Inactive [A] Help! Infected with RootKit.ZeroAccess Virus

Status
Not open for further replies.
Didn't have a disc so I downloaded and burned the rc.iso file. Rebooted infected pc from this disc - went into windows setup and it began running then hit this bluescreen (attached photo)
 

Attachments

  • screen.jpg
    screen.jpg
    193 KB · Views: 3
I tried it several more times. It will load all the files in Windows Setup - but goes to bluescreen when it tries to boot XP
 
Let's see, if we can look at your computer booting from an external source.

Please download OTLPE (filesize 120,9 MB)

  • When downloaded double click on OTLPENet.exe and make sure there is a blank CD in your CD drive. This will automatically create a bootable CD.
  • Reboot your system using the boot CD you just created.
    • Note : If you do not know how to set your computer to boot from CD follow the steps here
  • Your system should now display a REATOGO-X-PE desktop.
  • Depending on your type of internet connection, you should be able to get online as well so you can access this topic more easily.
  • Double-click on the OTLPE icon.
  • When asked Do you wish to load the remote registry, select Yes
  • When asked Do you wish to load remote user profile(s) for scanning, select Yes
  • Ensure the box Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start.
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive if you do not have internet connection on this system
  • Please post the contents of the OTL.txt file in your reply.
 
It worked!

OTL logfile created on: 3/5/2012 9:27:42 AM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 292.97 Gb Total Space | 131.11 Gb Free Space | 44.75% Space Free | Partition Type: NTFS
Drive D: | 303.19 Gb Total Space | 188.71 Gb Free Space | 62.24% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet002

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto] -- -- (wscsvc)
SRV - [2012/01/16 16:28:30 | 000,546,768 | ---- | M] (Threat Expert Ltd.) [Auto] -- C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/01/11 16:18:14 | 001,117,624 | ---- | M] (PC Tools) [On_Demand] -- C:\Program Files\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2012/01/11 14:56:12 | 000,402,336 | ---- | M] (PC Tools) [On_Demand] -- C:\Program Files\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2012/01/11 14:56:08 | 000,071,008 | ---- | M] (PC Tools) [On_Demand] -- C:\Program Files\PC Tools Security\TFEngine\TFService.exe -- (ThreatFire)
SRV - [2011/04/05 07:26:34 | 000,045,056 | ---- | M] (Intuit) [Auto] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2011/01/27 16:13:50 | 000,226,624 | ---- | M] () [Auto] -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2009/12/13 12:36:30 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/11/06 14:24:52 | 000,195,176 | ---- | M] (NVIDIA) [Auto] -- C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe -- (UpdateCenterService)
SRV - [2009/11/06 14:13:20 | 000,191,080 | ---- | M] (NVIDIA) [Auto] -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)
SRV - [2009/08/18 01:25:12 | 000,678,912 | ---- | M] (Intuit, Inc.) [Disabled] -- C:\Program Files\Intuit\QuickBooks 2007\QBDBMgrN.exe -- (QuickBooksDB20)
SRV - [2009/08/18 01:25:12 | 000,678,912 | ---- | M] (Intuit, Inc.) [Auto] -- C:\Program Files\Intuit\QuickBooks 2007\QBDBMgrN.exe -- (QuickBooksDB17)
SRV - [2009/07/23 20:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2009/03/27 23:10:56 | 000,014,336 | ---- | M] (LSI Corporation) [Auto] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008/12/18 13:05:40 | 000,191,008 | ---- | M] () [Auto] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/08/15 05:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2007/03/15 14:48:26 | 000,535,807 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Auto] -- C:\WINDOWS\System32\hasplms.exe -- (hasplms)
SRV - [2005/04/27 15:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\UPHClean\uphclean.exe -- (UPHClean)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | On_Demand] -- -- (catchme)
DRV - File not found [Kernel | Boot] -- -- (ACPI)
DRV - [2012/03/04 18:06:52 | 000,060,416 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\system32\drivers\Combo-Fix.sys -- (vkquwexg)
DRV - [2012/01/11 16:19:24 | 000,070,536 | ---- | M] (PC Tools) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pctplsg.sys -- (pctplsg)
DRV - [2012/01/11 16:19:02 | 000,185,560 | ---- | M] (PC Tools) [Kernel | System] -- C:\WINDOWS\system32\drivers\PCTSD.sys -- (PCTSD)
DRV - [2012/01/11 16:14:30 | 000,253,352 | ---- | M] (PC Tools) [Kernel | System] -- C:\WINDOWS\system32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2012/01/11 14:56:12 | 000,574,424 | --S- | M] (PC Tools) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\TfSysMon.sys -- (TFSysMon)
DRV - [2012/01/11 14:56:12 | 000,054,328 | --S- | M] (PC Tools) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - [2012/01/11 14:56:12 | 000,035,264 | --S- | M] (PC Tools) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/12/01 16:07:06 | 000,909,728 | ---- | M] (PC Tools) [File_System | Boot] -- C:\WINDOWS\system32\drivers\pctEFA.sys -- (pctEFA)
DRV - [2011/12/01 16:07:06 | 000,342,168 | ---- | M] (PC Tools) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\pctDS.sys -- (pctDS)
DRV - [2011/11/14 15:12:26 | 000,331,880 | ---- | M] (PC Tools) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2011/09/28 13:14:02 | 000,056,840 | ---- | M] (PC Tools) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\PCTBD.sys -- (PCTBD)
DRV - [2010/12/03 13:03:08 | 000,020,352 | ---- | M] (Motorola) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\motccgp.sys -- (motccgp)
DRV - [2010/09/29 16:13:46 | 000,024,064 | ---- | M] (Motorola) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2010/04/01 12:31:50 | 000,023,424 | ---- | M] (Motorola) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Motousbnet.sys -- (Motousbnet)
DRV - [2010/01/25 17:56:44 | 000,009,472 | ---- | M] (Motorola Inc) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\motusbdevice.sys -- (motusbdevice)
DRV - [2009/10/19 02:29:36 | 000,009,472 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\dumpdrv.sys -- (DumpDrv)
DRV - [2009/09/15 14:59:28 | 000,038,248 | ---- | M] (NVIDIA Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nvoclock.sys -- (nvoclock)
DRV - [2009/08/13 16:07:12 | 001,163,328 | ---- | M] (LSI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/02/11 13:40:40 | 005,028,352 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/01/29 15:18:00 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2009/01/29 15:11:20 | 000,006,016 | ---- | M] (Motorola Inc) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\motfilt.sys -- (BTCFilterService)
DRV - [2008/10/09 16:42:42 | 000,017,408 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2008/08/25 03:22:40 | 000,014,208 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2008/08/01 11:36:26 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008/08/01 11:36:20 | 000,054,784 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2007/11/02 13:51:30 | 000,006,400 | ---- | M] (Motorola) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\motswch.sys -- (MotoSwitchService)
DRV - [2007/04/16 22:46:00 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2007/03/12 20:48:56 | 000,351,744 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\aksfridge.sys -- (aksfridge)
DRV - [2007/03/06 21:39:20 | 000,694,272 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2003/10/15 17:07:38 | 000,012,288 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mtdv2ku2.sys -- (MTDVC2)
DRV - [2003/10/11 08:39:52 | 000,011,648 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mtdv2ks2.sys -- (MTDVC2_ENUM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=8&fr=mkg029


IE - HKU\.DEFAULT\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\Owner_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\Owner_ON_C\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKU\Owner_ON_C\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKU\Owner_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Owner_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;192.168.*.*




FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: C:\Program Files\K-Lite Codec Pack\Real\Browser\Plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\K-Lite Codec Pack\Real\Browser\Plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files\PC Tools Security\BDT\Firefox\ [2012/02/27 16:00:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/04 17:29:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/18 17:04:50 | 000,000,000 | ---D | M]

[2011/12/04 17:26:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/06 16:37:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/12/01 20:12:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/25 09:32:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/01/30 12:17:14 | 000,000,000 | ---D | M] (PHPNukeEN Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}
[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2012/03/04 18:06:33 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O2 - BHO: (PC Tools Browser Defender BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (Fast Search) - {5AB7104A-B71F-49AD-9154-F7F8806AE848} - C:\Program Files\Surf Canyon\surfcanyon.dll (Surf Canyon Incorporated)
O2 - BHO: (RebateRobot BHO) - {66616350-A70C-4FF5-912E-A92B8076F6F7} - File not found
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {FA3FEDF6-1A34-4076-9F25-A26A2DE6A401} - No CLSID value found.
O3 - HKLM\..\Toolbar: (PC Tools Browser Defender) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKU\Owner_ON_C\..\Toolbar\WebBrowser: (PC Tools Browser Defender) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKU\Owner_ON_C\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\Owner_ON_C\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [combofix] C:\ComboFix\CF11725.3XE (Microsoft Corporation)
O4 - HKLM..\Run: [CoolSwitch] C:\WINDOWS\system32\TaskSwitch.exe ()
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PCTools FGuard] File not found
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime Alternative\qttask.exe (Apple Inc.)
O4 - HKU\Owner_ON_C..\Run: [DownloadManager] C:\Program Files\Download Manager\DownloadManager.exe (DownloadManager)
O4 - HKU\Owner_ON_C..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\Owner_ON_C..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O4 - HKU\QBDataServiceUser17_ON_C..\Run: [Search Protection] File not found
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [combofix] C:\ComboFix\CF11725.3XE (Microsoft Corporation)
O4 - HKU\QBDataServiceUser17_ON_C..\RunOnce: [avg_spchecker] File not found
O4 - HKU\QBDataServiceUser17_ON_C..\RunOnce: [User Settings] C:\WINDOWS\System32\CMD.exe (Microsoft Corporation)
O4 - HKU\QBDataServiceUser20_ON_C..\RunOnce: [avg_spchecker] File not found
O4 - HKU\QBDataServiceUser20_ON_C..\RunOnce: [User Settings] C:\WINDOWS\System32\CMD.exe (Microsoft Corporation)
O4 - HKLM..\RunOnceEx: [flags] Reg Error: Invalid data type. File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MaxRecentDocs = 18
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MemCheckBoxInRunDlg = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: verbosestatus = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Owner_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\Owner_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Owner_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\QBDataServiceUser17_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\QBDataServiceUser20_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\nvLsp.dll (NVIDIA)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace.com/upload/MySpaceUploader2.cab (MySpace Uploader Control)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: Web-Based Email Tools http://email.secureserver.net/Download.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files\Intuit\QuickBooks 2007\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/12/14 15:34:49 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2011/02/22 08:58:33 | 000,000,047 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/04 17:43:18 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/03/04 17:04:46 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/03/04 16:32:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2012/03/03 14:55:12 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/03/03 14:27:21 | 002,062,896 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner\Desktop\TDSSKiller.exe
[2012/03/02 11:25:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2012/03/02 11:25:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/03/02 11:25:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/03/02 11:25:16 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/03/02 11:25:16 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/03/02 04:13:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Desktop
[2012/02/29 16:06:15 | 000,083,968 | ---- | C] (Esage Lab) -- C:\Documents and Settings\Owner\Desktop\boot_cleaner.exe
[2012/02/29 14:18:28 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/02/29 14:18:28 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/02/29 14:18:28 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/02/29 14:16:09 | 004,422,703 | R--- | C] (Swearware) -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2012/02/29 12:42:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Downloads
[2012/02/29 12:42:33 | 000,000,000 | ---D | C] -- C:\Program Files\Download Manager
[2012/02/29 12:42:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\DownloadManager
[2012/02/29 12:42:24 | 000,000,000 | ---D | C] -- C:\Program Files\Surf Canyon
[2012/02/29 12:42:20 | 000,000,000 | ---D | C] -- C:\skin
[2012/02/29 12:42:20 | 000,000,000 | ---D | C] -- C:\Program Files\RebateRobot
[2012/02/29 12:42:20 | 000,000,000 | ---D | C] -- C:\defaults
[2012/02/29 12:42:20 | 000,000,000 | ---D | C] -- C:\content
[2012/02/29 12:42:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\I Want This
[2012/02/29 12:41:37 | 000,000,000 | ---D | C] -- C:\Program Files\I Want This
[2012/02/27 16:04:45 | 000,574,424 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfSysMon.sys
[2012/02/27 16:04:45 | 000,054,328 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfFsMon.sys
[2012/02/27 16:04:45 | 000,035,264 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfNetMon.sys
[2012/02/27 16:00:39 | 000,056,840 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTBD.sys
[2012/02/27 16:00:19 | 000,185,560 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTSD.sys
[2012/02/27 16:00:19 | 000,017,848 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctBTFix.sys
[2012/02/27 16:00:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PC Tools Security
[2012/02/27 15:58:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\TestApp
[2012/02/27 15:31:26 | 001,182,680 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfKbMon.sys.old
[2012/02/12 12:36:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\0-print
[2012/02/10 14:58:59 | 000,000,000 | ---D | C] -- C:\Program Files\Sophocles
[2012/02/09 08:51:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\YCH
[2010/02/09 17:59:22 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Owner\Application Data\pcouffin.sys
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/04 18:07:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/03/04 18:06:52 | 000,060,416 | ---- | M] () -- C:\WINDOWS\System32\drivers\Combo-Fix.sys
[2012/03/04 18:06:33 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/03/04 17:51:08 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/04 17:50:22 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/03/04 17:36:45 | 000,000,370 | ---- | M] () -- C:\WINDOWS\tasks\MotoHelper Initial Update.job
[2012/03/04 17:34:10 | 000,033,819 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\cdrom.zip
[2012/03/04 17:17:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/04 16:58:15 | 000,173,568 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/04 16:33:58 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{D34A4223-3F9E-489B-8675-157936D04B47}.job
[2012/03/04 16:03:28 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/03/04 10:23:02 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\MotoHelper Routing.job
[2012/03/04 10:06:24 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2012/03/03 19:59:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/03/03 16:14:48 | 000,444,358 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/03/03 16:14:48 | 000,072,108 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/03/03 09:17:04 | 003,577,984 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Dan Fogelberg - Language Of Love.mp3
[2012/03/02 21:37:56 | 000,272,291 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2012/03/02 11:57:05 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\otbgo6g6.exe
[2012/03/02 11:56:47 | 000,294,216 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\gmer.zip
[2012/03/02 11:25:18 | 000,000,794 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/02 11:25:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/03/02 09:40:38 | 002,062,896 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner\Desktop\TDSSKiller.exe
[2012/02/29 16:05:59 | 000,044,607 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\bootkit_remover.zip
[2012/02/29 14:16:12 | 004,422,703 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2012/02/29 12:53:12 | 000,494,309 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2012/02/29 10:23:01 | 000,000,370 | ---- | M] () -- C:\WINDOWS\tasks\MotoHelper Update.job
