Hi all, im really new to the world of PC anti virus things any i have have had a rather annoying message come up every time i start my computer up. this message has been coming up for over 2 months now and it has really annoyed me by slowing my PC at start up.

I have found and removed the worm that caused this by running super anti spy ware and spy ware doctor. after this nothing was found in any scans i started (in safe mode and normal). Many people have had this issue before and were referred to this site, so i did the same.

The error message i keep getting goes a little like this.......

C:\WINDOWS\sembako-dfzjllg.exe

I am currently still having this problem so i ran a hijackthis scan

thanks to whoever has a fix for this and i will greatly appreciate it if it works fine. [IMG]file:///C:/DOCUME%7E1/Jordan/LOCALS%7E1/Temp/moz-screenshot.png[/IMG][IMG]file:///C:/DOCUME%7E1/Jordan/LOCALS%7E1/Temp/moz-screenshot-1.png[/IMG]

The results for the scan under hijack this are as followed:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:46:53 PM, on 10/31/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\D-Link\D-Link Wireless G DWA-110\AirGCFG.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Minefield\firefox.exe
C:\Documents and Settings\Jordan\My Documents\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Ask.com Search Engine - Better Web Search
F2 - REG:system.ini: Shell=Explorer.exe "C:\WINDOWS\sembako-dezjmkh.exe"
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\Adobe\Acrobat Reader 5\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [D-Link D-Link Wireless G DWA-110] C:\Program Files\D-Link\D-Link Wireless G DWA-110\AirGCFG.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [Tok-Cirrhatus-1860] "C:\Documents and Settings\NetworkService\Local Settings\Application Data\br4743on.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Tok-Cirrhatus-1860] "C:\Documents and Settings\NetworkService\Local Settings\Application Data\br4743on.exe" (User 'Default user')
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe

--
End of file - 7017 bytes






I
sadasdasdasdasd

Hello Blackhawk

Welcome to PC Help Forum

Please click this link called Prework and follow the instructions and a member of the Security Team will assist you shortly.

OK well i read the prework and i was told to attach and post this data:

DDS.txt:



DDS (Ver_09-10-26.01) - NTFSx86
Run by Jordan at 16:05:13.18 on Sun 11/01/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3583.3071 [GMT 10:00]

