TechSpot

Rundll32.exe causes pc to freeze and is at 100% cpu usage

By Donnegs
Dec 2, 2010
  1. Help, computer freezes up whenever i open up a browser (slimbrowser or IE) and causes rundll32.exe to cause my pc to go to 100 cpu usage, thus rendering it unsable..
    here is the hijackthis log:

    [HJT log removed - Broni]
     
  2. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  3. Donnegs

    Donnegs TS Rookie Topic Starter Posts: 18

    Log results

    Thank you. Here are the results of my logs:
    Malwarebytes:
    Malwarebytes' Anti-Malware 1.50
    www.malwarebytes.org

    Database version: 5237

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    12/3/2010 6:56:09 PM
    mbam-log-2010-12-03 (18-56-09).txt

    Scan type: Quick scan
    Objects scanned: 165167
    Time elapsed: 3 minute(s), 43 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    gmer:
    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit quick scan 2010-12-03 18:58:57
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 WDC_WD1200JB-00FUA0 rev.15.05R15
    Running: gmer.exe; Driver: C:\DOCUME~1\Andrew\LOCALS~1\Temp\kwlyrpoc.sys


    ---- System - GMER 1.0.15 ----

    SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwEnumerateKey [0xB823B710]
    SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwEnumerateValueKey [0xB823B7F0]
    SSDT \??\C:\WINDOWS\system32\drivers\HFCore.sys ZwQueryDirectoryFile [0xB84B0050]

    ---- Devices - GMER 1.0.15 ----

    Device \Driver\atapi \Device\Ide\IdePort0 [F7843B40] atapi.sys[unknown section] {MOV EAX, 0x8a2063f0; XCHG [ESP], EAX; PUSH EAX; PUSH 0xf751b684; RET }
    Device atapi.sys (IDE/ATAPI Port Driver/Microsoft Corporation)
    Device \Driver\atapi \Device\Ide\IdePort1 [F7843B40] atapi.sys[unknown section] {MOV EAX, 0x8a2063f0; XCHG [ESP], EAX; PUSH EAX; PUSH 0xf751b684; RET }
    Device \Driver\SI3112r \Device\Scsi\SI3112r1 8A1BB0E8
    Device \Driver\dtscsi \Device\Scsi\dtscsi1 89BBA318
    Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 89BBA318
    Device 8A1BBBF8
    Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
    Device \Driver\Tcpip \Device\Ip afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
    Device \Driver\Tcpip \Device\Tcp afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
    Device \Driver\Tcpip \Device\Udp afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
    Device \Driver\Tcpip \Device\RawIp afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)

    ---- EOF - GMER 1.0.15 ----

    DDS:

    DDS (Ver_10-11-27.01) - NTFSx86
    Run by Andrew at 18:59:39.85 on Fri 12/03/2010
    Internet Explorer: 8.0.6001.18702
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2342 [GMT -5:00]

    AV: Outpost Security Suite Pro *On-access scanning enabled* (Updated) {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}
    FW: Outpost Security Suite Pro *enabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
    C:\Program Files\LogMeIn\x86\RaMaint.exe
    C:\Program Files\LogMeIn\x86\LogMeIn.exe
    C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
    C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\TVersity\Media Server\MediaServer.exe
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\PrintKey2000\Printkey2000.exe
    C:\Documents and Settings\Andrew\Application Data\Dropbox\bin\Dropbox.exe
    C:\Program Files\Netropa\Onscreen Display\OSD.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\Documents and Settings\Andrew\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyOverride = *.local
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
    TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
    TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    mRun: [MULTIMEDIA KEYBOARD] c:\program files\netropa\multimedia keyboard\MMKeybd.exe
    mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
    mRun: [OutpostMonitor] "c:\progra~1\agnitum\outpos~1\op_mon.exe" /tray /noservice
    mRun: [OutpostFeedBack] "c:\program files\agnitum\outpost security suite pro\feedback.exe" /dump:eek:s_startup
    mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
    mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
    StartupFolder: c:\docume~1\andrew\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\andrew\application data\dropbox\bin\Dropbox.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\printk~1.lnk - c:\program files\printkey2000\Printkey2000.exe
    IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: Edit with Altova X&MLSpy - c:\program files\altova\xmlspy2008\spy.htm
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
    IE: {2222EF56-F49E-4d07-A14E-8D2B08766958} - c:\program files\altova\xmlspy2008\spy.htm
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {44627E97-789B-40d4-B5C2-58BD171129A1} - {A1A7E22D-1587-4230-8F16-081C68D21448} - c:\program files\agnitum\outpost security suite pro\ie_bar.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1286030481671
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
    Notify: LMIinit - LMIinit.dll
    AppInit_DLLs: c:\progra~1\agnitum\outpos~1\wl_hook.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
    SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
    mASetup: {5084F01D-458E-45EB-A6FD-692D4C9D2789} - c:\windows\system32\msiexec.exe /qn /fpu {5084F01D-458E-45EB-A6FD-692D4C9D2789}
    Hosts: 127.0.0.1 www.spywareinfo.com

