Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Firefox Crashing and "Perfect Defender 2009 Popup"

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Firefox Crashing and "Perfect Defender 2009 Popup"

Unread postby Sharagoz » January 3rd, 2009, 2:48 pm

Did you install something called "Smart-Shopper" on purpose?

Now that we've seen how your computer behaves when offline, could you please keep the computer online for around 24hrs and then post new RSIT logs using the same procedure as step 5 of my previous post?
Keep the computer on as much as possible, but do a couple of reboots during this period.
Other than that, just use the computer like you normally would.
User avatar
Sharagoz
Retired Graduate
 
Posts: 985
Joined: February 22nd, 2008, 4:31 pm
Location: Norway
Advertisement
Register to Remove

Re: Firefox Crashing and "Perfect Defender 2009 Popup"

Unread postby wuchris » January 5th, 2009, 11:49 am

As far as I know, I didn't install "smart-shopper" on my computer. I'll start the 24 hr process now! :D Thanks again for your help!
wuchris
Regular Member
 
Posts: 26
Joined: November 29th, 2008, 1:31 pm

Re: Firefox Crashing and "Perfect Defender 2009 Popup"

Unread postby wuchris » January 6th, 2009, 11:31 am

1.Log
    Logfile of random's system information tool 1.04 (written by random/random)
    Run by Christine at 2009-01-06 09:29:34
    Microsoft Windows XP Professional Service Pack 3
    System drive C: has 62 GB (81%) free of 76 GB
    Total RAM: 2047 MB (72% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:29:37 AM, on 1/6/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PSIService.exe
    C:\WINDOWS\BCMSMMSG.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\Wacom_Tablet.exe
    C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
    C:\WINDOWS\system32\Wacom_Tablet.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Christine\Desktop\RSIT.exe
    C:\Program Files\Trend Micro\HijackThis\Christine.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://auburn.edu/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: Smart-Shopper - {4A7C84E2-E95C-43C6-8DD3-03ABCD0EB60E} - C:\Program Files\Smart-Shopper\Bin\2.5.1\Smrt-Shpr.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: EmailBHO - {647FD14A-C4F1-46F4-8FC3-0B40F54226F7} - C:\Program Files\jZip\WebmailPlugin.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: adssite - {bcc52f1d-65b7-4908-07a6-3e134502b757} - C:\WINDOWS\system32\nsp52.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: SmartShopper - Compare product prices - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEBF} - C:\Program Files\Smart-Shopper\Bin\2.5.1\Smrt-Shpr.dll
    O9 - Extra button: SmartShopper - Compare travel rates - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEC0} - C:\Program Files\Smart-Shopper\Bin\2.5.1\Smrt-Shpr.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
    O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\WINDOWS\system32\Wacom_Tablet.exe

    --
    End of file - 7305 bytes

    ======Scheduled tasks folder======

    C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    C:\WINDOWS\tasks\MP Scheduled Scan.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4A7C84E2-E95C-43C6-8DD3-03ABCD0EB60E}]
    Smart-Shopper - C:\Program Files\Smart-Shopper\Bin\2.5.1\Smrt-Shpr.dll [2008-10-07 1172952]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
    Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
    DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-11-07 110652]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{647FD14A-C4F1-46F4-8FC3-0B40F54226F7}]
    jZip Webmail plugin - C:\Program Files\jZip\WebmailPlugin.dll [2008-10-28 591296]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-12 320920]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bcc52f1d-65b7-4908-07a6-3e134502b757}]
    adssite - C:\WINDOWS\system32\nsp52.dll [2008-12-30 681472]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-12 34816]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
    JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-12 73728]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "BCMSMMSG"=C:\WINDOWS\BCMSMMSG.exe [2003-08-29 122880]
    "DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2005-11-07 122940]
    "SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2004-10-14 1404928]
    "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-12 136600]
    "avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-11-26 81000]
    "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-04-19 7700480]
    "nwiz"=nwiz.exe /install []
    "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-04-19 86016]
    "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]
    "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]
    "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
    "Aim6"= []

    C:\Documents and Settings\Christine\Start Menu\Programs\Startup
    Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=145

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
    "C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
    "C:\WINDOWS\system32\LEXPPS.EXE"="C:\WINDOWS\system32\LEXPPS.EXE:*:Enabled:LEXPPS.EXE"
    "C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
    "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
    "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
    "C:\WINDOWS\system32\drivers\svchost.exe"="C:\WINDOWS\system32\drivers\svchost.exe:*:Disabled:svchost"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

    ======List of files/folders created in the last 1 months======

    2009-01-06 09:29:34 ----D---- C:\rsit
    2009-01-05 09:28:18 ----A---- C:\WINDOWS\system32\cont_adssite-remove.exe
    2008-12-31 10:27:22 ----D---- C:\Documents and Settings\Christine\Application Data\Smart-Shopper
    2008-12-31 10:27:21 ----D---- C:\Program Files\Smart-Shopper
    2008-12-31 10:26:52 ----D---- C:\Program Files\jZip
    2008-12-30 05:02:58 ----A---- C:\WINDOWS\system32\nsp52.dll
    2008-12-27 17:35:05 ----D---- C:\WINDOWS\Minidump
    2008-12-27 17:32:02 ----D---- C:\Documents and Settings\Christine\Application Data\vlc
    2008-12-20 23:01:04 ----A---- C:\WINDOWS\gmer.ini
    2008-12-20 23:01:02 ----RA---- C:\WINDOWS\gmer.exe
    2008-12-20 23:01:02 ----A---- C:\WINDOWS\gmer_uninstall.cmd
    2008-12-20 23:01:02 ----A---- C:\WINDOWS\gmer.dll
    2008-12-15 02:28:02 ----D---- C:\WINDOWS\ERDNT
    2008-12-15 02:26:53 ----D---- C:\Program Files\ERUNT
    2008-12-12 17:16:22 ----D---- C:\Program Files\EsetOnlineScanner
    2008-12-12 17:11:52 ----A---- C:\WINDOWS\system32\javaws.exe
    2008-12-12 17:11:52 ----A---- C:\WINDOWS\system32\javaw.exe
    2008-12-12 17:11:52 ----A---- C:\WINDOWS\system32\java.exe
    2008-12-12 17:11:52 ----A---- C:\WINDOWS\system32\deploytk.dll
    2008-12-11 23:34:21 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
    2008-12-11 23:31:59 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
    2008-12-11 23:31:50 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
    2008-12-11 23:31:31 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
    2008-12-11 21:53:51 ----D---- C:\Program Files\CCleaner

    ======List of files/folders modified in the last 1 months======

    2009-01-06 09:29:12 ----D---- C:\WINDOWS\Prefetch
    2009-01-06 09:28:16 ----D---- C:\WINDOWS\system32
    2009-01-06 09:16:24 ----SD---- C:\WINDOWS\Tasks
    2009-01-06 09:15:42 ----D---- C:\WINDOWS\Temp
    2009-01-06 09:13:51 ----D---- C:\Program Files\Mozilla Firefox
    2009-01-06 09:13:39 ----D---- C:\Documents and Settings\Christine\Application Data\WTablet
    2009-01-06 09:12:11 ----A---- C:\WINDOWS\SchedLgU.Txt
    2008-12-31 10:27:21 ----RD---- C:\Program Files
    2008-12-30 17:49:19 ----D---- C:\Documents and Settings\Christine\Application Data\Mozilla
    2008-12-30 02:03:33 ----D---- C:\WINDOWS\system32\CatRoot2
    2008-12-29 19:05:21 ----RSD---- C:\WINDOWS\Fonts
    2008-12-27 17:35:05 ----D---- C:\WINDOWS
    2008-12-27 01:07:36 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
    2008-12-20 23:01:02 ----D---- C:\WINDOWS\system32\drivers
    2008-12-17 21:14:14 ----HD---- C:\WINDOWS\inf
    2008-12-17 21:14:07 ----RSHDC---- C:\WINDOWS\system32\dllcache
    2008-12-17 21:14:05 ----D---- C:\WINDOWS\ie7updates
    2008-12-17 21:13:22 ----HD---- C:\WINDOWS\$hf_mig$
    2008-12-13 00:40:02 ----A---- C:\WINDOWS\system32\mshtml.dll
    2008-12-12 19:34:12 ----SD---- C:\WINDOWS\Downloaded Program Files
    2008-12-12 18:44:52 ----D---- C:\Program Files\DivX
    2008-12-12 17:12:04 ----SHD---- C:\WINDOWS\Installer
    2008-12-12 17:12:04 ----SHD---- C:\Config.Msi
    2008-12-12 17:11:01 ----D---- C:\Program Files\Java
    2008-12-11 23:34:09 ----D---- C:\Program Files\Internet Explorer
    2008-12-11 23:04:47 ----SD---- C:\Documents and Settings\Christine\Application Data\Microsoft
    2008-12-11 23:04:45 ----D---- C:\WINDOWS\system
    2008-12-11 23:04:32 ----D---- C:\Documents and Settings\All Users\Application Data\avg7
    2008-12-11 23:04:19 ----D---- C:\Documents and Settings\Christine\Application Data\AVG7
    2008-12-11 21:57:31 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
    2008-12-11 21:55:47 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-12-11 21:55:03 ----D---- C:\WINDOWS\Debug
    2008-12-09 17:24:37 ----A---- C:\WINDOWS\system32\MRT.exe

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-11-26 26944]
    R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-11-26 111184]
    R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-11-26 50864]
    R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-11-18 5660]
    R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-11-18 22684]
    R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
    R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
    R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-11-26 20560]
    R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-11-26 94032]
    R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-11-07 25628]
    R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-11-07 2496]
    R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-11-07 86652]
    R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-11-07 14684]
    R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-11-07 6364]
    R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-11-07 87036]
    R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-11-07 94332]
    R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-08-12 40544]
    R2 PfModNT;PfModNT; \??\C:\WINDOWS\system32\drivers\PfModNT.sys []
    R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-11-26 23152]
    R3 BCMModem;BCM V.92 56K Modem; C:\WINDOWS\system32\DRIVERS\BCMSM.sys [2003-08-29 1101696]
    R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2007-03-14 165760]
    R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
    R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
    R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
    R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-04-19 3988384]
    R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-09-17 732928]
    R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-01-27 260352]
    R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
    R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
    R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
    R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
    R3 wacommousefilter;Wacom Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [2007-02-16 11312]
    R3 wacomvhid;Wacom Virtual Hid Driver; C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2007-02-16 12848]
    R3 WacomVKHid;Virtual Keyboard Driver; C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys [2007-02-15 11440]
    S1 mferkdk;VSCore mferkdk; \??\C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys []
    S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2008-12-20 85969]
    S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
    S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
    S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
    S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
    S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
    R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-11-26 18752]
    R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-11-26 155160]
    R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
    R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-12 152984]
    R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2003-08-29 307200]
    R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-04-19 159810]
    R2 ProtexisLicensing;ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [2006-11-02 174656]
    R2 TabletServiceWacom;TabletServiceWacom; C:\WINDOWS\system32\Wacom_Tablet.exe [2007-09-07 1373480]
    R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
    R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-11-26 254040]
    R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-11-26 352920]
    R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
    S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-12-02 72704]
    S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
    S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
    S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

    -----------------EOF-----------------

2.Info
    info.txt logfile of random's system information tool 1.04 2009-01-06 09:29:38

    ======Uninstall list======

    -->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
    -->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
    -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    7-Zip 4.56 beta-->"C:\Program Files\7-Zip\Uninstall.exe"
    Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
    Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
    Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
    Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
    Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
    Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
    Adobe Illustrator CS2-->msiexec /I {B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}
    Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
    Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
    Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
    Adobe SVG Viewer 3.0-->C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
    AIM 6-->C:\Program Files\AIM6\uninst.exe
    Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
    Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
    avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
    BCM V.92 56K Modem-->C:\WINDOWS\BCMSMU.exe quiet
    Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
    CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
    Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
    Contextual Tool Adssite-->C:\WINDOWS\system32\cont_adssite-remove.exe
    Corel Painter X-->C:\Program Files\Corel\Corel Painter X\MSILauncher {91CABF8F-A81C-4CB0-A1B0-D55B25F1B150} C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\PainterX.log
    Corel Painter X-->MsiExec.exe /I{91CABF8F-A81C-4CB0-A1B0-D55B25F1B150}
    CuteFTP 8 Home-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{949DBB22-2FB7-4DE1-804C-23D495A988D8}\Setup.exe" -l0x9
    DELETER COMICWORKS-->MsiExec.exe /I{85CFC80F-B410-42E7-855F-F2AE1DF64315}
    DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
    DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
    ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
    ESET Online Scanner-->C:\WINDOWS\system32\OnlineScannerUninstaller.exe
    EVGA Display Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BEF3EFE7-5159-436D-9BF0-CCC633179EB4}\Setup.exe" -l0x9 -removeonly
    HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
    Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
    Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
    Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
    Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
    Intel(R) PRO Network Connections 12.3.31.0-->MsiExec.exe /i{DDD0A758-F44C-47D3-8E88-692FFF775127} ARPREMOVE=1
    iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
    Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
    jZip-->C:\PROGRA~1\jZip\UNWISE.EXE /U C:\PROGRA~1\jZip\INSTALL.LOG
    Lexmark Z700-P700 Series-->C:\WINDOWS\system32\spool\drivers\w32x86\3\LXBLUN5C.EXE -dLexmark Z700-P700 Series
    Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
    Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
    Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
    Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
    Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
    Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
    MobileMe Control Panel-->MsiExec.exe /I{924EB80F-C2BB-4B9F-8412-88BBA937393F}
    Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    Panda ActiveScan 2.0-->C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
    QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
    Roxio DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
    Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
    Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
    Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
    Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
    Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
    SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\SETUP.exe" -l0x9 -removeonly
    Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
    Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
    Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
    Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
    Wacom Tablet-->C:\Program Files\Tablet\Wacom\Remove.exe /u
    Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
    Windows Driver Package - Hewlett-Packard Image (12/27/2006 8.0.0.0)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst32.exe /u C:\WINDOWS\system32\DRVSTORE\hpxp4370_EE583B2413E4C828DFD7901D646C3D9BF7599402\hpxp4370.inf
    Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
    Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
    Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
    Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
    Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

    ======Hosts File======

    127.0.0.1 007guard.com
    127.0.0.1 www.007guard.com
    127.0.0.1 008i.com
    127.0.0.1 008k.com
    127.0.0.1 www.008k.com
    127.0.0.1 00hq.com
    127.0.0.1 www.00hq.com
    127.0.0.1 010402.com
    127.0.0.1 032439.com
    127.0.0.1 www.032439.com

    ======Security center information======

    AV: avast! antivirus 4.8.1296 [VPS 090106-0]

    ======Environment variables======

    "ComSpec"=%SystemRoot%\system32\cmd.exe
    "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Intel\DMIX;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\jZip
    "windir"=%SystemRoot%
    "FP_NO_HOST_CHECK"=NO
    "OS"=Windows_NT
    "PROCESSOR_ARCHITECTURE"=x86
    "PROCESSOR_LEVEL"=15
    "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 7, GenuineIntel
    "PROCESSOR_REVISION"=0207
    "NUMBER_OF_PROCESSORS"=1
    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    "TEMP"=%SystemRoot%\TEMP
    "TMP"=%SystemRoot%\TEMP
    "CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
    "QTJAVA"=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip

    -----------------EOF-----------------
wuchris
Regular Member
 
Posts: 26
Joined: November 29th, 2008, 1:31 pm

Re: Firefox Crashing and "Perfect Defender 2009 Popup"

Unread postby Sharagoz » January 6th, 2009, 3:59 pm

You still have an infection somewhere on your computer that is bringing new malware to your computer.
Be sure to let me know if you see anything out of the ordinary when you're using your computer as it may help us towards finding the source of this.
The source may be infected Mp3's. Do you notice anything strange when running some of your mp3's (if you have any)? Any popups requesting the installation of codecs for instance?

1) Create and run a registry script
  • Press the windows key and the R key at the same time to open the Run dialog box
  • type notepad and press the enter key
  • A new notepad document should now open. Copy the content of the code box below into this notepad document
    Code: Select all
    REGEDIT4
    
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4A7C84E2-E95C-43C6-8DD3-03ABCD0EB60E}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bcc52f1d-65b7-4908-07a6-3e134502b757}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEBF}]
    
    [-HKEY_CLASSES_ROOT\CLSID\{4A7C84E2-E95C-43C6-8DD3-03ABCD0EB60E}]
    [-HKEY_CLASSES_ROOT\CLSID\{bcc52f1d-65b7-4908-07a6-3e134502b757}]
    [-HKEY_CLASSES_ROOT\CLSID\{3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEBF}]
    
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "C:\\WINDOWS\\system32\\drivers\\svchost.exe"=-
    
  • Change the Save as type to All files and then save the file as fix.reg
  • Right-click on fix.reg and select Merge
  • Answer Yes at any prompts

2) Delete files
Delete these files:
C:\WINDOWS\system32\cont_adssite-remove.exe
C:\WINDOWS\system32\nsp52.dll
C:\Documents and Settings\Christine\Application Data\Smart-Shopper <-folder
C:\Program Files\Smart-Shopper <-folder

3) Remove uninstall entry with HJT
  • Launch HiJackThis and click Open the Misc Tools section
  • Click Open Uninstall Manager
  • Select the below program:
    Contextual Tool Adssite
  • Click Delete this entry to have it removed

4) Run CCleaner
  • Launch CCleaner
  • Click the Run Cleaner button at the bottom right of the window
  • Click Yes at the prompt and let the cleaner finish

5) Download and run SUPERAntiSpyware
  • Download SAS from here (use the link 'from authors site'), and install the program using default settings
  • When prompted about installing updates, click Yes
  • You can skip email registration and homepage protection
  • The program should auto-start after the installation. If it doesnt, there's will be a shortcut on your desktop that you can use to launch it manually
  • In the main window click Preferences to launch the configuration window
  • Under the General and Startup tab uncheck Start SUPERAntiSpyware when windows starts
  • Under the Scanning Control tab, uncheck everything except:
    o Ignore System Restore/Volume Information on ME/XP
    o Close browsers before scanning
    o Scan for tracking cookies
    o Terminate memory threats before quarantining
    o Scan alternate data streams
  • Click the Close button and return to the main window
  • Click the Scan your Computer button
  • Select Perform complete scan, make sure the necessary drives are selected, and click the Next button
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click OK
  • Make sure everything has a checkmark next to it and click Next
  • A notification will appear saying Quarantine and Removal is Complete.
    (if you are prompted about rebooting the machine to finish the removal, let SAS do so)
  • Now we need to retrieve the log
  • In the main window, Click Preferences, then click the Statistics/Logs tab
  • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log
  • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor
  • Include this log in your next post

6) Run Kaspersky online scanner
With the exception of Internet Explorer, which must be used for this scan, keep ALL programs closed
Note:
This is a very thorough scan that takes longer than most other scanners to complete. It will often take 2-6 hrs depending on the number of files on your computer and how powerfull the computer is.
It is recommended to disable onboard antivirus program and antispyware programs while performing the scan to speed up scan time and to make sure there are no conflicts.
If you disable your resident protection, do not go surfing until its enabled again. Its a good idea to simply disconnect the computer from the internet after the scan has started and not connect again until the scan is finished and the resident protection is enabled again.
Once the scan is finished remember to re-enable resident antivirus protection along with whatever antispyware application you use.


