TechSpot

Malware won't run

By dirtyboy103us
Sep 2, 2010
  1. hi guys
    well i have been reading for 2 days and trying a bunch of stuff to get rid of redirecting virus and i have tried everything to no avail

    i have started the 8 steps and have not neen able to get malwarebytes to start it downloads and the set up works but then nothing, even when i try to start on icon

    where do i go now, and how do i get there, please help

    i Tried to not take up your time with this mess but i think i have probably made it worse
     
  2. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Welcome aboard [​IMG]

    Complete all steps, you can.
     
  3. dirtyboy103us

    dirtyboy103us TS Rookie Topic Starter Posts: 25

    GMER 1.0.15.15281 - http://www.gmer.net
    Rootkit scan 2010-09-03 23:53:05
    Windows 5.1.2600 Service Pack 3
    Running: lm3ukmzi.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\kwdoikod.sys


    ---- Kernel code sections - GMER 1.0.15 ----

    .rsrc C:\WINDOWS\system32\DRIVERS\redbook.sys entry point in ".rsrc" section [0xF76C2F94]

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

    Device -> \Driver\atapi \Device\Harddisk0\DR0 8A9F7ECC

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@start 1
    Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@type 1
    Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACllqlmyje.sys
    Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@group file system
    Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xE2 0x63 0x26 0xF1 ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x6A 0x9C 0xD6 0x61 ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0xFF 0x7C 0x85 0xE0 ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x86 0x8C 0x21 0x01 ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xCD 0x44 0xCD 0xB9 ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xDF 0x20 0x58 0x62 ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0xFB 0xA7 0x78 0xE6 ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0xAA 0x52 0xC6 0x00 ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xB2 0x46 0x9A 0xE2 ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0xB1 0xCD 0x45 0x5A ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0x2A 0xB7 0xCC 0xB5 ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0xFA 0xEA 0x66 0x7F ...

    ---- Files - GMER 1.0.15 ----

    File C:\WINDOWS\system32\DRIVERS\redbook.sys suspicious modification
    File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification

    ---- EOF - GMER 1.0.15 ----
     
  4. dirtyboy103us

    dirtyboy103us TS Rookie Topic Starter Posts: 25

    DDS (Ver_10-03-17.01) - NTFSx86
    Run by Owner at 0:47:14.77 on Sat 09/04/2010
    Internet Explorer: 8.0.6001.18702
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1309 [GMT -4:00]

    AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Toshiba\Tvs\TvsTray.exe
    C:\WINDOWS\system32\TPSMain.exe
    C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
    C:\WINDOWS\system32\dla\DLACTRLW.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
    C:\WINDOWS\system32\TDispVol.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Verizon\McciTrayApp.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    C:\WINDOWS\system32\RAMASST.exe
    C:\Sun\SDK\jdk\bin\javaw.exe
    C:\Program Files\Synaptics\SynTP\Toshiba.exe
    C:\Program Files\OpenOffice.org 2.1\program\soffice.exe
    C:\WINDOWS\system32\TPSBattM.exe
    C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\WINDOWS\system32\DVDRAMSV.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Motive\McciCMService.exe
    C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
    C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    svchost.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
    C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
    c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Owner\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://msn.com/
    uInternet Settings,ProxyServer = http=127.0.0.1:6522
    uInternet Settings,ProxyOverride = <local>
    BHO: TranslatorBar 1 Toolbar: {00bf7b9c-acd2-4080-bea8-b1c41987070f} - c:\program files\translatorbar_1\tbTran.dll
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
    BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
    BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: TranslatorBar 1 Toolbar: {00bf7b9c-acd2-4080-bea8-b1c41987070f} - c:\program files\translatorbar_1\tbTran.dll
    TB: {D0523BB4-21E7-11DD-9AB7-415B56D89593} - No File
    uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [Yahoo! Pager] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quiet
    uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    uRun: [jvvwhrlu] c:\documents and settings\owner\local settings\application data\mdelihtqq\dahbcdptssd.exe
    uRun: [wmsdk64_32.exe] c:\docume~1\owner\locals~1\temp\wmsdk64_32.exe
    uRun: [RegistryBooster] "c:\program files\uniblue\registrybooster\launcher.exe" delay 20000
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [THotkey] c:\program files\toshiba\toshiba applet\thotkey.exe
    mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
    mRun: [Tvs] c:\program files\toshiba\tvs\TvsTray.exe
    mRun: [TPSMain] TPSMain.exe
    mRun: [SmoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe
    mRun: [dla] c:\windows\system32\dla\DLACTRLW.exe
    mRun: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
    mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
    mRun: [USBToolTip] "c:\program files\pinnacle\shared files\\programs\usbtip\USBTip.exe"
    mRun: [TDispVol] TDispVol.exe
    mRun: [igfxtray] c:\windows\system32\igfxtray.exe
    mRun: [igfxpers] c:\windows\system32\igfxpers.exe
    mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
    mRun: [ehTray] c:\windows\ehome\ehtray.exe
    mRun: [AGRSMMSG] AGRSMMSG.exe
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
    mRun: [Verizon_McciTrayApp] "c:\program files\verizon\McciTrayApp.exe"
    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
    dRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe
    StartupFolder: c:\docume~1\owner\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 2.1\program\quickstart.exe
    StartupFolder: c:\docume~1\owner\startm~1\programs\startup\sdktra~1.lnk - c:\sun\sdk\jdk\bin\javaw.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\deskto~1.lnk - c:\program files\research in motion\blackberry\DesktopMgr.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ramasst.lnk - c:\windows\system32\RAMASST.exe
    dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
    dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    dPolicies-system: DisableTaskMgr = 1 (0x1)
    IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
    IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    DPF: Web-Based Email Tools - hxxp://email.secureserver.net/Download.CAB
    DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.0.cab
    DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
    DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab
    DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
    DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab
    DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
    DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
    DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - hxxp://driveragent.com/files/driveragent.cab
    DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.3.0.cab
    Notify: igfxcui - igfxdev.dll
    AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    LSA: Authentication Packages = msv1_0 nwprovau

    ============= SERVICES / DRIVERS ===============

    R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-9-2 11608]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-9-2 135336]
    R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-9-2 267432]
    R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-9-2 60936]
    R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
    R2 QuickBooksDB17;QuickBooksDB17;c:\progra~1\intuit\quickb~1\qbdbmgrn.exe -hvquickbooksdb17 --> c:\progra~1\intuit\quickb~1\QBDBMgrN.exe -hvQuickBooksDB17 [?]
    S1 uxlmjfxw;uxlmjfxw;\??\c:\windows\system32\drivers\uxlmjfxw.sys --> c:\windows\system32\drivers\uxlmjfxw.sys [?]
    S2 aawservice;Lavasoft Ad-Aware Service;"c:\program files\lavasoft\ad-aware\aawservice.exe" --> c:\program files\lavasoft\ad-aware\aawservice.exe [?]
    S2 gupdate1ca40e5bebe50f4;Google Update Service (gupdate1ca40e5bebe50f4);c:\program files\google\update\GoogleUpdate.exe [2009-9-29 133104]
    S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2006-5-13 30192]
    S3 SVRPEDRV;SVRPEDRV;\??\c:\docume~1\owner\locals~1\temp\rarsfx0\s10vwf\pedrv.sys --> c:\docume~1\owner\locals~1\temp\rarsfx0\s10vwf\PEDrv.sys [?]

    =============== Created Last 30 ================

    2010-09-03 18:53:59 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-09-03 18:53:57 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-09-03 18:53:57 0 d-----w- c:\program files\Malwarebytes' Anti-Malware3
    2010-09-02 12:02:08 0 d-----w- c:\docume~1\owner\applic~1\Avira
    2010-09-02 11:58:10 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2010-09-02 11:58:10 0 d-----w- c:\program files\Avira
    2010-09-02 11:58:10 0 d-----w- c:\docume~1\alluse~1\applic~1\Avira
    2010-09-02 11:41:54 0 d-----w- c:\docume~1\owner\applic~1\Uniblue
    2010-09-02 02:47:19 1088 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
    2010-09-01 22:40:09 0 d-----w- c:\docume~1\owner\applic~1\ElevatedDiagnostics
    2010-09-01 21:33:36 2607 ----a-w- C:\TIMSLINE.p10
    2010-09-01 12:04:22 0 d-----w- c:\program files\Malwarebytes' Anti-Malware2
    2010-08-31 12:26:43 0 d-----w- c:\docume~1\alluse~1\applic~1\STOPzilla!
    2010-08-31 11:05:30 0 d--h--w- c:\windows\system32\GroupPolicy
    2010-08-30 15:56:44 453 ----a-w- c:\program files\0830201011564409.bat
    2010-08-08 14:57:21 0 d-----w- C:\0beafcea724b194507f7ff04
    2010-08-05 21:52:23 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe

    ==================== Find3M ====================

    2010-08-20 17:08:38 17408 ----a-w- C:\psapi.dll
    2010-08-18 19:01:08 46 -c--a-w- c:\documents and settings\owner\jagex_runescape_preferences.dat
    2010-08-18 18:58:24 99 ----a-w- c:\documents and settings\owner\jagex_runescape_preferences2.dat
    2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
    2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys
    2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll
    2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\msxml3.dll
    2002-07-26 22:02:06 153088 -c--a-w- c:\program files\UNWISE.EXE
    2010-01-24 00:00:36 32768 -csha-w- c:\windows\system32\config\systemprofile\application data\microsoft\internet explorer\userdata\index.dat
    2010-01-25 05:40:23 245760 -csha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat
    2009-04-01 12:08:55 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009040120090402\index.dat
    2010-01-25 05:40:23 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012010011820100125\index.dat
    2010-01-25 05:40:23 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012010012520100126\index.dat

    ============= FINISH: 0:49:18.46 ===============
     
  5. dirtyboy103us

    dirtyboy103us TS Rookie Topic Starter Posts: 25

    part 1

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-03-17.01)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 2/9/2007 4:21:07 PM
    System Uptime: 9/3/2010 11:54:33 PM (1 hours ago)

    Motherboard: Intel Corporation | | CAPELL VALLEY(NAPA) CRB
    Processor: Intel(R) Core(TM)2 CPU T5500 @ 1.66GHz | U2E1 | 1662/mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 149 GiB total, 22.869 GiB free.
    D: is CDROM ()