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\andrew\applic~1\mozilla\firefox\profiles\it3ji75m.default\
    FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
    FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

    ============= SERVICES / DRIVERS ===============

    R0 SI3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\system32\drivers\SI3112r.sys [2007-8-29 116264]
    R1 HFCore;HFCore;c:\windows\system32\drivers\HFCore.sys [2006-5-30 18816]
    R1 msikbd2k;Multimedia Keyboard Filter Driver;c:\windows\system32\drivers\Msikbd2k.sys [2010-10-1 6656]
    R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [2010-10-2 713672]
    R2 acssrv;Agnitum Client Security Service;c:\progra~1\agnitum\outpos~1\acs.exe [2010-10-2 2035520]
    R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-9-27 374152]
    R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2010-5-31 12856]
    R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2010-10-3 47640]
    R2 MotoConnect Service;MotoConnect Service;c:\program files\motorola\motoconnectservice\MotoConnectService.exe [2010-11-1 91456]
    R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [2010-10-2 34280]
    R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [2010-10-2 267752]
    R3 ASWFilt;ASWFilt;c:\windows\system32\filt\ASWFilt.dll [2010-10-2 72232]
    R3 VBEngNT;VBEngNT;c:\windows\system32\drivers\VBEngNT.sys [2010-10-2 241088]
    R3 VBFilt;VBFilt;c:\windows\system32\filt\VBFilt.dll [2010-10-2 36168]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-10-2 135664]
    S2 nhksrv;Netropa NHK Server;c:\program files\netropa\multimedia keyboard\nhksrv.exe --> c:\program files\netropa\multimedia keyboard\nhksrv.exe [?]
    S3 androidusb;ADB Interface Driver;c:\windows\system32\drivers\motoandroid.sys [2010-11-1 25856]
    S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2010-11-1 42752]
    S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2010-10-2 27064]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S4 LMIRfsClientNP;LMIRfsClientNP; [x]
    S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-7-22 47128]
    S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]
    S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2009-3-30 366936]

    =============== Created Last 30 ================

    2010-12-03 13:43:05 -------- d-----w- c:\docume~1\andrew\applic~1\Malwarebytes
    2010-12-03 13:42:59 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-12-03 13:42:59 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
    2010-12-03 13:42:54 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-12-03 13:42:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-12-03 02:10:09 -------- d-sh--w- c:\documents and settings\andrew\IECompatCache
    2010-11-28 00:07:22 -------- d-----w- c:\program files\iTunes
    2010-11-28 00:07:22 -------- d-----w- c:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    2010-11-28 00:02:56 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
    2010-11-28 00:02:56 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
    2010-11-28 00:02:55 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
    2010-11-28 00:02:55 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
    2010-11-28 00:02:55 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
    2010-11-28 00:02:54 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin7.dll
    2010-11-28 00:02:54 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin6.dll
    2010-11-28 00:02:54 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin5.dll
    2010-11-28 00:02:53 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin4.dll
    2010-11-28 00:02:53 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin3.dll
    2010-11-28 00:02:53 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin2.dll
    2010-11-28 00:02:53 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin.dll
    2010-11-28 00:01:24 -------- d-----w- c:\docume~1\andrew\locals~1\applic~1\Apple
    2010-11-21 18:37:34 971072 ----a-w- c:\windows\system32\drivers\vbcorent.sys
    2010-11-15 03:09:47 -------- d-----w- c:\program files\common files\Common Share
    2010-11-15 03:09:44 -------- d-----w- c:\program files\OJOsoft