Do an online scan with Kaspersky Online Scanner in Internet Explorer. You will be prompted to install and run an ActiveX component from Kaspersky, Click Yes.
Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75%. Once the licence accepted, reset to 100%.
  • The program will launch and then start to download the latest definition files.
  • Once the scanner is installed and the definitions downloaded, click Next.
  • Now click on Scan Settings
  • In the scan settings make sure that the following are selected:
    o Scan using the following Anti-Virus database:
    + Extended (If available, otherwise use standard)
    o Scan Options:
    + Scan Archives
    + Scan Mail Bases
  • Click OK
  • Under select a target to scan, select My Computer
  • The scan will take a while so be patient and let it run.
  • Please do not use your computer while the scan is running. Once the scan is complete it will display if your system has been infected.
  • Click the Save Report As...
  • In the Save as... prompt, select Desktop
  • In the File name box, name the file KasScan-ddmmyy (or similar)
  • In the Save as type prompt, select Text file
  • Include the report in your next post.

Enable antivirus and antispyware programs if you disabled them before the scan.

7) Get new RSIT log
  • Delete this folder: C:\rsit
  • Double click on RSIT.exe (on your desktop) to run RSIT
  • Select 3 months and click Continue at the disclaimer screen to start the scanner
  • Once it has finished, two logs will open:
    • log.txt will be opened maximized
    • info.txt will be opened minimized
  • Post the contents of both log.txt and info.txt in your next reply

Logs I need:
SUPERAntiSpyware log
Kaspersky log
RSIT logs
User avatar
Sharagoz
Retired Graduate
 
Posts: 985
Joined: February 22nd, 2008, 4:31 pm
Location: Norway

Re: Firefox Crashing and "Perfect Defender 2009 Popup"

Unread postby wuchris » January 8th, 2009, 12:12 pm

I'm afraid I won't be able to perform these steps until tomorrow. I wanted to give you a heads up. Thanks again for all of your time and help!
wuchris
Regular Member
 
Posts: 26
Joined: November 29th, 2008, 1:31 pm

Re: Firefox Crashing and "Perfect Defender 2009 Popup"

Unread postby Sharagoz » January 8th, 2009, 3:59 pm

No worried, thanks for letting me know
User avatar
Sharagoz
Retired Graduate
 
Posts: 985
Joined: February 22nd, 2008, 4:31 pm
Location: Norway

Re: Firefox Crashing and "Perfect Defender 2009 Popup"

Unread postby wuchris » January 10th, 2009, 2:29 am

I've completed step1, however, I cannot find C:\WINDOWS\system32\nsp52.dll. Should I continue with the process?
wuchris
Regular Member
 
Posts: 26
Joined: November 29th, 2008, 1:31 pm

Re: Firefox Crashing and "Perfect Defender 2009 Popup"

Unread postby Sharagoz » January 10th, 2009, 3:16 pm

The file has probably been renamed since your last log.
Procede with the rest of the steps and we'll get the file later.
User avatar
Sharagoz
Retired Graduate
 
Posts: 985
Joined: February 22nd, 2008, 4:31 pm
Location: Norway

Re: Firefox Crashing and "Perfect Defender 2009 Popup"

Unread postby wuchris » January 13th, 2009, 11:01 am

I'm sorry this took me so long!
5.SuperAntiSpyware Log
    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 01/12/2009 at 11:47 PM

    Application Version : 4.25.1006

    Core Rules Database Version : 3707
    Trace Rules Database Version: 1682

    Scan type : Complete Scan
    Total Scan Time : 01:03:17

    Memory items scanned : 416
    Memory threats detected : 0
    Registry items scanned : 4297
    Registry threats detected : 1
    File items scanned : 91383
    File threats detected : 2

    Unclassified.Unknown Origin
    HKU\S-1-5-21-1123561945-573735546-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C004D9F0-A742-4DC7-AFD0-BC29CE3FE04A}

    Uncategorized.Unknown Origin
    C:\DOCUMENTS AND SETTINGS\CHRISTINE\NAH_LOG.DAT

    Adware.Vundo/Variant
    C:\WINDOWS\SYSTEM32\NSN13.DLL

6.Kapersky Log
    --------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER 7 REPORT
    Tuesday, January 13, 2009
    Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
    Kaspersky Online Scanner 7 version: 7.0.25.0
    Program database last update: Tuesday, January 13, 2009 05:04:11
    Records in database: 1612324
    --------------------------------------------------------------------------------

    Scan settings:
    Scan using the following database: extended
    Scan archives: yes
    Scan mail databases: yes

    Scan area - My Computer:
    A:\
    C:\
    D:\
    E:\
    F:\

    Scan statistics:
    Files scanned: 93138
    Threat name: 0
    Infected objects: 0
    Suspicious objects: 0
    Duration of the scan: 01:17:33

    No malware has been detected. The scan area is clean.

    The selected area was scanned.

7a.RSIT log
    Logfile of random's system information tool 1.04 (written by random/random)
    Run by Christine at 2009-01-13 08:55:34
    Microsoft Windows XP Professional Service Pack 3
    System drive C: has 62 GB (81%) free of 76 GB
    Total RAM: 2047 MB (75% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 8:55:41 AM, on 1/13/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PSIService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\BCMSMMSG.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\Wacom_Tablet.exe
    C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
    C:\WINDOWS\system32\Wacom_Tablet.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Documents and Settings\Christine\Desktop\RSIT.exe
    C:\Program Files\Trend Micro\HijackThis\Christine.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://auburn.edu/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: EmailBHO - {647FD14A-C4F1-46F4-8FC3-0B40F54226F7} - C:\Program Files\jZip\WebmailPlugin.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: SmartShopper - Compare travel rates - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEC0} - C:\Program Files\Smart-Shopper\Bin\2.5.1\Smrt-Shpr.dll (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
    O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\WINDOWS\system32\Wacom_Tablet.exe

    --
    End of file - 7142 bytes

    ======Scheduled tasks folder======

    C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    C:\WINDOWS\tasks\MP Scheduled Scan.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
    Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
    DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-11-07 110652]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{647FD14A-C4F1-46F4-8FC3-0B40F54226F7}]
    jZip Webmail plugin - C:\Program Files\jZip\WebmailPlugin.dll [2008-10-28 591296]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-12 320920]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-12 34816]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
    JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-12 73728]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "BCMSMMSG"=C:\WINDOWS\BCMSMMSG.exe [2003-08-29 122880]
    "DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2005-11-07 122940]
    "SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2004-10-14 1404928]
    "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-12 136600]
    "avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-11-26 81000]
    "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-04-19 7700480]
    "nwiz"=nwiz.exe /install []
    "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-04-19 86016]
    "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]
    "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]
    "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
    "Aim6"= []
    "MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

    C:\Documents and Settings\Christine\Start Menu\Programs\Startup
    Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
    C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=145

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
    "C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
    "C:\WINDOWS\system32\LEXPPS.EXE"="C:\WINDOWS\system32\LEXPPS.EXE:*:Enabled:LEXPPS.EXE"
    "C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
    "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
    "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

    ======List of files/folders created in the last 3 months======

    2009-01-13 08:55:34 ----D---- C:\rsit
    2009-01-12 22:39:41 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    2009-01-12 22:39:36 ----D---- C:\Program Files\SUPERAntiSpyware
    2009-01-12 22:39:36 ----D---- C:\Documents and Settings\Christine\Application Data\SUPERAntiSpyware.com
    2009-01-12 22:38:28 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
    2008-12-31 10:26:52 ----D---- C:\Program Files\jZip
    2008-12-27 17:35:05 ----D---- C:\WINDOWS\Minidump
    2008-12-27 17:32:02 ----D---- C:\Documents and Settings\Christine\Application Data\vlc
    2008-12-20 23:01:04 ----A---- C:\WINDOWS\gmer.ini
    2008-12-20 23:01:02 ----RA---- C:\WINDOWS\gmer.exe
    2008-12-20 23:01:02 ----A---- C:\WINDOWS\gmer_uninstall.cmd
    2008-12-20 23:01:02 ----A---- C:\WINDOWS\gmer.dll
    2008-12-15 02:28:02 ----D---- C:\WINDOWS\ERDNT
    2008-12-15 02:26:53 ----D---- C:\Program Files\ERUNT
    2008-12-12 17:16:22 ----D---- C:\Program Files\EsetOnlineScanner
    2008-12-12 17:11:52 ----A---- C:\WINDOWS\system32\javaws.exe
    2008-12-12 17:11:52 ----A---- C:\WINDOWS\system32\javaw.exe
    2008-12-12 17:11:52 ----A---- C:\WINDOWS\system32\java.exe
    2008-12-12 17:11:52 ----A---- C:\WINDOWS\system32\deploytk.dll
    2008-12-11 23:34:21 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
    2008-12-11 23:31:59 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
    2008-12-11 23:31:50 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
    2008-12-11 23:31:31 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
    2008-12-11 21:53:51 ----D---- C:\Program Files\CCleaner
    2008-11-29 11:23:21 ----D---- C:\Program Files\Trend Micro
    2008-11-29 11:18:04 ----D---- C:\Program Files\Windows Defender
    2008-11-29 11:10:57 ----D---- C:\Program Files\Panda Security
    2008-11-28 23:46:07 ----D---- C:\Documents and Settings\Christine\Application Data\Malwarebytes
    2008-11-28 23:46:00 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-11-28 23:45:59 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
    2008-11-28 19:21:51 ----D---- C:\Documents and Settings\Christine\Application Data\Google
    2008-11-28 16:39:15 ----D---- C:\Program Files\iPod
    2008-11-28 16:39:08 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    2008-11-28 16:38:01 ----D---- C:\Program Files\Bonjour
    2008-11-21 15:46:10 ----A---- C:\WINDOWS\system32\ssldivx.dll
    2008-11-21 15:46:10 ----A---- C:\WINDOWS\system32\libdivx.dll
    2008-11-13 17:10:50 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
    2008-11-13 17:10:43 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
    2008-11-13 17:10:30 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
    2008-10-25 22:32:58 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
    2008-10-16 20:05:50 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
    2008-10-16 20:05:44 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
    2008-10-16 20:05:38 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
    2008-10-16 20:05:05 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
    2008-10-16 20:04:52 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$

    ======List of files/folders modified in the last 3 months======

    2009-01-13 08:55:12 ----D---- C:\WINDOWS\Prefetch
    2009-01-13 07:58:32 ----D---- C:\WINDOWS\Temp
    2009-01-12 23:56:27 ----D---- C:\Program Files\Mozilla Firefox
    2009-01-12 23:56:10 ----SD---- C:\WINDOWS\Tasks
    2009-01-12 23:53:10 ----D---- C:\Documents and Settings\Christine\Application Data\WTablet
    2009-01-12 23:53:08 ----D---- C:\WINDOWS
    2009-01-12 23:51:14 ----D---- C:\WINDOWS\system32\CatRoot2
    2009-01-12 23:51:14 ----A---- C:\WINDOWS\SchedLgU.Txt
    2009-01-12 23:50:52 ----D---- C:\WINDOWS\system32
    2009-01-12 22:39:39 ----SHD---- C:\WINDOWS\Installer
    2009-01-12 22:39:39 ----SHD---- C:\Config.Msi
    2009-01-12 22:39:38 ----SD---- C:\Documents and Settings\Christine\Application Data\Microsoft
    2009-01-12 22:39:36 ----RD---- C:\Program Files
    2009-01-12 22:38:28 ----D---- C:\Program Files\Common Files
    2008-12-30 17:49:19 ----D---- C:\Documents and Settings\Christine\Application Data\Mozilla
    2008-12-29 19:05:21 ----RSD---- C:\WINDOWS\Fonts
    2008-12-27 01:07:36 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
    2008-12-20 23:01:02 ----D---- C:\WINDOWS\system32\drivers
    2008-12-17 21:14:14 ----HD---- C:\WINDOWS\inf
    2008-12-17 21:14:07 ----RSHDC---- C:\WINDOWS\system32\dllcache
    2008-12-17 21:14:05 ----D---- C:\WINDOWS\ie7updates
    2008-12-17 21:13:22 ----HD---- C:\WINDOWS\$hf_mig$
    2008-12-13 00:40:02 ----A---- C:\WINDOWS\system32\mshtml.dll
    2008-12-12 19:34:12 ----SD---- C:\WINDOWS\Downloaded Program Files
    2008-12-12 18:44:52 ----D---- C:\Program Files\DivX
    2008-12-12 17:11:01 ----D---- C:\Program Files\Java
    2008-12-11 23:34:09 ----D---- C:\Program Files\Internet Explorer
    2008-12-11 23:04:45 ----D---- C:\WINDOWS\system
    2008-12-11 23:04:32 ----D---- C:\Documents and Settings\All Users\Application Data\avg7
    2008-12-11 23:04:19 ----D---- C:\Documents and Settings\Christine\Application Data\AVG7
    2008-12-11 21:55:47 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-12-11 21:55:03 ----D---- C:\WINDOWS\Debug
    2008-12-09 17:24:37 ----A---- C:\WINDOWS\system32\MRT.exe
    2008-12-02 22:02:17 ----RHD---- C:\$VAULT$.AVG
    2008-11-29 11:18:04 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
    2008-11-29 10:58:20 ----D---- C:\Program Files\Spybot - Search & Destroy
    2008-11-28 19:18:47 ----A---- C:\WINDOWS\system32\winlogon.exe
    2008-11-28 19:18:47 ----A---- C:\WINDOWS\system32\termsrv.dll
    2008-11-28 19:14:14 ----D---- C:\Program Files\Apple Software Update
    2008-11-28 16:39:47 ----DC---- C:\WINDOWS\system32\DRVSTORE
    2008-11-28 16:39:45 ----D---- C:\Program Files\iTunes
    2008-11-28 16:39:11 ----D---- C:\Program Files\Common Files\Apple
    2008-11-28 16:37:29 ----D---- C:\Program Files\QuickTime
    2008-11-28 16:19:25 ----D---- C:\WINDOWS\Help
    2008-11-26 11:21:30 ----A---- C:\WINDOWS\system32\aswBoot.exe
    2008-10-23 06:36:14 ----A---- C:\WINDOWS\system32\gdi32.dll
    2008-10-23 04:06:59 ----N---- C:\WINDOWS\system32\tzchange.exe
    2008-10-20 15:13:14 ----D---- C:\WINDOWS\system32\CatRoot
    2008-10-16 14:38:40 ----A---- C:\WINDOWS\system32\wininet.dll
    2008-10-16 14:38:39 ----N---- C:\WINDOWS\system32\occache.dll
    2008-10-16 14:38:39 ----N---- C:\WINDOWS\system32\mstime.dll
    2008-10-16 14:38:39 ----A---- C:\WINDOWS\system32\webcheck.dll
    2008-10-16 14:38:39 ----A---- C:\WINDOWS\system32\urlmon.dll
    2008-10-16 14:38:39 ----A---- C:\WINDOWS\system32\url.dll
    2008-10-16 14:38:39 ----A---- C:\WINDOWS\system32\pngfilt.dll
    2008-10-16 14:38:38 ----N---- C:\WINDOWS\system32\msrating.dll
    2008-10-16 14:38:38 ----A---- C:\WINDOWS\system32\mshtmled.dll
    2008-10-16 14:38:37 ----N---- C:\WINDOWS\system32\jsproxy.dll
    2008-10-16 14:38:37 ----N---- C:\WINDOWS\system32\iernonce.dll
    2008-10-16 14:38:37 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
    2008-10-16 14:38:37 ----A---- C:\WINDOWS\system32\msfeeds.dll
    2008-10-16 14:38:37 ----A---- C:\WINDOWS\system32\iertutil.dll
    2008-10-16 14:38:37 ----A---- C:\WINDOWS\system32\ieframe.dll
    2008-10-16 14:38:35 ----N---- C:\WINDOWS\system32\iedkcs32.dll
    2008-10-16 14:38:35 ----N---- C:\WINDOWS\system32\ieaksie.dll
    2008-10-16 14:38:35 ----N---- C:\WINDOWS\system32\ieakeng.dll
    2008-10-16 14:38:35 ----N---- C:\WINDOWS\system32\extmgr.dll
    2008-10-16 14:38:35 ----A---- C:\WINDOWS\system32\ieapfltr.dll
    2008-10-16 14:38:35 ----A---- C:\WINDOWS\system32\icardie.dll
    2008-10-16 14:38:34 ----A---- C:\WINDOWS\system32\dxtrans.dll
    2008-10-16 14:38:34 ----A---- C:\WINDOWS\system32\dxtmsft.dll
    2008-10-16 14:38:34 ----A---- C:\WINDOWS\system32\advpack.dll
    2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuweb.dll
    2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuaueng.dll
    2008-10-16 14:12:22 ----A---- C:\WINDOWS\system32\wucltui.dll
    2008-10-16 14:12:20 ----A---- C:\WINDOWS\system32\wuapi.dll
    2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wups2.dll
    2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wuauclt.exe
    2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\cdm.dll
    2008-10-16 14:09:40 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
    2008-10-16 14:08:58 ----A---- C:\WINDOWS\system32\wups.dll
    2008-10-16 14:07:44 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
    2008-10-16 14:07:14 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
    2008-10-16 07:11:09 ----N---- C:\WINDOWS\system32\ie4uinit.exe
    2008-10-16 07:11:09 ----A---- C:\WINDOWS\system32\ieudinit.exe
    2008-10-15 10:34:24 ----A---- C:\WINDOWS\system32\netapi32.dll
    2008-10-15 01:04:53 ----N---- C:\WINDOWS\system32\ieakui.dll

