Inactive [A] Malwarebytes blocking outgoing/incoming to same ip

[gBarrett]

OTL again hangs on the registry entry;

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\DOS Devices\AUX...

 

[Broni]

Let's try to boot your computer using the Ultimate Boot CD for Windows (UBCD4win).

Please print this guide for future reference!

You will need a blank CD, a clean computer and a flash drive.

Please follow the steps below and let me know if you were successful. If you were unable to create the UBCD4win, please tell me what error messages you got and/or what steps you got hung up on.

:step1:

1. Download and Run Ultimate Boot CD for Windows

• Save it to your Desktop.
• Double-Click on the UBCD4Win.EXE that you just downloaded to your desktop.
• Follow all of the instructions/prompts that come up.
  NOTES:
  • Do not install to a folder with spaces in it's name.
  • Your Anti-Virus may report viruses or trojans when you extract UBCD4Win, these are "False-Positives." Read HERE for information regarding the files that normally trigger AV software.

2. Insert your XP CD with SP1/SP2/SP3 into a CD Rom drive

• Double-Click on UBCD4WinBuilder.exe located in your C:\ubcd4win folder.
• Click "I agree" to the Builders License.
• Click NO to Search for Windows Installation Files
• Make the following selections from the Main Screen that pops up:
  • Builder
    • Sourcepath to Windows installation files)
      • Enter the path to the drive where your XP CD is located.
      • You can click on the "..." button on the right to navigate to the path as well.
    • Custom: (include files and folders from this directory)
      • No information is necessary, leave blank.
    • Output: (C:\ubcd4win\BartPE)
      • Keep the default BartPE
  • Media output
    • Choose Create ISO image
    • Do not choose Burn to CD/DVD
    
    
    Please note: If your XP install disc is SP1 then please .....
    
    1. Disable- DComLaunch Service
    2. Enable- LargeIDE Fix
       
       This can be done by pressing the "Plugin" button and checking or unchecking the appropriate selections
    
    Also note: If you have a Dell XP install disc you will need to follow the instructions here
    http://www.ubcd4win.com/faq.htm#dell
  
  3. Click on the "Build" button
  • You will see the Windows EULA message. Click on I Agree
  • You will now see the Build Screen. Let it run it's course
  • When the Build is finished you can click close, then exit
  
  
  4. Burn your ISO file to CD
  • Please see HERE on how to burn an ISO to CD.

==========

:step2:

Next, from your clean computer:

Download Farbar Recovery Scan Tool
and save it to your flash drive.

Now plug your flashdrive back into your sick computer and follow the next instructions:

==========

:step3:

1. Restart Your sick Computer Using the UBCD4Win Disc That You Have Created

• Insert the UBCD4Win disc in to one of your CD/DVD drives.
• Restart your computer.
  • The computer should choose to boot from the UBCD4Win CD automatically. If it doesn't and you are asked if you want to boot from CD, then choose that option.
• In the window that pops up select Launch The Ultimate Boot CD For Windows and press Enter.
  • It may take a little longer for the Desktop to appear than it does when you start your computer normally. Just let the process run itself until the desktop appears.
• Once the desktop appears, you will receive a message asking: Do you want to start Network support?
  • Click on Yes if you want to use the PE environment to get online post your log and reply by way of an Ethernet connection.
• You should now have a desktop that looks like this:
  
  

==========

:step4:

• Single click My computer from your UBCD4W desktop to navigate to the Farbar Recovery Scan Tool you saved to your flash drive.
• Double click on it to begin running the tool.
• When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your next reply.

 

[gBarrett]

Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 14-06-2012
Ran by SYSTEM at 15-06-2012 16:29:49
Running from E:\
Microsoft Windows XP Service Pack 2 (X86) OS Language: Georgian
The current controlset is ControlSet001

ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNTION PROPERLY.