    ==================== Find3M ====================

    2010-10-09 20:51:47 73 ----a-w- c:\windows\system32\ssprs.dll
    2010-10-09 20:51:46 205 ----a-w- c:\windows\system32\lsprst7.dll
    2010-10-07 17:23:02 91424 ----a-w- c:\windows\system32\dnssd.dll
    2010-10-07 17:23:02 75040 ----a-w- c:\windows\system32\jdns_sd.dll
    2010-10-07 17:23:02 197920 ----a-w- c:\windows\system32\dnssdX.dll
    2010-10-07 17:23:02 107808 ----a-w- c:\windows\system32\dns-sd.exe
    2010-10-03 02:11:36 3140 --sha-w- c:\docume~1\alluse~1\applic~1\KGyGaAvL.sys
    2010-10-03 02:08:36 8 --sh--r- c:\docume~1\alluse~1\applic~1\EE09D06103.sys
    2010-10-02 23:51:29 286720 ----a-w- c:\windows\iun507.exe
    2010-10-02 23:51:13 1025 ----a-w- c:\windows\system32\sysprs7.dll
    2010-10-02 23:51:13 1025 ----a-w- c:\windows\system32\clauth2.dll
    2010-10-02 23:51:13 1025 ----a-w- c:\windows\system32\clauth1.dll
    2010-09-27 18:50:44 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
    2010-09-27 18:49:26 53632 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
    2010-09-27 18:49:18 87424 ----a-w- c:\windows\system32\LMIinit.dll
    2010-09-27 18:49:18 29568 ----a-w- c:\windows\system32\LMIport.dll
    2010-09-18 16:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
    2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
    2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
    2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
    2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-09-10 05:58:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-09-10 05:58:06 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2010-09-08 16:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2010-09-08 16:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts

    ============= FINISH: 19:13:01.84 ===============

    Attach:

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-11-27.01)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 5/7/2005 11:24:05 AM
    System Uptime: 12/3/2010 8:38:27 AM (11 hours ago)

    Motherboard: ASUSTeK Computer INC. | | A7N8X-E
    Processor: AMD Athlon(tm) XP 2500+ | Socket A | 1837/166mhz

    ==== Disk Partitions =========================

    A: is Removable
    C: is FIXED (NTFS) - 54 GiB total, 26.448 GiB free.
    D: is FIXED (NTFS) - 58 GiB total, 37.568 GiB free.
    E: is FIXED (NTFS) - 39 GiB total, 19.169 GiB free.
    F: is FIXED (NTFS) - 147 GiB total, 59.517 GiB free.
    G: is CDROM ()
    H: is CDROM ()
    M: is FIXED (NTFS) - 932 GiB total, 546.787 GiB free.

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP1: 10/31/2010 10:32:06 AM - System Checkpoint
    RP2: 10/31/2010 10:38:39 AM - 10-31-10
    RP3: 11/1/2010 6:52:26 PM - System Checkpoint
    RP4: 11/1/2010 7:05:15 PM - Installed RSDLite
    RP5: 11/1/2010 7:06:48 PM - Installed Motorola Driver Installation 4.6.5
    RP6: 11/1/2010 8:07:32 PM - Installed Windows XP Wdf01007.
    RP7: 11/3/2010 9:14:24 PM - System Checkpoint
    RP8: 11/4/2010 10:26:27 PM - System Checkpoint
    RP9: 11/6/2010 3:05:51 PM - System Checkpoint
    RP10: 11/7/2010 2:21:32 PM - System Checkpoint
    RP11: 11/8/2010 2:42:21 PM - System Checkpoint
    RP12: 11/9/2010 3:11:22 PM - System Checkpoint
    RP13: 11/10/2010 4:11:24 PM - System Checkpoint
    RP14: 11/11/2010 4:14:50 PM - System Checkpoint
    RP15: 11/12/2010 4:37:12 PM - System Checkpoint
    RP16: 11/13/2010 4:41:31 PM - System Checkpoint
    RP17: 11/14/2010 8:37:49 PM - System Checkpoint
    RP18: 11/15/2010 9:00:08 PM - System Checkpoint
    RP19: 11/16/2010 9:54:53 PM - System Checkpoint
    RP20: 11/17/2010 10:59:59 PM - System Checkpoint
    RP21: 11/18/2010 11:25:03 PM - System Checkpoint
    RP22: 11/20/2010 12:01:23 AM - System Checkpoint
    RP23: 11/21/2010 1:33:36 AM - System Checkpoint
    RP24: 11/22/2010 3:03:31 PM - System Checkpoint
    RP25: 11/23/2010 7:53:01 PM - System Checkpoint
    RP26: 11/24/2010 8:22:12 PM - System Checkpoint
    RP27: 11/25/2010 9:39:12 PM - System Checkpoint
    RP28: 11/26/2010 10:27:49 PM - System Checkpoint
    RP29: 11/27/2010 7:03:27 PM - Installed iTunes
    RP30: 11/28/2010 11:04:15 PM - System Checkpoint
    RP31: 1/1/2002 12:35:09 AM - System Checkpoint
    RP32: 11/29/2010 8:25:28 PM - System Checkpoint
    RP33: 11/30/2010 10:35:47 PM - System Checkpoint
    RP34: 12/1/2010 11:24:02 PM - System Checkpoint
    RP35: 12/2/2010 11:52:23 PM - System Checkpoint