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP1071: 6/6/2010 5:08:01 AM - System Checkpoint
    RP1072: 6/7/2010 8:56:17 PM - System Checkpoint
    RP1073: 6/9/2010 8:01:31 AM - System Checkpoint
    RP1074: 6/10/2010 8:16:45 AM - System Checkpoint
    RP1075: 6/11/2010 5:21:17 PM - System Checkpoint
    RP1076: 6/12/2010 11:02:26 PM - System Checkpoint
    RP1077: 6/14/2010 8:13:28 AM - System Checkpoint
    RP1078: 6/15/2010 5:40:14 PM - System Checkpoint
    RP1079: 6/16/2010 11:26:58 PM - System Checkpoint
    RP1080: 6/17/2010 1:53:09 PM - Configured Microsoft Office Small Business 2007 Trial
    RP1081: 6/17/2010 2:22:56 PM - Configured Microsoft Office Small Business 2007 Trial
    RP1082: 6/18/2010 4:13:35 PM - System Checkpoint
    RP1083: 6/20/2010 1:07:34 PM - System Checkpoint
    RP1084: 6/21/2010 1:27:10 PM - System Checkpoint
    RP1085: 6/22/2010 7:26:44 AM - Configured Microsoft Office Small Business 2007 Trial
    RP1086: 6/23/2010 11:56:09 AM - System Checkpoint
    RP1087: 6/23/2010 7:45:50 PM - Software Distribution Service 3.0
    RP1088: 6/25/2010 2:15:50 AM - System Checkpoint
    RP1089: 6/25/2010 7:56:55 AM - Configured Microsoft Office Small Business 2007 Trial
    RP1090: 6/26/2010 8:34:22 AM - System Checkpoint
    RP1091: 6/27/2010 7:37:15 AM - Software Distribution Service 3.0
    RP1092: 6/28/2010 8:28:47 AM - System Checkpoint
    RP1093: 6/29/2010 12:37:18 PM - System Checkpoint
    RP1094: 6/30/2010 10:37:36 PM - System Checkpoint
    RP1095: 7/2/2010 12:02:24 PM - System Checkpoint
    RP1096: 7/3/2010 12:50:29 PM - System Checkpoint
    RP1097: 7/5/2010 1:16:03 PM - System Checkpoint
    RP1098: 7/6/2010 3:15:08 PM - System Checkpoint
    RP1099: 7/7/2010 3:20:19 PM - System Checkpoint
    RP1100: 7/8/2010 11:30:24 PM - System Checkpoint
    RP1101: 7/10/2010 5:30:27 AM - System Checkpoint
    RP1102: 7/11/2010 11:30:28 AM - System Checkpoint
    RP1103: 7/12/2010 3:19:15 PM - System Checkpoint
    RP1104: 7/14/2010 2:16:38 AM - System Checkpoint
    RP1105: 7/15/2010 9:01:21 AM - System Checkpoint
    RP1106: 7/16/2010 1:35:16 PM - System Checkpoint
    RP1107: 7/17/2010 7:36:22 PM - System Checkpoint
    RP1108: 7/19/2010 1:35:21 AM - System Checkpoint
    RP1109: 7/20/2010 5:07:21 AM - System Checkpoint
    RP1110: 7/21/2010 11:07:29 AM - System Checkpoint
    RP1111: 7/22/2010 2:08:05 PM - System Checkpoint
    RP1112: 7/23/2010 9:32:29 PM - System Checkpoint
    RP1113: 7/25/2010 3:32:37 AM - System Checkpoint
    RP1114: 7/26/2010 11:53:37 AM - System Checkpoint
    RP1115: 7/27/2010 4:35:22 PM - System Checkpoint
    RP1116: 7/28/2010 5:14:40 PM - System Checkpoint
    RP1117: 7/29/2010 11:03:17 PM - System Checkpoint
    RP1118: 7/31/2010 5:03:22 AM - System Checkpoint
    RP1119: 8/1/2010 11:04:28 AM - System Checkpoint
    RP1120: 8/2/2010 6:35:32 PM - System Checkpoint
    RP1121: 8/3/2010 11:03:37 PM - System Checkpoint
    RP1122: 8/5/2010 5:03:40 AM - System Checkpoint
    RP1123: 8/7/2010 9:37:39 PM - System Checkpoint
    RP1124: 8/8/2010 10:29:08 AM - Software Distribution Service 3.0
    RP1125: 8/8/2010 10:56:19 AM - Software Distribution Service 3.0
    RP1126: 8/8/2010 12:09:08 PM - Software Distribution Service 3.0
    RP1127: 1/8/2009 11:38:10 AM - Restore Operation
    RP1128: 1/8/2009 4:13:38 PM - Restore Operation
    RP1129: 8/9/2010 12:22:24 AM - Removed Trend Micro AntiVirus.
    RP1130: 8/10/2010 6:34:06 AM - System Checkpoint
    RP1131: 8/11/2010 12:44:50 PM - System Checkpoint
    RP1132: 8/12/2010 6:34:14 PM - System Checkpoint
    RP1133: 8/13/2010 10:07:25 PM - System Checkpoint
    RP1134: 8/14/2010 4:41:49 AM - Software Distribution Service 3.0
    RP1135: 8/15/2010 4:51:43 PM - System Checkpoint
    RP1136: 8/16/2010 6:12:38 PM - System Checkpoint
    RP1137: 8/18/2010 11:39:46 AM - System Checkpoint
    RP1138: 8/19/2010 4:19:50 PM - System Checkpoint
    RP1139: 8/20/2010 10:13:22 PM - System Checkpoint
    RP1140: 8/21/2010 4:41:42 PM - Removed hp officejet v series
    RP1141: 8/22/2010 6:44:35 PM - System Checkpoint
    RP1142: 8/24/2010 12:13:49 AM - System Checkpoint
    RP1143: 8/25/2010 6:13:57 AM - System Checkpoint
    RP1144: 8/26/2010 12:14:16 PM - System Checkpoint
    RP1145: 8/27/2010 7:27:50 PM - System Checkpoint
    RP1146: 8/29/2010 3:58:56 PM - System Checkpoint
    RP1147: 8/31/2010 7:07:47 AM - Restore Operation
    RP1148: 8/31/2010 7:25:58 AM - avast! Free Antivirus Setup
    RP1149: 8/31/2010 7:34:42 AM - avast! Pro Antivirus Setup
    RP1150: 8/31/2010 8:26:27 AM - Installed STOPzilla. Available with Windows Installer version 1.2 and later.
    RP1151: 9/1/2010 6:27:21 PM - Software Distribution Service 3.0
    RP1152: 9/1/2010 6:34:13 PM - Installed %1 %2.
    RP1153: 9/2/2010 6:56:36 AM - Removed STOPzilla. Available with Windows Installer version 1.2 and later.
    RP1154: 9/2/2010 7:19:34 AM - avast! Pro Antivirus Setup
    RP1155: 9/2/2010 7:29:39 AM - Removed Thunder Screenreader
    RP1156: 9/2/2010 7:30:34 AM - Removed WebbIE 3 and Accessible Programs
    RP1157: 9/3/2010 10:29:58 AM - System Checkpoint

    ==== Installed Programs ======================

    Adobe Flash Player 10 ActiveX
    Adobe Reader 7.1.0
    Adobe Shockwave Player 11.5
    Avira AntiVir Personal - Free Antivirus
    BlackBerry Desktop Software 5.0.1
    BlackBerry® Media Sync
    Blackhawk Striker 2
    Blasterball 2 Revolution
    Bluetooth Stack for Windows by Toshiba
    CD/DVD Drive Acoustic Silencer
    Chilly
    Chuzzle Deluxe
    Compressor Performance Calculator
    Critical Update for Windows Media Player 11 (KB959772)
    DanCap
    Danfoss RS+3
    Desktop Dialer
    DiscAPI (Studio 10)
    DivX Web Player
    DVD-RAM Driver
    EPSON Printer Software
    ESPNMotion
    FATE
    GemMaster Mystic
    Google Chrome
    Google Desktop
    Google Toolbar for Internet Explorer
    Google Update Helper
    High Definition Audio Driver Package - KB888111
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 10 (KB903157)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    ieSpell
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) PRO Network Connections Drivers
    Intel(R) PROSet/Wireless Software
    InterVideo WinDVD Creator 2
    InterVideo WinDVD for TOSHIBA
    Java Platform, Enterprise Edition 5 SDK
    Java(TM) 6 Update 15
    Java(TM) 6 Update 7
    Learning QuickBooks 2007
    Mah Jong Quest
    Malwarebytes' Anti-Malware
    mCore
    mDrWiFi
    mHelp
    Microsoft .NET Framework 1.0 Hotfix (KB953295)
    Microsoft .NET Framework 1.0 Hotfix (KB979904)
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office 2003 Web Components
    Microsoft Office Accounting 2007
    Microsoft Office Accounting ADP Payroll Addin
    Microsoft Office Accounting Equifax Addin
    Microsoft Office Accounting Fixed Asset Manager
    Microsoft Office Accounting PayPal Addin
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Excel Viewer 2003
    Microsoft Office OneNote 2003
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Small Business 2007
    Microsoft Office Small Business 2007 Trial
    Microsoft Office Small Business Connectivity Components
    Microsoft Office Standard Edition 2003
    Microsoft Office Word MUI (English) 2007
    Microsoft Software Update for Web Folders (English) 12
    Microsoft SQL Server 2005
    Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
    Microsoft SQL Server Desktop Engine (PINNACLESYS)
    Microsoft SQL Server Native Client
    Microsoft SQL Server Setup Support Files (English)
    Microsoft SQL Server VSS Writer
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Works
    mIWA
    mLogView
    mMHouse
    Motherboard Monitor 5
    mPfMgr
    mPfWiz
    mProSafe
    MSN
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    MSXML 6 Service Pack 2 (KB954459)
    mWlsSafe
    mXML
    mZConfig
    Office 2003 Trial Assistant
    OpenOffice.org 2.1
    Otto
    Penguins!
    Petersons
    Picasa 2
    Pinnacle Instant DVD Recorder
    Pinnacle MediaServer
    Pixelfusion WMP Plugin 1.60
    Polar Bowler
    Polar Golfer
    QuickBooks Pro 2007
    QuickBooks Product Listing Service
    QuickTime
    RAPID (Studio 10)
     
  6. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    You're infected with a rootkit....

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  7. dirtyboy103us

    dirtyboy103us TS Rookie Topic Starter Posts: 25

    part 2

    RealNetworks - Microsoft Visual C++ 2005 Runtime
    RealPlayer
    Realtek High Definition Audio Driver
    SCRABBLE
    Scrabble Blast Deluxe
    SD Secure Module
    Security Update for Windows Internet Explorer 7 (KB928090)
    Security Update for Windows Internet Explorer 7 (KB929969)
    Security Update for Windows Internet Explorer 7 (KB931768)
    Security Update for Windows Internet Explorer 7 (KB933566)
    Security Update for Windows Internet Explorer 7 (KB937143)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB939653)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Internet Explorer 7 (KB972260)
    Security Update for Windows Internet Explorer 7 (KB974455)
    Security Update for Windows Internet Explorer 7 (KB976325)
    Security Update for Windows Internet Explorer 7 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    SmartSound Quicktracks Plugin
    Sonic DLA
    Sonic Encoders
    Sonic RecordNow!
    StanrefProHX 06-01-2008
    Studio 10
    Studio 10 Bonus DVD
    SupportSoft Assisted Service
    Synaptics Pointing Device Driver
    Temperature Converter
    Texas Instruments PCIxx21/x515/xx12 drivers.
    TIPCI
    TOSHIBA Assist
    TOSHIBA ConfigFree
    TOSHIBA Controls
    TOSHIBA Game Console
    TOSHIBA Hotkey Utility
    Toshiba Media Center Game Console
    TOSHIBA PC Diagnostic Tool
    TOSHIBA Power Saver
    Toshiba Registration
    TOSHIBA SD Memory Card Format
    TOSHIBA Software Modem
    TOSHIBA Software Upgrades
    TOSHIBA Speech System Applications
    TOSHIBA Speech System SR Engine(U.S.) Version1.0
    TOSHIBA Speech System TTS Engine(U.S.) Version1.0
    TOSHIBA TouchPad ON/Off Utility
    TOSHIBA TV Tuner 4.0.12.73
    TOSHIBA Utilities
    TOSHIBA Virtual Sound
    TOSHIBA Zooming Utility
    TranslatorBar 1 Toolbar
    TVAnts 1.0
    Unity Web Player
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 7 (KB976749)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows Media Player 10 (KB910393)
    Update for Windows Media Player 10 (KB913800)
    Update for Windows Media Player 10 (KB926251)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Update Rollup 2 for Windows XP Media Center Edition 2005
    Verizon Help and Support Tool
    VeryPDF PDF2Word v3.0
    Viewpoint Media Player
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    Vz In Home Agent
    WebFldrs XP
    WildTangent Web Driver
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Live OneCare safety scanner
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows PowerShell(TM) 1.0
    Windows XP Media Center Edition 2005 KB888316
    Windows XP Media Center Edition 2005 KB894553
    Windows XP Media Center Edition 2005 KB895678
    Windows XP Media Center Edition 2005 KB973768
    Windows XP Service Pack 3
    Yahoo! Browser Services
    Yahoo! Install Manager
    Yahoo! Internet Mail
    Yahoo! Messenger
    Yahoo! Music Jukebox
    Yahoo! Toolbar

    ==== Event Viewer Messages From Past Week ========

    9/3/2010 9:05:36 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD avgio avipbb Fips intelppm IPSec mbmiodrvr MRxSmb NetBIOS NetBT PCLEPCI RasAcd Rdbss ssmdrv Tcpip Tcpip6
    9/3/2010 2:42:44 PM, error: Service Control Manager [7031] - The Avira AntiVir Guard service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
    9/3/2010 2:42:39 PM, error: Service Control Manager [7031] - The Avira AntiVir Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
    9/2/2010 12:28:42 PM, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    9/1/2010 8:46:30 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service ntmssvc with arguments "-Service" in order to run the server: {D61A27C6-8F53-11D0-BFA0-00A024151983}
    9/1/2010 8:39:35 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the ConfigFree Service service to connect.
    9/1/2010 8:04:09 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 aswSnx aswSP aswTdi Fips intelppm KR10N mbmiodrvr ohci1394 PCLEPCI
    9/1/2010 5:30:53 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 aswSnx aswSP aswTdi avgio avipbb Fips intelppm KR10N mbmiodrvr ohci1394 PCLEPCI ssmdrv
    9/1/2010 5:20:21 PM, error: Service Control Manager [7024] - The SQL Server (MSSMLBIZ) service terminated with service-specific error 1814 (0x716).
    9/1/2010 5:20:21 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the QuickBooks Database Manager Service service to connect.
    9/1/2010 5:10:36 PM, error: Service Control Manager [7034] - The Pinnacle Systems Media Service service terminated unexpectedly. It has done this 1 time(s).
    9/1/2010 5:10:35 PM, error: Service Control Manager [7034] - The TOSHIBA Application Service service terminated unexpectedly. It has done this 1 time(s).
    9/1/2010 5:10:33 PM, error: Service Control Manager [7034] - The Swupdtmr service terminated unexpectedly. It has done this 1 time(s).
    9/1/2010 5:10:33 PM, error: Service Control Manager [7034] - The SQL Server (MSSMLBIZ) service terminated unexpectedly. It has done this 1 time(s).
    9/1/2010 5:10:33 PM, error: Service Control Manager [7034] - The MSSQL$PINNACLESYS service terminated unexpectedly. It has done this 1 time(s).
    9/1/2010 5:10:32 PM, error: Service Control Manager [7034] - The QuickBooks Database Manager Service service terminated unexpectedly. It has done this 1 time(s).
    9/1/2010 5:10:32 PM, error: Service Control Manager [7034] - The Intel(R) PROSet/Wireless Registry Service service terminated unexpectedly. It has done this 1 time(s).
    9/1/2010 5:10:31 PM, error: Service Control Manager [7034] - The McciCMService service terminated unexpectedly. It has done this 1 time(s).
    9/1/2010 5:10:31 PM, error: Service Control Manager [7034] - The EPSON V3 Service4(01) service terminated unexpectedly. It has done this 1 time(s).
    9/1/2010 5:10:30 PM, error: Service Control Manager [7034] - The DVD-RAM_Service service terminated unexpectedly. It has done this 1 time(s).
    9/1/2010 5:10:26 PM, error: Service Control Manager [7031] - The AOL TopSpeed Monitor service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    9/1/2010 5:10:24 PM, error: Service Control Manager [7034] - The Intel(R) PROSet/Wireless Service service terminated unexpectedly. It has done this 1 time(s).
    9/1/2010 5:10:24 PM, error: Service Control Manager [7034] - The Intel(R) PROSet/Wireless Event Log service terminated unexpectedly. It has done this 1 time(s).
    9/1/2010 10:42:01 PM, error: Service Control Manager [7034] - The ConfigFree Service service terminated unexpectedly. It has done this 1 time(s).
    8/31/2010 8:33:54 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: KR10N
    8/31/2010 6:50:10 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the SQL Server (MSSMLBIZ) service to connect.
    8/31/2010 6:50:10 AM, error: Service Control Manager [7000] - The SQL Server (MSSMLBIZ) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    8/30/2010 8:40:41 AM, error: RemoteAccess [20106] - Unable to add the interface {E8944181-3B5B-4CFB-944B-CD632302E395} with the Router Manager for the IP protocol. The following error occurred: Cannot complete this function.
    8/30/2010 11:36:49 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 aswSP aswTdi Fips intelppm mbmiodrvr PCLEPCI
    8/30/2010 11:07:48 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Lavasoft Ad-Aware Service service to connect.
    8/30/2010 11:07:48 AM, error: Service Control Manager [7000] - The DgiVecp service failed to start due to the following error: The system cannot find the file specified.
    8/30/2010 11:05:39 AM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
    8/30/2010 11:05:39 AM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
    8/29/2010 6:49:22 AM, error: Service Control Manager [7022] - The Pinnacle Systems Media Service service hung on starting.
    8/29/2010 6:23:02 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
    8/29/2010 10:41:04 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
    8/29/2010 10:39:43 AM, error: Service Control Manager [7034] - The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s).
    8/28/2010 3:46:11 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    8/28/2010 3:46:05 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
    8/28/2010 1:40:04 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
    8/28/2010 1:38:39 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD aswSP aswTdi Fips intelppm IPSec mbmiodrvr MRxSmb NetBIOS NetBT PCLEPCI RasAcd Rdbss Tcpip Tcpip6
    8/28/2010 1:38:39 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
    8/28/2010 1:38:39 PM, error: Service Control Manager [7001] - The IPv6 Helper Service service depends on the Microsoft IPv6 Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    8/28/2010 1:38:39 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
    8/28/2010 1:38:39 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    8/28/2010 1:38:39 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.