============== Running Processes ===============
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\D-Link\D-Link Wireless G DWA-110\AirGCFG.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Documents and Settings\Jordan\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mWinlogon: Shell=Explorer.exe "c:\windows\sembako-dezjmkh.exe"
mWinlogon: UIHost=c:\documents and settings\all users\application data\tuneup software\tuneup utilities\winstyler\tu_logonui.exe
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat reader 5\reader\activex\AcroIEHelper.ocx
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [ANIWZCS2Service] c:\program files\ani\aniwzcs2 service\WZCSLDR2.exe
mRun: [D-Link D-Link Wireless G DWA-110] c:\program files\d-link\d-link wireless g dwa-110\AirGCFG.exe
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
dRun: [Tok-Cirrhatus-1860] "c:\documents and settings\networkservice\local settings\application data\br4743on.exe"
uPolicies-explorer: NoFolderOptions = 1 (0x1)
uPolicies-disallowrun: NoFolderOptions = 1 (0x1)
uPolicies-system: DisableRegistryTools = 1 (0x1)
dPolicies-explorer: NoFolderOptions = 1 (0x1)
dPolicies-disallowrun: NoFolderOptions = 1 (0x1)
dPolicies-system: DisableRegistryTools = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
============= SERVICES / DRIVERS ===============
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-10-20 207280]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-10-12 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-10-12 74480]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2009-10-20 112592]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-10-20 358600]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2009-10-25 604488]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2008-11-1 93184]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-10-12 7408]
S3 PciCon;PciCon;\??\e:\pcicon.sys --> e:\PciCon.sys [?]
=============== Created Last 30 ================
2009-10-31 12:25:04 0 d-----w- c:\program files\common files\xing shared
2009-10-31 04:35:14 0 d-----w- c:\windows\pss
2009-10-30 08:29:18 3284 ----a-w- c:\windows\system32\ANIWZCS{9F226982-8E26-4A55-AA70-C5C94C2F56F0}
2009-10-29 07:43:12 0 d-----w- c:\program files\Youtube Downloader HD
2009-10-28 09:58:51 63 ----a-w- c:\documents and settings\jordan\jagex_runescape_preferences2.dat
2009-10-28 09:57:03 38 ----a-w- c:\documents and settings\jordan\jagex_runescape_preferences.dat
2009-10-27 09:02:14 3284 ----a-w- c:\windows\system32\ANIWZCS{6734F20B-ADA2-4C2A-AEBE-5710C0CAB2B6}
2009-10-27 07:43:31 0 d-----w- c:\windows\.jagex_cache_32
2009-10-27 07:40:23 73728 ----a-w- c:\windows\system32\javacpl.cpl
2009-10-27 07:23:51 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-25 08:42:15 3284 ----a-w- c:\windows\system32\ANIWZCS{BF7BE614-B7C8-4E53-A42A-E80A9A8491D0}
2009-10-25 06:18:30 2285056 ----a-w- c:\windows\system32\TUKernel.exe
2009-10-25 04:16:36 604488 ----a-w- c:\windows\system32\TUProgSt.exe
2009-10-25 04:16:33 29000 ----a-w- c:\windows\system32\uxtuneup.dll
2009-10-25 04:16:31 361288 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-10-25 04:16:30 0 d-----w- c:\docume~1\jordan\applic~1\TuneUp Software
2009-10-25 04:16:03 0 d-----w- c:\docume~1\alluse~1\applic~1\TuneUp Software
2009-10-25 04:16:02 0 d-----w- c:\program files\TuneUp Utilities 2009
2009-10-25 04:13:22 0 d-sh--w- c:\docume~1\alluse~1\applic~1\{55A29068-F2CE-456C-9148-C869879E2357}
2009-10-25 03:38:33 3284 ----a-w- c:\windows\system32\ANIWZCS{56D8B828-D206-4100-9DCC-25245B9B2B68}
2009-10-25 03:36:14 7 ----a-w- c:\windows\system32\ANIWZCSUSERNAME{56D8B828-D206-4100-9DCC-25245B9B2B68}
2009-10-25 03:04:11 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-10-25 03:04:00 0 d-----w- c:\program files\SUPERAntiSpyware
2009-10-25 03:04:00 0 d-----w- c:\docume~1\jordan\applic~1\SUPERAntiSpyware.com
2009-10-25 03:03:26 0 d-----w- c:\program files\common files\Wise Installation Wizard
2009-10-20 11:56:43 880 ----a-w- c:\windows\RegISSImport.xml
2009-10-20 11:56:43 767952 ----a-w- c:\windows\BDTSupport.dll
2009-10-20 11:56:43 165840 ----a-w- c:\windows\PCTBDRes.dll
2009-10-20 11:56:43 1636304 ----a-w- c:\windows\PCTBDCore.dll
2009-10-20 11:56:43 149456 ----a-w- c:\windows\SGDetectionTool.dll
2009-10-20 11:56:43 131 ----a-w- c:\windows\IDB.zip
2009-10-20 11:56:43 1152470 ----a-w- c:\windows\UDB.zip
2009-10-20 11:48:40 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat
2009-10-20 11:48:40 229304 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-10-20 11:48:32 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-10-20 11:48:32 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat
2009-10-20 11:48:32 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-10-20 11:48:32 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-10-20 11:48:23 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat
2009-10-20 11:48:23 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-10-20 11:48:16 0 d-----w- c:\program files\common files\PC Tools
2009-10-20 11:48:15 0 d-----w- c:\program files\Spyware Doctor
2009-10-20 11:48:15 0 d-----w- c:\docume~1\jordan\applic~1\PC Tools
2009-10-20 11:48:15 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2009-10-20 11:47:50 0 d-s---w- c:\documents and settings\jordan\UserData
2009-10-20 09:08:36 512000 -c----w- c:\windows\system32\dllcache\jscript.dll
2009-10-20 08:47:55 0 d-----w- c:\windows\system32\scripting
2009-10-20 08:47:54 0 d-----w- c:\windows\system32\en
2009-10-20 08:47:54 0 d-----w- c:\windows\system32\bits
2009-10-20 08:47:54 0 d-----w- c:\windows\l2schemas
2009-10-20 08:43:27 0 d-----w- c:\windows\network diagnostic
2009-10-19 18:31:02 883 ----a-w- c:\windows\RegSDImport.xml
2009-10-18 04:15:58 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-10-18 04:15:58 215920 ----a-w- c:\windows\system32\muweb.dll