============ One Month Created Files and Folders ==============

2012-06-15 19:25 - 2012-06-15 19:32 - 00100566 ____A C:\TDSSKiller.2.7.40.0_15.06.2012_12.25.10_log.txt
2012-06-15 19:11 - 2012-06-15 22:15 - 02127960 ____A (Kaspersky Lab ZAO) C:\Documents and Settings\Gregory\Desktop\TDSSKiller.exe
2012-06-15 17:44 - 2012-06-15 17:44 - 00596480 ____A (OldTimer Tools) C:\Documents and Settings\Gregory\Desktop\OTL.exe
2012-06-15 17:00 - 2012-06-15 17:00 - 00016660 ____A C:\ComboFix.txt
2012-06-15 16:29 - 2012-06-15 16:29 - 00000000 ____D C:\FRST
2012-06-15 05:06 - 2012-06-15 05:06 - 00000000 ____D C:\Program Files\Dropbox
2012-06-15 04:15 - 2012-06-15 04:15 - 00008192 ___AH C:\Windows\System32\config\SECURITY.tmp.LOG
2012-06-15 04:15 - 2012-06-15 04:15 - 00000000 ___AH C:\Windows\System32\config\system.tmp.LOG
2012-06-15 04:15 - 2012-06-15 04:15 - 00000000 ___AH C:\Windows\System32\config\software.tmp.LOG
2012-06-15 04:15 - 2012-06-15 04:15 - 00000000 ___AH C:\Windows\System32\config\SAM.tmp.LOG
2012-06-15 04:15 - 2012-06-15 04:15 - 00000000 ___AH C:\Windows\System32\config\default.tmp.LOG
2012-06-15 03:54 - 2012-06-15 16:42 - 04559180 ____R (Swearware) C:\Documents and Settings\Gregory\Desktop\ComboFix.exe
2012-06-14 06:17 - 2012-06-14 06:18 - 06104577 ____A C:\Documents and Settings\Gregory\My Documents\Intro.mp4
2012-06-14 05:57 - 2012-06-14 05:57 - 00002321 ____A C:\Documents and Settings\Gregory\Desktop\aswMBR.txt
2012-06-14 05:57 - 2012-06-14 05:57 - 00000512 ____A C:\Documents and Settings\Gregory\Desktop\MBR.dat
2012-06-13 23:51 - 2012-06-13 23:51 - 00052144 ____A C:\Documents and Settings\Gregory\Desktop\bootkit_remover_debug_log.txt
2012-06-13 23:50 - 2012-06-13 23:51 - 04731392 ____A (AVAST Software) C:\Documents and Settings\Gregory\Desktop\aswMBR.exe
2012-06-13 23:50 - 2011-09-22 01:11 - 00003641 ____A C:\Documents and Settings\Gregory\Desktop\readme_ru.txt
2012-06-13 23:50 - 2011-09-22 01:11 - 00003114 ____A C:\Documents and Settings\Gregory\Desktop\readme_en.txt
2012-06-13 23:50 - 2011-09-20 10:02 - 00083968 ____A (Esage Lab) C:\Documents and Settings\Gregory\Desktop\boot_cleaner.exe
2012-06-13 23:49 - 2012-06-13 23:50 - 00044607 ____A C:\Documents and Settings\Gregory\Desktop\bootkit_remover.zip
2012-06-13 23:46 - 2012-06-13 23:46 - 00022278 ____A C:\Documents and Settings\Gregory\Desktop\attach_edited.txt
2012-06-13 23:45 - 2012-06-13 23:45 - 00381952 ____A C:\Documents and Settings\Gregory\Desktop\AVCleaner_2012_INT.exe
2012-06-13 17:49 - 2012-06-13 17:49 - 00001065 ____A C:\Documents and Settings\Gregory\Desktop\gmer.log
2012-06-13 17:44 - 2012-06-13 17:44 - 00001924 ____A C:\Documents and Settings\Gregory\Desktop\mbam-log-2012-06-13 (10-38-05).txt
2012-06-13 17:22 - 2012-06-13 17:22 - 00001878 ____A C:\Documents and Settings\All Users\Desktop\Skype.lnk
2012-06-13 17:22 - 2012-06-13 17:22 - 00000000 ___RD C:\Program Files\Skype
2012-06-13 17:22 - 2012-06-13 17:22 - 00000000 ____D C:\Program Files\Common Files\Skype
2012-06-13 15:55 - 2012-06-13 15:55 - 00009726 ____A C:\Documents and Settings\Gregory\My Documents\xouroborus.vcf
2012-06-13 08:37 - 2012-06-13 08:37 - 00000927 ____A C:\Documents and Settings\Gregory\Desktop\Revo Uninstaller.lnk
2012-06-13 08:19 - 2012-06-13 08:19 - 00001065 ____A C:\Documents and Settings\Gregory\Desktop\gmer_b.log
2012-06-13 07:45 - 2012-06-13 07:45 - 00302592 ____A C:\Documents and Settings\Gregory\Desktop\jpcegxmw.exe
2012-06-13 07:41 - 2012-06-13 07:41 - 00001926 ____A C:\Documents and Settings\Gregory\Desktop\mbam-log-2012-06-13 (00-27-39)_a.txt
2012-06-11 21:07 - 2012-06-11 21:07 - 00017776 ____A C:\Documents and Settings\Gregory\My Documents\07 RAM-052512_blackstone.pdf
2012-06-09 11:09 - 2012-06-09 11:09 - 00024913 ____A C:\ComboFix_a.txt
2012-06-09 10:47 - 2012-06-15 17:00 - 00000000 ____D C:\Qoobox
2012-06-09 10:47 - 2009-04-20 04:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-06-09 10:47 - 2000-08-31 00:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-06-09 10:47 - 2000-08-31 00:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-06-09 10:47 - 2000-08-31 00:00 - 00212480 ____A (SteelWerX) C:\Windows\SWXCACLS.exe
2012-06-09 10:47 - 2000-08-31 00:00 - 00098816 ____A C:\Windows\sed.exe
2012-06-09 10:47 - 2000-08-31 00:00 - 00080412 ____A C:\Windows\grep.exe
2012-06-09 10:47 - 2000-08-31 00:00 - 00068096 ____A C:\Windows\zip.exe
2012-06-09 10:34 - 2012-06-09 10:36 - 00101520 ____A C:\TDSSKiller.2.7.36.0_09.06.2012_03.34.41_log.txt
2012-06-09 10:33 - 2011-01-01 08:14 - 00002254 ____A C:\Documents and Settings\Gregory\Desktop\eula.txt
2012-06-09 10:30 - 2012-06-15 19:09 - 02109032 ____A C:\Documents and Settings\Gregory\Desktop\tdsskiller.zip
2012-06-05 15:36 - 2012-06-05 15:36 - 01189834 ____A C:\Documents and Settings\Gregory\My Documents\RV_Pointing_Table.pdf
2012-06-05 15:28 - 2012-06-05 15:29 - 06451359 ____A C:\Documents and Settings\Gregory\My Documents\HopperUserGuide_user1.pdf
2012-06-05 15:28 - 2012-06-05 15:29 - 05198634 ____A C:\Documents and Settings\Gregory\My Documents\PROD114+Hopper+Features+Booklet.pdf
2012-06-05 15:28 - 2012-06-05 15:28 - 02216278 ____A C:\Documents and Settings\Gregory\My Documents\HomeNetwork_InstallGuide.pdf
2012-06-05 15:28 - 2012-06-05 15:28 - 01201489 ____A C:\Documents and Settings\Gregory\My Documents\DISHPro_InstallGuide.pdf
2012-06-05 15:26 - 2012-06-05 15:27 - 03594244 ____A C:\Documents and Settings\Gregory\My Documents\Reten662_Hopper+DVRQRG.pdf
2012-06-05 07:02 - 2012-06-05 07:02 - 00038466 ____A C:\Windows\updspapi.log
2012-06-05 07:01 - 2012-06-05 07:04 - 00044237 ____A C:\Windows\ie8Uninst.log
2012-06-05 07:01 - 2012-06-05 07:04 - 00006431 ____A C:\Windows\iis6.log
2012-06-05 07:01 - 2012-06-05 07:04 - 00002821 ____A C:\Windows\tsoc.log
2012-06-05 07:01 - 2012-06-05 07:04 - 00002021 ____A C:\Windows\comsetup.log
2012-06-05 07:01 - 2012-06-05 07:04 - 00001355 ____A C:\Windows\imsins.log
2012-06-05 07:01 - 2012-06-05 07:04 - 00001230 ____A C:\Windows\ntdtcsetup.log
2012-06-05 07:01 - 2012-06-05 07:04 - 00000342 ____A C:\Windows\ocmsn.log
2012-06-05 07:01 - 2012-06-05 07:04 - 00000311 ____A C:\Windows\tabletoc.log
2012-06-05 07:01 - 2012-06-05 07:01 - 00006182 ____A C:\Windows\FaxSetup.log
2012-06-05 07:01 - 2012-06-05 07:01 - 00002956 ____A C:\Windows\ocgen.log
2012-06-05 07:01 - 2012-06-05 07:01 - 00001820 ____A C:\Windows\msmqinst.log
2012-06-05 07:01 - 2012-06-05 07:01 - 00001083 ____A C:\Windows\netfxocm.log
2012-06-05 07:01 - 2012-06-05 07:01 - 00000425 ____A C:\Windows\MedCtrOC.log
2012-06-05 07:01 - 2012-06-05 07:01 - 00000303 ____A C:\Windows\msgsocm.log
2012-06-05 07:01 - 2012-06-05 07:01 - 00000000 ____A C:\Windows\setuperr.log
2012-06-05 07:01 - 2012-06-05 07:01 - 00000000 ____A C:\Windows\setupact.log
2012-06-03 21:30 - 2012-06-03 21:30 - 00102064 ____A C:\Documents and Settings\Gregory\My Documents\DISH Network- order summary.pdf
2012-06-03 21:28 - 2012-06-03 21:28 - 00010902 ____A C:\Documents and Settings\Gregory\My Documents\HD Free for Life.docx
2012-06-03 21:27 - 2012-06-03 21:27 - 00029152 ____A C:\Documents and Settings\Gregory\My Documents\dish - Digital Home Advantage Plan Agreement.docx
2012-06-03 21:25 - 2012-06-03 21:25 - 00014307 ____A C:\Documents and Settings\Gregory\dish Digital Home Advantage Plan Agreement.txt
2012-05-31 18:34 - 2012-05-31 18:34 - 00011828 ____A C:\Documents and Settings\Gregory\My Documents\Mile High Coconut Cream Pie.docx
2012-05-25 22:57 - 2012-05-26 00:10 - 406192351 ____A C:\Documents and Settings\Gregory\My Documents\Good Eats - Pretzels Logic [Full - HD Quality].mp4
2012-05-24 22:56 - 2012-05-25 22:11 - 00561782 ____A C:\Documents and Settings\Gregory\My Documents\Blackstone_Engine_slip.pdf
2012-05-24 22:30 - 2012-05-24 22:30 - 00113649 ____A C:\Documents and Settings\Gregory\My Documents\launch-checklist.pdf
2012-05-24 07:47 - 2012-05-24 07:47 - 01141173 ____A C:\Documents and Settings\Gregory\My Documents\wa dl renewal.psd
2012-05-24 02:42 - 2012-05-24 02:42 - 01121742 ____A C:\Documents and Settings\Gregory\My Documents\Ultra_Gauge_EM_Manual.pdf
2012-05-22 03:12 - 2012-05-22 03:18 - 27198759 ____A C:\Documents and Settings\Gregory\Desktop\TouchScanSetup.exe

