here is my log from high jack this

**jholland1964** · 10-08-2010, 04:19 PM

Do this immediately. click Start, click All Programs, point to Accessories, point to System Tools, and then click Scheduled Tasks. The Scheduled Tasks window opens so that you can modify the settings. Clear out EVERYTHING in there, Everything.
Reboot. Go back in there and see if there is anything back in there. Report back immediately and let me know.
I will have some fixes that you will need to do with combofix but need to know the standing of the Scheduled Tasks folder first.

**jholland1964** · 10-08-2010, 04:27 PM

Also please will you get me an Uninstall list generated by HiJackThis.
To do this do the following:
Open HiJackThis.
Click on the Msc. Tools button.
Click on the Open Uninstall Manager button.
Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file copy and paste the contents of that notepad into a reply.

**keper** · 10-08-2010, 04:53 PM

Adobe AIR
Adobe AIR
Adobe Community Help
Adobe Community Help
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Media Player
Adobe Media Player
Adobe Photoshop CS5
Adobe Reader 9.4.0
ALLDATA Repair
AVIcodec (remove only)
Avira AntiVir Personal - Free Antivirus
CCleaner
CCScore
Codec Pack - All In 1 6.0.3.0
D-Link DGE-530T
ESET Online Scanner v3
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
ffdshow
fflink
Google Talk (remove only)
Google Talk Plugin
HiJackThis
Hitman Pro 3.5
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Java(TM) 6 Update 21
kgcbaby
kgcbase
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
K-Lite Codec Pack 5.5.1 (Full)
Kodak EasyShare software
Lexmark 730 Series
Logitech Camera Driver
Logitech Desktop Messenger
Logitech QuickCam Software
Logitech SetPoint
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Extended
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office 2000 Disc 2
Microsoft Office 2000 Professional
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Mozilla Firefox (3.6.10)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero Suite
netbrdg
OfotoXMI
Panda ActiveScan 2.0
PDF Settings CS5
Realtek AC'97 Audio
Revo Uninstaller 1.89
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SFR
SHASTA
skin0001
SKINXSDK
Skype™ 4.2
staticcr
SUPERAntiSpyware
ThreatFire
tooltips
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VPRINTOL
Vuze
Vuze Remote Toolbar
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
WIRELESS
Zoo Tycoon: Complete Collection

**jholland1964** · 10-08-2010, 05:04 PM

How did things go with the Task Scheduler removals?

**keper** · 10-08-2010, 05:15 PM

Hi it worked great.Nothing was left there when I rebooted my machine.(THANKS)
I had a problem getting combofix to work for me.Every time it was done scanning it would reboot my computer .On start up all my programs would start up and combofix would stall.I was almost ready to give up.I put computer in safe mode and it worked perfect. It did not reboot my computer. How did you know to go into task scheduler to remove programs from just looking at combo fix.I would like to know. Thanks Keper

**jholland1964** · 10-08-2010, 05:21 PM

Because of the listing in the log under
Contents of the 'Scheduled Tasks' folder

There is still more to do. Go here:
c:\program files\ and delete the following folders noted in bold:
c:\program files\InCode Solutions
c:\program files\Eusing Free Registry Cleaner

Then go here and delete the folder in bold:
c:\windows\'Full Speed' Internet Booster + Performance Tests

Be careful to only delete the ones in Bold, so you will have to open the containing folders, Program Files and then Windows folder and look for each one noted.

Come back and let me know when that is complete.

**keper** · 10-08-2010, 05:36 PM

Hi I just deleted the files in programs file and in windows file .The files you wanted me to delete.I just added more ram to my computer today in hopes that it may speed it up 1.99 ram. Thanks Keper

**jholland1964** · 10-08-2010, 05:37 PM

Give me a moment have some fixes for you with combofix

**jholland1964** · 10-08-2010, 05:48 PM

· Make sure that combofix.exe that you downloaded is on your Desktop but Do not run it!
If it is not on your Desktop, the below will not work.
· Open Notepad (It must be Notepad, NOT Wordpad) and copy/paste EVERYTHING in the below in the quote box into it

KillAll::

File::

c:\windows\system32\tcp2.exe
c:\windows\system32\bsf.exe
c:\windows\system32\ezsidmv.dat

Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
Now use your mouse to drag CFscript.txt on top of ComboFix.exe
Follow the prompts.
When it finishes, a log will be produced named c:\combofix.txt

Post back with the log.