    ==== End Of File ===========================
     
  8. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    We posted at the same time, so I'm not sure, if you saw my previous reply....
     
  9. dirtyboy103us

    dirtyboy103us TS Rookie Topic Starter Posts: 25

    i hope i did this right and thanks for the help
     
  10. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    You did fine.
    Make sure to read my reply #6.
     
  11. dirtyboy103us

    dirtyboy103us TS Rookie Topic Starter Posts: 25

    wow that was amazing
     
  12. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    What was?...LOL
     
  13. dirtyboy103us

    dirtyboy103us TS Rookie Topic Starter Posts: 25

    i didn't even finish posting and you had the cure

    C:\WINDOWS\system32\DRIVERS\usbhub.sys
    2010/09/04 01:15:05.0602 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    2010/09/04 01:15:05.0649 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    2010/09/04 01:15:05.0696 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    2010/09/04 01:15:05.0758 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    2010/09/04 01:15:05.0836 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    2010/09/04 01:15:05.0977 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    2010/09/04 01:15:06.0133 w39n51 (b1f126e7e28877106d60e6ff3998d033) C:\WINDOWS\system32\DRIVERS\w39n51.sys
    2010/09/04 01:15:06.0305 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    2010/09/04 01:15:06.0383 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
    2010/09/04 01:15:06.0446 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    2010/09/04 01:15:06.0508 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
    2010/09/04 01:15:06.0555 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    2010/09/04 01:15:06.0633 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    2010/09/04 01:15:06.0774 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    2010/09/04 01:15:06.0852 ================================================================================
    2010/09/04 01:15:06.0852 Scan finished
    2010/09/04 01:15:06.0852 ================================================================================
    2010/09/04 01:15:06.0852 Detected object count: 1
    2010/09/04 01:15:39.0774 redbook (ac144fee380b4cda31b8247beccee1d6) C:\WINDOWS\system32\DRIVERS\redbook.sys
    2010/09/04 01:15:39.0774 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\redbook.sys. Real md5: ac144fee380b4cda31b8247beccee1d6, Fake md5: f828dd7e1419b6653894a8f97a0094c5
    2010/09/04 01:15:40.0821 Backup copy found, using it..
    2010/09/04 01:15:40.0836 C:\WINDOWS\system32\DRIVERS\redbook.sys - will be cured after reboot
    2010/09/04 01:15:40.0836 Rootkit.Win32.TDSS.tdl3(redbook) - User select action: Cure
    2010/09/04 01:15:55.0024 Deinitialize success
     
  14. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Haha....

    1. Delete your GMER file, download new one and post fresh log.

    2. Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.

    3. Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  15. dirtyboy103us

    dirtyboy103us TS Rookie Topic Starter Posts: 25

    GMER 1.0.15.15281 - http://www.gmer.net
    Rootkit scan 2010-09-05 00:58:11
    Windows 5.1.2600 Service Pack 3
    Running: nn3dfywv.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\kwdoikod.sys


    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@start 1
    Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@type 1
    Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACllqlmyje.sys
    Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@group file system
    Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xE2 0x63 0x26 0xF1 ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x6A 0x9C 0xD6 0x61 ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0xFF 0x7C 0x85 0xE0 ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x86 0x8C 0x21 0x01 ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xCD 0x44 0xCD 0xB9 ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xDF 0x20 0x58 0x62 ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0xFB 0xA7 0x78 0xE6 ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0xAA 0x52 0xC6 0x00 ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xB2 0x46 0x9A 0xE2 ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0xB1 0xCD 0x45 0x5A ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0x2A 0xB7 0xCC 0xB5 ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0xFA 0xEA 0x66 0x7F ...

    ---- EOF - GMER 1.0.15 ----
     
  16. dirtyboy103us

    dirtyboy103us TS Rookie Topic Starter Posts: 25

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows XP Professional
    Windows Information: Service Pack 3 (build 2600)
    Logical Drives Mask: 0x0000000c

    Kernel Drivers (total 164):
    0x804D7000 \WINDOWS\system32\ntoskrnl.exe
    0x806FF000 \WINDOWS\system32\hal.dll
    0xF7987000 \WINDOWS\system32\KDCOM.DLL
    0xF7897000 \WINDOWS\system32\BOOTVID.dll
    0xF75A8000 ACPI.sys
    0xF7989000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
    0xF7597000 pci.sys
    0xF75F7000 isapnp.sys
    0xF7607000 ohci1394.sys
    0xF7617000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
    0xF789B000 compbatt.sys
    0xF789F000 \WINDOWS\system32\DRIVERS\BATTC.SYS
    0xF7A4F000 pciide.sys
    0xF7707000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    0xF74D9000 pcmcia.sys
    0xF7627000 MountMgr.sys
    0xF74BA000 ftdisk.sys
    0xF798B000 dmload.sys
    0xF7494000 dmio.sys
    0xF78A3000 ACPIEC.sys
    0xF7A50000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
    0xF770F000 PartMgr.sys
    0xF7637000 VolSnap.sys
    0xF747C000 atapi.sys
    0xF744A000 KR10N.sys
    0xF7432000 \WINDOWS\system32\drivers\SCSIPORT.SYS
    0xF7647000 disk.sys
    0xF7657000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    0xF7412000 fltmgr.sys
    0xF7400000 sr.sys
    0xF7881000 DRVMCDB.SYS
    0xF7667000 PxHelp20.sys
    0xBA7E9000 KSecDD.sys
    0xBA75C000 Ntfs.sys
    0xBA72F000 NDIS.sys
    0xBA715000 Mup.sys
    0xF7687000 \SystemRoot\system32\DRIVERS\nic1394.sys
    0xF792B000 \SystemRoot\system32\DRIVERS\tunmp.sys
    0xBA635000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0xF792F000 \SystemRoot\system32\DRIVERS\CmBatt.sys
    0xB94F3000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
    0xB94DF000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    0xB94B7000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0xB935A000 \SystemRoot\system32\DRIVERS\w39n51.sys
    0xB9D43000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0xB9336000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0xB9D3B000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0xB930E000 \SystemRoot\system32\drivers\tifm21.sys
    0xB92FA000 \SystemRoot\system32\DRIVERS\sdbus.sys
    0xB92D2000 \SystemRoot\system32\DRIVERS\e100b325.sys
    0xBA625000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0xB9D33000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0xB92A3000 \SystemRoot\system32\DRIVERS\SynTP.sys
    0xF79D1000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0xB9D2B000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0xBA615000 \SystemRoot\system32\DRIVERS\imapi.sys
    0xF7747000 \SystemRoot\System32\Drivers\ASAPIW2K.sys
    0xF774F000 \SystemRoot\system32\drivers\iviaspi.sys
    0xF7933000 \SystemRoot\system32\drivers\pfc.sys
    0xF79D3000 \SystemRoot\System32\Drivers\DLACDBHM.SYS
    0xBA605000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0xF7697000 \SystemRoot\system32\DRIVERS\redbook.sys
    0xB9280000 \SystemRoot\system32\DRIVERS\ks.sys
    0xF7AA2000 \SystemRoot\system32\DRIVERS\audstub.sys
    0xF79D5000 \SystemRoot\System32\Drivers\RootMdm.sys
    0xF77C7000 \SystemRoot\System32\Drivers\Modem.SYS
    0xF76A7000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0xF794B000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0xB9269000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0xF76B7000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0xF76C7000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0xF77CF000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0xB9258000 \SystemRoot\system32\DRIVERS\psched.sys
    0xF76D7000 \SystemRoot\system32\DRIVERS\msgpc.sys
    0xF77DF000 \SystemRoot\system32\DRIVERS\ptilink.sys
    0xF77E7000 \SystemRoot\system32\DRIVERS\raspti.sys
    0xF77EF000 \SystemRoot\system32\DRIVERS\RimSerial.sys
    0xB9228000 \SystemRoot\system32\DRIVERS\rdpdr.sys
    0xF76F7000 \SystemRoot\system32\DRIVERS\termdd.sys
    0xF79D9000 \SystemRoot\system32\DRIVERS\swenum.sys
    0xB91A2000 \SystemRoot\system32\DRIVERS\update.sys
    0xBA6D5000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0xB9174000 \SystemRoot\system32\DRIVERS\MarvinBus.sys
    0xBA6D1000 \SystemRoot\system32\DRIVERS\tbiosdrv.sys
    0xF79DB000 \SystemRoot\system32\DRIVERS\NBSMI.sys
    0xF7587000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0xA8C05000 \SystemRoot\system32\drivers\RtkHDAud.sys
    0xA8BE1000 \SystemRoot\system32\drivers\portcls.sys
    0xF7547000 \SystemRoot\system32\drivers\drmk.sys
    0xF7537000 \SystemRoot\system32\DRIVERS\Tvs.sys
    0xF77FF000 \SystemRoot\system32\DRIVERS\tsxt_kern_i386.sys
    0xF780F000 \SystemRoot\system32\DRIVERS\wowhd_kern_i386.sys
    0xF7527000 \SystemRoot\system32\DRIVERS\csiidecoder_kern_i386.sys
    0xA89B7000 \SystemRoot\system32\DRIVERS\AGRSM.sys
    0xBA695000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0xF7993000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0xB9DB0000 \SystemRoot\System32\Drivers\Null.SYS
    0xF7995000 \SystemRoot\System32\Drivers\Beep.SYS
    0xB9D6B000 \SystemRoot\System32\Drivers\DLARTL_N.SYS
    0xB9D63000 \SystemRoot\System32\drivers\vga.sys
    0xF7997000 \SystemRoot\System32\Drivers\mnmdd.SYS
    0xF7999000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0xA8870000 \SystemRoot\System32\Drivers\meiudf.sys
    0xA885F000 \SystemRoot\System32\Drivers\Udfs.SYS
    0xB9D5B000 \SystemRoot\System32\Drivers\Msfs.SYS
    0xB9D53000 \SystemRoot\System32\Drivers\Npfs.SYS
    0xBA6E9000 \SystemRoot\system32\DRIVERS\rasacd.sys
    0xA884C000 \SystemRoot\system32\DRIVERS\ipsec.sys
    0xA87F3000 \SystemRoot\system32\DRIVERS\tcpip.sys
    0xA873A000 \SystemRoot\system32\DRIVERS\netbt.sys
    0xA8714000 \SystemRoot\system32\DRIVERS\ipnat.sys
    0xA86DC000 \SystemRoot\system32\DRIVERS\tcpip6.sys
    0xBA665000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0xA8692000 \SystemRoot\System32\drivers\afd.sys
    0xBA655000 \SystemRoot\system32\drivers\ip6fw.sys
    0xBA645000 \SystemRoot\system32\DRIVERS\netbios.sys
    0xB9D4B000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
    0xA8667000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0xB9204000 \??\C:\WINDOWS\system32\drivers\pclepci.sys
    0xBA1C7000 \SystemRoot\system32\DRIVERS\arp1394.sys
    0xA85F7000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0xF7AAE000 \??\C:\WINDOWS\system32\mbmiodrvr.sys
    0xBA1B7000 \SystemRoot\System32\Drivers\Fips.SYS
    0xA85D5000 \SystemRoot\system32\DRIVERS\avipbb.sys
    0xF79A5000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
    0xA7611000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0xF79FF000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
    0xBF800000 \SystemRoot\System32\win32k.sys
    0xA7D34000 \SystemRoot\System32\drivers\Dxapi.sys
    0xA7CB0000 \SystemRoot\System32\watchdog.sys
    0xBF000000 \SystemRoot\System32\drivers\dxg.sys
    0xA779B000 \SystemRoot\System32\drivers\dxgthk.sys
    0xBF020000 \SystemRoot\System32\ialmdnt5.dll
    0xBF012000 \SystemRoot\System32\ialmrnt5.dll
    0xBF042000 \SystemRoot\System32\ialmdev5.DLL
    0xBF077000 \SystemRoot\System32\ialmdd5.DLL
    0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
    0xA7584000 \SystemRoot\system32\DRIVERS\avgntflt.sys
    0xA77DD000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
    0xA83DC000 \SystemRoot\System32\DLA\DLADResN.SYS
    0xA7546000 \SystemRoot\System32\DLA\DLAIFS_M.SYS
    0xA75F9000 \SystemRoot\System32\DLA\DLAOPIOM.SYS
    0xF79B3000 \SystemRoot\System32\DLA\DLAPoolM.SYS
    0xA7786000 \SystemRoot\System32\DLA\DLABOIOM.SYS
    0xA752E000 \SystemRoot\System32\DLA\DLAUDFAM.SYS
    0xA7518000 \SystemRoot\System32\DLA\DLAUDF_M.SYS
    0xA776E000 \SystemRoot\system32\DRIVERS\AegisP.sys
    0xA74B2000 \SystemRoot\system32\DRIVERS\nwlnkipx.sys
    0xBA167000 \SystemRoot\system32\DRIVERS\nwlnknb.sys
    0xA757C000 \SystemRoot\system32\DRIVERS\s24trans.sys
    0xA7568000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0xA7564000 \SystemRoot\system32\DRIVERS\netdevio.sys
    0xA73C2000 \SystemRoot\system32\DRIVERS\nwrdr.sys
    0xA7395000 \SystemRoot\system32\DRIVERS\mrxdav.sys
    0xA72B4000 \SystemRoot\System32\Drivers\HTTP.sys
    0xA7145000 \SystemRoot\system32\DRIVERS\srv.sys
    0xA707D000 \SystemRoot\system32\DRIVERS\nwlnkspx.sys
    0xA702D000 \SystemRoot\System32\Drivers\Cdfs.SYS
    0xF7807000 \SystemRoot\system32\DRIVERS\nwlnkfwd.sys
    0xA69F9000 \SystemRoot\system32\DRIVERS\nwlnkflt.sys
    0xA67D0000 \SystemRoot\system32\drivers\wdmaud.sys
    0xA6825000 \SystemRoot\system32\drivers\sysaudio.sys
    0xA5CF0000 \SystemRoot\system32\drivers\kmixer.sys
    0x7C900000 \WINDOWS\system32\ntdll.dll