    ==== Installed Programs ======================

    Sansa Media Converter
    µTorrent
    ABBYY FineReader 5.0 Sprint
    Add or Remove Adobe Creative Suite 3 Master Collection
    Adobe Acrobat 8 Professional
    Adobe After Effects CS3 Presets
    Adobe Anchor Service CS3
    Adobe Asset Services CS3
    Adobe Bridge CS3
    Adobe Bridge Start Meeting
    Adobe BridgeTalk Plugin CS3
    Adobe Camera Raw 4.0
    Adobe CMaps
    Adobe Color - Photoshop Specific
    Adobe Color Common Settings
    Adobe Color EU Extra Settings
    Adobe Color JA Extra Settings
    Adobe Color NA Recommended Settings
    Adobe Contribute CS3
    Adobe Creative Suite 3 Master Collection
    Adobe Default Language CS3
    Adobe Device Central CS3
    Adobe Dreamweaver CS3
    Adobe Encore CS3 Codecs
    Adobe ExtendScript Toolkit 2
    Adobe Extension Manager CS3
    Adobe Fireworks CS3
    Adobe Flash CS3
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 9 Plugin
    Adobe Flash Video Encoder
    Adobe Fonts All
    Adobe Help Viewer CS3
    Adobe Illustrator CS3
    Adobe InDesign CS3
    Adobe InDesign CS3 Icon Handler
    Adobe Linguistics CS3
    Adobe MotionPicture Color Files
    Adobe PDF Library Files
    Adobe Photoshop CS3
    Adobe Premiere Pro CS3 Functional Content
    Adobe Premiere Pro CS3 Third Party Content
    Adobe Setup
    Adobe SING CS3
    Adobe Soundbooth CS3 Codecs
    Adobe Stock Photos CS3
    Adobe Type Support
    Adobe Update Manager CS3
    Adobe Version Cue CS3 Client
    Adobe Version Cue CS3 Server
    Adobe Video Profiles
    Adobe WAS CS3
    Adobe WinSoft Linguistics Plugin
    Adobe XMP DVA Panels CS3
    Adobe XMP Panels CS3
    AHV content for Acrobat and Flash
    Altova XMLSpy® 2008 rel. 2 Enterprise Edition
    AnyDVD
    APC PowerChute Personal Edition
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ArcSoft PhotoStudio 5.5
    ArcSoft Software Suite
    ASUS Probe V2.21.08
    Auslogics Disk Defrag
    AVIGenerator V1.0.0.0
    AviSynth 2.5
    BadCopy Pro
    Blaze Media Pro
    Bonjour
    BookSmart® 2.9.1 2.9.1
    Bulk Rename Utility 2.7.1.1
    cam2pc Freeware Edition (remove only)
    Canon CanoScan LiDE 600F User Registration
    Canon CanoScan Toolbox 5.0
    CanoScan LiDE 600F
    CCleaner
    CD/DVD Diagnostic
    CD/DVD Inspector
    Client Activator 2.2 - English
    CloneDVD2
    Cucusoft MPEG to DVD Author 1.06
    Cucusoft MPEG/MOV/RM/DivX/AVI to DVD/VCD/SVCD Creator Pro 7.07
    Dropbox
    DVD Decrypter (Remove Only)
    DVDx
    EasyRecovery Professional
    EssentialPIM
    FlashPeak SlimBrowser
    Google Toolbar for Internet Explorer
    Google Update Helper
    Handbrake 0.9.4
    HijackThis 2.0.2
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB915800-v4)
    Hotfix for Windows XP (KB942288-v3)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB958655-v2)
    Hotfix for Windows XP (KB961118)
    iPod for Windows 2005-02-22
    IrfanView (remove only)
    iTunes
    Lexmark X1100 Series
    Logitech Gaming Software
    LogMeIn
    LUMIX Simple Viewer
    Malwarebytes' Anti-Malware
    Marvell Miniport Driver
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft .NET Framework 4 Multi-Targeting Pack
    Microsoft Application Error Reporting
    Microsoft ASP.NET MVC 2
    Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
    Microsoft Base Smart Card Cryptographic Service Provider Package
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Help Viewer 1.0
    Microsoft IntelliPoint 5.5
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Visio MUI (English) 2007