**keper** · 10-08-2010, 06:57 PM

ComboFix 10-10-07.02 - KEITH 10/08/2010 20

48.6.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1510 [GMT -3:00]
Running from: c:\documents and settings\KEITH\Desktop\commy.exe
Command switches used :: c:\documents and settings\KEITH\Desktop\CFscript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

FILE ::
"c:\windows\system32\bsf.exe"
"c:\windows\system32\ezsidmv.dat"
"c:\windows\system32\tcp2.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\bsf.exe
c:\windows\system32\ezsidmv.dat
c:\windows\system32\tcp2.exe

.
((((((((((((((((((((((((( Files Created from 2010-09-08 to 2010-10-08 )))))))))))))))))))))))))))))))
.

2010-10-08 23:09 . 2010-10-08 23:20 -------- d-----r- C:\32788R22FWJFW
2010-10-08 20:43 . 2010-10-08 20:55 -------- d-----w- C:\commy
2010-10-08 13:16 . 2010-10-08 13:16 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2010-10-07 20:33 . 2010-10-07 20:33 -------- d-----w- c:\program files\VS Revo Group
2010-10-06 15:22 . 2010-10-06 15:22 388096 ----a-r- c:\documents and settings\KEITH\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-10-06 11:35 . 2010-10-06 11:35 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure
2010-10-05 21:38 . 2009-06-30 13:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-10-05 21:37 . 2010-10-05 21:37 -------- d-----w- c:\program files\Panda Security
2010-10-05 18:51 . 2010-10-05 18:51 -------- d-----w- c:\program files\Common Files\Skype
2010-10-02 13:53 . 2010-10-02 14:02 -------- d-----w- C:\aidualc3
2010-10-01 18:28 . 2010-10-01 18:28 -------- d-----w- c:\documents and settings\KEITH\Application Data\MozillaControl
2010-10-01 17:32 . 2010-10-01 17:32 -------- d--h--w- c:\windows\system32\GroupPolicy
2010-09-29 18:24 . 2010-09-29 18:24 -------- d-----w- c:\program files\uTorrent
2010-09-29 17:26 . 2010-09-29 17:39 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2010-09-18 16:39 . 2010-09-18 16:39 -------- d-----w- c:\documents and settings\KEITH\Application Data\Adobe Mini Bridge CS5
2010-09-18 16:38 . 2010-09-18 16:38 -------- d-----w- c:\documents and settings\KEITH\Application Data\StageManager.BD092818F67280F4B42B04877600987F 0111B594.1
2010-09-18 14:38 . 2010-09-18 14:38 -------- d-----w- c:\documents and settings\All Users\Application Data\regid.1986-12.com.adobe
2010-09-18 14:21 . 2010-09-18 14:21 -------- d-----w- c:\program files\Adobe Media Player
2010-09-18 14:17 . 2010-09-18 14:17 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-09-15 00:26 . 2010-09-15 00:28 -------- d-----w- c:\documents and settings\KEITH\Application Data\vlc
2010-09-13 01:01 . 2010-09-13 01:01 -------- d-----w- c:\program files\Microsoft.NET
2010-09-13 00:57 . 2010-09-13 00:58 -------- d-----w- c:\documents and settings\KEITH\Local Settings\Application Data\Deployment
2010-09-12 19:23 . 2010-09-12 19:23 -------- d-----w- C:\DISNEY

