[A] Malwarebytes blocking outgoing/incoming to same ip

Every 3-10 minutes Malwarebytes blocks an outgoing/incoming request, always the same ip.

2012/06/13 09:46:16 -0700 EXPERIENCE Gregory IP-BLOCK 213.155.21.224 (Type: incoming)
2012/06/13 16:06:21 -0700 EXPERIENCE Gregory IP-BLOCK 213.155.21.224 (Type: outgoing)

mbam-log-2012-06-13 (10-38-05).txt

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.13.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.11
Gregory :: EXPERIENCE [administrator]

Protection: Enabled

6/13/2012 10:38:05 AM
mbam-log-2012-06-13 (10-38-05).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 259464
Time elapsed: 6 minute(s), 19 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

gmer.log

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-06-13 10:49:33
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 ST3160023A rev.8.01
Running: jpcegxmw.exe; Driver: C:\DOCUME~1\Gregory\LOCALS~1\Temp\pglyyaow.sys


---- System - GMER 1.0.15 ----

Code F7A5EC9C ZwRequestPort
Code F7A5ED3C ZwRequestWaitReplyPort
Code F7A5EBFC ZwTraceEvent
Code F7A5EC9B NtRequestPort
Code F7A5ED3B NtRequestWaitReplyPort
Code F7A5EBFB NtTraceEvent

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 VMkbd.sys (VMware keyboard filter driver (32-bit)/VMware, Inc.)

---- EOF - GMER 1.0.15 ----

DDS.txt
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_31
Run by Gregory at 13:21:07 on 2012-06-13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1426 [GMT -7:00]
.
AV: G Data AntiVirus 2010 *Disabled/Outdated* {71310606-6F3B-49F2-9A81-8315AA75FBB3}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
svchost.exe
C:\Program Files\MSI\Star Key Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Micro Niche Finder\srvany.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Micro Niche Finder\bggoogle.exe
C:\WINDOWS\system32\HPZipm12.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\VMware\VMware Player\vmware-authd.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\EVGA Precision\EVGAPrecision.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\AutoSizer\AutoSizer.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
D:\Program Files\Steam\steam.exe
C:\Documents and Settings\Gregory\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\Stickies\stickies.exe
C:\Program Files\WallpaperToy\Wallpapertoy.Exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\PROGRAM FILES\GOOGLE\GMAIL NOTIFIER\GNOTIFY.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\PROGRAM FILES\ELABORATE BYTES\VIRTUALCLONEDRIVE\VCDDAEMON.EXE
C:\PROGRAM FILES\COMMON FILES\LIGHTSCRIBE\LIGHTSCRIBECONTROLPANEL.EXE
C:\Program Files\Skype\Phone\Skype.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: LastPass Browser Helper Object: {95d9ecf5-2a4d-4550-be49-70d42f71296e} - c:\program files\lastpass\LPBar.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: FlashFXP Helper for Internet Explorer: {e5a1691b-d188-4419-ad02-90002030b8ee} - c:\progra~1\flashfxp\IEFlash.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - c:\program files\lastpass\LPBar.dll
uRun: [AutoSizer] "c:\program files\autosizer\AutoSizer.exe"
uRun: [SandboxieControl] "c:\program files\sandboxie\SbieCtrl.exe"
uRun: [Steam] "d:\program files\steam\steam.exe" -silent
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\WinPatrol.exe -expressboot
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Nuance.ctfmngr] c:\program files\nuance\naturallyspeaking10\program\ctfmngr.exe /restore
mRun: [EVGAPrecision] "c:\program files\evga precision\EVGAPrecision.exe" /s
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
dRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NVMCTRAY.DLL,NvTaskbarInit
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\gregory\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\gregory\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\gregory\startm~1\programs\startup\stickies.lnk - c:\program files\stickies\stickies.exe
StartupFolder: c:\docume~1\gregory\startm~1\programs\startup\wallpa~1.lnk - c:\program files\wallpapertoy\Wallpapertoy.Exe
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\msi\star key bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {0483894E-2422-45E0-8384-021AFF1AF3CD} - {0483894E-2422-45E0-8384-021AFF1AF3CD} - c:\program files\imacros\imacros.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - c:\program files\lastpass\LPBar.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: %SystemRoot%\system32\vsocklib.dll
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} - hxxp://download.microsoft.com/download/7/4/9/749b0dc5-2175-4d5b-a6dd-9c4bc923683e/Selfhelpcontrol.cab
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1268200405812
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1268200521750
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - hxxp://ax.emsisoft.com/asquared.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: Interfaces\{2340376E-95A1-4AC8-B4C8-4381226E9DA3} : NameServer = 8.8.8.8,66.93.87.2,8.8.4.4,216.231.41.2
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\gregory\application data\mozilla\firefox\profiles\rm88ypaz.bigg\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?source=gama&hl=en
FF - plugin: c:\documents and settings\gregory\local settings\application data\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\documents and settings\gregory\local settings\application data\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.0.61118.0\npctrlui.dll
FF - plugin: c:\program files\nos\bin\np_gp.dll
.
============= SERVICES / DRIVERS ===============
.
R0 vmci;VMware VMCI Bus Driver;c:\windows\system32\drivers\vmci.sys [2011-8-8 98928]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R1 MpKsl97a76a65;MpKsl97a76a65;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5f5d7587-76ee-45ab-8045-76562f0078fa}\MpKsl97a76a65.sys [2012-6-13 29904]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [2010-1-23 158512]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [2010-1-23 91440]
R1 vcdrom;Virtual CD-ROM Device Driver;c:\installers\winxpvirtualcdcontrolpanel_21\VCdRom.sys [2009-3-3 8576]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2011-1-10 10448]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-11-7 654408]
R2 Micro Niche Finder Background Download Service;Micro Niche Finder Background Download Service;c:\program files\micro niche finder\srvany.exe [2010-2-3 8192]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2012-1-3 2253120]
R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\common files\vmware\usb\vmware-usbarbitrator.exe [2011-8-29 665200]
R3 hcw18bda;Hauppauge WinTV 418 Driver;c:\windows\system32\drivers\hcw18bda.sys [2007-8-31 384896]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [2010-8-24 40912]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [2010-8-24 10448]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-11-7 22344]
R3 RTCore32;RTCore32;c:\program files\evga precision\RTCore32.sys [2011-9-6 5632]
R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2011-10-12 131344]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\drivers\VBoxNetFlt.sys [2011-12-19 116016]
S0 AmdAcpi;AmdAcpi Bus Filter Driver;c:\windows\system32\drivers\amdacpi.sys --> c:\windows\system32\drivers\AmdAcpi.sys [?]
S1 amdtools;AMD Special Tools Driver;c:\windows\system32\drivers\amdtools.sys --> c:\windows\system32\drivers\amdtools.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-6-5 160944]
S3 123rootrepeal;123rootrepeal;c:\windows\system32\drivers\123rootrepeal.sys [2010-1-21 34816]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [2010-1-21 15944]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]
S3 ruby-hello;ruby-hello;c:\wamp\ruby\bin\mongrel_service.exe [2012-1-31 47616]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [2009-12-17 104752]
S3 VBoxUSB;VirtualBox USB;c:\windows\system32\drivers\VBoxUSB.sys [2010-1-23 82736]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-24 129976]
S4 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2004-8-4 14336]
.
=============== Created Last 30 ================
.
2012-06-13 17:22:53 -------- d-----r- c:\program files\Skype
2012-06-13 16:05:46 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5f5d7587-76ee-45ab-8045-76562f0078fa}\MpKsl97a76a65.sys
2012-06-13 10:32:32 6737808 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5f5d7587-76ee-45ab-8045-76562f0078fa}\mpengine.dll
2012-06-09 10:47:53 98816 ----a-w- c:\windows\sed.exe
2012-06-09 10:47:53 518144 ----a-w- c:\windows\SWREG.exe
.
==================== Find3M ====================
.
2012-05-01 21:00:24 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-05-01 21:00:24 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-04 22:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 13:22:09.32 ===============