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-11-26 26944]
    R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-11-26 111184]
    R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-11-26 50864]
    R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-11-18 5660]
    R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-11-18 22684]
    R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
    R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
    R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
    R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
    R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-11-26 20560]
    R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-11-26 94032]
    R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-11-07 25628]
    R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-11-07 2496]
    R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-11-07 86652]
    R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-11-07 14684]
    R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-11-07 6364]
    R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-11-07 87036]
    R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-11-07 94332]
    R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-08-12 40544]
    R2 PfModNT;PfModNT; \??\C:\WINDOWS\system32\drivers\PfModNT.sys []
    R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-11-26 23152]
    R3 BCMModem;BCM V.92 56K Modem; C:\WINDOWS\system32\DRIVERS\BCMSM.sys [2003-08-29 1101696]
    R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2007-03-14 165760]
    R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
    R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
    R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
    R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-04-19 3988384]
    R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
    R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-09-17 732928]
    R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-01-27 260352]
    R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
    R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
    R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
    R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
    R3 wacommousefilter;Wacom Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [2007-02-16 11312]
    R3 wacomvhid;Wacom Virtual Hid Driver; C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2007-02-16 12848]
    R3 WacomVKHid;Virtual Keyboard Driver; C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys [2007-02-15 11440]
    S1 mferkdk;VSCore mferkdk; \??\C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys []
    S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2008-12-20 85969]
    S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
    S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
    S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
    S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
    S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
    R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-11-26 18752]
    R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-11-26 155160]
    R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
    R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-12 152984]
    R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2003-08-29 307200]
    R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-04-19 159810]
    R2 ProtexisLicensing;ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [2006-11-02 174656]
    R2 TabletServiceWacom;TabletServiceWacom; C:\WINDOWS\system32\Wacom_Tablet.exe [2007-09-07 1373480]
    R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
    R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-11-26 254040]
    R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-11-26 352920]
    R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
    S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-12-02 72704]
    S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
    S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
    S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

    -----------------EOF-----------------

7b.RSIT Info
    info.txt logfile of random's system information tool 1.04 2009-01-13 08:55:43

    ======Uninstall list======

    -->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
    -->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
    -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    7-Zip 4.56 beta-->"C:\Program Files\7-Zip\Uninstall.exe"
    Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
    Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
    Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
    Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
    Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
    Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
    Adobe Illustrator CS2-->msiexec /I {B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}
    Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
    Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
    Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
    Adobe SVG Viewer 3.0-->C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
    AIM 6-->C:\Program Files\AIM6\uninst.exe
    Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
    Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
    avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
    BCM V.92 56K Modem-->C:\WINDOWS\BCMSMU.exe quiet
    Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
    CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
    Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
    Corel Painter X-->C:\Program Files\Corel\Corel Painter X\MSILauncher {91CABF8F-A81C-4CB0-A1B0-D55B25F1B150} C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\PainterX.log
    Corel Painter X-->MsiExec.exe /I{91CABF8F-A81C-4CB0-A1B0-D55B25F1B150}
    CuteFTP 8 Home-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{949DBB22-2FB7-4DE1-804C-23D495A988D8}\Setup.exe" -l0x9
    DELETER COMICWORKS-->MsiExec.exe /I{85CFC80F-B410-42E7-855F-F2AE1DF64315}
    DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
    DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
    ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
    ESET Online Scanner-->C:\WINDOWS\system32\OnlineScannerUninstaller.exe
    EVGA Display Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BEF3EFE7-5159-436D-9BF0-CCC633179EB4}\Setup.exe" -l0x9 -removeonly
    HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
    Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
    Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
    Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
    Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
    Intel(R) PRO Network Connections 12.3.31.0-->MsiExec.exe /i{DDD0A758-F44C-47D3-8E88-692FFF775127} ARPREMOVE=1
    iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
    Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
    jZip-->C:\PROGRA~1\jZip\UNWISE.EXE /U C:\PROGRA~1\jZip\INSTALL.LOG
    Lexmark Z700-P700 Series-->C:\WINDOWS\system32\spool\drivers\w32x86\3\LXBLUN5C.EXE -dLexmark Z700-P700 Series
    Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
    Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
    Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
    Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
    Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
    Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
    MobileMe Control Panel-->MsiExec.exe /I{924EB80F-C2BB-4B9F-8412-88BBA937393F}
    Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    Panda ActiveScan 2.0-->C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
    QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
    Roxio DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
    Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
    Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
    Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
    Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
    Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
    SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\SETUP.exe" -l0x9 -removeonly
    Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
    SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
    Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
    Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
    Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
    Wacom Tablet-->C:\Program Files\Tablet\Wacom\Remove.exe /u
    Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
    Windows Driver Package - Hewlett-Packard Image (12/27/2006 8.0.0.0)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst32.exe /u C:\WINDOWS\system32\DRVSTORE\hpxp4370_EE583B2413E4C828DFD7901D646C3D9BF7599402\hpxp4370.inf
    Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
    Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
    Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
    Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
    Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

    ======Hosts File======

    127.0.0.1 007guard.com
    127.0.0.1 http://www.007guard.com
    127.0.0.1 008i.com
    127.0.0.1 008k.com
    127.0.0.1 http://www.008k.com
    127.0.0.1 00hq.com
    127.0.0.1 http://www.00hq.com
    127.0.0.1 010402.com
    127.0.0.1 032439.com
    127.0.0.1 http://www.032439.com

    ======Security center information======

    AV: avast! antivirus 4.8.1296 [VPS 090113-0]

    ======Environment variables======

    "ComSpec"=%SystemRoot%\system32\cmd.exe
    "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Intel\DMIX;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\jZip
    "windir"=%SystemRoot%
    "FP_NO_HOST_CHECK"=NO
    "OS"=Windows_NT
    "PROCESSOR_ARCHITECTURE"=x86
    "PROCESSOR_LEVEL"=15
    "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 7, GenuineIntel
    "PROCESSOR_REVISION"=0207
    "NUMBER_OF_PROCESSORS"=1
    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    "TEMP"=%SystemRoot%\TEMP
    "TMP"=%SystemRoot%\TEMP
    "CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
    "QTJAVA"=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip

    -----------------EOF-----------------

Edit: A quick update on computer status--I've never had anything happen when I play my mp3's--given, I never play them often. Something interesting I've noticed--when I opened firefox a popup titled "Contextual Tools Adsite" came up with some advertisement about home insurance. Also, it seems that this new search engine titled "yoog" has manifested itself in both firefox and internet explorer.


Thank you for your patience and time in this. I really appreciate it.
wuchris
Regular Member
 
Posts: 26
Joined: November 29th, 2008, 1:31 pm

Re: Firefox Crashing and "Perfect Defender 2009 Popup"

Unread postby Sharagoz » January 14th, 2009, 5:19 am

Thanks for hanging in there without complaining!
It doesnt usually take this much effort to clean a system, but you got a tricky infection here.

1) Upload files to VirusTotal
  • Go to virustotal.com
  • Click Browse and copy the filepath from the codebox below into the File name box and click Open
    Code: Select all
    C:\WINDOWS\system32\termsrv.dll
  • Click the Send file button to start the scan
  • When the status changes to finished, click the Compact link
  • Copy everything from the windows that pops up into your next reply
  • Repeat the process for this file as well:
    Code: Select all
    C:\WINDOWS\system32\winlogon.exe

Disable Avast before the next step

2) Download and Run ComboFix
  • Download ComboFix from here and save it to your desktop
  • Press the windows key and the R key at the same time to open the Run dialog box
  • Copy the command from the code box below into the Run box and press Enter to execute it.
    Code: Select all
    "%userprofile%\Desktop\ComboFix.exe" /SkipFix
  • This will lauch ComboFix
  • If you are prompted about installing the recovery consolle answer Yes
  • When ComboFix has finished scanning, a log will open
  • Include this log in your next reply

Enable Avast again

3) Get new RSIT log
  • Delete this folder: C:\rsit
  • Double click on RSIT.exe (on your desktop) to run RSIT
  • Click Continue at the disclaimer screen to start the scanner
  • Once it has finished, two logs will open:
    • log.txt will be opened maximized
    • info.txt will be opened minimized
  • Post the contents of both log.txt and info.txt in your next reply

Logs I need:
Two logs from VirusTotal
ComboFix log
Two RSIT logs
User avatar
Sharagoz
Retired Graduate
 
Posts: 985
Joined: February 22nd, 2008, 4:31 pm
Location: Norway

Re: Firefox Crashing and "Perfect Defender 2009 Popup"

Unread postby wuchris » January 14th, 2009, 6:48 pm

Really, thank you. I would NEVER have known I had anything like this on my computer, I'm so blissfully oblivious.

1a.termsrv.dll scan
    File termsrv.dll received on 01.14.2009 20:26:47 (CET)
    Antivirus Version Last Update Result
    a-squared 4.0.0.73 2009.01.14 -
    AhnLab-V3 2009.1.15.0 2009.01.14 -
    AntiVir 7.9.0.54 2009.01.14 -
    Authentium 5.1.0.4 2009.01.14 -
    Avast 4.8.1281.0 2009.01.14 -
    AVG 8.0.0.229 2009.01.14 -
    BitDefender 7.2 2009.01.14 -
    CAT-QuickHeal 10.00 2009.01.14 -
    ClamAV 0.94.1 2009.01.14 -
    Comodo 931 2009.01.14 -
    DrWeb 4.44.0.09170 2009.01.14 -
    eSafe 7.0.17.0 2009.01.14 -
    eTrust-Vet 31.6.6306 2009.01.13 -
    F-Prot 4.4.4.56 2009.01.14 -
    Fortinet 3.117.0.0 2009.01.14 -
    GData 19 2009.01.14 -
    Ikarus T3.1.1.45.0 2009.01.14 -
    K7AntiVirus 7.10.584 2009.01.09 -
    Kaspersky 7.0.0.125 2009.01.14 -
    McAfee 5495 2009.01.14 -
    McAfee+Artemis 5495 2009.01.14 -
    Microsoft 1.4205 2009.01.14 -
    NOD32 3766 2009.01.14 -
    Norman 5.93.01 2009.01.13 -
    nProtect 2009.1.8.0 2009.01.14 -
    Panda 9.5.1.2 2009.01.14 -
    PCTools 4.4.2.0 2009.01.14 -
    Rising 21.12.22.00 2009.01.14 -
    SecureWeb-Gateway 6.7.6 2009.01.14 -
    Sophos 4.37.0 2009.01.14 -
    Sunbelt 3.2.1831.2 2009.01.09 -
    TheHacker 6.3.1.4.219 2009.01.14 -
    TrendMicro 8.700.0.1004 2009.01.14 -
    VBA32 3.12.8.10 2009.01.13 -
    ViRobot 2009.1.14.1559 2009.01.14 -
    VirusBuster 4.5.11.0 2009.01.14 -
    Additional information
    File size: 295424 bytes
    MD5...: 63999d0abd8dabfd76a9c07f6e104868
    SHA1..: 509689ba3edd2cfad361773708b72dc35f1c77b8
    SHA256: 5f6f0507b9ec1e8843363ea312475e9e6dd129e03ecb5308db285cd15fdfd482
    SHA512: 2b13e8fecc4970fc2a812ff8f71e56cc3398aba89b97b99c865181de1e92ea34<br>96aeb602f4bda58cf35f01a09f49059334f63ea6aae02b4861b42375ebf408bb<br>
    ssdeep: 6144:BRp6fWMV1Adl7LQup17zettU8kY0c0XwJs/nE0fiLitmNGAM:BPvMV1/ixe<br>ttmXwu/nHtc8<br>
    PEiD..: -
    TrID..: File type identification<br>Win64 Executable Generic (80.9%)<br>Win32 Executable Generic (8.0%)<br>Win32 Dynamic Link Library (generic) (7.1%)<br>Generic Win/DOS Executable (1.8%)<br>DOS Executable Generic (1.8%)
    PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x761119fd<br>timedatestamp.....: 0x4802a11c (Mon Apr 14 00:11:08 2008)<br>machinetype.......: 0x14c (I386)<br><br>( 4 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x3f7ca 0x3f800 6.62 d12183a6fa34bf7974abe33c87bdee41<br>.data 0x41000 0x9838 0x1200 5.40 2c69a08d65ee8234c239668dd7d86937<br>.rsrc 0x4b000 0x3e50 0x4000 3.25 07385c44d1453e3272809960a81ac436<br>.reloc 0x4f000 0x32ee 0x3400 6.19 c59c84e9cda7289330e30d991fa19248<br><br>( 17 imports ) <br>&gt; msvcrt.dll: wcscpy, wcscmp, _except_handler3, _wcsnicmp, wcscat, swscanf, wcsncpy, wcslen, wcsncat, swprintf, wcsrchr, memmove, _snwprintf, wcschr, sprintf, qsort, strncpy, gmtime, time, mktime, _mbslen, mbstowcs, __3@YAXPAX@Z, __2@YAPAXI@Z, free, _initterm, malloc, _adjust_fdiv, _ftol, _snprintf, strncmp, iswdigit, _wcsupr, wcstok, _wtol, _stricmp, __CxxFrameHandler, _purecall, _wcsicmp<br>&gt; ntdll.dll: NtOpenProcessToken, NtQueryInformationToken, RtlLengthSid, RtlCopySid, NtAllocateVirtualMemory, NtFreeVirtualMemory, RtlAcquireResourceShared, NtDelayExecution, DbgBreakPoint, RtlPrefixUnicodeString, NtResetEvent, NtWaitForMultipleObjects, RtlInitializeGenericTable, RtlDeleteCriticalSection, NtOpenProcess, NtQueryVirtualMemory, RtlLookupElementGenericTable, RtlCompareMemory, RtlInsertElementGenericTable, RtlDeleteElementGenericTable, RtlInitializeResource, NtCreateEvent, NtDuplicateObject, NtQuerySystemTime, RtlEqualSid, RtlAdjustPrivilege, RtlInitializeCriticalSection, NtTerminateProcess, RtlLengthRequiredSid, NtReleaseMutant, NtWaitForSingleObject, NtCreateMutant, NtQueryInformationProcess, NtDuplicateToken, NtSetInformationThread, RtlpNtEnumerateSubKey, NtRequestPort, NtConnectPort, NtSetEvent, RtlEnterCriticalSection, RtlAllocateHeap, NtOpenThreadToken, NtReplyPort, NtCompleteConnectPort, NtAcceptConnectPort, NtCreateSection, NtReplyWaitReceivePort, RtlFreeUnicodeString, NtCreatePort, RtlAnsiStringToUnicodeString, RtlInitAnsiString, RtlQueryRegistryValues, NtDeviceIoControlFile, RtlExtendedLargeIntegerDivide, RtlConvertExclusiveToShared, RtlConvertSharedToExclusive, RtlDeleteResource, NtRequestWaitReplyPort, RtlFreeHeap, RtlLeaveCriticalSection, RtlAcquireResourceExclusive, RtlReleaseResource, RtlInitUnicodeString, NtOpenKey, NtQueryValueKey, NtClose, VerSetConditionMask, RtlCreateEnvironment, RtlSetProcessIsCritical, DbgPrint, NtQuerySystemInformation, NtSetTimer, NtCreateTimer, RtlCopySecurityDescriptor, RtlNtStatusToDosError, RtlDeleteAce, RtlGetAce, RtlQueryInformationAcl, RtlGetDaclSecurityDescriptor, RtlMapGenericMask, RtlSubAuthoritySid, RtlInitializeSid, RtlCreateUserSecurityObject, RtlSetDaclSecurityDescriptor, RtlAddAccessAllowedAce, RtlCreateAcl, RtlCreateSecurityDescriptor, RtlWriteRegistryValue, RtlCreateRegistryKey, RtlLengthSecurityDescriptor, RtlSetGroupSecurityDescriptor, RtlGetGroupSecurityDescriptor, RtlGetOwnerSecurityDescriptor, NtSetSecurityObject, NtQuerySecurityObject, NtOpenSymbolicLinkObject, NtQueryDirectoryObject, NtCreateDirectoryObject, RtlFreeSid, RtlAllocateAndInitializeSid, RtlIntegerToUnicodeString, RtlAppendUnicodeToString, NtQueryMutant<br>&gt; ICAAPI.dll: IcaOpen, IcaStackCallback, IcaStackConnectionWait, IcaStackConnectionRequest, IcaStackConnectionAccept, _IcaStackIoControl, IcaStackUnlock, IcaStackReconnect, IcaStackTerminate, IcaChannelClose, IcaStackIoControl, IcaPushConsoleStack, IcaChannelOpen, IcaChannelIoControl, IcaStackConnectionClose, IcaStackClose, IcaClose, IcaIoControl, IcaStackOpen, IcaStackDisconnect<br>&gt; SHELL32.dll: SHGetFolderPathA<br>&gt; SETUPAPI.dll: SetupDiGetDeviceRegistryPropertyA, SetupDiGetClassDevsA, SetupDiEnumDeviceInfo, SetupDiDestroyDeviceInfoList<br>&gt; SHLWAPI.dll: PathAppendA<br>&gt; WINTRUST.dll: CryptCATAdminCalcHashFromFileHandle, CryptCATAdminEnumCatalogFromHash, CryptCATCatalogInfoFromContext, CryptCATAdminReleaseCatalogContext, CryptCATAdminReleaseContext, WTHelperProvDataFromStateData, WTHelperGetProvSignerFromChain, CryptCATAdminAcquireContext, WinVerifyTrust<br>&gt; RPCRT4.dll: RpcServerInqDefaultPrincNameW, RpcServerRegisterAuthInfoW, RpcServerRegisterIfEx, RpcBindingToStringBindingW, RpcServerListen, RpcImpersonateClient, I_RpcBindingIsClientLocal, RpcRevertToSelf, RpcServerUseProtseqEpW, I_RpcBindingInqLocalClientPID, RpcStringFreeW, RpcRaiseException, RpcSsContextLockExclusive, NdrServerCall2, RpcServerRegisterIf, RpcStringBindingParseW<br>&gt; KERNEL32.dll: GetLocalTime, GetDiskFreeSpaceA, GetDateFormatW, FileTimeToSystemTime, InitializeCriticalSection, GetVersion, CreateMutexW, GetModuleHandleA, InterlockedExchange, OutputDebugStringA, GetProcessAffinityMask, SetThreadAffinityMask, ResumeThread, GetExitCodeThread, GetSystemInfo, GetLogicalDriveStringsA, GetDriveTypeA, GetVolumeInformationW, GetVolumeInformationA, GlobalMemoryStatus, lstrlenA, lstrcpyA, GetFileSize, WriteFile, SetFilePointer, ReadFile, CreateFileA, HeapAlloc, HeapFree, CompareFileTime, CreateWaitableTimerW, SetWaitableTimer, FormatMessageW, LeaveCriticalSection, GetSystemDefaultLCID, SystemTimeToFileTime, LoadLibraryExA, GetVersionExA, SetUnhandledExceptionFilter, UnhandledExceptionFilter, TerminateProcess, GetCurrentThreadId, QueryPerformanceCounter, LoadLibraryA, InterlockedCompareExchange, DelayLoadFailureHook, lstrcpynW, GetACP, MultiByteToWideChar, SetLastError, lstrlenW, LocalFree, LocalAlloc, GetProcessHeap, DisableThreadLibraryCalls, DebugBreak, Sleep, CloseHandle, CreateProcessW, GetCurrentProcessId, IsDebuggerPresent, GetVersionExW, ResetEvent, SetEvent, VerifyVersionInfoW, CreateEventW, GetLastError, ReleaseMutex, UnmapViewOfFile, MapViewOfFile, OpenFileMappingW, WaitForMultipleObjects, OpenEventW, OpenMutexW, InterlockedDecrement, CreateThread, CreateFileW, GetSystemDirectoryW, GetSystemTime, GetComputerNameA, GetSystemTimeAsFileTime, UnregisterWait, WaitForSingleObject, InterlockedIncrement, lstrcpyW, ExitThread, QueryDosDeviceW, ProcessIdToSessionId, IsBadReadPtr, IsBadWritePtr, OpenProcess, GetComputerNameW, FreeLibrary, GetProcAddress, LoadLibraryW, GetProfileStringW, GetTickCount, RegisterWaitForSingleObject, lstrcatW, lstrcmpiW, GetProfileIntW, GetWindowsDirectoryW, SetThreadPriority, GetCurrentThread, LocalSize, GetCurrentProcess, PulseEvent, GetComputerNameExW, WideCharToMultiByte, InitializeCriticalSectionAndSpinCount, EnterCriticalSection, DeleteCriticalSection<br>&gt; USER32.dll: GetCursorPos, wvsprintfA, BroadcastSystemMessageA, wsprintfA, GetSystemMetrics, wsprintfW, ExitWindowsEx, LoadStringW, MessageBeep, GetMessageTime<br>&gt; Secur32.dll: GetUserNameExW<br>&gt; WS2_32.dll: -, -, -, getaddrinfo, -, -<br>&gt; ADVAPI32.dll: GetSidSubAuthorityCount, GetSidSubAuthority, AccessCheckAndAuditAlarmW, AllocateAndInitializeSid, SetEntriesInAclW, InitializeSecurityDescriptor, SetSecurityDescriptorDacl, RegEnumKeyW, DeregisterEventSource, CryptAcquireContextW, CryptCreateHash, CryptImportKey, CryptVerifySignatureW, CryptDestroyKey, CryptDestroyHash, CryptReleaseContext, AddAce, GetAce, GetAclInformation, GetUserNameA, CryptHashData, RegisterServiceCtrlHandlerW, GetSidIdentifierAuthority, IsValidSid, GetTokenInformation, EqualSid, LookupAccountSidW, RegSetValueExW, CryptGenRandom, RegisterEventSourceW, ReportEventW, SetServiceBits, RegOpenKeyW, GetUserNameW, SetServiceStatus, RegOpenKeyExW, GetSecurityDescriptorDacl, LsaDelete, LsaSetSecret, LsaClose, LsaOpenSecret, LsaCreateSecret, LsaOpenPolicy, LsaFreeMemory, LsaQuerySecret, GetEventLogInformation, LsaQueryInformationPolicy, RegQueryValueExW, RegCloseKey, LogonUserW, AddAccessAllowedAce, InitializeAcl, GetLengthSid, OpenThreadToken, CheckTokenMembership, MakeSelfRelativeSD, MakeAbsoluteSD, IsValidSecurityDescriptor, ElfReportEventW, ElfRegisterEventSourceW, I_ScSendTSMessage, RegNotifyChangeKeyValue, RegCreateKeyExW, RegQueryValueExA, RegOpenKeyExA, GetCurrentHwProfileA, RegEnumKeyExA, RegEnumKeyExW, LsaStorePrivateData, LsaNtStatusToWinError, LsaRetrievePrivateData, RegDeleteValueW, OpenProcessToken<br>&gt; CRYPT32.dll: CertCloseStore, CertCreateCertificateContext, CertOpenStore, CertDuplicateCertificateContext, CertFreeCertificateContext, CertGetIssuerCertificateFromStore, CertVerifySubjectCertificateContext, CryptExportPublicKeyInfo, CertEnumCertificatesInStore, CertFindExtension, CertVerifyCertificateChainPolicy, CertComparePublicKeyInfo, CryptDecodeObject, CryptVerifyCertificateSignature, CryptBinaryToStringW<br>&gt; OLEAUT32.dll: -, -, -, -, -, -, -, -, -, -<br>&gt; AUTHZ.dll: AuthzFreeResourceManager, AuthziAllocateAuditParams, AuthziInitializeAuditParamsWithRM, AuthziInitializeAuditEvent, AuthziLogAuditEvent, AuthzFreeAuditEvent, AuthziFreeAuditParams, AuthzInitializeResourceManager, AuthziInitializeAuditEventType, AuthziFreeAuditEventType<br>&gt; mstlsapi.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -<br><br>( 1 exports ) <br>ServiceMain<br>
    CWSandbox info: &lt;a href='http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=63999d0abd8dabfd76a9c07f6e104868' target='_blank'&gt;http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=63999d0abd8dabfd76a9c07f6e104868&lt;/a&gt;