    Processes (total 78):
    0 System Idle Process
    4 System
    1000 C:\WINDOWS\system32\smss.exe
    1048 csrss.exe
    1076 C:\WINDOWS\system32\winlogon.exe
    1124 C:\WINDOWS\system32\services.exe
    1136 C:\WINDOWS\system32\lsass.exe
    1352 C:\WINDOWS\system32\svchost.exe
    1424 svchost.exe
    1468 C:\WINDOWS\system32\svchost.exe
    1592 C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    1628 C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    1728 svchost.exe
    1840 svchost.exe
    172 C:\WINDOWS\system32\spoolsv.exe
    236 C:\Program Files\Avira\AntiVir Desktop\sched.exe
    320 svchost.exe
    832 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    852 C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    904 C:\WINDOWS\system32\DVDRAMSV.exe
    920 C:\WINDOWS\ehome\ehrecvr.exe
    956 C:\WINDOWS\ehome\ehSched.exe
    976 C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
    1032 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    1496 C:\WINDOWS\system32\svchost.exe
    1528 C:\Program Files\Java\jre6\bin\jqs.exe
    1600 C:\Program Files\Common Files\Motive\McciCMService.exe
    1704 C:\Program Files\Google\Update\GoogleUpdate.exe
    1660 sqlservr.exe
    1968 C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
    712 C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    840 C:\Program Files\Intuit\QuickBooks 2007\QBDBMgrN.exe
    912 C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    1692 sqlbrowser.exe
    2052 svchost.exe
    2124 C:\WINDOWS\system32\svchost.exe
    2160 C:\TOSHIBA\IVP\swupdate\swupdtmr.exe
    2188 C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
    2296 mcrdsvc.exe
    2528 C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
    2632 wmpnetwk.exe
    3212 C:\WINDOWS\system32\dllhost.exe
    3336 alg.exe
    4088 C:\WINDOWS\explorer.exe
    660 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    664 C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe
    3916 C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
    4036 C:\WINDOWS\system32\TPSMain.exe
    400 C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
    696 C:\WINDOWS\system32\DLA\DLACTRLW.EXE
    196 C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
    2168 C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
    2184 C:\WINDOWS\system32\TDispVol.exe
    4080 C:\WINDOWS\system32\TPSBattM.exe
    2424 C:\WINDOWS\system32\igfxpers.exe
    2640 C:\WINDOWS\system32\hkcmd.exe
    2912 C:\WINDOWS\ehome\ehtray.exe
    1828 C:\WINDOWS\agrsmmsg.exe
    2684 C:\Program Files\Java\jre6\bin\jusched.exe
    2384 C:\Program Files\Verizon\McciTrayApp.exe
    3072 C:\WINDOWS\ehome\ehmsas.exe
    3076 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    3096 C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
    3140 C:\WINDOWS\system32\ctfmon.exe
    3104 C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
    2420 C:\Program Files\Synaptics\SynTP\Toshiba.exe
    3236 C:\Program Files\Messenger\msmsgs.exe
    3332 C:\Program Files\Windows Media Player\wmpnscfg.exe
    1284 C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    3572 C:\WINDOWS\system32\RAMASST.exe
    1020 C:\Sun\SDK\jdk\bin\javaw.exe
    3660 C:\Program Files\OpenOffice.org 2.1\program\soffice.exe
    3644 C:\Program Files\OpenOffice.org 2.1\program\soffice.bin
    1860 C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
    3960 C:\Program Files\Internet Explorer\iexplore.exe
    2316 C:\Program Files\Internet Explorer\iexplore.exe
    2928 C:\Program Files\Internet Explorer\iexplore.exe
    4256 C:\Documents and Settings\Owner\Desktop\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

    PhysicalDrive0 Model Number: TOSHIBAMK1637GSX, Rev: DL020M

    Size Device Name MBR Status
    --------------------------------------------
    149 GB \\.\PhysicalDrive0 Windows XP MBR code detected
    SHA1: 31D100779DE502702C374F7C15687B56FCFD5528


    Done!
     
  17. dirtyboy103us

    dirtyboy103us TS Rookie Topic Starter Posts: 25

    ComboFix 10-09-04.06 - Owner 09/05/2010 8:46:21.2.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1284 [GMT -4:00]
    Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
    AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    ---- Previous Run -------
    .
    C:\Documents and Settings\Owner\Application Data\PriceGong\Data\1.xml
    C:\Documents and Settings\Owner\Application Data\PriceGong\Data\a.xml
    C:\Documents and Settings\Owner\Application Data\PriceGong\Data\b.xml
    C:\Documents and Settings\Owner\Application Data\PriceGong\Data\c.xml
    C:\Documents and Settings\Owner\Application Data\PriceGong\Data\d.xml
    C:\Documents and Settings\Owner\Application Data\PriceGong\Data\e.xml
    C:\Documents and Settings\Owner\Application Data\PriceGong\Data\f.xml
    C:\Documents and Settings\Owner\Application Data\PriceGong\Data\g.xml
    C:\Documents and Settings\Owner\Application Data\PriceGong\Data\h.xml
    C:\Documents and Settings\Owner\Application Data\PriceGong\Data\i.xml
    C:\Documents and Settings\Owner\Application Data\PriceGong\Data\J.xml
    C:\Documents and Settings\Owner\Application Data\PriceGong\Data\k.xml
    C:\Documents and Settings\Owner\Application Data\PriceGong\Data\l.xml
    C:\Documents and Settings\Owner\Application Data\PriceGong\Data\m.xml
    C:\Documents and Settings\Owner\Application Data\PriceGong\Data\mru.xml
    C:\Documents and Settings\Owner\Application Data\PriceGong\Data\n.xml
    C:\Documents and Settings\Owner\Application Data\PriceGong\Data\o.xml
    C:\Documents and Settings\Owner\Application Data\PriceGong\Data\p.xml
    C:\Documents and Settings\Owner\Application Data\PriceGong\Data\q.xml
    C:\Documents and Settings\Owner\Application Data\PriceGong\Data\r.xml
    C:\Documents and Settings\Owner\Application Data\PriceGong\Data\s.xml
    C:\Documents and Settings\Owner\Application Data\PriceGong\Data\t.xml
    C:\Documents and Settings\Owner\Application Data\PriceGong\Data\u.xml
    C:\Documents and Settings\Owner\Application Data\PriceGong\Data\v.xml
    C:\Documents and Settings\Owner\Application Data\PriceGong\Data\w.xml
    C:\Documents and Settings\Owner\Application Data\PriceGong\Data\x.xml
    C:\Documents and Settings\Owner\Application Data\PriceGong\Data\y.xml
    C:\Documents and Settings\Owner\Application Data\PriceGong\Data\z.xml
    C:\Program Files\UNWISE.EXE
    C:\WINDOWS\Fonts\advapi32.dll
    C:\WINDOWS\system32\11478.exe
    C:\WINDOWS\system32\11538.exe
    C:\WINDOWS\system32\11942.exe
    C:\WINDOWS\system32\12382.exe
    C:\WINDOWS\system32\14604.exe
    C:\WINDOWS\system32\14771.exe
    C:\WINDOWS\system32\153.exe
    C:\WINDOWS\system32\15724.exe
    C:\WINDOWS\system32\16827.exe
    C:\WINDOWS\system32\17421.exe
    C:\WINDOWS\system32\18716.exe
    C:\WINDOWS\system32\19718.exe
    C:\WINDOWS\system32\19895.exe
    C:\WINDOWS\system32\21726.exe
    C:\WINDOWS\system32\23281.exe
    C:\WINDOWS\system32\24464.exe
    C:\WINDOWS\system32\26962.exe
    C:\WINDOWS\system32\28145.exe
    C:\WINDOWS\system32\292.exe
    C:\WINDOWS\system32\29358.exe
    C:\WINDOWS\system32\2995.exe
    C:\WINDOWS\system32\32391.exe
    C:\WINDOWS\system32\3902.exe
    C:\WINDOWS\system32\404Fix.exe
    C:\WINDOWS\system32\4827.exe
    C:\WINDOWS\system32\491.exe
    C:\WINDOWS\system32\5436.exe
    C:\WINDOWS\system32\5447.exe
    C:\WINDOWS\system32\5705.exe
    C:\WINDOWS\system32\9961.exe
    C:\WINDOWS\system32\Agent.OMZ.Fix.exe
    C:\WINDOWS\system32\dumphive.exe
    C:\WINDOWS\system32\IEDFix.C.exe
    C:\WINDOWS\system32\o4Patch.exe
    C:\WINDOWS\system32\Process.exe
    C:\WINDOWS\system32\SrchSTS.exe
    C:\WINDOWS\system32\Thumbs.db
    C:\WINDOWS\system32\tmp.reg
    C:\WINDOWS\system32\UAClmneityn.log
    C:\WINDOWS\system32\UACroyeheos.dat
    C:\WINDOWS\system32\UACxvmefkje.log
    C:\WINDOWS\system32\VACFix.exe
    C:\WINDOWS\system32\VCCLSID.exe
    C:\WINDOWS\system32\WS2Fix.exe

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_UACD.SYS


    ((((((((((((((((((((((((( Files Created from 2010-08-05 to 2010-09-05 )))))))))))))))))))))))))))))))
    .