2009-10-18 04:15:58 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2009-10-18 01:04:45 0 d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-10-18 01:04:04 0 d-----w- c:\documents and settings\jordan\Tracing
2009-10-18 01:03:25 0 d-----w- c:\program files\Microsoft
2009-10-18 01:03:06 0 d-----w- c:\program files\Windows Live SkyDrive
2009-10-18 00:47:08 0 d-----w- c:\program files\common files\Windows Live
2009-10-17 07:48:37 26176 ---ha-w- c:\windows\system32\hamachi.sys
2009-10-16 07:30:19 3284 ----a-w- c:\windows\system32\ANIWZCS{F5E32D3A-97AC-47CB-9B19-11F7BDC46659}
2009-10-16 07:29:22 7 ----a-w- c:\windows\system32\ANIWZCSUSERNAME{F5E32D3A-97AC-47CB-9B19-11F7BDC46659}
2009-10-16 07:29:12 692224 ----a-w- c:\windows\system32\ANIWZCS2.dll
2009-10-16 07:29:12 49152 ----a-w- c:\windows\system32\JJAKEn.dll
2009-10-16 07:29:12 49152 ----a-w- c:\windows\system32\AQCKGen.dll
2009-10-16 07:29:12 45115 ----a-w- c:\windows\system32\ANICtl.dll
2009-10-16 07:29:12 262144 ----a-w- c:\windows\system32\wnicapi.dll
2009-10-16 07:29:12 245760 ----a-w- c:\windows\system32\WlanApp.dll
2009-10-16 07:29:12 217088 ----a-w- c:\windows\system32\aIPH.dll
2009-10-16 07:29:12 1327189 ----a-w- c:\windows\system32\odSupp_M.dll
2009-10-16 07:28:57 48128 ----a-w- c:\windows\system32\ANIO64.sys
2009-10-16 07:28:57 36864 ----a-w- c:\windows\system32\ANIOApi.dll
2009-10-16 07:28:57 28195 ----a-w- c:\windows\system32\ANIO.sys
2009-10-16 07:28:57 16997 ----a-w- c:\windows\system32\ANIO.VXD
2009-10-16 07:28:57 11904 ----a-w- c:\windows\system32\anio4.sys
2009-10-16 07:28:57 0 d-----w- c:\program files\ANI
2009-10-16 07:28:32 0 d-----w- c:\program files\D-Link
2009-10-15 08:08:55 118 ----a-w- c:\windows\system32\MRT.INI
2009-10-12 14:59:39 7 ----a-w- c:\windows\system32\ANIWZCSUSERNAME{BF7BE614-B7C8-4E53-A42A-E80A9A8491D0}
2009-10-12 13:37:03 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll
2009-10-12 13:37:03 8704 ----a-w- c:\windows\system32\kbdjpn.dll
2009-10-12 13:37:03 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll
2009-10-12 13:37:03 8192 ----a-w- c:\windows\system32\kbdkor.dll
2009-10-12 13:37:03 6144 -c--a-w- c:\windows\system32\dllcache\kbd101c.dll
2009-10-12 13:37:03 6144 ----a-w- c:\windows\system32\kbd106.dll
2009-10-12 13:37:03 6144 ----a-w- c:\windows\system32\kbd101c.dll
2009-10-12 13:37:03 5632 -c--a-w- c:\windows\system32\dllcache\kbd103.dll
2009-10-12 13:37:03 5632 ----a-w- c:\windows\system32\kbd103.dll
2009-10-12 13:37:01 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll
2009-10-12 13:37:01 6144 ----a-w- c:\windows\system32\kbd101b.dll
2009-10-12 13:23:40 10 --sh--r- c:\windows\system32\sistem.sys
2009-10-11 10:56:53 0 d-----w- c:\windows\Profiles
2009-10-11 10:56:48 0 d-----w- c:\windows\system32\Adobe
2009-10-11 10:56:43 306688 ----a-w- c:\windows\IsUninst.exe
2009-10-10 06:35:55 7 ----a-w- c:\windows\system32\ANIWZCSUSERNAME{1F4FB215-38EF-41EE-B764-4D42B847C4AD}
2009-10-08 10:08:03 77415 ----a-w- c:\windows\War3Unin.dat
2009-10-08 10:08:03 2829 ----a-w- c:\windows\War3Unin.pif
2009-10-08 10:08:02 139264 ----a-w- c:\windows\War3Unin.exe
2009-10-08 07:10:58 0 d-----w- C:\Nexon
2009-10-08 07:10:58 0 d-----w- c:\docume~1\alluse~1\applic~1\NexonUS
2009-10-08 07:02:54 73216 ------w- c:\windows\system32\drivers\atintuxx.sys
2009-10-07 08:32:00 376 ----a-w- c:\windows\ODBC.INI
2009-10-07 08:31:58 28040 ----a-w- c:\windows\system32\mdimon.dll
2009-10-07 08:31:41 0 d-----w- c:\program files\Microsoft ActiveSync
2009-10-07 08:31:19 0 d-----w- c:\windows\SHELLNEW
2009-10-07 08:03:30 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-10-07 08:03:30 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-10-07 08:03:29 0 d-----w- c:\program files\common files\Real
2009-10-04 09:05:00 0 d-----w- c:\program files\GameSpy Arcade
2009-10-03 13:01:42 0 d-----w- c:\windows\system32\XPSViewer
2009-10-03 13:01:10 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintpr oc.dll
2009-10-03 13:01:10 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesv c.exe
2009-10-03 13:01:10 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-10-03 13:01:10 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-10-03 13:01:10 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-10-03 13:01:10 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-10-03 13:01:10 117760 ------w- c:\windows\system32\prntvpt.dll
2009-10-03 13:01:10 0 d-----w- C:\cf8620db5b82afa4d0a4624dbf97c312
2009-10-03 12:59:14 0 d-----w- c:\program files\MSXML 6.0
2009-10-03 06:32:30 7 ----a-w- c:\windows\system32\ANIWZCSUSERNAME{6734F20B-ADA2-4C2A-AEBE-5710C0CAB2B6}
2009-10-02 07:47:43 0 d-----w- c:\program files\common files\DVDVideoSoft
==================== Find3M ====================
2009-11-01 04:17:41 138936 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-11-01 04:17:07 214504 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-09-29 04:03:58 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-09-27 09:54:10 4 ----a-w- C:\loadcounter.dat
2009-09-25 05:37:11 667136 ----a-w- c:\windows\system32\wininet.dll
2009-09-25 05:37:09 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-09-24 23:15:38 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-09-23 22:30:06 217088 ----a-w- c:\windows\system32\UAService7.exe
2009-09-23 21:53:04 737280 ----a-w- c:\windows\iun6002.exe
2009-09-23 10:32:15 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-05 09:01:48 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 15:13:08 2145280 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20:09 2023936 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-08-04 09:52:22 1193832 ----a-w- c:\windows\system32\FM20.DLL
2006-06-24 22:48:54 32768 ----a-r- c:\windows\inf\UpdateUSB.exe
2004-08-04 12:00:00 1392671 --sh--r- c:\windows\system32\msvbvm60.dll
============= FINISH: 16:05:51.93 ===============