============ 3 Months Modified Files and Folders ===============

2012-06-15 23:21 - 2011-09-10 19:55 - 00000000 ____D C:\Documents and Settings\Gregory\Application Data\stickies
2012-06-15 23:21 - 2008-09-15 20:53 - 00000178 __ASH C:\Documents and Settings\Gregory\ntuser.ini
2012-06-15 23:21 - 2007-03-18 10:17 - 00032440 ____A C:\Windows\SchedLgU.Txt
2012-06-15 23:21 - 2007-03-18 10:17 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-06-15 23:21 - 2007-03-18 10:13 - 02090010 ____A C:\Windows\WindowsUpdate.log
2012-06-15 23:21 - 2007-03-18 01:59 - 00000216 ____A C:\Windows\wiadebug.log
2012-06-15 23:21 - 2007-03-18 01:59 - 00000049 ____A C:\Windows\wiaservc.log
2012-06-15 23:11 - 2008-09-16 17:09 - 00000000 ____D C:\Documents and Settings\Gregory\Application Data\Skype
2012-06-15 23:06 - 2009-11-11 00:01 - 00000258 ____A C:\Windows\Tasks\Clean System Memory.job
2012-06-15 22:53 - 2010-03-11 03:44 - 00000986 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-1645522239-839522115-1015UA.job
2012-06-15 22:15 - 2012-06-15 19:11 - 02127960 ____A (Kaspersky Lab ZAO) C:\Documents and Settings\Gregory\Desktop\TDSSKiller.exe
2012-06-15 22:12 - 2010-01-30 08:43 - 00000000 ____D C:\Documents and Settings\Gregory\Local Settings\Application Data\LastPass
2012-06-15 19:32 - 2012-06-15 19:25 - 00100566 ____A C:\TDSSKiller.2.7.40.0_15.06.2012_12.25.10_log.txt
2012-06-15 19:26 - 2012-04-17 11:53 - 00000424 ___AH C:\Windows\Tasks\MP Scheduled Scan.job
2012-06-15 19:24 - 2010-06-04 19:03 - 00000000 ___RD C:\Documents and Settings\Gregory\My Documents\My Dropbox
2012-06-15 19:24 - 2010-06-04 19:00 - 00000000 ____D C:\Documents and Settings\Gregory\Application Data\Dropbox
2012-06-15 19:22 - 2007-03-18 01:49 - 00000000 ____D C:\Windows\System32\ias
2012-06-15 19:21 - 2012-02-08 03:22 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\VMware
2012-06-15 19:21 - 2012-02-08 03:20 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\VMware
2012-06-15 19:21 - 2012-01-03 22:14 - 00000062 __ASH C:\Documents and Settings\UpdatusUser\Local Settings\desktop.ini
2012-06-15 19:21 - 2008-09-15 20:53 - 00000062 __ASH C:\Documents and Settings\Gregory\Local Settings\desktop.ini
2012-06-15 19:21 - 2007-03-18 10:17 - 00000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini
2012-06-15 19:21 - 2007-03-18 10:17 - 00000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini
2012-06-15 19:21 - 2004-08-04 12:00 - 00001374 ____A C:\Windows\System32\wpa.dbl
2012-06-15 19:09 - 2012-06-09 10:30 - 02109032 ____A C:\Documents and Settings\Gregory\Desktop\tdsskiller.zip
2012-06-15 17:44 - 2012-06-15 17:44 - 00596480 ____A (OldTimer Tools) C:\Documents and Settings\Gregory\Desktop\OTL.exe
2012-06-15 17:00 - 2012-06-15 17:00 - 00016660 ____A C:\ComboFix.txt
2012-06-15 17:00 - 2012-06-09 10:47 - 00000000 ____D C:\Qoobox
2012-06-15 16:58 - 2004-08-04 12:00 - 00000227 ____A C:\Windows\system.ini
2012-06-15 16:42 - 2012-06-15 03:54 - 04559180 ____R (Swearware) C:\Documents and Settings\Gregory\Desktop\ComboFix.exe
2012-06-15 16:29 - 2012-06-15 16:29 - 00000000 ____D C:\FRST
2012-06-15 16:25 - 2007-03-18 10:17 - 00000000 ___HD C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files
2012-06-15 12:00 - 2010-01-05 05:10 - 00000518 ____A C:\Windows\Tasks\NatSpeak Periodic Language Model Optimization.job
2012-06-15 09:54 - 2010-02-07 11:42 - 00000000 ____D C:\Documents and Settings\Gregory\Application Data\vlc
2012-06-15 08:53 - 2010-03-11 03:44 - 00000934 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-1645522239-839522115-1015Core.job
2012-06-15 07:34 - 2007-09-15 17:02 - 00000116 ____A C:\Windows\NeroDigital.ini
2012-06-15 07:34 - 2007-03-18 22:17 - 00149504 ____A C:\Documents and Settings\Gregory\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-06-15 05:06 - 2012-06-15 05:06 - 00000000 ____D C:\Program Files\Dropbox
2012-06-15 05:06 - 2010-06-04 19:00 - 00001030 ____A C:\Documents and Settings\Gregory\Desktop\Dropbox.lnk
2012-06-15 04:59 - 2004-08-04 12:00 - 00000027 ____A C:\Windows\System32\Drivers\etc\hosts
2012-06-15 04:16 - 2007-03-18 01:56 - 00069632 ____A C:\Windows\System32\config\SECURITY.bak
2012-06-15 04:16 - 2007-03-18 01:56 - 00032768 ____A C:\Windows\System32\config\SAM.bak
2012-06-15 04:16 - 2007-03-18 01:55 - 59879424 ____A C:\Windows\System32\config\software.bak
2012-06-15 04:16 - 2007-03-18 01:55 - 11010048 ____A C:\Windows\System32\config\system.bak
2012-06-15 04:16 - 2007-03-18 01:55 - 02924544 ____A C:\Windows\System32\config\default.bak
2012-06-15 04:15 - 2012-06-15 04:15 - 00008192 ___AH C:\Windows\System32\config\SECURITY.tmp.LOG
2012-06-15 04:15 - 2012-06-15 04:15 - 00000000 ___AH C:\Windows\System32\config\system.tmp.LOG
2012-06-15 04:15 - 2012-06-15 04:15 - 00000000 ___AH C:\Windows\System32\config\software.tmp.LOG
2012-06-15 04:15 - 2012-06-15 04:15 - 00000000 ___AH C:\Windows\System32\config\SAM.tmp.LOG
2012-06-15 04:15 - 2012-06-15 04:15 - 00000000 ___AH C:\Windows\System32\config\default.tmp.LOG
2012-06-15 04:15 - 2009-01-06 16:18 - 00000000 ____D C:\Windows\ERDNT
2012-06-14 12:30 - 2010-01-05 05:10 - 00000494 ____A C:\Windows\Tasks\NatSpeak Periodic Acoustic Optimization.job
2012-06-14 06:50 - 2011-12-06 05:15 - 00000000 ____D C:\Program Files\EVGA Precision
2012-06-14 06:48 - 2008-03-17 07:44 - 00000000 __SHD C:\Windows\CSC
2012-06-14 06:18 - 2012-06-14 06:17 - 06104577 ____A C:\Documents and Settings\Gregory\My Documents\Intro.mp4
2012-06-14 06:17 - 2008-09-15 20:53 - 00000000 ___RD C:\Documents and Settings\Gregory\My Documents
2012-06-14 05:57 - 2012-06-14 05:57 - 00002321 ____A C:\Documents and Settings\Gregory\Desktop\aswMBR.txt
2012-06-14 05:57 - 2012-06-14 05:57 - 00000512 ____A C:\Documents and Settings\Gregory\Desktop\MBR.dat
2012-06-14 04:23 - 2010-02-03 10:51 - 00000000 ____D C:\Documents and Settings\All Users\Micro Niche Finder Service
2012-06-13 23:51 - 2012-06-13 23:51 - 00052144 ____A C:\Documents and Settings\Gregory\Desktop\bootkit_remover_debug_log.txt
2012-06-13 23:51 - 2012-06-13 23:50 - 04731392 ____A (AVAST Software) C:\Documents and Settings\Gregory\Desktop\aswMBR.exe
2012-06-13 23:50 - 2012-06-13 23:49 - 00044607 ____A C:\Documents and Settings\Gregory\Desktop\bootkit_remover.zip
2012-06-13 23:46 - 2012-06-13 23:46 - 00022278 ____A C:\Documents and Settings\Gregory\Desktop\attach_edited.txt
2012-06-13 23:45 - 2012-06-13 23:45 - 00381952 ____A C:\Documents and Settings\Gregory\Desktop\AVCleaner_2012_INT.exe
2012-06-13 17:49 - 2012-06-13 17:49 - 00001065 ____A C:\Documents and Settings\Gregory\Desktop\gmer.log
2012-06-13 17:44 - 2012-06-13 17:44 - 00001924 ____A C:\Documents and Settings\Gregory\Desktop\mbam-log-2012-06-13 (10-38-05).txt
2012-06-13 17:23 - 2011-08-07 17:46 - 00000000 ____D C:\Config.Msi
2012-06-13 17:23 - 2008-03-26 22:07 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Skype
2012-06-13 17:22 - 2012-06-13 17:22 - 00001878 ____A C:\Documents and Settings\All Users\Desktop\Skype.lnk
2012-06-13 17:22 - 2012-06-13 17:22 - 00000000 ___RD C:\Program Files\Skype
2012-06-13 17:22 - 2012-06-13 17:22 - 00000000 ____D C:\Program Files\Common Files\Skype
2012-06-13 15:55 - 2012-06-13 15:55 - 00009726 ____A C:\Documents and Settings\Gregory\My Documents\xouroborus.vcf
2012-06-13 10:12 - 2009-11-11 04:03 - 00000000 ____D C:\Program Files\Everything
2012-06-13 09:57 - 2008-09-08 22:21 - 00000000 ____D C:\Program Files\Yahoo!
2012-06-13 09:48 - 2009-04-22 19:05 - 00000000 ____D C:\Documents and Settings\Gregory\Application Data\WebEx
2012-06-13 09:48 - 2007-03-20 21:53 - 00000000 ____D C:\Program Files\Mozilla Firefox
2012-06-13 09:46 - 2007-03-18 10:13 - 00000000 ___SD C:\Windows\Downloaded Program Files
2012-06-13 09:12 - 2008-09-15 20:53 - 00000000 __SHD C:\Documents and Settings\Gregory\Local Settings\Temporary Internet Files
2012-06-13 09:04 - 2009-02-12 07:59 - 00000000 ____D C:\Documents and Settings\Gregory\Application Data\COWON
2012-06-13 09:04 - 2007-03-18 10:40 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2012-06-13 08:43 - 2008-02-20 06:05 - 00000000 ____D C:\Documents and Settings\Gregory\Application Data\uTorrent