1b.winlogon.exe scan
    File winlogon.exe received on 01.14.2009 20:34:58 (CET)
    Antivirus Version Last Update Result
    a-squared 4.0.0.73 2009.01.14 -
    AhnLab-V3 2009.1.15.0 2009.01.14 -
    AntiVir 7.9.0.54 2009.01.14 -
    Authentium 5.1.0.4 2009.01.14 -
    Avast 4.8.1281.0 2009.01.14 -
    AVG 8.0.0.229 2009.01.14 -
    BitDefender 7.2 2009.01.14 -
    CAT-QuickHeal 10.00 2009.01.14 -
    ClamAV 0.94.1 2009.01.14 -
    Comodo 931 2009.01.14 -
    DrWeb 4.44.0.09170 2009.01.14 -
    eSafe 7.0.17.0 2009.01.14 -
    eTrust-Vet 31.6.6307 2009.01.14 -
    F-Prot 4.4.4.56 2009.01.14 -
    F-Secure 8.0.14470.0 2009.01.14 -
    Fortinet 3.117.0.0 2009.01.14 -
    GData 19 2009.01.14 -
    Ikarus T3.1.1.45.0 2009.01.14 -
    K7AntiVirus 7.10.584 2009.01.09 -
    Kaspersky 7.0.0.125 2009.01.14 -
    McAfee 5495 2009.01.14 -
    McAfee+Artemis 5495 2009.01.14 -
    Microsoft 1.4205 2009.01.14 -
    NOD32 3766 2009.01.14 -
    Norman 5.93.01 2009.01.13 -
    nProtect 2009.1.8.0 2009.01.14 -
    Panda 9.5.1.2 2009.01.14 -
    PCTools 4.4.2.0 2009.01.14 -
    Prevx1 V2 2009.01.14 -
    Rising 21.12.22.00 2009.01.14 -
    SecureWeb-Gateway 6.7.6 2009.01.14 -
    Sophos 4.37.0 2009.01.14 -
    Sunbelt 3.2.1831.2 2009.01.09 -
    Symantec 10 2009.01.14 -
    TheHacker 6.3.1.4.219 2009.01.14 -
    TrendMicro 8.700.0.1004 2009.01.14 -
    VBA32 3.12.8.10 2009.01.13 -
    ViRobot 2009.1.14.1559 2009.01.14 -
    VirusBuster 4.5.11.0 2009.01.14 -
    Additional information
    File size: 507904 bytes
    MD5...: 3969440ba384d35317dbbdeeaae641ce
    SHA1..: c87bb53e5dd5258e80df74ebd4f68aef193ea5af
    SHA256: 80ec02f1c71f5249c0976b4ea96d9622899fca5591d47d87d4edc1897387c8f7
    SHA512: 83830b5ed4f8bbed97065c892b98a98ac05cdd966f487c4c7faa3a19ef6ea857<br>c3935d1808d63cfd126c89e3295bade122afee5a3e14259da9ff437ab6249ccf<br>
    ssdeep: 6144:kNZlxEdL5RvGlcHJ37newMLao6nMnKHOD13XRnCfOVSePfLtisgZYl:jdz+<br>lc3Kao6nSKHsRqOMgxZg<br>
    PEiD..: -
    TrID..: File type identification<br>Win64 Executable Generic (80.9%)<br>Win32 Executable Generic (8.0%)<br>Win32 Dynamic Link Library (generic) (7.1%)<br>Generic Win/DOS Executable (1.8%)<br>DOS Executable Generic (1.8%)
    PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x103e5e1<br>timedatestamp.....: 0x48027549 (Sun Apr 13 21:04:09 2008)<br>machinetype.......: 0x14c (I386)<br><br>( 3 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x70991 0x70a00 6.82 8b92c0dadae385ba7a05299c9a7cafbf<br>.data 0x72000 0x4e70 0x2000 6.28 44bd27282514b5e3a27b570106930d8d<br>.rsrc 0x77000 0x9020 0x9200 3.62 8b50f3590d97bb27639f10bacbc53187<br><br>( 20 imports ) <br>&gt; ADVAPI32.dll: ConvertStringSecurityDescriptorToSecurityDescriptorA, A_SHAInit, A_SHAUpdate, A_SHAFinal, LsaStorePrivateData, LsaRetrievePrivateData, LsaNtStatusToWinError, CryptGetUserKey, CryptGetKeyParam, CryptEncrypt, CryptSetProvParam, CryptSignHashW, CryptDeriveKey, CryptGetProvParam, RegOpenCurrentUser, RegDeleteKeyW, AddAccessAllowedAceEx, RegSetKeySecurity, I_ScSendTSMessage, MD5Init, MD5Update, MD5Final, SetFileSecurityA, AllocateLocallyUniqueId, LsaOpenPolicy, LsaQueryInformationPolicy, LsaFreeMemory, LsaClose, RegNotifyChangeKeyValue, QueryServiceConfigW, SetKernelObjectSecurity, ConvertStringSecurityDescriptorToSecurityDescriptorW, RegEnumKeyExW, GetCurrentHwProfileW, RegCloseKey, RegQueryValueExW, RegOpenKeyW, FreeSid, SetSecurityDescriptorDacl, InitializeSecurityDescriptor, AddAccessAllowedAce, InitializeAcl, GetLengthSid, AllocateAndInitializeSid, RegOpenKeyExW, CreateProcessAsUserW, DuplicateTokenEx, CloseServiceHandle, ControlService, StartServiceW, QueryServiceStatus, OpenServiceW, OpenSCManagerW, EqualSid, GetTokenInformation, RegSetValueExW, RegCreateKeyExW, CryptGenRandom, CryptDestroyHash, CryptVerifySignatureW, CryptSetHashParam, CryptGetHashParam, CryptHashData, CryptCreateHash, CryptDecrypt, ReportEventW, RegisterEventSourceW, CryptImportKey, CryptAcquireContextW, CryptReleaseContext, CryptDestroyKey, RegEnumValueW, RegQueryInfoKeyW, RegDeleteValueW, CredFree, CredDeleteW, CredEnumerateW, CopySid, GetSidLengthRequired, GetSidSubAuthority, GetSidSubAuthorityCount, GetUserNameW, OpenThreadToken, EnumServicesStatusW, ImpersonateLoggedOnUser, RegQueryValueExA, CheckTokenMembership, DeregisterEventSource, LsaGetUserName, RevertToSelf, LookupAccountSidW, IsValidSid, SetTokenInformation, LogonUserW, LookupAccountNameW, OpenProcessToken, SynchronizeWindows31FilesAndWindowsNTRegistry, QueryWindows31FilesMigration, AdjustTokenPrivileges, RegQueryInfoKeyA<br>&gt; AUTHZ.dll: AuthzInitializeResourceManager, AuthzAccessCheck, AuthziFreeAuditEventType, AuthziInitializeAuditEvent, AuthziInitializeAuditParams, AuthziInitializeAuditEventType, AuthziLogAuditEvent, AuthzFreeAuditEvent, AuthzFreeResourceManager, AuthzFreeHandle<br>&gt; CRYPT32.dll: CryptImportPublicKeyInfo, CryptVerifyMessageSignature, CertCreateCertificateContext, CertSetCertificateContextProperty, CertVerifyCertificateChainPolicy, CryptSignMessage, CertCloseStore, CertComparePublicKeyInfo, CryptExportPublicKeyInfo, CertFindExtension, CryptDecryptMessage, CertGetCertificateContextProperty, CertAddCertificateContextToStore, CertOpenStore, CertVerifySubjectCertificateContext, CertGetIssuerCertificateFromStore, CertDuplicateCertificateContext, CertFreeCertificateContext, CertEnumCertificatesInStore, CryptImportPublicKeyInfoEx<br>&gt; GDI32.dll: RemoveFontResourceW, AddFontResourceW<br>&gt; KERNEL32.dll: WTSGetActiveConsoleSessionId, GetTimeFormatW, GetUserDefaultLCID, FileTimeToSystemTime, FileTimeToLocalFileTime, GetProcAddress, LoadLibraryW, GetModuleHandleW, SystemTimeToFileTime, GetSystemTime, SetLastError, TerminateProcess, GetCurrentProcess, CreateTimerQueueTimer, CreateThread, lstrcpynW, GetShortPathNameW, GetProfileStringW, FreeLibrary, ReleaseSemaphore, CreateSemaphoreW, GetSystemInfo, GetComputerNameW, GetEnvironmentVariableW, WaitForSingleObjectEx, LoadResource, FindResourceW, SetThreadExecutionState, DeleteTimerQueueTimer, ResetEvent, GetSystemDirectoryW, TransactNamedPipe, SetNamedPipeHandleState, GetTickCount, CreateFileW, GlobalGetAtomNameW, VirtualLock, VirtualQuery, GetDriveTypeW, Beep, ExpandEnvironmentStringsW, OpenMutexW, QueueUserWorkItem, LeaveCriticalSection, EnterCriticalSection, DisconnectNamedPipe, SearchPathW, lstrcatW, LocalReAlloc, TerminateThread, ResumeThread, GetDiskFreeSpaceExW, GlobalMemoryStatusEx, DeleteFileW, WriteProfileStringW, ReadFile, FindVolumeClose, FindNextVolumeW, FindFirstVolumeW, FormatMessageW, SetPriorityClass, MoveFileExW, WaitForMultipleObjectsEx, GetExitCodeProcess, SleepEx, InterlockedExchange, FindClose, FindFirstFileW, GetWindowsDirectoryW, SetTimerQueueTimer, GetComputerNameA, GetVersionExW, VerSetConditionMask, WriteFile, WaitNamedPipeW, WaitForMultipleObjects, ConnectNamedPipe, GetVersionExA, DuplicateHandle, OpenProcess, GetOverlappedResult, lstrcmpW, SetEnvironmentVariableW, UnregisterWait, CreateNamedPipeW, CreateRemoteThread, CreateActCtxW, GetModuleFileNameW, ExitProcess, LoadLibraryExW, SetErrorMode, SetUnhandledExceptionFilter, GetPrivateProfileStringW, LocalSize, VirtualAlloc, VirtualQueryEx, DebugBreak, CreateFileA, InitializeCriticalSection, ProcessIdToSessionId, SetInformationJobObject, AssignProcessToJobObject, TerminateJobObject, PostQueuedCompletionStatus, PulseEvent, GetQueuedCompletionStatus, CreateIoCompletionPort, CreateJobObjectW, ActivateActCtx, DeactivateActCtx, InterlockedCompareExchange, LoadLibraryA, QueryPerformanceCounter, GetSystemTimeAsFileTime, UnhandledExceptionFilter, GetModuleHandleA, GetStartupInfoA, GetCurrentProcessId, SetThreadPriority, GetCurrentThreadId, lstrcmpiW, GetProfileIntW, LoadLibraryExA, lstrcpyW, lstrlenW, Sleep, LocalAlloc, CreateEventW, GetExitCodeThread, SetThreadAffinityMask, GetProcessAffinityMask, CreateWaitableTimerW, CreateMutexW, OpenEventW, RegisterWaitForSingleObject, WaitForSingleObject, CreateProcessW, SetWaitableTimer, ReleaseMutex, SetEvent, UnregisterWaitEx, CloseHandle, lstrlenA, lstrcpyA, MultiByteToWideChar, GetACP, WideCharToMultiByte, HeapAlloc, GetProcessHeap, HeapFree, lstrcpynA, UnmapViewOfFile, MapViewOfFile, CreateFileMappingW, lstrcmpiA, GetFileSize, SetFilePointer, GlobalAlloc, GlobalFree, GetLastError, LocalFree, lstrcatA, lstrcmpA, GetLogicalDriveStringsA, GetDriveTypeA, GetVolumeInformationW, GlobalMemoryStatus, CreateMutexA, FindResourceExW, LockResource, SizeofResource, VerifyVersionInfoW, GetSystemDirectoryA, GetCurrentThread, DelayLoadFailureHook, BaseInitAppcompatCacheSupport, OpenProfileUserMapping, CloseProfileUserMapping, BaseCleanupAppcompatCacheSupport, InitializeCriticalSectionAndSpinCount, VirtualProtect, CreateEventA, TlsSetValue, TlsGetValue, DeleteCriticalSection, TlsAlloc, VirtualFree, TlsFree<br>&gt; msvcrt.dll: wcslen, _vsnwprintf, wcsncpy, wcsstr, atoi, wcstok, memmove, wcschr, swprintf, swscanf, _local_unwind2, _wcslwr, wcscmp, _snwprintf, malloc, _c_exit, _exit, _XcptFilter, _cexit, exit, _acmdln, __getmainargs, _initterm, __setusermatherr, _adjust_fdiv, __p__commode, __p__fmode, __set_app_type, __3@YAXPAX@Z, __2@YAPAXI@Z, __CxxFrameHandler, _itow, _snprintf, _wtol, _strnicmp, sscanf, wcstombs, sprintf, strchr, strncmp, atof, _ftol, isspace, wcscpy, _controlfp, wcsncmp, _wcsupr, ceil, wcscat, _except_handler3, free, _wcsicmp<br>&gt; NDdeApi.dll: -, -, -, -<br>&gt; ntdll.dll: RtlSubAuthoritySid, RtlAllocateHeap, NtPowerInformation, NtSetSystemPowerState, NtRaiseHardError, RtlDeleteCriticalSection, NtOpenSymbolicLinkObject, NtReplyPort, NtCompleteConnectPort, NtReplyWaitReceivePort, NtAcceptConnectPort, NtCreatePort, RtlConvertSidToUnicodeString, RtlFreeUnicodeString, NtLockProductActivationKeys, RtlTimeToTimeFields, NtUnmapViewOfSection, NtMapViewOfSection, NtOpenSection, NtQuerySymbolicLinkObject, NtQueryVolumeInformationFile, NtSetSecurityObject, RtlAdjustPrivilege, NtOpenFile, NtFsControlFile, RtlAllocateAndInitializeSid, RtlDestroyEnvironment, RtlFreeHeap, NtQueryInformationToken, NtShutdownSystem, RtlEnterCriticalSection, RtlLeaveCriticalSection, RtlInitializeCriticalSection, RtlCreateEnvironment, RtlQueryEnvironmentVariable_U, RtlSetEnvironmentVariable, RtlInitUnicodeString, NtOpenKey, NtQueryValueKey, RtlInitializeSid, RtlLengthRequiredSid, NtAllocateLocallyUniqueId, RtlGetDaclSecurityDescriptor, RtlCopySid, RtlLengthSid, NtSetInformationThread, NtDuplicateToken, NtDuplicateObject, RtlEqualSid, RtlSetDaclSecurityDescriptor, RtlCreateSecurityDescriptor, NtClose, RtlOpenCurrentUser, RtlAddAce, RtlCreateAcl, RtlNtStatusToDosError, NtSetInformationProcess, NtQuerySystemInformation, NtCreateEvent, NtCreatePagingFile, RtlDosPathNameToNtPathName_U, RtlRegisterWait, NtSetValueKey, NtCreateKey, RtlTimeToSecondsSince1980, NtQuerySystemTime, NtPrivilegeObjectAuditAlarm, NtPrivilegeCheck, NtOpenThreadToken, NtOpenProcessToken, RtlInitString, RtlUnhandledExceptionFilter, NtQueryInformationProcess, DbgBreakPoint, RtlCheckProcessParameters, RtlSetThreadIsCritical, RtlSetProcessIsCritical, RtlGetNtProductType, NtInitiatePowerAction, DbgPrint, NtFilterToken, NtQueryInformationJobObject, NtOpenEvent, RtlGetAce, RtlQueryInformationAcl, NtQuerySecurityObject, RtlCompareUnicodeString, NtOpenDirectoryObject<br>&gt; PROFMAP.dll: InitializeProfileMappingApi, RemapAndMoveUserW<br>&gt; PSAPI.DLL: EnumProcesses, EnumProcessModules, GetModuleBaseNameW<br>&gt; REGAPI.dll: RegDefaultUserConfigQueryW, RegUserConfigQuery<br>&gt; RPCRT4.dll: RpcServerRegisterIfEx, RpcServerUseProtseqEpW, RpcImpersonateClient, I_RpcMapWin32Status, RpcServerRegisterIf, RpcGetAuthorizationContextForClient, RpcFreeAuthorizationContext, RpcServerListen, RpcRevertToSelf, NdrServerCall2, UuidCreate<br>&gt; Secur32.dll: LsaCallAuthenticationPackage, GetUserNameExW, LsaLookupAuthenticationPackage, LsaRegisterLogonProcess<br>&gt; SETUPAPI.dll: SetupDiDestroyDeviceInfoList, SetupDiEnumDeviceInfo, SetupDiGetClassDevsW, SetupDiGetDeviceRegistryPropertyW<br>&gt; USER32.dll: SetFocus, EnumWindows, CreateWindowStationW, RegisterLogonProcess, RecordShutdownReason, LoadLocalFonts, UnhookWindowsHook, SetWindowsHookW, GetWindowTextW, CallNextHookEx, DialogBoxParamW, GetWindowPlacement, GetSystemMenu, DeleteMenu, SetWindowPlacement, SetUserObjectInformationW, GetAsyncKeyState, PostThreadMessageW, SetUserObjectSecurity, CreateDesktopW, GetMessageTime, SetTimer, SetLogonNotifyWindow, UnlockWindowStation, ReplyMessage, UnregisterHotKey, RegisterHotKey, OpenInputDesktop, GetUserObjectInformationW, CloseDesktop, RegisterDeviceNotificationW, SetThreadDesktop, CreateWindowExW, GetMessageW, TranslateMessage, RegisterWindowMessageW, RegisterClassW, SetCursor, FindWindowW, MessageBoxW, SendNotifyMessageW, PostQuitMessage, MsgWaitForMultipleObjects, GetWindowRect, GetSystemMetrics, PeekMessageW, DispatchMessageW, KillTimer, SetProcessWindowStation, UpdateWindow, ShowWindow, SetWindowPos, PostMessageW, ExitWindowsEx, EnumDisplayMonitors, SystemParametersInfoW, GetDlgItem, SendMessageW, CreateDialogParamW, DestroyWindow, GetWindowLongW, GetDlgItemTextW, EndDialog, SetWindowLongW, LoadStringW, SetWindowTextW, SetDlgItemTextW, wsprintfW, wsprintfA, LockWindowStation, MBToWCSEx, SetWindowStationUser, UpdatePerUserSystemParameters, DialogBoxIndirectParamW, wvsprintfW, SetLastErrorEx, LoadCursorW, CheckDlgButton, IsDlgButtonChecked, DefWindowProcW, CloseWindowStation, LoadImageW, GetParent, GetKeyState, GetDesktopWindow, SetForegroundWindow, SwitchDesktop, OpenDesktopW<br>&gt; USERENV.dll: -, WaitForUserPolicyForegroundProcessing, GetAllUsersProfileDirectoryW, -, -, -, WaitForMachinePolicyForegroundProcessing, -, -, -, UnloadUserProfile, LoadUserProfileW, -, RegisterGPNotification, CreateEnvironmentBlock, DestroyEnvironmentBlock, UnregisterGPNotification, GetUserProfileDirectoryW<br>&gt; VERSION.dll: GetFileVersionInfoSizeW, GetFileVersionInfoW, VerQueryValueW<br>&gt; WINSTA.dll: WinStationRequestSessionsList, WinStationQueryLogonCredentialsW, WinStationIsHelpAssistantSession, WinStationAutoReconnect, _WinStationWaitForConnect, _WinStationNotifyLogoff, WinStationDisconnect, _WinStationCallback, WinStationNameFromLogonIdW, _WinStationFUSCanRemoteUserDisconnect, WinStationEnumerate_IndexedW, WinStationGetMachinePolicy, WinStationQueryInformationW, WinStationFreeMemory, WinStationReset, _WinStationNotifyDisconnectPipe, WinStationConnectW, WinStationSetInformationW, WinStationShutdownSystem, WinStationCheckLoopBack, _WinStationNotifyLogon<br>&gt; WINTRUST.dll: CryptCATAdminEnumCatalogFromHash, CryptCATCatalogInfoFromContext, CryptCATAdminCalcHashFromFileHandle, CryptCATAdminAcquireContext, CryptCATAdminReleaseCatalogContext, WTHelperProvDataFromStateData, WinVerifyTrust, WTHelperGetProvSignerFromChain, CryptCATAdminReleaseContext<br>&gt; WS2_32.dll: -, -, getaddrinfo<br><br>( 0 exports ) <br>
    CWSandbox info: &lt;a href='http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=3969440ba384d35317dbbdeeaae641ce' target='_blank'&gt;http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=3969440ba384d35317dbbdeeaae641ce&lt;/a&gt;
    ThreatExpert info: &lt;a href='http://www.threatexpert.com/report.aspx?md5=3969440ba384d35317dbbdeeaae641ce' target='_blank'&gt;http://www.threatexpert.com/report.aspx?md5=3969440ba384d35317dbbdeeaae641ce&lt;/a&gt;