Attach.txt
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 3/18/2007 3:16:54 AM
System Uptime: 6/13/2012 9:04:47 AM (4 hours ago)
.
Motherboard: ECS | | GF7050VT-M
Processor: Intel Pentium III Xeon processor | CPU 1 | 2666/267mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 149 GiB total, 36.288 GiB free.
D: is FIXED (NTFS) - 466 GiB total, 85.768 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is CDROM ()
H: is CDROM ()
I: is CDROM ()
J: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: VirtualBox Host-Only Ethernet Adapter
Device ID: ROOT\NET\0000
Manufacturer: Oracle Corporation
Name: VirtualBox Host-Only Ethernet Adapter
PNP Device ID: ROOT\NET\0000
Service: VBoxNetAdp
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: VMware Virtual Ethernet Adapter for VMnet1
Device ID: ROOT\VMWARE\0000
Manufacturer: VMware, Inc.
Name: VMware Virtual Ethernet Adapter for VMnet1
PNP Device ID: ROOT\VMWARE\0000
Service: VMnetAdapter
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: VMware Virtual Ethernet Adapter for VMnet8
Device ID: ROOT\VMWARE\0001
Manufacturer: VMware, Inc.
Name: VMware Virtual Ethernet Adapter for VMnet8
PNP Device ID: ROOT\VMWARE\0001
Service: VMnetAdapter
.
==== System Restore Points ===================
.
RP960: 4/25/2012 10:30:49 PM - Software Distribution Service 3.0
RP961: 4/27/2012 3:14:04 AM - System Checkpoint
RP962: 4/27/2012 4:27:50 PM - Software Distribution Service 3.0
RP963: 4/28/2012 4:28:03 PM - Software Distribution Service 3.0
RP964: 4/29/2012 3:40:41 AM - Software Distribution Service 3.0
RP965: 4/29/2012 4:27:47 PM - Software Distribution Service 3.0
RP966: 4/30/2012 4:27:12 PM - Software Distribution Service 3.0
RP967: 5/1/2012 1:59:26 PM - Removed Java(TM) 6 Update 24
RP968: 5/2/2012 12:03:22 AM - Software Distribution Service 3.0
RP969: 5/2/2012 11:59:12 PM - Software Distribution Service 3.0
RP970: 5/4/2012 3:21:03 AM - System Checkpoint
RP971: 5/4/2012 11:46:28 AM - Software Distribution Service 3.0
RP972: 5/5/2012 1:58:38 PM - System Checkpoint
RP973: 5/6/2012 4:03:29 AM - Software Distribution Service 3.0
RP974: 5/6/2012 11:19:24 AM - Software Distribution Service 3.0
RP975: 5/7/2012 1:08:36 PM - System Checkpoint
RP976: 5/7/2012 11:31:15 PM - Software Distribution Service 3.0
RP977: 5/9/2012 4:40:08 AM - System Checkpoint
RP978: 5/9/2012 11:04:56 PM - Software Distribution Service 3.0
RP979: 5/10/2012 11:03:32 PM - Software Distribution Service 3.0
RP980: 5/11/2012 11:04:22 PM - Software Distribution Service 3.0
RP981: 5/12/2012 11:03:44 PM - Software Distribution Service 3.0
RP982: 5/14/2012 2:34:06 AM - System Checkpoint
RP983: 5/14/2012 11:33:55 AM - Software Distribution Service 3.0
RP984: 5/15/2012 11:25:52 AM - Removed HP Update.
RP985: 5/15/2012 11:33:41 AM - Removed Legal Library 2005
RP986: 5/16/2012 11:23:02 AM - Software Distribution Service 3.0
RP987: 5/17/2012 11:23:22 AM - Software Distribution Service 3.0
RP988: 5/18/2012 12:36:56 PM - System Checkpoint
RP989: 5/18/2012 10:17:21 PM - Software Distribution Service 3.0
RP990: 5/19/2012 10:17:15 PM - Software Distribution Service 3.0
RP991: 5/20/2012 4:25:01 AM - Software Distribution Service 3.0
RP992: 5/21/2012 4:29:15 AM - System Checkpoint
RP993: 5/21/2012 7:31:17 PM - Software Distribution Service 3.0
RP994: 5/22/2012 7:31:25 PM - Software Distribution Service 3.0
RP995: 5/23/2012 7:30:52 PM - Software Distribution Service 3.0
RP996: 5/24/2012 9:48:57 PM - System Checkpoint
RP997: 5/25/2012 10:45:25 AM - Software Distribution Service 3.0
RP998: 5/26/2012 10:44:38 AM - Software Distribution Service 3.0
RP999: 5/27/2012 4:10:47 AM - Software Distribution Service 3.0
RP1000: 5/27/2012 10:44:09 AM - Software Distribution Service 3.0
RP1001: 5/28/2012 12:38:54 PM - System Checkpoint
RP1002: 5/29/2012 10:06:36 AM - Software Distribution Service 3.0
RP1003: 5/30/2012 10:05:59 AM - Software Distribution Service 3.0
RP1004: 5/31/2012 10:05:47 AM - Software Distribution Service 3.0
RP1005: 6/1/2012 10:06:39 AM - Software Distribution Service 3.0
RP1006: 6/2/2012 10:06:46 AM - Software Distribution Service 3.0
RP1007: 6/3/2012 3:58:59 AM - Software Distribution Service 3.0
RP1008: 6/3/2012 10:05:38 AM - Software Distribution Service 3.0
RP1009: 6/4/2012 10:05:39 AM - Software Distribution Service 3.0
RP1010: 6/5/2012 10:11:31 AM - System Checkpoint
RP1011: 6/6/2012 12:12:33 AM - Software Distribution Service 3.0
RP1012: 6/7/2012 12:12:47 AM - Software Distribution Service 3.0
RP1013: 6/8/2012 12:12:44 AM - Software Distribution Service 3.0
RP1014: 6/9/2012 12:12:42 AM - Software Distribution Service 3.0
RP1015: 6/10/2012 3:59:04 AM - System Checkpoint
RP1016: 6/10/2012 4:08:03 AM - Software Distribution Service 3.0
RP1017: 6/11/2012 7:31:01 AM - System Checkpoint
RP1018: 6/11/2012 4:03:13 PM - Removed Skype Click to Call
RP1019: 6/11/2012 4:04:25 PM - Removed Skype™ 5.9
RP1020: 6/11/2012 4:20:00 PM - Software Distribution Service 3.0