[2012/02/29 10:23:01 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\MotoHelper MUM.job
[2012/02/27 16:46:10 | 000,000,000 | R--D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup
[2012/02/27 16:03:53 | 000,002,087 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\SDSETU~1.EXE.lnk
[2012/02/27 16:00:19 | 000,001,692 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PC Tools Spyware Doctor.lnk
[2012/02/27 16:00:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\PC Tools Security
[2012/02/27 15:58:15 | 000,002,087 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\sdsetup[1].exe.lnk
[2012/02/27 15:31:26 | 001,182,680 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\TfKbMon.sys.old
[2012/02/27 15:29:36 | 000,512,992 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\sdsetup_revwire207[1].exe
[2012/02/22 09:00:04 | 000,040,435 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\deibler_02-22-12.pdf
[2012/02/17 13:08:35 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/02/17 09:50:34 | 000,040,431 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\deibler_02-17-12.pdf
[2012/02/17 07:18:21 | 000,001,823 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2012/02/10 14:59:02 | 000,045,056 | ---- | M] () -- C:\WINDOWS\scluins1.exe
[2012/02/10 14:59:02 | 000,036,864 | ---- | M] () -- C:\WINDOWS\smon03.exe
[2012/02/10 14:59:02 | 000,001,670 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Sophocles 2003.lnk
[2012/02/10 14:58:34 | 001,652,424 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\soph.exe
[2012/02/10 12:56:46 | 013,261,485 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\NoPoetCigarettes[2].pdf
[2012/02/05 11:24:41 | 078,685,590 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Gravity - Large.m4v
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/04 18:06:52 | 000,060,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\Combo-Fix.sys
[2012/03/04 17:36:44 | 000,000,370 | ---- | C] () -- C:\WINDOWS\tasks\MotoHelper Initial Update.job
[2012/03/04 17:34:09 | 000,033,819 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\cdrom.zip
[2012/03/04 10:06:24 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2012/03/03 09:16:48 | 003,577,984 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Dan Fogelberg - Language Of Love.mp3
[2012/03/02 11:58:13 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\gmer.exe
[2012/03/02 11:57:03 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\otbgo6g6.exe
[2012/03/02 11:56:45 | 000,294,216 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\gmer.zip
[2012/03/02 11:25:18 | 000,000,794 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/29 16:05:59 | 000,044,607 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\bootkit_remover.zip
[2012/02/29 14:18:29 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/02/29 14:18:28 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/02/29 14:18:28 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/02/29 14:18:28 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/02/29 14:18:28 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/02/27 16:03:53 | 000,002,087 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\SDSETU~1.EXE.lnk
[2012/02/27 16:00:19 | 000,001,692 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PC Tools Spyware Doctor.lnk
[2012/02/27 15:58:15 | 000,002,087 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\sdsetup[1].exe.lnk
[2012/02/27 15:29:36 | 000,512,992 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\sdsetup_revwire207[1].exe
[2012/02/22 09:00:04 | 000,040,435 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\deibler_02-22-12.pdf
[2012/02/17 09:50:34 | 000,040,431 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\deibler_02-17-12.pdf
[2012/02/10 14:59:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\scluins1.exe
[2012/02/10 14:59:00 | 000,036,864 | ---- | C] () -- C:\WINDOWS\smon03.exe
[2012/02/10 12:56:45 | 013,261,485 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\NoPoetCigarettes[2].pdf
[2012/02/05 11:24:38 | 078,685,590 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Gravity - Large.m4v
[2012/01/01 11:07:14 | 000,011,726 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\xrd15j035e
[2012/01/01 11:07:14 | 000,011,726 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\xrd15j035e
[2011/12/26 12:47:28 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/12/22 14:58:50 | 000,015,710 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\eixccm3c3ete1rfk2pmr4u838h7d
[2011/12/22 14:58:50 | 000,015,710 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\eixccm3c3ete1rfk2pmr4u838h7d
[2011/11/27 17:42:16 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\qtmlClient.dll
[2011/07/06 18:59:52 | 000,000,127 | ---- | C] () -- C:\WINDOWS\smr.INI
[2011/06/24 14:16:27 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll0238.old
[2011/06/24 14:16:27 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2011/06/24 11:52:31 | 000,014,404 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\2tr3g2kx3u3224p06i
[2011/06/24 11:52:30 | 000,014,404 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\2tr3g2kx3u3224p06i
[2010/12/14 12:18:29 | 001,160,744 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/05/21 07:34:22 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\default_user_class.dat
[2010/05/10 17:10:09 | 000,000,090 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2010/02/16 10:14:29 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2010/02/16 10:14:29 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2010/02/16 10:14:29 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2010/02/16 10:14:29 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2010/02/16 10:14:29 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2010/02/16 10:14:29 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2010/02/16 10:14:29 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2010/02/16 10:14:29 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2010/02/16 10:14:29 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2010/02/16 10:14:29 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2010/02/16 10:14:29 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2010/02/16 10:14:29 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2010/02/16 10:14:29 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2010/02/16 10:14:29 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2010/02/16 10:14:29 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2010/02/16 10:14:29 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2010/02/09 17:59:22 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.cat
[2010/02/09 17:59:22 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.inf
[2010/01/30 12:48:34 | 000,002,560 | ---- | C] () -- C:\WINDOWS\_MSRSTRT.EXE
[2010/01/18 17:06:50 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/01/18 14:23:23 | 000,112,544 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/12/17 06:46:32 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/12/15 09:23:31 | 000,173,568 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/14 15:44:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/12/14 15:31:59 | 000,000,056 | ---- | C] () -- C:\WINDOWS\hpdj500.ini
[2009/12/14 15:23:55 | 000,749,568 | R--- | C] () -- C:\WINDOWS\System32\agi1600.dll
[2009/12/14 15:23:54 | 001,777,664 | R--- | C] () -- C:\WINDOWS\System32\zhp1600r.dll
[2009/12/14 15:23:54 | 000,241,664 | R--- | C] () -- C:\WINDOWS\System32\zhhp1600.exe
[2009/12/14 15:23:53 | 000,327,680 | R--- | C] () -- C:\WINDOWS\System32\zshp1600.exe
[2009/12/14 15:23:53 | 000,114,688 | R--- | C] () -- C:\WINDOWS\System32\VSHP1600.dll
[2009/12/13 17:16:46 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2009/12/13 01:46:20 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/12/13 01:46:20 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009/12/13 01:46:19 | 002,378,752 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2009/12/13 01:46:19 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/12/13 01:46:19 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/12/13 01:46:18 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009/12/13 01:46:17 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/12/13 01:38:57 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/12/13 01:36:28 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/12/13 01:36:14 | 002,293,286 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2009/12/13 01:07:31 | 000,004,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2009/12/12 19:29:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/12/12 19:27:02 | 002,379,456 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/10/19 02:34:58 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\msvcrt10.dll
[2008/04/14 06:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/14 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 06:00:00 | 000,444,358 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/14 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 06:00:00 | 000,072,108 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/14 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 06:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 06:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/14 06:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/06/24 01:20:02 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
[2002/03/19 18:30:00 | 000,045,632 | ---- | C] () -- C:\WINDOWS\System32\TaskSwitch.exe
[2000/06/12 04:37:18 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\mtstack.exe