2012-06-13 08:38 - 2007-03-18 01:56 - 00000000 ___RD C:\Documents and Settings\All Users\Start Menu
2012-06-13 08:37 - 2012-06-13 08:37 - 00000927 ____A C:\Documents and Settings\Gregory\Desktop\Revo Uninstaller.lnk
2012-06-13 08:19 - 2012-06-13 08:19 - 00001065 ____A C:\Documents and Settings\Gregory\Desktop\gmer_b.log
2012-06-13 07:49 - 2012-05-15 17:26 - 00607260 ____R (Swearware) C:\Documents and Settings\Gregory\Desktop\dds.scr
2012-06-13 07:45 - 2012-06-13 07:45 - 00302592 ____A C:\Documents and Settings\Gregory\Desktop\jpcegxmw.exe
2012-06-13 07:41 - 2012-06-13 07:41 - 00001926 ____A C:\Documents and Settings\Gregory\Desktop\mbam-log-2012-06-13 (00-27-39)_a.txt
2012-06-12 15:52 - 2012-02-08 03:50 - 00000000 ____D C:\Documents and Settings\Gregory\Application Data\VMware
2012-06-12 06:55 - 2012-02-08 03:50 - 00000000 ____D C:\Documents and Settings\Gregory\Local Settings\Application Data\VMware
2012-06-12 03:28 - 2011-06-28 09:03 - 00000000 ____D C:\Documents and Settings\Gregory\My Documents\gifs
2012-06-11 21:07 - 2012-06-11 21:07 - 00017776 ____A C:\Documents and Settings\Gregory\My Documents\07 RAM-052512_blackstone.pdf
2012-06-10 20:57 - 2007-03-18 10:17 - 00000000 ___HD C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files
2012-06-10 05:40 - 2011-12-25 03:22 - 00000000 ____D C:\Program Files\Common Files\Steam
2012-06-09 11:27 - 2012-05-15 17:37 - 00008416 ____A C:\Windows\setupapi.log
2012-06-09 11:09 - 2012-06-09 11:09 - 00024913 ____A C:\ComboFix_a.txt
2012-06-09 11:06 - 2012-01-03 22:14 - 00000000 ___HD C:\Documents and Settings\UpdatusUser\Local Settings\Temporary Internet Files
2012-06-09 11:05 - 2008-09-15 20:50 - 00000000 __SHD C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
2012-06-09 11:05 - 2007-03-18 01:56 - 00000000 __SHD C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files
2012-06-09 10:44 - 2010-04-08 09:29 - 08294454 ___AH C:\Windows\System32\toyhide.bmp
2012-06-09 10:36 - 2012-06-09 10:34 - 00101520 ____A C:\TDSSKiller.2.7.36.0_09.06.2012_03.34.41_log.txt
2012-06-05 15:36 - 2012-06-05 15:36 - 01189834 ____A C:\Documents and Settings\Gregory\My Documents\RV_Pointing_Table.pdf
2012-06-05 15:29 - 2012-06-05 15:28 - 06451359 ____A C:\Documents and Settings\Gregory\My Documents\HopperUserGuide_user1.pdf
2012-06-05 15:29 - 2012-06-05 15:28 - 05198634 ____A C:\Documents and Settings\Gregory\My Documents\PROD114+Hopper+Features+Booklet.pdf
2012-06-05 15:28 - 2012-06-05 15:28 - 02216278 ____A C:\Documents and Settings\Gregory\My Documents\HomeNetwork_InstallGuide.pdf
2012-06-05 15:28 - 2012-06-05 15:28 - 01201489 ____A C:\Documents and Settings\Gregory\My Documents\DISHPro_InstallGuide.pdf
2012-06-05 15:27 - 2012-06-05 15:26 - 03594244 ____A C:\Documents and Settings\Gregory\My Documents\Reten662_Hopper+DVRQRG.pdf
2012-06-05 07:06 - 2007-03-18 01:49 - 00000000 ____D C:\Windows\Media
2012-06-05 07:06 - 2007-03-18 01:49 - 00000000 ____D C:\Windows\Help
2012-06-05 07:04 - 2012-06-05 07:01 - 00044237 ____A C:\Windows\ie8Uninst.log
2012-06-05 07:04 - 2012-06-05 07:01 - 00006431 ____A C:\Windows\iis6.log
2012-06-05 07:04 - 2012-06-05 07:01 - 00002821 ____A C:\Windows\tsoc.log
2012-06-05 07:04 - 2012-06-05 07:01 - 00002021 ____A C:\Windows\comsetup.log
2012-06-05 07:04 - 2012-06-05 07:01 - 00001355 ____A C:\Windows\imsins.log
2012-06-05 07:04 - 2012-06-05 07:01 - 00001230 ____A C:\Windows\ntdtcsetup.log
2012-06-05 07:04 - 2012-06-05 07:01 - 00000342 ____A C:\Windows\ocmsn.log
2012-06-05 07:04 - 2012-06-05 07:01 - 00000311 ____A C:\Windows\tabletoc.log
2012-06-05 07:02 - 2012-06-05 07:02 - 00038466 ____A C:\Windows\updspapi.log
2012-06-05 07:01 - 2012-06-05 07:01 - 00006182 ____A C:\Windows\FaxSetup.log
2012-06-05 07:01 - 2012-06-05 07:01 - 00002956 ____A C:\Windows\ocgen.log
2012-06-05 07:01 - 2012-06-05 07:01 - 00001820 ____A C:\Windows\msmqinst.log
2012-06-05 07:01 - 2012-06-05 07:01 - 00001083 ____A C:\Windows\netfxocm.log
2012-06-05 07:01 - 2012-06-05 07:01 - 00000425 ____A C:\Windows\MedCtrOC.log
2012-06-05 07:01 - 2012-06-05 07:01 - 00000303 ____A C:\Windows\msgsocm.log
2012-06-05 07:01 - 2012-06-05 07:01 - 00000000 ____A C:\Windows\setuperr.log
2012-06-05 07:01 - 2012-06-05 07:01 - 00000000 ____A C:\Windows\setupact.log
2012-06-05 06:50 - 2012-04-17 17:38 - 00075984 ____A C:\Documents and Settings\Gregory\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2012-06-05 06:49 - 2012-04-18 21:31 - 01822064 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-03 21:30 - 2012-06-03 21:30 - 00102064 ____A C:\Documents and Settings\Gregory\My Documents\DISH Network- order summary.pdf
2012-06-03 21:28 - 2012-06-03 21:28 - 00010902 ____A C:\Documents and Settings\Gregory\My Documents\HD Free for Life.docx
2012-06-03 21:27 - 2012-06-03 21:27 - 00029152 ____A C:\Documents and Settings\Gregory\My Documents\dish - Digital Home Advantage Plan Agreement.docx
2012-06-03 21:25 - 2012-06-03 21:25 - 00014307 ____A C:\Documents and Settings\Gregory\dish Digital Home Advantage Plan Agreement.txt
2012-06-02 17:23 - 2009-01-09 16:41 - 00000000 ___AD C:\Documents and Settings\Gregory\Application Data\FileZilla
2012-05-31 18:34 - 2012-05-31 18:34 - 00011828 ____A C:\Documents and Settings\Gregory\My Documents\Mile High Coconut Cream Pie.docx
2012-05-29 01:21 - 2008-09-15 21:02 - 00000000 ___RD C:\Documents and Settings\Gregory\My Documents\My Pictures
2012-05-27 09:15 - 2009-10-28 05:02 - 00000000 ____D C:\Documents and Settings\Gregory\My Documents\Dodge
2012-05-26 00:10 - 2012-05-25 22:57 - 406192351 ____A C:\Documents and Settings\Gregory\My Documents\Good Eats - Pretzels Logic [Full - HD Quality].mp4
2012-05-25 22:11 - 2012-05-24 22:56 - 00561782 ____A C:\Documents and Settings\Gregory\My Documents\Blackstone_Engine_slip.pdf
2012-05-24 22:30 - 2012-05-24 22:30 - 00113649 ____A C:\Documents and Settings\Gregory\My Documents\launch-checklist.pdf
2012-05-24 07:47 - 2012-05-24 07:47 - 01141173 ____A C:\Documents and Settings\Gregory\My Documents\wa dl renewal.psd
2012-05-24 02:42 - 2012-05-24 02:42 - 01121742 ____A C:\Documents and Settings\Gregory\My Documents\Ultra_Gauge_EM_Manual.pdf
2012-05-22 03:18 - 2012-05-22 03:12 - 27198759 ____A C:\Documents and Settings\Gregory\Desktop\TouchScanSetup.exe
2012-05-20 09:40 - 2007-08-31 21:06 - 00000623 ____A C:\Windows\M3JPEG.INI
2012-05-15 18:26 - 2011-08-07 17:46 - 00000000 ____D C:\Program Files\HP
2012-05-15 18:25 - 2012-03-06 08:45 - 00000000 ____D C:\Program Files\Bing Bar Installer
2012-05-15 18:13 - 2011-08-07 17:45 - 00002403 ____A C:\Documents and Settings\All Users\Application Data\hpzinstall.log
2012-05-15 17:44 - 2012-05-15 17:44 - 00001065 ____A C:\Documents and Settings\Gregory\Desktop\gmer_a.log
2012-05-15 17:20 - 2012-05-15 17:20 - 00302592 ____A C:\Documents and Settings\Gregory\Desktop\69iygjrk.exe
2012-05-15 03:58 - 2011-12-14 11:02 - 00000000 __HDC C:\Windows\$NtUninstallKB2633171$
2012-05-14 18:29 - 2012-05-14 18:29 - 00000583 ____A C:\rkill.log
2012-05-14 18:22 - 2011-11-07 09:55 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-05-14 18:20 - 2012-05-14 18:02 - 00000794 ____A C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2012-05-14 04:18 - 2008-08-09 21:28 - 00065536 ____A C:\Windows\System32\config\ODiag.evt
2012-05-14 03:21 - 2012-05-01 21:56 - 00000000 ____D C:\Program Files\eclipse-php
2012-05-13 03:01 - 2011-11-13 13:15 - 00001694 ____A C:\Windows\Sandboxie.ini
2012-05-12 10:11 - 2007-03-21 23:15 - 00000000 ____D C:\Documents and Settings\Gregory\Application Data\dvdcss
2012-05-11 21:09 - 2012-05-11 21:09 - 00230957 ____A C:\Documents and Settings\Gregory\My Documents\sp-10a_multimeter.pdf
2012-05-08 07:41 - 2012-05-08 07:41 - 00000000 ____D C:\Documents and Settings\Gregory\Application Data\DDMSettings
2012-05-08 07:40 - 2012-05-08 07:34 - 00000000 ____D C:\Program Files\DivX
2012-05-08 07:40 - 2010-11-19 21:47 - 00001573 ____A C:\Documents and Settings\All Users\Desktop\DivX Plus Converter.lnk
2012-05-08 07:40 - 2010-11-19 21:39 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\DivX
2012-05-08 07:39 - 2009-12-28 02:29 - 00000000 ____D C:\Program Files\Common Files\DivX Shared
