XP shuts down. No error codes. No blue screen.

Re: XP shuts down. No error codes. No blue screen.
by flyinskwurl Yesterday at 7:53 am

.Sorry I gave misleading info. The problem I am having is with my desk top computer. I have opened the case and cleaned out the air intakes, fans and processor. That didn't change anything. Ventilation seems good.
I have discovered that I can boot up in Safe Mode and it keeps running...but as soon as I boot up in normal mode it will let me sign in and then shuts down to just a black screen. The HD seems to keep running.. seems like only the os is shutting down..
I have been able to run Malwarebytes and Ad-Aware(Safe Mode) and found nothing. I have ESET 4 installed as well as Spy Sweeper.
flyinskwurl

Newbie Surfer




Posts: 12
Joined: 2009-09-22
Operating System: windows xp home sp3

Please download ComboFix from BleepingComputer.com

Alternate link: GeeksToGo.com

Alternate link: Forospyware.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
  
• Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

• Click on Yes, to continue scanning for malware.
  
• When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.
  

I can't make this work. I think the problem lies with the part about renaming the ComboFix before I place it on my desktop. I have an icon there that reads "Shortcut to commy.exe" but when I do the Start>Run paste in the link and click OK I get a warning that says Windows can't find it. If I browse for it I get a warning that tells me "The Above file name is invalid".
I can only get windows to come up in SafeMode. I have disabled my security software.
Can you give me instructions as to how to rename the ComboFix before I place it on my desktop?

I tried running ComboFix from the desktop icon and it ran. But when it tried to reboot... it started up in normal mode and was starting to cerate a log file when the machine shut down just like it has been doing. I tried to restart but it let me log in and it populated the desktop icons and shut down.

ComboFix 09-12-07.01 - Eddie 12/07/2009 18:13.2.2 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1633 [GMT -5:00]
Running from: c:\documents and settings\Eddie\My Documents\Netscape files\commy.exe.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}


((((((((((((((((((((((((( Files Created from 2009-11-07 to 2009-12-07 )))))))))))))))))))))))))))))))
.

2009-12-07 18:05 . 2009-12-07 18:05 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2009-12-07 18:00 . 2009-12-07 18:00 -------- d-----w- c:\documents and settings\Administrator\Application Data\Windows Search
2009-12-07 17:55 . 2009-12-07 17:55 -------- d-----w- c:\documents and settings\Administrator\Application Data\Webroot
2009-12-07 17:46 . 2009-12-07 17:46 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Netscape
2009-12-07 17:46 . 2009-12-07 17:46 -------- d-----w- c:\documents and settings\Administrator\Application Data\Netscape
2009-12-05 16:15 . 2009-12-05 16:15 -------- d-----w- c:\windows\system32\wbem\Repository
2009-12-05 16:09 . 2009-12-05 16:09 -------- d-----r- C:\MSOCache
2009-11-30 03:11 . 2009-11-30 03:11 160032 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-11-30 03:10 . 2009-11-30 03:11 -------- d-----w- C:\d0d483da9881451b34
2009-11-28 15:31 . 2009-11-28 15:31 -------- d-----w- c:\program files\Handmark
2009-11-27 01:35 . 2004-03-29 20:23 90112 ----a-w- c:\windows\unvise32.exe
2009-11-24 00:10 . 2009-11-24 00:10 -------- d-----w- c:\documents and settings\Eddie\Local Settings\Application Data\LogMeIn
2009-11-24 00:10 . 2009-11-24 00:10 -------- d-----w- c:\documents and settings\All Users\Application Data\LogMeIn
2009-11-24 00:10 . 2009-11-24 00:10 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ICS
2009-11-24 00:09 . 2009-09-29 00:34 47416 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2009-11-24 00:09 . 2009-09-29 00:34 28984 ----a-w- c:\windows\system32\LMIport.dll
2009-11-24 00:09 . 2009-09-29 00:34 83288 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2009-11-24 00:09 . 2008-08-11 17:41 47640 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys
2009-11-24 00:09 . 2009-09-29 00:34 87352 ----a-w- c:\windows\system32\LMIinit.dll
2009-11-24 00:09 . 2009-12-07 18:06 -------- d-----w- c:\program files\LogMeIn
2009-11-24 00:06 . 2009-11-24 00:08 -------- d-----w- c:\documents and settings\Eddie\Local Settings\Application Data\Deployment
2009-11-22 13:13 . 2006-08-31 21:03 182272 ------w- c:\windows\system32\drivers\CLBUDF.sys
2009-11-22 13:13 . 2006-08-31 21:21 131072 ----a-w- c:\windows\IBUnInst.exe
2009-11-18 02:55 . 2009-11-18 03:11 -------- d-----w- c:\windows\system32\Temp
2009-11-15 23:31 . 2009-11-15 23:32 -------- d-----w- c:\documents and settings\Eddie\Application Data\vlc
2009-11-15 18:39 . 2009-11-15 18:39 -------- d-----w- c:\program files\VideoLAN
2009-11-15 18:39 . 2009-11-15 18:39 -------- d-----w- c:\program files\Sopcast_plugin
2009-11-15 18:36 . 2009-11-15 18:36 -------- d-----w- c:\program files\LIVE TV
2009-11-14 21:44 . 2009-11-14 21:44 -------- d-----w- c:\program files\MSECache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-07 19:29 . 2009-04-11 18:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-12-05 16:27 . 2007-11-04 23:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-05 16:13 . 2009-06-06 19:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-05 16:12 . 2007-11-05 00:34 -------- d-----w- c:\program files\Microsoft Works
2009-12-05 16:08 . 2009-10-26 16:44 -------- d-----w- c:\program files\Microsoft.NET
2009-12-04 19:00 . 2009-10-26 16:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-12-04 02:42 . 2007-11-05 00:37 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-12-02 12:00 . 2007-10-22 20:46 70872 ----a-w- c:\documents and settings\Eddie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-30 22:42 . 2007-11-04 20:10 -------- d-----w- c:\documents and settings\Eddie\Application Data\U3
2009-11-30 00:13 . 2007-10-22 21:16 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-25 20:18 . 2007-11-04 21:46 -------- d-----w- c:\program files\Lx_cats
2009-11-24 16:26 . 2008-04-13 22:00 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-11-24 16:24 . 2007-12-02 23:27 -------- d-----w- c:\program files\SpywareBlaster
2009-11-18 22:20 . 2009-05-21 11:13 -------- d-----w- c:\program files\Media Key
2009-11-14 21:45 . 2007-11-05 00:49 8296 ----a-w- c:\documents and settings\Eddie\Application Data\wklnhst.dat
2009-11-14 18:12 . 2009-03-21 14:39 164 ----a-w- c:\windows\install.dat
2009-11-06 20:19 . 2008-02-02 20:56 1563008 ----a-w- c:\windows\WRSetup.dll
2009-11-06 17:00 . 2008-02-02 20:56 23152 ----a-w- c:\windows\system32\drivers\sshrmd.sys
2009-11-06 17:00 . 2008-02-02 20:56 176752 ----a-w- c:\windows\system32\drivers\ssidrv.sys
2009-11-06 17:00 . 2008-08-09 18:42 29808 ----a-w- c:\windows\system32\drivers\ssfs0bbc.sys
2009-11-04 03:12 . 2007-11-04 22:09 -------- d-----w- c:\documents and settings\Eddie\Application Data\.purple
2009-11-03 22:53 . 2008-09-20 19:25 -------- d-----w- c:\program files\AVS4YOU
2009-11-03 22:52 . 2008-09-20 19:32 -------- d-----w- c:\documents and settings\Eddie\Application Data\AVS4YOU
2009-11-03 01:42 . 2009-10-05 00:39 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 00:44 . 2009-10-27 17:41 -------- d-----w- c:\program files\Windows Desktop Search
2009-10-27 19:43 . 2009-10-27 19:43 -------- d-----w- c:\documents and settings\Eddie\Application Data\Windows Search
2009-10-27 17:42 . 2009-10-27 17:42 -------- d-----w- c:\documents and settings\Eddie\Application Data\Windows Desktop Search
2009-10-22 11:33 . 2007-10-29 15:25 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-18 20:26 . 2009-10-18 20:26 -------- dc----w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-10-18 20:08 . 2009-02-22 17:33 -------- d-----w- c:\program files\Lavasoft
2009-10-16 21:10 . 2009-10-16 21:10 64056 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-10 12:04 . 2009-06-25 21:43 4045528 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-10-03 18:00 . 2003-02-21 12:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-10-03 17:57 . 2009-10-03 17:57 452104 ----a-w- c:\documents and settings\Eddie\Application Data\Real\RealPlayer\setup\AU_setup9.exe
2009-09-23 02:28 . 2009-06-19 12:52 314712 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-09-23 02:28 . 2009-06-19 12:52 25440 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\savapibridge.dll
2009-09-23 02:28 . 2009-06-19 12:52 168800 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-09-23 02:28 . 2009-06-09 21:46 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-09-23 02:28 . 2009-06-05 12:52 15688 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-09-23 02:28 . 2009-09-23 02:28 17632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\WSCUpdate.dll
2009-09-23 02:28 . 2009-06-19 12:52 349008 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-09-23 02:28 . 2009-06-19 12:52 298336 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-09-23 02:28 . 2009-06-05 12:51 84320 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-09-23 02:20 . 2009-09-21 01:21 54 ----a-w- c:\windows\system32\rp_stats.dat
2009-09-23 02:20 . 2009-09-21 01:21 39 ----a-w- c:\windows\system32\rp_rules.dat
2009-09-11 14:18 . 2006-02-28 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-11 00:35 . 2009-09-11 00:35 1962544 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe
2009-09-10 18:54 . 2009-06-06 19:16 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 18:53 . 2009-06-06 19:16 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2006-02-23 12:16 . 2007-12-02 22:08 34048 ----a-w- c:\program files\mozilla firefox\plugins\upd62i9x.dll
2006-02-23 12:16 . 2007-12-02 22:08 45056 ----a-w- c:\program files\mozilla firefox\plugins\upd62int.dll
2006-02-23 12:16 . 2008-09-07 18:02 34048 ----a-w- c:\program files\opera\program\plugins\upd62i9x.dll
2006-02-23 12:16 . 2008-09-07 18:02 45056 ----a-w- c:\program files\opera\program\plugins\upd62int.dll
.

------- Sigcheck -------

[7] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\eventlog.dll
[7] 2006-02-28 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\eventlog.dll

c:\windows\System32\eventlog.dll ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupIconOverlayId]
@="{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}"
[HKEY_CLASSES_ROOT\CLSID\{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}]
2009-03-05 21:02 238968 ----a-w- c:\program files\Webroot\Spy Sweeper\Backup\CtxMenu_1_0_0_10.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Window Washer"="c:\program files\Webroot\Washer\wwDisp.exe" [2007-11-26 1206600]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Power2GoExpress"="c:\program files\NOVA Development\MediaNow CD & DVD Burning Suite\Power2Go\Power2GoExpress.exe" [2006-09-13 2441216]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2009-11-04 2334856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2007-05-04 312240]
"lxddmon.exe"="c:\program files\Lexmark 2500 Series\lxddmon.exe" [2007-06-12 291760]
"lxddamon"="c:\program files\Lexmark 2500 Series\lxddamon.exe" [2007-04-30 20480]
"V0400Mon.exe"="c:\windows\V0400Mon.exe" [2007-08-23 28672]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-06-15 6803456]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-29 413696]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-10-03 198160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"RemoteControl"="c:\program files\NOVA Development\MediaNow CD & DVD Burning Suite\PowerDVD\PDVDServ.exe" [2005-01-12 32768]
"InstantBurn"="c:\progra~1\NOVADE~1\MEDIAN~1\INSTAN~1\Win2K\IBurn.exe" [2006-08-31 733184]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-08-11 63048]
"SpySweeper"="c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2009-11-06 6515784]

c:\documents and settings\Eddie\Start Menu\Programs\Startup\
Desktop Alert.lnk - c:\program files\Desktop Alert\desktopalert_3264673.exe [2008-8-28 327680]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2009-09-29 00:34 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Eddie^Start Menu^Programs^Startup^wkcalrem.LNK]
path=c:\documents and settings\Eddie\Start Menu\Programs\Startup\wkcalrem.LNK
backup=c:\windows\pss\wkcalrem.LNKStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 08:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
2006-05-04 20:26 2808832 ----a-w- c:\windows\alcwzrd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
2005-01-07 21:07 61952 ------w- c:\windows\system32\HdAShCut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
2003-05-15 23:41 163840 ----a-w- c:\program files\Microsoft IntelliPoint\point32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2007-11-02 23:36 267048 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2005-06-15 21:20 6803456 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2005-06-15 21:20 86016 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2005-06-15 21:20 1519616 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-03-29 03:37 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2006-07-21 20:14 86016 ----a-w- c:\windows\SoundMan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-05-21 15:34 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-04-11 18:51 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-10-03 18:00 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\lxddamon.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\app4r.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\WINDOWS\\system32\\lxddcoms.exe"=
"c:\\Program Files\\SightSpeed\\SightSpeed.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddjswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddtime.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\lxddmon.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 CLBStor;InstantBurn Storage Helper Driver;c:\windows\system32\drivers\CLBStor.sys [6/29/2009 05:56 PM 10368]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [6/5/2009 07:52 AM 64160]
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [8/9/2008 01:42 PM 29808]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2/6/2009 10:58 AM 93336]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 06:19 PM 13592]
R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\Spy Sweeper\WRConsumerService.exe [10/26/2008 07:26 AM 1201640]
S1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2/6/2009 10:56 AM 106208]
S1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS --> c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?]
S2 CLBUDF;CyberLink UDF Filesystem;c:\windows\system32\drivers\CLBUDF.sys [11/22/2009 08:13 AM 182272]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2/6/2009 10:57 AM 727720]
S2 gupdate1c9bad68d111286;Google Update Service (gupdate1c9bad68d111286);c:\program files\Google\Update\GoogleUpdate.exe [4/11/2009 01:51 PM 133104]
S2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\IS360srv.exe --> c:\program files\IObit\IObit Security 360\IS360srv.exe [?]
S2 JEPPDRIVE;Smart Modular JeppDrive USB Driver;c:\windows\system32\Drivers\JeppD.sys --> c:\windows\system32\Drivers\JeppD.sys [?]
S2 JEPPDRIVEG2;Smart Modular JeppDrive USB G2 Driver;c:\windows\system32\drivers\JeppDG2.sys [7/11/2009 02:22 PM 18384]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 02:06 PM 1028432]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [8/11/2008 12:41 PM 12856]
S2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [11/23/2009 07:09 PM 47640]
S2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?]
S2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxddserv.exe [1/31/2008 08:50 PM 99248]
S2 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [11/10/2008 01:10 PM 598856]
S3 DM9USB;DM9601 USB To Fast Ethernet Adapter;c:\windows\system32\drivers\dm9usb.sys [5/11/2009 01:20 PM 54272]
S3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS --> c:\program files\SUPERAntiSpyware\SASENUM.SYS [?]
S3 VF0400Afx;VF0400 Audio FX;c:\windows\system32\drivers\V0400Afx.sys [6/22/2008 05:29 PM 142656]
S3 VF0400Vfx;VF0400 Video FX;c:\windows\system32\drivers\V0400Vfx.sys [6/22/2008 05:29 PM 7424]
S3 VF0400Vid;Live! Cam Notebook Pro (VF0400);c:\windows\system32\drivers\V0400Vid.sys [6/22/2008 05:29 PM 166720]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.msn.com
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.8.3/GarminAxControl.CAB
DPF: {4D21BDFC-A621-4DE6-87DA-7C952D0ADF7E} - hxxp://www.lorexglobal.com/see/push03.cab
FF - ProfilePath - c:\documents and settings\Eddie\Application Data\Mozilla\Firefox\Profiles\hqxo7hd2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com/
FF - component: c:\program files\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
Notify-!SASWinLogon - (no file)
AddRemove-GARMIN 400 Series Trainer - c:\windows\IsUninst.exe -fc:\program files\GARMIN\GARMIN 400 Series Trainer\Uninst.isu



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-07 18:20
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-484763869-606747145-725345543-1004_Classes\Software\CLASSES\CLSID\{4D37D85E-E8B0-0BAE-7454-7DBD549A050A}*\InprocServer32]
"{4D37D85E-E8B0-0BAE-7454-7DBD549A050A}"=hex:80,57,94,bd,86,d3,c3,bc,23,17,ad,
51,03,c5,ec,63,d8,68,77,8c,61,a2,f2,a5,80,57,94,bd,86,d3,c3,bc,80,57,94,bd,\