2.Combofix Scan
    ComboFix 09-01-13.04 - Christine 2009-01-14 13:43:55.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1630 [GMT -6:00]
    Running from: c:\documents and settings\Christine\Desktop\ComboFix.exe
    Command switches used :: /SkipFix
    AV: avast! antivirus 4.8.1296 [VPS 090114-0] *On-access scanning disabled* (Updated)
    * Created a new restore point
    .
    - REDUCED FUNCTIONALITY MODE -
    .

    ((((((((((((((((((((((((( Files Created from 2008-12-14 to 2009-01-14 )))))))))))))))))))))))))))))))
    .

    2009-01-13 08:55 . 2009-01-13 08:55 <DIR> d-------- C:\rsit
    2009-01-12 22:39 . 2009-01-12 22:39 <DIR> d-------- c:\program files\SUPERAntiSpyware
    2009-01-12 22:39 . 2009-01-12 22:39 <DIR> d-------- c:\documents and settings\Christine\Application Data\SUPERAntiSpyware.com
    2009-01-12 22:39 . 2009-01-12 22:39 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
    2009-01-12 22:38 . 2009-01-12 22:38 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
    2008-12-31 10:26 . 2008-12-31 10:27 <DIR> d-------- c:\program files\jZip
    2008-12-27 17:32 . 2008-12-27 17:32 <DIR> d-------- c:\documents and settings\Christine\Application Data\vlc
    2008-12-20 23:01 . 2008-12-21 21:11 250 --a------ c:\windows\gmer.ini
    2008-12-15 02:26 . 2008-12-15 02:26 <DIR> d-------- c:\program files\ERUNT

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-01-13 04:33 --------- d-----w c:\program files\CCleaner
    2009-01-08 16:07 --------- d-----w c:\documents and settings\LocalService\Application Data\WTablet
    2008-12-13 00:44 --------- d-----w c:\program files\DivX
    2008-12-12 23:18 --------- d-----w c:\program files\EsetOnlineScanner
    2008-12-12 23:11 410,984 ----a-w c:\windows\system32\deploytk.dll
    2008-12-12 23:11 --------- d-----w c:\program files\Java
    2008-12-12 05:04 --------- d-----w c:\documents and settings\Christine\Application Data\AVG7
    2008-12-12 05:04 --------- d-----w c:\documents and settings\All Users\Application Data\avg7
    2008-12-12 03:57 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
    2008-12-12 03:55 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
    2008-12-04 01:52 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
    2008-12-04 01:52 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
    2008-11-29 17:23 --------- d-----w c:\program files\Trend Micro
    2008-11-29 17:18 --------- d-----w c:\program files\Windows Defender
    2008-11-29 17:10 --------- d-----w c:\program files\Panda Security
    2008-11-29 16:58 --------- d-----w c:\program files\Spybot - Search & Destroy
    2008-11-29 05:46 --------- d-----w c:\documents and settings\Christine\Application Data\Malwarebytes
    2008-11-29 05:46 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
    2008-11-29 01:18 507,904 ----a-w c:\windows\system32\winlogon.exe
    2008-11-29 01:18 295,424 ----a-w c:\windows\system32\termsrv.dll
    2008-11-29 01:14 --------- d-----w c:\program files\Apple Software Update
    2008-11-28 22:39 --------- d-----w c:\program files\iTunes
    2008-11-28 22:39 --------- d-----w c:\program files\iPod
    2008-11-28 22:39 --------- d-----w c:\program files\Common Files\Apple
    2008-11-28 22:39 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    2008-11-28 22:38 --------- d-----w c:\program files\Bonjour
    2008-11-28 22:37 --------- d-----w c:\program files\QuickTime
    2008-11-21 21:46 200,704 ----a-w c:\windows\system32\ssldivx.dll
    2008-11-21 21:46 1,044,480 ----a-w c:\windows\system32\libdivx.dll
    2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
    2008-10-16 20:38 826,368 ----a-w c:\windows\system32\wininet.dll
    2008-10-16 20:13 202,776 ----a-w c:\windows\system32\wuweb.dll
    2008-10-16 20:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
    2008-10-16 20:12 561,688 ----a-w c:\windows\system32\wuapi.dll
    2008-10-16 20:12 323,608 ----a-w c:\windows\system32\wucltui.dll
    2008-10-16 20:09 92,696 ----a-w c:\windows\system32\cdm.dll
    2008-10-16 20:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
    2008-10-16 20:09 43,544 ----a-w c:\windows\system32\wups2.dll
    2008-10-16 20:08 34,328 ----a-w c:\windows\system32\wups.dll
    2008-12-30 10:53 651,264 ----a-w c:\program files\mozilla firefox\components\nsadssite.dll
    2007-12-02 17:27 88 --sh--r c:\windows\system32\04C847D3D0.sys
    2007-12-02 20:32 952 --sha-w c:\windows\system32\KGyGaAvL.sys
    2008-09-21 04:31 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008092020080921\index.dat
    .

    ------- Sigcheck -------

    2004-08-03 23:56 502272 01c3346c241652f43aed8e2149881bfe c:\windows\$NtServicePackUninstall$\winlogon.exe
    2008-04-13 18:12 507904 ed0ef0a136dec83df69f04118870003e c:\windows\ServicePackFiles\i386\winlogon.exe
    2008-11-28 19:18 507904 3969440ba384d35317dbbdeeaae641ce c:\windows\system32\winlogon.exe

    2004-08-03 23:56 295424 b60c877d16d9c880b952fda04adf16e6 c:\windows\$NtServicePackUninstall$\termsrv.dll
    2008-04-13 18:12 295424 ff3477c03be7201c294c35f684b3479f c:\windows\ServicePackFiles\i386\termsrv.dll
    2008-11-28 19:18 295424 63999d0abd8dabfd76a9c07f6e104868 c:\windows\system32\termsrv.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
    "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-11-07 122940]
    "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-12 136600]
    "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-19 7700480]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-19 86016]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
    "BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 c:\windows\BCMSMMSG.exe]
    "nwiz"="nwiz.exe" [2007-04-19 c:\windows\system32\nwiz.exe]

    c:\documents and settings\Christine\Start Menu\Programs\Startup\
    Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
    "c:\\Program Files\\AIM6\\aim6.exe"=
    "c:\\WINDOWS\\system32\\LEXPPS.EXE"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=

    R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-11-29 28544]
    R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-04 111184]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-01-12 8944]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-01-12 55024]
    R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-04-04 20560]
    R4 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2007-12-01 1373480]
    R4 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
    S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-01-12 7408]
    .
    Contents of the 'Scheduled Tasks' folder

    2008-11-28 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

    2008-01-14 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
    .
    - - - - ORPHANS REMOVED - - - -

    HKCU-Run-Aim6 - (no file)


    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://auburn.edu/
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    IE: {{3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEC0} - {4CF088BD-BE95-40a5-BE9B-677F8683EDEA} - c:\program files\Smart-Shopper\Bin\2.5.1\Smrt-Shpr.dll
    FF - ProfilePath -
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-01-14 13:44:08
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(672)
    c:\program files\SUPERAntiSpyware\SASWINLO.dll
    .
    Completion time: 2009-01-14 13:45:29
    ComboFix-quarantined-files.txt 2009-01-14 19:45:26

    Pre-Run: 64,433,500,160 bytes free
    Post-Run: 64,556,695,552 bytes free

    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
    multi(0)disk(0)rdisk(1)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