RP1021: 6/12/2012 5:59:12 PM - System Checkpoint
.
==== Installed Programs ======================
.
7-Zip 4.64
AC-3 ACM Codec
Add or Remove Adobe Creative Suite 3 Master Collection
Adobe Acrobat 8.3.0 - CPSID_83708
Adobe Acrobat 8.3.0 Professional
Adobe AIR
Adobe Color Common Settings
Adobe Download Manager
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Flash Player 9 ActiveX
AnswerAnalyst
ArcExplorer Java Edition
Audacity 1.3.13 (Unicode)
Autodesk 3ds Max 9 32-bit
Autodesk DWF Viewer 7
AutoSizer
blubell
Boks
Business Contact Manager for Outlook 2007 SP2
CCleaner
CleanMem
Company of Heroes
Daily Interest Calculator v3.1
Defraggler
DH Driver Cleaner Professional Edition
DivX Setup
Dragon NaturallySpeaking 10
DriveImage XML (Private Edition)
Driver Sweeper 2.1.0
Dropbox
EPSON Scan
eReg
ESET Online Scanner v3
Everything 1.2.1.371
EVGA Precision 2.1.0
FBX Plugin 2006.08 for Max 9.0
FeedDemon
FeedStation
FFmpeg v0.6.2 for Audacity
FileZilla Client 3.5.3
FlashFXP v3
foobar2000 v1.1.7
Foxit Reader
FreeMind
gedit 2.30.1
GIMP 2.4.6
Git version 1.7.9-preview20120201
Google Chrome
Google Earth
Google Gmail Notifier
GPL Ghostscript 8.63
GTK2-Runtime
HashTab 3.0.0
HD Tune Pro 5.00
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB958655-v2)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB979306)
Huffyuv AVI lossless video codec (Remove Only)
IDT Audio
iMacros V6.86
ImgBurn
InCtrl5
Inkscape 0.46
InterVideo FilterSDK for Hauppauge
Java(TM) 6 Update 31
LAME v3.98.3 for Audacity
LastPass (uninstall only)
LightScribe System Software
Logitech SetPoint 6.20
Magic ISO Maker v5.3 (build 0216)
MagicDisc 2.5.79
Malwarebytes Anti-Malware version 1.61.0.1400
Market Samurai
Micro Niche Finder
Micro Niche Finder 5.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Antimalware
Microsoft Default Manager
Microsoft Help Viewer 1.0
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Accounting 2007
Microsoft Office Accounting Equifax Addin
Microsoft Office Accounting PayPal Addin
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual Basic 2010 Express - ENU
Microsoft Visual C# 2010 Express - ENU
Microsoft Windows Media Video 9 VCM
Microsoft Windows XP Video Decoder Checkup Utility
Morgan M-JPEG codec V3
Mozilla Firefox 12.0 (x86 en-US)
Mozilla Maintenance Service
MusicBrainz Picard 0.7.2
MyDefrag v4.2.5
nanoPEG-Editor 2.6.0 for WinTV
Nero 6 Ultra Edition
Notepad++
NVIDIA Control Panel 285.58
NVIDIA Graphics Driver 285.58
NVIDIA Install Application
NVIDIA nView 135.95
NVIDIA nView Desktop Manager
NVIDIA PhysX
NVIDIA PhysX System Software 9.11.0621
NVIDIA Update 1.5.20
NVIDIA Update Components
oggcodecs 0.71.0946
PDF Info 2.02
pdfsam
Portal 2
Prime95
PSPad editor
RadLight Ogg Media DirectShow filter (remove only)
Realtek AC'97 Audio
REALTEK GbE & FE Ethernet PCI NIC Driver
Revo Uninstaller 1.94
RivaTuner v2.0 Final Release
SABnzbd (remove only)
Sandboxie 3.60 (32-bit)
Scribus 1.3.3.12
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Microsoft Visual Basic 2010 Express - ENU (KB2251489)
Security Update for Microsoft Visual C# 2010 Express - ENU (KB2251489)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2586448)
Security Update for Windows Internet Explorer 7 (KB2618444)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Skype™ 5.9
Source SDK
SpeedFan (remove only)
Stickies 7.1a
Stylizer
SuperMemo
The Action Machine
Traffic Travis 3.1.16
TrueCrypt
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596686) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VirtualCloneDrive
VirusTotal Uploader 2.0
Visual C++ Runtime for Dragon NaturallySpeaking
VLC media player 1.0.5
VMware Player
Wallpaper Changer for Windows XP
WampServer 2.2
Web Content Studio
Winamp (remove only)
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Media Format Runtime
Windows PowerShell(TM) 1.0
Windows XP Service Pack 3
WinPatrol
WinPcap 4.1.1
WinRAR archiver
WinSCP 4.3.2
WinZip
.
==== Event Viewer Messages From Past Week ========
.
6/9/2012 4:24:15 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: nvport
6/9/2012 4:06:27 AM, error: PlugPlayManager [11] - The device Root\LEGACY_ROOTREPEAL\0000 disappeared from the system without first being prepared for removal.
6/9/2012 3:50:39 AM, error: Service Control Manager [7034] - The Micro Niche Finder Background Download Service service terminated unexpectedly. It has done this 1 time(s).
6/9/2012 3:45:20 AM, error: NetDDE [206] - Listen failed: 23: The ncb_lana_num member did not specify a valid network number.
6/9/2012 10:40:24 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Steam Client Service service to connect.
6/9/2012 10:40:24 PM, error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/13/2012 12:59:19 AM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
6/13/2012 1:36:11 AM, error: NetDDE [206] - Listen failed: 15:
.
==== End Of File ===========================

Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
Boot sector MD5 is: 6def5ffcbcdbdb4082f1015625e597bd

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


Done;
Press any key to quit...

The aswMBR scan took hours to complete.

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-13 16:54:18
-----------------------------
16:54:18.359 OS Version: Windows 5.1.2600 Service Pack 3
16:54:18.359 Number of processors: 2 586 0x1706
16:54:18.359 ComputerName: EXPERIENCE UserName: Gregory
16:54:23.984 Initialize success
17:03:29.062 AVAST engine defs: 12061301
17:03:46.859 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
17:03:46.859 Disk 0 Vendor: ST3160023A 8.01 Size: 152627MB BusType: 3
17:03:46.859 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c
17:03:46.859 Disk 1 Vendor: WDC_WD5000AAKB-22UKA0 07.01N01 Size: 476940MB BusType: 3
17:03:47.000 Disk 0 MBR read successfully
17:03:47.000 Disk 0 MBR scan
17:03:47.046 Disk 0 Windows XP default MBR code
17:03:47.062 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152617 MB offset 63
17:03:47.187 Disk 0 scanning sectors +312560640
17:03:47.406 Disk 0 scanning C:\WINDOWS\system32\drivers
17:04:41.843 Service scanning
17:04:55.109 Service MpKsl38a3fb9c C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3F9B4D8E-DA25-478A-8CA2-81F11B87A4DC}\MpKsl38a3fb9c.sys **LOCKED** 32
17:05:19.546 Modules scanning
17:06:15.375 Disk 0 trace - called modules:
17:06:15.421 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
17:06:15.421 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a758ab8]
17:06:15.421 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\00000086[0x8a798410]
17:06:15.421 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x8a7dd300]
17:06:16.562 AVAST engine scan C:\WINDOWS
17:06:58.109 AVAST engine scan C:\WINDOWS\system32
17:20:01.671 AVAST engine scan C:\WINDOWS\system32\drivers
17:21:07.062 AVAST engine scan C:\Documents and Settings\Gregory
19:52:01.031 AVAST engine scan C:\Documents and Settings\All Users
19:59:19.968 Scan finished successfully
22:57:44.500 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Gregory\Desktop\MBR.dat"
22:57:44.578 The log file has been saved successfully to "C:\Documents and Settings\Gregory\Desktop\aswMBR.txt"