2012-05-06 19:10 - 2012-05-06 19:10 - 00171662 ____A C:\Documents and Settings\Gregory\My Documents\Grey, 3 Handsets_ Electronics.pdf
2012-05-06 04:10 - 2012-05-06 04:10 - 00052475 ____A C:\Documents and Settings\Gregory\My Documents\Online Registration and Compliance Assistant_ 7.pdf
2012-05-04 08:12 - 2012-05-04 08:12 - 00000113 ____A C:\Documents and Settings\Gregory\.gitconfig
2012-05-03 18:46 - 2012-05-03 18:27 - 00000000 ____D C:\Documents and Settings\Gregory\My Documents\ebooks
2012-05-02 06:39 - 2012-05-01 21:14 - 00000000 ____D C:\Program Files\eclipse JavaScript
2012-05-02 03:24 - 2012-05-02 03:19 - 00000000 ____D C:\Documents and Settings\Gregory\My Documents\Eclipse Color Themes
2012-05-02 03:19 - 2012-05-02 03:19 - 00000000 ____D C:\Documents and Settings\Gregory\My Documents\New Folder
2012-05-02 00:00 - 2012-05-02 00:00 - 00000000 ____D C:\Documents and Settings\Gregory\Aptana Rubles
2012-05-01 21:15 - 2012-05-01 21:15 - 00000000 ____D C:\Documents and Settings\Gregory\workspace
2012-05-01 21:14 - 2008-09-13 06:04 - 00000000 ____D C:\OsaSync_local
2012-05-01 21:02 - 2008-06-10 10:48 - 00000000 ____D C:\Program Files\Common Files\Java
2012-05-01 21:00 - 2012-05-01 21:00 - 00157472 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaws.exe
2012-05-01 21:00 - 2012-05-01 21:00 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaw.exe
2012-05-01 21:00 - 2012-05-01 21:00 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\System32\java.exe
2012-05-01 21:00 - 2011-03-23 03:09 - 00472808 ____A (Sun Microsystems, Inc.) C:\Windows\System32\deployJava1.dll
2012-05-01 21:00 - 2008-06-10 10:50 - 00073728 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javacpl.cpl
2012-05-01 21:00 - 2007-03-20 21:59 - 00000000 ____D C:\Program Files\Java
2012-05-01 18:22 - 2008-09-10 19:59 - 00000000 ____D C:\Program Files\Notepad++
2012-05-01 00:08 - 2012-05-01 00:08 - 09601451 ____A C:\Documents and Settings\Gregory\My Documents\catalog%20-%20full%20line%20-%20gs1319%20-%20november%202011.pdf
2012-04-30 18:42 - 2012-04-30 18:42 - 00000700 ____A C:\Documents and Settings\All Users\Desktop\Market Samurai.lnk
2012-04-30 18:42 - 2010-11-29 06:39 - 00000000 ____D C:\Program Files\Market Samurai
2012-04-29 06:37 - 2012-04-29 06:37 - 00038054 ____A C:\Documents and Settings\Gregory\My Documents\amz_pennyphoneAD.gif
2012-04-29 06:37 - 2012-04-29 06:37 - 00032191 ____A C:\Documents and Settings\Gregory\My Documents\amz_pennyphoneAD.png
2012-04-29 06:37 - 2012-04-28 19:40 - 00819885 ____A C:\Documents and Settings\Gregory\My Documents\amz_pennyphoneAD.psd
2012-04-28 03:23 - 2008-08-19 18:15 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\FLEXnet
2012-04-28 03:01 - 2012-04-28 03:01 - 00005804 ____A C:\Documents and Settings\Gregory\My Documents\blue-ribbons.gif
2012-04-27 18:50 - 2009-01-15 23:14 - 00435200 __ASH C:\Documents and Settings\Gregory\My Documents\Thumbs.db
2012-04-27 17:27 - 2012-04-27 17:27 - 00032526 ____A C:\Documents and Settings\Gregory\My Documents\tab-1952-vincent-bl.pdf
2012-04-27 05:43 - 2012-02-20 08:38 - 00000000 ____D C:\Documents and Settings\Gregory\.VirtualBox
2012-04-27 05:37 - 2012-04-26 21:12 - 00205830 ____A C:\Documents and Settings\Gregory\My Documents\upgradescout100.psd
2012-04-27 05:36 - 2012-04-27 05:36 - 00007799 ____A C:\Documents and Settings\Gregory\My Documents\upgradescout100o.png
2012-04-26 23:53 - 2012-04-26 23:53 - 00006797 ____A C:\Documents and Settings\Gregory\My Documents\upgradescout100.png
2012-04-26 23:30 - 2012-04-26 23:30 - 00085492 ____A C:\Documents and Settings\Gregory\My Documents\upgradescout100b.psd
2012-04-26 21:06 - 2012-04-26 20:20 - 01238581 ____A C:\Documents and Settings\Gregory\My Documents\templayout.psd
2012-04-26 21:02 - 2012-04-26 03:03 - 00391561 ____A C:\Documents and Settings\Gregory\My Documents\scout_binos.psd
2012-04-26 20:16 - 2012-04-25 20:25 - 00223194 ____A C:\Documents and Settings\Gregory\My Documents\upgradescout.psd
2012-04-25 21:28 - 2012-04-25 21:28 - 00015865 ____A C:\Documents and Settings\Gregory\My Documents\1335389321_binoculars.png
2012-04-25 21:28 - 2012-04-25 21:28 - 00015690 ____A C:\Documents and Settings\Gregory\My Documents\1335389328_find.png
2012-04-25 21:28 - 2012-04-25 21:27 - 00051515 ____A C:\Documents and Settings\Gregory\My Documents\1335389254_binoculars.png
2012-04-24 23:48 - 2012-04-24 23:48 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Mozilla
2012-04-24 22:14 - 2012-04-24 22:14 - 00009690 ____A C:\Documents and Settings\Gregory\My Documents\logo.png
2012-04-24 18:54 - 2012-04-24 18:53 - 01483262 ____A C:\Documents and Settings\Gregory\My Documents\prettyPhoto_uncompressed_3.1.4.zip
2012-04-18 12:17 - 2012-04-18 12:17 - 00296048 ____A C:\Documents and Settings\Gregory\My Documents\tumblr_m0qoox2Ref1qm37qco1_250.gif
2012-04-17 11:58 - 2008-10-20 12:16 - 00000000 ____D C:\Documents and Settings\Gregory\Application Data\Media Player Classic
2012-04-17 11:56 - 2007-03-19 02:01 - 00000000 ____D C:\Windows\Minidump
2012-04-17 11:50 - 2011-11-07 09:30 - 00000692 ____A C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
2012-04-17 11:50 - 2011-11-07 09:30 - 00000000 ____D C:\Program Files\CCleaner
2012-04-15 19:09 - 2012-04-15 19:09 - 00011348 ____A C:\Documents and Settings\Gregory\My Documents\Carrot and Pineapple Cake.docx
2012-04-15 13:47 - 2012-01-29 14:25 - 00000000 ____D C:\wamp
2012-04-12 07:51 - 2008-09-15 20:53 - 00000000 ___HD C:\Documents and Settings\Gregory\NetHood
2012-04-11 18:27 - 2012-04-11 18:27 - 00058607 ____A C:\Documents and Settings\Gregory\My Documents\rsspostexample.gif
2012-04-10 21:08 - 2012-04-10 21:08 - 00000024 ____A C:\Documents and Settings\Gregory\Desktop\.htaccess
2012-04-08 12:13 - 2012-04-08 12:13 - 00103170 ____A C:\Documents and Settings\Gregory\Desktop\kfc_spices.png
2012-04-04 22:56 - 2011-11-07 09:55 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-04-02 13:53 - 2012-04-02 13:53 - 00044630 ____A C:\Documents and Settings\Gregory\My Documents\Prosperent Product Search.zip
2012-04-02 13:53 - 2012-04-02 13:53 - 00000000 ____D C:\Documents and Settings\Gregory\My Documents\Prosperent Product Search
2012-04-02 08:27 - 2012-04-02 08:27 - 00000000 ____D C:\Documents and Settings\Gregory\My Documents\searchexample
2012-04-02 08:26 - 2012-04-02 08:26 - 00372691 ____A C:\Documents and Settings\Gregory\My Documents\searchexample.zip
2012-04-02 05:27 - 2012-04-02 05:27 - 00119005 ____A C:\Documents and Settings\Gregory\My Documents\Prosperent_Api.php
2012-03-31 11:17 - 2012-03-31 11:17 - 00510560 ____A C:\Documents and Settings\Gregory\My Documents\looking_for_alaska_john_green.pdf
2012-03-31 10:54 - 2012-03-31 10:54 - 00470828 ____A C:\Documents and Settings\Gregory\My Documents\THE PERKS OF BEING A WALLFLOWER.pdf
2012-03-31 10:35 - 2012-03-31 10:35 - 01468820 ____A C:\Documents and Settings\Gregory\My Documents\siddhartha.pdf
2012-03-31 10:20 - 2012-03-31 10:20 - 00550049 ____A C:\Documents and Settings\Gregory\My Documents\CAMUS, Albert - The Stranger.pdf
2012-03-30 05:02 - 2012-03-30 05:02 - 00909002 ____A C:\Documents and Settings\Gregory\My Documents\YAs05.gif
2012-03-29 18:17 - 2012-03-29 18:17 - 01001341 ____A C:\Documents and Settings\Gregory\My Documents\dJF92.gif
2012-03-29 17:42 - 2008-11-14 20:38 - 00934400 __ASH C:\Documents and Settings\Gregory\Desktop\Thumbs.db
2012-03-29 04:25 - 2011-11-28 20:52 - 00000000 ____D C:\Documents and Settings\Gregory\My Documents\Web Sites
2012-03-28 02:56 - 2009-04-19 04:59 - 00000000 ____D C:\Documents and Settings\Gregory\Local Settings\Application Data\Kjs.AppLife.Update
2012-03-26 19:38 - 2007-03-18 01:57 - 00749704 ____A C:\Windows\System32\PerfStringBackup.INI
2012-03-26 04:11 - 2012-03-26 04:10 - 00001406 ____A C:\Documents and Settings\Gregory\My Documents\favicon.ico
2012-03-23 03:19 - 2010-04-15 19:12 - 00001838 ____A C:\Documents and Settings\All Users\Desktop\Micro Niche Finder 5.0.lnk
2012-03-23 03:19 - 2010-04-15 19:12 - 00000000 ____D C:\Program Files\Micro Niche Finder 5.0
2012-03-19 21:36 - 2004-08-04 12:00 - 00000718 ____A C:\Windows\win.ini