========== LOP Check ==========

[2010/02/16 09:06:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Acoustica
[2010/06/26 09:32:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Amazon
[2011/02/22 09:13:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Autodesk
[2011/08/31 15:24:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Chief Architect X2
[2010/03/17 06:37:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/11/29 18:40:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DVDVideoSoft
[2011/03/10 10:49:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\EPSON
[2011/11/13 10:50:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\F4aQH6dWKfLhXjC
[2009/12/13 01:46:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Foxit
[2010/01/09 13:11:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Foxit Software
[2011/07/06 18:45:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Free Sound Recorder
[2011/11/13 10:47:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mellOOBtxP
[2011/11/13 10:47:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\nyyycS11ib3on4Q
[2011/11/13 11:05:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\oeekIIBrzPNyA1v
[2012/03/04 16:59:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Spotify
[2011/07/03 12:03:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Style Jukebox Settings
[2012/02/27 15:58:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TestApp
[2011/11/13 11:05:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\v77ddEL88RZqhCk
[2010/02/09 17:59:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Vso
[2011/11/13 10:50:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\wTZqhYCwkVlNx0c
[2011/11/13 10:47:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\XNNyycAA1uD2oFp
[2011/11/13 10:47:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ZhhhYXXwkUVlOtx
[2009/12/21 09:08:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2011/12/25 11:55:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/12/25 09:50:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/12/13 14:23:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Chief Architect X2
[2011/03/15 07:07:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2010/10/02 14:08:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2010/05/10 17:11:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2010/05/10 17:15:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 11
[2011/05/18 17:14:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/01/10 15:18:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2012/03/04 17:36:45 | 000,000,370 | ---- | M] () -- C:\WINDOWS\Tasks\MotoHelper Initial Update.job
[2012/02/29 10:23:01 | 000,000,358 | ---- | M] () -- C:\WINDOWS\Tasks\MotoHelper MUM.job
[2012/03/04 10:23:02 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\MotoHelper Routing.job
[2012/02/29 10:23:01 | 000,000,370 | ---- | M] () -- C:\WINDOWS\Tasks\MotoHelper Update.job
[2012/03/04 16:33:58 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{D34A4223-3F9E-489B-8675-157936D04B47}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 196 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84
< End of report >
 
Do this on the computer you are posting from:
Copy the text in the codebox below:


Code:
:OTL
DRV - [2012/03/04 18:06:52 | 000,060,416 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\system32\drivers\Combo-Fix.sys -- (vkquwexg)
IE - HKU\Owner_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;192.168.*.*
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {FA3FEDF6-1A34-4076-9F25-A26A2DE6A401} - No CLSID value found.
O4 - HKLM..\Run: [combofix] C:\ComboFix\CF11725.3XE (Microsoft Corporation)
O4 - HKLM..\Run: [PCTools FGuard] File not found
O4 - HKU\QBDataServiceUser17_ON_C..\Run: [Search Protection] File not found
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [combofix] C:\ComboFix\CF11725.3XE (Microsoft Corporation)
O4 - HKU\QBDataServiceUser17_ON_C..\RunOnce: [avg_spchecker] File not found
O4 - HKU\QBDataServiceUser17_ON_C..\RunOnce: [User Settings] C:\WINDOWS\System32\CMD.exe (Microsoft Corporation)
O4 - HKU\QBDataServiceUser20_ON_C..\RunOnce: [avg_spchecker] File not found
O4 - HKU\QBDataServiceUser20_ON_C..\RunOnce: [User Settings] C:\WINDOWS\System32\CMD.exe (Microsoft Corporation)
O4 - HKLM..\RunOnceEx: [flags] Reg Error: Invalid data type. File not found
O16 - DPF: Web-Based Email Tools http://email.secureserver.net/Download.CAB (Reg Error: Key error.)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
[2012/01/01 11:07:14 | 000,011,726 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\xrd15j035e
[2012/01/01 11:07:14 | 000,011,726 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\xrd15j035e
[2011/12/22 14:58:50 | 000,015,710 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\eixccm3c3ete1rfk2pmr4u838h7d
[2011/12/22 14:58:50 | 000,015,710 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\eixccm3c3ete1rfk2pmr4u838h7d
[2011/06/24 11:52:31 | 000,014,404 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\2tr3g2kx3u3224p06i
[2011/06/24 11:52:30 | 000,014,404 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\2tr3g2kx3u3224p06i
[2011/11/13 10:47:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\nyyycS11ib3on4Q
[2011/11/13 11:05:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\oeekIIBrzPNyA1v
[2011/11/13 11:05:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\v77ddEL88RZqhCk
[2011/11/13 10:50:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\wTZqhYCwkVlNx0c
[2011/11/13 10:47:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\XNNyycAA1uD2oFp
[2011/11/13 10:47:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ZhhhYXXwkUVlOtx
@Alternate Data Stream - 196 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84

:Services

:Reg

:Files

:Commands
[purity]

Open Notepad and paste it.
Save the document as Fix.txt on to a USB flash drive


On the infected computer the following...

Run OTLPE

  • Insert USB stick and find the file Fix.txt. Drag the file Fix.txt and drop it under the Custom Scans/Fixes box at the bottom.
    • (The content of Fix.txt should appear in the box)
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the log produced (you'll need to transfer it with USB stick)
  • Remove the CD and shut down computer manually.
  • Attempt to reboot normally into Windows.
 
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\vkquwexg deleted successfully.
C:\WINDOWS\system32\drivers\Combo-Fix.sys moved successfully.
HKU\Owner_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FA3FEDF6-1A34-4076-9F25-A26A2DE6A401}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FA3FEDF6-1A34-4076-9F25-A26A2DE6A401}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\combofix deleted successfully.
C:\ComboFix\CF11725.3XE moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\PCTools FGuard deleted successfully.
Registry value HKEY_USERS\QBDataServiceUser17_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\Search Protection deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\AvgUninstallURL deleted successfully.
C:\WINDOWS\system32\cmd.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\combofix deleted successfully.
File C:\ComboFix\CF11725.3XE not found.
Registry value HKEY_USERS\QBDataServiceUser17_ON_C\Software\Microsoft\Windows\CurrentVersion\RunOnce\\avg_spchecker deleted successfully.
Registry value HKEY_USERS\QBDataServiceUser17_ON_C\Software\Microsoft\Windows\CurrentVersion\RunOnce\\User Settings deleted successfully.
File C:\WINDOWS\System32\CMD.exe not found.
Registry value HKEY_USERS\QBDataServiceUser20_ON_C\Software\Microsoft\Windows\CurrentVersion\RunOnce\\avg_spchecker deleted successfully.
Registry value HKEY_USERS\QBDataServiceUser20_ON_C\Software\Microsoft\Windows\CurrentVersion\RunOnce\\User Settings deleted successfully.
File C:\WINDOWS\System32\CMD.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\\flags deleted successfully.
Starting removal of ActiveX control Web-Based Email Tools
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Web-Based Email Tools\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Web-Based Email Tools\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Web-Based Email Tools\ not found.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\Web-Based Email Tools\ not found.
Registry key HKEY_USERS\LocalService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\Web-Based Email Tools\ not found.
Registry key HKEY_USERS\NetworkService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\Web-Based Email Tools\ not found.
Registry key HKEY_USERS\Owner_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\Web-Based Email Tools\ not found.
Registry key HKEY_USERS\QBDataServiceUser17_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\Web-Based Email Tools\ not found.
Registry key HKEY_USERS\QBDataServiceUser20_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\Web-Based Email Tools\ not found.
Registry key HKEY_USERS\systemprofile_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\Web-Based Email Tools\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
C:\Documents and Settings\Owner\Local Settings\Application Data\xrd15j035e moved successfully.
C:\Documents and Settings\All Users\Application Data\xrd15j035e moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\eixccm3c3ete1rfk2pmr4u838h7d moved successfully.
C:\Documents and Settings\All Users\Application Data\eixccm3c3ete1rfk2pmr4u838h7d moved successfully.
C:\Documents and Settings\All Users\Application Data\2tr3g2kx3u3224p06i moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\2tr3g2kx3u3224p06i moved successfully.
C:\Documents and Settings\Owner\Application Data\nyyycS11ib3on4Q folder moved successfully.
C:\Documents and Settings\Owner\Application Data\oeekIIBrzPNyA1v folder moved successfully.
C:\Documents and Settings\Owner\Application Data\v77ddEL88RZqhCk folder moved successfully.
C:\Documents and Settings\Owner\Application Data\wTZqhYCwkVlNx0c folder moved successfully.
C:\Documents and Settings\Owner\Application Data\XNNyycAA1uD2oFp folder moved successfully.
C:\Documents and Settings\Owner\Application Data\ZhhhYXXwkUVlOtx folder moved successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84 deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