ComboFix 12-06-14.04 - Gregory 06/14/2012 20:59:10.12.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1508 [GMT -7:00]
Running from: c:\documents and settings\Gregory\Desktop\ComboFix.exe
AV: G Data AntiVirus 2010 *Disabled/Outdated* {71310606-6F3B-49F2-9A81-8315AA75FBB3}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\program files\Mozilla Maintenance Service
c:\program files\Mozilla Maintenance Service\maintenanceservice.exe
c:\program files\Mozilla Maintenance Service\Uninstall.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_MozillaMaintenance
-------\Service_MozillaMaintenance
.
.
((((((((((((((((((((((((( Files Created from 2012-05-15 to 2012-06-15 )))))))))))))))))))))))))))))))
.
.
2012-06-15 04:28 . 2012-05-08 16:40 6737808 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B5CE95A1-AA80-48D0-A709-C9F2FD92BEBE}\mpengine.dll
2012-06-13 17:22 . 2012-06-13 17:22 -------- d-----w- c:\program files\Common Files\Skype
2012-06-13 17:22 . 2012-06-13 17:22 -------- d-----r- c:\program files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-08 16:40 . 2011-06-30 09:23 6737808 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-05-01 21:00 . 2011-03-23 03:09 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-01 21:00 . 2008-06-10 10:50 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-04-04 22:56 . 2011-11-07 09:55 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-24 23:47 . 2011-03-22 17:42 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-09_11.06.34 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-06-13 17:23 . 2012-06-13 17:23 371272 c:\windows\Installer\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}\SkypeIcon.exe
- 2012-06-07 20:16 . 2012-06-07 20:16 371272 c:\windows\Installer\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}\SkypeIcon.exe
+ 2012-06-13 17:23 . 2012-06-13 17:23 1648128 c:\windows\Installer\47580e.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Gregory\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Gregory\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Gregory\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Gregory\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AutoSizer"="c:\program files\AutoSizer\AutoSizer.exe" [2009-04-08 131072]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2011-10-12 438544]
"Steam"="d:\program files\Steam\steam.exe" [2011-12-25 1242448]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-06-05 17344176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-15 623992]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\WinPatrol.exe" [2010-11-04 329096]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1352272]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"Nuance.ctfmngr"="c:\program files\Nuance\NaturallySpeaking10\Program\ctfmngr.exe" [2009-03-17 50536]
"EVGAPrecision"="c:\program files\EVGA Precision\EVGAPrecision.exe" [2011-11-22 359528]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-10-08 16744256]
"NvMediaCenter"="NvMCTray.dll" [2011-10-08 203072]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2011-10-08 1632360]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\windows\system32\NVMCTRAY.DLL" [2011-10-08 203072]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Install LastPass FF RunOnce.lnk - c:\windows\Temp\lpuninstall.exe [N/A]
Install LastPass IE RunOnce.lnk - c:\windows\Temp\lpuninstall.exe [N/A]
.
c:\documents and settings\Gregory\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Gregory\Application Data\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
Stickies.lnk - c:\program files\Stickies\stickies.exe [2011-9-10 1122304]
Wallpaper Changer.lnk - c:\program files\WallpaperToy\Wallpapertoy.Exe [2010-4-8 110592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-10-28 10:13 64592 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rootrepeal.sys]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Program Files\\Market Samurai\\Market Samurai.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"c:\\Documents and Settings\\Gregory\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Oracle\\VirtualBox\\VirtualBox.exe"=
"c:\\Program Files\\Notepad++\\notepad++.exe"=
"c:\\Program Files\\PSPad editor\\PSPad.exe"=
"c:\\Program Files\\Stickies\\stickies.exe"=
"d:\\Program Files\\Steam\\Steam.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\company of heroes\\RelicDownloader\\RelicDownloader.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\company of heroes\\RelicCOH.exe"=
"c:\\wamp\\bin\\apache\\Apache2.2.21\\bin\\httpd.exe"=
"c:\\wamp\\ruby\\bin\\ruby.exe"=
"c:\\Program Files\\VMware\\VMware Player\\vmware-authd.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\orcs must die!\\Build\\release\\OrcsMustDie.exe"=
"c:\\Program Files\\eclipse-php\\eclipse-php.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\portal 2\\portal2.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*isabledxpsp2res.dll,-22009
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
"27014:TCP"= 27014:TCPort-range 27014
"27015:TCP"= 27015:TCPort-range 27015
"27016:TCP"= 27016:TCPort-range 27016
"27017:TCP"= 27017:TCPort-range 27017
"27018:TCP"= 27018:TCPort-range 27018
"27019:TCP"= 27019:TCPort-range 27019
"27020:TCP"= 27020:TCPort-range 27020
"27021:TCP"= 27021:TCPort-range 27021
"27022:TCP"= 27022:TCPort-range 27022
"27023:TCP"= 27023:TCPort-range 27023
"27024:TCP"= 27024:TCPort-range 27024
"27025:TCP"= 27025:TCPort-range 27025
"27026:TCP"= 27026:TCPort-range 27026
"27027:TCP"= 27027:TCPort-range 27027
"27028:TCP"= 27028:TCPort-range 27028
"27029:TCP"= 27029:TCPort-range 27029
"27030:TCP"= 27030:TCPort-range 27030
"27031:TCP"= 27031:TCPort-range 27031
"27032:TCP"= 27032:TCPort-range 27032
"27033:TCP"= 27033:TCPort-range 27033
"27034:TCP"= 27034:TCPort-range 27034
"27035:TCP"= 27035:TCPort-range 27035
"27036:TCP"= 27036:TCPort-range 27036
"27037:TCP"= 27037:TCPort-range 27037
"27038:TCP"= 27038:TCPort-range 27038
"27039:TCP"= 27039:TCPort-range 27039
"27040:TCP"= 27040:TCPort-range 27040
"27041:TCP"= 27041:TCPort-range 27041
"27042:TCP"= 27042:TCPort-range 27042
"27043:TCP"= 27043:TCPort-range 27043
"27044:TCP"= 27044:TCPort-range 27044
"27045:TCP"= 27045:TCPort-range 27045
"27046:TCP"= 27046:TCPort-range 27046
"27047:TCP"= 27047:TCPort-range 27047
"27048:TCP"= 27048:TCPort-range 27048
"27049:TCP"= 27049:TCPort-range 27049
"27050:TCP"= 27050:TCPort-range 27050
"27014:UDP"= 27014:UDPort-range 27014
"27015:UDP"= 27015:UDPort-range 27015
"27016:UDP"= 27016:UDPort-range 27016
"27017:UDP"= 27017:UDPort-range 27017
"27018:UDP"= 27018:UDPort-range 27018
"27019:UDP"= 27019:UDPort-range 27019
"27020:UDP"= 27020:UDPort-range 27020
"27021:UDP"= 27021:UDPort-range 27021
"27022:UDP"= 27022:UDPort-range 27022
"27023:UDP"= 27023:UDPort-range 27023
"27024:UDP"= 27024:UDPort-range 27024
"27025:UDP"= 27025:UDPort-range 27025
"27026:UDP"= 27026:UDPort-range 27026
"27027:UDP"= 27027:UDPort-range 27027
"27028:UDP"= 27028:UDPort-range 27028
"27029:UDP"= 27029:UDPort-range 27029
"27030:UDP"= 27030:UDPort-range 27030
"4380:UDP"= 4380:UDPort-UDP 4380
"27000:UDP"= 27000:UDPort-range 27000
"27001:UDP"= 27001:UDPort-range 27001
"27002:UDP"= 27002:UDPort-range 27002
"27003:UDP"= 27003:UDPort-range 27003
"27004:UDP"= 27004:UDPort-range 27004