[HKEY_USERS\S-1-5-21-484763869-606747145-725345543-1004_Classes\Software\CLASSES\CLSID\{86A13BC9-D69F-E772-0B8D-ECF32E54C48E}*\InprocServer32]
"{86A13BC9-D69F-E772-0B8D-ECF32E54C48E}"=hex:6f,09,b0,88,50,cb,e4,97,fc,9e,69,
f3,be,58,93,e5,b5,19,71,dc,c5,cf,7d,a9,6f,09,b0,88,50,cb,e4,97,6f,09,b0,88,\

[HKEY_USERS\S-1-5-21-484763869-606747145-725345543-1004_Classes\Software\CLASSES\CLSID\{A9A012E2-7CEB-0C98-DE35-6178A2C4CD7D}*\InprocServer32]
"{A9A012E2-7CEB-0C98-DE35-6178A2C4CD7D}"=hex:0b,e6,91,e4,19,1d,1c,8e,e1,38,d3,
3b,7e,c9,01,6c,f4,14,ee,f8,52,3f,e4,74,0b,e6,91,e4,19,1d,1c,8e,0b,e6,91,e4,\

[HKEY_USERS\S-1-5-21-484763869-606747145-725345543-1004_Classes\Software\CLASSES\CLSID\{EF9E6836-C7D7-8A70-AF39-1ECE1CEA2C1F}*\InprocServer32]
"{EF9E6836-C7D7-8A70-AF39-1ECE1CEA2C1F}"=hex:29,88,23,ff,70,a5,97,36,19,5c,c2,
a6,6a,a8,1d,d6,be,81,69,33,54,14,a0,0c,29,88,23,ff,70,a5,97,36,29,88,23,ff,\

[HKEY_USERS\S-1-5-21-484763869-606747145-725345543-1004_Classes\Software\CLASSES\CLSID\{FA2E45C7-625D-AB4B-7F5D-D35256E4A1B8}*\InprocServer32]
"{FA2E45C7-625D-AB4B-7F5D-D35256E4A1B8}"=hex:94,fd,fd,80,88,13,2d,af,e8,13,76,
f7,2b,f4,8b,53,01,3a,64,40,aa,4c,4b,b9,94,fd,fd,80,88,13,2d,af,94,fd,fd,80,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(468)
c:\windows\system32\LMIinit.dll

- - - - - - - > 'explorer.exe'(308)
c:\windows\system32\WININET.dll
c:\program files\Webroot\Spy Sweeper\Backup\CtxMenu_1_0_0_10.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\LMIRfsClientNP.dll
.
Completion time: 2009-12-07 18:23
ComboFix-quarantined-files.txt 2009-12-07 23:23

Pre-Run: 44,912,914,432 bytes free
Post-Run: 44,893,650,944 bytes free

- - End Of File - - C29560DA7DFE1863E5DA246B054729A7

I managed to get ComboFix to run in Safe Mode and got a log file...above.

Please download Malwarebytes Anti-Malware from here.

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Full Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  
• Please save the log to a location you will remember.
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy and paste the entire report in your next reply.
  

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Malwarebytes' Anti-Malware 1.42
Database version: 3320
Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

12/8/2009 08:37:52 AM
mbam-log-2009-12-08 (08-37-52).txt

Scan type: Full Scan (A:\|C:\|D:\|)
Objects scanned: 182250
Time elapsed: 27 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

MBAM didn't detect anything...

Please use Internet Explorer and run a BitDefender Online scan

• Please check I agree with the Terms and Conditions and click Start Here
  
• You will need to allow an Active X install for the scan to run.
  
• Leave the scanning options at default and click Start Scan
  

Please post the results in your next reply.

I can't get Bit Defender to install on my machine. I changed security settings and worked in Internet Options> Tools but something will not let it install. When I click the information bar to install the Active x, I get the install box but when I tell it to install it will not.
I don't know if it matters but I am having to work in Safe Mode.
I did manage to install a 60 Second Bit Defender Quick Scanner via FireFox. I ran it and it showed no infections. I know that's not what we are after but it is the best I can get.

Last edited by flyinskwurl on 9th December 2009, 1:23 am; edited 1 time in total (Reason for editing : more info.)

Please run a free online scan with the ESET Online Scanner

• Tick the box next to YES, I accept the Terms of Use
  
• Click Start
  
• When asked, allow the ActiveX control to install
  
• Click Start
  
• Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  
• Click Scan (This scan can take several hours, so please be patient)
  
• Once the scan is completed, you may close the window
  
• Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  
• Copy and paste that log as a reply to this topic
  

I had to use Netscape to do this scan IE would not let it install. I ran the ESET Online Scanner and it found nothing. I use ESET NOD32 Smart Security 4 as my primary security and had already run several sweeps with the software and ran a scan with an online ESET scanner. I ran the one from the link that you provided. I couldn't find the log file. If you need the log I will run the scan again.

