will do this evening as soon as i get home from work

broni · 2010/02/22

Ok ...

SxRacer108 · 2010/02/23

ok Kaspersky's found 4... heres the Log:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Tuesday, February 23, 2010
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Tuesday, February 23, 2010 03:11:43
Records in database: 3632594
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\

Scan statistics:
Objects scanned: 179985
Threats found: 4
Infected objects found: 4
Suspicious objects found: 0
Scan duration: 02:40:21

File name / Threat / Threats count
H:\Documents and Settings\Nemesis\Desktop\Incomplete\T-5177239-lap dance is so much better new cover version.mp3 Infected: Trojan-Downloader.WMA.GetCodec.s 1
H:\Documents and Settings\Nemesis\Desktop\Limewire\Saving Abel - She Got Over Me(1).mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1
H:\Program Files\MP3 Player Utilities 4.00\DelDrv.exe Infected: not-a-virus:RiskTool.Win32.Deleter.e 1
H:\System Volume Information\_restore{9FBAB37D-6CD1-4CA1-96E1-096EB493E8B1}\RP142\A0064196.dll Infected: not-a-virus:AdWare.Win32.Gamevance.bia 1

Selected area has been scanned.

And here's the new hijacK:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:14:25 AM, on 2/23/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\csrss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\nvsvc32.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\spoolsv.exe
H:\WINDOWS\system32\svchost.exe
H:\Program Files\a-squared Anti-Malware\a2service.exe
H:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
H:\Program Files\Bonjour\mDNSResponder.exe
H:\Program Files\Java\jre6\bin\jqs.exe
H:\Program Files\Common Files\LightScribe\LSSrvc.exe
H:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
H:\PROGRA~1\AVG\AVG8\avgrsx.exe
H:\WINDOWS\system32\svchost.exe
H:\Program Files\Viewpoint\Common\ViewpointService.exe
H:\PROGRA~1\AVG\AVG8\avgemc.exe
H:\Program Files\AVG\AVG8\avgcsrvx.exe
H:\WINDOWS\System32\alg.exe
H:\WINDOWS\Explorer.EXE
H:\PROGRA~1\AVG\AVG8\avgtray.exe
H:\WINDOWS\system32\RUNDLL32.EXE
H:\Program Files\Common Files\Java\Java Update\jusched.exe
H:\WINDOWS\system32\ctfmon.exe
H:\PROGRA~1\AVG\AVG8\avgnsx.exe
H:\WINDOWS\system32\wbem\unsecapp.exe
H:\WINDOWS\system32\wbem\wmiprvse.exe
H:\WINDOWS\system32\wscntfy.exe
H:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
H:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
H:\Program Files\Trend Micro\HijackThis\HijackThis.exe
H:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.inbox.com/search/ie.aspx?tb_id=70026
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.inbox.com/support/sa_customize.aspx?TbId=70026
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - H:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - H:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - H:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - H:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - H:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - H:\Program Files\MSN\Toolbar\3.0.1303.0\msneshellx.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - H:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] H:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [nwiz] H:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE H:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [a-squared] "H:\Program Files\a-squared Anti-Malware\a2guard.exe "
O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Program Files\Common Files\Java\Java Update\jusched.exe "
O4 - HKCU\..\Run: [NVIDIA nTune] "H:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Logitech SetPoint.lnk = H:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - H:\Documents and Settings\Nemesis\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Garmin Communicator Plug-In - https://my.garmin.com/static/m/cab/2.6.4/GarminAxControl.CAB
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.8.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://games.myspace.com/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - H:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - H:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - H:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - H:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - H:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - H:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - H:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Software Updater (gusvc) - Google - H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - H:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - H:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - H:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - H:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - H:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - H:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - H:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - H:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - H:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 9309 bytes

broni · 2010/02/23

Please download OTM

Save it to your desktop.

Please double-click OTM to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).

Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
Code:
:Processes

:Services

:Reg

:Files
H:\Documents and Settings\Nemesis\Desktop\Incomplete\T-5177239-lap dance is so much better new cover version.mp3 
H:\Documents and Settings\Nemesis\Desktop\Limewire\Saving Abel - She Got Over Me(1).mp3 
H:\Program Files\MP3 Player Utilities 4.00\DelDrv.exe
      
:Commands
[purity]
[resethosts]
[emptytemp]
[Reboot]
Return to OTM, right click in the Paste Instructions for Items to be Movedwindow (under the yellow bar) and choose Paste.

Click the red Moveit! button.

Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.

Close OTM and reboot your PC.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

SxRacer108 · 2010/03/01

Those audio files that could not be found were deleted before this ran...

All processes killed
========== PROCESSES ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File/Folder H:\Documents and Settings\Nemesis\Desktop\Incomplete\T-5177239-lap dance is so much better new cover version.mp3 not found.
File/Folder H:\Documents and Settings\Nemesis\Desktop\Limewire\Saving Abel - She Got Over Me(1).mp3 not found.
H:\Program Files\MP3 Player Utilities 4.00\DelDrv.exe moved successfully.
========== COMMANDS ==========
H:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: HelpAssistant
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 480614 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 348 bytes

User: Nemesis
->Temp folder emptied: 119116476 bytes
->Temporary Internet Files folder emptied: 9280026 bytes
->Java cache emptied: 128123 bytes
->FireFox cache emptied: 73892843 bytes
->Flash cache emptied: 2398002 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 533900 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 196.00 mb

OTM by OldTimer - Version 3.1.10.0 log created on 03012010_123355

Files moved on Reboot...

Registry entries deleted on Reboot...

Log in or Sign up

Active Zeus infection strikes again...

SxRacer108 Inactive Thread Starter

Admin. Administrator Administrator Staff

SxRacer108 Inactive Thread Starter

SxRacer108 Inactive Thread Starter

SxRacer108 Inactive Thread Starter

broni Moderator Malware Analyst

SxRacer108 Inactive Thread Starter

SxRacer108 Inactive Thread Starter

broni Moderator Malware Analyst

SxRacer108 Inactive Thread Starter

broni Moderator Malware Analyst

SxRacer108 Inactive Thread Starter

broni Moderator Malware Analyst

SxRacer108 Inactive Thread Starter

broni Moderator Malware Analyst

SxRacer108 Inactive Thread Starter

broni Moderator Malware Analyst

SxRacer108 Inactive Thread Starter

broni Moderator Malware Analyst

SxRacer108 Inactive Thread Starter

Share This Page

Log in or Sign up

Active Zeus infection strikes again...

SxRacer108 Inactive Thread Starter

Admin. Administrator Administrator Staff

SxRacer108 Inactive Thread Starter

SxRacer108 Inactive Thread Starter

SxRacer108 Inactive Thread Starter

broni Moderator Malware Analyst

SxRacer108 Inactive Thread Starter

SxRacer108 Inactive Thread Starter

broni Moderator Malware Analyst

SxRacer108 Inactive Thread Starter

broni Moderator Malware Analyst

SxRacer108 Inactive Thread Starter

broni Moderator Malware Analyst

SxRacer108 Inactive Thread Starter

broni Moderator Malware Analyst

SxRacer108 Inactive Thread Starter

broni Moderator Malware Analyst

SxRacer108 Inactive Thread Starter

broni Moderator Malware Analyst

SxRacer108 Inactive Thread Starter

Share This Page

Useful Searches