"27005:UDP"= 27005:UDPort-range 27005
"27006:UDP"= 27006:UDPort-range 27006
"27007:UDP"= 27007:UDPort-range 27007
"27008:UDP"= 27008:UDPort-range 27008
"27009:UDP"= 27009:UDPort-range 27009
"27010:UDP"= 27010:UDPort-range 27010
"27011:UDP"= 27011:UDPort-range 27011
"27012:UDP"= 27012:UDPort-range 27012
"27013:UDP"= 27013:UDPort-range 27013
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundMaskRequest"= 1 (0x1)
"AllowInboundRouterRequest"= 1 (0x1)
"AllowInboundTimestampRequest"= 1 (0x1)
"AllowOutboundDestinationUnreachable"= 1 (0x1)
"AllowOutboundPacketTooBig"= 1 (0x1)
"AllowOutboundParameterProblem"= 1 (0x1)
"AllowOutboundSourceQuench"= 1 (0x1)
"AllowOutboundTimeExceeded"= 1 (0x1)
"AllowRedirect"= 1 (0x1)
.
R0 vmci;VMware VMCI Bus Driver;c:\windows\system32\drivers\vmci.sys [8/8/2011 3:58 PM 98928]
R1 MpKsl33628768;MpKsl33628768;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3F9B4D8E-DA25-478A-8CA2-81F11B87A4DC}\MpKsl33628768.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3F9B4D8E-DA25-478A-8CA2-81F11B87A4DC}\MpKsl33628768.sys [?]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [1/23/2010 10:50 PM 158512]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [1/23/2010 10:50 PM 91440]
R1 vcdrom;Virtual CD-ROM Device Driver;c:\installers\winxpvirtualcdcontrolpanel_21\VCdRom.sys [3/3/2009 6:57 AM 8576]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [1/10/2011 8:51 PM 10448]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11/7/2011 2:55 AM 654408]
R2 Micro Niche Finder Background Download Service;Micro Niche Finder Background Download Service;c:\program files\Micro Niche Finder\srvany.exe [2/3/2010 3:50 AM 8192]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [1/3/2012 3:14 PM 2253120]
R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [8/29/2011 11:11 PM 665200]
R3 hcw18bda;Hauppauge WinTV 418 Driver;c:\windows\system32\drivers\hcw18bda.sys [8/31/2007 12:13 PM 384896]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [8/24/2010 10:30 AM 40912]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [8/24/2010 10:30 AM 10448]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11/7/2011 2:55 AM 22344]
R3 RTCore32;RTCore32;c:\program files\EVGA Precision\RTCore32.sys [9/6/2011 5:24 PM 5632]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\drivers\VBoxNetFlt.sys [12/19/2011 3:11 PM 116016]
S0 AmdAcpi;AmdAcpi Bus Filter Driver;c:\windows\system32\DRIVERS\AmdAcpi.sys --> c:\windows\system32\DRIVERS\AmdAcpi.sys [?]
S1 amdtools;AMD Special Tools Driver;c:\windows\system32\DRIVERS\amdtools.sys --> c:\windows\system32\DRIVERS\amdtools.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 2:16 PM 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [6/5/2012 3:17 PM 160944]
S3 123rootrepeal;123rootrepeal;c:\windows\system32\drivers\123rootrepeal.sys [1/21/2010 10:01 AM 34816]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [1/21/2010 9:17 PM 15944]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [10/20/2009 11:19 AM 50704]
S3 ruby-hello;ruby-hello;c:\wamp\ruby\bin\mongrel_service.exe [1/31/2012 1:37 PM 47616]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [12/17/2009 4:02 PM 104752]
S3 VBoxUSB;VirtualBox USB;c:\windows\system32\drivers\VBoxUSB.sys [1/23/2010 10:50 PM 82736]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 2:16 PM 753504]
S4 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/4/2004 5:00 AM 14336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-02-25 18:12 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-15 c:\windows\Tasks\Clean System Memory.job
- c:\windows\system32\CleanMem.exe [2009-11-11 23:22]
.
2012-06-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-1645522239-839522115-1015Core.job
- c:\documents and settings\Gregory\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-11 03:44]
.
2012-06-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-1645522239-839522115-1015UA.job
- c:\documents and settings\Gregory\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-11 03:44]
.
2012-06-15 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 22:39]
.
2012-06-14 c:\windows\Tasks\NatSpeak Periodic Acoustic Optimization.job
- c:\program files\Nuance\NaturallySpeaking10\Program\schedmgr.exe [2009-03-17 03:45]
.
2012-06-14 c:\windows\Tasks\NatSpeak Periodic Language Model Optimization.job
- c:\program files\Nuance\NaturallySpeaking10\Program\schedmgr.exe [2009-03-17 03:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
LSP: %SystemRoot%\system32\vsocklib.dll
TCP: Interfaces\{2340376E-95A1-4AC8-B4C8-4381226E9DA3}: NameServer = 8.8.8.8,66.93.87.2,8.8.4.4,216.231.41.2
FF - ProfilePath - c:\documents and settings\Gregory\Application Data\Mozilla\Firefox\Profiles\rm88ypaz.bigG\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?source=gama&hl=en
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-MozillaMaintenanceService - c:\program files\Mozilla Maintenance Service\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-14 21:59
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ruby-hello]
"ImagePath"="\"C:/wamp/ruby/bin/mongrel_service.exe\" service single -e development -p 3001 -a 0.0.0.0 -l \"log/mongrel.log\" -P \"log/mongrel.pid\" -c \"c:/wamp/www/rails/hello\" -t 0 -r \"public\" -n 1024"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ruby-hello]
"ImagePath"="\"C:/wamp/ruby/bin/mongrel_service.exe\" service single -e development -p 3001 -a 0.0.0.0 -l \"log/mongrel.log\" -P \"log/mongrel.pid\" -c \"c:/wamp/www/rails/hello\" -t 0 -r \"public\" -n 1024"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:74,63,79,64,0b,2b,41,2c,de,f0,c2,19,db,b6,b1,3c,be,2d,3b,ee,ed,
31,3d,bb,3a,4c,77,d1,77,d4,c2,ef,9d,99,52,64,9c,89,c2,15,83,2d,19,68,b8,a0,\
.
[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:74,63,79,64,0b,2b,41,2c,de,f0,c2,19,db,b6,b1,3c,be,2d,3b,ee,ed,
31,3d,bb,3a,4c,77,d1,77,d4,c2,ef,9d,99,52,64,9c,89,c2,15,83,2d,19,68,b8,a0,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(952)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
.
- - - - - - - > 'explorer.exe'(1696)
c:\windows\system32\WININET.dll
c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL
c:\documents and settings\Gregory\Application Data\Dropbox\bin\DropboxExt.14.dll
c:\program files\AutoSizer\AutoSizer.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\program files\Sandboxie\SbieSvc.exe
c:\windows\system32\netdde.exe
c:\program files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\MSI\Star Key Bluetooth Software\bin\btwdins.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\Micro Niche Finder\bggoogle.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\vmnat.exe
c:\windows\system32\vmnetdhcp.exe
c:\program files\VMware\VMware Player\vmware-authd.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\RunDLL32.exe
c:\program files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\program files\GOOGLE\GMAIL NOTIFIER\GNOTIFY.EXE
.
**************************************************************************
.
Completion time: 2012-06-14 22:09:24 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-15 05:09
ComboFix2.txt 2012-06-10 21:00
.
Pre-Run: 40,879,992,832 bytes free
Post-Run: 40,661,991,424 bytes free
.
- - End Of File - - EECCCE0970BEF2940813EF266DEC1AFA