    2010-09-03 18:53:59 . 2010-04-29 19:39:38 38224 ----a-w- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2010-09-03 18:53:57 . 2010-09-03 18:54:03 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware3
    2010-09-03 18:53:57 . 2010-04-29 19:39:26 20952 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys
    2010-09-02 12:02:08 . 2010-09-02 12:02:08 -------- d-----w- C:\Documents and Settings\Owner\Application Data\Avira
    2010-09-02 11:58:10 . 2010-09-02 11:58:10 -------- d-----w- C:\Program Files\Avira
    2010-09-02 11:58:10 . 2010-09-02 11:58:10 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Avira
    2010-09-02 11:58:10 . 2010-03-01 14:05:26 124784 ----a-w- C:\WINDOWS\system32\drivers\avipbb.sys
    2010-09-02 11:58:10 . 2010-02-16 18:24:02 60936 ----a-w- C:\WINDOWS\system32\drivers\avgntflt.sys
    2010-09-02 11:58:10 . 2009-05-11 16:49:28 45416 ----a-w- C:\WINDOWS\system32\drivers\avgntdd.sys
    2010-09-02 11:58:10 . 2009-05-11 16:49:28 22360 ----a-w- C:\WINDOWS\system32\drivers\avgntmgr.sys
    2010-09-02 11:41:54 . 2010-09-02 11:41:54 -------- d-----w- C:\Documents and Settings\Owner\Application Data\Uniblue
    2010-09-01 22:40:09 . 2010-09-01 22:40:09 -------- d-----w- C:\Documents and Settings\Owner\Application Data\ElevatedDiagnostics
    2010-09-01 12:04:22 . 2010-09-01 12:07:47 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware2
    2010-08-31 12:37:50 . 2010-08-31 12:36:37 1129120 ----a-w- C:\Documents and Settings\All Users\Application Data\STOPzilla!\vdb\vbcorent.dll
    2010-08-31 12:26:43 . 2010-09-02 10:56:41 -------- d-----w- C:\Documents and Settings\All Users\Application Data\STOPzilla!
    2010-08-31 11:05:30 . 2010-08-31 11:05:30 -------- d--h--w- C:\WINDOWS\system32\GroupPolicy
    2010-08-30 15:56:44 . 2010-08-30 15:56:44 453 ----a-w- C:\Program Files\0830201011564409.bat
    2010-08-08 14:57:21 . 2009-01-08 21:10:53 -------- d-----w- C:\0beafcea724b194507f7ff04
    2010-08-08 09:16:56 . 2009-01-08 21:15:03 -------- d-----w- C:\Documents and Settings\Owner\Local Settings\Application Data\mdelihtqq

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-09-05 12:41:09 . 2010-04-03 22:03:57 256 ----a-w- C:\WINDOWS\system32\pool.bin
    2010-09-05 12:39:17 . 2007-02-13 12:33:47 -------- d-----w- C:\Documents and Settings\Owner\Application Data\OpenOffice.org2
    2010-09-04 06:07:03 . 2010-01-24 16:10:27 -------- d-----w- C:\Documents and Settings\Owner\Application Data\Malwarebytes
    2010-09-04 05:17:23 . 2006-02-15 07:32:10 57600 ----a-w- C:\WINDOWS\system32\drivers\redbook.sys
    2010-09-03 18:53:57 . 2010-01-24 16:10:21 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2010-09-02 11:34:00 . 2006-02-16 09:55:04 -------- d-----w- C:\Program Files\Common Files\AOL
    2010-09-02 11:27:51 . 2006-02-16 09:55:11 -------- d-----w- C:\Documents and Settings\All Users\Application Data\AOL
    2010-09-02 11:27:38 . 2007-02-09 21:21:24 -------- d-----w- C:\Documents and Settings\Owner\Application Data\AOL
    2010-09-02 11:19:40 . 2010-05-21 17:16:54 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Alwil Software
    2010-09-02 11:10:54 . 2009-03-08 15:31:42 -------- d---a-w- C:\Documents and Settings\All Users\Application Data\TEMP
    2010-09-02 11:06:20 . 2009-06-01 11:19:56 -------- d-----w- C:\Documents and Settings\Owner\Application Data\WebbIE
    2010-09-02 02:47:49 . 2010-09-02 02:47:19 1088 ----a-w- C:\WINDOWS\system32\drivers\kgpcpy.cfg
    2010-09-01 19:44:18 . 2006-02-17 09:57:20 -------- d-----w- C:\Program Files\DIGStream
    2010-08-31 11:05:34 . 2007-11-17 17:05:15 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2010-08-31 10:53:02 . 2007-11-17 17:05:15 -------- d-----w- C:\Program Files\Lavasoft
    2010-08-30 16:05:08 . 2006-02-25 07:02:55 1324 ----a-w- C:\WINDOWS\system32\d3d9caps.dat
    2010-08-30 16:04:59 . 2010-05-17 00:33:27 -------- d-----w- C:\Program Files\Oberon Media
    2010-08-25 11:00:03 . 2007-02-17 17:24:00 3485 ----a-w- C:\Documents and Settings\All Users\Application Data\Intuit\QuickBooks 2007\qbbackup.sys
    2010-08-20 17:08:38 . 2008-10-29 16:38:21 17408 ----a-w- C:\psapi.dll
    2010-08-18 19:01:08 . 2008-07-02 16:17:01 46 -c--a-w- C:\Documents and Settings\Owner\jagex_runescape_preferences.dat
    2010-08-18 18:58:24 . 2009-12-23 01:00:12 99 ----a-w- C:\Documents and Settings\Owner\jagex_runescape_preferences2.dat
    2010-08-09 04:23:01 . 2007-02-10 00:20:21 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Trend Micro
    2010-08-06 18:07:56 . 2010-01-08 23:31:16 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Norton
    2010-08-06 18:07:55 . 2008-01-05 01:56:15 -------- d-----w- C:\Program Files\Norton Security Scan
    2010-07-25 00:30:46 . 2010-07-25 00:30:46 -------- d-----w- C:\Documents and Settings\Owner\Application Data\Unity
    2010-07-24 23:20:04 . 2010-07-24 23:20:04 -------- d-----w- C:\Program Files\Unity
    2010-07-18 08:45:20 . 2010-07-18 08:45:20 -------- d-----w- C:\Documents and Settings\Owner\Application Data\iWin
    2010-07-18 08:40:59 . 2010-07-18 08:40:59 -------- d-----w- C:\Program Files\Common Files\Oberon Media
    2010-07-18 08:35:01 . 2010-07-18 08:35:01 -------- d-----w- C:\Program Files\Conduit
    2010-07-18 08:35:01 . 2010-07-18 08:34:59 -------- d-----w- C:\Program Files\TranslatorBar_1
    2010-07-10 15:53:10 . 2009-09-30 14:09:08 -------- d-----w- C:\Program Files\My.Freeze.com Toolbar
    2010-06-30 12:31:35 . 2006-02-15 14:03:52 149504 ----a-w- C:\WINDOWS\system32\schannel.dll
    2010-06-29 18:38:57 . 2010-04-30 16:13:39 439816 -c--a-w- C:\Documents and Settings\Owner\Application Data\Real\Update\setup3.10\setup.exe
    2010-06-24 12:22:03 . 2006-02-15 14:04:21 916480 ----a-w- C:\WINDOWS\system32\wininet.dll
    2010-06-23 13:44:04 . 2006-02-15 14:04:21 1851904 ----a-w- C:\WINDOWS\system32\win32k.sys
    2010-06-21 15:27:11 . 2006-02-15 14:04:02 354304 ----a-w- C:\WINDOWS\system32\drivers\srv.sys
    2010-06-17 14:03:00 . 2006-02-15 14:02:52 80384 ----a-w- C:\WINDOWS\system32\iccvid.dll
    2010-06-15 00:23:14 . 2010-06-27 17:09:10 607472 -c--a-w- C:\Documents and Settings\All Users\Application Data\Yahoo!\YUPDATER\yupdater.exe
    2010-06-14 14:31:20 . 2006-02-15 15:36:36 744448 ----a-w- C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe
    2010-06-14 07:41:45 . 2006-02-15 14:03:21 1172480 ----a-w- C:\WINDOWS\system32\msxml3.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00bf7b9c-acd2-4080-bea8-b1c41987070f}]
    2010-06-03 22:24:50 2736736 ----a-w- C:\Program Files\TranslatorBar_1\tbTran.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{00bf7b9c-acd2-4080-bea8-b1c41987070f}"= "C:\Program Files\TranslatorBar_1\tbTran.dll" [2010-06-03 22:24:50 2736736]

    [HKEY_CLASSES_ROOT\clsid\{00bf7b9c-acd2-4080-bea8-b1c41987070f}]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{00BF7B9C-ACD2-4080-BEA8-B1C41987070F}"= "C:\Program Files\TranslatorBar_1\tbTran.dll" [2010-06-03 22:24:50 2736736]

    [HKEY_CLASSES_ROOT\clsid\{00bf7b9c-acd2-4080-bea8-b1c41987070f}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 08:32:20 65536]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 00:05:26 204288]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 08:32:58 761945]
    "THotkey"="C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-05 22:02:24 352256]
    "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-12-16 08:34:16 82009]
    "Tvs"="C:\Program Files\Toshiba\Tvs\TvsTray.exe" [2005-11-30 20:25:22 73728]
    "TPSMain"="TPSMain.exe" [2005-06-01 05:00:12 282624]
    "SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-27 00:13:20 122880]
    "dla"="C:\WINDOWS\system32\dla\DLACTRLW.exe" [2005-10-06 13:20:00 122940]
    "Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-18 01:37:26 151552]
    "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 20:37:40 667718]
    "USBToolTip"="C:\Program Files\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe" [2006-06-01 07:37:48 196608]
    "TDispVol"="TDispVol.exe" [2005-03-11 23:03:16 73728]
    "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-11-28 05:55:14 98304]
    "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-11-28 05:55:58 118784]
    "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-11-28 05:52:00 77824]
    "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 21:56:34 64512]
    "AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 14:29:08 88203]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2009-09-30 10:59:28 149280]
    "Verizon_McciTrayApp"="C:\Program Files\Verizon\McciTrayApp.exe" [2010-03-17 20:55:42 1565696]
    "avgnt"="C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 15:28:32 282792]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 21:18:15 443968]

    C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
    OpenOffice.org 2.1.lnk - C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe [2006-11-27 393216]
    SDK Tray Menu.lnk - C:\Sun\SDK\jdk\bin\javaw.exe [2009-3-8 139264]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
    Desktop Manager.lnk - C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe [2009-11-19 1807704]
    QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2009-9-16 972064]
    RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2006-2-15 155648]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoSetActiveDesktop"= 1 (0x1)
    "NoActiveDesktopChanges"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
    @="Service"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
    "C:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= C:\\TOSHIBA\\IVP\\ISM\\pinger.exe
    "C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Program Files\\Yahoo!\\Yahoo! Music Engine\\YahooMusicEngine.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Intuit\\QuickBooks 2007\\QBDBMgrN.exe"=
    "C:\\WINDOWS\\system32\\fxsclnt.exe"=
    "C:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
    "C:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
    "C:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
    "C:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
    "C:\\Program Files\\Pinnacle\\Shared Files\\Programs\\MediaManager\\PMSManager.exe"=
    "C:\\Program Files\\Petersons\\GED\\jre\\bin\\java.exe"=
    "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
    "C:\\Program Files\\DesktopDialer\\DesktopDialer.exe"=
    "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
    "C:\\Program Files\\TOSHIBA\\ConfigFree\\CFXFER.exe"=
    "C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\CTpdpsrv.exe"=
    "C:\\Program Files\\TVAnts\\Tvants.exe"=
    "C:\\Sun\\SDK\\jdk\\bin\\java.exe"=
    "C:\\WINDOWS\\system32\\spoolsv.exe"=

    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files\Avira\AntiVir Desktop\sched.exe [9/2/2010 7:58:12 AM 135336]
    R2 QuickBooksDB17;QuickBooksDB17;C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB17 --> C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB17 [?]
    S1 uxlmjfxw;uxlmjfxw;\??\C:\WINDOWS\system32\drivers\uxlmjfxw.sys --> C:\WINDOWS\system32\drivers\uxlmjfxw.sys [?]
    S2 gupdate1ca40e5bebe50f4;Google Update Service (gupdate1ca40e5bebe50f4);C:\Program Files\Google\Update\GoogleUpdate.exe [9/29/2009 5:17:48 AM 133104]
    S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [5/13/2006 7:21:54 PM 30192]
    S3 SVRPEDRV;SVRPEDRV;\??\C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX0\S10VWF\PEDrv.sys --> C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX0\S10VWF\PEDrv.sys [?]
    .
    Contents of the 'Scheduled Tasks' folder

    2010-09-05 C:\WINDOWS\Tasks\Malwarebytes' Anti-Malware.job
    - C:\PROGRA~1\MALWAR~1\mbam.exe [2010-09-03 18:53:58 . 2010-04-29 19:39:32]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://msn.com/
    uInternet Settings,ProxyServer = http=127.0.0.1:6522
    uInternet Settings,ProxyOverride = <local>
    DPF: Web-Based Email Tools - hxxp://email.secureserver.net/Download.CAB
    DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
    .
    - - - - ORPHANS REMOVED - - - -

    Toolbar-Locked - (no file)
    WebBrowser-{D0523BB4-21E7-11DD-9AB7-415B56D89593} - (no file)
    HKCU-Run-RegistryBooster - C:\Program Files\Uniblue\RegistryBooster\launcher.exe
    SafeBoot-klmdb.sys



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-09-05 08:54:11
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@C:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="C:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------


    .
     
  18. dirtyboy103us

    dirtyboy103us TS Rookie Topic Starter Posts: 25

    part 2 combofix

    - - - - - - - > 'explorer.exe'(2884)
    C:\WINDOWS\system32\WININET.dll
    C:\WINDOWS\system32\TDispVol.dll
    C:\WINDOWS\system32\ieframe.dll
    C:\WINDOWS\system32\webcheck.dll
    C:\WINDOWS\system32\WPDShServiceObj.dll
    C:\WINDOWS\system32\PortableDeviceTypes.dll
    C:\WINDOWS\system32\PortableDeviceApi.dll
    C:\WINDOWS\system32\TPwrCfg.DLL
    C:\WINDOWS\system32\TPwrReg.dll
    C:\WINDOWS\system32\TPSTrace.DLL
    C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
     
  19. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    1. Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box.