    162 --- E O F --- 2009-01-13 23:19:49

3a.RSIT LOG
    Logfile of random's system information tool 1.04 (written by random/random)
    Run by Christine at 2009-01-14 16:47:39
    Microsoft Windows XP Professional Service Pack 3
    System drive C: has 62 GB (81%) free of 76 GB
    Total RAM: 2047 MB (73% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 4:47:47 PM, on 1/14/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PSIService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\BCMSMMSG.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\Wacom_Tablet.exe
    C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
    C:\WINDOWS\system32\Wacom_Tablet.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Christine\Desktop\RSIT.exe
    C:\Program Files\Trend Micro\HijackThis\Christine.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://auburn.edu/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: EmailBHO - {647FD14A-C4F1-46F4-8FC3-0B40F54226F7} - C:\Program Files\jZip\WebmailPlugin.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: SmartShopper - Compare travel rates - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEC0} - C:\Program Files\Smart-Shopper\Bin\2.5.1\Smrt-Shpr.dll (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
    O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\WINDOWS\system32\Wacom_Tablet.exe

    --
    End of file - 7024 bytes

    ======Scheduled tasks folder======

    C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    C:\WINDOWS\tasks\MP Scheduled Scan.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
    Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
    DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-11-07 110652]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{647FD14A-C4F1-46F4-8FC3-0B40F54226F7}]
    jZip Webmail plugin - C:\Program Files\jZip\WebmailPlugin.dll [2008-10-28 591296]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-12 320920]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-12 34816]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
    JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-12 73728]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "BCMSMMSG"=C:\WINDOWS\BCMSMMSG.exe [2003-08-29 122880]
    "DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2005-11-07 122940]
    "SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2004-10-14 1404928]
    "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-12 136600]
    "avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-11-26 81000]
    "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-04-19 7700480]
    "nwiz"=nwiz.exe /install []
    "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-04-19 86016]
    "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]
    "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
    "MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

    C:\Documents and Settings\Christine\Start Menu\Programs\Startup
    Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
    C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=145
    "NoDrives"=0

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDrives"=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
    "C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
    "C:\WINDOWS\system32\LEXPPS.EXE"="C:\WINDOWS\system32\LEXPPS.EXE:*:Enabled:LEXPPS.EXE"
    "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
    "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

    ======List of files/folders created in the last 1 months======

    2009-01-14 16:47:39 ----D---- C:\rsit
    2009-01-14 13:54:31 ----SHD---- C:\RECYCLER
    2009-01-14 13:45:30 ----A---- C:\ComboFix.txt
    2009-01-14 13:42:33 ----A---- C:\Boot.bak
    2009-01-14 13:42:24 ----RASHD---- C:\cmdcons
    2009-01-14 13:41:26 ----A---- C:\WINDOWS\zip.exe
    2009-01-14 13:41:26 ----A---- C:\WINDOWS\VFIND.exe
    2009-01-14 13:41:26 ----A---- C:\WINDOWS\SWXCACLS.exe
    2009-01-14 13:41:26 ----A---- C:\WINDOWS\SWSC.exe
    2009-01-14 13:41:26 ----A---- C:\WINDOWS\SWREG.exe
    2009-01-14 13:41:26 ----A---- C:\WINDOWS\sed.exe
    2009-01-14 13:41:26 ----A---- C:\WINDOWS\NIRCMD.exe
    2009-01-14 13:41:26 ----A---- C:\WINDOWS\grep.exe
    2009-01-14 13:41:26 ----A---- C:\WINDOWS\fdsv.exe
    2009-01-13 17:19:42 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
    2009-01-12 22:39:41 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    2009-01-12 22:39:36 ----D---- C:\Program Files\SUPERAntiSpyware
    2009-01-12 22:39:36 ----D---- C:\Documents and Settings\Christine\Application Data\SUPERAntiSpyware.com
    2009-01-12 22:38:28 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
    2008-12-31 10:26:52 ----D---- C:\Program Files\jZip
    2008-12-27 17:35:05 ----D---- C:\WINDOWS\Minidump
    2008-12-27 17:32:02 ----D---- C:\Documents and Settings\Christine\Application Data\vlc
    2008-12-20 23:01:04 ----A---- C:\WINDOWS\gmer.ini
    2008-12-20 23:01:02 ----RA---- C:\WINDOWS\gmer.exe
    2008-12-20 23:01:02 ----A---- C:\WINDOWS\gmer_uninstall.cmd
    2008-12-20 23:01:02 ----A---- C:\WINDOWS\gmer.dll
    2008-12-15 02:28:02 ----D---- C:\WINDOWS\ERDNT
    2008-12-15 02:26:53 ----D---- C:\Program Files\ERUNT

    ======List of files/folders modified in the last 1 months======

    2009-01-14 16:30:24 ----D---- C:\WINDOWS\Prefetch
    2009-01-14 13:52:51 ----D---- C:\Program Files\Mozilla Firefox
    2009-01-14 13:52:45 ----D---- C:\WINDOWS\Temp
    2009-01-14 13:45:34 ----D---- C:\WINDOWS\system32\drivers
    2009-01-14 13:45:34 ----D---- C:\WINDOWS\system32
    2009-01-14 13:45:34 ----D---- C:\Qoobox
    2009-01-14 13:45:33 ----D---- C:\WINDOWS
    2009-01-14 13:44:25 ----D---- C:\WINDOWS\system32\CatRoot2
    2009-01-14 13:44:10 ----A---- C:\WINDOWS\system.ini
    2009-01-14 13:42:33 ----RASH---- C:\boot.ini
    2009-01-14 13:41:50 ----A---- C:\WINDOWS\SchedLgU.Txt
    2009-01-13 17:19:49 ----HD---- C:\WINDOWS\inf
    2009-01-13 17:19:44 ----RSHDC---- C:\WINDOWS\system32\dllcache
    2009-01-13 17:19:15 ----HD---- C:\WINDOWS\$hf_mig$
    2009-01-13 17:18:14 ----D---- C:\WINDOWS\Debug
    2009-01-12 22:39:39 ----SHD---- C:\WINDOWS\Installer
    2009-01-12 22:39:39 ----SHD---- C:\Config.Msi
    2009-01-12 22:39:38 ----SD---- C:\Documents and Settings\Christine\Application Data\Microsoft
    2009-01-12 22:39:36 ----RD---- C:\Program Files
    2009-01-12 22:38:28 ----D---- C:\Program Files\Common Files
    2009-01-12 22:33:17 ----D---- C:\Program Files\CCleaner
    2009-01-09 19:35:28 ----A---- C:\WINDOWS\system32\MRT.exe
    2008-12-30 17:49:19 ----D---- C:\Documents and Settings\Christine\Application Data\Mozilla
    2008-12-29 19:05:21 ----RSD---- C:\WINDOWS\Fonts
    2008-12-27 01:07:36 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
    2008-12-17 21:14:05 ----D---- C:\WINDOWS\ie7updates

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-11-26 26944]
    R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-11-26 111184]
    R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-11-26 50864]
    R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-11-18 5660]
    R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-11-18 22684]
    R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
    R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
    R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
    R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
    R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-11-26 20560]
    R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-11-26 94032]
    R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-11-07 25628]
    R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-11-07 2496]
    R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-11-07 86652]
    R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-11-07 14684]
    R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-11-07 6364]
    R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-11-07 87036]
    R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-11-07 94332]
    R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-08-12 40544]
    R2 PfModNT;PfModNT; \??\C:\WINDOWS\system32\drivers\PfModNT.sys []
    R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-11-26 23152]
    R3 BCMModem;BCM V.92 56K Modem; C:\WINDOWS\system32\DRIVERS\BCMSM.sys [2003-08-29 1101696]
    R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2007-03-14 165760]
    R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
    R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
    R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
    R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-04-19 3988384]
    R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-09-17 732928]
    R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-01-27 260352]
    R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
    R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
    R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
    R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
    R3 wacommousefilter;Wacom Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [2007-02-16 11312]
    R3 wacomvhid;Wacom Virtual Hid Driver; C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2007-02-16 12848]
    R3 WacomVKHid;Virtual Keyboard Driver; C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys [2007-02-15 11440]
    S1 mferkdk;VSCore mferkdk; \??\C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys []
    S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
    S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
    S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
    S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
    S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
    S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
    S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
    R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-11-26 18752]
    R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-11-26 155160]
    R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
    R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-12 152984]
    R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2003-08-29 307200]
    R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-04-19 159810]
    R2 ProtexisLicensing;ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [2006-11-02 174656]
    R2 TabletServiceWacom;TabletServiceWacom; C:\WINDOWS\system32\Wacom_Tablet.exe [2007-09-07 1373480]
    R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
    R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-11-26 254040]
    R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-11-26 352920]
    R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
    S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-12-02 72704]
    S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
    S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
    S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

    -----------------EOF-----------------

3b.RSIT INFO
    info.txt logfile of random's system information tool 1.04 2009-01-14 16:47:49

    ======Uninstall list======

    -->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
    -->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
    -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    7-Zip 4.56 beta-->"C:\Program Files\7-Zip\Uninstall.exe"
    Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
    Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
    Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
    Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
    Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
    Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
    Adobe Illustrator CS2-->msiexec /I {B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}
    Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
    Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
    Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
    Adobe SVG Viewer 3.0-->C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
    AIM 6-->C:\Program Files\AIM6\uninst.exe
    Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
    Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
    avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
    BCM V.92 56K Modem-->C:\WINDOWS\BCMSMU.exe quiet
    Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
    CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
    Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
    Corel Painter X-->C:\Program Files\Corel\Corel Painter X\MSILauncher {91CABF8F-A81C-4CB0-A1B0-D55B25F1B150} C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\PainterX.log
    Corel Painter X-->MsiExec.exe /I{91CABF8F-A81C-4CB0-A1B0-D55B25F1B150}
    CuteFTP 8 Home-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{949DBB22-2FB7-4DE1-804C-23D495A988D8}\Setup.exe" -l0x9
    DELETER COMICWORKS-->MsiExec.exe /I{85CFC80F-B410-42E7-855F-F2AE1DF64315}
    DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
    DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
    ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
    ESET Online Scanner-->C:\WINDOWS\system32\OnlineScannerUninstaller.exe
    EVGA Display Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BEF3EFE7-5159-436D-9BF0-CCC633179EB4}\Setup.exe" -l0x9 -removeonly
    HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
    Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
    Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
    Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
    Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
    Intel(R) PRO Network Connections 12.3.31.0-->MsiExec.exe /i{DDD0A758-F44C-47D3-8E88-692FFF775127} ARPREMOVE=1
    iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
    Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
    jZip-->C:\PROGRA~1\jZip\UNWISE.EXE /U C:\PROGRA~1\jZip\INSTALL.LOG
    Lexmark Z700-P700 Series-->C:\WINDOWS\system32\spool\drivers\w32x86\3\LXBLUN5C.EXE -dLexmark Z700-P700 Series
    Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
    Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
    Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
    Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
    Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
    Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
    MobileMe Control Panel-->MsiExec.exe /I{924EB80F-C2BB-4B9F-8412-88BBA937393F}
    Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    Panda ActiveScan 2.0-->C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
    QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
    Roxio DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
    Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
    Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
    Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
    Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
    Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
    SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\SETUP.exe" -l0x9 -removeonly
    Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
    SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
    Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
    Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
    Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
    Wacom Tablet-->C:\Program Files\Tablet\Wacom\Remove.exe /u
    Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
    Windows Driver Package - Hewlett-Packard Image (12/27/2006 8.0.0.0)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst32.exe /u C:\WINDOWS\system32\DRVSTORE\hpxp4370_EE583B2413E4C828DFD7901D646C3D9BF7599402\hpxp4370.inf
    Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
    Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
    Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
    Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
    Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

    ======Hosts File======

    127.0.0.1 007guard.com
    127.0.0.1 www.007guard.com
    127.0.0.1 008i.com
    127.0.0.1 008k.com
    127.0.0.1 www.008k.com
    127.0.0.1 00hq.com
    127.0.0.1 www.00hq.com
    127.0.0.1 010402.com
    127.0.0.1 032439.com
    127.0.0.1 www.032439.com

    ======Security center information======

    AV: avast! antivirus 4.8.1296 [VPS 090114-0]

    ======Environment variables======

    "ComSpec"=%SystemRoot%\system32\cmd.exe
    "Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Intel\DMIX;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\QuickTime\QTSystem;C:\Program Files\jZip
    "windir"=%SystemRoot%
    "FP_NO_HOST_CHECK"=NO
    "OS"=Windows_NT
    "PROCESSOR_ARCHITECTURE"=x86
    "PROCESSOR_LEVEL"=15
    "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 7, GenuineIntel
    "PROCESSOR_REVISION"=0207
    "NUMBER_OF_PROCESSORS"=1
    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    "TEMP"=%SystemRoot%\TEMP
    "TMP"=%SystemRoot%\TEMP
    "CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
    "QTJAVA"=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip

    -----------------EOF-----------------
wuchris
Regular Member
 
Posts: 26
Joined: November 29th, 2008, 1:31 pm

Re: Firefox Crashing and "Perfect Defender 2009 Popup"

Unread postby Sharagoz » January 15th, 2009, 5:01 pm

Disable Avast before the next step.

1) Run ComboFix with CFScript
  • Right-click on your desktop, select New -> Text file
  • Name the file CFScript.txt
  • Open CFScript.txt and copy the contents of the code box below into it, save and close
    Code: Select all
    KillAll::
    
    File::
    c:\program files\mozilla firefox\components\nsadssite.dll
    
    FCopy::
    c:\windows\$NtServicePackUninstall$\termsrv.dll | c:\windows\system32\termsrv.dll
    
    
  • Drag CFScript.txt on top of the ComboFix.exe icon and release
  • ComboFix will start if you did this correctly
  • When ComboFix has finished scanning, a log will open
  • Include this log in your next reply

Enable Avast again

2) Fix bad entry using HiJackThis
  • Launch HiJackThis
    (there should be a shortcut on your desktop, if there isnt, find it here: C:\Program Files\Trend Micro\HijackThis\Christine.exe)
  • Click the Do a system scan only button
  • Put a checkmark next to the below line if its still listed

    O9 - Extra button: SmartShopper - Compare travel rates - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEC0} - C:\Program Files\Smart-Shopper\Bin\2.5.1\Smrt-Shpr.dll

  • IMPORTANT: Do NOT click fix until you exit all browser sessions including the one you are reading in right now
  • Click the Fix checked button and close HiJackThis

3) Scan file with VirusTotal
  • Go to virustotal.com
  • Click Browse and copy the filepath from the codebox below into the File name box and click Open
    Code: Select all
    C:\WINDOWS\system32\termsrv.dll
  • Click the Send file button to start the scan
  • When the status changes to finished, click the Compact link
  • Copy everything from the windows that pops up into your next reply

4) Get new RSIT log
  • Delete this folder: C:\rsit
  • Double click on RSIT.exe (on your desktop) to run RSIT
  • Click Continue at the disclaimer screen to start the scanner
  • Once it has finished, two logs will open:
    • log.txt will be opened maximized
    • info.txt will be opened minimized
  • Post the contents of both log.txt and info.txt in your next reply

Logs I need:
ComboFix log
Results from VirusTotal scan
RSIT logs
User avatar
Sharagoz
Retired Graduate
 
Posts: 985
Joined: February 22nd, 2008, 4:31 pm
Location: Norway

Re: Firefox Crashing and "Perfect Defender 2009 Popup"

Unread postby Sharagoz » January 19th, 2009, 10:34 am

Hi
It's been a while since your last response.
Are you still with us?
User avatar
Sharagoz
Retired Graduate
 
Posts: 985
Joined: February 22nd, 2008, 4:31 pm
Location: Norway

Re: Firefox Crashing and "Perfect Defender 2009 Popup"

Unread postby wuchris » January 19th, 2009, 11:47 am

I'm sorry for the delay in response, and thank you so much for bearing with me.

1.Combofix Log
    ComboFix 09-01-19.03 - Christine 2009-01-18 19:05:39.2 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1504 [GMT -6:00]
    Running from: c:\documents and settings\Christine\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Christine\Desktop\CFScript.txt
    AV: avast! antivirus 4.8.1296 [VPS 090119-0] *On-access scanning disabled* (Updated)
    * Created a new restore point

    FILE ::
    c:\program files\mozilla firefox\components\nsadssite.dll
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\Christine\Application Data\Adssite Advanced Toolbar
    c:\documents and settings\Christine\Application Data\Adssite Advanced Toolbar\selected.xml
    c:\documents and settings\Christine\Application Data\Adssite Advanced Toolbar\vigrs.exe
    c:\program files\mozilla firefox\components\nsadssite.dll

    Infected copy of c:\windows\system32\winlogon.exe was found and disinfected
    Restored copy from - c:\windows\$NtServicePackUninstall$\winlogon.exe


    .
    --------------- FCopy ---------------

    c:\windows\$NtServicePackUninstall$\termsrv.dll --> c:\windows\system32\termsrv.dll
    .
    ((((((((((((((((((((((((( Files Created from 2008-12-19 to 2009-01-19 )))))))))))))))))))))))))))))))
    .