========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points (XP) =====================

RP: -> 2012-05-27 11:10 - 032768 _restore{94050415-D88F-4E72-A0DD-040E7DC2CB90}\RP999

RP: -> 2012-05-26 17:44 - 032768 _restore{94050415-D88F-4E72-A0DD-040E7DC2CB90}\RP998

RP: -> 2012-05-25 17:45 - 032768 _restore{94050415-D88F-4E72-A0DD-040E7DC2CB90}\RP997

RP: -> 2012-05-25 04:48 - 032768 _restore{94050415-D88F-4E72-A0DD-040E7DC2CB90}\RP996

RP: -> 2012-05-24 02:30 - 032768 _restore{94050415-D88F-4E72-A0DD-040E7DC2CB90}\RP995

RP: -> 2012-05-23 02:31 - 032768 _restore{94050415-D88F-4E72-A0DD-040E7DC2CB90}\RP994

RP: -> 2012-05-22 02:31 - 032768 _restore{94050415-D88F-4E72-A0DD-040E7DC2CB90}\RP993

RP: -> 2012-05-21 11:29 - 032768 _restore{94050415-D88F-4E72-A0DD-040E7DC2CB90}\RP992

RP: -> 2012-05-20 11:24 - 032768 _restore{94050415-D88F-4E72-A0DD-040E7DC2CB90}\RP991

RP: -> 2012-05-20 05:17 - 032768 _restore{94050415-D88F-4E72-A0DD-040E7DC2CB90}\RP990

RP: -> 2012-05-19 05:17 - 032768 _restore{94050415-D88F-4E72-A0DD-040E7DC2CB90}\RP989

RP: -> 2012-05-18 19:36 - 032768 _restore{94050415-D88F-4E72-A0DD-040E7DC2CB90}\RP988

RP: -> 2012-05-17 18:23 - 032768 _restore{94050415-D88F-4E72-A0DD-040E7DC2CB90}\RP987

RP: -> 2012-05-16 18:23 - 032768 _restore{94050415-D88F-4E72-A0DD-040E7DC2CB90}\RP986

RP: -> 2012-05-15 18:33 - 032768 _restore{94050415-D88F-4E72-A0DD-040E7DC2CB90}\RP985

RP: -> 2012-05-15 18:25 - 032768 _restore{94050415-D88F-4E72-A0DD-040E7DC2CB90}\RP984

RP: -> 2012-05-14 18:33 - 032768 _restore{94050415-D88F-4E72-A0DD-040E7DC2CB90}\RP983

RP: -> 2012-05-14 09:34 - 032768 _restore{94050415-D88F-4E72-A0DD-040E7DC2CB90}\RP982

RP: -> 2012-05-13 06:03 - 032768 _restore{94050415-D88F-4E72-A0DD-040E7DC2CB90}\RP981

RP: -> 2012-05-12 06:04 - 032768 _restore{94050415-D88F-4E72-A0DD-040E7DC2CB90}\RP980

RP: -> 2012-05-11 06:03 - 032768 _restore{94050415-D88F-4E72-A0DD-040E7DC2CB90}\RP979

RP: -> 2012-05-10 06:04 - 032768 _restore{94050415-D88F-4E72-A0DD-040E7DC2CB90}\RP978

RP: -> 2012-05-09 11:40 - 032768 _restore{94050415-D88F-4E72-A0DD-040E7DC2CB90}\RP977

RP: -> 2012-05-08 06:31 - 032768 _restore{94050415-D88F-4E72-A0DD-040E7DC2CB90}\RP976

RP: -> 2012-05-07 20:08 - 032768 _restore{94050415-D88F-4E72-A0DD-040E7DC2CB90}\RP975

RP: -> 2012-06-15 19:53 - 032768 _restore{94050415-D88F-4E72-A0DD-040E7DC2CB90}\RP1063

RP: -> 2012-06-15 17:49 - 032768 _restore{94050415-D88F-4E72-A0DD-040E7DC2CB90}\RP1062

RP: -> 2012-06-15 04:28 - 032768 _restore{94050415-D88F-4E72-A0DD-040E7DC2CB90}\RP1061

RP: -> 2012-06-14 11:20 - 032768 _restore{94050415-D88F-4E72-A0DD-040E7DC2CB90}\RP1060

RP: -> 2012-06-13 15:57 - 032768 _restore{94050415-D88F-4E72-A0DD-040E7DC2CB90}\RP1059

RP: -> 2012-06-13 15:56 - 032768 _restore{94050415-D88F-4E72-A0DD-040E7DC2CB90}\RP1058

RP: -> 2012-06-13 15:54 - 032768 _restore{94050415-D88F-4E72-A0DD-040E7DC2CB90}\RP1057

RP: -> 2012-06-13 10:32 - 032768 _restore{94050415-D88F-4E72-A0DD-040E7DC2CB90}\RP1056

RP: -> 2012-06-13 10:09 - 032768 _restore{94050415-D88F-4E72-A0DD-040E7DC2CB90}\RP1055

RP: -> 2012-06-13 10:02 - 032768 _restore{94050415-D88F-4E72-A0DD-040E7DC2CB90}\RP1054

RP: -> 2012-06-13 10:02 - 032768 _restore{94050415-D88F-4E72-A0DD-040E7DC2CB90}\RP1053

RP: -> 2012-06-13 09:56 - 032768 _restore{94050415-D88F-4E72-A0DD-040E7DC2CB90}\RP1052

RP: -> 2012-06-13 09:54 - 032768 _restore{94050415-D88F-4E72-A0DD-040E7DC2CB90}\RP1051

RP: -> 2012-06-13 09:52 - 032768 _restore{94050415-D88F-4E72-A0DD-040E7DC2CB90}\RP1050

RP: -> 2012-06-13 09:49 - 032768 _restore{94050415-D88F-4E72-A0DD-040E7DC2CB90}\RP1049

RP: -> 2012-06-13 09:45 - 032768 _restore{94050415-D88F-4E72-A0DD-040E7DC2CB90}\RP1048

RP: -> 2012-06-13 09:44 - 032768 _restore{94050415-D88F-4E72-A0DD-040E7DC2CB90}\RP1047

RP: -> 2012-06-13 09:44 - 032768 _restore{94050415-D88F-4E72-A0DD-040E7DC2CB90}\RP1046

RP: -> 2012-06-13 09:42 - 032768 _restore{94050415-D88F-4E72-A0DD-040E7DC2CB90}\RP1045

RP: -> 2012-06-13 09:40 - 032768 _restore{94050415-D88F-4E72-A0DD-040E7DC2CB90}\RP1044

RP: -> 2012-06-13 09:39 - 032768 _restore{94050415-D88F-4E72-A0DD-040E7DC2CB90}\RP1043

RP: -> 2012-06-13 09:38 - 032768 _restore{94050415-D88F-4E72-A0DD-040E7DC2CB90}\RP1042

RP: -> 2012-06-13 09:38 - 032768 _restore{94050415-D88F-4E72-A0DD-040E7DC2CB90}\RP1041

RP: -> 2012-06-13 09:34 - 032768 _restore{94050415-D88F-4E72-A0DD-040E7DC2CB90}\RP1040

RP: -> 2012-06-13 09:27 - 032768 _restore{94050415-D88F-4E72-A0DD-040E7DC2CB90}\RP1039

RP: -> 2012-06-13 09:26 - 032768 _restore{94050415-D88F-4E72-A0DD-040E7DC2CB90}\RP1038

RP: -> 2012-06-13 09:25 - 032768 _restore{94050415-D88F-4E72-A0DD-040E7DC2CB90}\RP1037

RP: -> 2012-06-13 09:24 - 032768 _restore{94050415-D88F-4E72-A0DD-040E7DC2CB90}\RP1036

RP: -> 2012-06-13 09:19 - 032768 _restore{94050415-D88F-4E72-A0DD-040E7DC2CB90}\RP1035

RP: -> 2012-06-13 09:14 - 032768 _restore{94050415-D88F-4E72-A0DD-040E7DC2CB90}\RP1034

RP: -> 2012-06-13 09:12 - 032768 _restore{94050415-D88F-4E72-A0DD-040E7DC2CB90}\RP1033

RP: -> 2012-06-13 09:08 - 032768 _restore{94050415-D88F-4E72-A0DD-040E7DC2CB90}\RP1032

RP: -> 2012-06-13 09:06 - 032768 _restore{94050415-D88F-4E72-A0DD-040E7DC2CB90}\RP1031

RP: -> 2012-06-13 09:03 - 032768 _restore{94050415-D88F-4E72-A0DD-040E7DC2CB90}\RP1030

RP: -> 2012-06-13 09:03 - 032768 _restore{94050415-D88F-4E72-A0DD-040E7DC2CB90}\RP1029

RP: -> 2012-06-13 09:00 - 032768 _restore{94050415-D88F-4E72-A0DD-040E7DC2CB90}\RP1028

RP: -> 2012-06-13 08:58 - 032768 _restore{94050415-D88F-4E72-A0DD-040E7DC2CB90}\RP1027

RP: -> 2012-06-13 08:56 - 032768 _restore{94050415-D88F-4E72-A0DD-040E7DC2CB90}\RP1026

RP: -> 2012-06-13 08:47 - 032768 _restore{94050415-D88F-4E72-A0DD-040E7DC2CB90}\RP1025

RP: -> 2012-06-13 08:45 - 032768 _restore{94050415-D88F-4E72-A0DD-040E7DC2CB90}\RP1024

RP: -> 2012-06-13 08:43 - 032768 _restore{94050415-D88F-4E72-A0DD-040E7DC2CB90}\RP1023

RP: -> 2012-06-13 08:38 - 032768 _restore{94050415-D88F-4E72-A0DD-040E7DC2CB90}\RP1022

RP: -> 2012-06-13 00:59 - 032768 _restore{94050415-D88F-4E72-A0DD-040E7DC2CB90}\RP1021

RP: -> 2012-06-11 23:19 - 032768 _restore{94050415-D88F-4E72-A0DD-040E7DC2CB90}\RP1020

RP: -> 2012-06-11 23:04 - 032768 _restore{94050415-D88F-4E72-A0DD-040E7DC2CB90}\RP1019

RP: -> 2012-06-11 23:03 - 032768 _restore{94050415-D88F-4E72-A0DD-040E7DC2CB90}\RP1018

RP: -> 2012-06-11 14:31 - 032768 _restore{94050415-D88F-4E72-A0DD-040E7DC2CB90}\RP1017

RP: -> 2012-06-10 11:08 - 032768 _restore{94050415-D88F-4E72-A0DD-040E7DC2CB90}\RP1016

RP: -> 2012-06-10 10:59 - 032768 _restore{94050415-D88F-4E72-A0DD-040E7DC2CB90}\RP1015

RP: -> 2012-06-09 07:12 - 032768 _restore{94050415-D88F-4E72-A0DD-040E7DC2CB90}\RP1014

RP: -> 2012-06-08 07:12 - 032768 _restore{94050415-D88F-4E72-A0DD-040E7DC2CB90}\RP1013

RP: -> 2012-06-07 07:12 - 032768 _restore{94050415-D88F-4E72-A0DD-040E7DC2CB90}\RP1012

RP: -> 2012-06-06 07:12 - 032768 _restore{94050415-D88F-4E72-A0DD-040E7DC2CB90}\RP1011

RP: -> 2012-06-05 17:11 - 032768 _restore{94050415-D88F-4E72-A0DD-040E7DC2CB90}\RP1010

RP: -> 2012-06-04 17:05 - 032768 _restore{94050415-D88F-4E72-A0DD-040E7DC2CB90}\RP1009

RP: -> 2012-06-03 17:05 - 032768 _restore{94050415-D88F-4E72-A0DD-040E7DC2CB90}\RP1008

RP: -> 2012-06-03 10:58 - 032768 _restore{94050415-D88F-4E72-A0DD-040E7DC2CB90}\RP1007

RP: -> 2012-06-02 17:06 - 032768 _restore{94050415-D88F-4E72-A0DD-040E7DC2CB90}\RP1006

RP: -> 2012-06-01 17:06 - 032768 _restore{94050415-D88F-4E72-A0DD-040E7DC2CB90}\RP1005

RP: -> 2012-05-31 17:05 - 032768 _restore{94050415-D88F-4E72-A0DD-040E7DC2CB90}\RP1004

RP: -> 2012-05-30 17:05 - 032768 _restore{94050415-D88F-4E72-A0DD-040E7DC2CB90}\RP1003

RP: -> 2012-05-29 17:06 - 032768 _restore{94050415-D88F-4E72-A0DD-040E7DC2CB90}\RP1002

RP: -> 2012-05-28 19:38 - 032768 _restore{94050415-D88F-4E72-A0DD-040E7DC2CB90}\RP1001

RP: -> 2012-05-27 17:44 - 032768 _restore{94050415-D88F-4E72-A0DD-040E7DC2CB90}\RP1000


========================= Memory info ======================

Percentage of memory in use: 37%
Total physical RAM: 2047.17 MB
Available physical RAM: 1283.01 MB
Total Pagefile: 1877.83 MB
Available Pagefile: 1340.86 MB
Total Virtual: 2047.88 MB
Available Virtual: 2001.55 MB

======================= Partitions =========================

2 Drive b: (RAMDisk) (Fixed) (Total:0.5 GB) (Free:0.5 GB) FAT
3 Drive c: (Local Disk) (Fixed) (Total:149.04 GB) (Free:37.71 GB) NTFS ==>[Drive with boot components (Windows XP)]
4 Drive d: () (Fixed) (Total:465.75 GB) (Free:85.94 GB) NTFS
5 Drive e: () (Removable) (Total:0.24 GB) (Free:0.16 GB) FAT
6 Drive x: (UBCD4Windows) (CDROM) (Total:0.62 GB) (Free:0 GB) CDFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 149 GB 0 B
Disk 1 Online 466 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 149 GB 32 KB
======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C Local Disk NTFS Partition 149 GB Healthy
======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 466 GB 32 KB
======================================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D NTFS Partition 466 GB Healthy
======================================================================================================
======================= End Of Log ==========================

 

[Broni]

Looks clean.

Delete your Combofix file, download fresh one and post new log.

 

[gBarrett]