Security Checker:

Results of screen317's Security Check version 0.99.0
Windows XP Service Pack 3
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
WMIC entry does not exist for antivirus; attempting automatic update.
``````````````````````````````
Anti-malware/Other Utilities Check:
Spyware Doctor 7.0
SUPERAntiSpyware Free Edition
HijackThis 2.0.2
TuneUp Utilities 2009
Java(TM) 6 Update 16
Adobe Flash Player 10
``````````````````````````````
Process Check:
objlist.exe by Laurent
``````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)
`````````End of Log```````````



NOTE ALL OTHER INFO IS DESCRIBES IN MY PREVIOUS POST OK!

Much appreciated:

Jordan

Run both these programs.

Please download Malwarebytes' Anti-Malware from one of these places:
|MG| Malwarebytes Anti-Malware 1.41 Download
Malwarebytes Anti-Malware - Reviews and free Malwarebytes Anti-Malware downloads at Download.com


Double Click mbam-setup.exe to install the application.
If it will not run make a copy of the MBAM.exe and rename MBAM.exe to xxx.exe and run that.Keep the genuine MBAM.exe as we may need to run that later as is.
* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire report in your next reply.
PLEASE NOTE:
If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.
Once that Malwarebytes' Anti-Malware is done removing the malware and you have rebooted the computer, browse around and see if you are still having that problem.

================================================== ===================================


You will need to download ComboFix.exe. Download Combofix from any of the links below. You must rename it before saving it. Name it ComFx, and Save it to your desktop.


http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe


* IMPORTANT !!! Save ComboFix.exe to your Desktop
It is important that it is saved and renamed following this process directly to your desktop**


Disable your AntiVirus and AntiSpyware applications, usually via a right-click on the System Tray icon. They may otherwise interfere with our tools. More help on your specific AV here: How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Double click on ComFx.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.




Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes to continue scanning for malware.
When finished, it shall produce a log for you. Please include the ComboFix.txt in your reply.

Caution.....
Never use this program to remove files.Only use it with help from an experienced user.Wrongful use can damage your computer.

Ok i have run the requested scans and it looks like we have a few nasty buggers on our hands, so here are the reports:

Malwarebytes' Anti-Malware 1.41
Database version: 3090
Windows 5.1.2600 Service Pack 3
11/3/2009 6:30:01 PM
mbam-log-2009-11-03 (18-30-01).txt
Scan type: Quick Scan
Objects scanned: 101400
Time elapsed: 3 minute(s), 33 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 14
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
C:\Documents and Settings\Jordan\Local Settings\Application Data\Bron.tok-18-12 (Worm.Brontok) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jordan\Local Settings\Application Data\Bron.tok-18-13 (Worm.Brontok) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jordan\Local Settings\Application Data\Bron.tok-18-14 (Worm.Brontok) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jordan\Local Settings\Application Data\Bron.tok-18-15 (Worm.Brontok) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jordan\Local Settings\Application Data\Bron.tok-18-18 (Worm.Brontok) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jordan\Local Settings\Application Data\Bron.tok-18-19 (Worm.Brontok) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jordan\Local Settings\Application Data\Bron.tok-18-20 (Worm.Brontok) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jordan\Local Settings\Application Data\Bron.tok-18-21 (Worm.Brontok) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jordan\Local Settings\Application Data\Bron.tok-18-22 (Worm.Brontok) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jordan\Local Settings\Application Data\Bron.tok-18-23 (Worm.Brontok) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jordan\Local Settings\Application Data\Bron.tok-18-25 (Worm.Brontok) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Bron.tok-18-18 (Worm.Brontok) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Bron.tok-18-19 (Worm.Brontok) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Bron.tok-18-22 (Worm.Brontok) -> Quarantined and deleted successfully.
Files Infected:
(No malicious items detected)