OTLPE by OldTimer - Version 3.1.48.0 log created on 03052012_192730
 
Here's the logfile from the USB drive

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\vkquwexg deleted successfully.
File C:\WINDOWS\system32\drivers\Combo-Fix.sys not found.
Unable to set value : HKU\Owner_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FA3FEDF6-1A34-4076-9F25-A26A2DE6A401}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FA3FEDF6-1A34-4076-9F25-A26A2DE6A401}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\combofix deleted successfully.
File C:\ComboFix\CF11725.3XE not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\PCTools FGuard deleted successfully.
Registry key HKEY_USERS\QBDataServiceUser17_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\AvgUninstallURL deleted successfully.
File C:\WINDOWS\System32\cmd.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\combofix deleted successfully.
File C:\ComboFix\CF11725.3XE not found.
Registry key HKEY_USERS\QBDataServiceUser17_ON_C\Software\Microsoft\Windows\CurrentVersion\RunOnce not found.
Registry key HKEY_USERS\QBDataServiceUser17_ON_C\Software\Microsoft\Windows\CurrentVersion\RunOnce not found.
File C:\WINDOWS\System32\CMD.exe not found.
Registry key HKEY_USERS\QBDataServiceUser20_ON_C\Software\Microsoft\Windows\CurrentVersion\RunOnce not found.
Registry key HKEY_USERS\QBDataServiceUser20_ON_C\Software\Microsoft\Windows\CurrentVersion\RunOnce not found.
File C:\WINDOWS\System32\CMD.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\\flags deleted successfully.
Starting removal of ActiveX control Web-Based Email Tools
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Web-Based Email Tools\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Web-Based Email Tools\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Web-Based Email Tools\ not found.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\Web-Based Email Tools\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
File C:\Documents and Settings\Owner\Local Settings\Application Data\xrd15j035e not found.
File C:\Documents and Settings\All Users\Application Data\xrd15j035e not found.
File C:\Documents and Settings\Owner\Local Settings\Application Data\eixccm3c3ete1rfk2pmr4u838h7d not found.
File C:\Documents and Settings\All Users\Application Data\eixccm3c3ete1rfk2pmr4u838h7d not found.
File C:\Documents and Settings\All Users\Application Data\2tr3g2kx3u3224p06i not found.
File C:\Documents and Settings\Owner\Local Settings\Application Data\2tr3g2kx3u3224p06i not found.
Folder C:\Documents and Settings\Owner\Application Data\nyyycS11ib3on4Q\ not found.
Folder C:\Documents and Settings\Owner\Application Data\oeekIIBrzPNyA1v\ not found.
Folder C:\Documents and Settings\Owner\Application Data\v77ddEL88RZqhCk\ not found.
Folder C:\Documents and Settings\Owner\Application Data\wTZqhYCwkVlNx0c\ not found.
Folder C:\Documents and Settings\Owner\Application Data\XNNyycAA1uD2oFp\ not found.
Folder C:\Documents and Settings\Owner\Application Data\ZhhhYXXwkUVlOtx\ not found.
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84 .
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

OTLPE by OldTimer - Version 3.1.48.0 log created on 03052012_195850
 
Retry steps from my reply #25.
Download fresh rc.iso and burn new CD though.
 
Just did it with a new disk and fresh download and same thing....loads windows setup then a flash of the xp logo and straight to bluescreen.

Also, I rebooted with REATOGO disk and can access everything on the internet just fine - but when I tried to go to this site Internet Explorer aborted. I can go to any other site just fine, thought that was peculiar. This is really confounding!
 
Boot back to OTLPE CD.
Re-run OTL but this time...

[*] Under the Custom Scan box paste this in:

/md5start
explorer.exe
winlogon.exe
userinit.exe
svchost.exe
tsk1D.tmp
14098817.sys
cdrom.sys
/md5stop


Post new log.
 
Here's the log file from OTL:

Error: Unable to interpret </md5start> in the current context!
Error: Unable to interpret <explorer.exe> in the current context!
Error: Unable to interpret <winlogon.exe> in the current context!
Error: Unable to interpret <userinit.exe> in the current context!
Error: Unable to interpret <svchost.exe> in the current context!
Error: Unable to interpret <tsk1D.tmp> in the current context!
Error: Unable to interpret <14098817.sys> in the current context!
Error: Unable to interpret <cdrom.sys> in the current context!
Error: Unable to interpret </md5stop> in the current context!

OTLPE by OldTimer - Version 3.1.48.0 log created on 03062012_160937
 
You did something wrong.
You probably clicked on "Fix" button instead of "Run Scan" button.
 
I'm getting dumber by the hour lol. Ok I copied the code into the text box and ran a "scan" this time. Here's what it spit out:

OTL logfile created on: 3/6/2012 5:11:55 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 292.97 Gb Total Space | 131.11 Gb Free Space | 44.75% Space Free | Partition Type: NTFS
Drive D: | 303.19 Gb Total Space | 188.71 Gb Free Space | 62.24% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet002