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2010-10-08 23:26 . 2010-08-23 07:03 -------- d-----w- c:\documents and settings\KEITH\Application Data\Skype
2010-10-08 21:52 . 2010-08-23 20:00 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-10-08 21:41 . 2010-02-22 01:35 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-10-08 21:02 . 2010-08-23 14:42 -------- d-----w- c:\documents and settings\KEITH\Application Data\skypePM
2010-10-08 16:50 . 2010-07-14 18:48 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-10-08 13:27 . 2010-08-12 13:47 -------- d-----w- c:\program files\Common Files\Adobe
2010-10-08 12:55 . 2010-09-07 21:42 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-10-07 13:26 . 2010-09-07 23:10 12872 ----a-w- c:\windows\system32\bootdelete.exe
2010-10-07 12:25 . 2010-07-20 16:18 -------- d-----w- c:\documents and settings\KEITH\Application Data\godzHell
2010-10-07 05:29 . 2009-12-18 20:45 -------- d-----w- c:\program files\Lx_cats
2010-10-05 18:51 . 2010-08-23 07:02 -------- d-----r- c:\program files\Skype
2010-10-05 18:51 . 2010-08-23 07:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-10-05 01:12 . 2010-07-14 18:49 63488 ----a-w- c:\documents and settings\KEITH\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\ SD10006.dll
2010-10-05 01:11 . 2010-07-14 18:49 117760 ----a-w- c:\documents and settings\KEITH\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\ UIREPAIR.DLL
2010-10-01 23:11 . 2009-12-26 23:32 -------- d-----w- c:\documents and settings\KEITH\Application Data\Media Player Classic
2010-09-30 19:22 . 2010-04-22 19:52 -------- d-----w- c:\program files\Google
2010-09-29 17:39 . 2010-02-09 00:59 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-18 15:12 . 2009-12-16 21:45 60392 ----a-w- c:\documents and settings\KEITH\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-09-18 14:17 . 2010-10-07 22:48 38784 ----a-w- c:\documents and settings\Administrator\Application Data\Macromedia\Flash Player\http://www.macromedia.com\bin\airapp...pinstaller.exe
2010-09-08 21:50 . 2010-09-08 21:50 -------- d-----w- c:\program files\TrendMicro
2010-09-08 21:26 . 2010-09-08 21:26 -------- d-----w- c:\program files\Trend Micro
2010-09-08 19:35 . 2010-09-08 19:35 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-09-07 23:10 . 2010-09-07 21:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2010-09-07 21:41 . 2010-09-07 21:41 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-09-07 18:44 . 2010-09-04 22:27 -------- d-----w- c:\documents and settings\KEITH\Application Data\Raptr
2010-09-07 18:43 . 2010-09-04 22:27 -------- d-----w- c:\program files\Raptr
2010-09-07 14:21 . 2010-09-07 14:21 -------- d-----w- c:\program files\ThreatFire
2010-09-07 14:21 . 2010-09-07 14:21 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-09-06 13:46 . 2010-09-06 13:36 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Azureus
2010-09-06 13:43 . 2010-01-03 20:13 -------- d-----w- c:\program files\CCleaner
2010-09-06 13:36 . 2010-09-06 13:36 310208 ----a-w- c:\documents and settings\NetworkService\Application Data\Azureus\plugins\mlab\ShaperProbeC.exe
2010-09-04 22:24 . 2010-01-27 21:14 -------- d-----w- c:\program files\Vuze
2010-09-04 22:23 . 2010-09-04 22:23 -------- d-----w- c:\program files\Conduit
2010-09-04 22:23 . 2010-09-04 22:23 -------- d-----w- c:\program files\Vuze_Remote
2010-08-31 15:11 . 2010-08-31 15:11 3401880 ----a-w- c:\documents and settings\KEITH\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
2010-08-31 14:55 . 2010-08-31 14:55 275096 ----a-w- c:\documents and settings\KEITH\Application Data\Mozilla\plugins\npgoogletalk.dll
2010-08-31 14:39 . 2010-08-31 14:39 3734536 ----a-w- c:\documents and settings\KEITH\Application Data\Mozilla\plugins\Google Talk Plugin Extras\d3dx9_36.dll
2010-08-30 16:17 . 2010-08-30 16:17 -------- d-----w- c:\documents and settings\All Users\Application Data\SBT
2010-08-30 16:17 . 2010-08-30 16:17 -------- d-----w- c:\program files\Snapshot Viewer
2010-08-30 16:16 . 2009-12-16 20:19 -------- d-----w- c:\program files\microsoft frontpage
2010-08-30 16:09 . 2010-08-30 16:09 -------- d-----w- c:\documents and settings\KEITH\Application Data\Microsoft Web Folders
2010-08-23 15:30 . 2010-02-11 15:49 -------- d-----w- c:\program files\Common Files\Logitech
2010-08-23 15:29 . 2010-02-11 15:49 -------- d-----w- c:\program files\Logitech
2010-08-23 15:29 . 2009-12-17 17:31 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-17 13:17 . 2004-08-10 11:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-12 13:59 . 2010-08-12 13:59 -------- d-----w- c:\program files\Common Files\Java
2010-08-12 13:59 . 2010-08-12 13:59 61440 ----a-w- c:\documents and settings\KEITH\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\448889 2a-6d89770c-n\decora-sse.dll
2010-08-12 13:59 . 2010-08-12 13:59 503808 ----a-w- c:\documents and settings\KEITH\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf0 4-147b8274-n\msvcp71.dll
2010-08-12 13:59 . 2010-08-12 13:59 499712 ----a-w- c:\documents and settings\KEITH\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf0 4-147b8274-n\jmc.dll
2010-08-12 13:59 . 2010-08-12 13:59 348160 ----a-w- c:\documents and settings\KEITH\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf0 4-147b8274-n\msvcr71.dll
2010-08-12 13:59 . 2010-08-12 13:59 12800 ----a-w- c:\documents and settings\KEITH\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\448889 2a-6d89770c-n\decora-d3d.dll
2010-08-12 13:58 . 2010-08-12 13:58 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-12 13:58 . 2010-08-12 13:58 -------- d-----w- c:\program files\Java
2010-08-12 13:58 . 2010-08-12 13:58 79488 ----a-w- c:\documents and settings\KEITH\Application Data\Sun\Java\jre1.6.0_21\gtapi.dll
2010-08-12 13:58 . 2010-08-12 13:58 152576 ----a-w- c:\documents and settings\KEITH\Application Data\Sun\Java\jre1.6.0_21\lzma.dll
2010-08-11 23:56 . 2010-07-19 15:04 -------- d-----w- c:\documents and settings\KEITH\Application Data\MSN6
2010-08-11 13:08 . 2010-08-11 13:08 -------- d-----w- c:\program files\ESET
2010-08-10 22:39 . 2010-08-04 15:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-22 15:49 . 2004-08-10 11:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57 . 2009-12-17 23:35 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-07-21 07:44 . 2009-12-16 21:26 0 ----a-w- c:\windows\system32\drivers\OMCI.SYS
2010-07-20 16:42 . 2010-07-20 16:42 17 ----a-w- c:\documents and settings\KEITH\Application Data\godzHell\jag2png.bat
2010-07-14 18:49 . 2010-07-14 18:49 52224 ----a-w- c:\documents and settings\KEITH\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\ SD10005.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-09-30 2424560]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe" [2010-08-23 32768]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-01-18 196608]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-09-02 13351304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"LXCFCATS"="c:\windows\System32\spool\DRIVERS\W32X 86\3\LXCFtime.dll" [2005-04-27 69632]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-09-01 221184]
"LogitechCameraAssistant"="c:\program files\Logitech\Video\CameraAssistant.exe" [2005-09-07 434176]
"LogitechVideo[inspector]"="c:\program files\Logitech\Video\InstallHelper.exe" [2005-09-07 09:39 73728]
"LogitechCameraService(E)"="c:\windows\system32\El kCtrl.exe" [2004-11-01 262144]
"ThreatFire"="c:\program files\ThreatFire\TFTray.exe" [2010-01-14 378128]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"HitmanPro35"="c:\program files\Hitman Pro 3.5\HitmanPro35.exe" [2010-09-11 6305088]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.e xe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.ex e" [2010-07-23 402432]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2010-8-23 450560]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-01-19 21:20 135664 ----atw- c:\documents and settings\KEITH\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
2010-08-23 15:28 32768 ----a-w- c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2010-09-29 18:24 386936 ----a-w- c:\program files\uTorrent\uTorrent.exe