I noticed the following repeated in the Combofix log;

AV: G Data AntiVirus 2010 *Disabled/Outdated* {71310606-6F3B-49F2-9A81-8315AA75FBB3}

G Data did not show up in "Add or Remove Programs", nor was it listed in Revo Unistaller. I used G Data's AVCleaner 2012 tool when you initially directed me to uninstall one of the AV programs. I thought it removed all traces. All that I can find now of G Data are an empty Folder and some Registry entries.

Prompted to update Combofix after dragging CFScript.txt. Do I upgrade?

Will I need to restart again with CFScript.txt?

Combofix appeared to me to restart after the upgrade and I am unsure if it retained the CFScritpt.txt. Question was, do I need to restart Combofix again by dragging the CFScritp.txt onto the CF icon?

ComboFix 12-06-15.03 - Gregory 06/15/2012 9:45.14.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1487 [GMT -7:00]
Running from: c:\documents and settings\Gregory\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Gregory\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((( Files Created from 2012-05-15 to 2012-06-15 )))))))))))))))))))))))))))))))
.
.
2012-06-15 05:30 . 2012-05-08 16:40 6737808 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{87010546-B2D6-4744-86CE-41D7D0F62DF7}\mpengine.dll
2012-06-15 05:06 . 2012-06-15 05:06 -------- d-----w- c:\program files\Dropbox
2012-06-13 17:22 . 2012-06-13 17:22 -------- d-----w- c:\program files\Common Files\Skype
2012-06-13 17:22 . 2012-06-13 17:22 -------- d-----r- c:\program files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-08 16:40 . 2011-06-30 09:23 6737808 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-05-01 21:00 . 2011-03-23 03:09 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-01 21:00 . 2008-06-10 10:50 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-04-04 22:56 . 2011-11-07 09:55 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-24 23:47 . 2011-03-22 17:42 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-09_11.06.34 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-06-13 17:23 . 2012-06-13 17:23 371272 c:\windows\Installer\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}\SkypeIcon.exe
- 2012-06-07 20:16 . 2012-06-07 20:16 371272 c:\windows\Installer\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}\SkypeIcon.exe
+ 2012-06-13 17:23 . 2012-06-13 17:23 1648128 c:\windows\Installer\47580e.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Gregory\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Gregory\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Gregory\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Gregory\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AutoSizer"="c:\program files\AutoSizer\AutoSizer.exe" [2009-04-08 131072]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2011-10-12 438544]
"Steam"="d:\program files\Steam\steam.exe" [2011-12-25 1242448]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-06-05 17344176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-15 623992]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\WinPatrol.exe" [2010-11-04 329096]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1352272]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"Nuance.ctfmngr"="c:\program files\Nuance\NaturallySpeaking10\Program\ctfmngr.exe" [2009-03-17 50536]
"EVGAPrecision"="c:\program files\EVGA Precision\EVGAPrecision.exe" [2011-11-22 359528]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-10-08 16744256]
"NvMediaCenter"="NvMCTray.dll" [2011-10-08 203072]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2011-10-08 1632360]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\windows\system32\NVMCTRAY.DLL" [2011-10-08 203072]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Install LastPass FF RunOnce.lnk - c:\windows\Temp\lpuninstall.exe [N/A]
Install LastPass IE RunOnce.lnk - c:\windows\Temp\lpuninstall.exe [N/A]
.
c:\documents and settings\Gregory\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Gregory\Application Data\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
Stickies.lnk - c:\program files\Stickies\stickies.exe [2011-9-10 1122304]
Wallpaper Changer.lnk - c:\program files\WallpaperToy\Wallpapertoy.Exe [2010-4-8 110592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-10-28 10:13 64592 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rootrepeal.sys]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Program Files\\Market Samurai\\Market Samurai.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"c:\\Documents and Settings\\Gregory\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Oracle\\VirtualBox\\VirtualBox.exe"=
"c:\\Program Files\\Notepad++\\notepad++.exe"=
"c:\\Program Files\\PSPad editor\\PSPad.exe"=
"c:\\Program Files\\Stickies\\stickies.exe"=
"d:\\Program Files\\Steam\\Steam.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\company of heroes\\RelicDownloader\\RelicDownloader.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\company of heroes\\RelicCOH.exe"=
"c:\\wamp\\bin\\apache\\Apache2.2.21\\bin\\httpd.exe"=
"c:\\wamp\\ruby\\bin\\ruby.exe"=
"c:\\Program Files\\VMware\\VMware Player\\vmware-authd.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\orcs must die!\\Build\\release\\OrcsMustDie.exe"=
"c:\\Program Files\\eclipse-php\\eclipse-php.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\portal 2\\portal2.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*isabledxpsp2res.dll,-22009
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundMaskRequest"= 1 (0x1)
"AllowInboundRouterRequest"= 1 (0x1)
"AllowInboundTimestampRequest"= 1 (0x1)
"AllowOutboundDestinationUnreachable"= 1 (0x1)
"AllowOutboundPacketTooBig"= 1 (0x1)
"AllowOutboundParameterProblem"= 1 (0x1)
"AllowOutboundSourceQuench"= 1 (0x1)
"AllowOutboundTimeExceeded"= 1 (0x1)
"AllowRedirect"= 1 (0x1)