    Microsoft Office Visio Professional 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft Silverlight 3 SDK
    Microsoft Software Update for Web Folders (English) 12
    Microsoft SQL Server 2008
    Microsoft SQL Server 2008 Browser
    Microsoft SQL Server 2008 Common Files
    Microsoft SQL Server 2008 Database Engine Services
    Microsoft SQL Server 2008 Database Engine Shared
    Microsoft SQL Server 2008 Native Client
    Microsoft SQL Server 2008 R2 Data-Tier Application Framework
    Microsoft SQL Server 2008 R2 Data-Tier Application Project
    Microsoft SQL Server 2008 R2 Management Objects
    Microsoft SQL Server 2008 R2 Transact-SQL Language Service
    Microsoft SQL Server 2008 RsFx Driver
    Microsoft SQL Server 2008 Setup Support Files
    Microsoft SQL Server Compact 3.5 SP2 ENU
    Microsoft SQL Server Database Publishing Wizard 1.4
    Microsoft SQL Server System CLR Types
    Microsoft SQL Server VSS Writer
    Microsoft Sync Framework Runtime v1.0 SP1 (x86)
    Microsoft Sync Framework SDK v1.0 SP1
    Microsoft Sync Framework Services v1.0 SP1 (x86)
    Microsoft Sync Services for ADO.NET v2.0 SP1 (x86)
    Microsoft Team Foundation Server 2010 Object Model - ENU
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
    Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
    Microsoft Visual F# 2.0 Runtime
    Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
    Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
    Microsoft Visual Studio Macro Tools
    mkv2vob
    Motorola Driver Installation 4.6.5
    Mozilla Firefox (3.6)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Nero 8
    neroxml
    Netviewer V1.2.5.104
    Norton PartitionMagic
    Norton PartitionMagic 8.0
    NVIDIA Drivers
    OJOsoft Total Video Converter
    Outpost Security Suite Pro 7.0.3
    PDF Settings
    Perforce Visual Components
    PHOTOfunSTUDIO -viewer-
    Playback 2.3.0.4
    PowerDVD
    PowerISO
    Presto! PageManager 7.15.14
    PrintKey2000
    PS3 Video 9 5.04
    QuickTime
    RescuePRO™ 3.0
    Revo Uninstaller Pro 2.2.3
    Rhapsody
    RSDLite
    Sansa Media Converter
    ScanSoft OmniPage SE 4.0
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Encoder (KB954156)
    Security Update for Windows Media Encoder (KB979332)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player (KB979402)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Search 4 - KB963093
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2183461)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981349)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Service Pack 1 for SQL Server 2008 (KB968369)
    SiSoftware Sandra Professional 2005.SR1 (Win64/32/CE)
    Spybot - Search & Destroy
    Sql Server Customer Experience Improvement Program
    The Rosetta Stone
    TVersity Codec Pack 1.2
    TVersity Media Server 1.7.4.1 Beta
    Ulead Data-Add 2.0
    Ulead DVD MovieFactory 4.0
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Windows (KB971513)
    Update for Windows Internet Explorer 8 (KB2362765)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973815)
    VCRedistSetup
    ViewMate(TM) Office Keyboard KP102/KP202
    Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
    VLC media player 1.0.3
    Web Deployment Tool
    WebFldrs XP
    Winamp
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Genuine Advantage Validation v1.9.40.0 Cracked V4
    Windows Internet Explorer 8
    Windows Media Encoder 9 Series
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Search 4.0
    Windows XP Service Pack 3
    WinRAR archiver
    Xilisoft DVD Ripper Ultimate
    Xvid 1.2.2 final uninstall