Download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Results of screen317's Security Check version 0.99.1
Windows XP Service Pack 3
``````````````````````````````
Antivirus/Firewall Check:
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
ESET NOD32 Antivirus
ESET Online Scanner v3
ESET Online Scanner
``````````````````````````````
Anti-malware/Other Utilities Check:
Ad-Aware
SpywareBlaster 4.2
Spy Sweeper
Spy Sweeper Core
Spybot - Search & Destroy
SUPERAntiSpyware Free Edition
Windows Defender
HijackThis 2.0.2
CCleaner
WinCleaner OneClick Cleanup Version 10
Java(TM) 6 Update 16
Out of date Java installed!
Adobe Flash Player 10
Adobe Reader 9.2
``````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSMpEng.exe
Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
``````````````````````````````
DNS Vulnerability Check:
Unknown. This method cannot test your vulnerability to DNS cache poisoning.

`````````End of Log```````````

Please download the newest version of Java from Java.com.

Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Java. (J2SE Runtime Environment). Please uninstall/remove each of them.

Once old versions are gone, please install the newest version.

==

Please read the following information that I have provided, which will help you prevent malicious software in the future. Please keep in mind, malware is a continuous danger on the Internet. It is highly important to stay safe while browsing, to prevent re-infection.

Software recommendations

Firewall

• Tallemu Online Armor: the free version is just as good as the premium. I have linked you to the free version.
  
• Comodo Firewall: the free version is just as good as the premium. I have linked you to the free version. The optional security suite enhances the firewall by 40% increase. If you would like to install the suite that includes antivirus, then remove your old antivirus first.
  
• PC Tools Firewall Plus: free and excellent firewall.

AntiSpyware

• SpywareBlaster
  SpywareBlaster is a program that prevents spyware from installing on your computer. A tutorial on using SpywareBlaster may be found here.
  
• Spybot - Search & Destroy.
  Spybot - Search & Destroy is a spyware and adware removal program. It also has realtime protection, TeaTimer to help safeguard your computer against spyware. (The link for Spybot - Search & Destroy contains a tutorial that will help you download, install, and begin using Spybot).
  

NOTE: Please keep ALL of these programs up-to-date and run them whenever you suspect a problem to prevent malware problems.

Resident Protection help
A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall, and scanning anti-spyware program at a time. Passive protectors such as SpywareBlaster can be run with any of them.

Rogue programs help
There are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:
http://www.spywarewarrior.com/rogue_anti-spyware.htm

Securing your computer

• Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  
• hpHosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is your local computer's loopback address, meaning it will be difficult to infect your computer in the future.
  

Please consider using an alternate browser
Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScript, can make it even more secure. Opera is another good option.

If you are interested:

• Firefox may be downloaded from here: http://www.getfirefox.com
  
• Opera is available here: http://www.opera.com/download/
  

Thank you for choosing GeekPolice. Please see this page if you would like to leave feedback or contribute to our site. Do you have any more questions?

Thank you for all your information and help with this issue. However, I can only start my computer in Safe Mode. It will not start and run in normal mode. I can not remove the older outdated version of Jave in Safe Mode..Can you tell me how to remove the older version of Java..(not using Add/Remove programs)?? I tried to get rid of it by going to My Computer>C:>Program Files>Java Folder...and removing it there but that didn't get rid of it...

DragonMaster Jay wrote:

Please download the newest version of Java from Java.com.

Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Java. (J2SE Runtime Environment). Please uninstall/remove each of them.

Once old versions are gone, please install the newest version.

==

Please read the following information that I have provided, which will help you prevent malicious software in the future. Please keep in mind, malware is a continuous danger on the Internet. It is highly important to stay safe while browsing, to prevent re-infection.

Software recommendations

Firewall

• Tallemu Online Armor: the free version is just as good as the premium. I have linked you to the free version.
  
• Comodo Firewall: the free version is just as good as the premium. I have linked you to the free version. The optional security suite enhances the firewall by 40% increase. If you would like to install the suite that includes antivirus, then remove your old antivirus first.
  
• PC Tools Firewall Plus: free and excellent firewall.

AntiSpyware

• SpywareBlaster
  SpywareBlaster is a program that prevents spyware from installing on your computer. A tutorial on using SpywareBlaster may be found here.
  
• Spybot - Search & Destroy.
  Spybot - Search & Destroy is a spyware and adware removal program. It also has realtime protection, TeaTimer to help safeguard your computer against spyware. (The link for Spybot - Search & Destroy contains a tutorial that will help you download, install, and begin using Spybot).
  

NOTE: Please keep ALL of these programs up-to-date and run them whenever you suspect a problem to prevent malware problems.

Resident Protection help
A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall, and scanning anti-spyware program at a time. Passive protectors such as SpywareBlaster can be run with any of them.

Rogue programs help
There are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:
http://www.spywarewarrior.com/rogue_anti-spyware.htm

Securing your computer

• Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  
• hpHosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is your local computer's loopback address, meaning it will be difficult to infect your computer in the future.
  

Please consider using an alternate browser
Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScript, can make it even more secure. Opera is another good option.

If you are interested:

• Firefox may be downloaded from here: http://www.getfirefox.com
  
• Opera is available here: http://www.opera.com/download/
  

Thank you for choosing GeekPolice. Please see this page if you would like to leave feedback or contribute to our site. Do you have any more questions?

........
I am unable to run my computer in normal mode. Can you tell me how to remove the old version of Java in Safe mode?

Please re-run ComboFix and post a new log.

ComboFix 09-12-11.01 - Eddie 12/11/2009 17:40:26.3.2 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1610 [GMT -5:00]
Running from: c:\documents and settings\Eddie\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((( Files Created from 2009-11-11 to 2009-12-11 )))))))))))))))))))))))))))))))
.

2009-12-09 01:15 . 2009-12-09 01:17 -------- d-----w- c:\documents and settings\Eddie\Application Data\QuickScan
2009-12-09 01:15 . 2009-11-26 22:39 678912 ----a-w- c:\documents and settings\Eddie\Application Data\Mozilla\Firefox\Profiles\hqxo7hd2.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
2009-12-09 01:15 . 2009-11-26 22:37 768512 ----a-w- c:\documents and settings\Eddie\Application Data\Mozilla\Firefox\Profiles\hqxo7hd2.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
2009-12-07 18:05 . 2009-12-07 18:05 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2009-12-07 18:00 . 2009-12-07 18:00 -------- d-----w- c:\documents and settings\Administrator\Application Data\Windows Search
2009-12-07 17:55 . 2009-12-07 17:55 -------- d-----w- c:\documents and settings\Administrator\Application Data\Webroot
2009-12-07 17:46 . 2009-12-07 17:46 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Netscape
2009-12-07 17:46 . 2009-12-07 17:46 -------- d-----w- c:\documents and settings\Administrator\Application Data\Netscape
2009-12-05 16:15 . 2009-12-05 16:15 -------- d-----w- c:\windows\system32\wbem\Repository
2009-12-05 16:09 . 2009-12-05 16:09 -------- d-----r- C:\MSOCache
2009-11-30 03:11 . 2009-11-30 03:11 160032 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-11-30 03:10 . 2009-11-30 03:11 -------- d-----w- C:\d0d483da9881451b34
2009-11-28 15:31 . 2009-11-28 15:31 -------- d-----w- c:\program files\Handmark
2009-11-27 01:35 . 2004-03-29 20:23 90112 ----a-w- c:\windows\unvise32.exe
2009-11-24 00:10 . 2009-11-24 00:10 -------- d-----w- c:\documents and settings\Eddie\Local Settings\Application Data\LogMeIn
2009-11-24 00:10 . 2009-11-24 00:10 -------- d-----w- c:\documents and settings\All Users\Application Data\LogMeIn
2009-11-24 00:10 . 2009-11-24 00:10 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ICS
2009-11-24 00:09 . 2009-09-29 00:34 47416 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2009-11-24 00:09 . 2009-09-29 00:34 28984 ----a-w- c:\windows\system32\LMIport.dll
2009-11-24 00:09 . 2009-09-29 00:34 83288 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2009-11-24 00:09 . 2008-08-11 17:41 47640 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys
2009-11-24 00:09 . 2009-09-29 00:34 87352 ----a-w- c:\windows\system32\LMIinit.dll
2009-11-24 00:09 . 2009-12-07 18:06 -------- d-----w- c:\program files\LogMeIn
2009-11-24 00:06 . 2009-11-24 00:08 -------- d-----w- c:\documents and settings\Eddie\Local Settings\Application Data\Deployment
2009-11-22 13:13 . 2006-08-31 21:03 182272 ------w- c:\windows\system32\drivers\CLBUDF.sys
2009-11-22 13:13 . 2006-08-31 21:21 131072 ----a-w- c:\windows\IBUnInst.exe
2009-11-18 02:55 . 2009-11-18 03:11 -------- d-----w- c:\windows\system32\Temp
2009-11-15 23:31 . 2009-11-15 23:32 -------- d-----w- c:\documents and settings\Eddie\Application Data\vlc
2009-11-15 18:39 . 2009-11-15 18:39 -------- d-----w- c:\program files\VideoLAN
2009-11-15 18:39 . 2009-11-15 18:39 -------- d-----w- c:\program files\Sopcast_plugin
2009-11-15 18:36 . 2009-11-15 18:36 -------- d-----w- c:\program files\LIVE TV
2009-11-14 21:44 . 2009-11-14 21:44 -------- d-----w- c:\program files\MSECache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-09 10:55 . 2009-09-28 00:17 -------- d-----w- c:\program files\ESET
2009-12-08 17:37 . 2007-11-04 23:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-08 12:58 . 2009-06-06 19:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-08 12:58 . 2009-06-25 21:43 4844296 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-07 19:29 . 2009-04-11 18:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-12-05 16:12 . 2007-11-05 00:34 -------- d-----w- c:\program files\Microsoft Works
2009-12-05 16:08 . 2009-10-26 16:44 -------- d-----w- c:\program files\Microsoft.NET
2009-12-04 19:00 . 2009-10-26 16:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-12-04 02:42 . 2007-11-05 00:37 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-12-03 21:14 . 2009-06-06 19:16 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-03 21:13 . 2009-06-06 19:16 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-02 12:00 . 2007-10-22 20:46 70872 ----a-w- c:\documents and settings\Eddie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-30 22:42 . 2007-11-04 20:10 -------- d-----w- c:\documents and settings\Eddie\Application Data\U3
2009-11-30 00:13 . 2007-10-22 21:16 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-25 20:18 . 2007-11-04 21:46 -------- d-----w- c:\program files\Lx_cats
2009-11-24 16:26 . 2008-04-13 22:00 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-11-24 16:24 . 2007-12-02 23:27 -------- d-----w- c:\program files\SpywareBlaster
2009-11-18 22:20 . 2009-05-21 11:13 -------- d-----w- c:\program files\Media Key
2009-11-14 21:45 . 2007-11-05 00:49 8296 ----a-w- c:\documents and settings\Eddie\Application Data\wklnhst.dat
2009-11-14 18:12 . 2009-03-21 14:39 164 ----a-w- c:\windows\install.dat
2009-11-06 20:19 . 2008-02-02 20:56 1563008 ----a-w- c:\windows\WRSetup.dll
2009-11-06 17:00 . 2008-02-02 20:56 23152 ----a-w- c:\windows\system32\drivers\sshrmd.sys
2009-11-06 17:00 . 2008-02-02 20:56 176752 ----a-w- c:\windows\system32\drivers\ssidrv.sys
2009-11-06 17:00 . 2008-08-09 18:42 29808 ----a-w- c:\windows\system32\drivers\ssfs0bbc.sys
2009-11-04 03:12 . 2007-11-04 22:09 -------- d-----w- c:\documents and settings\Eddie\Application Data\.purple
2009-11-03 22:53 . 2008-09-20 19:25 -------- d-----w- c:\program files\AVS4YOU
2009-11-03 22:52 . 2008-09-20 19:32 -------- d-----w- c:\documents and settings\Eddie\Application Data\AVS4YOU
2009-11-03 01:42 . 2009-10-05 00:39 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 00:44 . 2009-10-27 17:41 -------- d-----w- c:\program files\Windows Desktop Search
2009-10-27 19:43 . 2009-10-27 19:43 -------- d-----w- c:\documents and settings\Eddie\Application Data\Windows Search
2009-10-27 17:42 . 2009-10-27 17:42 -------- d-----w- c:\documents and settings\Eddie\Application Data\Windows Desktop Search
2009-10-22 11:33 . 2007-10-29 15:25 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-18 20:26 . 2009-10-18 20:26 -------- dc----w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-10-18 20:08 . 2009-02-22 17:33 -------- d-----w- c:\program files\Lavasoft
2009-10-16 21:10 . 2009-10-16 21:10 64056 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-03 18:00 . 2003-02-21 12:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-10-03 17:57 . 2009-10-03 17:57 452104 ----a-w- c:\documents and settings\Eddie\Application Data\Real\RealPlayer\setup\AU_setup9.exe
2009-09-23 02:28 . 2009-06-19 12:52 314712 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-09-23 02:28 . 2009-06-19 12:52 25440 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\savapibridge.dll
2009-09-23 02:28 . 2009-06-19 12:52 168800 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-09-23 02:28 . 2009-06-09 21:46 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-09-23 02:28 . 2009-06-05 12:52 15688 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-09-23 02:28 . 2009-09-23 02:28 17632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\WSCUpdate.dll
2009-09-23 02:28 . 2009-06-19 12:52 349008 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-09-23 02:28 . 2009-06-19 12:52 298336 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-09-23 02:28 . 2009-06-05 12:51 84320 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-09-23 02:20 . 2009-09-21 01:21 54 ----a-w- c:\windows\system32\rp_stats.dat
2009-09-23 02:20 . 2009-09-21 01:21 39 ----a-w- c:\windows\system32\rp_rules.dat
2006-02-23 12:16 . 2007-12-02 22:08 34048 ----a-w- c:\program files\mozilla firefox\plugins\upd62i9x.dll
2006-02-23 12:16 . 2007-12-02 22:08 45056 ----a-w- c:\program files\mozilla firefox\plugins\upd62int.dll
2006-02-23 12:16 . 2008-09-07 18:02 34048 ----a-w- c:\program files\opera\program\plugins\upd62i9x.dll
2006-02-23 12:16 . 2008-09-07 18:02 45056 ----a-w- c:\program files\opera\program\plugins\upd62int.dll
.

------- Sigcheck -------

[7] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\eventlog.dll
[7] 2006-02-28 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\eventlog.dll

c:\windows\System32\eventlog.dll ... is missing !!
.
((((((((((((((((((((((((((((( SnapShot@2009-12-07_23.20.33 )))))))))))))))))))))))))))))))))))))))))
.
- 2006-02-28 12:00 . 2009-12-07 23:11 80806 c:\windows\system32\perfc009.dat