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    File::
    C:\Documents and Settings\All Users\Application Data\STOPzilla!\vdb\vbcorent.dll
    C:\Program Files\0830201011564409.bat
    C:\WINDOWS\system32\drivers\kgpcpy.cfg
    C:\WINDOWS\system32\drivers\uxlmjfxw.sys
    
    
    Folder::
    C:\Documents and Settings\Owner\Application Data\Uniblue
    C:\Documents and Settings\All Users\Application Data\STOPzilla!
    C:\Documents and Settings\Owner\Local Settings\Application Data\mdelihtqq
    
    
    DirLook::
    C:\0beafcea724b194507f7ff04
    
    Driver::
    uxlmjfxw
    
    Registry::
    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoSetActiveDesktop"=-
    "NoActiveDesktopChanges"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=-
    
    DDS::
    uInternet Settings,ProxyServer = http=127.0.0.1:6522
    uInternet Settings,ProxyOverride = <local>
    
    
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
     
  20. dirtyboy103us

    dirtyboy103us TS Rookie Topic Starter Posts: 25

    part 1

    ComboFix 10-09-04.06 - Owner 09/05/2010 12:40:43.3.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1376 [GMT -4:00]
    Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
    AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

    FILE ::
    "c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vbcorent.dll"
    "c:\program files\0830201011564409.bat"
    "c:\windows\system32\drivers\kgpcpy.cfg"
    "c:\windows\system32\drivers\uxlmjfxw.sys"
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\All Users\Application Data\STOPzilla!
    c:\documents and settings\All Users\Application Data\STOPzilla!\modules_scanned.db
    c:\documents and settings\All Users\Application Data\STOPzilla!\modules_scanned.db.bak
    c:\documents and settings\All Users\Application Data\STOPzilla!\scanner.log
    c:\documents and settings\All Users\Application Data\STOPzilla!\userdata.db
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-000.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-001.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-002.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-003.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-004.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-005.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-006.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-007.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-008.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-009.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-010.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-011.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-012.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-013.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-014.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-015.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-016.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-017.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-018.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-019.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-020.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-021.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-022.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-023.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-024.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-025.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-026.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-027.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-028.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-029.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-030.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-031.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-032.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-033.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-034.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-035.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-036.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-037.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-038.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-039.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-040.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-041.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-042.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-043.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-044.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-045.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-046.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-047.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-048.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-049.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-050.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-051.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-052.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-053.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-054.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-055.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-056.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-057.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-058.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-059.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-060.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-061.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-062.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-063.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-064.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-065.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-066.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-067.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-068.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-069.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-070.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-071.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-072.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-073.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-074.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-075.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-076.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-077.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-078.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-079.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-080.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-081.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-082.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-083.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-084.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-085.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-086.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-087.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-088.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-089.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-090.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-daily.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vbcorent.dll
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vdb.xml
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\xml_edk.log
    c:\documents and settings\All Users\Application Data\STOPzilla!\zilla5.log
    c:\documents and settings\Owner\Application Data\PriceGong
    c:\documents and settings\Owner\Application Data\PriceGong\Data\1.xml
    c:\documents and settings\Owner\Application Data\PriceGong\Data\a.xml
    c:\documents and settings\Owner\Application Data\PriceGong\Data\b.xml
    c:\documents and settings\Owner\Application Data\PriceGong\Data\c.xml
    c:\documents and settings\Owner\Application Data\PriceGong\Data\d.xml
    c:\documents and settings\Owner\Application Data\PriceGong\Data\e.xml
    c:\documents and settings\Owner\Application Data\PriceGong\Data\f.xml
    c:\documents and settings\Owner\Application Data\PriceGong\Data\g.xml
    c:\documents and settings\Owner\Application Data\PriceGong\Data\h.xml
    c:\documents and settings\Owner\Application Data\PriceGong\Data\i.xml
    c:\documents and settings\Owner\Application Data\PriceGong\Data\J.xml
    c:\documents and settings\Owner\Application Data\PriceGong\Data\k.xml
    c:\documents and settings\Owner\Application Data\PriceGong\Data\l.xml
    c:\documents and settings\Owner\Application Data\PriceGong\Data\m.xml
    c:\documents and settings\Owner\Application Data\PriceGong\Data\mru.xml
    c:\documents and settings\Owner\Application Data\PriceGong\Data\n.xml
    c:\documents and settings\Owner\Application Data\PriceGong\Data\o.xml
    c:\documents and settings\Owner\Application Data\PriceGong\Data\p.xml
    c:\documents and settings\Owner\Application Data\PriceGong\Data\q.xml
    c:\documents and settings\Owner\Application Data\PriceGong\Data\r.xml
    c:\documents and settings\Owner\Application Data\PriceGong\Data\s.xml
    c:\documents and settings\Owner\Application Data\PriceGong\Data\t.xml
    c:\documents and settings\Owner\Application Data\PriceGong\Data\u.xml
    c:\documents and settings\Owner\Application Data\PriceGong\Data\v.xml
    c:\documents and settings\Owner\Application Data\PriceGong\Data\w.xml
    c:\documents and settings\Owner\Application Data\PriceGong\Data\x.xml
    c:\documents and settings\Owner\Application Data\PriceGong\Data\y.xml
    c:\documents and settings\Owner\Application Data\PriceGong\Data\z.xml
    c:\documents and settings\Owner\Application Data\Uniblue
    c:\documents and settings\Owner\Application Data\Uniblue\RegistryBooster\backup\20100902.074801.zip
    c:\documents and settings\Owner\Application Data\Uniblue\RegistryBooster\error.log
    c:\documents and settings\Owner\Application Data\Uniblue\RegistryBooster\history\20100902-074523_repair.xml
    c:\documents and settings\Owner\Application Data\Uniblue\RegistryBooster\history\latest_scan_results.html
    c:\documents and settings\Owner\Application Data\Uniblue\RegistryBooster\last_scan.dat
    c:\documents and settings\Owner\Application Data\Uniblue\RegistryBooster\settings.dat
    c:\documents and settings\Owner\Application Data\Uniblue\RegistryBooster\track_installs.txt
    c:\documents and settings\Owner\Local Settings\Application Data\mdelihtqq
    c:\program files\0830201011564409.bat
    c:\windows\system32\drivers\kgpcpy.cfg

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_UACD.SYS
    -------\Service_uxlmjfxw


    ((((((((((((((((((((((((( Files Created from 2010-08-05 to 2010-09-05 )))))))))))))))))))))))))))))))
    .

    2010-09-03 18:53 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-09-03 18:53 . 2010-09-03 18:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware3
    2010-09-03 18:53 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-09-02 12:02 . 2010-09-02 12:02 -------- d-----w- c:\documents and settings\Owner\Application Data\Avira
    2010-09-02 11:58 . 2010-09-02 11:58 -------- d-----w- c:\program files\Avira
    2010-09-02 11:58 . 2010-09-02 11:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
    2010-09-02 11:58 . 2010-03-01 14:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2010-09-02 11:58 . 2010-02-16 18:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2010-09-02 11:58 . 2009-05-11 16:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
    2010-09-02 11:58 . 2009-05-11 16:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
    2010-09-01 22:40 . 2010-09-01 22:40 -------- d-----w- c:\documents and settings\Owner\Application Data\ElevatedDiagnostics
    2010-09-01 12:04 . 2010-09-01 12:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2
    2010-08-31 11:05 . 2010-08-31 11:05 -------- d--h--w- c:\windows\system32\GroupPolicy
    2010-08-08 14:57 . 2009-01-08 21:10 -------- d-----w- C:\0beafcea724b194507f7ff04

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-09-05 17:03 . 2010-04-03 22:03 256 ----a-w- c:\windows\system32\pool.bin
    2010-09-05 17:02 . 2007-02-13 12:33 -------- d-----w- c:\documents and settings\Owner\Application Data\OpenOffice.org2
    2010-09-04 06:07 . 2010-01-24 16:10 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
    2010-09-04 05:17 . 2006-02-15 07:32 57600 ----a-w- c:\windows\system32\drivers\redbook.sys
    2010-09-03 18:53 . 2010-01-24 16:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-09-02 11:34 . 2006-02-16 09:55 -------- d-----w- c:\program files\Common Files\AOL
    2010-09-02 11:27 . 2006-02-16 09:55 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
    2010-09-02 11:27 . 2007-02-09 21:21 -------- d-----w- c:\documents and settings\Owner\Application Data\AOL
    2010-09-02 11:19 . 2010-05-21 17:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
    2010-09-02 11:10 . 2009-03-08 15:31 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
    2010-09-02 11:06 . 2009-06-01 11:19 -------- d-----w- c:\documents and settings\Owner\Application Data\WebbIE
    2010-09-01 19:44 . 2006-02-17 09:57 -------- d-----w- c:\program files\DIGStream
    2010-08-31 11:05 . 2007-11-17 17:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
    2010-08-31 10:53 . 2007-11-17 17:05 -------- d-----w- c:\program files\Lavasoft
    2010-08-30 16:05 . 2006-02-25 07:02 1324 ----a-w- c:\windows\system32\d3d9caps.dat
    2010-08-30 16:04 . 2010-05-17 00:33 -------- d-----w- c:\program files\Oberon Media
    2010-08-25 11:00 . 2007-02-17 17:24 3485 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2007\qbbackup.sys
    2010-08-20 17:08 . 2008-10-29 16:38 17408 ----a-w- C:\psapi.dll
    2010-08-18 19:01 . 2008-07-02 16:17 46 -c--a-w- c:\documents and settings\Owner\jagex_runescape_preferences.dat
    2010-08-18 18:58 . 2009-12-23 01:00 99 ----a-w- c:\documents and settings\Owner\jagex_runescape_preferences2.dat
    2010-08-09 04:23 . 2007-02-10 00:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Trend Micro
    2010-08-06 18:07 . 2010-01-08 23:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
    2010-08-06 18:07 . 2008-01-05 01:56 -------- d-----w- c:\program files\Norton Security Scan
    2010-07-25 00:30 . 2010-07-25 00:30 -------- d-----w- c:\documents and settings\Owner\Application Data\Unity
    2010-07-24 23:20 . 2010-07-24 23:20 -------- d-----w- c:\program files\Unity
    2010-07-18 08:45 . 2010-07-18 08:45 -------- d-----w- c:\documents and settings\Owner\Application Data\iWin
    2010-07-18 08:40 . 2010-07-18 08:40 -------- d-----w- c:\program files\Common Files\Oberon Media
    2010-07-18 08:35 . 2010-07-18 08:35 -------- d-----w- c:\program files\Conduit
    2010-07-18 08:35 . 2010-07-18 08:34 -------- d-----w- c:\program files\TranslatorBar_1
    2010-07-10 15:53 . 2009-09-30 14:09 -------- d-----w- c:\program files\My.Freeze.com Toolbar
    2010-06-30 12:31 . 2006-02-15 14:03 149504 ----a-w- c:\windows\system32\schannel.dll
    2010-06-29 18:38 . 2010-04-30 16:13 439816 -c--a-w- c:\documents and settings\Owner\Application Data\Real\Update\setup3.10\setup.exe
    2010-06-24 12:22 . 2006-02-15 14:04 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-06-23 13:44 . 2006-02-15 14:04 1851904 ----a-w- c:\windows\system32\win32k.sys
    2010-06-21 15:27 . 2006-02-15 14:04 354304 ----a-w- c:\windows\system32\drivers\srv.sys
    2010-06-17 14:03 . 2006-02-15 14:02 80384 ----a-w- c:\windows\system32\iccvid.dll
    2010-06-15 00:23 . 2010-06-27 17:09 607472 -c--a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUPDATER\yupdater.exe
    2010-06-14 14:31 . 2006-02-15 15:36 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
    2010-06-14 07:41 . 2006-02-15 14:03 1172480 ----a-w- c:\windows\system32\msxml3.dll
    .
     
  21. dirtyboy103us

    dirtyboy103us TS Rookie Topic Starter Posts: 25

    part 2

    (((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    ---- Directory of C:\0beafcea724b194507f7ff04 ----

    2010-08-08 14:57 . 2010-08-08 14:57 788 ---ha-w- c:\0beafcea724b194507f7ff04\$shtdwn$.req
    2010-07-02 16:56 . 2010-07-02 16:56 6325362 ----a-w- c:\0beafcea724b194507f7ff04\mrt.exe._p
    2010-07-02 16:39 . 2010-07-02 16:39 58312 ----a-w- c:\0beafcea724b194507f7ff04\mrtstub.exe


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00bf7b9c-acd2-4080-bea8-b1c41987070f}]
    2010-06-03 22:24 2736736 ----a-w- c:\program files\TranslatorBar_1\tbTran.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{00bf7b9c-acd2-4080-bea8-b1c41987070f}"= "c:\program files\TranslatorBar_1\tbTran.dll" [2010-06-03 2736736]

    [HKEY_CLASSES_ROOT\clsid\{00bf7b9c-acd2-4080-bea8-b1c41987070f}]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{00BF7B9C-ACD2-4080-BEA8-B1C41987070F}"= "c:\program files\TranslatorBar_1\tbTran.dll" [2010-06-03 2736736]

    [HKEY_CLASSES_ROOT\clsid\{00bf7b9c-acd2-4080-bea8-b1c41987070f}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
    "RegistryBooster"="c:\program files\Uniblue\RegistryBooster\launcher.exe" [BU]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 761945]
    "THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-05 352256]
    "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-12-16 82009]
    "Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2005-11-30 73728]
    "TPSMain"="TPSMain.exe" [2005-06-01 282624]
    "SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-27 122880]
    "dla"="c:\windows\system32\dla\DLACTRLW.exe" [2005-10-06 122940]
    "Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-18 151552]
    "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]
    "USBToolTip"="c:\program files\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe" [2006-06-01 196608]
    "TDispVol"="TDispVol.exe" [2005-03-11 73728]
    "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304]
    "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784]
    "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824]
    "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
    "AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 88203]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-30 149280]
    "Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2010-03-17 1565696]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 443968]

    c:\documents and settings\Owner\Start Menu\Programs\Startup\
    OpenOffice.org 2.1.lnk - c:\program files\OpenOffice.org 2.1\program\quickstart.exe [2006-11-27 393216]
    SDK Tray Menu.lnk - c:\sun\SDK\jdk\bin\javaw.exe [2009-3-8 139264]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
    Desktop Manager.lnk - c:\program files\Research In Motion\BlackBerry\DesktopMgr.exe [2009-11-19 1807704]
    QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2009-9-16 972064]
    RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-2-15 155648]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
    @="Service"