    ==== Event Viewer Messages From Past Week ========

    12/3/2010 8:23:35 AM, error: Service Control Manager [7034] - The Ulead Burning Helper service terminated unexpectedly. It has done this 1 time(s).
    12/3/2010 8:23:35 AM, error: Service Control Manager [7034] - The TVersityMediaServer service terminated unexpectedly. It has done this 1 time(s).
    12/3/2010 8:23:35 AM, error: Service Control Manager [7034] - The SQL Server VSS Writer service terminated unexpectedly. It has done this 1 time(s).
    12/3/2010 8:23:34 AM, error: Service Control Manager [7034] - The Nero BackItUp Scheduler 3 service terminated unexpectedly. It has done this 1 time(s).
    12/3/2010 8:23:33 AM, error: Service Control Manager [7034] - The LogMeIn service terminated unexpectedly. It has done this 1 time(s).
    12/3/2010 8:23:33 AM, error: Service Control Manager [7034] - The LogMeIn Maintenance Service service terminated unexpectedly. It has done this 1 time(s).
    12/3/2010 8:23:33 AM, error: Service Control Manager [7031] - The MotoConnect Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 6000 milliseconds: Restart the service.
    12/3/2010 8:23:32 AM, error: Service Control Manager [7034] - The LMIGuardianSvc service terminated unexpectedly. It has done this 1 time(s).
    12/3/2010 8:23:32 AM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
    12/3/2010 8:23:31 AM, error: Service Control Manager [7034] - The LexBce Server service terminated unexpectedly. It has done this 1 time(s).
    12/3/2010 8:23:31 AM, error: Service Control Manager [7034] - The APC UPS Service service terminated unexpectedly. It has done this 1 time(s).
    12/3/2010 8:23:31 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    11/30/2010 5:03:25 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the TVersityMediaServer service to connect.
    11/30/2010 4:31:56 PM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer ACER-LAPTOP that believes that it is the master browser for the domain on transport NetBT_Tcpip_{F5FDF3B8-C6EB-46. The master browser is stopping or an election is being forced.
    11/27/2010 7:48:26 PM, error: Service Control Manager [7000] - The Netropa NHK Server service failed to start due to the following error: The system cannot find the file specified.
    11/27/2010 7:48:26 PM, error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The system cannot find the file specified.

    ==== End Of File ===========================
     
  4. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    I don't see much, so far...

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.

    ===================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AVG Remover to uninstall it: http://www.avg.com/us-en/download-tools
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.pif
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  5. Donnegs

    Donnegs TS Rookie Topic Starter Posts: 18

    Result logs part 2

    MBRcheck:
    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows XP Professional
    Windows Information: Service Pack 3 (build 2600)
    Logical Drives Mask: 0x000010fd