ComboFix 09-11-02.02 - Jordan 11/03/2009 18:44.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3583.3010 [GMT 10:00]
Running from: c:\documents and settings\Jordan\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Jordan\Local Settings\Application Data\Bron.tok.A18.em.bin
c:\documents and settings\Jordan\Local Settings\Application Data\Kosong.Bron.Tok.txt
c:\documents and settings\NetworkService\Local Settings\Application Data\Bron.tok.A18.em.bin
c:\documents and settings\NetworkService\Local Settings\Application Data\BronNPath0.txt
c:\documents and settings\NetworkService\Local Settings\Application Data\Kosong.Bron.Tok.txt
c:\windows\system32\sistem.sys
.
((((((((((((((((((((((((( Files Created from 2009-10-03 to 2009-11-03 )))))))))))))))))))))))))))))))
.
2009-11-03 08:19 . 2009-11-03 08:19 -------- d-----w- c:\documents and settings\Jordan\Application Data\Malwarebytes
2009-11-03 08:19 . 2009-09-10 04:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-03 08:19 . 2009-11-03 08:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-03 08:19 . 2009-09-10 04:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-03 08:19 . 2009-11-03 08:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-01 09:42 . 2009-11-01 09:42 -------- d-----w- c:\program files\LanSchool
2009-10-31 13:00 . 2009-10-31 13:00 -------- d-----w- c:\documents and settings\Jordan\Local Settings\Application Data\Threat Expert
2009-10-31 12:25 . 2009-10-31 12:25 -------- d-----w- c:\program files\Common Files\xing shared
2009-10-29 07:43 . 2009-10-29 07:43 -------- d-----w- c:\program files\Youtube Downloader HD
2009-10-28 09:58 . 2009-10-28 10:02 63 ----a-w- c:\documents and settings\Jordan\jagex_runescape_preferences2.dat
2009-10-28 09:57 . 2009-10-28 10:01 38 ----a-w- c:\documents and settings\Jordan\jagex_runescape_preferences.dat
2009-10-27 07:43 . 2009-10-27 07:43 -------- d-----w- c:\windows\.jagex_cache_32
2009-10-27 07:40 . 2009-10-27 07:40 -------- d-----w- c:\program files\Java
2009-10-27 07:24 . 2009-10-27 07:24 -------- d-----w- c:\windows\Sun
2009-10-27 07:23 . 2009-10-27 07:40 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-26 07:17 . 2009-10-26 07:17 148784 ----a-w- c:\windows\system32\lsk_iblk.dll
2009-10-26 07:17 . 2009-10-26 07:17 66352 ----a-w- c:\windows\system32\lskhook64.dll
2009-10-26 07:17 . 2009-10-26 07:17 75056 ----a-w- c:\windows\system32\lskhook.dll
2009-10-25 06:18 . 2009-10-25 06:18 2285056 ----a-w- c:\windows\system32\TUKernel.exe
2009-10-25 04:16 . 2009-10-25 04:16 604488 ----a-w- c:\windows\system32\TUProgSt.exe
2009-10-25 04:16 . 2009-07-15 01:48 29000 ----a-w- c:\windows\system32\uxtuneup.dll
2009-10-25 04:16 . 2009-10-25 04:16 361288 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-10-25 04:16 . 2009-10-25 04:16 -------- d-----w- c:\documents and settings\Jordan\Application Data\TuneUp Software
2009-10-25 04:16 . 2009-10-25 04:16 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software
2009-10-25 04:16 . 2009-10-25 06:11 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-10-25 04:13 . 2009-10-25 04:13 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-10-25 03:04 . 2009-10-25 03:04 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-10-25 03:04 . 2009-10-25 03:04 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-10-25 03:04 . 2009-10-25 03:04 -------- d-----w- c:\documents and settings\Jordan\Application Data\SUPERAntiSpyware.com
2009-10-25 03:03 . 2009-10-25 03:03 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-24 22:45 . 2009-10-24 22:45 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Mozilla
2009-10-20 11:56 . 2009-10-08 01:31 149456 ----a-w- c:\windows\SGDetectionTool.dll
2009-10-20 11:56 . 2009-10-08 01:31 165840 ----a-w- c:\windows\PCTBDRes.dll
2009-10-20 11:56 . 2009-10-08 01:31 1636304 ----a-w- c:\windows\PCTBDCore.dll
2009-10-20 11:56 . 2009-10-08 01:31 767952 ----a-w- c:\windows\BDTSupport.dll
2009-10-20 11:56 . 2009-10-02 04:19 1152470 ----a-w- c:\windows\UDB.zip
2009-10-20 11:56 . 2008-11-26 02:08 131 ----a-w- c:\windows\IDB.zip
2009-10-20 11:48 . 2009-09-23 22:55 229304 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-10-20 11:48 . 2009-10-06 06:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-10-20 11:48 . 2009-09-23 06:10 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-10-20 11:48 . 2009-09-02 23:45 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-10-20 11:48 . 2009-10-20 11:56 -------- d-----w- c:\program files\Common Files\PC Tools
2009-10-20 11:48 . 2009-11-03 08:37 -------- d-----w- c:\program files\Spyware Doctor
2009-10-20 11:48 . 2009-10-20 11:48 -------- d-----w- c:\documents and settings\Jordan\Application Data\PC Tools
2009-10-20 11:48 . 2009-10-20 11:48 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-10-20 11:48 . 2009-11-03 08:40 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-20 11:47 . 2009-10-20 11:47 -------- d-s---w- c:\documents and settings\Jordan\UserData
2009-10-20 09:08 . 2009-08-13 15:16 512000 -c----w- c:\windows\system32\dllcache\jscript.dll
2009-10-20 08:47 . 2009-10-20 08:47 -------- d-----w- c:\windows\system32\scripting