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
    "c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
    "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Yahoo!\\Yahoo! Music Engine\\YahooMusicEngine.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Intuit\\QuickBooks 2007\\QBDBMgrN.exe"=
    "c:\\WINDOWS\\system32\\fxsclnt.exe"=
    "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
    "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
    "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
    "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
    "c:\\Program Files\\Pinnacle\\Shared Files\\Programs\\MediaManager\\PMSManager.exe"=
    "c:\\Program Files\\Petersons\\GED\\jre\\bin\\java.exe"=
    "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
    "c:\\Program Files\\DesktopDialer\\DesktopDialer.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
    "c:\\Program Files\\TOSHIBA\\ConfigFree\\CFXFER.exe"=
    "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\CTpdpsrv.exe"=
    "c:\\Program Files\\TVAnts\\Tvants.exe"=
    "c:\\Sun\\SDK\\jdk\\bin\\java.exe"=
    "c:\\WINDOWS\\system32\\spoolsv.exe"=

    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [9/2/2010 7:58 AM 135336]
    R2 QuickBooksDB17;QuickBooksDB17;c:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB17 --> c:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB17 [?]
    S2 gupdate1ca40e5bebe50f4;Google Update Service (gupdate1ca40e5bebe50f4);c:\program files\Google\Update\GoogleUpdate.exe [9/29/2009 5:17 AM 133104]
    S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [5/13/2006 7:21 PM 30192]
    S3 SVRPEDRV;SVRPEDRV;\??\c:\docume~1\Owner\LOCALS~1\Temp\RarSFX0\S10VWF\PEDrv.sys --> c:\docume~1\Owner\LOCALS~1\Temp\RarSFX0\S10VWF\PEDrv.sys [?]
    .
    Contents of the 'Scheduled Tasks' folder

    2010-09-05 c:\windows\Tasks\Malwarebytes' Anti-Malware.job
    - c:\progra~1\MALWAR~1\mbam.exe [2010-09-03 19:39]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://msn.com/
    DPF: Web-Based Email Tools - hxxp://email.secureserver.net/Download.CAB
    DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
    .
    - - - - ORPHANS REMOVED - - - -

    Toolbar-Locked - (no file)
    WebBrowser-{D0523BB4-21E7-11DD-9AB7-415B56D89593} - (no file)



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-09-05 13:01
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'explorer.exe'(2188)
    c:\windows\system32\WININET.dll
    c:\windows\system32\TDispVol.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    c:\windows\system32\TPwrCfg.DLL
    c:\windows\system32\TPwrReg.dll
    c:\windows\system32\TPSTrace.DLL
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Intel\Wireless\Bin\EvtEng.exe
    c:\program files\Intel\Wireless\Bin\S24EvMon.exe
    c:\program files\Avira\AntiVir Desktop\avguard.exe
    c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
    c:\windows\system32\DVDRAMSV.exe
    c:\windows\eHome\ehRecvr.exe
    c:\program files\Avira\AntiVir Desktop\avshadow.exe
    c:\windows\eHome\ehSched.exe
    c:\documents and settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Common Files\Motive\McciCMService.exe
    c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    c:\program files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
    c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    c:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe
    c:\program files\Intel\Wireless\Bin\RegSrvc.exe
    c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    c:\toshiba\IVP\swupdate\swupdtmr.exe
    c:\program files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
    c:\windows\ehome\mcrdsvc.exe
    c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
    c:\program files\Windows Media Player\WMPNetwk.exe
    c:\windows\system32\dllhost.exe
    c:\program files\Synaptics\SynTP\Toshiba.exe
    c:\windows\system32\TPSMain.exe
    c:\program files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
    c:\windows\system32\TPSBattM.exe
    c:\windows\system32\TDispVol.exe
    c:\windows\AGRSMMSG.exe
    c:\windows\eHome\ehmsas.exe
    c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
    c:\program files\OpenOffice.org 2.1\program\soffice.exe
    c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
    c:\program files\OpenOffice.org 2.1\program\soffice.BIN
    c:\program files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe
    c:\program files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
    .
    **************************************************************************
    .
    Completion time: 2010-09-05 13:10:16 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-09-05 17:10

    Pre-Run: 24,265,314,304 bytes free
    Post-Run: 24,244,707,328 bytes free

    Current=5 Default=5 Failed=4 LastKnownGood=1 Sets=1,2,3,4,5
    - - End Of File - - 9DE0E7590E8102D2EEFCDC0ABF2EF5A5
     
  22. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    It looks good now :)

    How is computer doing?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32 /all
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\system32\*.wt
    %systemroot%\system32\*.ruy
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\system32\spool\prtprocs\w32x86\*.tmp
    %systemroot%\*. /mp /s
    /md5start
    /md5stop
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\user32.dll /md5
    %systemroot%\system32\ws2_32.dll /md5
    %systemroot%\system32\ws2help.dll /md5
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  23. dirtyboy103us

    dirtyboy103us TS Rookie Topic Starter Posts: 25

    otl text part 1 of 4

    OTL logfile created on: 9/5/2010 1:55:33 PM - Run 1
    OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\Owner\Desktop
    Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 67.00% Memory free
    4.00 Gb Paging File | 3.00 Gb Available in Paging File | 85.00% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 148.80 Gb Total Space | 22.55 Gb Free Space | 15.15% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: TIMSLAPTOP
    Current User Name: Owner
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 90 Days
    Output = Standard
    Quick Scan

    ========== Processes (SafeList) ==========

    PRC - [2010/09/05 13:53:11 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
    PRC - [2010/04/01 13:33:20 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    PRC - [2010/03/17 16:55:42 | 001,565,696 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\Verizon\McciTrayApp.exe
    PRC - [2010/03/02 11:28:32 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    PRC - [2010/02/24 10:28:10 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
    PRC - [2010/01/14 22:11:02 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    PRC - [2009/09/16 22:17:24 | 000,972,064 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    PRC - [2009/09/16 19:01:16 | 000,020,480 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    PRC - [2009/03/08 11:01:06 | 000,139,264 | ---- | M] (Sun Microsystems, Inc.) -- C:\Sun\SDK\jdk\bin\javaw.exe
    PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2007/08/30 18:43:18 | 004,670,704 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    PRC - [2007/01/11 05:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
    PRC - [2006/11/30 16:54:50 | 002,486,272 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 2.1\program\soffice.bin
    PRC - [2006/11/30 16:54:34 | 002,334,720 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 2.1\program\soffice.exe
    PRC - [2006/09/13 14:32:12 | 000,128,536 | ---- | M] (iAnywhere Solutions, Inc.) -- C:\Program Files\Intuit\QuickBooks 2007\QBDBMgrN.exe
    PRC - [2006/06/01 03:37:48 | 000,196,608 | ---- | M] (Pinnacle Systems GmbH) -- C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
    PRC - [2006/04/14 11:07:20 | 028,933,976 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    PRC - [2006/04/14 11:05:58 | 000,240,416 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    PRC - [2006/01/19 09:22:20 | 000,049,152 | ---- | M] (Pinnacle Systems) -- c:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
    PRC - [2006/01/05 18:02:24 | 000,352,256 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe
    PRC - [2005/12/20 15:22:14 | 000,035,328 | ---- | M] (TOSHIBA Corp.) -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
    PRC - [2005/12/16 04:21:00 | 000,151,552 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\Toshiba.exe
    PRC - [2005/12/05 16:37:40 | 000,667,718 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
    PRC - [2005/11/30 16:25:22 | 000,073,728 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
    PRC - [2005/11/28 15:37:52 | 000,397,381 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
    PRC - [2005/11/28 15:31:32 | 000,540,745 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    PRC - [2005/11/28 15:29:00 | 000,114,753 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    PRC - [2005/11/28 15:28:14 | 000,217,164 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    PRC - [2005/10/06 09:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
    PRC - [2005/07/12 21:14:42 | 000,040,960 | ---- | M] () -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
    PRC - [2005/06/01 01:00:12 | 000,282,624 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSMain.exe
    PRC - [2005/06/01 00:59:58 | 000,045,056 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSBattM.exe
    PRC - [2005/05/04 00:04:28 | 009,150,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
    PRC - [2005/04/26 20:13:20 | 000,122,880 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
    PRC - [2005/03/11 19:03:16 | 000,073,728 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TDispVol.exe
    PRC - [2005/01/17 20:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    PRC - [2004/12/30 04:32:20 | 000,065,536 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
    PRC - [2004/08/28 00:37:00 | 000,155,648 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\RAMASST.exe
    PRC - [2004/08/28 00:33:00 | 000,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/09/05 13:53:11 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
    MOD - [2010/03/17 16:53:28 | 000,198,656 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\Common Files\Motive\McciContextHook_DSR.dll
    MOD - [2008/04/14 05:40:22 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
    MOD - [2007/08/30 18:43:14 | 000,006,144 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\idle.dll
    MOD - [2007/08/30 17:17:38 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Yahoo!\Messenger\msvcr71.dll
    MOD - [2002/03/03 08:40:00 | 000,045,056 | ---- | M] () -- C:\WINDOWS\system32\TDispVol.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Auto | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
    SRV - [2010/08/26 16:33:33 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-051210-111108)
    SRV - [2010/04/01 13:33:20 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
    SRV - [2010/02/24 10:28:10 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
    SRV - [2009/09/16 19:01:16 | 000,020,480 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
    SRV - [2007/01/11 05:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)
    SRV - [2006/11/09 19:30:14 | 000,065,536 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
    SRV - [2006/09/13 14:32:12 | 000,128,536 | ---- | M] (iAnywhere Solutions, Inc.) [Auto | Running] -- C:\Program Files\Intuit\QuickBooks 2007\QBDBMgrN.exe -- (QuickBooksDB17)
    SRV - [2006/04/14 11:07:20 | 028,933,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ)
    SRV - [2006/04/14 11:05:58 | 000,240,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
    SRV - [2006/04/14 11:04:54 | 000,087,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
    SRV - [2006/01/19 09:22:20 | 000,049,152 | ---- | M] (Pinnacle Systems) [Auto | Running] -- c:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe -- (PinnacleSys.MediaServer)
    SRV - [2005/12/20 15:22:14 | 000,035,328 | ---- | M] (TOSHIBA Corp.) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe -- (TAPPSRV)
    SRV - [2005/11/28 15:31:32 | 000,540,745 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel(R)
    SRV - [2005/11/28 15:29:00 | 000,114,753 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel(R)
    SRV - [2005/11/28 15:28:14 | 000,217,164 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel(R)
    SRV - [2005/10/14 04:50:20 | 000,045,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
    SRV - [2005/07/12 21:14:42 | 000,040,960 | ---- | M] () [Auto | Running] -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
    SRV - [2005/05/04 00:04:28 | 009,150,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe -- (MSSQL$PINNACLESYS)
    SRV - [2005/05/03 21:42:56 | 000,323,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE -- (SQLAgent$PINNACLESYS)
    SRV - [2005/01/17 20:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)
    SRV - [2004/08/28 00:33:00 | 000,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Auto | Running] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX0\S10VWF\PEDrv.sys -- (SVRPEDRV)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS -- (MRESP50a64)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS -- (MREMP50a64)
    DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\Drivers\DgiVecp.sys -- (DgiVecp)
    DRV - File not found [Kernel | On_Demand | Running] -- C:\ComboFix\catchme.sys -- (catchme)
    DRV - [2010/03/17 16:53:38 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
    DRV - [2010/03/17 16:53:22 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
    DRV - [2010/03/01 10:05:26 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
    DRV - [2010/02/16 14:24:02 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
    DRV - [2010/02/11 08:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
    DRV - [2009/05/11 12:49:20 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
    DRV - [2009/05/11 10:12:50 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
    DRV - [2008/04/14 00:26:08 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
    DRV - [2008/04/13 22:06:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
    DRV - [2006/05/09 00:27:22 | 000,426,624 | ---- | M] (Pinnacle Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MarvinUsb.sys -- (PinnacleMarvinUsb)
    DRV - [2005/12/16 04:15:06 | 000,191,936 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
    DRV - [2005/12/09 20:48:40 | 004,123,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
    DRV - [2005/12/04 13:55:30 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel(R)
    DRV - [2005/11/30 15:01:02 | 000,043,392 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Tvs.sys -- (Tvs)
    DRV - [2005/11/30 14:12:00 | 000,162,560 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
    DRV - [2005/11/28 16:09:26 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
    DRV - [2005/11/25 06:38:00 | 000,028,800 | ---- | M] (UPEK Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tcusb.sys -- (TcUsb)
    DRV - [2005/11/15 13:00:22 | 001,122,656 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
    DRV - [2005/10/20 18:03:42 | 000,006,144 | ---- | M] (Toshiba Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NBSMI.sys -- (TVALD)
    DRV - [2005/10/06 09:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
    DRV - [2005/10/06 09:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
    DRV - [2005/10/06 09:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
    DRV - [2005/10/06 09:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
    DRV - [2005/10/06 09:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
    DRV - [2005/10/06 09:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
    DRV - [2005/10/06 09:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
    DRV - [2005/09/14 06:24:08 | 000,179,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel(R)
    DRV - [2005/09/12 07:30:00 | 000,089,264 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
    DRV - [2005/09/09 18:47:10 | 000,009,344 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfec.sys -- (tosrfec)
    DRV - [2005/08/25 16:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
    DRV - [2005/08/25 16:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
    DRV - [2005/08/24 19:20:28 | 000,009,472 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tbiosdrv.sys -- (tbiosdrv)
    DRV - [2005/08/12 09:20:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
    DRV - [2005/07/13 16:55:22 | 000,171,008 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MarvinBus.sys -- (MarvinBus)
    DRV - [2005/06/02 03:33:00 | 000,102,384 | ---- | M] (Matsushita Electric Industrial Co.,Ltd.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf)
    DRV - [2005/02/23 18:40:26 | 000,011,264 | ---- | M] (VOB Computersysteme GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\asapiW2k.sys -- (ASAPIW2K)
    DRV - [2005/02/09 12:59:00 | 000,014,165 | ---- | M] (Pinnacle Systems GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Pclepci.sys -- (PCLEPCI)
    DRV - [2005/01/12 04:05:46 | 000,204,160 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\KR10N.sys -- (KR10N)
    DRV - [2004/08/10 08:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
    DRV - [2004/08/10 08:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
    DRV - [2004/04/10 10:42:36 | 000,002,944 | ---- | M] (cansoft@livewiredev.com) [Kernel | System | Running] -- C:\WINDOWS\system32\mbmiodrvr.sys -- (mbmiodrvr)
    DRV - [2003/11/30 22:54:20 | 000,043,136 | R--- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
    DRV - [2003/09/19 05:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
    DRV - [2003/09/11 03:36:54 | 000,021,060 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi)
    DRV - [2003/01/29 18:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)
    DRV - [2003/01/10 16:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr8/*http://www.yahoo.com/ext/search/search.html