.
R0 vmci;VMware VMCI Bus Driver;c:\windows\system32\drivers\vmci.sys [8/8/2011 3:58 PM 98928]
R1 MpKsl33628768;MpKsl33628768;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3F9B4D8E-DA25-478A-8CA2-81F11B87A4DC}\MpKsl33628768.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3F9B4D8E-DA25-478A-8CA2-81F11B87A4DC}\MpKsl33628768.sys [?]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [1/23/2010 10:50 PM 158512]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [1/23/2010 10:50 PM 91440]
R1 vcdrom;Virtual CD-ROM Device Driver;c:\installers\winxpvirtualcdcontrolpanel_21\VCdRom.sys [3/3/2009 6:57 AM 8576]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [1/10/2011 8:51 PM 10448]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11/7/2011 2:55 AM 654408]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [1/3/2012 3:14 PM 2253120]
R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [8/29/2011 11:11 PM 665200]
R3 hcw18bda;Hauppauge WinTV 418 Driver;c:\windows\system32\drivers\hcw18bda.sys [8/31/2007 12:13 PM 384896]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [8/24/2010 10:30 AM 40912]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [8/24/2010 10:30 AM 10448]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11/7/2011 2:55 AM 22344]
R3 RTCore32;RTCore32;c:\program files\EVGA Precision\RTCore32.sys [9/6/2011 5:24 PM 5632]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\drivers\VBoxNetFlt.sys [12/19/2011 3:11 PM 116016]
S0 AmdAcpi;AmdAcpi Bus Filter Driver;c:\windows\system32\DRIVERS\AmdAcpi.sys --> c:\windows\system32\DRIVERS\AmdAcpi.sys [?]
S1 amdtools;AMD Special Tools Driver;c:\windows\system32\DRIVERS\amdtools.sys --> c:\windows\system32\DRIVERS\amdtools.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 2:16 PM 130384]
S2 Micro Niche Finder Background Download Service;Micro Niche Finder Background Download Service;c:\program files\Micro Niche Finder\srvany.exe [2/3/2010 3:50 AM 8192]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [6/5/2012 3:17 PM 160944]
S3 123rootrepeal;123rootrepeal;c:\windows\system32\drivers\123rootrepeal.sys [1/21/2010 10:01 AM 34816]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [1/21/2010 9:17 PM 15944]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [10/20/2009 11:19 AM 50704]
S3 ruby-hello;ruby-hello;c:\wamp\ruby\bin\mongrel_service.exe [1/31/2012 1:37 PM 47616]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [12/17/2009 4:02 PM 104752]
S3 VBoxUSB;VirtualBox USB;c:\windows\system32\drivers\VBoxUSB.sys [1/23/2010 10:50 PM 82736]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 2:16 PM 753504]
S4 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/4/2004 5:00 AM 14336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-02-25 18:12 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-15 c:\windows\Tasks\Clean System Memory.job
- c:\windows\system32\CleanMem.exe [2009-11-11 23:22]
.
2012-06-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-1645522239-839522115-1015Core.job
- c:\documents and settings\Gregory\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-11 03:44]
.
2012-06-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-1645522239-839522115-1015UA.job
- c:\documents and settings\Gregory\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-11 03:44]
.
2012-06-15 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 22:39]
.
2012-06-14 c:\windows\Tasks\NatSpeak Periodic Acoustic Optimization.job
- c:\program files\Nuance\NaturallySpeaking10\Program\schedmgr.exe [2009-03-17 03:45]
.
2012-06-15 c:\windows\Tasks\NatSpeak Periodic Language Model Optimization.job
- c:\program files\Nuance\NaturallySpeaking10\Program\schedmgr.exe [2009-03-17 03:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
LSP: %SystemRoot%\system32\vsocklib.dll
TCP: Interfaces\{2340376E-95A1-4AC8-B4C8-4381226E9DA3}: NameServer = 8.8.8.8,66.93.87.2,8.8.4.4,216.231.41.2
FF - ProfilePath - c:\documents and settings\Gregory\Application Data\Mozilla\Firefox\Profiles\rm88ypaz.bigG\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?source=gama&hl=en
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-15 09:58
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ruby-hello]
"ImagePath"="\"C:/wamp/ruby/bin/mongrel_service.exe\" service single -e development -p 3001 -a 0.0.0.0 -l \"log/mongrel.log\" -P \"log/mongrel.pid\" -c \"c:/wamp/www/rails/hello\" -t 0 -r \"public\" -n 1024"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ruby-hello]
"ImagePath"="\"C:/wamp/ruby/bin/mongrel_service.exe\" service single -e development -p 3001 -a 0.0.0.0 -l \"log/mongrel.log\" -P \"log/mongrel.pid\" -c \"c:/wamp/www/rails/hello\" -t 0 -r \"public\" -n 1024"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:74,63,79,64,0b,2b,41,2c,de,f0,c2,19,db,b6,b1,3c,be,2d,3b,ee,ed,
31,3d,bb,3a,4c,77,d1,77,d4,c2,ef,9d,99,52,64,9c,89,c2,15,83,2d,19,68,b8,a0,\
.
[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:74,63,79,64,0b,2b,41,2c,de,f0,c2,19,db,b6,b1,3c,be,2d,3b,ee,ed,
31,3d,bb,3a,4c,77,d1,77,d4,c2,ef,9d,99,52,64,9c,89,c2,15,83,2d,19,68,b8,a0,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(952)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
.
- - - - - - - > 'explorer.exe'(1284)
c:\windows\system32\WININET.dll
c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL
c:\documents and settings\Gregory\Application Data\Dropbox\bin\DropboxExt.14.dll
c:\program files\AutoSizer\AutoSizer.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2012-06-15 10:00:14
ComboFix-quarantined-files.txt 2012-06-15 17:00
ComboFix2.txt 2012-06-15 16:29
ComboFix3.txt 2012-06-15 05:09
ComboFix4.txt 2012-06-10 21:00
.
Pre-Run: 40,650,416,128 bytes free
Post-Run: 40,628,314,112 bytes free
.
- - End Of File - - AB7ADD349FA66CD5F11084A80EA76F89

yes

OTL appears to have halted scanning an entry in the registry.