    2009-01-14 16:47 . 2009-01-14 16:47 <DIR> d-------- C:\rsit
    2009-01-12 22:39 . 2009-01-12 22:39 <DIR> d-------- c:\program files\SUPERAntiSpyware
    2009-01-12 22:39 . 2009-01-12 22:39 <DIR> d-------- c:\documents and settings\Christine\Application Data\SUPERAntiSpyware.com
    2009-01-12 22:39 . 2009-01-12 22:39 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
    2009-01-12 22:38 . 2009-01-12 22:38 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
    2008-12-31 10:26 . 2008-12-31 10:27 <DIR> d-------- c:\program files\jZip
    2008-12-27 17:32 . 2008-12-27 17:32 <DIR> d-------- c:\documents and settings\Christine\Application Data\vlc
    2008-12-20 23:01 . 2008-12-21 21:11 250 --a------ c:\windows\gmer.ini

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-01-19 01:09 --------- d-----w c:\documents and settings\Christine\Application Data\WTablet
    2009-01-19 00:44 --------- d-----w c:\documents and settings\LocalService\Application Data\WTablet
    2009-01-13 04:33 --------- d-----w c:\program files\CCleaner
    2008-12-15 08:26 --------- d-----w c:\program files\ERUNT
    2008-12-13 00:44 --------- d-----w c:\program files\DivX
    2008-12-12 23:18 --------- d-----w c:\program files\EsetOnlineScanner
    2008-12-12 23:11 --------- d-----w c:\program files\Java
    2008-12-12 05:04 --------- d-----w c:\documents and settings\Christine\Application Data\AVG7
    2008-12-12 05:04 --------- d-----w c:\documents and settings\All Users\Application Data\avg7
    2008-12-12 03:57 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
    2008-12-12 03:55 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
    2008-12-04 01:52 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
    2008-12-04 01:52 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
    2008-11-29 17:23 --------- d-----w c:\program files\Trend Micro
    2008-11-29 17:18 --------- d-----w c:\program files\Windows Defender
    2008-11-29 17:10 --------- d-----w c:\program files\Panda Security
    2008-11-29 16:58 --------- d-----w c:\program files\Spybot - Search & Destroy
    2008-11-29 05:46 --------- d-----w c:\documents and settings\Christine\Application Data\Malwarebytes
    2008-11-29 05:46 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
    2008-11-29 01:14 --------- d-----w c:\program files\Apple Software Update
    2008-11-28 22:39 --------- d-----w c:\program files\iTunes
    2008-11-28 22:39 --------- d-----w c:\program files\iPod
    2008-11-28 22:39 --------- d-----w c:\program files\Common Files\Apple
    2008-11-28 22:39 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    2008-11-28 22:38 --------- d-----w c:\program files\Bonjour
    2008-11-28 22:37 --------- d-----w c:\program files\QuickTime
    2007-12-02 17:27 88 --sh--r c:\windows\system32\04C847D3D0.sys
    2007-12-02 20:32 952 --sha-w c:\windows\system32\KGyGaAvL.sys
    2008-09-21 04:31 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008092020080921\index.dat
    .

    ((((((((((((((((((((((((((((( snapshot@2009-01-14_13.44.36.18 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2004-08-04 05:56:48 295,424 -c--a-w c:\windows\system32\dllcache\termsrv.dll
    + 2004-08-04 05:56:58 502,272 -c--a-w c:\windows\system32\dllcache\winlogon.exe
    - 2008-11-29 01:18:47 507,904 ----a-w c:\windows\system32\winlogon.exe
    + 2004-08-04 05:56:58 502,272 ----a-w c:\windows\system32\winlogon.exe
    + 2009-01-19 01:08:48 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_5f8.dat
    + 2009-01-19 01:08:58 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_74c.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
    "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-11-07 122940]
    "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-12 136600]
    "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-19 7700480]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-19 86016]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
    "BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 c:\windows\BCMSMMSG.exe]
    "nwiz"="nwiz.exe" [2007-04-19 c:\windows\system32\nwiz.exe]

    c:\documents and settings\Christine\Start Menu\Programs\Startup\
    Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
    "c:\\Program Files\\AIM6\\aim6.exe"=
    "c:\\WINDOWS\\system32\\LEXPPS.EXE"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=

    R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-11-29 28544]
    R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-04 111184]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-01-12 8944]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-01-12 55024]
    R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-04-04 20560]
    R4 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2007-12-01 1373480]
    R4 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
    S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-01-12 7408]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{74f57558-c556-11dc-a899-0002b3d3ccf7}]
    \Shell\AutoRun\command - H:\LaunchU3.exe -a
    .
    Contents of the 'Scheduled Tasks' folder

    2009-01-15 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

    2009-01-19 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://auburn.edu/
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    IE: {{3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEC0} - {4CF088BD-BE95-40a5-BE9B-677F8683EDEA} - c:\program files\Smart-Shopper\Bin\2.5.1\Smrt-Shpr.dll
    FF - ProfilePath - c:\documents and settings\Christine\Application Data\Mozilla\Firefox\Profiles\ndhm1ltp.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www1.yoog.com/search.php?q=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://auburn.edu/
    FF - prefs.js: keyword.URL - hxxp://www1.yoog.com/search.php?q=

    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - true
    FF - user.js: browser.search.selectedEngine - Yoog Search
    FF - user.js: keyword.URL - hxxp://www1.yoog.com/search.php?q=
    FF - user.js: keyword.enabled - true
    FF - user.js: browser.search.defaultenginename - Yoog Search
    FF - user.js: browser.search.defaulturl - hxxp://www1.yoog.com/search.php?q=
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-01-18 19:09:28
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(676)
    c:\program files\SUPERAntiSpyware\SASWINLO.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Alwil Software\Avast4\aswUpdSv.exe
    c:\program files\Alwil Software\Avast4\ashServ.exe
    c:\windows\system32\LEXBCES.EXE
    c:\windows\system32\LEXPPS.EXE
    c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\windows\system32\nvsvc32.exe
    c:\windows\system32\PSIService.exe
    c:\windows\system32\WTablet\Wacom_TabletUser.exe
    c:\windows\system32\rundll32.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\windows\system32\wscntfy.exe
    .
    **************************************************************************
    .
    Completion time: 2009-01-18 19:11:48 - machine was rebooted
    ComboFix-quarantined-files.txt 2009-01-19 01:11:45
    ComboFix2.txt 2009-01-14 19:45:30

    Pre-Run: 64,289,894,400 bytes free
    Post-Run: 64,275,898,368 bytes free

    182 --- E O F --- 2009-01-19 00:46:39

3.Virustotal Log
    File termsrv.dll received on 01.20.2009 02:16:17 (CET)
    Antivirus Version Last Update Result
    a-squared 4.0.0.73 2009.01.20 -
    AhnLab-V3 2009.1.20.1 2009.01.19 -
    AntiVir 7.9.0.57 2009.01.19 -
    Authentium 5.1.0.4 2009.01.19 -
    Avast 4.8.1281.0 2009.01.19 -
    AVG 8.0.0.229 2009.01.20 -
    BitDefender 7.2 2009.01.20 -
    CAT-QuickHeal 10.00 2009.01.19 -
    ClamAV 0.94.1 2009.01.19 -
    Comodo 937 2009.01.19 -
    DrWeb 4.44.0.09170 2009.01.20 -
    eSafe 7.0.17.0 2009.01.19 -
    eTrust-Vet 31.6.6315 2009.01.19 -
    F-Prot 4.4.4.56 2009.01.19 -
    F-Secure 8.0.14470.0 2009.01.19 -
    Fortinet 3.117.0.0 2009.01.15 -
    GData 19 2009.01.20 -
    Ikarus T3.1.1.45.0 2009.01.20 -
    K7AntiVirus 7.10.595 2009.01.19 -
    Kaspersky 7.0.0.125 2009.01.20 -
    McAfee 5500 2009.01.19 -
    McAfee+Artemis 5500 2009.01.19 -
    Microsoft 1.4205 2009.01.20 -
    NOD32 3779 2009.01.19 -
    Norman 5.93.01 2009.01.19 -
    nProtect 2009.1.8.0 2009.01.19 -
    Panda 9.5.1.2 2009.01.19 -
    PCTools 4.4.2.0 2009.01.19 -
    Prevx1 V2 2009.01.20 -
    Rising 21.13.02.00 2009.01.19 -
    SecureWeb-Gateway 6.7.6 2009.01.19 -
    Sophos 4.37.0 2009.01.20 -
    Sunbelt 3.2.1835.2 2009.01.16 -
    Symantec 10 2009.01.20 -
    TheHacker 6.3.1.5.224 2009.01.20 -
    TrendMicro 8.700.0.1004 2009.01.19 -
    VBA32 3.12.8.10 2009.01.19 -
    ViRobot 2009.1.19.1565 2009.01.19 -
    VirusBuster 4.5.11.0 2009.01.19 -
    Additional information
    File size: 295424 bytes
    MD5...: b60c877d16d9c880b952fda04adf16e6
    SHA1..: b93a2c8bda208a76b033c67fa90128f5888890e5
    SHA256: 244d59a555349259d81d4643500e714a053d4a06df892a8edcaa0dc5eadff050
    SHA512: fe92ddf13bf3c82d0533402d3ef81b72ff3817b2defcd5aae7e90347a48566a3<br>e28bec623e39af87ec3454ee5234ee31f4a9200aae835e58dd51f700fa4856fe<br>
    ssdeep: 6144:iUb4QerW7bcH7bR/FKDag7zedJX8kY0cGU4yBnmeB6ULCN:iU0Qn7bcR0GY<br>edJJUhBnRI<br>
    PEiD..: -
    TrID..: File type identification<br>Win64 Executable Generic (80.9%)<br>Win32 Executable Generic (8.0%)<br>Win32 Dynamic Link Library (generic) (7.1%)<br>Generic Win/DOS Executable (1.8%)<br>DOS Executable Generic (1.8%)
    PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x7611192e<br>timedatestamp.....: 0x411096bd (Wed Aug 04 07:56:45 2004)<br>machinetype.......: 0x14c (I386)<br><br>( 4 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x3f66a 0x3f800 6.61 3fc9007a6dd1e93104e0856e325bc294<br>.data 0x41000 0x9838 0x1200 5.41 b6f46a64f3515283049d0afa87288aef<br>.rsrc 0x4b000 0x3e60 0x4000 3.25 39d3d9c93594b5868500536d35c7df36<br>.reloc 0x4f000 0x32c0 0x3400 6.18 a1d0e2539559ea2db7ecac46d9f058e9<br><br>( 17 imports ) <br>&gt; msvcrt.dll: wcscpy, wcscmp, _except_handler3, _wcsnicmp, wcscat, swscanf, wcsncpy, wcslen, wcsncat, swprintf, wcsrchr, memmove, _snwprintf, wcschr, sprintf, qsort, strncpy, gmtime, time, mktime, _mbslen, mbstowcs, __3@YAXPAX@Z, __2@YAPAXI@Z, free, _initterm, malloc, _adjust_fdiv, _ftol, _snprintf, strncmp, iswdigit, _wcsupr, wcstok, _wtol, _stricmp, __CxxFrameHandler, _purecall, _wcsicmp<br>&gt; ntdll.dll: NtOpenProcessToken, NtQueryInformationToken, RtlLengthSid, RtlCopySid, NtAllocateVirtualMemory, NtFreeVirtualMemory, RtlAcquireResourceShared, NtDelayExecution, DbgBreakPoint, RtlPrefixUnicodeString, NtResetEvent, NtWaitForMultipleObjects, RtlInitializeGenericTable, RtlDeleteCriticalSection, NtOpenProcess, NtQueryVirtualMemory, RtlLookupElementGenericTable, RtlCompareMemory, RtlInsertElementGenericTable, RtlDeleteElementGenericTable, RtlInitializeResource, NtCreateEvent, NtDuplicateObject, NtQuerySystemTime, RtlEqualSid, RtlAdjustPrivilege, RtlInitializeCriticalSection, NtTerminateProcess, RtlLengthRequiredSid, NtReleaseMutant, NtWaitForSingleObject, NtCreateMutant, NtQueryInformationProcess, NtDuplicateToken, NtSetInformationThread, RtlpNtEnumerateSubKey, NtRequestPort, NtConnectPort, NtSetEvent, RtlEnterCriticalSection, RtlAllocateHeap, NtOpenThreadToken, NtReplyPort, NtCompleteConnectPort, NtAcceptConnectPort, NtCreateSection, NtReplyWaitReceivePort, RtlFreeUnicodeString, NtCreatePort, RtlAnsiStringToUnicodeString, RtlInitAnsiString, RtlQueryRegistryValues, NtDeviceIoControlFile, RtlExtendedLargeIntegerDivide, RtlConvertExclusiveToShared, RtlConvertSharedToExclusive, RtlDeleteResource, NtRequestWaitReplyPort, RtlFreeHeap, RtlLeaveCriticalSection, RtlAcquireResourceExclusive, RtlReleaseResource, RtlInitUnicodeString, NtOpenKey, NtQueryValueKey, NtClose, VerSetConditionMask, RtlCreateEnvironment, RtlSetProcessIsCritical, DbgPrint, NtQuerySystemInformation, NtSetTimer, NtCreateTimer, RtlCopySecurityDescriptor, RtlNtStatusToDosError, RtlDeleteAce, RtlGetAce, RtlQueryInformationAcl, RtlGetDaclSecurityDescriptor, RtlMapGenericMask, RtlSubAuthoritySid, RtlInitializeSid, RtlCreateUserSecurityObject, RtlSetDaclSecurityDescriptor, RtlAddAccessAllowedAce, RtlCreateAcl, RtlCreateSecurityDescriptor, RtlWriteRegistryValue, RtlCreateRegistryKey, RtlLengthSecurityDescriptor, RtlSetGroupSecurityDescriptor, RtlGetGroupSecurityDescriptor, RtlGetOwnerSecurityDescriptor, NtSetSecurityObject, NtQuerySecurityObject, NtOpenSymbolicLinkObject, NtQueryDirectoryObject, NtCreateDirectoryObject, RtlFreeSid, RtlAllocateAndInitializeSid, RtlIntegerToUnicodeString, RtlAppendUnicodeToString, NtQueryMutant<br>&gt; ICAAPI.dll: IcaOpen, IcaStackCallback, IcaStackConnectionWait, IcaStackConnectionRequest, IcaStackConnectionAccept, _IcaStackIoControl, IcaStackUnlock, IcaStackReconnect, IcaStackTerminate, IcaChannelClose, IcaStackIoControl, IcaPushConsoleStack, IcaChannelOpen, IcaChannelIoControl, IcaStackConnectionClose, IcaStackClose, IcaClose, IcaIoControl, IcaStackOpen, IcaStackDisconnect<br>&gt; SHELL32.dll: SHGetFolderPathA<br>&gt; SETUPAPI.dll: SetupDiGetDeviceRegistryPropertyA, SetupDiGetClassDevsA, SetupDiEnumDeviceInfo, SetupDiDestroyDeviceInfoList<br>&gt; SHLWAPI.dll: PathAppendA<br>&gt; WINTRUST.dll: CryptCATAdminCalcHashFromFileHandle, CryptCATAdminEnumCatalogFromHash, CryptCATCatalogInfoFromContext, CryptCATAdminReleaseCatalogContext, CryptCATAdminReleaseContext, WTHelperProvDataFromStateData, WTHelperGetProvSignerFromChain, CryptCATAdminAcquireContext, WinVerifyTrust<br>&gt; RPCRT4.dll: RpcServerInqDefaultPrincNameW, RpcServerRegisterAuthInfoW, RpcServerRegisterIfEx, RpcBindingToStringBindingW, RpcServerListen, RpcImpersonateClient, I_RpcBindingIsClientLocal, RpcRevertToSelf, RpcServerUseProtseqEpW, I_RpcBindingInqLocalClientPID, RpcStringFreeW, RpcRaiseException, RpcSsContextLockExclusive, NdrServerCall2, RpcServerRegisterIf, RpcStringBindingParseW<br>&gt; KERNEL32.dll: GetLocalTime, GetDiskFreeSpaceA, GetDateFormatW, FileTimeToSystemTime, InitializeCriticalSection, GetVersion, CreateMutexW, GetModuleHandleA, InterlockedExchange, OutputDebugStringA, GetProcessAffinityMask, SetThreadAffinityMask, ResumeThread, GetExitCodeThread, GetSystemInfo, GetLogicalDriveStringsA, GetDriveTypeA, GetVolumeInformationW, GetVolumeInformationA, GlobalMemoryStatus, lstrlenA, lstrcpyA, GetFileSize, WriteFile, SetFilePointer, ReadFile, CreateFileA, GetVersionExA, HeapAlloc, HeapFree, CompareFileTime, CreateWaitableTimerW, SetWaitableTimer, LeaveCriticalSection, FormatMessageW, GetSystemDefaultLCID, SystemTimeToFileTime, LoadLibraryExA, SetUnhandledExceptionFilter, UnhandledExceptionFilter, TerminateProcess, GetCurrentThreadId, QueryPerformanceCounter, LoadLibraryA, InterlockedCompareExchange, DelayLoadFailureHook, lstrcpynW, GetACP, MultiByteToWideChar, SetLastError, lstrlenW, LocalFree, LocalAlloc, GetProcessHeap, DisableThreadLibraryCalls, DebugBreak, Sleep, CloseHandle, CreateProcessW, GetCurrentProcessId, IsDebuggerPresent, GetVersionExW, ResetEvent, SetEvent, VerifyVersionInfoW, CreateEventW, GetLastError, ReleaseMutex, UnmapViewOfFile, MapViewOfFile, OpenFileMappingW, WaitForMultipleObjects, OpenEventW, OpenMutexW, InterlockedDecrement, CreateThread, CreateFileW, GetSystemDirectoryW, GetSystemTime, GetComputerNameA, GetSystemTimeAsFileTime, UnregisterWait, WaitForSingleObject, InterlockedIncrement, lstrcpyW, ExitThread, QueryDosDeviceW, ProcessIdToSessionId, IsBadReadPtr, IsBadWritePtr, OpenProcess, GetComputerNameW, FreeLibrary, GetProcAddress, LoadLibraryW, GetProfileStringW, GetTickCount, RegisterWaitForSingleObject, lstrcatW, lstrcmpiW, GetProfileIntW, GetWindowsDirectoryW, SetThreadPriority, GetCurrentThread, LocalSize, GetCurrentProcess, PulseEvent, GetComputerNameExW, WideCharToMultiByte, InitializeCriticalSectionAndSpinCount, EnterCriticalSection, DeleteCriticalSection<br>&gt; USER32.dll: GetCursorPos, wvsprintfA, BroadcastSystemMessageA, wsprintfA, GetSystemMetrics, wsprintfW, ExitWindowsEx, LoadStringW, MessageBeep, GetMessageTime<br>&gt; Secur32.dll: GetUserNameExW<br>&gt; WS2_32.dll: -, -, -, getaddrinfo, -, -<br>&gt; ADVAPI32.dll: GetSidSubAuthorityCount, GetSidSubAuthority, AccessCheckAndAuditAlarmW, AllocateAndInitializeSid, SetEntriesInAclW, InitializeSecurityDescriptor, SetSecurityDescriptorDacl, RegEnumKeyW, DeregisterEventSource, CryptAcquireContextW, CryptCreateHash, CryptImportKey, CryptVerifySignatureW, CryptDestroyKey, CryptDestroyHash, CryptReleaseContext, AddAce, GetAce, GetAclInformation, GetUserNameA, CryptHashData, RegisterServiceCtrlHandlerW, GetSidIdentifierAuthority, IsValidSid, GetTokenInformation, EqualSid, LookupAccountSidW, RegSetValueExW, CryptGenRandom, RegisterEventSourceW, ReportEventW, SetServiceBits, RegOpenKeyW, GetUserNameW, SetServiceStatus, RegOpenKeyExW, GetSecurityDescriptorDacl, LsaDelete, LsaSetSecret, LsaClose, LsaOpenSecret, LsaCreateSecret, LsaOpenPolicy, LsaFreeMemory, LsaQuerySecret, GetEventLogInformation, LsaQueryInformationPolicy, RegQueryValueExW, RegCloseKey, LogonUserW, AddAccessAllowedAce, InitializeAcl, GetLengthSid, OpenThreadToken, CheckTokenMembership, MakeSelfRelativeSD, MakeAbsoluteSD, IsValidSecurityDescriptor, ElfReportEventW, ElfRegisterEventSourceW, I_ScSendTSMessage, RegNotifyChangeKeyValue, RegCreateKeyExW, RegQueryValueExA, RegOpenKeyExA, GetCurrentHwProfileA, RegEnumKeyExA, RegEnumKeyExW, LsaStorePrivateData, LsaNtStatusToWinError, LsaRetrievePrivateData, RegDeleteValueW, OpenProcessToken<br>&gt; CRYPT32.dll: CertCloseStore, CertCreateCertificateContext, CertOpenStore, CertDuplicateCertificateContext, CertFreeCertificateContext, CertGetIssuerCertificateFromStore, CertVerifySubjectCertificateContext, CryptExportPublicKeyInfo, CertEnumCertificatesInStore, CertFindExtension, CertVerifyCertificateChainPolicy, CertComparePublicKeyInfo, CryptDecodeObject, CryptVerifyCertificateSignature, CryptBinaryToStringW<br>&gt; OLEAUT32.dll: -, -, -, -, -, -, -, -, -, -<br>&gt; AUTHZ.dll: AuthzFreeResourceManager, AuthziAllocateAuditParams, AuthziInitializeAuditParamsWithRM, AuthziInitializeAuditEvent, AuthziLogAuditEvent, AuthzFreeAuditEvent, AuthziFreeAuditParams, AuthzInitializeResourceManager, AuthziInitializeAuditEventType, AuthziFreeAuditEventType<br>&gt; mstlsapi.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -<br><br>( 1 exports ) <br>ServiceMain<br>