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
     
  24. dirtyboy103us

    dirtyboy103us TS Rookie Topic Starter Posts: 25

    2 of 4

    O1 HOSTS File: ([2010/09/05 13:00:57 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (TranslatorBar 1 Toolbar) - {00bf7b9c-acd2-4080-bea8-b1c41987070f} - C:\Program Files\TranslatorBar_1\tbTran.dll (Conduit Ltd.)
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
    O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
    O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (TranslatorBar 1 Toolbar) - {00bf7b9c-acd2-4080-bea8-b1c41987070f} - C:\Program Files\TranslatorBar_1\tbTran.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (TranslatorBar 1 Toolbar) - {00BF7B9C-ACD2-4080-BEA8-B1C41987070F} - C:\Program Files\TranslatorBar_1\tbTran.dll (Conduit Ltd.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
    O4 - HKLM..\Run: [dla] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
    O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
    O4 - HKLM..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
    O4 - HKLM..\Run: [TDispVol] C:\WINDOWS\System32\TDispVol.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [THotkey] C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe (TOSHIBA)
    O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [USBToolTip] C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe (Pinnacle Systems GmbH)
    O4 - HKLM..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe (Alcatel-Lucent)
    O4 - HKCU..\Run: [RegistryBooster] C:\Program Files\Uniblue\RegistryBooster\launcher.exe File not found
    O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
    O4 - HKCU..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe (Research In Motion Limited)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe (Matsushita Electric Industrial Co., Ltd.)
    O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe ()
    O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\SDK Tray Menu.lnk = C:\Sun\SDK\jdk\bin\javaw.exe (Sun Microsystems, Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
    O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
    O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
    O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
    O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
    O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
    O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.0.cab (DownloadManager Control)
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab (Windows Live Safety Center Base Module)
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
    O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.com/controls/cpcScanner.cab (Crucial cpcScan)
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab (MSN Games - Installer)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
    O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
    O16 - DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} http://mobileapps.blackberry.com/devicesoftware/AxLoader.cab (RIM AxLoader)
    O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} http://driveragent.com/files/driveragent.cab (Driver Agent ActiveX Control)
    O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.3.0.cab (DLM Control)
    O16 - DPF: Web-Based Email Tools http://email.secureserver.net/Download.CAB (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
    O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2007/04/09 15:47:54 | 000,000,095 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: WmdmPmSp - File not found

    Drivers32: aux - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
    Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
    Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
    Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
    Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
    Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: VIDC.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
    Drivers32: VIDC.IYUV - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
    Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
    Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
    Drivers32: VIDC.MJPG - C:\WINDOWS\System32\pvmjpg30.dll (Pegasus Imaging Corporation)
    Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
    Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
    Drivers32: VIDC.UYVY - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
    Drivers32: VIDC.YUY2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
    Drivers32: VIDC.YVU9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
    Drivers32: VIDC.YVYU - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
    Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point (16902109354000384)

    ========== Files/Folders - Created Within 90 Days ==========

    [2010/09/05 13:53:11 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
    [2010/09/05 13:30:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\PriceGong
    [2010/09/05 01:41:18 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2010/09/05 01:38:24 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2010/09/05 01:38:24 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2010/09/05 01:38:24 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2010/09/05 01:38:24 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2010/09/05 01:38:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2010/09/05 01:32:03 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2010/09/04 01:14:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\tdsskiller
    [2010/09/03 14:53:59 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/09/03 14:53:57 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010/09/03 14:53:57 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware3
    [2010/09/03 14:52:47 | 006,153,376 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\sec info.exe
    [2010/09/02 10:15:35 | 006,153,376 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup-1.46.exe
    [2010/09/02 08:02:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Avira
    [2010/09/02 07:58:12 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
    [2010/09/02 07:58:10 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
    [2010/09/02 07:58:10 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
    [2010/09/02 07:58:10 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
    [2010/09/02 07:58:10 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
    [2010/09/02 07:58:10 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
    [2010/09/02 07:58:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
    [2010/09/02 07:40:28 | 005,272,448 | ---- | C] (Uniblue Systems Ltd ) -- C:\Documents and Settings\Owner\Desktop\registrybooster.exe
    [2010/09/02 07:27:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\AOL Saved PFC
    [2010/09/01 18:40:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\ElevatedDiagnostics
    [2010/09/01 18:34:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
    [2010/09/01 17:08:37 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\TFC.exe
    [2010/09/01 08:04:22 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware2
    [2010/08/31 07:05:30 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
    [2010/08/18 19:37:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\My Documents
    [2010/08/08 10:57:21 | 000,000,000 | ---D | C] -- C:\0beafcea724b194507f7ff04
    [2010/08/08 05:47:41 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
    [2010/07/24 20:30:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Unity
    [2010/07/24 19:20:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Unity
    [2010/07/24 19:20:04 | 000,000,000 | ---D | C] -- C:\Program Files\Unity
    [2010/07/24 19:11:04 | 000,000,000 | ---D | C] -- C:\.jagex_cache_32
    [2010/07/22 10:59:14 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Owner\IECompatCache
    [2010/07/18 04:46:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Saved Games
    [2010/07/18 04:45:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\iWin
    [2010/07/18 04:40:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Oberon Media
    [2010/07/18 04:35:01 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
    [2010/07/18 04:35:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Conduit
    [2010/07/18 04:35:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\TranslatorBar_1
    [2010/07/18 04:34:59 | 000,000,000 | ---D | C] -- C:\Program Files\TranslatorBar_1
    [2010/06/25 08:28:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Mortons carrier
    [2007/02/24 05:18:47 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\implode.dll
    [2006/02/15 12:25:00 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\DLLVGA.dll
    [1 C:\Documents and Settings\Owner\Application Data\*.tmp files -> C:\Documents and Settings\Owner\Application Data\*.tmp -> ]

    ========== Files - Modified Within 90 Days ==========

    [2010/09/05 13:53:11 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
    [2010/09/05 13:30:36 | 000,000,256 | ---- | M] () -- C:\WINDOWS\System32\pool.bin
    [2010/09/05 13:02:33 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\Owner\tray.pid
    [2010/09/05 13:01:23 | 000,000,246 | ---- | M] () -- C:\WINDOWS\system.ini
    [2010/09/05 13:00:57 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2010/09/05 13:00:46 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/09/05 13:00:44 | 000,000,256 | ---- | M] () -- C:\WINDOWS\tasks\Malwarebytes' Anti-Malware.job
    [2010/09/05 12:54:18 | 000,616,774 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
    [2010/09/05 12:54:18 | 000,508,020 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2010/09/05 12:54:18 | 000,097,720 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2010/09/05 12:49:39 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
    [2010/09/05 12:49:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/09/05 12:48:00 | 006,815,744 | ---- | M] () -- C:\Documents and Settings\Owner\ntuser.dat
    [2010/09/05 12:48:00 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
    [2010/09/05 08:44:24 | 003,837,097 | R--- | M] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
     
  25. dirtyboy103us

    dirtyboy103us TS Rookie Topic Starter Posts: 25

    3 of 4

    [2010/09/05 01:41:25 | 000,000,325 | RHS- | M] () -- C:\boot.ini
    [2010/09/05 01:29:13 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MBRCheck.exe
    [2010/09/04 15:24:18 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\nn3dfywv.exe
    [2010/09/04 01:13:08 | 001,188,006 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\tdsskiller.zip
    [2010/09/04 00:45:33 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\dds.scr
    [2010/09/03 14:54:02 | 000,000,765 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
    [2010/09/03 14:54:02 | 000,000,747 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/09/03 14:52:48 | 006,153,376 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\sec info.exe
    [2010/09/02 12:49:21 | 000,465,298 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\RootRepeal.rar
    [2010/09/02 10:15:40 | 006,153,376 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup-1.46.exe
    [2010/09/02 10:05:33 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\TFC.exe
    [2010/09/02 07:58:28 | 000,001,753 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
    [2010/09/02 07:55:33 | 044,092,504 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\avira_antivir_personal_en.exe
    [2010/09/02 07:40:30 | 005,272,448 | ---- | M] (Uniblue Systems Ltd ) -- C:\Documents and Settings\Owner\Desktop\registrybooster.exe
    [2010/09/02 07:27:45 | 000,000,603 | ---- | M] () -- C:\WINDOWS\win.ini
    [2010/09/02 07:27:37 | 000,000,004 | ---- | M] () -- C:\WINDOWS\msoffice.ini
    [2010/09/02 07:19:35 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
    [2010/09/01 18:27:55 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2010/09/01 17:33:36 | 000,002,607 | ---- | M] () -- C:\TIMSLINE.p10
    [2010/08/30 12:05:08 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2010/08/28 06:38:39 | 000,429,909 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\mortons floor 7.a.1
    [2010/08/27 19:04:45 | 000,039,544 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\mortons floor 7.JPG
    [2010/08/27 19:04:02 | 000,000,345 | -H-- | M] () -- C:\Documents and Settings\Owner\My Documents\Picasa.ini
    [2010/08/27 19:02:21 | 000,062,335 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\mortons floor 7.a.2.jpg
    [2010/08/27 19:01:01 | 000,465,619 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\mortons floor 7.a.1.png
    [2010/08/27 19:00:40 | 000,074,918 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\mortons floor 7.a.1.odg
    [2010/08/27 18:56:06 | 000,227,179 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\mortons floor 7.a.png
    [2010/08/27 18:53:32 | 000,074,996 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\mortons floor 7.a.odg
    [2010/08/27 18:31:41 | 000,247,359 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\mortons floor 6.a.png
    [2010/08/27 18:27:40 | 000,092,920 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\mortons floor 6.a.odg
    [2010/08/27 18:10:36 | 000,000,349 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\PCLECHAL.INI
    [2010/08/24 19:27:40 | 000,023,135 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\company.CSV
    [2010/08/21 16:41:50 | 000,000,020 | ---- | M] () -- C:\WINDOWS\Hposcv07.INI
    [2010/08/20 12:58:00 | 040,038,634 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Boxload.zip
    [2010/08/20 10:17:43 | 000,041,899 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\mortons floor 6.JPG
    [2010/08/20 10:03:56 | 000,041,389 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\mortons floor 5.JPG
    [2010/08/20 09:44:18 | 000,039,402 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\mortons floor 4.JPG
    [2010/08/19 23:31:26 | 000,001,859 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
    [2010/08/18 20:13:44 | 003,606,308 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
    [2010/08/18 19:11:36 | 000,034,495 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\mortons floor 3.JPG
    [2010/08/18 15:01:08 | 000,000,046 | ---- | M] () -- C:\Documents and Settings\Owner\jagex_runescape_preferences.dat
    [2010/08/18 14:58:24 | 000,000,099 | ---- | M] () -- C:\Documents and Settings\Owner\jagex_runescape_preferences2.dat
    [2010/08/14 07:27:24 | 000,322,728 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2010/07/22 08:58:09 | 009,160,917 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\B_Model_Single_Evaporator_sm.pdf
    [2010/07/18 04:45:03 | 000,001,108 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Pogo Games.lnk
    [2010/06/25 08:30:13 | 003,630,788 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Mortons carrier.zip
    [2010/06/25 06:44:57 | 001,710,113 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\20-10_062009 sporlan distibutors.pdf
    [2010/06/25 04:49:05 | 000,069,632 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Proposal mortons plaza.doc
    [2010/06/25 04:46:09 | 000,069,632 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Proposal.doc
    [2010/06/17 14:39:00 | 003,682,611 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\50A Installation.pdf
    [2010/06/17 14:17:52 | 000,135,483 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Morton's Market Rev. 2 Proposal.docx
    [2010/06/17 07:11:14 | 000,100,864 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\whitemountainrepair50tc05061610.doc
    [1 C:\Documents and Settings\Owner\Application Data\*.tmp files -> C:\Documents and Settings\Owner\Application Data\*.tmp -> ]

    ========== Files Created - No Company Name ==========
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...