+ 2006-02-28 12:00 . 2009-12-11 22:39 80806 c:\windows\system32\perfc009.dat
- 2009-04-07 23:40 . 2009-12-07 23:07 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-04-07 23:40 . 2009-12-11 22:35 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-10-22 20:45 . 2009-12-11 22:35 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-10-22 20:45 . 2009-12-07 23:07 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2007-10-22 20:45 . 2009-12-11 22:35 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2007-10-22 20:45 . 2009-12-07 23:07 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2006-02-28 12:00 . 2009-12-07 23:11 469048 c:\windows\system32\perfh009.dat
+ 2006-02-28 12:00 . 2009-12-11 22:39 469048 c:\windows\system32\perfh009.dat
+ 2009-06-23 21:34 . 2009-12-11 22:35 245760 c:\windows\system32\config\systemprofile\IETldCache\index.dat
- 2009-06-23 21:34 . 2009-12-07 23:07 245760 c:\windows\system32\config\systemprofile\IETldCache\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupIconOverlayId]
@="{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}"
[HKEY_CLASSES_ROOT\CLSID\{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}]
2009-03-05 21:02 238968 ----a-w- c:\program files\Webroot\Spy Sweeper\Backup\CtxMenu_1_0_0_10.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Window Washer"="c:\program files\Webroot\Washer\wwDisp.exe" [2007-11-26 1206600]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Power2GoExpress"="c:\program files\NOVA Development\MediaNow CD & DVD Burning Suite\Power2Go\Power2GoExpress.exe" [2006-09-13 2441216]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2009-11-04 2334856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2007-05-04 312240]
"lxddmon.exe"="c:\program files\Lexmark 2500 Series\lxddmon.exe" [2007-06-12 291760]
"lxddamon"="c:\program files\Lexmark 2500 Series\lxddamon.exe" [2007-04-30 20480]
"V0400Mon.exe"="c:\windows\V0400Mon.exe" [2007-08-23 28672]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-06-15 6803456]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-29 413696]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-12-03 1394000]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-10-03 198160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"RemoteControl"="c:\program files\NOVA Development\MediaNow CD & DVD Burning Suite\PowerDVD\PDVDServ.exe" [2005-01-12 32768]
"InstantBurn"="c:\progra~1\NOVADE~1\MEDIAN~1\INSTAN~1\Win2K\IBurn.exe" [2006-08-31 733184]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-08-11 63048]
"SpySweeper"="c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2009-11-06 6515784]

c:\documents and settings\Eddie\Start Menu\Programs\Startup\
Desktop Alert.lnk - c:\program files\Desktop Alert\desktopalert_3264673.exe [2008-8-28 327680]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2009-09-29 00:34 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Eddie^Start Menu^Programs^Startup^wkcalrem.LNK]
path=c:\documents and settings\Eddie\Start Menu\Programs\Startup\wkcalrem.LNK
backup=c:\windows\pss\wkcalrem.LNKStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 08:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
2006-05-04 20:26 2808832 ----a-w- c:\windows\alcwzrd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
2005-01-07 21:07 61952 ------w- c:\windows\system32\HdAShCut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
2003-05-15 23:41 163840 ----a-w- c:\program files\Microsoft IntelliPoint\point32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2007-11-02 23:36 267048 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2005-06-15 21:20 6803456 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2005-06-15 21:20 86016 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2005-06-15 21:20 1519616 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-03-29 03:37 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2006-07-21 20:14 86016 ----a-w- c:\windows\SoundMan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-04-11 18:51 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-10-03 18:00 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\lxddamon.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\app4r.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\WINDOWS\\system32\\lxddcoms.exe"=
"c:\\Program Files\\SightSpeed\\SightSpeed.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddjswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddtime.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\lxddmon.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 CLBStor;InstantBurn Storage Helper Driver;c:\windows\system32\drivers\CLBStor.sys [6/29/2009 05:56 PM 10368]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [6/5/2009 07:52 AM 64160]
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [8/9/2008 01:42 PM 29808]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2/6/2009 10:58 AM 93336]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 02:06 PM 1028432]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 06:19 PM 13592]
R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\Spy Sweeper\WRConsumerService.exe [10/26/2008 07:26 AM 1201640]
S1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2/6/2009 10:56 AM 106208]
S1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS --> c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?]
S2 CLBUDF;CyberLink UDF Filesystem;c:\windows\system32\drivers\CLBUDF.sys [11/22/2009 08:13 AM 182272]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2/6/2009 10:57 AM 727720]
S2 gupdate1c9bad68d111286;Google Update Service (gupdate1c9bad68d111286);c:\program files\Google\Update\GoogleUpdate.exe [4/11/2009 01:51 PM 133104]
S2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\IS360srv.exe --> c:\program files\IObit\IObit Security 360\IS360srv.exe [?]
S2 JEPPDRIVE;Smart Modular JeppDrive USB Driver;c:\windows\system32\Drivers\JeppD.sys --> c:\windows\system32\Drivers\JeppD.sys [?]
S2 JEPPDRIVEG2;Smart Modular JeppDrive USB G2 Driver;c:\windows\system32\drivers\JeppDG2.sys [7/11/2009 02:22 PM 18384]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [8/11/2008 12:41 PM 12856]
S2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [11/23/2009 07:09 PM 47640]
S2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?]
S2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxddserv.exe [1/31/2008 08:50 PM 99248]
S2 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [11/10/2008 01:10 PM 598856]
S3 DM9USB;DM9601 USB To Fast Ethernet Adapter;c:\windows\system32\drivers\dm9usb.sys [5/11/2009 01:20 PM 54272]
S3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS --> c:\program files\SUPERAntiSpyware\SASENUM.SYS [?]
S3 VF0400Afx;VF0400 Audio FX;c:\windows\system32\drivers\V0400Afx.sys [6/22/2008 05:29 PM 142656]
S3 VF0400Vfx;VF0400 Video FX;c:\windows\system32\drivers\V0400Vfx.sys [6/22/2008 05:29 PM 7424]
S3 VF0400Vid;Live! Cam Notebook Pro (VF0400);c:\windows\system32\drivers\V0400Vid.sys [6/22/2008 05:29 PM 166720]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.msn.com
Trusted Zone: akamai.net\a248.e
Trusted Zone: bitdefender.com
Trusted Zone: bitdefender.com\www
Trusted Zone: netflame.cc\ssl-hints
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.8.3/GarminAxControl.CAB
DPF: {4D21BDFC-A621-4DE6-87DA-7C952D0ADF7E} - hxxp://www.lorexglobal.com/see/push03.cab
FF - ProfilePath - c:\documents and settings\Eddie\Application Data\Mozilla\Firefox\Profiles\hqxo7hd2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com/
FF - component: c:\documents and settings\Eddie\Application Data\Mozilla\Firefox\Profiles\hqxo7hd2.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
FF - component: c:\program files\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\Eddie\Application Data\Mozilla\Firefox\Profiles\hqxo7hd2.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-11 17:44
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-484763869-606747145-725345543-1004_Classes\Software\CLASSES\CLSID\{4D37D85E-E8B0-0BAE-7454-7DBD549A050A}*\InprocServer32]
"{4D37D85E-E8B0-0BAE-7454-7DBD549A050A}"=hex:80,57,94,bd,86,d3,c3,bc,23,17,ad,
51,03,c5,ec,63,d8,68,77,8c,61,a2,f2,a5,80,57,94,bd,86,d3,c3,bc,80,57,94,bd,\

[HKEY_USERS\S-1-5-21-484763869-606747145-725345543-1004_Classes\Software\CLASSES\CLSID\{86A13BC9-D69F-E772-0B8D-ECF32E54C48E}*\InprocServer32]
"{86A13BC9-D69F-E772-0B8D-ECF32E54C48E}"=hex:6f,09,b0,88,50,cb,e4,97,fc,9e,69,
f3,be,58,93,e5,b5,19,71,dc,c5,cf,7d,a9,6f,09,b0,88,50,cb,e4,97,6f,09,b0,88,\

[HKEY_USERS\S-1-5-21-484763869-606747145-725345543-1004_Classes\Software\CLASSES\CLSID\{A9A012E2-7CEB-0C98-DE35-6178A2C4CD7D}*\InprocServer32]
"{A9A012E2-7CEB-0C98-DE35-6178A2C4CD7D}"=hex:0b,e6,91,e4,19,1d,1c,8e,e1,38,d3,
3b,7e,c9,01,6c,f4,14,ee,f8,52,3f,e4,74,0b,e6,91,e4,19,1d,1c,8e,0b,e6,91,e4,\

[HKEY_USERS\S-1-5-21-484763869-606747145-725345543-1004_Classes\Software\CLASSES\CLSID\{EF9E6836-C7D7-8A70-AF39-1ECE1CEA2C1F}*\InprocServer32]
"{EF9E6836-C7D7-8A70-AF39-1ECE1CEA2C1F}"=hex:29,88,23,ff,70,a5,97,36,19,5c,c2,
a6,6a,a8,1d,d6,be,81,69,33,54,14,a0,0c,29,88,23,ff,70,a5,97,36,29,88,23,ff,\

[HKEY_USERS\S-1-5-21-484763869-606747145-725345543-1004_Classes\Software\CLASSES\CLSID\{FA2E45C7-625D-AB4B-7F5D-D35256E4A1B8}*\InprocServer32]
"{FA2E45C7-625D-AB4B-7F5D-D35256E4A1B8}"=hex:94,fd,fd,80,88,13,2d,af,e8,13,76,
f7,2b,f4,8b,53,01,3a,64,40,aa,4c,4b,b9,94,fd,fd,80,88,13,2d,af,94,fd,fd,80,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(468)
c:\windows\system32\LMIinit.dll

- - - - - - - > 'explorer.exe'(1160)
c:\windows\system32\WININET.dll
c:\program files\Webroot\Spy Sweeper\Backup\CtxMenu_1_0_0_10.dll
.
Completion time: 2009-12-11 17:46:55
ComboFix-quarantined-files.txt 2009-12-11 22:46
ComboFix2.txt 2009-12-07 23:23

Pre-Run: 44,987,437,056 bytes free
Post-Run: 44,959,907,840 bytes free

- - End Of File - - 040CEAC1264BBF482A5E075604A7BAA0

Re-running ComboFix to remove infections:

1. Close any open browsers.
   
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   
3. Open notepad and copy/paste the text in the quotebox below into it:
   

   
   DirLook::
   c:\documents and settings\Eddie\Application Data\QuickScan
   
   FCopy::
   c:\windows\ServicePackFiles\i386\eventlog.dll | c:\windows\System32\eventlog.dll
   
   DDS::
   Trusted Zone: akamai.net\a248.e
   Trusted Zone: bitdefender.com
   Trusted Zone: bitdefender.com\www
   Trusted Zone: netflame.cc\ssl-hints
   

4. Save this as CFScript.txt, in the same location as ComboFix.exe
   
   
   
   
5. Referring to the picture above, drag CFScript into ComboFix.exe
   
6. When finished, it shall produce a log for you at C:\ComboFix.txt
   
7. Please post the contents of the log in your next reply.

==

Jotti File Submission:

• Please go to Jotti's malware scan
  
  
• Copy and paste the following file path into the "File to upload & scan"box on the top of the page:
  
  
  • C:\WINDOWS\install.dat
  
  
  
• Click on the submit button
  
  
• Please post the results (URL) in your next reply as well as the ComboFix results.

Filename: install.dat
Status: Scan finished. 0 out of 21 scanners reported malware.
Scan taken on: Sat 12 Dec 2009 17:43:53 (CET) Permalink



--------------------------------------------------------------------------------
Additional info
File size: 164 bytes
Filetype: ASCII text, with CRLF line terminators
MD5: 6f02eaf151d06c98cce3e321cbb430af
SHA1: 5af7c5617cedf02171e4f1f031b26709fed8f8ea

ComboFix 09-12-11.05 - Eddie 12/12/2009 11:58:41.6.2 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1616 [GMT -5:00]
Running from: c:\documents and settings\Eddie\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Eddie\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
--------------- FCopy ---------------

c:\windows\ServicePackFiles\i386\eventlog.dll --> c:\windows\System32\eventlog.dll
.
((((((((((((((((((((((((( Files Created from 2009-11-12 to 2009-12-12 )))))))))))))))))))))))))))))))
.

2009-12-12 16:28 . 2008-04-14 00:11 56320 ----a-w- c:\windows\system32\eventlog.dll
2009-12-09 01:15 . 2009-12-09 01:17 -------- d-----w- c:\documents and settings\Eddie\Application Data\QuickScan
2009-12-09 01:15 . 2009-11-26 22:39 678912 ----a-w- c:\documents and settings\Eddie\Application Data\Mozilla\Firefox\Profiles\hqxo7hd2.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
2009-12-09 01:15 . 2009-11-26 22:37 768512 ----a-w- c:\documents and settings\Eddie\Application Data\Mozilla\Firefox\Profiles\hqxo7hd2.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
2009-12-07 18:05 . 2009-12-07 18:05 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2009-12-07 18:00 . 2009-12-07 18:00 -------- d-----w- c:\documents and settings\Administrator\Application Data\Windows Search
2009-12-07 17:55 . 2009-12-07 17:55 -------- d-----w- c:\documents and settings\Administrator\Application Data\Webroot
2009-12-07 17:46 . 2009-12-07 17:46 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Netscape
2009-12-07 17:46 . 2009-12-07 17:46 -------- d-----w- c:\documents and settings\Administrator\Application Data\Netscape
2009-12-05 16:15 . 2009-12-05 16:15 -------- d-----w- c:\windows\system32\wbem\Repository
2009-12-05 16:09 . 2009-12-05 16:09 -------- d-----r- C:\MSOCache
2009-11-30 03:11 . 2009-11-30 03:11 160032 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-11-30 03:10 . 2009-11-30 03:11 -------- d-----w- C:\d0d483da9881451b34
2009-11-28 15:31 . 2009-11-28 15:31 -------- d-----w- c:\program files\Handmark
2009-11-27 01:35 . 2004-03-29 20:23 90112 ----a-w- c:\windows\unvise32.exe
2009-11-24 00:10 . 2009-11-24 00:10 -------- d-----w- c:\documents and settings\Eddie\Local Settings\Application Data\LogMeIn
2009-11-24 00:10 . 2009-11-24 00:10 -------- d-----w- c:\documents and settings\All Users\Application Data\LogMeIn
2009-11-24 00:10 . 2009-11-24 00:10 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ICS
2009-11-24 00:09 . 2009-09-29 00:34 47416 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2009-11-24 00:09 . 2009-09-29 00:34 28984 ----a-w- c:\windows\system32\LMIport.dll
2009-11-24 00:09 . 2009-09-29 00:34 83288 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2009-11-24 00:09 . 2008-08-11 17:41 47640 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys
2009-11-24 00:09 . 2009-09-29 00:34 87352 ----a-w- c:\windows\system32\LMIinit.dll
2009-11-24 00:09 . 2009-12-07 18:06 -------- d-----w- c:\program files\LogMeIn
2009-11-24 00:06 . 2009-11-24 00:08 -------- d-----w- c:\documents and settings\Eddie\Local Settings\Application Data\Deployment
2009-11-22 13:13 . 2006-08-31 21:03 182272 ------w- c:\windows\system32\drivers\CLBUDF.sys
2009-11-22 13:13 . 2006-08-31 21:21 131072 ----a-w- c:\windows\IBUnInst.exe
2009-11-18 02:55 . 2009-11-18 03:11 -------- d-----w- c:\windows\system32\Temp
2009-11-15 23:31 . 2009-11-15 23:32 -------- d-----w- c:\documents and settings\Eddie\Application Data\vlc
2009-11-15 18:39 . 2009-11-15 18:39 -------- d-----w- c:\program files\VideoLAN
2009-11-15 18:39 . 2009-11-15 18:39 -------- d-----w- c:\program files\Sopcast_plugin
2009-11-15 18:36 . 2009-11-15 18:36 -------- d-----w- c:\program files\LIVE TV
2009-11-14 21:44 . 2009-11-14 21:44 -------- d-----w- c:\program files\MSECache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-12 16:04 . 2008-04-13 22:00 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-12-09 10:55 . 2009-09-28 00:17 -------- d-----w- c:\program files\ESET
2009-12-08 17:37 . 2007-11-04 23:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-08 12:58 . 2009-06-06 19:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-08 12:58 . 2009-06-25 21:43 4844296 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-07 19:29 . 2009-04-11 18:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-12-05 16:12 . 2007-11-05 00:34 -------- d-----w- c:\program files\Microsoft Works
2009-12-05 16:08 . 2009-10-26 16:44 -------- d-----w- c:\program files\Microsoft.NET
2009-12-04 19:00 . 2009-10-26 16:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-12-04 02:42 . 2007-11-05 00:37 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-12-03 21:14 . 2009-06-06 19:16 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-03 21:13 . 2009-06-06 19:16 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-02 12:00 . 2007-10-22 20:46 70872 ----a-w- c:\documents and settings\Eddie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-30 22:42 . 2007-11-04 20:10 -------- d-----w- c:\documents and settings\Eddie\Application Data\U3
2009-11-30 00:13 . 2007-10-22 21:16 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-25 20:18 . 2007-11-04 21:46 -------- d-----w- c:\program files\Lx_cats
2009-11-24 16:24 . 2007-12-02 23:27 -------- d-----w- c:\program files\SpywareBlaster
2009-11-18 22:20 . 2009-05-21 11:13 -------- d-----w- c:\program files\Media Key
2009-11-14 21:45 . 2007-11-05 00:49 8296 ----a-w- c:\documents and settings\Eddie\Application Data\wklnhst.dat
2009-11-14 18:12 . 2009-03-21 14:39 164 ----a-w- c:\windows\install.dat
2009-11-06 20:19 . 2008-02-02 20:56 1563008 ----a-w- c:\windows\WRSetup.dll
2009-11-06 17:00 . 2008-02-02 20:56 23152 ----a-w- c:\windows\system32\drivers\sshrmd.sys
2009-11-06 17:00 . 2008-02-02 20:56 176752 ----a-w- c:\windows\system32\drivers\ssidrv.sys
2009-11-06 17:00 . 2008-08-09 18:42 29808 ----a-w- c:\windows\system32\drivers\ssfs0bbc.sys
2009-11-04 03:12 . 2007-11-04 22:09 -------- d-----w- c:\documents and settings\Eddie\Application Data\.purple
2009-11-03 22:53 . 2008-09-20 19:25 -------- d-----w- c:\program files\AVS4YOU
2009-11-03 22:52 . 2008-09-20 19:32 -------- d-----w- c:\documents and settings\Eddie\Application Data\AVS4YOU
2009-11-03 01:42 . 2009-10-05 00:39 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 00:44 . 2009-10-27 17:41 -------- d-----w- c:\program files\Windows Desktop Search
2009-10-27 19:43 . 2009-10-27 19:43 -------- d-----w- c:\documents and settings\Eddie\Application Data\Windows Search
2009-10-27 17:42 . 2009-10-27 17:42 -------- d-----w- c:\documents and settings\Eddie\Application Data\Windows Desktop Search
2009-10-22 11:33 . 2007-10-29 15:25 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-18 20:26 . 2009-10-18 20:26 -------- dc----w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-10-18 20:08 . 2009-02-22 17:33 -------- d-----w- c:\program files\Lavasoft
2009-10-16 21:10 . 2009-10-16 21:10 64056 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-03 18:00 . 2003-02-21 12:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-10-03 17:57 . 2009-10-03 17:57 452104 ----a-w- c:\documents and settings\Eddie\Application Data\Real\RealPlayer\setup\AU_setup9.exe
2009-09-23 02:28 . 2009-06-19 12:52 314712 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-09-23 02:28 . 2009-06-19 12:52 25440 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\savapibridge.dll
2009-09-23 02:28 . 2009-06-19 12:52 168800 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-09-23 02:28 . 2009-06-09 21:46 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-09-23 02:28 . 2009-06-05 12:52 15688 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-09-23 02:28 . 2009-09-23 02:28 17632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\WSCUpdate.dll
2009-09-23 02:28 . 2009-06-19 12:52 349008 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-09-23 02:28 . 2009-06-19 12:52 298336 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-09-23 02:28 . 2009-06-05 12:51 84320 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-09-23 02:20 . 2009-09-21 01:21 54 ----a-w- c:\windows\system32\rp_stats.dat
2009-09-23 02:20 . 2009-09-21 01:21 39 ----a-w- c:\windows\system32\rp_rules.dat
2006-02-23 12:16 . 2007-12-02 22:08 34048 ----a-w- c:\program files\mozilla firefox\plugins\upd62i9x.dll
2006-02-23 12:16 . 2007-12-02 22:08 45056 ----a-w- c:\program files\mozilla firefox\plugins\upd62int.dll
2006-02-23 12:16 . 2008-09-07 18:02 34048 ----a-w- c:\program files\opera\program\plugins\upd62i9x.dll
2006-02-23 12:16 . 2008-09-07 18:02 45056 ----a-w- c:\program files\opera\program\plugins\upd62int.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\documents and settings\Eddie\Application Data\QuickScan ----

2009-12-09 01:16 . 2009-12-09 01:17 31600 ----a-w- c:\documents and settings\Eddie\Application Data\QuickScan\Report 2009-12-08 20.16.16.txt


((((((((((((((((((((((((((((( SnapShot@2009-12-07_23.20.33 )))))))))))))))))))))))))))))))))))))))))
.
- 2006-02-28 12:00 . 2009-12-07 23:11 80806 c:\windows\system32\perfc009.dat
+ 2006-02-28 12:00 . 2009-12-12 13:20 80806 c:\windows\system32\perfc009.dat
- 2009-04-07 23:40 . 2009-12-07 23:07 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-04-07 23:40 . 2009-12-12 13:15 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-10-22 20:45 . 2009-12-12 13:15 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-10-22 20:45 . 2009-12-07 23:07 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2007-10-22 20:45 . 2009-12-12 13:15 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2007-10-22 20:45 . 2009-12-07 23:07 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2006-02-28 12:00 . 2009-12-07 23:11 469048 c:\windows\system32\perfh009.dat
+ 2006-02-28 12:00 . 2009-12-12 13:20 469048 c:\windows\system32\perfh009.dat
+ 2009-06-23 21:34 . 2009-12-12 13:15 245760 c:\windows\system32\config\systemprofile\IETldCache\index.dat
- 2009-06-23 21:34 . 2009-12-07 23:07 245760 c:\windows\system32\config\systemprofile\IETldCache\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupIconOverlayId]
@="{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}"
[HKEY_CLASSES_ROOT\CLSID\{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}]
2009-03-05 21:02 238968 ----a-w- c:\program files\Webroot\Spy Sweeper\Backup\CtxMenu_1_0_0_10.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Window Washer"="c:\program files\Webroot\Washer\wwDisp.exe" [2007-11-26 1206600]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Power2GoExpress"="c:\program files\NOVA Development\MediaNow CD & DVD Burning Suite\Power2Go\Power2GoExpress.exe" [2006-09-13 2441216]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2009-11-04 2334856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2007-05-04 312240]
"lxddmon.exe"="c:\program files\Lexmark 2500 Series\lxddmon.exe" [2007-06-12 291760]
"lxddamon"="c:\program files\Lexmark 2500 Series\lxddamon.exe" [2007-04-30 20480]
"V0400Mon.exe"="c:\windows\V0400Mon.exe" [2007-08-23 28672]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-06-15 6803456]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-29 413696]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-12-03 1394000]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-10-03 198160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"RemoteControl"="c:\program files\NOVA Development\MediaNow CD & DVD Burning Suite\PowerDVD\PDVDServ.exe" [2005-01-12 32768]
"InstantBurn"="c:\progra~1\NOVADE~1\MEDIAN~1\INSTAN~1\Win2K\IBurn.exe" [2006-08-31 733184]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-08-11 63048]
"SpySweeper"="c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2009-11-06 6515784]

c:\documents and settings\Eddie\Start Menu\Programs\Startup\
Desktop Alert.lnk - c:\program files\Desktop Alert\desktopalert_3264673.exe [2008-8-28 327680]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2009-09-29 00:34 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Eddie^Start Menu^Programs^Startup^wkcalrem.LNK]
path=c:\documents and settings\Eddie\Start Menu\Programs\Startup\wkcalrem.LNK
backup=c:\windows\pss\wkcalrem.LNKStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 08:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
2006-05-04 20:26 2808832 ----a-w- c:\windows\alcwzrd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
2005-01-07 21:07 61952 ------w- c:\windows\system32\HdAShCut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
2003-05-15 23:41 163840 ----a-w- c:\program files\Microsoft IntelliPoint\point32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2007-11-02 23:36 267048 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2005-06-15 21:20 6803456 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2005-06-15 21:20 86016 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2005-06-15 21:20 1519616 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-03-29 03:37 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2006-07-21 20:14 86016 ----a-w- c:\windows\SoundMan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-04-11 18:51 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-10-03 18:00 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\lxddamon.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\app4r.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\WINDOWS\\system32\\lxddcoms.exe"=
"c:\\Program Files\\SightSpeed\\SightSpeed.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddjswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddtime.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\lxddmon.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 CLBStor;InstantBurn Storage Helper Driver;c:\windows\system32\drivers\CLBStor.sys [6/29/2009 05:56 PM 10368]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [6/5/2009 07:52 AM 64160]
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [8/9/2008 01:42 PM 29808]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2/6/2009 10:58 AM 93336]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 06:19 PM 13592]
R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\Spy Sweeper\WRConsumerService.exe [10/26/2008 07:26 AM 1201640]
S1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2/6/2009 10:56 AM 106208]
S1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS --> c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?]
S2 CLBUDF;CyberLink UDF Filesystem;c:\windows\system32\drivers\CLBUDF.sys [11/22/2009 08:13 AM 182272]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2/6/2009 10:57 AM 727720]
S2 gupdate1c9bad68d111286;Google Update Service (gupdate1c9bad68d111286);c:\program files\Google\Update\GoogleUpdate.exe [4/11/2009 01:51 PM 133104]
S2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\IS360srv.exe --> c:\program files\IObit\IObit Security 360\IS360srv.exe [?]
S2 JEPPDRIVE;Smart Modular JeppDrive USB Driver;c:\windows\system32\Drivers\JeppD.sys --> c:\windows\system32\Drivers\JeppD.sys [?]
S2 JEPPDRIVEG2;Smart Modular JeppDrive USB G2 Driver;c:\windows\system32\drivers\JeppDG2.sys [7/11/2009 02:22 PM 18384]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 02:06 PM 1028432]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [8/11/2008 12:41 PM 12856]
S2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [11/23/2009 07:09 PM 47640]
S2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?]
S2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxddserv.exe [1/31/2008 08:50 PM 99248]
S2 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [11/10/2008 01:10 PM 598856]
S3 DM9USB;DM9601 USB To Fast Ethernet Adapter;c:\windows\system32\drivers\dm9usb.sys [5/11/2009 01:20 PM 54272]
S3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS --> c:\program files\SUPERAntiSpyware\SASENUM.SYS [?]
S3 VF0400Afx;VF0400 Audio FX;c:\windows\system32\drivers\V0400Afx.sys [6/22/2008 05:29 PM 142656]
S3 VF0400Vfx;VF0400 Video FX;c:\windows\system32\drivers\V0400Vfx.sys [6/22/2008 05:29 PM 7424]
S3 VF0400Vid;Live! Cam Notebook Pro (VF0400);c:\windows\system32\drivers\V0400Vid.sys [6/22/2008 05:29 PM 166720]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.msn.com
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.8.3/GarminAxControl.CAB
DPF: {4D21BDFC-A621-4DE6-87DA-7C952D0ADF7E} - hxxp://www.lorexglobal.com/see/push03.cab
FF - ProfilePath - c:\documents and settings\Eddie\Application Data\Mozilla\Firefox\Profiles\hqxo7hd2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com/
FF - component: c:\documents and settings\Eddie\Application Data\Mozilla\Firefox\Profiles\hqxo7hd2.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
FF - component: c:\program files\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-12 12:02
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-484763869-606747145-725345543-1004_Classes\Software\CLASSES\CLSID\{4D37D85E-E8B0-0BAE-7454-7DBD549A050A}*\InprocServer32]
"{4D37D85E-E8B0-0BAE-7454-7DBD549A050A}"=hex:80,57,94,bd,86,d3,c3,bc,23,17,ad,
51,03,c5,ec,63,d8,68,77,8c,61,a2,f2,a5,80,57,94,bd,86,d3,c3,bc,80,57,94,bd,\

[HKEY_USERS\S-1-5-21-484763869-606747145-725345543-1004_Classes\Software\CLASSES\CLSID\{86A13BC9-D69F-E772-0B8D-ECF32E54C48E}*\InprocServer32]
"{86A13BC9-D69F-E772-0B8D-ECF32E54C48E}"=hex:6f,09,b0,88,50,cb,e4,97,fc,9e,69,
f3,be,58,93,e5,b5,19,71,dc,c5,cf,7d,a9,6f,09,b0,88,50,cb,e4,97,6f,09,b0,88,\

[HKEY_USERS\S-1-5-21-484763869-606747145-725345543-1004_Classes\Software\CLASSES\CLSID\{A9A012E2-7CEB-0C98-DE35-6178A2C4CD7D}*\InprocServer32]
"{A9A012E2-7CEB-0C98-DE35-6178A2C4CD7D}"=hex:0b,e6,91,e4,19,1d,1c,8e,e1,38,d3,
3b,7e,c9,01,6c,f4,14,ee,f8,52,3f,e4,74,0b,e6,91,e4,19,1d,1c,8e,0b,e6,91,e4,\

[HKEY_USERS\S-1-5-21-484763869-606747145-725345543-1004_Classes\Software\CLASSES\CLSID\{EF9E6836-C7D7-8A70-AF39-1ECE1CEA2C1F}*\InprocServer32]
"{EF9E6836-C7D7-8A70-AF39-1ECE1CEA2C1F}"=hex:29,88,23,ff,70,a5,97,36,19,5c,c2,
a6,6a,a8,1d,d6,be,81,69,33,54,14,a0,0c,29,88,23,ff,70,a5,97,36,29,88,23,ff,\

[HKEY_USERS\S-1-5-21-484763869-606747145-725345543-1004_Classes\Software\CLASSES\CLSID\{FA2E45C7-625D-AB4B-7F5D-D35256E4A1B8}*\InprocServer32]
"{FA2E45C7-625D-AB4B-7F5D-D35256E4A1B8}"=hex:94,fd,fd,80,88,13,2d,af,e8,13,76,
f7,2b,f4,8b,53,01,3a,64,40,aa,4c,4b,b9,94,fd,fd,80,88,13,2d,af,94,fd,fd,80,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(468)
c:\windows\system32\LMIinit.dll

- - - - - - - > 'explorer.exe'(312)
c:\windows\system32\WININET.dll
c:\program files\Webroot\Spy Sweeper\Backup\CtxMenu_1_0_0_10.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\LMIRfsClientNP.dll
.
Completion time: 2009-12-12 12:04:37
ComboFix-quarantined-files.txt 2009-12-12 17:04
ComboFix2.txt 2009-12-12 16:34
ComboFix3.txt 2009-12-12 16:21
ComboFix4.txt 2009-12-11 22:46
ComboFix5.txt 2009-12-12 16:58

Pre-Run: 44,925,153,280 bytes free
Post-Run: 44,913,283,072 bytes free

- - End Of File - - 861F8EE5EF96D6779018B314EA15D966

SysProt Antirootkit

Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).

http://sites.google.com/site/sysprotantirootkit/

Unzip it into a folder on your desktop.

• Double click Sysprot.exe to start the program.
  
• Click on the Log tab.
  
• In the Write to log box select the following items.
  
  
  
  • Process << Selected
    
  • Kernel Modules << Selected
    
  • SSDT << Selected
    
  • Kernel Hooks << Selected
    
  • IRP Hooks << NOT Selected
    
  • Ports << NOT Selected
    
  • hȋdden Files << Selected
    
  
  
• At the bottom of the page
  
  
  
  • hȋdden Objects Only << Selected
    
  
  
• Click on the Create Log button on the bottom right.
  
• After a few seconds a new window should appear.
  
• Select Scan Root Drive. Click on the Start button.
  
• When it is complete a new window will appear to indicate that the scan is finished.
  
• The
  log will be saved automatically in the same folder Sysprot.exe was
  extracted to. Open the text file and copy/paste the log here.
  

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

No hȋdden Processes found

******************************************************************************************
******************************************************************************************
No hȋdden Kernel Modules found

******************************************************************************************
******************************************************************************************
No SSDT Hooks found

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
No hȋdden files/folders found

Please re-open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan. Remove selected, and post the log in your next reply.

Malwarebytes' Anti-Malware 1.42
Database version: 3352
Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

12/13/2009 08:43:43 AM
mbam-log-2009-12-13 (08-43-43).txt

Scan type: Quick Scan
Objects scanned: 111323
Time elapsed: 4 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Machine still only runs in Safe Mode...

Now how is your computer running?

I am still having the same problem I had from the start. My computer will not start XP in normal mode. If it does start it will shut down as the desktop icons are populating. When it shuts down the screen just goes black. It gives no error codes and it does not display the Blue Screen of Death. It just will not start up and run in Normal Mode. It only runs in Safe Mode with Networking. The fans and hard drive keep running in the tower..but xp Normal Mode will not start and run...

Please Go to Start and then to Run
Type in Chkdsk /r << Please Note the space between k and /
Hit Enter ...It will ask if you want to do this on the next reboot...please press Y

Please make sure it reboots. On reboot the system will start the Check Disk operation.

Note... there are 5 stages...
It may appear to hang at a certain percent, but this is normal.
Please allow it to run and finish.
When completed it will boot the system back into Windows.

Please let me know if this fixes the problem, or if it does not function.

If this did not work, please try again in Safe Mode the following: CHKDSK. << No parameters like earlier.

Then, attempt to boot in to Normal Mode.

I had to run the check in Safe Mode. It didn't change anything. The computer will still only boot in Safe Mode..

Go Start and then to Run,
Type in: sfc /scannow
Click OK.
Have Windows CD/DVD handy.
If System File Checker (sfc) finds any errors, it may ask you for the CD/DVD.
If sfc does not find any errors in Windows XP, it will simply quit, without any message.

If you don't have Windows CD....

Go Start and then Run
type in regedit and click OK


Navigate to the following key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup

On the right hand side, find: SourcePath

It probably has an entry pointing to your CD-ROM drive, usually D and that is why it is asking for the XP CD.
All we need to do is change it to: C:
Now, double click the SourcePath setting and a new box will pop up.
Change the drive letter from your CD drive to your root drive, usually C:
Close Registry Editor.

Now restart your computer and try sfc /scannow again!

After the first run, reboot your computer. Do a second run. Now the scan and fix is finished.

I followed your instructions. All I could get from either method was a quick flash on the screen that looked like a Log information box but it went away immediately. I don't think it scanned with either method....

However...I did manage to get my computer to respond to the XP disk and got it into Recovery Console. It was doing the Set Up and a warning popped up that said "file symc810.sys is corrupted" That is as far as it would go. I tried it several times and it gets to that same point with the same warning message and will not go beyond that point.

Last edited by flyinskwurl on 14th December 2009, 12:33 pm; edited 1 time in total (Reason for editing : Additional Info.)

Please download SpiderKill by DragonMaster Jay and save it to your Desktop.

• Right-click on SpiderKill.zip and click Extract All. Follow the prompts and read carefully, to save it to your Desktop.
  
• Double-click on the SpiderKill folder, and then double-click on SpiderKill.bat and follow all the prompts in the program.
  
• Within a minute, it will save its log titled SpiderKill.txt. Please post that in your next reply. You may have to use two or three posts to be able to fit the information in.

SpiderKill by DragonMaster Jay ( Oct 2009 )


Microsoft Windows XP [Version 5.1.2600]

********************Drivers list********************


Volume in drive C has no label.
Volume Serial Number is 7CE0-328E

Directory of C:\Windows\System32\Drivers

12/13/2009 08:15 AM .
12/13/2009 08:15 AM ..
04/13/2008 01:46 PM 53,376 1394bus.sys
04/13/2008 01:36 PM 187,776 acpi.sys
02/28/2006 07:00 AM 11,648 acpiec.sys
04/13/2008 07:11 PM 4,255 adv01nt5.dll
04/13/2008 07:11 PM 3,967 adv02nt5.dll
04/13/2008 07:11 PM 3,615 adv05nt5.dll
04/13/2008 07:11 PM 3,647 adv07nt5.dll
04/13/2008 07:11 PM 3,135 adv08nt5.dll
04/13/2008 07:11 PM 3,711 adv09nt5.dll
04/13/2008 07:11 PM 3,775 adv11nt5.dll
04/13/2008 11:39 AM 142,592 aec.sys
08/14/2008 05:04 AM 138,496 afd.sys
04/13/2008 01:36 PM 42,368 agp440.sys
04/13/2008 01:36 PM 44,928 agpcpq.sys
01/25/2006 04:24 PM 1,149,888 AGRSM.sys
02/08/2006 02:44 PM 3,846,016 alcxwdm.sys
04/13/2008 01:36 PM 42,752 alim1541.sys
04/13/2008 01:36 PM 43,008 amdagp.sys
04/13/2008 01:31 PM 37,376 amdk6.sys
04/13/2008 01:31 PM 37,760 amdk7.sys
04/13/2008 01:51 PM 60,800 arp1394.sys
04/13/2008 01:57 PM 14,336 asyncmac.sys
04/13/2008 01:40 PM 96,512 atapi.sys
08/03/2004 09:29 PM 56,623 ati1btxx.sys
08/03/2004 09:29 PM 11,615 ati1mdxx.sys
08/03/2004 09:29 PM 12,047 ati1pdxx.sys
08/03/2004 09:29 PM 30,671 ati1raxx.sys
08/03/2004 09:29 PM 63,663 ati1rvxx.sys
08/03/2004 09:29 PM 26,367 ati1snxx.sys
08/03/2004 09:29 PM 21,343 ati1ttxx.sys
08/03/2004 09:29 PM 36,463 ati1tuxx.sys
08/03/2004 09:29 PM 29,455 ati1xbxx.sys
08/03/2004 09:29 PM 34,735 ati1xsxx.sys
08/03/2004 09:29 PM 327,040 ati2mtaa.sys
08/03/2004 09:29 PM 701,440 ati2mtag.sys
08/03/2004 09:29 PM 57,856 atinbtxx.sys
08/03/2004 09:29 PM 13,824 atinmdxx.sys
08/03/2004 09:29 PM 14,336 atinpdxx.sys
08/03/2004 09:29 PM 52,224 atinraxx.sys
08/03/2004 09:29 PM 104,960 atinrvxx.sys
08/03/2004 09:29 PM 28,672 atinsnxx.sys
08/03/2004 09:29 PM 13,824 atinttxx.sys
08/03/2004 09:29 PM 73,216 atintuxx.sys
08/03/2004 09:29 PM 31,744 atinxbxx.sys
08/03/2004 09:29 PM 63,488 atinxsxx.sys
07/17/2004 10:36 AM 64,352 ativmc20.cod
04/13/2008 01:51 PM 59,904 atmarpc.sys
02/28/2006 07:00 AM 31,360 atmepvc.sys
04/13/2008 01:51 PM 55,808 atmlane.sys
02/28/2006 07:00 AM 352,256 atmuni.sys
04/13/2008 07:11 PM 21,183 atv01nt5.dll
04/13/2008 07:11 PM 11,359 atv02nt5.dll
04/13/2008 07:11 PM 25,471 atv04nt5.dll
04/13/2008 07:11 PM 14,143 atv06nt5.dll
04/13/2008 07:11 PM 17,279 atv10nt5.dll
08/17/2001 08:59 AM 3,072 audstub.sys
02/28/2006 07:00 AM 4,224 beep.sys
04/13/2008 01:53 PM 71,552 bridge.sys
04/13/2008 01:46 PM 17,024 bthenum.sys
04/13/2008 01:46 PM 37,888 bthmodem.sys
04/13/2008 01:51 PM 101,120 bthpan.sys
06/13/2008 06:05 AM 272,128 bthport.sys
04/13/2008 01:46 PM 36,480 bthprint.sys
04/13/2008 01:46 PM 18,944 bthusb.sys
02/28/2006 07:00 AM 13,952 cbidf2k.sys
04/13/2008 01:46 PM 17,024 ccdecode.sys
02/28/2006 07:00 AM 18,688 cdaudio.sys
04/13/2008 02:14 PM 63,744 cdfs.sys
03/22/2008 11:00 AM 2,432 cdr4_xp.sys
03/22/2008 11:00 AM 2,560 cdralw2k.sys
04/13/2008 01:40 PM 62,976 cdrom.sys
04/13/2008 07:11 PM 15,423 ch7xxnt5.dll
02/28/2006 07:00 AM 262,528 cinemst2.sys
04/13/2008 02:16 PM 49,536 classpnp.sys
08/31/2006 04:03 PM 10,368 CLBStor.sys
08/31/2006 04:03 PM 182,272 CLBUDF.sys
02/28/2006 07:00 AM 11,776 cpqdap01.sys
04/13/2008 01:31 PM 36,736 crusoe.sys
07/17/2004 09:55 PM 129,045 cxthsfs2.cty
10/22/2007 11:23 AM disdn
04/13/2008 01:40 PM 36,352 disk.sys
04/13/2008 01:40 PM 14,208 diskdump.sys
12/04/2001 09:26 AM 32,256 DM9PCI5.SYS
12/28/2006 10:41 PM 54,272 dm9usb.sys
04/13/2008 01:44 PM 799,744 dmboot.sys
04/13/2008 01:44 PM 153,344 dmio.sys
02/28/2006 07:00 AM 5,888 dmload.sys
04/13/2008 01:45 PM 52,864 dmusic.sys
04/13/2008 01:45 PM 60,160 drmk.sys
04/13/2008 01:45 PM 2,944 drmkaud.sys
02/28/2006 07:00 AM 10,496 dxapi.sys
04/13/2008 01:38 PM 71,168 dxg.sys
02/28/2006 07:00 AM 3,328 dxgthk.sys
10/31/2006 01:15 PM 165,760 e100b325.sys
02/06/2009 10:53 AM 113,448 eamon.sys
02/06/2009 10:56 AM 106,208 ehdrv.sys
08/17/2001 08:46 AM 6,400 enum1394.sys
02/06/2009 10:58 AM 93,336 epfwtdir.sys
12/07/2009 02:29 PM etc
04/13/2008 02:14 PM 143,744 fastfat.sys
04/13/2008 01:40 PM 27,392 fdc.sys
04/13/2008 01:33 PM 44,544 fips.sys
04/13/2008 01:40 PM 20,480 flpydisk.sys
04/13/2008 01:32 PM 129,792 fltmgr.sys
02/28/2006 07:00 AM 12,160 fsvga.sys
02/28/2006 07:00 AM 7,936 fs_rec.sys
02/28/2006 07:00 AM 125,056 ftdisk.sys
04/13/2008 01:36 PM 46,464 gagp30kx.sys
09/19/2006 02:44 PM 15,664 GEARAspiWDM.sys
02/28/2006 07:00 AM 3,440,660 gm.dls
02/28/2006 07:00 AM 646 gmreadme.txt
07/14/2006 06:10 PM 17,536 grmn0200.sys
07/14/2006 06:12 PM 16,512 grmn0400.sys
07/11/2006 03:50 PM 11,776 grmn1200.sys
03/08/2007 09:18 PM 18,432 grmngen.sys
03/08/2007 09:18 PM 8,320 grmnusb.sys
04/13/2008 11:36 AM 144,384 hdaudbus.sys
01/07/2005 04:07 PM 145,920 Hdaudio.sys
04/13/2008 01:46 PM 25,600 hidbth.sys
04/13/2008 01:45 PM 36,864 hidclass.sys
04/13/2008 01:45 PM 19,200 hidir.sys
04/13/2008 01:45 PM 24,960 hidparse.sys
04/13/2008 01:45 PM 10,368 hidusb.sys
08/03/2004 09:41 PM 220,032 hsfbs2s2.sys
08/03/2004 09:41 PM 685,056 hsfcxts2.sys
08/03/2004 09:41 PM 1,041,536 hsfdpsp2.sys
04/13/2008 01:53 PM 264,832 http.sys
04/13/2008 02:18 PM 52,480 i8042prt.sys
04/13/2008 01:40 PM 42,112 imapi.sys
04/13/2008 01:40 PM 5,504 intelide.sys
04/13/2008 01:31 PM 36,352 intelppm.sys
04/13/2008 01:53 PM 36,608 ip6fw.sys
02/28/2006 07:00 AM 32,896 ipfltdrv.sys
04/13/2008 01:57 PM 20,864 ipinip.sys
04/13/2008 01:57 PM 152,832 ipnat.sys
04/13/2008 02:19 PM 75,264 ipsec.sys
11/15/2006 06:40 AM 31,072 iqvw32.sys
04/13/2008 01:54 PM 11,264 irenum.sys
04/13/2008 01:36 PM 37,248 isapnp.sys
05/21/2009 02:22 PM 18,384 JeppDG2.sys
04/13/2008 01:39 PM 24,576 kbdclass.sys
04/13/2008 01:39 PM 14,592 kbdhid.sys
04/13/2008 01:45 PM 172,416 kmixer.sys
04/13/2008 02:16 PM 141,056 ks.sys
06/24/2009 06:18 AM 92,928 ksecdd.sys
06/05/2009 07:51 AM 64,160 Lbd.sys
08/11/2008 12:40 PM 10,144 lmimirr.sys
08/11/2008 12:41 PM 47,640 LMIRfsDriver.sys
12/03/2009 04:13 PM 19,160 mbam.sys
12/03/2009 04:14 PM 38,224 mbamswissarmy.sys
02/28/2006 07:00 AM 7,680 mcd.sys
08/03/2004 09:41 PM 11,868 mdmxsdk.sys
04/13/2008 01:36 PM 63,744 mf.sys
02/28/2006 07:00 AM 4,224 mnmdd.sys
04/13/2008 02:00 PM 30,080 modem.sys
06/18/2007 01:18 PM 23,680 motmodem.sys
04/13/2008 01:39 PM 23,040 mouclass.sys
08/17/2001 01:48 PM 12,160 mouhid.sys
04/13/2008 01:39 PM 42,368 mountmgr.sys
04/13/2008 01:32 PM 180,608 mrxdav.sys
10/24/2008 06:21 AM 455,296 mrxsmb.sys
04/13/2008 01:32 PM 19,072 msfs.sys
04/13/2008 01:56 PM 35,072 msgpc.sys
04/13/2008 01:39 PM 7,552 mskssrv.sys
04/13/2008 01:39 PM 5,376 mspclock.sys
04/13/2008 01:39 PM 4,992 mspqm.sys
04/13/2008 01:36 PM 15,488 mssmbios.sys
04/13/2008 01:39 PM 5,504 mstee.sys
08/03/2004 09:41 PM 126,686 mtlmnt5.sys
08/03/2004 09:41 PM 1,309,184 mtlstrm.sys
08/03/2004 09:29 PM 452,736 mtxparhm.sys
04/13/2008 02:17 PM 105,344 mup.sys
04/13/2008 01:43 PM 12,672 mutohpen.sys
04/13/2008 01:46 PM 85,248 nabtsfec.sys
04/13/2008 02:20 PM 182,656 ndis.sys
04/13/2008 01:46 PM 10,880 ndisip.sys
04/13/2008 01:57 PM 10,112 ndistapi.sys
04/13/2008 01:55 PM 14,592 ndisuio.sys
04/13/2008 02:20 PM 91,520 ndiswan.sys
04/13/2008 01:57 PM 40,576 ndproxy.sys
04/13/2008 01:56 PM 34,688 netbios.sys
04/13/2008 02:21 PM 162,816 netbt.sys
07/17/2004 10:35 AM 67,866 netwlan5.img
04/13/2008 01:51 PM 61,824 nic1394.sys
02/28/2006 07:00 AM 12,032 nikedrv.sys
04/13/2008 01:53 PM 40,320 nmnt.sys
04/13/2008 01:32 PM 30,848 npfs.sys
04/13/2008 02:15 PM 574,976 ntfs.sys
08/03/2004 09:41 PM 180,360 ntmtlfax.sys
02/28/2006 07:00 AM 2,944 null.sys
06/15/2005 04:20 PM 3,200,256 nv4_mini.sys
02/28/2006 07:00 AM 12,416 nwlnkflt.sys
02/28/2006 07:00 AM 32,512 nwlnkfwd.sys
04/13/2008 01:56 PM 88,320 nwlnkipx.sys
02/28/2006 07:00 AM 63,232 nwlnknb.sys
02/28/2006 07:00 AM 55,936 nwlnkspx.sys
04/13/2008 01:46 PM 61,696 ohci1394.sys
02/28/2006 07:00 AM 3,456 oprghdlr.sys
04/13/2008 01:31 PM 42,752 p3.sys
04/13/2008 01:40 PM 80,128 parport.sys
04/13/2008 01:40 PM 19,712 partmgr.sys
02/28/2006 07:00 AM 6,784 parvdm.sys
04/13/2008 01:36 PM 68,224 pci.sys
02/28/2006 07:00 AM 3,328 pciide.sys
04/13/2008 01:40 PM 24,960 pciidex.sys
04/13/2008 01:36 PM 120,192 pcmcia.sys
05/15/2003 06:41 PM 19,072 point32.sys
04/13/2008 02:19 PM 146,048 portcls.sys
04/13/2008 01:31 PM 35,840 processr.sys
04/13/2008 01:56 PM 69,120 psched.sys
02/28/2006 07:00 AM 17,792 ptilink.sys
03/22/2008 11:00 AM 36,624 PxHelp20.sys
02/28/2006 07:00 AM 8,832 rasacd.sys
04/13/2008 02:19 PM 51,328 rasl2tp.sys
04/13/2008 01:57 PM 41,472 raspppoe.sys
04/13/2008 02:19 PM 48,384 raspptp.sys
02/28/2006 07:00 AM 16,512 raspti.sys
02/28/2006 07:00 AM 34,432 rawwan.sys
04/13/2008 02:28 PM 175,744 rdbss.sys
02/28/2006 07:00 AM 4,224 rdpcdd.sys
04/13/2008 01:32 PM 196,224 rdpdr.sys
04/13/2008 07:13 PM 139,656 rdpwd.sys
08/03/2004 09:41 PM 13,776 recagent.sys
04/13/2008 01:40 PM 57,600 redbook.sys
04/13/2008 01:46 PM 59,136 rfcomm.sys
02/28/2006 07:00 AM 12,032 rio8drv.sys
02/28/2006 07:00 AM 12,032 riodrv.sys
05/08/2008 09:02 AM 203,136 rmcast.sys
04/13/2008 01:56 PM 30,592 rndismp.sys
04/13/2008 01:56 PM 30,592 rndismpx.sys
02/28/2006 07:00 AM 5,888 rootmdm.sys
11/08/2006 03:51 AM 62,336 rspndr.sys
04/11/2008 07:49 AM 8 RTKHDAUD.DAT
03/01/2007 04:27 PM 4,484,608 RtkHDAud.sys
08/03/2004 09:29 PM 166,912 s3gnbm.sys
04/13/2008 01:40 PM 96,384 scsiport.sys
04/13/2008 01:36 PM 79,232 sdbus.sys
11/13/2007 05:25 AM 20,480 secdrv.sys
04/13/2008 01:40 PM 15,744 serenum.sys
04/13/2008 02:15 PM 64,512 serial.sys
04/13/2008 01:40 PM 11,904 sffdisk.sys
04/13/2008 01:40 PM 10,240 sffp_mmc.sys
04/13/2008 01:40 PM 11,008 sffp_sd.sys
04/13/2008 01:40 PM 11,392 sfloppy.sys
04/13/2008 07:12 PM 3,901 siint5.dll
04/13/2008 01:36 PM 40,960 sisagp.sys
04/13/2008 01:46 PM 11,136 slip.sys
08/03/2004 09:41 PM 129,535 slnt7554.sys
08/03/2004 09:41 PM 404,990 slntamr.sys
08/03/2004 09:41 PM 95,424 slnthal.sys
08/03/2004 09:41 PM 13,240 slwdmsup.sys
04/13/2008 01:36 PM 5,888 smbali.sys
02/28/2006 07:00 AM 14,592 smclib.sys
04/13/2008 01:46 PM 25,344 sonydcam.sys
04/13/2008 01:45 PM 6,272 splitter.sys
04/13/2008 01:36 PM 73,472 sr.sys
12/11/2008 05:57 AM 333,952 srv.sys
11/06/2009 12:00 PM 29,808 ssfs0bbc.sys
11/06/2009 12:00 PM 23,152 sshrmd.sys
11/06/2009 12:00 PM 176,752 ssidrv.sys
04/13/2008 01:45 PM 49,408 stream.sys
04/13/2008 01:46 PM 15,232 streamip.sys
04/13/2008 01:39 PM 4,352 swenum.sys
04/13/2008 01:45 PM 56,576 swmidi.sys
04/13/2008 02:15 PM 60,800 sysaudio.sys
04/13/2008 01:40 PM 14,976 tape.sys
06/20/2008 06:51 AM 361,600 tcpip.sys
06/20/2008 06:08 AM 225,856 tcpip6.sys
04/13/2008 02:00 PM 19,072 tdi.sys
04/13/2008 07:13 PM 12,040 tdpipe.sys
04/13/2008 07:13 PM 21,896 tdtcp.sys
04/13/2008 07:13 PM 40,840 termdd.sys
02/28/2006 07:00 AM 51,712 tosdvd.sys
02/28/2006 07:00 AM 21,376 tsbvcap.sys
04/13/2008 01:56 PM 12,288 tunmp.sys
06/13/2008 04:17 PM 23,600 TVICHW32.SYS
04/13/2008 01:36 PM 44,672 uagp35.sys
04/13/2008 01:32 PM 66,048 udfs.sys
11/11/2007 08:13 AM UMDF
04/13/2008 01:39 PM 384,768 update.sys
04/13/2008 01:56 PM 12,800 usb8023.sys
04/13/2008 01:56 PM 12,800 usb8023x.sys
04/13/2008 01:45 PM 60,032 usbaudio.sys
04/13/2008 01:45 PM 25,600 usbcamd.sys
04/13/2008 01:45 PM 25,728 usbcamd2.sys
04/13/2008 01:45 PM 32,128 usbccgp.sys
02/28/2006 07:00 AM 4,736 usbd.sys
04/13/2008 01:45 PM 30,208 usbehci.sys
04/13/2008 01:45 PM 59,520 usbhub.sys
04/13/2008 01:45 PM 15,872 usbintel.sys
04/13/2008 01:45 PM 143,872 usbport.sys
04/13/2008 01:47 PM 25,856 usbprint.sys
04/13/2008 01:45 PM 15,104 usbscan.sys
04/13/2008 01:45 PM 26,368 usbstor.sys
04/13/2008 01:45 PM 20,608 usbuhci.sys
04/13/2008 01:46 PM 121,984 usbvideo.sys
06/11/2007 12:01 AM 142,656 V0400Afx.sys
09/19/2006 12:56 PM 57,656 V0400PC.bmp
03/05/2007 05:45 PM 7,424 V0400Vfx.sys
06/07/2007 12:01 AM 166,720 V0400Vid.sys
04/13/2008 07:12 PM 11,325 vchnt5.dll
02/28/2006 07:00 AM 58,112 vdmindvd.sys
04/13/2008 01:44 PM 20,992 vga.sys
04/13/2008 01:36 PM 42,240 viaagp.sys
04/13/2008 01:44 PM 81,664 videoprt.sys
04/13/2008 01:41 PM 52,352 volsnap.sys
04/13/2008 01:43 PM 14,208 wacompen.sys
08/03/2004 09:29 PM 11,807 wadv07nt.sys
08/03/2004 09:29 PM 11,295 wadv08nt.sys
08/03/2004 09:29 PM 11,871 wadv09nt.sys
08/03/2004 09:29 PM 11,935 wadv11nt.sys
04/13/2008 01:57 PM 34,560 wanarp.sys
08/03/2004 09:29 PM 22,271 watv06nt.sys
08/03/2004 09:29 PM 25,471 watv10nt.sys
11/06/2006 05:04 PM 28,672 wceusbsh.sys
11/02/2006 06:22 AM 492,000 wdf01000.sys
11/02/2006 06:22 AM 32,224 wdfldr.sys
04/13/2008 02:17 PM 83,072 wdmaud.sys
02/28/2006 07:00 AM 4,352 wmilib.sys
10/18/2006 08:00 PM 38,528 wpdusb.sys
02/28/2006 07:00 AM 12,032 ws2ifsl.sys
04/13/2008 01:46 PM 19,200 wstcodec.sys
09/28/2006 06:55 PM 77,568 WudfPf.sys
09/28/2006 07:00 PM 82,944 WudfRd.sys
321 File(s) 39,649,101 bytes

Directory of C:\Windows\System32\Drivers\disdn

10/22/2007 11:23 AM .
10/22/2007 11:23 AM ..
0 File(s) 0 bytes

Directory of C:\Windows\System32\Drivers\etc

12/07/2009 02:29 PM .
12/07/2009 02:29 PM ..
12/07/2009 02:29 PM 27 hosts
02/28/2006 07:00 AM 3,683 lmhosts.sam
02/28/2006 07:00 AM 407 networks
02/28/2006 07:00 AM 799 protocol
02/28/2006 07:00 AM 7,116 services
5 File(s) 12,032 bytes

Directory of C:\Windows\System32\Drivers\UMDF

11/11/2007 08:13 AM .
11/11/2007 08:13 AM ..
10/18/2006 09:47 PM 671,232 wpdmtpdr.dll
1 File(s) 671,232 bytes

Total Files Listed:
327 File(s) 40,332,365 bytes
11 Dir(s) 44,941,484,032 bytes free


***********************Hidden Drivers********************
Volume in drive C has no label.
Volume Serial Number is 7CE0-328E

Directory of C:\Windows\System32\Drivers

06/14/2008 11:25 AM 0 MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
06/14/2008 11:25 AM 0 Msft_Kernel_motmodem_01005.Wdf
2 File(s) 0 bytes
0 Dir(s) 44,941,496,320 bytes free


*********************Processes*******************


PROCESS PID PRIO PATH
smss.exe 384 Normal C:\WINDOWS\System32\smss.exe
csrss.exe 444 Normal C:\WINDOWS\system32\csrss.exe
winlogon.exe 468 High C:\WINDOWS\system32\winlogon.exe
services.exe 512 Normal C:\WINDOWS\system32\services.exe
lsass.exe 524 Normal C:\WINDOWS\system32\lsass.exe
WRConsumerService.exe 676 Normal C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
svchost.exe 700 Normal C:\WINDOWS\system32\svchost.exe
svchost.exe 788 Normal C:\WINDOWS\system32\svchost.exe
MsMpEng.exe 856 Normal C:\Program Files\Windows Defender\MsMpEng.exe
svchost.exe 932 Normal C:\WINDOWS\system32\svchost.exe
svchost.exe 956 Normal C:\WINDOWS\system32\svchost.exe
svchost.exe 1084 Normal C:\WINDOWS\system32\svchost.exe
AAWService.exe 1148 Normal C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
SpySweeper.exe 1720 Normal C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
unsecapp.exe 400 Normal C:\WINDOWS\system32\wbem\unsecapp.exe
Explorer.EXE 572 Normal C:\WINDOWS\Explorer.EXE
wmiprvse.exe 924 Normal C:\WINDOWS\system32\wbem\wmiprvse.exe
iexplore.exe 1384 Normal C:\Program Files\internet explorer\iexplore.exe
iexplore.exe 1468 Normal C:\Program Files\internet explorer\iexplore.exe
ctfmon.exe 1536 Normal C:\WINDOWS\system32\ctfmon.exe
AAWTray.exe 1976 Normal C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
explorer.exe 1908 High C:\WINDOWS\explorer.exe
cmd.exe 1628 Normal C:\WINDOWS\system32\cmd.exe
processes.exe 268 Normal C:\Documents and Settings\Eddie\Desktop\SpiderKill\SpiderKill\processes.exe


Module information for 'Explorer.EXE'(572)
MODULE BASE SIZE PATH
Explorer.EXE 1000000 1044480 C:\WINDOWS\Explorer.EXE 6.00.2900.5512 (xpsp.080413-2105) Windows Explorer
ntdll.dll 7c900000 729088 C:\WINDOWS\system32\ntdll.dll 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234) NT Layer DLL
kernel32.dll 7c800000 1007616 C:\WINDOWS\system32\kernel32.dll 5.1.2600.5781 (xpsp_sp3_gdr.090321-1317) Windows NT BASE API Client DLL
ADVAPI32.dll 77dd0000 634880 C:\WINDOWS\system32\ADVAPI32.dll 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234) Advanced Windows 32 Base API
RPCRT4.dll 77e70000 598016 C:\WINDOWS\system32\RPCRT4.dll 5.1.2600.5795 (xpsp_sp3_gdr.090415-1241) Remote Procedure Call Runtime
Secur32.dll 77fe0000 69632 C:\WINDOWS\system32\Secur32.dll 5.1.2600.5834 (xpsp_sp3_gdr.090624-1305) Security Support Provider Interface
BROWSEUI.dll 75f80000 1036288 C:\WINDOWS\system32\BROWSEUI.dll 6.00.2900.5512 (xpsp.080413-2105) Shell Browser UI Library
GDI32.dll 77f10000 299008 C:\WINDOWS\system32\GDI32.dll 5.1.2600.5698 (xpsp_sp3_gdr.081022-1932) GDI Client DLL
USER32.dll 7e410000 593920 C:\WINDOWS\system32\USER32.dll 5.1.2600.5512 (xpsp.080413-2105) Windows XP USER API Client DLL
msvcrt.dll 77c10000 360448 C:\WINDOWS\system32\msvcrt.dll 7.0.2600.5512 (xpsp.080413-2111) Windows NT CRT DLL
ole32.dll 774e0000 1298432 C:\WINDOWS\system32\ole32.dll 5.1.2600.5512 (xpsp.080413-2108) Microsoft OLE for Windows
SHLWAPI.dll 77f60000 483328 C:\WINDOWS\system32\SHLWAPI.dll 6.00.2900.5512 (xpsp.080413-2105) Shell Light-weight Utility Library
OLEAUT32.dll 77120000 569344 C:\WINDOWS\system32\OLEAUT32.dll 5.1.2600.5512 5.1.2600.5512
SHDOCVW.dll 7e290000 1511424 C:\WINDOWS\system32\SHDOCVW.dll 6.00.2900.5512 (xpsp.080413-2105) Shell Doc Object and Control Library
CRYPT32.dll 77a80000 610304 C:\WINDOWS\system32\CRYPT32.dll 5.131.2600.5512 (xpsp.080413-2113) Crypto API32
MSASN1.dll 77b20000 73728 C:\WINDOWS\system32\MSASN1.dll 5.1.2600.5875 (xpsp_sp3_gdr.090904-1413) ASN.1 Runtime APIs
CRYPTUI.dll 754d0000 524288 C:\WINDOWS\system32\CRYPTUI.dll 5.131.2600.5512 (xpsp.080413-2113) Microsoft Trust UI Provider
NETAPI32.dll 5b860000 348160 C:\WINDOWS\system32\NETAPI32.dll 5.1.2600.5694 (xpsp_sp3_gdr.081015-1312) Net Win32 API DLL
VERSION.dll 77c00000 32768 C:\WINDOWS\system32\VERSION.dll 5.1.2600.5512 (xpsp.080413-2105) Version Checking and File Installation Libraries
WININET.dll 3d930000 942080 C:\WINDOWS\system32\WININET.dll 8.00.6001.18828 (longhorn_ie8_gdr.090826-1700) Internet Extensions for Win32
Normaliz.dll 400000 36864 C:\WINDOWS\system32\Normaliz.dll 6.0.5441.0 (winmain(wmbla).060628-1735) Unicode Normalization DLL
urlmon.dll 78130000 1253376 C:\WINDOWS\system32\urlmon.dll 8.00.6001.18828 (longhorn_ie8_gdr.090826-1700) OLE32 Extensions for Win32
iertutil.dll 3dfd0000 1998848 C:\WINDOWS\system32\iertutil.dll 8.00.6001.18828 (longhorn_ie8_gdr.090826-1700) Run time utility for Internet Explorer
WINTRUST.dll 76c30000 188416 C:\WINDOWS\system32\WINTRUST.dll 5.131.2600.5512 (xpsp.080413-2113) Microsoft Trust Verification APIs
IMAGEHLP.dll 76c90000 163840 C:\WINDOWS\system32\IMAGEHLP.dll 5.1.2600.5512 (xpsp.080413-2105) Windows NT Image Helper
WLDAP32.dll 76f60000 180224 C:\WINDOWS\system32\WLDAP32.dll 5.1.2600.5512 (xpsp.080413-2113) Win32 LDAP API DLL
SHELL32.dll 7c9c0000 8482816 C:\WINDOWS\system32\SHELL32.dll 6.00.2900.5622 (xpsp_sp3_gdr.080617-1319) Windows Shell Common Dll
UxTheme.dll 5ad70000 229376 C:\WINDOWS\system32\UxTheme.dll 6.00.2900.5512 (xpsp.080413-2105) Microsoft UxTheme Library
ShimEng.dll 5cb70000 155648 C:\WINDOWS\system32\ShimEng.dll 5.1.2600.5512 (xpsp.080413-2105) Shim Engine DLL
AcGenral.DLL 6f880000 1875968 C:\WINDOWS\AppPatch\AcGenral.DLL 5.1.2600.5512 (xpsp.080413-2105) Windows Compatibility DLL
WINMM.dll 76b40000 184320 C:\WINDOWS\system32\WINMM.dll 5.1.2600.5512 (xpsp.080413-0845) MCI API DLL
MSACM32.dll 77be0000 86016 C:\WINDOWS\system32\MSACM32.dll 5.1.2600.5512 (xpsp.080413-0845) Microsoft ACM Audio Filter
USERENV.dll 769c0000 737280 C:\WINDOWS\system32\USERENV.dll 5.1.2600.5512 (xpsp.080413-2113) Userenv
IMM32.DLL 76390000 118784 C:\WINDOWS\system32\IMM32.DLL 5.1.2600.5512 (xpsp.080413-2105) Windows XP IMM32 API Client DLL
comctl32.dll 773d0000 1060864 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll 6.0 (xpsp.080413-2105) User Experience Controls Library
comctl32.dll 5d090000 630784 C:\WINDOWS\system32\comctl32.dll 5.82 (xpsp.080413-2105) Common Controls Library
apphelp.dll 77b40000 139264 C:\WINDOWS\system32\apphelp.dll 5.1.2600.5512 (xpsp.080413-2105) Application Compatibility Client Library
msctfime.ime 755c0000 188416 C:\WINDOWS\system32\msctfime.ime 5.1.2600.5512 (xpsp.080413-2105) Microsoft Text Frame Work Service IME
CLBCATQ.DLL 76fd0000 520192 C:\WINDOWS\system32\CLBCATQ.DLL 2001.12.4414.700 2001.12.4414.700
COMRes.dll 77050000 806912 C:\WINDOWS\system32\COMRes.dll 2001.12.4414.700 2001.12.4414.700
CtxMenu_1_0_0_10.dll 10000000 249856 C:\Program Files\Webroot\Spy Sweeper\Backup\CtxMenu_1_0_0_10.dll 1.0.0.10 CtxMenu DLL
OLEACC.dll 74c80000 180224 C:\WINDOWS\system32\OLEACC.dll 4.2.5406.0 (xpclient.010817-1148) Active Accessibility Core Component
MSVCP60.dll 76080000 413696 C:\WINDOWS\system32\MSVCP60.dll 6.02.3104.0 Microsoft (R) C++ Runtime Library
WINSPOOL.DRV 73000000 155648 C:\WINDOWS\system32\WINSPOOL.DRV 5.1.2600.5512 (xpsp.080413-0852) Windows Spooler Driver
msxml3.dll 74980000 1191936 C:\WINDOWS\system32\msxml3.dll 8.100.1051.0 MSXML 3.0 SP10
cscui.dll 77a20000 344064 C:\WINDOWS\System32\cscui.dll 5.1.2600.5512 (xpsp.080413-2105) Client Side Caching UI
CSCDLL.dll 76600000 118784 C:\WINDOWS\System32\CSCDLL.dll 5.1.2600.5512 (xpsp.080413-2111) Offline Network Agent
themeui.dll 5ba60000 462848 C:\WINDOWS\system32\themeui.dll 6.00.2900.5512 (xpsp.080413-2105) Windows Theme API
MSIMG32.dll 76380000 20480 C:\WINDOWS\system32\MSIMG32.dll 5.1.2600.5512 (xpsp.080413-2105) GDIEXT Client DLL
xpsp2res.dll 1500000 2904064 C:\WINDOWS\system32\xpsp2res.dll 5.1.2600.5512 (xpsp.080413-2113) Service Pack 2 Messages
SAMLIB.dll 71bf0000 77824 C:\WINDOWS\system32\SAMLIB.dll 5.1.2600.5512 (xpsp.080413-2113) SAM Library DLL
ieframe.dll 3e1c0000 11087872 C:\WINDOWS\system32\ieframe.dll 8.00.6001.18828 (longhorn_ie8_gdr.090826-1700) Internet Explorer
MLANG.dll 75cf0000 593920 C:\WINDOWS\system32\MLANG.dll 6.00.2900.5512 (xpsp.080413-2105) Multi Language Support DLL
LINKINFO.dll 76980000 32768 C:\WINDOWS\system32\LINKINFO.dll 5.1.2600.5512 (xpsp.080413-2105) Windows Volume Tracking
ntshrui.dll 76990000 151552 C:\WINDOWS\system32\ntshrui.dll 5.1.2600.5512 (xpsp.080413-2105) Shell extensions for sharing
ATL.DLL 76b20000 69632 C:\WINDOWS\system32\ATL.DLL 3.05.2284 ATL Module for Windows XP (Unicode)
SETUPAPI.dll 77920000 995328 C:\WINDOWS\system32\SETUPAPI.dll 5.1.2600.5512 (xpsp.080413-2111) Windows Setup API
WINSTA.dll 76360000 65536 C:\WINDOWS\system32\WINSTA.dll 5.1.2600.5512 (xpsp.080413-2111) Winstation Library
NETSHELL.dll 76400000 1724416 C:\WINDOWS\system32\NETSHELL.dll 5.1.2600.5512 (xpsp.080413-0852) Network Connections Shell
credui.dll 76c00000 188416 C:\WINDOWS\system32\credui.dll 5.1.2600.5512 (xpsp.080413-2113) Credential Manager User Interface
dot3api.dll 478c0000 40960 C:\WINDOWS\system32\dot3api.dll 5.1.2600.5512 (xpsp.080413-0852) 802.3 Autoconfiguration API
rtutils.dll 76e80000 57344 C:\WINDOWS\system32\rtutils.dll 5.1.2600.5512 (xpsp.080413-0852) Routing Utilities
dot3dlg.dll 736d0000 24576 C:\WINDOWS\system32\dot3dlg.dll 5.1.2600.5512 (xpsp.080413-0852) 802.3 UI Helper
OneX.DLL 5dca0000 163840 C:\WINDOWS\system32\OneX.DLL 5.1.2600.5512 (xpsp.080413-0852) IEEE 802.1X supplicant library
WTSAPI32.dll 76f50000 32768 C:\WINDOWS\system32\WTSAPI32.dll 5.1.2600.5512 (xpsp.080413-2111) Windows Terminal Server SDK APIs
eappcfg.dll 745b0000 139264 C:\WINDOWS\system32\eappcfg.dll 5.1.2600.5512 (xpsp.080413-0852) Eap Peer Config
eappprxy.dll 5dcd0000 57344 C:\WINDOWS\system32\eappprxy.dll 5.1.2600.5512 (xpsp.080413-0852) Microsoft EAPHost Peer Client DLL
iphlpapi.dll 76d60000 102400 C:\WINDOWS\system32\iphlpapi.dll 5.1.2600.5512 (xpsp.080413-0852) IP Helper API
WS2_32.dll 71ab0000 94208 C:\WINDOWS\system32\WS2_32.dll 5.1.2600.5512 (xpsp.080413-0852) Windows Socket 2.0 32-Bit DLL
WS2HELP.dll 71aa0000 32768 C:\WINDOWS\system32\WS2HELP.dll 5.1.2600.5512 (xpsp.080413-0852) Windows Socket 2.0 Helper for Windows NT
MSCTF.dll 74720000 311296 C:\WINDOWS\system32\MSCTF.dll 5.1.2600.5512 (xpsp.080413-2105) MSCTF Server DLL
msi.dll 7d1e0000 2867200 C:\WINDOWS\system32\msi.dll 3.1.4001.5512 Windows Installer
SXS.DLL 7e720000 720896 C:\WINDOWS\system32\SXS.DLL 5.1.2600.5512 (xpsp.080413-2111) Fusion 2.5
MPR.dll 71b20000 73728 C:\WINDOWS\system32\MPR.dll 5.1.2600.5512 (xpsp.080413-0852) Multiple Provider Router DLL
drprov.dll 75f60000 28672 C:\WINDOWS\System32\drprov.dll 5.1.2600.5512 (xpsp.080413-2111) Microsoft Terminal Server Network Provider
ntlanman.dll 71c10000 57344 C:\WINDOWS\System32\ntlanman.dll 5.1.2600.5512 (xpsp.080413-2108) Microsoft Lan Manager
NETUI0.dll 71cd0000 94208 C:\WINDOWS\System32\NETUI0.dll 5.1.2600.5512 (xpsp.080413-2108) NT LM UI Common Code - GUI Classes
NETUI1.dll 71c90000 262144 C:\WINDOWS\System32\NETUI1.dll 5.1.2600.5512 (xpsp.080413-2108) NT LM UI Common Code - Networking classes
NETRAP.dll 71c80000 28672 C:\WINDOWS\System32\NETRAP.dll 5.1.2600.5512 (xpsp.080413-2113) Net Remote Admin Protocol DLL
davclnt.dll 75f70000 40960 C:\WINDOWS\System32\davclnt.dll 5.1.2600.5512 (xpsp.080413-2111) Web DAV Client DLL
LMIRfsClientNP.dll d10000 81920 C:\WINDOWS\system32\LMIRfsClientNP.dll 2.1.3.0 LogMeIn Rfs Client Network Provider
browselc.dll 71600000 73728 C:\WINDOWS\system32\browselc.dll 6.00.2900.5512 (xpsp.080413-2105) Shell Browser UI Library
zipfldr.dll 73380000 356352 C:\WINDOWS\system32\zipfldr.dll 6.00.2900.5512 (xpsp.080413-2105) Compressed (zipped) Folders
SHELLW~1.DLL 2770000 167936 C:\PROGRA~1\COMMON~1\WEBROO~1\SHELLW~1.DLL 6.0.1.409 Window Washer Shredding Shell Extension
SSCtxMnu.dll 2a40000 512000 C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll 6,1,0,145 Spy Sweeper Client Executable
mscoree.dll 79000000 286720 C:\WINDOWS\system32\mscoree.dll 2.0.50727.3053 (netfxsp.050727-3000) Microsoft .NET Runtime Execution Engine
mscorwks.dll 79e70000 5832704 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll 2.0.50727.3603 (GDR.050727-3600) Microsoft .NET Runtime Common Language Runtime - WorkStation
MSVCR80.dll 3080000 634880 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll 8.00.50727.3053 Microsoft C Runtime Library
mscorlib.ni.dll 790c0000 11497472 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\7124a40b9998f7b63c86bd1a2125ce26\mscorlib.ni.dll 2.0.50727.3603 (GDR.050727-3600) Microsoft Common Language Runtime Class Library
rsaenh.dll 68000000 221184 C:\WINDOWS\system32\rsaenh.dll 5.1.2600.5507 (xpsp.080318-1711) Microsoft Enhanced Cryptographic Provider
mscorsec.dll 64020000 77824 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll 2.0.50727.3053 (netfxsp.050727-3000) Microsoft .NET Security module
cryptnet.dll 75e60000 77824 C:\WINDOWS\system32\cryptnet.dll 5.131.2600.5512 (xpsp.080413-2113) Crypto Network Related API
PSAPI.DLL 76bf0000 45056 C:\WINDOWS\system32\PSAPI.DLL 5.1.2600.5512 (xpsp.080413-2105) Process Status Helper
SensApi.dll 722b0000 20480 C:\WINDOWS\system32\SensApi.dll 5.1.2600.5512 (xpsp.080413-2108) SENS Connectivity API DLL
WINHTTP.dll 4d4f0000 364544 C:\WINDOWS\system32\WINHTTP.dll 5.1.2600.5727 (xpsp_sp3_gdr.081215-1359) Windows HTTP Services
SOSClientApi.dll 11000000 40960 C:\Program Files\Webroot\Spy Sweeper\Backup\SOSClientApi.dll 4.3.17.3 SOS Client API
mscorjit.dll 79060000 372736 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll 2.0.50727.3082 (QFE.050727-3000) Microsoft .NET Runtime Just-In-Time Compiler
SOSTools.dll 55b0000 131072 C:\Program Files\Webroot\Spy Sweeper\Backup\SOSTools.dll 4.3.17.3 SOS Online Backup
System.Xml.dll 637a0000 2064384 C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll 2.0.50727.3082 (QFE.050727-3000) .NET Framework
System.ni.dll 7a440000 7884800 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\3de5bd01124463d7862bd173af90bc83\System.ni.dll 2.0.50727.3053 (netfxsp.050727-3000) .NET Framework
mbamext.dll 5860000 98304 C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll 1, 3, 0, 0 Malwarebytes' Anti-Malware
ShellExt.dll 5890000 94208 C:\Program Files\Lavasoft\Ad-Aware\ShellExt.dll 1.0.0.1 Shell Extension
MSVCP90.dll 78480000 581632 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\MSVCP90.dll 9.00.30729.1 Microsoft C++ Runtime Library
MSVCR90.dll 78520000 667648 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\MSVCR90.dll 9.00.30729.1 Microsoft C Runtime Library
ATL90.DLL 78e20000 172032 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\ATL90.DLL 9.00.30729.01 ATL Module for Windows (Unicode)
shellExt.dll 22000000 200704 C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll 4.0.314 Shell Extension
mydocs.dll 72410000 106496 C:\WINDOWS\system32\mydocs.dll 6.00.2900.5512 (xpsp.080413-2105) My Documents Folder UI
PDFShell.dll 5aa0000 372736 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll 9.1.0.2009022700 PDF Shell Extension
MpOAv.dll 5f800000 86016 C:\PROGRA~1\WIFD1F~1\MpOAv.dll 1.1.1593.0 IOfficeAntiVirus Module
MSVCP80.dll 7c420000 552960 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCP80.dll 8.00.50727.3053 Microsoft C++ Runtime Library
MpShHook.dll 5990000 90112 C:\PROGRA~1\WIFD1F~1\MpShHook.dll 1.1.1593.0 Shell Execution Monitor
Module information for 'explorer.exe'(1908)
MODULE BASE SIZE PATH
explorer.exe 1000000 1044480 C:\WINDOWS\explorer.exe 6.00.2900.5512 (xpsp.080413-2105) Windows Explorer
ntdll.dll 7c900000 729088 C:\WINDOWS\system32\ntdll.dll 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234) NT Layer DLL
kernel32.dll 7c800000 1007616 C:\WINDOWS\system32\kernel32.dll 5.1.2600.5781 (xpsp_sp3_gdr.090321-1317) Windows NT BASE API Client DLL
ADVAPI32.dll 77dd0000 634880 C:\WINDOWS\system32\ADVAPI32.dll 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234) Advanced Windows 32 Base API
RPCRT4.dll 77e70000 598016 C:\WINDOWS\system32\RPCRT4.dll 5.1.2600.5795 (xpsp_sp3_gdr.090415-1241) Remote Procedure Call Runtime
Secur32.dll 77fe0000 69632 C:\WINDOWS\system32\Secur32.dll 5.1.2600.5834 (xpsp_sp3_gdr.090624-1305) Security Support Provider Interface
BROWSEUI.dll 75f80000 1036288 C:\WINDOWS\system32\BROWSEUI.dll 6.00.2900.5512 (xpsp.080413-2105) Shell Browser UI Library
GDI32.dll 77f10000 299008 C:\WINDOWS\system32\GDI32.dll 5.1.2600.5698 (xpsp_sp3_gdr.081022-1932) GDI Client DLL
USER32.dll 7e410000 593920 C:\WINDOWS\system32\USER32.dll 5.1.2600.5512 (xpsp.080413-2105) Windows XP USER API Client DLL
msvcrt.dll 77c10000 360448 C:\WINDOWS\system32\msvcrt.dll 7.0.2600.5512 (xpsp.080413-2111) Windows NT CRT DLL
ole32.dll 774e0000 1298432 C:\WINDOWS\system32\ole32.dll 5.1.2600.5512 (xpsp.080413-2108) Microsoft OLE for Windows
SHLWAPI.dll 77f60000 483328 C:\WINDOWS\system32\SHLWAPI.dll 6.00.2900.5512 (xpsp.080413-2105) Shell Light-weight Utility Library
OLEAUT32.dll 77120000 569344 C:\WINDOWS\system32\OLEAUT32.dll 5.1.2600.5512 5.1.2600.5512
SHDOCVW.dll 7e290000 1511424 C:\WINDOWS\system32\SHDOCVW.dll 6.00.2900.5512 (xpsp.080413-2105) Shell Doc Object and Control Library
CRYPT32.dll 77a80000 610304 C:\WINDOWS\system32\CRYPT32.dll 5.131.2600.5512 (xpsp.080413-2113) Crypto API32
MSASN1.dll 77b20000 73728 C:\WINDOWS\system32\MSASN1.dll 5.1.2600.5875 (xpsp_sp3_gdr.090904-1413) ASN.1 Runtime APIs
CRYPTUI.dll 754d0000 524288 C:\WINDOWS\system32\CRYPTUI.dll 5.131.2600.5512 (xpsp.080413-2113) Microsoft Trust UI Provider
NETAPI32.dll 5b860000 348160 C:\WINDOWS\system32\NETAPI32.dll 5.1.2600.5694 (xpsp_sp3_gdr.081015-1312) Net Win32 API DLL
VERSION.dll 77c00000 32768 C:\WINDOWS\system32\VERSION.dll 5.1.2600.5512 (xpsp.080413-2105) Version Checking and File Installation Libraries
WININET.dll 3d930000 942080 C:\WINDOWS\system32\WININET.dll 8.00.6001.18828 (longhorn_ie8_gdr.090826-1700) Internet Extensions for Win32
Normaliz.dll 400000 36864 C:\WINDOWS\system32\Normaliz.dll 6.0.5441.0 (winmain(wmbla).060628-1735) Unicode Normalization DLL
urlmon.dll 78130000 1253376 C:\WINDOWS\system32\urlmon.dll 8.00.6001.18828 (longhorn_ie8_gdr.090826-1700) OLE32 Extensions for Win32
iertutil.dll 3dfd0000 1998848 C:\WINDOWS\system32\iertutil.dll 8.00.6001.18828 (longhorn_ie8_gdr.090826-1700) Run time utility for Internet Explorer
WINTRUST.dll 76c30000 188416 C:\WINDOWS\system32\WINTRUST.dll 5.131.2600.5512 (xpsp.080413-2113) Microsoft Trust Verification APIs
IMAGEHLP.dll 76c90000 163840 C:\WINDOWS\system32\IMAGEHLP.dll 5.1.2600.5512 (xpsp.080413-2105) Windows NT Image Helper
WLDAP32.dll 76f60000 180224 C:\WINDOWS\system32\WLDAP32.dll 5.1.2600.5512 (xpsp.080413-2113) Win32 LDAP API DLL
SHELL32.dll 7c9c0000 8482816 C:\WINDOWS\system32\SHELL32.dll 6.00.2900.5622 (xpsp_sp3_gdr.080617-1319) Windows Shell Common Dll
UxTheme.dll 5ad70000 229376 C:\WINDOWS\system32\UxTheme.dll 6.00.2900.5512 (xpsp.080413-2105) Microsoft UxTheme Library
ShimEng.dll 5cb70000 155648 C:\WINDOWS\system32\ShimEng.dll 5.1.2600.5512 (xpsp.080413-2105) Shim Engine DLL
AcGenral.DLL 6f880000 1875968 C:\WINDOWS\AppPatch\AcGenral.DLL 5.1.2600.5512 (xpsp.080413-2105) Windows Compatibility DLL
WINMM.dll 76b40000 184320 C:\WINDOWS\system32\WINMM.dll 5.1.2600.5512 (xpsp.080413-0845) MCI API DLL
MSACM32.dll 77be0000 86016 C:\WINDOWS\system32\MSACM32.dll 5.1.2600.5512 (xpsp.080413-0845) Microsoft ACM Audio Filter
USERENV.dll 769c0000 737280 C:\WINDOWS\system32\USERENV.dll 5.1.2600.5512 (xpsp.080413-2113) Userenv
IMM32.DLL 76390000 118784 C:\WINDOWS\system32\IMM32.DLL 5.1.2600.5512 (xpsp.080413-2105) Windows XP IMM32 API Client DLL
comctl32.dll 773d0000 1060864 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll 6.0 (xpsp.080413-2105) User Experience Controls Library
comctl32.dll 5d090000 630784 C:\WINDOWS\system32\comctl32.dll 5.82 (xpsp.080413-2105) Common Controls Library
SETUPAPI.dll 77920000 995328 C:\WINDOWS\system32\SETUPAPI.dll 5.1.2600.5512 (xpsp.080413-2111) Windows Setup API
MSCTF.dll 74720000 311296 C:\WINDOWS\system32\MSCTF.dll 5.1.2600.5512 (xpsp.080413-2105) MSCTF Server DLL
msctfime.ime 755c0000 188416 C:\WINDOWS\system32\msctfime.ime 5.1.2600.5512 (xpsp.080413-2105) Microsoft Text Frame Work Service IME
appHelp.dll 77b40000 139264 C:\WINDOWS\system32\appHelp.dll 5.1.2600.5512 (xpsp.080413-2105) Application Compatibility Client Library
CLBCATQ.DLL 76fd0000 520192 C:\WINDOWS\system32\CLBCATQ.DLL 2001.12.4414.700 2001.12.4414.700
COMRes.dll 77050000 806912 C:\WINDOWS\system32\COMRes.dll 2001.12.4414.700 2001.12.4414.700
ieframe.dll 3e1c0000 11087872 C:\WINDOWS\system32\ieframe.dll 8.00.6001.18828 (longhorn_ie8_gdr.090826-1700) Internet Explorer
xpsp2res.dll d10000 2904064 C:\WINDOWS\system32\xpsp2res.dll 5.1.2600.5512 (xpsp.080413-2113) Service Pack 2 Messages
msi.dll 7d1e0000 2867200 C:\WINDOWS\system32\msi.dll 3.1.4001.5512 Windows Installer
SXS.DLL 7e720000 720896 C:\WINDOWS\system32\SXS.DLL 5.1.2600.5512 (xpsp.080413-2111) Fusion 2.5
browselc.dll 71600000 73728 C:\WINDOWS\system32\browselc.dll 6.00.2900.5512 (xpsp.080413-2105) Shell Browser UI Library
ws2_32.dll 71ab0000 94208 C:\WINDOWS\system32\ws2_32.dll 5.1.2600.5512 (xpsp.080413-0852) Windows Socket 2.0 32-Bit DLL
WS2HELP.dll 71aa0000 32768 C:\WINDOWS\system32\WS2HELP.dll 5.1.2600.5512 (xpsp.080413-0852) Windows Socket 2.0 Helper for Windows NT
CtxMenu_1_0_0_10.dll 10000000 249856 C:\Program Files\Webroot\Spy Sweeper\Backup\CtxMenu_1_0_0_10.dll 1.0.0.10 CtxMenu DLL
OLEACC.dll 74c80000 180224 C:\WINDOWS\system32\OLEACC.dll 4.2.5406.0 (xpclient.010817-1148) Active Accessibility Core Component
MSVCP60.dll 76080000 413696 C:\WINDOWS\system32\MSVCP60.dll 6.02.3104.0 Microsoft (R) C++ Runtime Library
WINSPOOL.DRV 73000000 155648 C:\WINDOWS\system32\WINSPOOL.DRV 5.1.2600.5512 (xpsp.080413-0852) Windows Spooler Driver
msxml3.dll 74980000 1191936 C:\WINDOWS\system32\msxml3.dll 8.100.1051.0 MSXML 3.0 SP10
cscui.dll 77a20000 344064 C:\WINDOWS\System32\cscui.dll 5.1.2600.5512 (xpsp.080413-2105) Client Side Caching UI
CSCDLL.dll 76600000 118784 C:\WINDOWS\System32\CSCDLL.dll 5.1.2600.5512 (xpsp.080413-2111) Offline Network Agent
ntshrui.dll 76990000 151552 C:\WINDOWS\system32\ntshrui.dll 5.1.2600.5512 (xpsp.080413-2105) Shell extensions for sharing
ATL.DLL 76b20000 69632 C:\WINDOWS\system32\ATL.DLL 3.05.2284 ATL Module for Windows XP (Unicode)
PDFShell.dll 1cb0000 372736 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll 9.1.0.2009022700 PDF Shell Extension
MSVCR80.dll 1d10000 634880 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll 8.00.50727.3053 Microsoft C Runtime Library
MpShHook.dll 5f800000 90112 C:\PROGRA~1\WIFD1F~1\MpShHook.dll 1.1.1593.0 Shell Execution Monitor
MSVCP80.dll 7c420000 552960 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCP80.dll 8.00.50727.3053 Microsoft C++ Runtime Library
rsaenh.dll 68000000 221184 C:\WINDOWS\system32\rsaenh.dll 5.1.2600.5507 (xpsp.080318-1711) Microsoft Enhanced Cryptographic Provider
MSNLNamespaceMgr.dll 1fc0000 315392 C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll 7.00.6001.18260 (vistasp1_gdr_oobsvc.090524-1500) Windows Search Namespace Manager



******************************************
EOF

Please download F-Secure's Blacklight from F-Secure.com

• Save it to your Desktop
  
• Double-click blbeta.exe then accept the agreement.
  
• click > scan then > next,
  
• You'll see a list of all items found.
  
• Don't choose for rename yet! I want to see the log first, because legit items can also be present there...
  
• There must be also a log on your desktop with the name fsbl.xxxxxxx.log (the xxxxxxx stand for numbers)
  
• Post the contents of the log in your next reply.
  

I downloaded F-Secure BackLight to the desktop and got a warning message saying it cannot be run in Safe Mode Please restart in Normal Mode....I can only get my computer to boot on Safe Mode...It will not boot up in Normal mode..That is the biggest issue we are having at this point.

Let us search for the culprit here:


Please begin by clicking Start > Control Panel > System > Hardware > Device Manager > View > Show hȋdden Devices

• Scroll down to Non-plug and Play Drivers and click the plus icon to open those drivers.
  
• Then search forTDSSserv.sys
  
• Let us know if you find this or not.
  
• If you do find it, right click on it, and select Disable. Do not try to uninstall it.
  
• Also if TDSSserv.sys is found and you disable it, then you must reboot immediately.
  
• After reboot continue on with other cleaning instructions you may have been having problems running.
  

Then, let me know if you can get in to Normal Mode.

TDSServe.sys is not present under Non-Plug and Play Drivers on my computer.

Also it is getting harder to get my machine to boot. Before I can get it to Safe Mode it now beeps from the CPU.... 2 quick beeps and 7 or 8 steady beeps and it takes several trys to get it started... I don't know what that's all about.

Right-click on My Computer and click Manage.

Click the Device Manager on the left.

List any entries that have a yellow triangle or red x beside them.

Under Network adapters I found only 1 item with a red X.
Intel(R) PRO/100 VE Network Connection

There was no yellow triangles

Have you installed any new hardware recently, or remove any?

Do you hear weird noises come from the internals of the computer, smell anything out of the ordinary?

What is all the hardware attached to the outside of the system? (Such as keyboards, mouse, gaming controllers, printers, cameras, video editing device, etc).

Do you know what is inside? (Such as CD or DVD drive, USB 2.0 adapter, floppy disk drive, type of video card, amount of RAM, how many sticks of RAM, etc).

My computer is a custom built one.
It has an Intel DesktopBoard D915PLB
Intel Pentium 4 Processor 3.0GHz
GeForce 6200 Graphics Accelerator
It has one DVD/CD drive deck (AOpen)52X
It has one Floppy Drive..1.44MB 3.5"
512 meg DDR2 533 RAM
80.0 GB HDD
I have a USB Key Board

No unusual odors

The only noises I have heard is the beeping coming from the tower when I try to boot up...causing me to retry several times before it will start.


USB wireless MS mouse
1 Belkin 7 port aux. USB hub
Lexmark 2500 all in one printer
1 usb Trendnet fax modem
AccuSync LCD 72v monitor

I have not installed any new hardware recently
I have not uninstalled any hardware lately.

I was downloading and transfering cell phone app. via AccuSync when I noticed the maching shutting down and restarting on it's own. It finally got to the point that it would not restart. When I tried to reboot it it would try to start up and then shut down when the desktop icons would start populating. That has degraded to only being to run in safe mode with networking. Now it is having trouble starting at all. The tower beeps several times causing me to have to crash the machine and try to restart several times before it finally starts in safe mode.
Whatever is going on seems to know I'm trying to find it and it is just getting worse...Who Knows??!!

I unplugged all the usb devices, and a/c powered speakers....nothing left pluged in except the monitor and network cable. turned off the power and unpluged the a/c power cord. I plugged the power cord back in and turned on the power switch and tried to boot....but it still won't start in normal mode.

Last edited by flyinskwurl on 16th December 2009, 2:28 am; edited 1 time in total (Reason for editing : Additional info.)

How many beeps are there on startup?

This indicates a hardware issue.

For most beeps, they are in a pattern.

For example: 1-2-1-1

The start up beeps are 2 quick beeps followed by 8 beeps in a row.

1+1 1-1-1-1-1-1-1-1

Please see the cleaning procedures for cleaning inside your computer on this page: http://www.bleepingcomputer.com/tutorials/tutorial118.html

Follow header: Cleaning the interior. Especially the RAM slots.

Then, let me know if you get anymore beeps.

I followed the instructions for cleaning the inside of the computer. Although I had done that earlier..I did it again there were some places that were missed on the first cleaning.
The computer still only boots up into Safe Mode. It beeped for the first two times but the beeping has stopped and now back to only booting in Safe Mode.
The machine has made 8 start ups with no beeping.

Please download ComboFix from here: http://download.bleepingcomputer.com/sUBs/Beta/KittyFix.exe

Rename ComboFix.exe to commy.exe before you save it to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
  
• Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

• Click on Yes, to continue scanning for malware.
  
• When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.
  

I guess we are at the end of the line with this one. The computer won't boot at all. I can't even get it to boot with the XP disk.
Looks like a trip to the repair shop...or maybe just put it out of service.

Thank you for all your help. I really don't think it's worth spending any more time on..

Marry Christmas..Thanks again for your effort...