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto] -- -- (wscsvc)
SRV - [2012/01/16 16:28:30 | 000,546,768 | ---- | M] (Threat Expert Ltd.) [Auto] -- C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/01/11 16:18:14 | 001,117,624 | ---- | M] (PC Tools) [On_Demand] -- C:\Program Files\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2012/01/11 14:56:12 | 000,402,336 | ---- | M] (PC Tools) [On_Demand] -- C:\Program Files\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2012/01/11 14:56:08 | 000,071,008 | ---- | M] (PC Tools) [On_Demand] -- C:\Program Files\PC Tools Security\TFEngine\TFService.exe -- (ThreatFire)
SRV - [2011/04/05 07:26:34 | 000,045,056 | ---- | M] (Intuit) [Auto] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2011/01/27 16:13:50 | 000,226,624 | ---- | M] () [Auto] -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2009/12/13 12:36:30 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/11/06 14:24:52 | 000,195,176 | ---- | M] (NVIDIA) [Auto] -- C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe -- (UpdateCenterService)
SRV - [2009/11/06 14:13:20 | 000,191,080 | ---- | M] (NVIDIA) [Auto] -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)
SRV - [2009/08/18 01:25:12 | 000,678,912 | ---- | M] (Intuit, Inc.) [Disabled] -- C:\Program Files\Intuit\QuickBooks 2007\QBDBMgrN.exe -- (QuickBooksDB20)
SRV - [2009/08/18 01:25:12 | 000,678,912 | ---- | M] (Intuit, Inc.) [Auto] -- C:\Program Files\Intuit\QuickBooks 2007\QBDBMgrN.exe -- (QuickBooksDB17)
SRV - [2009/07/23 20:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2009/03/27 23:10:56 | 000,014,336 | ---- | M] (LSI Corporation) [Auto] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008/12/18 13:05:40 | 000,191,008 | ---- | M] () [Auto] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/08/15 05:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2007/03/15 14:48:26 | 000,535,807 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Auto] -- C:\WINDOWS\System32\hasplms.exe -- (hasplms)
SRV - [2005/04/27 15:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\UPHClean\uphclean.exe -- (UPHClean)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | On_Demand] -- -- (catchme)
DRV - File not found [Kernel | Boot] -- -- (ACPI)
DRV - [2012/01/11 16:19:24 | 000,070,536 | ---- | M] (PC Tools) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pctplsg.sys -- (pctplsg)
DRV - [2012/01/11 16:19:02 | 000,185,560 | ---- | M] (PC Tools) [Kernel | System] -- C:\WINDOWS\system32\drivers\PCTSD.sys -- (PCTSD)
DRV - [2012/01/11 16:14:30 | 000,253,352 | ---- | M] (PC Tools) [Kernel | System] -- C:\WINDOWS\system32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2012/01/11 14:56:12 | 000,574,424 | --S- | M] (PC Tools) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\TfSysMon.sys -- (TFSysMon)
DRV - [2012/01/11 14:56:12 | 000,054,328 | --S- | M] (PC Tools) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - [2012/01/11 14:56:12 | 000,035,264 | --S- | M] (PC Tools) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/12/01 16:07:06 | 000,909,728 | ---- | M] (PC Tools) [File_System | Boot] -- C:\WINDOWS\system32\drivers\pctEFA.sys -- (pctEFA)
DRV - [2011/12/01 16:07:06 | 000,342,168 | ---- | M] (PC Tools) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\pctDS.sys -- (pctDS)
DRV - [2011/11/14 15:12:26 | 000,331,880 | ---- | M] (PC Tools) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2011/09/28 13:14:02 | 000,056,840 | ---- | M] (PC Tools) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\PCTBD.sys -- (PCTBD)
DRV - [2010/12/03 13:03:08 | 000,020,352 | ---- | M] (Motorola) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\motccgp.sys -- (motccgp)
DRV - [2010/09/29 16:13:46 | 000,024,064 | ---- | M] (Motorola) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2010/04/01 12:31:50 | 000,023,424 | ---- | M] (Motorola) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Motousbnet.sys -- (Motousbnet)
DRV - [2010/01/25 17:56:44 | 000,009,472 | ---- | M] (Motorola Inc) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\motusbdevice.sys -- (motusbdevice)
DRV - [2009/10/19 02:29:36 | 000,009,472 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\dumpdrv.sys -- (DumpDrv)
DRV - [2009/09/15 14:59:28 | 000,038,248 | ---- | M] (NVIDIA Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nvoclock.sys -- (nvoclock)
DRV - [2009/08/13 16:07:12 | 001,163,328 | ---- | M] (LSI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/02/11 13:40:40 | 005,028,352 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/01/29 15:18:00 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2009/01/29 15:11:20 | 000,006,016 | ---- | M] (Motorola Inc) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\motfilt.sys -- (BTCFilterService)
DRV - [2008/10/09 16:42:42 | 000,017,408 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2008/08/25 03:22:40 | 000,014,208 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2008/08/01 11:36:26 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008/08/01 11:36:20 | 000,054,784 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2007/11/02 13:51:30 | 000,006,400 | ---- | M] (Motorola) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\motswch.sys -- (MotoSwitchService)
DRV - [2007/04/16 22:46:00 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2007/03/12 20:48:56 | 000,351,744 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\aksfridge.sys -- (aksfridge)
DRV - [2007/03/06 21:39:20 | 000,694,272 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2003/10/15 17:07:38 | 000,012,288 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mtdv2ku2.sys -- (MTDVC2)
DRV - [2003/10/11 08:39:52 | 000,011,648 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mtdv2ks2.sys -- (MTDVC2_ENUM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=8&fr=mkg029


IE - HKU\.DEFAULT\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\Owner_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\Owner_ON_C\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKU\Owner_ON_C\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKU\Owner_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Owner_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;192.168.*.*




FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: C:\Program Files\K-Lite Codec Pack\Real\Browser\Plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\K-Lite Codec Pack\Real\Browser\Plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files\PC Tools Security\BDT\Firefox\ [2012/02/27 16:00:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/04 17:29:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/18 17:04:50 | 000,000,000 | ---D | M]

[2011/12/04 17:26:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/06 16:37:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/12/01 20:12:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/25 09:32:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/01/30 12:17:14 | 000,000,000 | ---D | M] (PHPNukeEN Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}
[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2012/03/04 18:06:33 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O2 - BHO: (PC Tools Browser Defender BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (Fast Search) - {5AB7104A-B71F-49AD-9154-F7F8806AE848} - C:\Program Files\Surf Canyon\surfcanyon.dll (Surf Canyon Incorporated)
O2 - BHO: (RebateRobot BHO) - {66616350-A70C-4FF5-912E-A92B8076F6F7} - File not found
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (PC Tools Browser Defender) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKU\Owner_ON_C\..\Toolbar\WebBrowser: (PC Tools Browser Defender) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKU\Owner_ON_C\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\Owner_ON_C\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [CoolSwitch] C:\WINDOWS\system32\TaskSwitch.exe ()
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime Alternative\qttask.exe (Apple Inc.)
O4 - HKU\Owner_ON_C..\Run: [DownloadManager] C:\Program Files\Download Manager\DownloadManager.exe (DownloadManager)
O4 - HKU\Owner_ON_C..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\Owner_ON_C..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O4 - HKU\QBDataServiceUser17_ON_C..\Run: [Search Protection] File not found
O4 - HKU\QBDataServiceUser17_ON_C..\RunOnce: [avg_spchecker] File not found
O4 - HKU\QBDataServiceUser17_ON_C..\RunOnce: [User Settings] File not found
O4 - HKU\QBDataServiceUser20_ON_C..\RunOnce: [avg_spchecker] File not found
O4 - HKU\QBDataServiceUser20_ON_C..\RunOnce: [User Settings] File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MaxRecentDocs = 18
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MemCheckBoxInRunDlg = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: verbosestatus = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Owner_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\Owner_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Owner_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\QBDataServiceUser17_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\QBDataServiceUser20_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\nvLsp.dll (NVIDIA)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace.com/upload/MySpaceUploader2.cab (MySpace Uploader Control)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files\Intuit\QuickBooks 2007\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/12/14 15:34:49 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2011/02/22 08:58:33 | 000,000,047 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/05 19:27:30 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/03/05 09:34:33 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\LocalService\Recent
[2012/03/04 17:43:18 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/03/04 17:04:46 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/03/04 16:32:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2012/03/03 14:55:12 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/03/03 14:27:21 | 002,062,896 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner\Desktop\TDSSKiller.exe
[2012/03/02 11:25:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2012/03/02 11:25:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/03/02 11:25:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/03/02 11:25:16 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/03/02 11:25:16 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/03/02 04:13:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Desktop
[2012/02/29 16:06:15 | 000,083,968 | ---- | C] (Esage Lab) -- C:\Documents and Settings\Owner\Desktop\boot_cleaner.exe
[2012/02/29 14:18:28 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/02/29 14:18:28 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/02/29 14:18:28 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/02/29 14:16:09 | 004,422,703 | R--- | C] (Swearware) -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2012/02/29 12:42:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Downloads
[2012/02/29 12:42:33 | 000,000,000 | ---D | C] -- C:\Program Files\Download Manager
[2012/02/29 12:42:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\DownloadManager
[2012/02/29 12:42:24 | 000,000,000 | ---D | C] -- C:\Program Files\Surf Canyon
[2012/02/29 12:42:20 | 000,000,000 | ---D | C] -- C:\skin
[2012/02/29 12:42:20 | 000,000,000 | ---D | C] -- C:\Program Files\RebateRobot
[2012/02/29 12:42:20 | 000,000,000 | ---D | C] -- C:\defaults
[2012/02/29 12:42:20 | 000,000,000 | ---D | C] -- C:\content
[2012/02/29 12:42:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\I Want This
[2012/02/29 12:41:37 | 000,000,000 | ---D | C] -- C:\Program Files\I Want This
[2012/02/27 16:04:45 | 000,574,424 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfSysMon.sys
[2012/02/27 16:04:45 | 000,054,328 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfFsMon.sys
[2012/02/27 16:04:45 | 000,035,264 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfNetMon.sys
[2012/02/27 16:00:39 | 000,056,840 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTBD.sys
[2012/02/27 16:00:19 | 000,185,560 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTSD.sys
[2012/02/27 16:00:19 | 000,017,848 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctBTFix.sys
[2012/02/27 16:00:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PC Tools Security
[2012/02/27 15:58:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\TestApp
[2012/02/27 15:31:26 | 001,182,680 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfKbMon.sys.old
[2012/02/12 12:36:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\0-print
[2012/02/10 14:58:59 | 000,000,000 | ---D | C] -- C:\Program Files\Sophocles
[2012/02/09 08:51:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\YCH
[2010/02/09 17:59:22 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Owner\Application Data\pcouffin.sys
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/04 18:07:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/03/04 18:06:33 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/03/04 17:51:08 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/04 17:50:22 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/03/04 17:36:45 | 000,000,370 | ---- | M] () -- C:\WINDOWS\tasks\MotoHelper Initial Update.job
[2012/03/04 17:34:10 | 000,033,819 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\cdrom.zip
[2012/03/04 17:17:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/04 16:58:15 | 000,173,568 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/04 16:33:58 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{D34A4223-3F9E-489B-8675-157936D04B47}.job
[2012/03/04 16:03:28 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/03/04 10:23:02 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\MotoHelper Routing.job
[2012/03/04 10:06:24 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2012/03/03 19:59:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/03/03 16:14:48 | 000,444,358 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/03/03 16:14:48 | 000,072,108 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/03/03 09:17:04 | 003,577,984 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Dan Fogelberg - Language Of Love.mp3
[2012/03/02 21:37:56 | 000,272,291 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2012/03/02 11:57:05 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\otbgo6g6.exe
[2012/03/02 11:56:47 | 000,294,216 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\gmer.zip
[2012/03/02 11:25:18 | 000,000,794 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/02 11:25:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/03/02 09:40:38 | 002,062,896 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner\Desktop\TDSSKiller.exe
[2012/02/29 16:05:59 | 000,044,607 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\bootkit_remover.zip
[2012/02/29 14:16:12 | 004,422,703 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2012/02/29 12:53:12 | 000,494,309 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2012/02/29 10:23:01 | 000,000,370 | ---- | M] () -- C:\WINDOWS\tasks\MotoHelper Update.job
[2012/02/29 10:23:01 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\MotoHelper MUM.job
[2012/02/27 16:46:10 | 000,000,000 | R--D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup
[2012/02/27 16:03:53 | 000,002,087 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\SDSETU~1.EXE.lnk
[2012/02/27 16:00:19 | 000,001,692 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PC Tools Spyware Doctor.lnk
[2012/02/27 16:00:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\PC Tools Security
[2012/02/27 15:58:15 | 000,002,087 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\sdsetup[1].exe.lnk
[2012/02/27 15:31:26 | 001,182,680 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\TfKbMon.sys.old
[2012/02/27 15:29:36 | 000,512,992 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\sdsetup_revwire207[1].exe
[2012/02/22 09:00:04 | 000,040,435 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\deibler_02-22-12.pdf
[2012/02/17 13:08:35 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/02/17 09:50:34 | 000,040,431 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\deibler_02-17-12.pdf
[2012/02/17 07:18:21 | 000,001,823 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2012/02/10 14:59:02 | 000,045,056 | ---- | M] () -- C:\WINDOWS\scluins1.exe
[2012/02/10 14:59:02 | 000,036,864 | ---- | M] () -- C:\WINDOWS\smon03.exe
[2012/02/10 14:59:02 | 000,001,670 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Sophocles 2003.lnk
[2012/02/10 14:58:34 | 001,652,424 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\soph.exe
[2012/02/10 12:56:46 | 013,261,485 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\NoPoetCigarettes[2].pdf
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/04 17:36:44 | 000,000,370 | ---- | C] () -- C:\WINDOWS\tasks\MotoHelper Initial Update.job
[2012/03/04 17:34:09 | 000,033,819 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\cdrom.zip
[2012/03/04 10:06:24 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2012/03/03 09:16:48 | 003,577,984 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Dan Fogelberg - Language Of Love.mp3
[2012/03/02 11:58:13 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\gmer.exe
[2012/03/02 11:57:03 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\otbgo6g6.exe
[2012/03/02 11:56:45 | 000,294,216 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\gmer.zip
[2012/03/02 11:25:18 | 000,000,794 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/29 16:05:59 | 000,044,607 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\bootkit_remover.zip
[2012/02/29 14:18:29 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/02/29 14:18:28 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/02/29 14:18:28 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/02/29 14:18:28 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/02/29 14:18:28 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/02/27 16:03:53 | 000,002,087 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\SDSETU~1.EXE.lnk
[2012/02/27 16:00:19 | 000,001,692 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PC Tools Spyware Doctor.lnk
[2012/02/27 15:58:15 | 000,002,087 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\sdsetup[1].exe.lnk
[2012/02/27 15:29:36 | 000,512,992 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\sdsetup_revwire207[1].exe
[2012/02/22 09:00:04 | 000,040,435 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\deibler_02-22-12.pdf
[2012/02/17 09:50:34 | 000,040,431 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\deibler_02-17-12.pdf
[2012/02/10 14:59:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\scluins1.exe
[2012/02/10 14:59:00 | 000,036,864 | ---- | C] () -- C:\WINDOWS\smon03.exe
[2012/02/10 12:56:45 | 013,261,485 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\NoPoetCigarettes[2].pdf
[2011/12/26 12:47:28 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/11/27 17:42:16 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\qtmlClient.dll
[2011/07/06 18:59:52 | 000,000,127 | ---- | C] () -- C:\WINDOWS\smr.INI
[2011/06/24 14:16:27 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll0238.old
[2011/06/24 14:16:27 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2010/12/14 12:18:29 | 001,160,744 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/05/21 07:34:22 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\default_user_class.dat
[2010/05/10 17:10:09 | 000,000,090 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2010/02/16 10:14:29 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2010/02/16 10:14:29 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2010/02/16 10:14:29 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2010/02/16 10:14:29 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2010/02/16 10:14:29 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2010/02/16 10:14:29 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2010/02/16 10:14:29 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2010/02/16 10:14:29 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2010/02/16 10:14:29 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2010/02/16 10:14:29 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2010/02/16 10:14:29 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2010/02/16 10:14:29 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2010/02/16 10:14:29 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2010/02/16 10:14:29 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2010/02/16 10:14:29 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2010/02/16 10:14:29 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2010/02/09 17:59:22 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.cat
[2010/02/09 17:59:22 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.inf
[2010/01/30 12:48:34 | 000,002,560 | ---- | C] () -- C:\WINDOWS\_MSRSTRT.EXE
[2010/01/18 17:06:50 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/01/18 14:23:23 | 000,112,544 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/12/17 06:46:32 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/12/15 09:23:31 | 000,173,568 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/14 15:44:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/12/14 15:31:59 | 000,000,056 | ---- | C] () -- C:\WINDOWS\hpdj500.ini
[2009/12/14 15:23:55 | 000,749,568 | R--- | C] () -- C:\WINDOWS\System32\agi1600.dll
[2009/12/14 15:23:54 | 001,777,664 | R--- | C] () -- C:\WINDOWS\System32\zhp1600r.dll
[2009/12/14 15:23:54 | 000,241,664 | R--- | C] () -- C:\WINDOWS\System32\zhhp1600.exe
[2009/12/14 15:23:53 | 000,327,680 | R--- | C] () -- C:\WINDOWS\System32\zshp1600.exe
[2009/12/14 15:23:53 | 000,114,688 | R--- | C] () -- C:\WINDOWS\System32\VSHP1600.dll
[2009/12/13 17:16:46 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2009/12/13 01:46:20 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/12/13 01:46:20 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009/12/13 01:46:19 | 002,378,752 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2009/12/13 01:46:19 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/12/13 01:46:19 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/12/13 01:46:18 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009/12/13 01:46:17 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/12/13 01:38:57 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/12/13 01:36:28 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/12/13 01:36:14 | 002,293,286 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2009/12/13 01:07:31 | 000,004,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2009/12/12 19:29:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/12/12 19:27:02 | 002,379,456 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/10/19 02:34:58 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\msvcrt10.dll
[2008/04/14 06:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/14 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 06:00:00 | 000,444,358 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/14 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 06:00:00 | 000,072,108 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/14 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 06:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 06:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/14 06:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/06/24 01:20:02 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
[2002/03/19 18:30:00 | 000,045,632 | ---- | C] () -- C:\WINDOWS\System32\TaskSwitch.exe
[2000/06/12 04:37:18 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\mtstack.exe