4a.RSIT Log
    Logfile of random's system information tool 1.04 (written by random/random)
    Run by Christine at 2009-01-18 19:22:42
    Microsoft Windows XP Professional Service Pack 3
    System drive C: has 61 GB (80%) free of 76 GB
    Total RAM: 2047 MB (79% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 7:22:45 PM, on 1/18/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PSIService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Wacom_Tablet.exe
    C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
    C:\WINDOWS\system32\Wacom_Tablet.exe
    C:\WINDOWS\BCMSMMSG.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Documents and Settings\Christine\Desktop\RSIT.exe
    C:\Program Files\Trend Micro\HijackThis\Christine.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://auburn.edu/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: EmailBHO - {647FD14A-C4F1-46F4-8FC3-0B40F54226F7} - C:\Program Files\jZip\WebmailPlugin.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: SmartShopper - Compare travel rates - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEC0} - C:\Program Files\Smart-Shopper\Bin\2.5.1\Smrt-Shpr.dll (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
    O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\WINDOWS\system32\Wacom_Tablet.exe

    --
    End of file - 7003 bytes

    ======Scheduled tasks folder======

    C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    C:\WINDOWS\tasks\MP Scheduled Scan.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
    Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
    DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-11-07 110652]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{647FD14A-C4F1-46F4-8FC3-0B40F54226F7}]
    jZip Webmail plugin - C:\Program Files\jZip\WebmailPlugin.dll [2008-10-28 591296]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-12 320920]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-12 34816]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
    JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-12 73728]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "BCMSMMSG"=C:\WINDOWS\BCMSMMSG.exe [2003-08-29 122880]
    "DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2005-11-07 122940]
    "SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2004-10-14 1404928]
    "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-12 136600]
    "avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-11-26 81000]
    "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-04-19 7700480]
    "nwiz"=nwiz.exe /install []
    "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-04-19 86016]
    "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]
    "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
    "MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

    C:\Documents and Settings\Christine\Start Menu\Programs\Startup
    Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
    C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=323
    "NoDrives"=0
    "NoDriveAutoRun"=67108863

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveAutoRun"=
    "NoDriveTypeAutoRun"=
    "NoDrives"=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
    "C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
    "C:\WINDOWS\system32\LEXPPS.EXE"="C:\WINDOWS\system32\LEXPPS.EXE:*:Enabled:LEXPPS.EXE"
    "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
    "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{74f57558-c556-11dc-a899-0002b3d3ccf7}]
    shell\AutoRun\command - H:\LaunchU3.exe -a


    ======List of files/folders created in the last 1 months======

    2009-01-18 19:22:42 ----D---- C:\rsit
    2009-01-18 19:20:22 ----SHD---- C:\RECYCLER
    2009-01-18 19:11:49 ----A---- C:\ComboFix.txt
    2009-01-14 13:42:33 ----A---- C:\Boot.bak
    2009-01-14 13:42:24 ----RASHD---- C:\cmdcons
    2009-01-14 13:41:26 ----A---- C:\WINDOWS\zip.exe
    2009-01-14 13:41:26 ----A---- C:\WINDOWS\VFIND.exe
    2009-01-14 13:41:26 ----A---- C:\WINDOWS\SWXCACLS.exe
    2009-01-14 13:41:26 ----A---- C:\WINDOWS\SWSC.exe
    2009-01-14 13:41:26 ----A---- C:\WINDOWS\SWREG.exe
    2009-01-14 13:41:26 ----A---- C:\WINDOWS\sed.exe
    2009-01-14 13:41:26 ----A---- C:\WINDOWS\NIRCMD.exe
    2009-01-14 13:41:26 ----A---- C:\WINDOWS\grep.exe
    2009-01-14 13:41:26 ----A---- C:\WINDOWS\fdsv.exe
    2009-01-13 17:19:42 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
    2009-01-12 22:39:41 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    2009-01-12 22:39:36 ----D---- C:\Program Files\SUPERAntiSpyware
    2009-01-12 22:39:36 ----D---- C:\Documents and Settings\Christine\Application Data\SUPERAntiSpyware.com
    2009-01-12 22:38:28 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
    2008-12-31 10:26:52 ----D---- C:\Program Files\jZip
    2008-12-27 17:35:05 ----D---- C:\WINDOWS\Minidump
    2008-12-27 17:32:02 ----D---- C:\Documents and Settings\Christine\Application Data\vlc
    2008-12-20 23:01:04 ----A---- C:\WINDOWS\gmer.ini
    2008-12-20 23:01:02 ----RA---- C:\WINDOWS\gmer.exe
    2008-12-20 23:01:02 ----A---- C:\WINDOWS\gmer_uninstall.cmd
    2008-12-20 23:01:02 ----A---- C:\WINDOWS\gmer.dll

    ======List of files/folders modified in the last 1 months======

    2009-01-18 19:14:56 ----D---- C:\Program Files\Mozilla Firefox
    2009-01-18 19:13:58 ----D---- C:\WINDOWS\Prefetch
    2009-01-18 19:12:29 ----D---- C:\WINDOWS\Temp
    2009-01-18 19:12:16 ----SD---- C:\WINDOWS\Tasks
    2009-01-18 19:11:52 ----D---- C:\WINDOWS\system32\drivers
    2009-01-18 19:11:52 ----D---- C:\WINDOWS\system32
    2009-01-18 19:11:52 ----D---- C:\Qoobox
    2009-01-18 19:11:51 ----D---- C:\WINDOWS
    2009-01-18 19:10:47 ----D---- C:\WINDOWS\system32\CatRoot2
    2009-01-18 19:09:31 ----A---- C:\WINDOWS\system.ini
    2009-01-18 19:09:27 ----D---- C:\WINDOWS\ERDNT
    2009-01-18 19:09:01 ----D---- C:\Documents and Settings\Christine\Application Data\WTablet
    2009-01-18 19:07:10 ----RSHDC---- C:\WINDOWS\system32\dllcache
    2009-01-18 19:06:41 ----D---- C:\WINDOWS\AppPatch
    2009-01-18 19:06:41 ----D---- C:\Program Files\Common Files
    2009-01-18 19:05:10 ----A---- C:\WINDOWS\SchedLgU.Txt
    2009-01-14 13:42:33 ----RASH---- C:\boot.ini
    2009-01-13 17:19:15 ----HD---- C:\WINDOWS\$hf_mig$
    2009-01-13 17:18:14 ----D---- C:\WINDOWS\Debug
    2009-01-12 22:39:39 ----SHD---- C:\WINDOWS\Installer
    2009-01-12 22:39:39 ----SHD---- C:\Config.Msi
    2009-01-12 22:39:38 ----SD---- C:\Documents and Settings\Christine\Application Data\Microsoft
    2009-01-12 22:39:36 ----RD---- C:\Program Files
    2009-01-12 22:33:17 ----D---- C:\Program Files\CCleaner
    2009-01-09 19:35:28 ----A---- C:\WINDOWS\system32\MRT.exe
    2008-12-30 17:49:19 ----D---- C:\Documents and Settings\Christine\Application Data\Mozilla
    2008-12-29 19:05:21 ----RSD---- C:\WINDOWS\Fonts
    2008-12-27 01:07:36 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-11-26 26944]
    R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-11-26 111184]
    R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-11-26 50864]
    R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-11-18 5660]
    R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-11-18 22684]
    R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
    R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
    R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
    R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
    R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-11-26 20560]
    R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-11-26 94032]
    R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-11-07 25628]
    R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-11-07 2496]
    R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-11-07 86652]
    R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-11-07 14684]
    R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-11-07 6364]
    R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-11-07 87036]
    R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-11-07 94332]
    R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-08-12 40544]
    R2 PfModNT;PfModNT; \??\C:\WINDOWS\system32\drivers\PfModNT.sys []
    R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-11-26 23152]
    R3 BCMModem;BCM V.92 56K Modem; C:\WINDOWS\system32\DRIVERS\BCMSM.sys [2003-08-29 1101696]
    R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2007-03-14 165760]
    R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
    R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
    R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
    R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-04-19 3988384]
    R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-09-17 732928]
    R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-01-27 260352]
    R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
    R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
    R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
    R3 wacommousefilter;Wacom Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [2007-02-16 11312]
    R3 wacomvhid;Wacom Virtual Hid Driver; C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2007-02-16 12848]
    R3 WacomVKHid;Virtual Keyboard Driver; C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys [2007-02-15 11440]
    S1 mferkdk;VSCore mferkdk; \??\C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys []
    S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
    S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
    S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
    S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
    S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
    S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
    S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
    R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-11-26 18752]
    R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-11-26 155160]
    R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
    R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-12 152984]
    R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2003-08-29 307200]
    R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-04-19 159810]
    R2 ProtexisLicensing;ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [2006-11-02 174656]
    R2 TabletServiceWacom;TabletServiceWacom; C:\WINDOWS\system32\Wacom_Tablet.exe [2007-09-07 1373480]
    R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
    R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-11-26 254040]
    R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-11-26 352920]
    R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
    S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-12-02 72704]
    S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
    S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
    S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

    -----------------EOF-----------------

4b.RSIT Info
    info.txt logfile of random's system information tool 1.04 2009-01-18 19:22:47

    ======Uninstall list======

    -->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
    -->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
    -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    7-Zip 4.56 beta-->"C:\Program Files\7-Zip\Uninstall.exe"
    Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
    Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
    Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
    Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
    Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
    Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
    Adobe Illustrator CS2-->msiexec /I {B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}
    Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
    Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
    Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
    Adobe SVG Viewer 3.0-->C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
    AIM 6-->C:\Program Files\AIM6\uninst.exe
    Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
    Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
    avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
    BCM V.92 56K Modem-->C:\WINDOWS\BCMSMU.exe quiet
    Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
    CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
    Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
    Corel Painter X-->C:\Program Files\Corel\Corel Painter X\MSILauncher {91CABF8F-A81C-4CB0-A1B0-D55B25F1B150} C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\PainterX.log
    Corel Painter X-->MsiExec.exe /I{91CABF8F-A81C-4CB0-A1B0-D55B25F1B150}
    CuteFTP 8 Home-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{949DBB22-2FB7-4DE1-804C-23D495A988D8}\Setup.exe" -l0x9
    DELETER COMICWORKS-->MsiExec.exe /I{85CFC80F-B410-42E7-855F-F2AE1DF64315}
    DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
    DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
    ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
    ESET Online Scanner-->C:\WINDOWS\system32\OnlineScannerUninstaller.exe
    EVGA Display Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BEF3EFE7-5159-436D-9BF0-CCC633179EB4}\Setup.exe" -l0x9 -removeonly
    HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
    Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
    Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
    Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
    Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
    Intel(R) PRO Network Connections 12.3.31.0-->MsiExec.exe /i{DDD0A758-F44C-47D3-8E88-692FFF775127} ARPREMOVE=1
    iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
    Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
    jZip-->C:\PROGRA~1\jZip\UNWISE.EXE /U C:\PROGRA~1\jZip\INSTALL.LOG
    Lexmark Z700-P700 Series-->C:\WINDOWS\system32\spool\drivers\w32x86\3\LXBLUN5C.EXE -dLexmark Z700-P700 Series
    Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
    Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
    Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
    Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
    Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
    Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
    MobileMe Control Panel-->MsiExec.exe /I{924EB80F-C2BB-4B9F-8412-88BBA937393F}
    Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    Panda ActiveScan 2.0-->C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
    QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
    Roxio DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
    Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
    Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
    Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
    Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
    Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
    SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\SETUP.exe" -l0x9 -removeonly
    Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
    SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
    Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
    Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
    Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
    Wacom Tablet-->C:\Program Files\Tablet\Wacom\Remove.exe /u
    Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
    Windows Driver Package - Hewlett-Packard Image (12/27/2006 8.0.0.0)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst32.exe /u C:\WINDOWS\system32\DRVSTORE\hpxp4370_EE583B2413E4C828DFD7901D646C3D9BF7599402\hpxp4370.inf
    Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
    Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
    Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
    Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
    Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

    =====HijackThis Backups=====

    O9 - Extra button: SmartShopper - Compare travel rates - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEC0} - C:\Program Files\Smart-Shopper\Bin\2.5.1\Smrt-Shpr.dll (file missing)
    O9 - Extra button: SmartShopper - Compare travel rates - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEC0} - C:\Program Files\Smart-Shopper\Bin\2.5.1\Smrt-Shpr.dll (file missing)

    ======Security center information======

    AV: avast! antivirus 4.8.1296 [VPS 090119-0]

    ======Environment variables======

    "ComSpec"=%SystemRoot%\system32\cmd.exe
    "Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Intel\DMIX;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\QuickTime\QTSystem;C:\Program Files\jZip
    "windir"=%SystemRoot%
    "FP_NO_HOST_CHECK"=NO
    "OS"=Windows_NT
    "PROCESSOR_ARCHITECTURE"=x86
    "PROCESSOR_LEVEL"=15
    "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 7, GenuineIntel
    "PROCESSOR_REVISION"=0207
    "NUMBER_OF_PROCESSORS"=1
    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    "TEMP"=%SystemRoot%\TEMP
    "TMP"=%SystemRoot%\TEMP
    "CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
    "QTJAVA"=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip

    -----------------EOF-----------------
wuchris
Regular Member
 
Posts: 26
Joined: November 29th, 2008, 1:31 pm

Re: Firefox Crashing and "Perfect Defender 2009 Popup"

Unread postby Sharagoz » January 20th, 2009, 11:00 am

Disable Avast before the next step

1) Run ComboFix with CFScript
  • Right-click on your desktop, select New -> Text file
  • Name the file CFScript.txt
  • Open CFScript.txt and copy the contents of the code box below into it, save and close
    Code: Select all
    KillAll::
    
    Registry::
    IE: {{3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEC0} - {4CF088BD-BE95-40a5-BE9B-677F8683EDEA} - c:\program files\Smart-Shopper\Bin\2.5.1\Smrt-Shpr.dll
    
    Firefox::
    FF - ProfilePath - c:\documents and settings\Christine\Application Data\Mozilla\Firefox\Profiles\ndhm1ltp.default\
    FF - prefs.js: browser.search.defaulturl - http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    FF - prefs.js: keyword.URL - http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    FF - user.js: browser.search.selectedEngine - Google
    FF - user.js: keyword.URL - http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    FF - user.js: browser.search.defaultenginename - Google
    FF - user.js: browser.search.defaulturl - http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    
    Extra::
    
  • Drag CFScript.txt on top of the ComboFix.exe icon and release
  • ComboFix will start if you did this correctly
  • When ComboFix has finished scanning, a log will open
  • Include this log in your next reply

Enable Avast again

After this step, test that you no longer have "yoog" as your search engine in Internet Explorer and Firefox.

2) Get new RSIT log
  • Double click on RSIT.exe (on your desktop) to run RSIT
  • Click Continue at the disclaimer screen to start the scanner
  • When the scan finishes a log will open. Include this log in your next reply

Logs I need:
ComboFix log
RSIT log
User avatar
Sharagoz
Retired Graduate
 
Posts: 985
Joined: February 22nd, 2008, 4:31 pm
Location: Norway
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 42 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware