Solved Increasing Mem. Usage by svchost; Windows wanting activated again

[Dasle]

Hello everyone!

I think I've contracted a virus or some form of malware on my PC. I left the PC on overnight, and when I woke up, the wireless connection was disconnected. I rebooted and the Windows Activation window popped up (Windows XP Home). Shortly after bootup, I realized that one of the svchost was going out of control. Memory usage would gradually increase to over 500,000 K before I'd end the process. A virus scan with Norton AntiVirus produced no results, however it did keep blocking attacks called Malicious Toolkit Website 9.

I've followed the steps in the stickie, and appreciate any help you kind folks can offer. Thanks so much.

Below are the logs:

MBAM Log

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.10.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Jeff :: PROJECT [administrator]

1/10/2012 10:55:29 AM
mbam-log-2012-01-10 (10-55-29).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 220950
Time elapsed: 44 minute(s), 43 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 2
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

-----------------------------------------------

GMER Log

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-01-10 11:58:24
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-5 WDC_WD5000AACS-00ZUB0 rev.01.01B01
Running: k0yp574g.exe; Driver: C:\DOCUME~1\Jeff\LOCALS~1\Temp\uwldapow.sys


---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

---- Devices - GMER 1.0.15 ----

Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP3T0L0-11 8A49F2C6
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 8A49F2C6
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 8A49F2C6
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort2 8A49F2C6
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort3 8A49F2C6
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T0L0-5 8A49F2C6
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP3T1L0-19 8A49F2C6

---- EOF - GMER 1.0.15 ----


--------------------------------------------------------------------------

DDS Log: dds.txt

.
DDS (Ver_2011-08-26.01) - NTFSx86 MINIMAL
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by Jeff at 12:08:15 on 2012-01-10
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1783 [GMT -6:00]
.
AV: Norton AntiVirus *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\Explorer.EXE
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\norton antivirus\engine\18.6.0.29\ips\IPSBHO.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [VTTimer] VTTimer.exe
mRun: [S3Trayp] S3trayp.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=67633
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1309924587859
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.3.1/jinstall-131_02-win.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 68.94.156.1 68.94.157.1
TCP: Interfaces\{8ECCA8B3-18EF-4F4F-A1F6-F25821F05B4E} : DhcpNameServer = 68.94.156.1 68.94.157.1
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\jeff\application data\mozilla\firefox\profiles\dldhuz2k.default\
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nav\1206000.01d\symds.sys [2011-6-25 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1206000.01d\symefa.sys [2011-6-25 744568]
R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [2008-8-29 17920]
S1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\bashdefs\20111223.001\BHDrvx86.sys [2011-11-30 820344]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nav\1206000.01d\ironx86.sys [2011-6-25 136312]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 NAV;Norton AntiVirus;c:\program files\norton antivirus\norton antivirus\engine\18.6.0.29\ccsvchst.exe [2011-6-25 130008]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-11-11 2253120]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-11-9 106104]
S3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\ipsdefs\20120107.001\IDSXpx86.sys [2012-1-10 356280]
S3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\virusdefs\20120110.002\NAVENG.SYS [2012-1-10 86136]
S3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\virusdefs\20120110.002\NAVEX15.SYS [2012-1-10 1576312]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2011-11-11 119656]
S3 S3GIGP;S3GIGP;c:\windows\system32\drivers\S3gIGPm.sys [2008-4-17 603648]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-01-10 16:53:53 -------- d-----w- c:\documents and settings\jeff\application data\Malwarebytes
2012-01-10 16:53:24 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-01-10 16:53:23 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-10 16:53:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-10 15:42:05 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2012-01-10 13:02:55 -------- d-----w- c:\program files\AVG
2012-01-10 12:47:30 -------- d--h--w- c:\documents and settings\all users\application data\Common Files
2012-01-10 12:47:13 -------- d-----w- c:\documents and settings\all users\application data\MFAData
2012-01-10 12:17:19 -------- d-----w- c:\documents and settings\jeff\local settings\application data\Symantec
2012-01-10 12:14:38 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-01-10 12:14:38 -------- d-----w- c:\windows\system32\wbem\Repository
2012-01-10 10:01:37 -------- d-----w- c:\documents and settings\jeff\local settings\application data\NPE
2012-01-10 09:53:18 -------- d-----w- c:\documents and settings\jeff\application data\Tific
2011-12-14 15:53:49 -------- d-----w- c:\documents and settings\jeff\local settings\application data\Auralog
2011-12-14 15:52:32 -------- d-----w- c:\program files\Auralog
2011-12-14 15:22:02 -------- d-sh--w- c:\documents and settings\jeff\IECompatCache
2011-12-14 15:19:04 -------- d-sh--w- c:\documents and settings\jeff\PrivacIE
2011-12-14 15:16:35 -------- d-sh--w- c:\documents and settings\jeff\IETldCache
2011-12-14 15:01:16 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll
2011-12-14 15:00:56 -------- d-----w- c:\windows\ie8updates
2011-12-14 15:00:16 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-12-14 15:00:16 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2011-12-14 15:00:16 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-12-14 15:00:16 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2011-12-14 15:00:16 2000384 -c----w- c:\windows\system32\dllcache\iertutil.dll
2011-12-14 15:00:16 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2011-12-14 15:00:16 11081728 -c----w- c:\windows\system32\dllcache\ieframe.dll
2011-12-14 14:58:54 -------- dc-h--w- c:\windows\ie8
2011-12-14 14:46:09 -------- d-----w- c:\documents and settings\all users\application data\Auralog
2011-12-13 12:14:23 -------- d-----w- c:\program files\iPod
.
==================== Find3M ====================
.
2012-01-10 15:43:24 26112 ----a-w- c:\windows\system32\userinit.exe
2012-01-10 09:46:58 285176 ----a-w- c:\windows\system32\nvdrsdb0.bin
2012-01-10 09:46:58 1 ----a-w- c:\windows\system32\nvdrssel.bin
2012-01-09 18:16:19 285176 ----a-w- c:\windows\system32\nvdrsdb1.bin
2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-22 11:02:57 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20:51 43520 ------w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23:59 385024 ------w- c:\windows\system32\html.iec
2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37:08 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52:02 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-24 20:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 20:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-18 11:13:22 186880 ----a-w- c:\windows\system32\encdec.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD5000AACS-00ZUB0 rev.01.01B01 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-5
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys xfilt.sys ACPI.sys hal.dll >>UNKNOWN [0x8A4A249F]<<
c:\windows\system32\drivers\xfilt.sys VIA Technologies,Inc VIA filter driver
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8a4a9738]; MOV EAX, [0x8a4a98ac]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 nt!IofCallDriver[0x804E13B9] -> \Device\Harddisk0\DR0[0x8A568AB8]
3 CLASSPNP[0xF7637FD7] -> nt!IofCallDriver[0x804E13B9] -> [0x8A56B9A0]
5 xfilt[0xF7648046] -> nt!IofCallDriver[0x804E13B9] -> \Device\00000074[0x8A56C968]
7 ACPI[0xF75AE620] -> nt!IofCallDriver[0x804E13B9] -> [0x8A5A8D98]
\Driver\atapi[0x8A4FFA70] -> IRP_MJ_CREATE -> 0x8A4A249F
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8A4A22C6
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 12:10:10.85 ===============


--------------------------------------------------------------------------

DDS Log: Attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 8/29/2008 10:51:21 PM
System Uptime: 1/10/2012 12:06:40 PM (0 hours ago)
.
Motherboard: MICRO-STAR INTERNATIONAL CO., LTD | | MS-7253
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5000+ | Socket AM2 | 2600/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 270.279 GiB free.
D: is CDROM ()
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: VIA Compatable Fast Ethernet Adapter
Device ID: PCI\VEN_1106&DEV_3065&SUBSYS_72531462&REV_7C\3&2411E6FE&0&90
Manufacturer: VIA Technologies, Inc.
Name: VIA Compatable Fast Ethernet Adapter
PNP Device ID: PCI\VEN_1106&DEV_3065&SUBSYS_72531462&REV_7C\3&2411E6FE&0&90
Service: FETNDIS
.
Class GUID: {6BDD1FC6-810F-11D0-BEC7-08002BE2092F}
Description: Photosmart C4500 series
Device ID: ROOT\IMAGE\0000
Manufacturer: HP
Name: Photosmart C4500,10.0.0.220
PNP Device ID: ROOT\IMAGE\0000
Service: StillCam
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: Photosmart C4500 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Photosmart C4500 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
==== System Restore Points ===================
.
RP397: 10/12/2011 12:16:39 PM - System Checkpoint
RP398: 10/13/2011 1:07:46 PM - System Checkpoint
RP399: 10/15/2011 2:48:50 PM - System Checkpoint
RP400: 10/16/2011 3:06:21 PM - System Checkpoint
RP401: 10/17/2011 3:30:14 PM - System Checkpoint
RP402: 11/4/2011 5:30:35 PM - System Checkpoint
RP403: 11/6/2011 11:13:47 AM - System Checkpoint
RP404: 11/7/2011 12:50:04 PM - System Checkpoint
RP405: 11/8/2011 1:34:10 PM - System Checkpoint
RP406: 11/9/2011 2:30:03 PM - System Checkpoint
RP407: 11/10/2011 1:49:32 PM - Installed DirectX
RP408: 11/10/2011 1:49:44 PM - Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
RP409: 11/11/2011 2:39:07 PM - System Checkpoint
RP410: 11/11/2011 9:12:44 PM - Update to an unsigned driver
RP411: 11/11/2011 9:19:49 PM - Update to an unsigned driver
RP412: 11/11/2011 9:27:07 PM - Installed DirectX
RP413: 11/12/2011 10:55:20 PM - System Checkpoint
RP414: 11/14/2011 1:00:47 AM - System Checkpoint
RP415: 11/15/2011 1:12:28 AM - System Checkpoint
RP416: 11/16/2011 11:39:42 AM - System Checkpoint
RP417: 11/17/2011 12:05:49 PM - System Checkpoint
RP418: 11/18/2011 1:35:16 PM - System Checkpoint
RP419: 11/19/2011 1:44:35 PM - System Checkpoint
RP420: 11/20/2011 1:48:09 PM - System Checkpoint
RP421: 11/21/2011 5:30:17 PM - System Checkpoint
RP422: 11/22/2011 6:20:49 PM - System Checkpoint
RP423: 11/23/2011 9:18:37 PM - System Checkpoint
RP424: 11/24/2011 11:17:08 PM - System Checkpoint
RP425: 11/26/2011 5:19:23 PM - System Checkpoint
RP426: 11/27/2011 8:13:14 PM - System Checkpoint
RP427: 11/28/2011 10:31:46 PM - System Checkpoint
RP428: 11/29/2011 11:13:12 PM - System Checkpoint
RP429: 12/1/2011 4:25:20 AM - System Checkpoint
RP430: 12/2/2011 6:13:18 AM - System Checkpoint
RP431: 12/3/2011 10:08:09 AM - System Checkpoint
RP432: 12/4/2011 11:26:46 AM - System Checkpoint
RP433: 12/5/2011 12:00:18 PM - System Checkpoint
RP434: 12/6/2011 1:20:28 PM - System Checkpoint
RP435: 12/7/2011 1:24:56 PM - System Checkpoint
RP436: 12/9/2011 11:40:08 AM - System Checkpoint
RP437: 12/10/2011 2:08:23 PM - System Checkpoint
RP438: 12/12/2011 12:05:57 AM - System Checkpoint
RP439: 12/13/2011 3:33:22 AM - System Checkpoint
RP440: 12/14/2011 5:19:56 AM - System Checkpoint
RP441: 12/14/2011 8:53:44 AM - Software Distribution Service 3.0
RP442: 12/14/2011 9:26:26 AM - Software Distribution Service 3.0
RP443: 12/14/2011 9:32:39 AM - Software Distribution Service 3.0
RP444: 12/16/2011 4:18:15 PM - System Checkpoint
RP445: 12/17/2011 4:59:51 PM - System Checkpoint
RP446: 12/19/2011 3:28:12 AM - System Checkpoint
RP447: 12/20/2011 6:54:48 AM - System Checkpoint
RP448: 12/21/2011 7:37:11 AM - System Checkpoint
RP449: 12/22/2011 4:23:43 PM - System Checkpoint
RP450: 12/23/2011 4:58:09 PM - System Checkpoint
RP451: 12/25/2011 11:37:15 AM - System Checkpoint
RP452: 12/26/2011 12:35:49 PM - System Checkpoint
RP453: 12/27/2011 5:21:45 PM - System Checkpoint
RP454: 12/29/2011 10:46:30 AM - System Checkpoint
RP455: 12/30/2011 3:48:00 PM - System Checkpoint
RP456: 12/31/2011 10:42:57 PM - System Checkpoint
RP457: 1/1/2012 10:46:59 PM - System Checkpoint
RP458: 1/3/2012 1:34:55 AM - System Checkpoint
RP459: 1/4/2012 1:48:47 AM - System Checkpoint
RP460: 1/5/2012 12:48:39 PM - System Checkpoint
RP461: 1/6/2012 1:38:43 PM - System Checkpoint
RP462: 1/8/2012 12:10:06 PM - System Checkpoint
RP463: 1/9/2012 12:58:11 PM - System Checkpoint
RP464: 1/10/2012 4:13:50 AM - Restore Operation
RP465: 1/10/2012 6:13:20 AM - Restore Operation
RP466: 1/10/2012 9:20:55 AM - Installed Ad-Aware
RP467: 1/10/2012 9:22:55 AM - Installed Ad-Aware
RP468: 1/10/2012 10:42:23 AM - Removed AVG 2012
RP469: 1/10/2012 10:43:13 AM - Removed AVG 2012
RP470: 1/10/2012 10:47:17 AM - Removed Ad-Aware
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop Elements 2.0
Adobe Reader 9.4.7
Adobe Shockwave Player 11
AOL Instant Messenger
Apple Application Support
Apple Mobile Device Support
Apple Software Update
BlackBerry Desktop Software 6.0
Bonjour
CompuServe
EPSON Printer Software
EPSON Scan
EVGA Precision 2.0.4
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
HP Photosmart C4500 All-In-One Driver 12.0 Rel .4
iSEEK AnswerWorks English Runtime
iTunes
Java 2 Runtime Environment Standard Edition v1.3.1_02
Java Auto Updater
Java(TM) 6 Update 26
Malwarebytes Anti-Malware version 1.60.0.1800
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
mIRC
MobileMe Control Panel
Mozilla Firefox 8.0 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Network
Norton AntiVirus
NVIDIA Control Panel 285.58
NVIDIA Graphics Driver 285.58
NVIDIA HD Audio Driver 1.2.24.0
NVIDIA Install Application
NVIDIA nView 135.95
NVIDIA nView Desktop Manager
NVIDIA PhysX
NVIDIA PhysX System Software 9.11.0621
NVIDIA Update 1.5.20
NVIDIA Update Components
Platform
PS_AIO_04_C4580_Software_Min
Quicken 2011
QuickTime
RealPlayer Basic
Realtek High Definition Audio Driver
Roll
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2530548)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544521)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2559049)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
Star Wars: The Old Republic
Starsiege TRIBES 1.8
System Requirements Lab
TELL ME MORE
Toolbox
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951618-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Ventrilo Client
VIA Chrome9 HC IGP Family Display 6.14.10.0133
VIA Platform Device Manager
Viewpoint Media Player
VLC media player 1.1.11
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Management Framework Core
Windows Media Format Runtime
Windows Search 4.0
Windows XP Service Pack 3
World of Warcraft
Xvid 1.1.3 final uninstall
.
==== Event Viewer Messages From Past Week ========
.
1/6/2012 2:13:22 PM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer MACBOOKAIR that believes that it is the master browser for the domain on transport NetBT_Tcpip_{8ECCA8B3-18EF-4F4. The master browser is stopping or an election is being forced.
1/10/2012 9:58:40 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
1/10/2012 9:52:25 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
1/10/2012 9:42:36 AM, error: Service Control Manager [7031] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
1/10/2012 9:31:02 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AmdPPM Avgldx86 Avgmfx86 BHDrvx86 eeCtrl Fips SRTSPX SymIRON SYMTDI
1/10/2012 7:09:26 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the AVGIDSAgent service to connect.
1/10/2012 7:09:26 AM, error: Service Control Manager [7000] - The AVGIDSAgent service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/10/2012 7:07:09 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AmdPPM Avgldx86 Avgmfx86 BHDrvx86 eeCtrl Fips SRTSP SRTSPX SymIRON SYMTDI
1/10/2012 6:50:13 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AmdPPM BHDrvx86 eeCtrl Fips SRTSP SRTSPX SymIRON SYMTDI
1/10/2012 6:46:02 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AmdPPM BHDrvx86 eeCtrl Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SRTSP SRTSPX SymIRON SYMTDI Tcpip
1/10/2012 6:46:02 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
1/10/2012 6:46:02 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/10/2012 6:46:02 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/10/2012 6:46:02 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBT service which failed to start because of the following error: A device attached to the system is not functioning.
1/10/2012 6:46:02 AM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/10/2012 6:46:02 AM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/10/2012 6:43:08 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
1/10/2012 6:42:38 AM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
1/10/2012 6:41:55 AM, error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
1/10/2012 6:37:59 AM, error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
1/10/2012 6:17:13 AM, error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).
1/10/2012 6:02:36 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: PCIIde ViaIde
1/10/2012 5:56:07 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
1/10/2012 4:13:37 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000243' while processing the file 'SMR210.SYS' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
1/10/2012 11:52:37 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
1/10/2012 11:52:37 AM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/10/2012 11:43:37 AM, error: Service Control Manager [7023] - The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error: Access is denied.
1/10/2012 10:35:49 AM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
1/10/2012 10:33:58 AM, error: System Error [1003] - Error code 100000d4, parameter1 b17c7234, parameter2 0000001c, parameter3 00000000, parameter4 80502367.
1/10/2012 10:33:56 AM, error: System Error [1003] - Error code 100000d1, parameter1 00000004, parameter2 00000002, parameter3 00000001, parameter4 b9f05e32.
1/10/2012 10:33:44 AM, error: System Error [1003] - Error code 100000d1, parameter1 00000004, parameter2 00000002, parameter3 00000001, parameter4 b9f52e32.
1/10/2012 10:33:34 AM, error: System Error [1003] - Error code 100000d1, parameter1 00000004, parameter2 00000002, parameter3 00000001, parameter4 b9eebe32.
1/10/2012 10:30:17 AM, error: System Error [1003] - Error code 100000d1, parameter1 00000004, parameter2 00000002, parameter3 00000001, parameter4 b9eaae32.
1/10/2012 10:27:02 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
.
==== End Of File ===========================

 

[Broni]

Welcome aboard

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running tools or applying updates other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

==============================================================

Download TDSSKiller and save it to your desktop.

• Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
• If an infected file is detected, the default action will be Cure, click on Continue.
• If a suspicious file is detected, the default action will be Skip, click on Continue.
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
• If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

 

[Dasle]

TDSSKiller found one infected file which required a reboot. The log is below. Thanks again for your help and time Broni


14:58:24.0805 3924 TDSS rootkit removing tool 2.7.0.0 Jan 10 2012 09:14:26
14:58:25.0196 3924 ============================================================
14:58:25.0196 3924 Current date / time: 2012/01/10 14:58:25.0196
14:58:25.0196 3924 SystemInfo:
14:58:25.0196 3924
14:58:25.0196 3924 OS Version: 5.1.2600 ServicePack: 3.0
14:58:25.0196 3924 Product type: Workstation
14:58:25.0196 3924 ComputerName: PROJECT
14:58:25.0196 3924 UserName: Jeff
14:58:25.0196 3924 Windows directory: C:\WINDOWS
14:58:25.0196 3924 System windows directory: C:\WINDOWS
14:58:25.0196 3924 Processor architecture: Intel x86
14:58:25.0196 3924 Number of processors: 2
14:58:25.0196 3924 Page size: 0x1000
14:58:25.0196 3924 Boot type: Normal boot
14:58:25.0196 3924 ============================================================
14:58:28.0290 3924 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000, SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K', Flags 0x00000054
14:58:28.0383 3924 Initialize success
14:58:39.0820 3532 ============================================================
14:58:39.0820 3532 Scan started
14:58:39.0820 3532 Mode: Manual;
14:58:39.0820 3532 ============================================================
14:58:45.0023 3532 Abiosdsk - ok
14:58:45.0117 3532 abp480n5 - ok
14:58:45.0508 3532 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:58:45.0586 3532 ACPI - ok
14:58:45.0695 3532 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
14:58:45.0695 3532 ACPIEC - ok
14:58:45.0804 3532 adpu160m - ok
14:58:45.0883 3532 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
14:58:45.0898 3532 aec - ok
14:58:45.0976 3532 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
14:58:46.0023 3532 AFD - ok
14:58:46.0070 3532 Aha154x - ok
14:58:46.0336 3532 aic78u2 - ok
14:58:46.0476 3532 aic78xx - ok
14:58:46.0554 3532 AliIde - ok
14:58:46.0711 3532 AmdPPM (033448d435e65c4bd72e70521fd05c76) C:\WINDOWS\system32\DRIVERS\AmdPPM.sys
14:58:46.0711 3532 AmdPPM - ok
14:58:46.0773 3532 amsint - ok
14:58:46.0804 3532 asc - ok
14:58:46.0820 3532 asc3350p - ok
14:58:46.0836 3532 asc3550 - ok
14:58:46.0898 3532 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
14:58:46.0898 3532 ASCTRM - ok
14:58:46.0976 3532 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:58:46.0976 3532 AsyncMac - ok
14:58:47.0008 3532 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
14:58:47.0008 3532 atapi - ok
14:58:47.0023 3532 Atdisk - ok
14:58:47.0070 3532 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:58:47.0086 3532 Atmarpc - ok
14:58:47.0133 3532 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
14:58:47.0133 3532 audstub - ok
14:58:47.0195 3532 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
14:58:47.0195 3532 Beep - ok
14:58:47.0351 3532 BHDrvx86 (e685ba3267c5a4ec4ce9e2b4a1481725) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20111223.001\BHDrvx86.sys
14:58:47.0351 3532 BHDrvx86 - ok
14:58:47.0429 3532 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
14:58:47.0445 3532 cbidf2k - ok
14:58:47.0461 3532 cd20xrnt - ok
14:58:47.0508 3532 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
14:58:47.0508 3532 Cdaudio - ok
14:58:47.0523 3532 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
14:58:47.0523 3532 Cdfs - ok
14:58:47.0633 3532 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:58:47.0648 3532 Cdrom - ok
14:58:47.0711 3532 Changer - ok
14:58:47.0742 3532 CmdIde - ok
14:58:47.0773 3532 Cpqarray - ok
14:58:47.0804 3532 dac2w2k - ok
14:58:47.0820 3532 dac960nt - ok
14:58:47.0836 3532 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
14:58:47.0836 3532 Disk - ok
14:58:47.0898 3532 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
14:58:47.0914 3532 dmboot - ok
14:58:47.0945 3532 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
14:58:47.0945 3532 dmio - ok
14:58:47.0976 3532 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
14:58:47.0976 3532 dmload - ok
14:58:48.0008 3532 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
14:58:48.0008 3532 DMusic - ok
14:58:48.0039 3532 dpti2o - ok
14:58:48.0070 3532 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
14:58:48.0070 3532 drmkaud - ok
14:58:48.0211 3532 eeCtrl (75e8b69f28c813675b16db357f20720f) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
14:58:48.0211 3532 eeCtrl - ok
14:58:48.0242 3532 EraserUtilRebootDrv (720b18d76de9e603b626dfcd6f1fca7c) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
14:58:48.0242 3532 EraserUtilRebootDrv - ok
14:58:48.0289 3532 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
14:58:48.0304 3532 Fastfat - ok
14:58:48.0336 3532 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
14:58:48.0336 3532 Fdc - ok
14:58:48.0414 3532 FETNDIS (e9648254056bce81a85380c0c3647dc4) C:\WINDOWS\system32\DRIVERS\fetnd5.sys
14:58:48.0414 3532 FETNDIS - ok
14:58:48.0445 3532 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
14:58:48.0445 3532 Fips - ok
14:58:48.0461 3532 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
14:58:48.0461 3532 Flpydisk - ok
14:58:48.0476 3532 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
14:58:48.0476 3532 FltMgr - ok
14:58:48.0492 3532 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:58:48.0508 3532 Fs_Rec - ok
14:58:48.0523 3532 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:58:48.0523 3532 Ftdisk - ok
14:58:48.0539 3532 gagp30kx (3a74c423cf6bcca6982715878f450a3b) C:\WINDOWS\system32\DRIVERS\gagp30kx.sys
14:58:48.0539 3532 gagp30kx - ok
14:58:48.0804 3532 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
14:58:48.0804 3532 GEARAspiWDM - ok
14:58:48.0836 3532 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:58:48.0836 3532 Gpc - ok
14:58:48.0882 3532 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
14:58:48.0882 3532 HDAudBus - ok
14:58:48.0929 3532 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:58:48.0929 3532 hidusb - ok
14:58:48.0945 3532 hpn - ok
14:58:49.0007 3532 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
14:58:49.0007 3532 HTTP - ok
14:58:49.0023 3532 i2omgmt - ok
14:58:49.0039 3532 i2omp - ok
14:58:49.0054 3532 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:58:49.0054 3532 i8042prt - ok
14:58:49.0289 3532 IDSxpx86 (e72d3894d42355e9cd5fd77e1e4fea11) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20120107.001\IDSxpx86.sys
14:58:49.0289 3532 IDSxpx86 - ok
14:58:49.0304 3532 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
14:58:49.0320 3532 Imapi - ok
14:58:49.0336 3532 ini910u - ok
14:58:49.0539 3532 IntcAzAudAddService (41bb402c2ade27b32439bb765864ab3b) C:\WINDOWS\system32\drivers\RtkHDAud.sys
14:58:49.0570 3532 IntcAzAudAddService - ok
14:58:49.0586 3532 IntelIde - ok
14:58:49.0632 3532 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
14:58:49.0632 3532 Ip6Fw - ok
14:58:49.0648 3532 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:58:49.0664 3532 IpFilterDriver - ok
14:58:49.0695 3532 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:58:49.0695 3532 IpInIp - ok
14:58:49.0726 3532 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:58:49.0726 3532 IpNat - ok
14:58:49.0757 3532 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:58:49.0757 3532 IPSec - ok
14:58:49.0789 3532 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
14:58:49.0789 3532 IRENUM - ok
14:58:49.0836 3532 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:58:49.0836 3532 isapnp - ok
14:58:49.0851 3532 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:58:49.0851 3532 Kbdclass - ok
14:58:49.0882 3532 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
14:58:49.0898 3532 kmixer - ok
14:58:49.0929 3532 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
14:58:49.0929 3532 KSecDD - ok
14:58:49.0945 3532 lbrtfdc - ok
14:58:50.0007 3532 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
14:58:50.0007 3532 mnmdd - ok
14:58:50.0023 3532 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
14:58:50.0023 3532 Modem - ok
14:58:50.0039 3532 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:58:50.0039 3532 Mouclass - ok
14:58:50.0086 3532 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
14:58:50.0086 3532 mouhid - ok
14:58:50.0101 3532 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
14:58:50.0101 3532 MountMgr - ok
14:58:50.0117 3532 mraid35x - ok
14:58:50.0132 3532 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:58:50.0132 3532 MRxDAV - ok
14:58:50.0179 3532 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:58:50.0195 3532 MRxSmb - ok
14:58:50.0211 3532 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
14:58:50.0226 3532 Msfs - ok
14:58:50.0273 3532 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:58:50.0289 3532 MSKSSRV - ok
14:58:50.0382 3532 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:58:50.0382 3532 MSPCLOCK - ok
14:58:50.0445 3532 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
14:58:50.0445 3532 MSPQM - ok
14:58:50.0476 3532 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:58:50.0476 3532 mssmbios - ok
14:58:50.0492 3532 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
14:58:50.0507 3532 Mup - ok
14:58:50.0726 3532 NAVENG (862f55824ac81295837b0ab63f91071f) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20120110.002\NAVENG.SYS
14:58:50.0726 3532 NAVENG - ok
14:58:50.0789 3532 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20120110.002\NAVEX15.SYS
14:58:50.0804 3532 NAVEX15 - ok
14:58:50.0851 3532 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
14:58:50.0851 3532 NDIS - ok
14:58:50.0867 3532 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:58:50.0867 3532 NdisTapi - ok
14:58:50.0929 3532 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:58:50.0929 3532 Ndisuio - ok
14:58:50.0929 3532 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:58:50.0945 3532 NdisWan - ok
14:58:50.0976 3532 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
14:58:50.0976 3532 NDProxy - ok
14:58:50.0992 3532 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
14:58:51.0007 3532 NetBIOS - ok
14:58:51.0023 3532 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
14:58:51.0023 3532 NetBT - ok
14:58:51.0070 3532 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
14:58:51.0070 3532 Npfs - ok
14:58:51.0101 3532 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
14:58:51.0117 3532 Ntfs - ok
14:58:51.0164 3532 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
14:58:51.0164 3532 Null - ok
14:58:51.0617 3532 nv (4b54dcd6adee535df80f07c59ddd8f14) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
14:58:51.0929 3532 nv - ok
14:58:51.0945 3532 NVHDA (6a839ac21ecde8945d52007152f2695e) C:\WINDOWS\system32\drivers\nvhda32.sys
14:58:51.0961 3532 NVHDA - ok
14:58:52.0007 3532 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:58:52.0023 3532 NwlnkFlt - ok
14:58:52.0023 3532 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:58:52.0039 3532 NwlnkFwd - ok
14:58:52.0054 3532 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
14:58:52.0054 3532 Parport - ok
14:58:52.0070 3532 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
14:58:52.0070 3532 PartMgr - ok
14:58:52.0101 3532 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
14:58:52.0101 3532 ParVdm - ok
14:58:52.0117 3532 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
14:58:52.0117 3532 PCI - ok
14:58:52.0117 3532 PCIDump - ok
14:58:52.0164 3532 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
14:58:52.0164 3532 PCIIde - ok
14:58:52.0179 3532 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
14:58:52.0179 3532 Pcmcia - ok
14:58:52.0195 3532 PDCOMP - ok
14:58:52.0210 3532 PDFRAME - ok
14:58:52.0226 3532 PDRELI - ok
14:58:52.0242 3532 PDRFRAME - ok
14:58:52.0257 3532 perc2 - ok
14:58:52.0273 3532 perc2hib - ok
14:58:52.0351 3532 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:58:52.0351 3532 PptpMiniport - ok
14:58:52.0367 3532 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
14:58:52.0367 3532 Processor - ok
14:58:52.0382 3532 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
14:58:52.0398 3532 PSched - ok
14:58:52.0429 3532 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:58:52.0429 3532 Ptilink - ok
14:58:52.0445 3532 ql1080 - ok
14:58:52.0460 3532 Ql10wnt - ok
14:58:52.0476 3532 ql12160 - ok
14:58:52.0492 3532 ql1240 - ok
14:58:52.0492 3532 ql1280 - ok
14:58:52.0507 3532 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:58:52.0507 3532 RasAcd - ok
14:58:52.0539 3532 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:58:52.0539 3532 Rasl2tp - ok
14:58:52.0554 3532 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:58:52.0554 3532 RasPppoe - ok
14:58:52.0570 3532 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
14:58:52.0570 3532 Raspti - ok
14:58:52.0617 3532 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:58:52.0617 3532 Rdbss - ok
14:58:52.0632 3532 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:58:52.0632 3532 RDPCDD - ok
14:58:52.0679 3532 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
14:58:52.0695 3532 RDPWD - ok
14:58:52.0726 3532 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
14:58:52.0726 3532 redbook - ok
14:58:52.0742 3532 RimUsb - ok
14:58:52.0773 3532 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
14:58:52.0773 3532 RimVSerPort - ok
14:58:52.0789 3532 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
14:58:52.0789 3532 ROOTMODEM - ok
14:58:52.0867 3532 S3GIGP (d494f3f2b2a4802109a9513d49f5d9f6) C:\WINDOWS\system32\DRIVERS\S3gIGPm.sys
14:58:52.0882 3532 S3GIGP - ok
14:58:52.0929 3532 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:58:52.0929 3532 Secdrv - ok
14:58:52.0960 3532 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
14:58:52.0960 3532 serenum - ok
14:58:52.0976 3532 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
14:58:52.0976 3532 Serial - ok
14:58:53.0023 3532 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
14:58:53.0023 3532 Sfloppy - ok
14:58:53.0054 3532 Simbad - ok
14:58:53.0085 3532 Sparrow - ok
14:58:53.0117 3532 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
14:58:53.0117 3532 splitter - ok
14:58:53.0132 3532 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
14:58:53.0148 3532 sr - ok
14:58:53.0226 3532 SRTSP (83726cf02eced69138948083e06b6eac) C:\WINDOWS\system32\drivers\NAV\1206000.01D\SRTSP.SYS
14:58:53.0242 3532 SRTSP - ok
14:58:53.0257 3532 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\WINDOWS\system32\drivers\NAV\1206000.01D\SRTSPX.SYS
14:58:53.0257 3532 SRTSPX - ok
14:58:53.0320 3532 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
14:58:53.0320 3532 Srv - ok
14:58:53.0367 3532 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
14:58:53.0367 3532 StillCam - ok
14:58:53.0382 3532 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
14:58:53.0382 3532 swenum - ok
14:58:53.0398 3532 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
14:58:53.0398 3532 swmidi - ok
14:58:53.0429 3532 symc810 - ok
14:58:53.0445 3532 symc8xx - ok
14:58:53.0476 3532 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\WINDOWS\system32\drivers\NAV\1206000.01D\SYMDS.SYS
14:58:53.0492 3532 SymDS - ok
14:58:53.0539 3532 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\WINDOWS\system32\drivers\NAV\1206000.01D\SYMEFA.SYS
14:58:53.0570 3532 SymEFA - ok
14:58:53.0617 3532 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
14:58:53.0617 3532 SymEvent - ok
14:58:53.0648 3532 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\WINDOWS\system32\drivers\NAV\1206000.01D\Ironx86.SYS
14:58:53.0648 3532 SymIRON - ok
14:58:53.0695 3532 SYMTDI (dec35ccaf7a222df918306cd2fdfbd39) C:\WINDOWS\system32\drivers\NAV\1206000.01D\SYMTDI.SYS
14:58:53.0695 3532 SYMTDI - ok
14:58:53.0710 3532 sym_hi - ok
14:58:53.0726 3532 sym_u3 - ok
14:58:53.0757 3532 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
14:58:53.0757 3532 sysaudio - ok
14:58:53.0820 3532 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:58:53.0835 3532 Tcpip - ok
14:58:53.0867 3532 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
14:58:53.0867 3532 TDPIPE - ok
14:58:53.0882 3532 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
14:58:53.0882 3532 TDTCP - ok
14:58:53.0898 3532 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
14:58:53.0898 3532 TermDD - ok
14:58:53.0914 3532 TosIde - ok
14:58:53.0960 3532 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
14:58:53.0976 3532 Udfs - ok
14:58:53.0992 3532 ultra - ok
14:58:54.0054 3532 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
14:58:54.0070 3532 Update - ok
14:58:54.0132 3532 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
14:58:54.0164 3532 USBAAPL - ok
14:58:54.0195 3532 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:58:54.0210 3532 usbccgp - ok
14:58:54.0242 3532 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:58:54.0242 3532 usbehci - ok
14:58:54.0257 3532 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:58:54.0257 3532 usbhub - ok
14:58:54.0304 3532 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
14:58:54.0335 3532 usbprint - ok
14:58:54.0382 3532 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
14:58:54.0382 3532 usbscan - ok
14:58:54.0398 3532 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:58:54.0398 3532 USBSTOR - ok
14:58:54.0429 3532 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
14:58:54.0429 3532 usbuhci - ok
14:58:54.0445 3532 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
14:58:54.0445 3532 VgaSave - ok
14:58:54.0460 3532 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
14:58:54.0460 3532 ViaIde - ok
14:58:54.0507 3532 videX32 (f95c0fcfbcbda6d8f202d2df4052f88d) C:\WINDOWS\system32\DRIVERS\videX32.sys
14:58:54.0507 3532 videX32 - ok
14:58:54.0523 3532 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
14:58:54.0523 3532 VolSnap - ok
14:58:54.0570 3532 W8335XP (f0bdc2b474e26117ee77bfdba051fb3c) C:\WINDOWS\system32\DRIVERS\Mrvw125.sys
14:58:54.0585 3532 W8335XP - ok
14:58:54.0585 3532 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:58:54.0585 3532 Wanarp - ok
14:58:54.0632 3532 wanatw (ba1d9278448cb26152a18b6a06b61ea3) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
14:58:54.0632 3532 wanatw - ok
14:58:54.0664 3532 WDICA - ok
14:58:54.0695 3532 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
14:58:54.0695 3532 wdmaud - ok
14:58:54.0804 3532 WpdUsb (1385e5aa9c9821790d33a9563b8d2dd0) C:\WINDOWS\system32\Drivers\wpdusb.sys
14:58:54.0804 3532 WpdUsb - ok
14:58:54.0867 3532 xfilt (bec604cdc548a528ebd3d7aa1dd46a89) C:\WINDOWS\system32\DRIVERS\xfilt.sys
14:58:54.0867 3532 xfilt - ok
14:58:54.0898 3532 MBR (0x1B8) (1f753b395539269a3484aecd505b79bd) \Device\Harddisk0\DR0
14:58:54.0929 3532 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
14:58:54.0929 3532 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
14:58:54.0929 3532 Boot (0x1200) (2d5d45f45853beb79cf21ebf6174d6a2) \Device\Harddisk0\DR0\Partition0
14:58:54.0929 3532 \Device\Harddisk0\DR0\Partition0 - ok
14:58:54.0929 3532 ============================================================
14:58:54.0929 3532 Scan finished
14:58:54.0929 3532 ============================================================
14:58:54.0960 3568 Detected object count: 1
14:58:54.0960 3568 Actual detected object count: 1
14:59:42.0709 3568 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
14:59:42.0709 3568 \Device\Harddisk0\DR0 - ok
14:59:42.0709 3568 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
14:59:49.0052 3572 Deinitialize success

 

[Broni]

Good

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

==============================================================

Download Bootkit Remover to your Desktop.

• Unzip downloaded file to your Desktop.
• Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
• It will show a Black screen with some data on it.
• Right click on the screen and click Select All.
• Press CTRL+C
• Open a Notepad and press CTRL+V
• Post the output back here.

 

[Dasle]

That took a while. svchost seems to be back under control. It isn't running away anymore.

Here are the other two logs. Since you didn't specify, I'm assuming you meant to have me run the quick scan on aswMBR. I didn't realize there was even an option until the scan was already in progress.

aswMBR log:

aswMBR version 0.9.9.1297 Copyright(c) 2011 AVAST Software
Run date: 2012-01-10 15:16:54
-----------------------------
15:16:54.765 OS Version: Windows 5.1.2600 Service Pack 3
15:16:54.765 Number of processors: 2 586 0x4302
15:16:54.765 ComputerName: PROJECT UserName: Jeff
15:16:57.171 Initialize success
15:20:18.890 AVAST engine defs: 12011001
15:20:30.875 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-5
15:20:30.875 Disk 0 Vendor: WDC_WD5000AACS-00ZUB0 01.01B01 Size: 476940MB BusType: 3
15:20:30.890 Disk 0 MBR read successfully
15:20:30.890 Disk 0 MBR scan
15:20:30.937 Disk 0 Windows XP default MBR code
15:20:30.937 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476929 MB offset 63
15:20:30.937 Disk 0 scanning sectors +976752000
15:20:31.062 Disk 0 scanning C:\WINDOWS\system32\drivers
15:20:40.609 Service scanning
15:20:42.531 Modules scanning
15:20:46.375 Disk 0 trace - called modules:
15:20:46.390 ntkrnlpa.exe CLASSPNP.SYS disk.sys xfilt.sys ACPI.sys hal.dll atapi.sys videX32.sys PCIIDEX.SYS
15:20:46.390 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a624ab8]
15:20:46.890 3 CLASSPNP.SYS[b80e8fd7] -> nt!IofCallDriver -> [0x8a602ed0]
15:20:46.890 5 xfilt.sys[b80f9046] -> nt!IofCallDriver -> \Device\00000074[0x8a606f18]
15:20:46.890 7 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-5[0x8a5d2d98]
15:20:48.062 AVAST engine scan C:\WINDOWS
15:21:03.437 AVAST engine scan C:\WINDOWS\system32
15:23:08.140 AVAST engine scan C:\WINDOWS\system32\drivers
15:23:39.281 AVAST engine scan C:\Documents and Settings\Jeff
15:58:33.625 AVAST engine scan C:\Documents and Settings\All Users
16:01:36.984 Scan finished successfully
16:02:08.343 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Jeff\Desktop\MBR.dat"
16:02:08.343 The log file has been saved successfully to "C:\Documents and Settings\Jeff\Desktop\aswMBR.txt"


---------------------------------------------------

boot_cleaner log

Posted incorrect log...deleted. Correct log in the following posts.

 

[Broni]

Second log is TDSSKiller log.
I asked for Bootkit Remover log.

Please pay attention...

 

[Dasle]

Yes, yes it is. Not sure how I managed that one, but I had pasted the TDSS log in the text file I created for the boot cleaner. Sorry about that.

Here is the correct one:

Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
Boot sector MD5 is: 6def5ffcbcdbdb4082f1015625e597bd

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


Done;
Press any key to quit...

 

[Broni]

Looks good

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
   NOTE1. If Combofix asks you to install Recovery Console, please allow it.
   NOTE 2. If Combofix asks you to update the program, always do so.
   • Close any open browsers.
   • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
   • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
   • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
4. Double click on combofix.exe & follow the prompts.
5. When finished, it will produce a report for you.
6. Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.

**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode (How to...)

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

 

[Dasle]

I tripled checked to make sure I got the right log this time!

ComboFix Report:


ComboFix 12-01-10.02 - Jeff 01/10/2012 17:13:34.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1452 [GMT -6:00]
Running from: c:\documents and settings\Jeff\Desktop\ComboFix.exe
AV: Norton AntiVirus *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Jeff\Recent\Thumbs.db
C:\Install.exe
c:\windows\system32\Thumbs.db
.
.
((((((((((((((((((((((((( Files Created from 2011-12-10 to 2012-01-10 )))))))))))))))))))))))))))))))
.
.
2012-01-10 16:53 . 2012-01-10 16:53 -------- d-----w- c:\documents and settings\Jeff\Application Data\Malwarebytes
2012-01-10 16:53 . 2012-01-10 16:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-01-10 16:53 . 2012-01-10 16:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-10 16:53 . 2011-12-10 21:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-10 15:42 . 2012-01-10 15:42 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2012-01-10 13:02 . 2012-01-10 13:02 -------- d-----w- c:\program files\AVG
2012-01-10 12:47 . 2012-01-10 12:47 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2012-01-10 12:47 . 2012-01-10 16:43 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2012-01-10 12:17 . 2012-01-10 12:17 -------- d-----w- c:\documents and settings\Jeff\Local Settings\Application Data\Symantec
2012-01-10 12:14 . 2012-01-10 12:14 -------- d-----w- c:\windows\system32\wbem\Repository
2012-01-10 10:01 . 2012-01-10 12:13 -------- d-----w- c:\documents and settings\Jeff\Local Settings\Application Data\NPE
2012-01-10 09:53 . 2012-01-10 09:53 -------- d-----w- c:\documents and settings\Jeff\Application Data\Tific
2012-01-09 22:08 . 2012-01-09 22:08 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-12-14 15:53 . 2011-12-14 15:53 -------- d-----w- c:\documents and settings\Jeff\Local Settings\Application Data\Auralog
2011-12-14 15:52 . 2011-12-14 15:52 -------- d-----w- c:\program files\Auralog
2011-12-14 15:22 . 2011-12-14 15:22 -------- d-sh--w- c:\documents and settings\Jeff\IECompatCache
2011-12-14 15:19 . 2011-12-14 15:19 -------- d-sh--w- c:\documents and settings\Jeff\PrivacIE
2011-12-14 15:18 . 2011-12-14 15:18 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2011-12-14 15:16 . 2011-12-14 15:16 -------- d-sh--w- c:\documents and settings\Jeff\IETldCache
2011-12-14 15:01 . 2011-08-16 10:45 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll
2011-12-14 15:00 . 2011-11-04 19:20 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2011-12-14 15:00 . 2011-11-04 19:20 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-12-14 15:00 . 2011-11-04 19:20 2000384 -c----w- c:\windows\system32\dllcache\iertutil.dll
2011-12-14 15:00 . 2011-11-04 19:20 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2011-12-14 15:00 . 2011-11-04 19:20 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-12-14 15:00 . 2011-11-04 19:20 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2011-12-14 15:00 . 2011-11-04 19:20 11081728 -c----w- c:\windows\system32\dllcache\ieframe.dll
2011-12-14 14:58 . 2011-12-14 15:00 -------- dc-h--w- c:\windows\ie8
2011-12-14 14:46 . 2011-12-14 14:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Auralog
2011-12-13 12:14 . 2011-12-13 12:14 -------- d-----w- c:\program files\iPod
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-10 15:43 . 2004-08-04 12:00 26112 ----a-w- c:\windows\system32\userinit.exe
2011-11-23 13:25 . 2004-08-04 12:00 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-22 11:02 . 2011-05-16 19:23 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-04 19:20 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2004-08-04 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2004-08-04 12:00 385024 ------w- c:\windows\system32\html.iec
2011-11-01 16:07 . 2004-08-04 12:00 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2004-08-04 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37 . 2004-08-04 12:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2004-08-03 22:59 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-24 20:29 . 2011-10-24 20:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 20:29 . 2011-10-24 20:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-18 11:13 . 2004-08-04 12:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-11-14 18:38 . 2011-09-07 14:22 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"VTTimer"="VTTimer.exe" [2006-09-21 53248]
"S3Trayp"="S3trayp.exe" [2007-09-30 200704]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-10-08 16744256]
"NvMediaCenter"="NvMCTray.dll" [2011-10-08 203072]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2011-10-08 1632360]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-8-28 113664]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^CompuServe 7.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\CompuServe 7.0 Tray Icon.lnk
backup=c:\windows\pss\CompuServe 7.0 Tray Icon.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2008-06-19 20:20 57344 ----a-r- c:\windows\Alcmtr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2008-10-24 13:14 206112 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-12-08 07:36 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2011-10-08 04:50 203072 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 20:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2008-09-02 23:44 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2008-07-03 20:51 16876032 ----a-r- c:\windows\RTHDCPL.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Dynamix Mapping\\TRIBES\\Tribes.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Program Files\\Electronic Arts\\BioWare\\Star Wars-The Old Republic\\launcher.exe"=
"c:\\Program Files\\Electronic Arts\\BioWare\\Star Wars-The Old Republic\\betatest\\retailclient\\swtor.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*isabled:Windows Remote Management
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAV\1206000.01D\symds.sys [6/25/2011 5:06 PM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1206000.01D\symefa.sys [6/25/2011 5:06 PM 744568]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20111223.001\BHDrvx86.sys [11/30/2011 8:25 PM 820344]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAV\1206000.01D\ironx86.sys [6/25/2011 5:06 PM 136312]
R2 NAV;Norton AntiVirus;c:\program files\Norton AntiVirus\Norton AntiVirus\Engine\18.6.0.29\ccsvchst.exe [6/25/2011 5:06 PM 130008]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [11/11/2011 9:22 PM 2253120]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [11/9/2011 4:09 AM 106104]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20120107.001\IDSXpx86.sys [1/10/2012 2:57 AM 356280]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [11/11/2011 9:19 PM 119656]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/4/2004 6:00 AM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 68.94.156.1 68.94.157.1
FF - ProfilePath - c:\documents and settings\Jeff\Application Data\Mozilla\Firefox\Profiles\dldhuz2k.default\
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-Advanced Tools Check - c:\progra~1\NORTON~1\AdvTools\ADVCHK.EXE
MSConfigStartUp-AppleSyncNotifier - c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
MSConfigStartUp-BlackBerryAutoUpdate - c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
MSConfigStartUp-nwiz - nwiz.exe
MSConfigStartUp-RoxWatchTray - c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-10 17:22
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NAV]
"ImagePath"="\"c:\program files\Norton AntiVirus\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Norton AntiVirus\Engine\18.6.0.29\diMaster.dll\" /prefetch:1"
.
Completion time: 2012-01-10 17:24:47
ComboFix-quarantined-files.txt 2012-01-10 23:24
.
Pre-Run: 292,374,224,896 bytes free
Post-Run: 296,172,027,904 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 66D2F3317D6917470C0F25D1B9689195

 

[Broni]

Looks good.

How is computer doing?

Download OTL to your Desktop.

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Scan All Users checkbox.
• Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[Dasle]

It seems to be running normal again. I still get the windows activation requirement, but I've been waiting until we finish to try to reactivate it. Performance-wise, it certainly hasn't been bogging down like before.

The OTL file is really long. I hope it's alright if I break it into two posts?


OTL.txt:

OTL logfile created on: 1/10/2012 5:42:17 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Jeff\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.37 Gb Available Physical Memory | 68.39% Memory free
3.85 Gb Paging File | 3.36 Gb Available in Paging File | 87.23% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 275.86 Gb Free Space | 59.23% Space Free | Partition Type: NTFS

Computer Name: PROJECT | User Name: Jeff | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/10 17:41:00 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jeff\Desktop\OTL.exe
PRC - [2011/10/07 22:50:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/04/16 18:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\18.6.0.29\ccsvchst.exe
PRC - [2008/04/13 18:12:40 | 000,032,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wpabaln.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/11 02:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
PRC - [2006/09/21 07:36:18 | 000,053,248 | ---- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\system32\VTTimer.exe
PRC - [2001/09/25 07:32:50 | 000,065,536 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\wanmpsvc.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/07 22:50:00 | 001,564,264 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\nView\nView.dll
MOD - [2011/10/07 22:50:00 | 000,355,432 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\nView\nvShell.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/10/07 22:50:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/04/16 18:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe -- (NAV)
SRV - [2007/01/11 02:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)
SRV - [2001/09/25 07:32:50 | 000,065,536 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\WINDOWS\wanmpsvc.exe -- (WANMiniportService) WAN Miniport (ATW)


========== Driver Services (SafeList) ==========

DRV - [2011/11/30 20:25:03 | 000,820,344 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20111223.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/11/09 04:09:47 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/11/09 04:09:47 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/11/04 15:52:35 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20120110.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/11/04 15:52:35 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20120110.002\NAVENG.SYS -- (NAVENG)
DRV - [2011/11/03 17:01:08 | 000,356,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20120107.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2011/07/07 17:21:30 | 000,119,656 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)
DRV - [2011/06/25 17:07:05 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/03/30 21:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1206000.01D\SRTSP.SYS -- (SRTSP)
DRV - [2011/03/30 21:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1206000.01D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/03/21 18:39:49 | 000,369,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1206000.01D\SYMTDI.SYS -- (SYMTDI)
DRV - [2011/03/14 20:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NAV\1206000.01D\SYMEFA.SYS -- (SymEFA)
DRV - [2011/01/27 00:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NAV\1206000.01D\SYMDS.SYS -- (SymDS)
DRV - [2011/01/26 23:07:05 | 000,136,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1206000.01D\Ironx86.SYS -- (SymIRON)
DRV - [2008/09/02 17:44:53 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2008/07/03 15:03:14 | 004,745,216 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/04/17 04:57:14 | 000,603,648 | ---- | M] (S3 Graphics Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\S3gIGPm.sys -- (S3GIGP)
DRV - [2007/04/16 19:46:00 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2006/10/18 15:39:58 | 000,017,920 | R--- | M] (VIA Technologies,Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\xfilt.sys -- (xfilt)
DRV - [2006/10/17 18:22:26 | 000,009,216 | R--- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\videX32.sys -- (videX32)
DRV - [2005/12/29 04:07:50 | 000,282,624 | R--- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Mrvw125.sys -- (W8335XP)
DRV - [2001/09/27 09:00:26 | 000,028,396 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-682003330-507921405-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-682003330-507921405-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:3.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\CompuServe 7.0\Extensions\\:
FF - HKEY_LOCAL_MACHINE\software\mozilla\CompuServe 7.0\Extensions\\Components: C:\Program Files\Common Files\csshare\plugins0942 [2011/11/11 19:15:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\CompuServe 7.0\Extensions\\Plugins: C:\Program Files\Common Files\csshare\plugins0942 [2011/11/11 19:15:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\IPSFFPlgn\ [2011/09/28 04:15:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/14 12:38:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/11 19:15:33 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\CompuServe 7.0\Extensions\\:
FF - HKEY_CURRENT_USER\software\mozilla\CompuServe 7.0\Extensions\\Components: C:\Program Files\Common Files\csshare\plugins0942 [2011/11/11 19:15:33 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\CompuServe 7.0\Extensions\\Plugins: C:\Program Files\Common Files\csshare\plugins0942 [2011/11/11 19:15:33 | 000,000,000 | ---D | M]

[2009/09/01 20:22:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jeff\Application Data\Mozilla\Extensions
[2009/09/01 20:22:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\dldhuz2k.default\extensions
[2011/11/14 12:38:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/09/28 04:15:41 | 000,000,000 | ---D | M] (Symantec IPS) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\IPSFFPLGN
[2011/07/09 13:54:43 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/09/28 03:57:49 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/11/14 12:38:18 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/07/09 13:54:42 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/09/07 10:29:27 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/14 12:38:18 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/01/10 17:22:26 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\18.6.0.29\ips\ipsbho.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-682003330-507921405-839522115-1004\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-682003330-507921405-839522115-1004\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
O4 - HKLM..\Run: [S3Trayp] C:\WINDOWS\System32\S3Trayp.exe (S3 Graphics Co., Ltd.)
O4 - HKLM..\Run: [VTTimer] C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-682003330-507921405-839522115-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-682003330-507921405-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-682003330-507921405-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-682003330-507921405-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-682003330-507921405-839522115-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-682003330-507921405-839522115-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft.com/fwlink/?linkid=67633 (Office Genuine Advantage Validation Tool)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1309924587859 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA} http://java.sun.com/products/plugin/1.3.1/jinstall-131_02-win.cab (Java Plug-in 1.3.1_02)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.94.156.1 68.94.157.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8ECCA8B3-18EF-4F4F-A1F6-F25821F05B4E}: DhcpNameServer = 68.94.156.1 68.94.157.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Jeff\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jeff\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/29 21:50:07 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/01/10 17:41:00 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jeff\Desktop\OTL.exe
[2012/01/10 17:08:21 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/01/10 16:56:41 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/01/10 16:56:41 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/01/10 16:56:41 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/01/10 16:56:41 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/01/10 16:56:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/01/10 16:56:31 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/10 16:50:31 | 004,377,322 | R--- | C] (Swearware) -- C:\Documents and Settings\Jeff\Desktop\ComboFix.exe
[2012/01/10 16:03:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeff\Desktop\bootkit_remover
[2012/01/10 15:15:54 | 004,713,472 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Jeff\Desktop\aswMBR.exe
[2012/01/10 14:57:06 | 001,972,528 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Jeff\Desktop\tdsskiller.exe
[2012/01/10 12:08:16 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2012/01/10 12:08:15 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Jeff\Start Menu\Programs\Administrative Tools
[2012/01/10 12:03:37 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Jeff\Desktop\dds.scr
[2012/01/10 10:53:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeff\Application Data\Malwarebytes
[2012/01/10 10:53:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/10 10:53:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/01/10 10:53:23 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/01/10 10:53:23 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/01/10 10:49:28 | 010,847,608 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Jeff\Desktop\mbam-setup-1.60.0.1800.exe
[2012/01/10 09:42:05 | 000,101,720 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2012/01/10 09:36:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Identities
[2012/01/10 07:02:55 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2012/01/10 06:47:30 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/01/10 06:47:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2012/01/10 06:26:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeff\Start Menu\Programs\Norton
[2012/01/10 06:26:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Norton
[2012/01/10 06:24:09 | 000,770,776 | ---- | C] (Symantec Corporation) -- C:\Documents and Settings\Jeff\Desktop\AutoDetectPkg.exe
[2012/01/10 06:17:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeff\Local Settings\Application Data\Symantec
[2012/01/10 04:01:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeff\Local Settings\Application Data\NPE
[2012/01/10 03:53:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeff\Application Data\Tific
[2012/01/10 03:37:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2012/01/10 03:37:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2012/01/09 16:08:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2012/01/09 16:07:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/12/14 09:53:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeff\Local Settings\Application Data\Auralog
[2011/12/14 09:53:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeff\Start Menu\Programs\TELL ME MORE V10 DC Universal
[2011/12/14 09:52:32 | 000,000,000 | ---D | C] -- C:\Program Files\Auralog
[2011/12/14 09:22:02 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Jeff\IECompatCache
[2011/12/14 09:19:04 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Jeff\PrivacIE
[2011/12/14 09:16:35 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Jeff\IETldCache
[2011/12/14 09:00:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2011/12/14 09:00:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2011/12/14 08:58:54 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2011/12/14 08:46:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Auralog
[2011/12/13 06:15:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/12/13 06:14:23 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/10 17:41:00 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jeff\Desktop\OTL.exe
[2012/01/10 17:38:42 | 000,001,230 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/10 17:38:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/10 17:22:26 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/01/10 17:08:28 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/01/10 16:50:47 | 004,377,322 | R--- | M] (Swearware) -- C:\Documents and Settings\Jeff\Desktop\ComboFix.exe
[2012/01/10 16:02:08 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Jeff\Desktop\MBR.dat
[2012/01/10 15:16:39 | 004,713,472 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Jeff\Desktop\aswMBR.exe
[2012/01/10 14:57:25 | 001,972,528 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Jeff\Desktop\tdsskiller.exe
[2012/01/10 12:37:53 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/01/10 12:03:39 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Jeff\Desktop\dds.scr
[2012/01/10 11:42:08 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Jeff\Desktop\k0yp574g.exe
[2012/01/10 10:53:28 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/10 10:51:31 | 010,847,608 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Jeff\Desktop\mbam-setup-1.60.0.1800.exe
[2012/01/10 10:39:00 | 000,000,746 | ---- | M] () -- C:\Documents and Settings\Jeff\Desktop\Norton Installation Files.lnk
[2012/01/10 10:02:17 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2012/01/10 10:02:16 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2012/01/10 09:42:02 | 000,101,720 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2012/01/10 06:42:57 | 003,888,054 | ---- | M] () -- C:\Documents and Settings\Jeff\Desktop\untitled.bmp
[2012/01/10 06:24:12 | 000,770,776 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Jeff\Desktop\AutoDetectPkg.exe
[2012/01/10 06:00:32 | 000,000,340 | ---- | M] () -- C:\Documents and Settings\Jeff\Application Data\SMRResults210.dat
[2012/01/10 03:46:58 | 000,285,176 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2012/01/10 03:46:58 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2012/01/09 12:16:19 | 000,285,176 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2012/01/09 12:16:18 | 000,000,013 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2011/12/29 21:33:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/12/14 09:54:33 | 000,000,226 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2011/12/14 09:53:33 | 000,002,120 | ---- | M] () -- C:\Documents and Settings\Jeff\Desktop\TELL ME MORE V10 DC Universal Français.lnk
[2011/12/14 09:27:25 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/12/14 09:16:47 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Jeff\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/12/14 09:16:24 | 000,267,800 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/14 09:06:44 | 000,502,658 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/12/14 09:06:44 | 000,087,124 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/10 17:08:27 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/01/10 17:08:25 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/01/10 16:56:41 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/01/10 16:56:41 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/01/10 16:56:41 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/01/10 16:56:41 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/01/10 16:56:41 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/01/10 16:02:08 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Jeff\Desktop\MBR.dat
[2012/01/10 11:42:08 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Jeff\Desktop\k0yp574g.exe
[2012/01/10 10:53:27 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/10 06:42:57 | 003,888,054 | ---- | C] () -- C:\Documents and Settings\Jeff\Desktop\untitled.bmp
[2012/01/10 06:26:33 | 000,000,746 | ---- | C] () -- C:\Documents and Settings\Jeff\Desktop\Norton Installation Files.lnk
[2012/01/10 06:00:32 | 000,000,340 | ---- | C] () -- C:\Documents and Settings\Jeff\Application Data\SMRResults210.dat
[2011/12/14 09:54:33 | 000,000,226 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2011/12/14 09:53:33 | 000,002,120 | ---- | C] () -- C:\Documents and Settings\Jeff\Desktop\TELL ME MORE V10 DC Universal Français.lnk
[2011/11/11 21:45:16 | 002,130,002 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2011/11/11 21:13:17 | 000,285,176 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/11/11 21:13:17 | 000,285,176 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/11/11 21:13:17 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/11/11 21:12:19 | 002,116,858 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2011/11/04 15:43:46 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/10/08 21:45:39 | 000,158,528 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/09/14 12:45:55 | 000,000,120 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2011/07/09 19:22:57 | 000,000,013 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2011/02/20 13:10:01 | 000,118,870 | ---- | C] () -- C:\WINDOWS\hpoins30.dat
[2011/02/20 13:10:01 | 000,000,449 | ---- | C] () -- C:\WINDOWS\hpomdl30.dat
[2010/10/17 18:35:02 | 000,056,532 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/11/20 12:44:57 | 000,002,108 | ---- | C] () -- C:\Documents and Settings\Jeff\Local Settings\Application Data\rx_audio.Cache
[2009/11/20 12:44:57 | 000,000,072 | ---- | C] () -- C:\Documents and Settings\Jeff\Local Settings\Application Data\rx_image.Cache
[2009/09/08 14:21:50 | 000,000,256 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2009/09/01 20:22:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/02/25 18:27:41 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2008/12/07 19:08:09 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2008/11/21 11:45:26 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/11/21 11:45:25 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/10/24 19:03:46 | 000,000,314 | ---- | C] () -- C:\WINDOWS\Sierra.ini
[2008/09/02 19:38:34 | 000,000,291 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2008/09/02 19:38:30 | 000,045,568 | ---- | C] () -- C:\WINDOWS\UniFish3.exe
[2008/08/29 22:53:30 | 000,044,032 | ---- | C] () -- C:\Documents and Settings\Jeff\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/08/29 22:30:21 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2008/08/29 21:51:24 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/08/29 21:48:04 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/08/29 17:39:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/08/29 17:38:58 | 000,267,800 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/05/26 20:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 20:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/05/16 12:01:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008/02/04 16:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/09/27 09:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 09:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 09:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/05/22 07:54:46 | 001,769,472 | ---- | C] () -- C:\WINDOWS\System32\VTROM.bin
[2004/08/04 06:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 06:00:00 | 000,502,658 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 06:00:00 | 000,087,124 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 06:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 06:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 06:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

 

[Dasle]

========== LOP Check ==========

[2011/12/14 08:46:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Auralog
[2012/01/10 06:47:30 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2008/09/02 18:48:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2008/09/03 22:07:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileOpen
[2012/01/10 10:43:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2009/10/28 20:28:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2008/09/02 17:53:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/03/29 22:34:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/05/01 21:42:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/26 21:57:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/16 21:09:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2008/09/02 17:53:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeff\Application Data\Aim
[2009/03/06 12:09:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeff\Application Data\EPSON
[2008/10/29 18:44:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeff\Application Data\FileOpen
[2011/10/17 18:31:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeff\Application Data\nView_Wallpaper
[2009/02/25 18:27:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeff\Application Data\Research In Motion
[2011/07/09 13:57:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeff\Application Data\SystemRequirementsLab
[2012/01/10 03:53:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeff\Application Data\Tific
[2008/11/07 22:06:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeff\Application Data\Viewpoint
[2011/09/28 04:48:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeff\Application Data\Windows Desktop Search
[2011/11/12 10:33:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeff\Application Data\Windows Search

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2008/08/29 21:50:07 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2011/09/28 06:16:36 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2012/01/10 17:08:28 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2012/01/10 17:24:48 | 000,014,779 | ---- | M] () -- C:\ComboFix.txt
[2008/08/29 21:50:07 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2007/11/07 06:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 06:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 06:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 06:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 06:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 06:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 06:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/07 06:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 06:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2007/11/07 06:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2007/11/07 06:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007/11/07 06:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 06:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 06:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 06:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 06:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 06:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 06:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 06:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 06:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2008/08/29 21:50:07 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/08/29 21:50:07 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 06:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/09/02 16:54:57 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2012/01/10 17:38:35 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2012/01/10 14:59:49 | 000,049,986 | ---- | M] () -- C:\TDSSKiller.2.7.0.0_10.01.2012_14.58.24_log.txt
[2007/11/07 06:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/11/07 06:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 06:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI

< %systemroot%\Fonts\*.com >
[2006/04/18 13:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 12:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 13:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 12:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2008/08/29 21:49:47 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 06:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2008/10/24 10:48:38 | 000,321,536 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp696.dll
[2008/07/06 04:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2008/08/29 17:38:08 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2008/08/29 17:38:08 | 000,634,880 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2008/08/29 17:38:08 | 000,909,312 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2008/09/02 16:58:46 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2008/09/02 17:01:53 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Jeff\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2008/08/29 21:56:05 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Jeff\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2012/01/10 15:16:39 | 004,713,472 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Jeff\Desktop\aswMBR.exe
[2012/01/10 06:24:12 | 000,770,776 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Jeff\Desktop\AutoDetectPkg.exe
[2012/01/10 16:50:47 | 004,377,322 | R--- | M] (Swearware) -- C:\Documents and Settings\Jeff\Desktop\ComboFix.exe
[2012/01/10 11:42:08 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Jeff\Desktop\k0yp574g.exe
[2012/01/10 10:51:31 | 010,847,608 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Jeff\Desktop\mbam-setup-1.60.0.1800.exe
[2012/01/10 17:41:00 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jeff\Desktop\OTL.exe
[2011/11/22 04:42:12 | 025,599,928 | ---- | M] () -- C:\Documents and Settings\Jeff\Desktop\SWTOR_setup.exe
[2012/01/10 14:57:25 | 001,972,528 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Jeff\Desktop\tdsskiller.exe
[2008/10/16 21:12:00 | 006,216,032 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Jeff\Desktop\windowsupdateagent30-x86.exe
[2011/07/20 06:13:30 | 001,266,056 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Jeff\Desktop\WindowsXP-KB927891.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2008/09/02 17:01:53 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Jeff\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2012/01/10 17:39:06 | 000,507,904 | ---- | M] () -- C:\Documents and Settings\Jeff\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2008/04/13 18:12:38 | 000,208,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/13 18:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2004/08/03 23:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2004/08/03 23:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2008/05/02 08:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/13 11:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/13 18:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2007/04/02 12:07:23 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2007/04/02 12:07:23 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2007/04/02 12:07:24 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2004/08/03 23:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/08/03 23:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


========== Alternate Data Streams ==========

@Alternate Data Stream - 60 bytes -> C:\Documents and Settings\Jeff\Desktop\Jeff Smith Resume - Cage Supervisor.docx:AFP_AfpInfo

< End of report >

 

[Dasle]

Extras.txt


OTL Extras logfile created on: 1/10/2012 5:42:17 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Jeff\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.37 Gb Available Physical Memory | 68.39% Memory free
3.85 Gb Paging File | 3.36 Gb Available in Paging File | 87.23% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 275.86 Gb Free Space | 59.23% Space Free | Partition Type: NTFS

Computer Name: PROJECT | User Name: Jeff | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabledxpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabledxpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008
"4481:TCP" = 4481:TCP:LocalSubNet:Enabled:BlackBerry Desktop Software music sync service data transfer
"4481:UDP" = 4481:UDP:LocalSubNet:Enabled:BlackBerry Desktop Software music sync service discovery
"4482:TCP" = 4482:TCP:LocalSubNet:Enabled:BlackBerry Desktop Software music sync service data transfer
"4482:UDP" = 4482:UDP:LocalSubNet:Enabled:BlackBerry Desktop Software music sync service discovery
"5985:TCP" = 5985:TCP:*isabled:Windows Remote Management

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Electronic Arts\BioWare\Star Wars-The Old Republic\launcher.exe" = C:\Program Files\Electronic Arts\BioWare\Star Wars-The Old Republic\launcher.exe:*:Enabled:Star Wars - The Old Republic -- (BioWare)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.)
"C:\Program Files\mIRC\mirc.exe" = C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC -- (mIRC Co. Ltd.)
"C:\Dynamix Mapping\TRIBES\Tribes.exe" = C:\Dynamix Mapping\TRIBES\Tribes.exe:*:Enabled:Tribes -- ()
"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- ()
"C:\Program Files\World of Warcraft\WoW-3.2.0-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.2.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\Launcher.exe" = C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe" = C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe:*:Enabled:BlackBerry Desktop Software -- (Research In Motion)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe" = C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe:*:Enabledaemonu.exe -- (NVIDIA Corporation)
"C:\Program Files\Electronic Arts\BioWare\Star Wars-The Old Republic\launcher.exe" = C:\Program Files\Electronic Arts\BioWare\Star Wars-The Old Republic\launcher.exe:*:Enabled:Star Wars - The Old Republic -- (BioWare)
"C:\Program Files\Electronic Arts\BioWare\Star Wars-The Old Republic\betatest\retailclient\swtor.exe" = C:\Program Files\Electronic Arts\BioWare\Star Wars-The Old Republic\betatest\retailclient\swtor.exe:*:Enabled:Star Wars: The Old Republic -- (BioWare, A Division of Electronic Arts)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0BC1A5B2-79A1-4716-B3E5-4071E9AB6F43}" = HP Photosmart C4500 All-In-One Driver 12.0 Rel .4
"{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}" = iSEEK AnswerWorks English Runtime
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
"{48D0B1A3-11AC-4A87-AFB2-2002CCB88B34}" = PS_AIO_04_C4580_Software_Min
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5FE545A1-D215-4216-9189-E7B39C9D1CC1}" = Quicken 2011
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{87A9A9A9-FAB7-4224-9328-0FA2058C0FD5}" = Network
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{92482FB3-C05B-41C6-89E7-75D985602A6E}" = System Requirements Lab
"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CCCFD9C-248F-47FE-9496-1680E3E5C163}" = Scan
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}" = Toolbox
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.7
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 285.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 285.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.95
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.24.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D25F26E6-7F37-4580-9E83-2BDD9BE9E0CE}" = BlackBerry Desktop Software 6.0
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 2.0" = Adobe Photoshop Elements 2.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"AOL Instant Messenger" = AOL Instant Messenger
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.0
"Chrome9HC" = VIA Chrome9 HC IGP Family Display 6.14.10.0133
"CompuServe us" = CompuServe
"ENTERPRISER" = Microsoft Office Enterprise 2007
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"ie8" = Windows Internet Explorer 8
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"JRE 1.3.1_02" = Java 2 Runtime Environment Standard Edition v1.3.1_02
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 8.0 (x86 en-US)" = Mozilla Firefox 8.0 (x86 en-US)
"NAV" = Norton AntiVirus
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Precision" = EVGA Precision 2.0.4
"RealPlayer 6.0" = RealPlayer Basic
"RollerCoaster Tycoon Setup" = Roll
"Starsiege TRIBES" = Starsiege TRIBES 1.8
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 1.1.11
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"World of Warcraft" = World of Warcraft
"Xvid_is1" = Xvid 1.1.3 final uninstall

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-682003330-507921405-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"TMM10R_3c23d8cc-c666-4a35-b84a-5371c1cb3f45" = TELL ME MORE

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/10/2012 11:24:22 AM | Computer Name = PROJECT | Source = MsiInstaller | ID = 11923
Description = Product: Ad-Aware -- Error 1923. Service 'Lavasoft Ad-Aware Service'
(Lavasoft Ad-Aware Service) could not be installed. Verify that you have sufficient
privileges to install system services.

Error - 1/10/2012 11:24:23 AM | Computer Name = PROJECT | Source = MsiInstaller | ID = 11923
Description = Product: Ad-Aware -- Error 1923. Service 'Lavasoft Ad-Aware Service'
(Lavasoft Ad-Aware Service) could not be installed. Verify that you have sufficient
privileges to install system services.

Error - 1/10/2012 11:42:36 AM | Computer Name = PROJECT | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 1/10/2012 12:34:50 PM | Computer Name = PROJECT | Source = MsiInstaller | ID = 11704
Description = Product: Ad-Aware -- Error 1704. An installation for Ad-Aware is currently
suspended. You must undo the changes made by that installation to continue. Do
you want to undo those changes?

Error - 1/10/2012 1:06:03 PM | Computer Name = PROJECT | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.

Error - 1/10/2012 1:51:56 PM | Computer Name = PROJECT | Source = Application Error | ID = 1004
Description = Faulting application svchost.exe, version 0.0.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x00000000.

Error - 1/10/2012 1:53:57 PM | Computer Name = PROJECT | Source = Application Hang | ID = 1002
Description = Hanging application hsplayer.exe, version 11.5.0.12, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 1/10/2012 2:00:25 PM | Computer Name = PROJECT | Source = Application Error | ID = 1004
Description = Faulting application svchost.exe, version 0.0.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x00000000.

Error - 1/10/2012 2:13:34 PM | Computer Name = PROJECT | Source = Application Error | ID = 1004
Description = Faulting application svchost.exe, version 0.0.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x00000000.

Error - 1/10/2012 2:18:01 PM | Computer Name = PROJECT | Source = Application Error | ID = 1001
Description = Fault bucket 00536409.

[ System Events ]
Error - 1/10/2012 2:11:41 PM | Computer Name = PROJECT | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 1/10/2012 4:55:12 PM | Computer Name = PROJECT | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 1/10/2012 4:55:12 PM | Computer Name = PROJECT | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 1/10/2012 4:55:12 PM | Computer Name = PROJECT | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 1/10/2012 4:55:12 PM | Computer Name = PROJECT | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.

Error - 1/10/2012 6:56:27 PM | Computer Name = PROJECT | Source = Service Control Manager | ID = 7034
Description = The EPSON V3 Service4(01) service terminated unexpectedly. It has
done this 1 time(s).

Error - 1/10/2012 7:03:04 PM | Computer Name = PROJECT | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 1/10/2012 7:04:20 PM | Computer Name = PROJECT | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AmdPPM BHDrvx86 eeCtrl Fips SRTSPX SymIRON SYMTDI

Error - 1/10/2012 7:04:40 PM | Computer Name = PROJECT | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 1/10/2012 7:07:11 PM | Computer Name = PROJECT | Source = Service Control Manager | ID = 7034
Description = The EPSON V3 Service4(01) service terminated unexpectedly. It has
done this 1 time(s).


< End of report >

 

[Broni]

Good news

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  O3 - HKU\S-1-5-21-682003330-507921405-839522115-1004\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
  O3 - HKU\S-1-5-21-682003330-507921405-839522115-1004\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
  O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
  [2012/01/10 07:02:55 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
  [2008/09/02 17:53:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
  [2008/11/07 22:06:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeff\Application Data\Viewpoint
  @Alternate Data Stream - 60 bytes -> C:\Documents and Settings\Jeff\Desktop\Jeff Smith Resume - Cage Supervisor.docx:AFP_AfpInfo
  
  :Commands
  [purity]
  [emptytemp]
  [emptyflash]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.

============================================================

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

• Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
• Accept any prompts.
• Do NOT post JavaRa log.

===============================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  
  NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner and run it on the computer with the issue.

• Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and paste the log to your reply.

3. Download Temp File Cleaner (TFC)

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

4. Please run a free online scan with the ESET Online Scanner

• Disable your antivirus program
• Tick the box next to YES, I accept the Terms of Use
• Click Start
• Accept any security warnings from your browser.
• Check Scan archives
• Click Start
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, click on List of found threats
• Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• NOTE. If Eset won't find any threats, it won't produce any log.

 

[Dasle]

Finished all of those steps. From what I can tell, everything is looking good. No threats were found with the ESETscan.

Second OTL Log:

All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-682003330-507921405-839522115-1004\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_USERS\S-1-5-21-682003330-507921405-839522115-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
C:\Program Files\AVG\AVG2012\awacs\speedtest\component folder moved successfully.
C:\Program Files\AVG\AVG2012\awacs\speedtest folder moved successfully.
C:\Program Files\AVG\AVG2012\awacs folder moved successfully.
C:\Program Files\AVG\AVG2012 folder moved successfully.
C:\Program Files\AVG folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint folder moved successfully.
C:\Documents and Settings\Jeff\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03 folder moved successfully.
C:\Documents and Settings\Jeff\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02 folder moved successfully.
C:\Documents and Settings\Jeff\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01 folder moved successfully.
C:\Documents and Settings\Jeff\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00 folder moved successfully.
C:\Documents and Settings\Jeff\Application Data\Viewpoint\Viewpoint Experience Technology\Resources folder moved successfully.
C:\Documents and Settings\Jeff\Application Data\Viewpoint\Viewpoint Experience Technology folder moved successfully.
C:\Documents and Settings\Jeff\Application Data\Viewpoint folder moved successfully.
ADS C:\Documents and Settings\Jeff\Desktop\Jeff Smith Resume - Cage Supervisor.docx:AFP_AfpInfo deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Jeff
->Temp folder emptied: 853 bytes
->Temporary Internet Files folder emptied: 1054964 bytes
->Java cache emptied: 4673 bytes
->FireFox cache emptied: 1117862992 bytes
->Flash cache emptied: 201691 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 8388742 bytes
->Flash cache emptied: 7356 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 8847494 bytes
->Flash cache emptied: 20766 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2162283 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 36261 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,086.00 mb


[EMPTYFLASH]

User: All Users

User: Default User

User: Jeff
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

User: UpdatusUser

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 01102012_182629

Files\Folders moved on Reboot...
C:\WINDOWS\temp\Perflib_Perfdata_6f0.dat moved successfully.

Registry entries deleted on Reboot...


***********************************************************************

Checkup:

Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
Norton AntiVirus
```````````````````````````````
Anti-malware/Other Utilities Check:
Java(TM) 6 Update 30
Adobe Flash Player 11.1.102.55
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Norton ccSvcHst.exe
``````````End of Log````````````


*****************************************************************

FSS:


Farbar Service Scanner
Ran by Jeff (administrator) on 10-01-2012 at 18:47:44
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
===========

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) PSched(7) SYMTDI(8) Tcpip(4)
0x09000000050000000100000002000000030000000400000008000000090000000600000007000000
IpSec Tag value is correct.

**** End of log ****

 

[Broni]

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following:

:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

• Double-click OTL.exe to start the program.
• Close all other programs apart from OTL as this step will require a reboot
• On the OTL main screen, press the CLEANUP button
• Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

13. Please, let me know, how your computer is doing.

 

[Dasle]

Good Afternoon!

I finally got through everything in your last post. The computer seems to be running like normal again, so thanks a ton! You've been a huge help.

Here is the log you requested:

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Jeff
->Temp folder emptied: 1712 bytes
->Temporary Internet Files folder emptied: 33174 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 18775554 bytes
->Flash cache emptied: 589 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 42302 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 56746 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 18.00 mb


[EMPTYFLASH]

User: All Users

User: Default User

User: Jeff
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

User: UpdatusUser

Total Flash Files Cleaned = 0.00 mb

Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.31.0 log created on 01112012_071102

Files\Folders moved on Reboot...
C:\WINDOWS\temp\Perflib_Perfdata_738.dat moved successfully.

Registry entries deleted on Reboot...

 

[Broni]

Yes!!

Good luck and stay safe