========== LOP Check ==========

[2010/02/16 09:06:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Acoustica
[2010/06/26 09:32:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Amazon
[2011/02/22 09:13:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Autodesk
[2011/08/31 15:24:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Chief Architect X2
[2010/03/17 06:37:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/11/29 18:40:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DVDVideoSoft
[2011/03/10 10:49:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\EPSON
[2011/11/13 10:50:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\F4aQH6dWKfLhXjC
[2009/12/13 01:46:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Foxit
[2010/01/09 13:11:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Foxit Software
[2011/07/06 18:45:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Free Sound Recorder
[2011/11/13 10:47:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mellOOBtxP
[2012/03/04 16:59:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Spotify
[2011/07/03 12:03:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Style Jukebox Settings
[2012/02/27 15:58:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TestApp
[2010/02/09 17:59:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Vso
[2009/12/21 09:08:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2011/12/25 11:55:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/12/25 09:50:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/12/13 14:23:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Chief Architect X2
[2011/03/15 07:07:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2010/10/02 14:08:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2010/05/10 17:11:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2010/05/10 17:15:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 11
[2011/05/18 17:14:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/01/10 15:18:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2012/03/04 17:36:45 | 000,000,370 | ---- | M] () -- C:\WINDOWS\Tasks\MotoHelper Initial Update.job
[2012/02/29 10:23:01 | 000,000,358 | ---- | M] () -- C:\WINDOWS\Tasks\MotoHelper MUM.job
[2012/03/04 10:23:02 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\MotoHelper Routing.job
[2012/02/29 10:23:01 | 000,000,370 | ---- | M] () -- C:\WINDOWS\Tasks\MotoHelper Update.job
[2012/03/04 16:33:58 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{D34A4223-3F9E-489B-8675-157936D04B47}.job

========== Purity Check ==========



========== Custom Scans ==========



< MD5 for: CDROM.SYS >
[2009/10/19 02:40:19 | 017,776,476 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2008/03/20 22:33:24 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=0CC13B7FE6D2F64EFC82CEBFE9D2B8F0 -- C:\WINDOWS\system32\drivers\cdrom.sys

< MD5 for: EXPLORER.EXE >
[2009/10/19 02:25:41 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=2BB75B7F548D82A099125D0C5971DE7D -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2009/10/19 02:25:41 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=2BB75B7F548D82A099125D0C5971DE7D -- C:\WINDOWS\explorer.exe

< MD5 for: SVCHOST.EXE >
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/10/19 02:27:12 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=67E38B4A549833E02D4D1617B5DBC318 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2009/10/19 02:27:12 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=67E38B4A549833E02D4D1617B5DBC318 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/04/14 06:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/14 06:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/10/19 02:27:29 | 000,509,440 | ---- | M] (Microsoft Corporation) MD5=53A8857723277B1D6D5EE60A9F85B117 -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2009/10/19 02:27:29 | 000,509,440 | ---- | M] (Microsoft Corporation) MD5=53A8857723277B1D6D5EE60A9F85B117 -- C:\WINDOWS\system32\winlogon.exe
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
< End of report >
 
All looks normal.

Are you getting same BSOD when trying to boot to safe mode?

I'm not sure why you can't boot to RC CD.
Any chance you can borrow Windows CD from someone?
 
Found a copy of Windows and have the recovery console up. I just typed in "FIXMBR" and the following came up:

"This computer appears to have a non-standard or invalid master boot record FIXMBR may damage your partition tables if you proceed. This could cause all of the partitions on the current hard disk to become inaccessible."

The drive is partitioned with a d: drive containing all archived files. Should I proceed or go back to the REATOGO disk and make sure I have everything backup up on a storage drive before proceeding?


<<<We need to use the Recovery Console to try to fix your issue.

•You'll need to find your Windows XP installation disk.
•Insert the Windows XP CD into the CD-ROM drive, then restart your computer.
•If prompted, click any options that are required to start the computer from the CD-ROM drive.
•When the Welcome to Setup screen appears, press R to start the Recovery Console.
•The Recovery Console will start and ask you which Windows installation you would like to log on to.
◦If you have multiple Windows installations, it will list each one, and you would enter the number associated with the installation you would like to work on and press enter. If you have just one Windows installation, type 1 and press Enter.
•It will then prompt you for the Administrator's password. If there is no password, simply press enter.
•You will now be presented with a C:\Windows> prompt
•Type with an Enter after each line:
•fixmbr

fixboot

exit
•Restart computer.
 
Should I proceed or go back to the REATOGO disk and make sure I have everything backup up on a storage drive before proceeding?
Resetting MBR won't touch your D drive but it's always a good idea to keep fresh back up so you may as well do it now.
 
Still no luck. Went through all of the steps in the recovery console...typed "Exit" then rebooted and right back to bluescreen again. tried to reboot in safe mode and it still hangs up after the mup.sys file. Also tried last known good configuration as well.
 
OK back up and running again! Everything seems to be working, just one peculiar thing, though, I cannot open Internet Explorer. I'm accessing the internet through Google chrome.

Also, there was a ComboFix file that the XP repair could not find - I think it had an .ex3(?) extension.

Firewall is up and I'm using the trial version of Malwarebytes instead of the PC Tools Spyware that I bought last year.

What next?
 
Good news :)

We have to re-run some scans.

Update MBAM and post new log.
Post new logs from aswMBR and Bootkit Remover.
 
Updated MBAM - took weel over an hour for scan and found 5 viruses. Running the other two scans next.

Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.07.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.13
Owner :: STEVE [administrator]

Protection: Enabled

3/7/2012 6:33:10 PM
mbam-log-2012-03-07 (18-33-10).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 422103
Time elapsed: 1 hour(s), 11 minute(s), 6 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 5
C:\Documents and Settings\Custom Settings\Scripts\ToggleQL.exe (Trojan.WinLock) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E4A08339-023B-4921-BF2F-8AC9E414F373}\RP1\A0000007.exe (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E4A08339-023B-4921-BF2F-8AC9E414F373}\RP1\A0000008.exe (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E4A08339-023B-4921-BF2F-8AC9E414F373}\RP1\A0000009.exe (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\03.03.2012_14.27.49\rtkt0000\svc0000\tsk0000.dta (Virus.RLoader) -> Quarantined and deleted successfully.

(end)
 
Status
Not open for further replies.
Back