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\lxcfcoms.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessen ger.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Raptr\\raptr.exe"=
"c:\\Program Files\\Raptr\\raptr_im.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Documents and Settings\\KEITH\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"29156:TCP"= 29156:TCP:ares

R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMo n.sys [9/7/2010 11:21 AM 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSy sMon.sys [9/7/2010 11:21 AM 59664]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboo t.sys [10/5/2010 6:38 PM 28552]
S1 SABKUTIL;SABKUTIL;\??\c:\program files\SUPERAntiSpyware\SABKUTIL.sys --> c:\program files\SUPERAntiSpyware\SABKUTIL.sys [?]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 3:25 PM 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 3:41 PM 67656]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [7/14/2010 5:18 PM 135336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 ThreatFire;ThreatFire;c:\program files\ThreatFire\TFService.exe service --> c:\program files\ThreatFire\TFService.exe service [?]
S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?]
S3 m4cxw2k3;NDIS5.1 Miniport Driver for D-Link PCI Express Ethernet Controller;c:\windows\system32\drivers\m4cxw2k3.sy s [2/15/2007 9:04 AM 250752]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/10/2004 8:00 AM 14336]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 1:37 PM 517096]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNe tMon.sys [9/7/2010 11:21 AM 33552]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30 319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
FF - ProfilePath - c:\documents and settings\KEITH\Application Data\Mozilla\Firefox\Profiles\j8vb72o4.default\
FF - plugin: c:\documents and settings\KEITH\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\KEITH\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\KEITH\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dl l
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-bsf - bsf.exe

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\T hreatFire]
"AlternateImagePath"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(232)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(756)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2010-10-08 20:55:30 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-08 23:55
ComboFix2.txt 2010-10-08 20:55

Pre-Run: 54,057,316,352 bytes free
Post-Run: 54,123,446,272 bytes free

- - End Of File - - 33B4E4F5BD304D6ACB1060107ED62E6C

Thread: here is my log from high jack this

Thread Tools

Display

Thread Information

Users Browsing this Thread

Posting Permissions