2009-10-20 08:47 . 2009-10-20 08:47 -------- d-----w- c:\windows\system32\en
2009-10-20 08:47 . 2009-10-20 08:47 -------- d-----w- c:\windows\system32\bits
2009-10-20 08:47 . 2009-10-20 08:47 -------- d-----w- c:\windows\l2schemas
2009-10-18 07:16 . 2009-10-18 07:16 391 ----a-w- c:\documents and settings\NetworkService\Local Settings\Application Data\JunkAtx18.bin
2009-10-18 04:15 . 2009-08-06 09:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-10-18 04:15 . 2009-08-06 09:23 215920 ----a-w- c:\windows\system32\muweb.dll
2009-10-18 01:10 . 2009-10-18 01:10 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Ok-SendMail-Bron-tok
2009-10-18 01:08 . 2009-10-22 07:23 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Loc.Mail.Bron.Tok
2009-10-18 01:05 . 2009-10-18 09:29 -------- d-----w- c:\program files\Microsoft Silverlight
2009-10-18 01:05 . 2009-10-18 01:05 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-10-18 01:04 . 2009-10-18 01:04 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-10-18 01:04 . 2009-10-30 08:41 -------- d-----w- c:\documents and settings\Jordan\Tracing
2009-10-18 01:03 . 2009-10-18 01:05 -------- d-----w- c:\program files\Microsoft
2009-10-18 01:03 . 2009-10-18 01:03 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-10-18 00:47 . 2009-10-18 00:47 -------- d-----w- c:\program files\Common Files\Windows Live
2009-10-18 00:38 . 2009-10-18 01:05 -------- d-----w- c:\program files\Windows Live
2009-10-17 07:48 . 2009-09-23 00:41 26176 ---ha-w- c:\windows\system32\hamachi.sys
2009-10-16 07:29 . 2008-01-23 00:19 692224 ----a-w- c:\windows\system32\ANIWZCS2.dll
2009-10-16 07:29 . 2007-12-11 05:36 245760 ----a-w- c:\windows\system32\WlanApp.dll
2009-10-16 07:29 . 2007-11-21 08:36 217088 ----a-w- c:\windows\system32\aIPH.dll
2009-10-16 07:29 . 2007-10-08 09:13 262144 ----a-w- c:\windows\system32\wnicapi.dll
2009-10-16 07:29 . 2006-09-26 03:49 45115 ----a-w- c:\windows\system32\ANICtl.dll
2009-10-16 07:29 . 2005-10-26 22:55 49152 ----a-w- c:\windows\system32\JJAKEn.dll
2009-10-16 07:29 . 2005-10-19 08:19 49152 ----a-w- c:\windows\system32\AQCKGen.dll
2009-10-16 07:29 . 2005-10-19 08:19 1327189 ----a-w- c:\windows\system32\odSupp_M.dll
2009-10-16 07:28 . 2009-10-16 07:29 -------- d-----w- c:\program files\ANI
2009-10-16 07:28 . 2007-11-21 08:46 36864 ----a-w- c:\windows\system32\ANIOApi.dll
2009-10-16 07:28 . 2007-05-12 06:39 48128 ----a-w- c:\windows\system32\ANIO64.sys
2009-10-16 07:28 . 2007-05-12 06:39 28195 ----a-w- c:\windows\system32\ANIO.sys
2009-10-16 07:28 . 2007-05-12 06:39 11904 ----a-w- c:\windows\system32\anio4.sys
2009-10-16 07:28 . 2009-10-16 07:28 -------- d-----w- c:\program files\D-Link
2009-10-12 13:37 . 2008-04-14 00:09 6144 ----a-w- c:\windows\system32\kbd106.dll
2009-10-12 13:37 . 2001-08-17 12:36 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll
2009-10-12 13:37 . 2001-08-17 12:36 8704 ----a-w- c:\windows\system32\kbdjpn.dll
2009-10-12 13:37 . 2001-08-17 12:36 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll
2009-10-12 13:37 . 2001-08-17 12:36 8192 ----a-w- c:\windows\system32\kbdkor.dll
2009-10-12 13:37 . 2001-08-17 04:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101c.dll
2009-10-12 13:37 . 2001-08-17 04:55 6144 ----a-w- c:\windows\system32\kbd101c.dll
2009-10-12 13:37 . 2001-08-17 04:55 5632 -c--a-w- c:\windows\system32\dllcache\kbd103.dll
2009-10-12 13:37 . 2001-08-17 04:55 5632 ----a-w- c:\windows\system32\kbd103.dll
2009-10-12 13:37 . 2001-08-17 04:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll
2009-10-12 13:37 . 2001-08-17 04:55 6144 ----a-w- c:\windows\system32\kbd101b.dll
2009-10-12 13:31 . 2009-10-12 13:31 391 ----a-w- c:\documents and settings\Jordan\Local Settings\Application Data\JunkAtx18.bin
2009-10-12 13:31 . 2009-10-12 13:31 -------- d-----w- c:\documents and settings\Jordan\Local Settings\Application Data\Ok-SendMail-Bron-tok
2009-10-12 13:28 . 2009-10-20 12:00 -------- d-----w- c:\documents and settings\Jordan\Local Settings\Application Data\Loc.Mail.Bron.Tok
2009-10-11 10:56 . 2009-10-11 10:56 -------- d-----w- c:\windows\Profiles
2009-10-11 10:56 . 2009-10-11 10:57 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-11 10:56 . 2009-10-11 10:56 -------- d-----w- c:\windows\system32\Adobe
2009-10-11 10:56 . 2009-10-11 10:56 -------- d-----w- c:\documents and settings\Jordan\Application Data\InterTrust
2009-10-11 10:56 . 1998-10-29 04:45 306688 ----a-w- c:\windows\IsUninst.exe
2009-10-08 10:08 . 2009-10-10 08:11 77415 ----a-w- c:\windows\War3Unin.dat
2009-10-08 10:08 . 2009-10-08 10:15 2829 ----a-w- c:\windows\War3Unin.pif
2009-10-08 10:08 . 2009-10-08 10:15 139264 ----a-w- c:\windows\War3Unin.exe
2009-10-08 10:05 . 2009-10-10 08:36 -------- d-----w- c:\program files\Warcraft III
2009-10-08 07:10 . 2009-10-09 12:18 -------- d-----w- c:\documents and settings\All Users\Application Data\NexonUS
2009-10-08 07:10 . 2009-10-08 07:10 -------- d-----w- C:\Nexon
2009-10-08 07:02 . 2004-08-03 12:29 73216 ------w- c:\windows\system32\drivers\atintuxx.sys
2009-10-07 08:31 . 2007-04-09 03:23 28040 ----a-w- c:\windows\system32\mdimon.dll
2009-10-07 08:31 . 2009-10-07 08:31 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-10-07 08:31 . 2009-10-25 04:20 -------- d-----w- c:\windows\SHELLNEW
2009-10-07 08:30 . 2009-10-07 08:30 -------- d-----w- c:\program files\Microsoft.NET
2009-10-07 08:28 . 2009-10-07 08:28 -------- d-----r- C:\MSOCache
2009-10-07 08:03 . 2009-10-31 12:24 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-10-07 08:03 . 2009-10-31 12:24 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-10-07 08:03 . 2009-10-07 08:03 -------- d-----w- c:\program files\Real
2009-10-07 08:03 . 2009-10-31 12:25 -------- d-----w- c:\program files\Common Files\Real
2009-10-04 09:05 . 2009-10-04 09:05 -------- d-----w- c:\program files\GameSpy Arcade
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-11-01 07:49 . 2009-09-24 23:16 214504 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-11-01 07:41 . 2009-09-24 23:17 138936 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-10-31 12:59 . 2009-09-23 12:57 -------- d-----w- c:\program files\Minefield
2009-10-26 08:10 . 2009-09-23 11:39 -------- d-----w- c:\program files\Steam
2009-10-25 03:39 . 2009-10-02 07:47 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2009-10-21 08:26 . 2009-09-23 11:00 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-20 10:28 . 2009-09-23 11:16 47024 ----a-w- c:\documents and settings\Jordan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-04 09:00 . 2009-09-23 12:49 -------- d-----w- c:\program files\EA GAMES
2009-10-03 13:01 . 2009-10-03 13:01 -------- d-----w- c:\program files\MSBuild
2009-10-03 13:01 . 2009-10-03 13:01 -------- d-----w- c:\program files\Reference Assemblies
2009-10-03 12:59 . 2009-10-03 12:59 -------- d-----w- c:\program files\MSXML 6.0
2009-09-29 04:03 . 2009-09-23 22:30 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-09-28 09:56 . 2009-09-24 05:29 0 ------w- c:\documents and settings\NetworkService\Local Settings\Application Data\NetMailTmp.bin
2009-09-28 09:56 . 2009-09-24 05:29 0 ------w- c:\documents and settings\Jordan\Local Settings\Application Data\NetMailTmp.bin
2009-09-27 09:54 . 2009-09-27 09:54 4 ----a-w- C:\loadcounter.dat
2009-09-27 09:43 . 2009-09-27 09:39 -------- d-----w- c:\program files\Easy Video Downloader
2009-09-27 04:53 . 2009-09-24 00:14 -------- d-----w- c:\program files\World of Warcraft
2009-09-25 05:37 . 2004-08-04 12:00 667136 ----a-w- c:\windows\system32\wininet.dll
2009-09-25 05:37 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-09-24 23:15 . 2009-09-24 23:15 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-09-24 01:39 . 2009-09-24 01:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard
2009-09-24 01:12 . 2009-09-24 01:12 -------- d-----w- c:\program files\MSECache
2009-09-24 01:10 . 2009-09-24 01:10 -------- d-----w- c:\program files\Curse
2009-09-24 00:18 . 2009-09-24 00:18 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2009-09-23 22:30 . 2009-09-23 22:30 217088 ----a-w- c:\windows\system32\UAService7.exe
2009-09-23 22:26 . 2009-09-23 22:26 -------- d-----w- c:\program files\Codemasters
2009-09-23 22:02 . 2009-09-23 22:02 -------- d-----w- c:\program files\City Interactive
2009-09-23 21:53 . 2009-09-23 21:24 767 ----a-w- c:\windows\eReg.dat
2009-09-23 21:53 . 2009-09-23 21:53 -------- d-----w- c:\program files\Byteswarm
2009-09-23 21:53 . 2009-09-23 21:53 737280 ----a-w- c:\windows\iun6002.exe
2009-09-23 12:57 . 2009-09-23 12:57 0 ----a-w- c:\windows\nsreg.dat
2009-09-23 12:39 . 2009-09-23 11:37 -------- d-----w- c:\program files\Valve
2009-09-23 11:42 . 2009-09-23 10:48 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-09-23 11:36 . 2009-09-23 11:36 -------- d-----w- c:\program files\BitTorrent
2009-09-23 11:30 . 2009-09-23 10:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-09-23 11:16 . 2009-09-23 11:16 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI
2009-09-23 11:16 . 2009-09-23 11:16 -------- d-----w- c:\documents and settings\Jordan\Application Data\ATI
2009-09-23 11:16 . 2009-09-23 11:16 0 ----a-w- c:\windows\ativpsrm.bin
2009-09-23 11:15 . 2009-09-23 11:10 -------- d-----w- c:\program files\ATI Technologies
2009-09-23 11:13 . 2009-09-23 11:13 -------- d-----w- c:\program files\Common Files\ATI Technologies
2009-09-23 11:10 . 2009-09-23 10:59 -------- d-----w- c:\program files\Common Files\InstallShield
2009-09-23 11:05 . 2009-09-23 11:00 -------- d-----w- c:\program files\Realtek
2009-09-23 11:05 . 2009-09-23 11:05 -------- d-----w- c:\documents and settings\Jordan\Application Data\InstallShield
2009-09-23 10:57 . 2009-09-23 10:57 -------- d-----w- c:\program files\Intel
2009-09-23 10:50 . 2009-09-23 10:50 -------- d-----w- c:\documents and settings\Jordan\Application Data\Symantec
2009-09-23 10:35 . 2009-09-23 10:35 -------- d-----w- c:\program files\microsoft frontpage
2009-08-06 09:24 . 2004-08-04 12:00 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 09:23 . 2009-09-23 10:32 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 09:23 . 2009-09-23 10:32 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:01 . 2004-08-04 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2004-08-04 12:00 . 2004-08-04 12:00 1392671 --sh--r- c:\windows\system32\msvbvm60.dll
2008-04-14 00:12 . 2008-04-14 00:12 1384479 --sh--r- c:\windows\system32\SET2B0.tmp
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{472734EA-242A-422B-ADF8-83D1E48CC825}"= "c:\program files\Spyware Doctor\BDT\PCTBrowserDefender.dll" [2009-10-08 395216]
[HKEY_CLASSES_ROOT\clsid\{472734ea-242a-422b-adf8-83d1e48cc825}]
[HKEY_CLASSES_ROOT\BrowserDefender.BDToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{175B7885-28AB-4D18-8773-7A13A99980A4}]
[HKEY_CLASSES_ROOT\BrowserDefender.BDToolbar]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{472734EA-242A-422B-ADF8-83D1E48CC825}"= "c:\program files\Spyware Doctor\BDT\PCTBrowserDefender.dll" [2009-10-08 395216]
[HKEY_CLASSES_ROOT\clsid\{472734ea-242a-422b-adf8-83d1e48cc825}]
[HKEY_CLASSES_ROOT\BrowserDefender.BDToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{175B7885-28AB-4D18-8773-7A13A99980A4}]
[HKEY_CLASSES_ROOT\BrowserDefender.BDToolbar]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-10-12 2000112]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152]
"D-Link D-Link Wireless G DWA-110"="c:\program files\D-Link\D-Link Wireless G DWA-110\AirGCFG.exe" [2008-04-15 1675264]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2009-09-22 1243088]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-27 149280]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-10-31 198160]
"Teacher"="c:\program files\LanSchool\teacher.exe" [2009-10-26 2241840]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-11-17 17676288]
[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\documents and settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 05:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield Vietnam\\bfvietnam.exe"=
"c:\\Program Files\\Curse\\CurseClient.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\EA GAMES\\Need for Speed Most Wanted\\speed.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\nexon\Combat Arms\CombatArms.exe"= c:\nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"c:\nexon\Combat Arms\Engine.exe"= c:\nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Nexon\\Combat Arms\\NMService.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LanSchool\\student.exe"=
"c:\\Program Files\\LanSchool\\teacher.exe"=
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [10/20/2009 9:48 PM 207280]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [10/12/2009 9:24 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/12/2009 9:24 PM 74480]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [10/20/2009 9:56 PM 112592]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [10/20/2009 9:48 PM 358600]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [10/25/2009 2:16 PM 604488]
R3 lsmirror;lsmirror;c:\windows\system32\drivers\lsmi rror.sys [12/21/2007 1:33 PM 5632]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [10/12/2009 9:24 PM 7408]
S3 PciCon;PciCon;\??\e:\pcicon.sys --> e:\PciCon.sys [?]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - MBR
*NewlyCreated* - PROCEXP113
*Deregistered* - mbr
*Deregistered* - PCTSDInjDriver32
*Deregistered* - PROCEXP113
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
2009-11-01 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-07-16 00:54]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

************************************************** ************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-03 18:46
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Curr entVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Curr entVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Curr entVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(888)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-11-03 18:47
ComboFix-quarantined-files.txt 2009-11-03 08:47
Pre-Run: 104,475,332,608 bytes free
Post-Run: 108,544,614,400 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Micro soft Windows XP Professional" /noexecute=optin /fastdetect /TUTag=SAA02X /Kernel=TUKernel.exe
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Micro soft Windows XP Professional (TuneUp Backup)" /noexecute=optin /fastdetect /TUTag=SAA02X-BAK
- - End Of File - - 7622632C0D7ED4E7DA87851D15C2FCC4


NOTE, THE OTHER REPORT IS AN ATTACHMENT OK

kind regards

Jordan

Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.
It's IMPORTANT to carry out the instructions in the sequence listed below.
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open *notepad* and copy/paste the red text in the quotebox below into it:
Save this as CFScript.txt, in the same location as ComboFix.exe which is on the Desktop.


Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt
Please copy and paste the ComboFix.txt in your next reply please.

*Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.Altering this script in any way could damage your computer*

OK well i completed the scan once more and here are the results:

PS:they are attached to reply.

Kind regards

Jordan