ComboFix 12-06-15.06 - Gregory 06/15/2012 17:10:36.15.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1264 [GMT -7:00]
Running from: c:\documents and settings\Gregory\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((( Files Created from 2012-05-16 to 2012-06-16 )))))))))))))))))))))))))))))))
.
.
2012-06-15 23:37 . 2012-06-15 23:37 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{35D837E8-BACF-4358-A4C5-57262C814FD5}\MpKsl86d10ad5.sys
2012-06-15 21:29 . 2012-05-08 16:40 6737808 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{35D837E8-BACF-4358-A4C5-57262C814FD5}\mpengine.dll
2012-06-15 16:29 . 2012-06-15 16:34 -------- d-----w- C:\FRST
2012-06-15 05:06 . 2012-06-15 05:06 -------- d-----w- c:\program files\Dropbox
2012-06-13 17:22 . 2012-06-13 17:22 -------- d-----w- c:\program files\Common Files\Skype
2012-06-13 17:22 . 2012-06-13 17:22 -------- d-----r- c:\program files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-08 16:40 . 2011-06-30 09:23 6737808 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-05-01 21:00 . 2011-03-23 03:09 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-01 21:00 . 2008-06-10 10:50 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-04-04 22:56 . 2011-11-07 09:55 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-24 23:47 . 2011-03-22 17:42 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-09_11.06.34 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-06-13 17:23 . 2012-06-13 17:23 371272 c:\windows\Installer\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}\SkypeIcon.exe
- 2012-06-07 20:16 . 2012-06-07 20:16 371272 c:\windows\Installer\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}\SkypeIcon.exe
+ 2012-06-13 17:23 . 2012-06-13 17:23 1648128 c:\windows\Installer\47580e.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Gregory\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Gregory\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Gregory\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Gregory\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AutoSizer"="c:\program files\AutoSizer\AutoSizer.exe" [2009-04-08 131072]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2011-10-12 438544]
"Steam"="d:\program files\Steam\steam.exe" [2011-12-25 1242448]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-06-05 17344176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-15 623992]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\WinPatrol.exe" [2010-11-04 329096]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1352272]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"Nuance.ctfmngr"="c:\program files\Nuance\NaturallySpeaking10\Program\ctfmngr.exe" [2009-03-17 50536]
"EVGAPrecision"="c:\program files\EVGA Precision\EVGAPrecision.exe" [2011-11-22 359528]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-10-08 16744256]
"NvMediaCenter"="NvMCTray.dll" [2011-10-08 203072]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2011-10-08 1632360]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\windows\system32\NVMCTRAY.DLL" [2011-10-08 203072]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Install LastPass FF RunOnce.lnk - c:\windows\Temp\lpuninstall.exe [N/A]
Install LastPass IE RunOnce.lnk - c:\windows\Temp\lpuninstall.exe [N/A]
.
c:\documents and settings\Gregory\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Gregory\Application Data\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
Stickies.lnk - c:\program files\Stickies\stickies.exe [2011-9-10 1122304]
Wallpaper Changer.lnk - c:\program files\WallpaperToy\Wallpapertoy.Exe [2010-4-8 110592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-10-28 10:13 64592 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rootrepeal.sys]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Program Files\\Market Samurai\\Market Samurai.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"c:\\Documents and Settings\\Gregory\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Oracle\\VirtualBox\\VirtualBox.exe"=
"c:\\Program Files\\Notepad++\\notepad++.exe"=
"c:\\Program Files\\PSPad editor\\PSPad.exe"=
"c:\\Program Files\\Stickies\\stickies.exe"=
"d:\\Program Files\\Steam\\Steam.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\company of heroes\\RelicDownloader\\RelicDownloader.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\company of heroes\\RelicCOH.exe"=
"c:\\wamp\\bin\\apache\\Apache2.2.21\\bin\\httpd.exe"=
"c:\\wamp\\ruby\\bin\\ruby.exe"=
"c:\\Program Files\\VMware\\VMware Player\\vmware-authd.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\orcs must die!\\Build\\release\\OrcsMustDie.exe"=
"c:\\Program Files\\eclipse-php\\eclipse-php.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\portal 2\\portal2.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*isabledxpsp2res.dll,-22009
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundMaskRequest"= 1 (0x1)
"AllowInboundRouterRequest"= 1 (0x1)
"AllowInboundTimestampRequest"= 1 (0x1)
"AllowOutboundDestinationUnreachable"= 1 (0x1)
"AllowOutboundPacketTooBig"= 1 (0x1)
"AllowOutboundParameterProblem"= 1 (0x1)
"AllowOutboundSourceQuench"= 1 (0x1)
"AllowOutboundTimeExceeded"= 1 (0x1)
"AllowRedirect"= 1 (0x1)
.
R0 vmci;VMware VMCI Bus Driver;c:\windows\system32\drivers\vmci.sys [8/8/2011 3:58 PM 98928]
R1 MpKsl86d10ad5;MpKsl86d10ad5;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{35D837E8-BACF-4358-A4C5-57262C814FD5}\MpKsl86d10ad5.sys [6/15/2012 4:37 PM 29904]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [1/23/2010 10:50 PM 158512]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [1/23/2010 10:50 PM 91440]
R1 vcdrom;Virtual CD-ROM Device Driver;c:\installers\winxpvirtualcdcontrolpanel_21\VCdRom.sys [3/3/2009 6:57 AM 8576]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [1/10/2011 8:51 PM 10448]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11/7/2011 2:55 AM 654408]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [1/3/2012 3:14 PM 2253120]
R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [8/29/2011 11:11 PM 665200]
R3 hcw18bda;Hauppauge WinTV 418 Driver;c:\windows\system32\drivers\hcw18bda.sys [8/31/2007 12:13 PM 384896]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [8/24/2010 10:30 AM 40912]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [8/24/2010 10:30 AM 10448]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11/7/2011 2:55 AM 22344]
R3 RTCore32;RTCore32;c:\program files\EVGA Precision\RTCore32.sys [9/6/2011 5:24 PM 5632]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\drivers\VBoxNetFlt.sys [12/19/2011 3:11 PM 116016]
S0 AmdAcpi;AmdAcpi Bus Filter Driver;c:\windows\system32\DRIVERS\AmdAcpi.sys --> c:\windows\system32\DRIVERS\AmdAcpi.sys [?]
S1 amdtools;AMD Special Tools Driver;c:\windows\system32\DRIVERS\amdtools.sys --> c:\windows\system32\DRIVERS\amdtools.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 2:16 PM 130384]
S2 Micro Niche Finder Background Download Service;Micro Niche Finder Background Download Service;c:\program files\Micro Niche Finder\srvany.exe [2/3/2010 3:50 AM 8192]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [6/5/2012 3:17 PM 160944]
S3 123rootrepeal;123rootrepeal;c:\windows\system32\drivers\123rootrepeal.sys [1/21/2010 10:01 AM 34816]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [1/21/2010 9:17 PM 15944]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [10/20/2009 11:19 AM 50704]
S3 ruby-hello;ruby-hello;c:\wamp\ruby\bin\mongrel_service.exe [1/31/2012 1:37 PM 47616]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [12/17/2009 4:02 PM 104752]
S3 VBoxUSB;VirtualBox USB;c:\windows\system32\drivers\VBoxUSB.sys [1/23/2010 10:50 PM 82736]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 2:16 PM 753504]
S4 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/4/2004 5:00 AM 14336]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL86D10AD5
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-02-25 18:12 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-16 c:\windows\Tasks\Clean System Memory.job
- c:\windows\system32\CleanMem.exe [2009-11-11 23:22]
.
2012-06-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-1645522239-839522115-1015Core.job
- c:\documents and settings\Gregory\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-11 03:44]
.
2012-06-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-1645522239-839522115-1015UA.job
- c:\documents and settings\Gregory\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-11 03:44]
.
2012-06-15 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 22:39]
.
2012-06-14 c:\windows\Tasks\NatSpeak Periodic Acoustic Optimization.job
- c:\program files\Nuance\NaturallySpeaking10\Program\schedmgr.exe [2009-03-17 03:45]
.
2012-06-15 c:\windows\Tasks\NatSpeak Periodic Language Model Optimization.job
- c:\program files\Nuance\NaturallySpeaking10\Program\schedmgr.exe [2009-03-17 03:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
LSP: %SystemRoot%\system32\vsocklib.dll
TCP: Interfaces\{2340376E-95A1-4AC8-B4C8-4381226E9DA3}: NameServer = 8.8.8.8,66.93.87.2,8.8.4.4,216.231.41.2
FF - ProfilePath - c:\documents and settings\Gregory\Application Data\Mozilla\Firefox\Profiles\rm88ypaz.bigG\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?source=gama&hl=en
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-15 17:26
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ruby-hello]
"ImagePath"="\"C:/wamp/ruby/bin/mongrel_service.exe\" service single -e development -p 3001 -a 0.0.0.0 -l \"log/mongrel.log\" -P \"log/mongrel.pid\" -c \"c:/wamp/www/rails/hello\" -t 0 -r \"public\" -n 1024"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ruby-hello]
"ImagePath"="\"C:/wamp/ruby/bin/mongrel_service.exe\" service single -e development -p 3001 -a 0.0.0.0 -l \"log/mongrel.log\" -P \"log/mongrel.pid\" -c \"c:/wamp/www/rails/hello\" -t 0 -r \"public\" -n 1024"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:74,63,79,64,0b,2b,41,2c,de,f0,c2,19,db,b6,b1,3c,be,2d,3b,ee,ed,
31,3d,bb,3a,4c,77,d1,77,d4,c2,ef,9d,99,52,64,9c,89,c2,15,83,2d,19,68,b8,a0,\
.
[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:74,63,79,64,0b,2b,41,2c,de,f0,c2,19,db,b6,b1,3c,be,2d,3b,ee,ed,
31,3d,bb,3a,4c,77,d1,77,d4,c2,ef,9d,99,52,64,9c,89,c2,15,83,2d,19,68,b8,a0,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(948)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
.
- - - - - - - > 'explorer.exe'(2000)
c:\windows\system32\WININET.dll
c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL
c:\documents and settings\Gregory\Application Data\Dropbox\bin\DropboxExt.14.dll
c:\program files\AutoSizer\AutoSizer.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
.
Completion time: 2012-06-15 17:28:34
ComboFix-quarantined-files.txt 2012-06-16 00:28
ComboFix2.txt 2012-06-15 17:00
ComboFix3.txt 2012-06-15 16:29
ComboFix4.txt 2012-06-15 05:09
ComboFix5.txt 2012-06-16 00:09
.
Pre-Run: 40,388,747,264 bytes free
Post-Run: 40,459,763,712 bytes free
.
- - End Of File - - 5A78EE9A1A3F5A9486944018D3153BFD

 

[Broni]

Nothing there...

1. Download Security Check from HERE, and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  
  NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

• Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and paste the log to your reply.

3. Download Temp File Cleaner (TFC)

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

4. Please run a free online scan with the ESET Online Scanner

• Disable your antivirus program
• Tick the box next to YES, I accept the Terms of Use
• Click Start
• Accept any security warnings from your browser.
• Check Scan archives
• Click Start
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, click on List of found threats
• Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• NOTE. If Eset won't find any threats, it won't produce any log.

 

[gBarrett]

Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 3 x86
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
ESET Online Scanner v3
Microsoft Security Essentials
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
VirusTotal Uploader 2.0
CCleaner
DH Driver Cleaner Professional Edition
ArcExplorer Java Edition
Java(TM) 6 Update 31
Adobe Flash Player 9 (Out of date Flash Player installed!)
Adobe Flash Player 11.1.102.55
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSMpEng.exe
WinPatrol winpatrol.exe
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe
BillP Studios WinPatrol WinPatrol.exe
``````````End of Log````````````

 

[gBarrett]

Farbar Service Scanner Version: 09-06-2012
Ran by Gregory (administrator) on 15-06-2012 at 18:36:41
Running from "C:\Documents and Settings\Gregory\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit


**** End of log ****

 

[gBarrett]

TFC.exe appears to halt after stopping running processes. Shall I try it in Safe Mode?

 

[Broni]

Yes, go ahead.

 

[gBarrett]

TFC - completed under Safe Mode.
ESET - no threats found.

 

[Broni]

Update Adobe Flash Player
Download the Latest Adobe Flash for Firefox and IE Without Any Extras: http://www.404techsupport.com/2010/...-flash-for-firefox-and-ie-without-any-extras/

=============================================.

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following:

:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

• Double-click OTL.exe to start the program.
• Close all other programs apart from OTL as this step will require a reboot
• On the OTL main screen, press the CLEANUP button
• Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

13. Please, let me know, how your computer is doing.

 

[gBarrett]

Your computer is clean

MBAM is still complaining about the original blocked outgoing IP.

 

[Broni]

Let's try to reset your router.....

Go Start>Run (Start search in Vista), type in:
cmd
Click OK (Vista and Windows 7 users: while holding CTRL, and SHIFT, press Enter).

In Command Prompt window, type in following commands, and hit Enter after each one:
ipconfig /flushdns
ipconfig /registerdns
ipconfig /release
ipconfig /renew
net stop "dns client"
net start "dns client"


Turn the computer off.

On your router, you'll find a pinhole marked "Reset".
Keep pushing the hole, using a pencil, or a paperclip until all lights briefly come off and on.
NOTE. Simple router disconnecting from a power source will NOT do.
Restart computer and check for redirections.

NOTE. You may need to re-check your router security settings, as described HERE

 

[gBarrett]

Think I got the MBAM complaint sorted out. It was an evil contact in Skype that was calling home. I ran Process Monitor and watched the network activity til it showed a corresponding time stamp for the MBAM complaint and Skype.exe. The IP address matched the path called by the Skype process.

OTL won't run in normal mode, freezes. Try it in safe mode?

 

[Broni]

Good news

Yes, run OTL fix in safe mode.

 

[Broni]

Still with me?