    Kernel Drivers (total 165):
    0x804D7000 \WINDOWS\system32\ntoskrnl.exe
    0x806EE000 \WINDOWS\system32\hal.dll
    0xF7987000 \WINDOWS\system32\KDCOM.DLL
    0xF7897000 \WINDOWS\system32\BOOTVID.dll
    0xF7505000 sptd.sys
    0xF7989000 \WINDOWS\System32\Drivers\WMILIB.SYS
    0xF74ED000 \WINDOWS\System32\Drivers\SPTD6093.SYS
    0xF74BF000 ACPI.sys
    0xF74AE000 pci.sys
    0xF75F7000 isapnp.sys
    0xF7607000 ohci1394.sys
    0xF7617000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
    0xF789B000 compbatt.sys
    0xF789F000 \WINDOWS\system32\DRIVERS\BATTC.SYS
    0xF7A4F000 pciide.sys
    0xF7707000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    0xF7627000 MountMgr.sys
    0xF7878000 ftdisk.sys
    0xF798B000 dmload.sys
    0xF7852000 dmio.sys
    0xF770F000 PartMgr.sys
    0xF7637000 VolSnap.sys
    0xF783A000 atapi.sys
    0xF7967000 SI3112r.sys
    0xF794F000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
    0xF7647000 disk.sys
    0xF7657000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    0xF7A2F000 fltmgr.sys
    0xF7828000 sr.sys
    0xF78A3000 SiWinAcc.sys
    0xF7667000 PxHelp20.sys
    0xBA7E9000 KSecDD.sys
    0xBA75C000 Ntfs.sys
    0xBA72F000 NDIS.sys
    0xF7717000 nv_agp.sys
    0xBA715000 Mup.sys
    0xBA615000 \SystemRoot\system32\DRIVERS\amdk7.sys
    0xF77FF000 \SystemRoot\system32\DRIVERS\usbohci.sys
    0xBA02C000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0xF7807000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0xBA01A000 \SystemRoot\system32\DRIVERS\NVENET.sys
    0xBA605000 \SystemRoot\system32\drivers\nvax.sys
    0xB9FD4000 \SystemRoot\system32\DRIVERS\yk51x86.sys
    0xF7697000 \SystemRoot\system32\DRIVERS\imapi.sys
    0xB9FBC000 \SystemRoot\System32\Drivers\AnyDVD.sys
    0xBA6AD000 \SystemRoot\system32\drivers\iviaspi.sys
    0xF780F000 \SystemRoot\system32\drivers\Afc.sys
    0xF7817000 \SystemRoot\system32\drivers\pfc.sys
    0xF781F000 \SystemRoot\System32\Drivers\ULCDRHlp.sys
    0xF76A7000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0xF76B7000 \SystemRoot\system32\DRIVERS\redbook.sys
    0xB9F99000 \SystemRoot\system32\DRIVERS\ks.sys
    0xF773F000 \SystemRoot\SYSTEM32\DRIVERS\GEARAspiWDM.sys
    0xF76C7000 \SystemRoot\system32\DRIVERS\nic1394.sys
    0xB9DC9000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
    0xB9DB5000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    0xB9D6B000 \SystemRoot\System32\Drivers\dtscsi.sys
    0xF7747000 \SystemRoot\system32\DRIVERS\fdc.sys
    0xF76D7000 \SystemRoot\system32\DRIVERS\serial.sys
    0xBA601000 \SystemRoot\system32\DRIVERS\serenum.sys
    0xB9BD4000 \SystemRoot\system32\DRIVERS\parport.sys
    0xF76E7000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0xF79BB000 \SystemRoot\System32\DRIVERS\msikbd2k.sys
    0xF774F000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0xBA2E6000 \SystemRoot\system32\drivers\msmpu401.sys
    0xB9B10000 \SystemRoot\system32\drivers\portcls.sys
    0xF76F7000 \SystemRoot\system32\drivers\drmk.sys
    0xBA5FD000 \SystemRoot\system32\DRIVERS\gameenum.sys
    0xF7757000 \SystemRoot\system32\DRIVERS\afw.sys
    0xB9AD0000 \SystemRoot\system32\drivers\afwcore.sys
    0xF775F000 \SystemRoot\system32\drivers\TDI.SYS
    0xB99B6000 \SystemRoot\system32\DRIVERS\lmimirr.sys
    0xB99B5000 \SystemRoot\system32\DRIVERS\audstub.sys
    0xF748E000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0xBA5E1000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0xB9963000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0xF747E000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0xF746E000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0xB9952000 \SystemRoot\system32\DRIVERS\psched.sys
    0xF745E000 \SystemRoot\system32\DRIVERS\msgpc.sys
    0xF7767000 \SystemRoot\system32\DRIVERS\ptilink.sys
    0xF776F000 \SystemRoot\system32\DRIVERS\raspti.sys
    0xB9922000 \SystemRoot\system32\DRIVERS\rdpdr.sys
    0xF744E000 \SystemRoot\system32\DRIVERS\termdd.sys
    0xF7777000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0xF79BF000 \SystemRoot\system32\DRIVERS\swenum.sys
    0xB989C000 \SystemRoot\system32\DRIVERS\update.sys
    0xBA585000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0xBA581000 \SystemRoot\system32\drivers\WmBEnum.sys
    0xF743E000 \SystemRoot\system32\drivers\WmXlCore.sys
    0xF742E000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0xF79C1000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0xF741E000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0xB9813000 \SystemRoot\system32\drivers\nvapu.sys
    0xB9728000 \SystemRoot\system32\drivers\nvmcp.sys
    0xB9717000 \SystemRoot\system32\drivers\nvarm.sys
    0xF77E7000 \SystemRoot\system32\DRIVERS\flpydisk.sys
    0xF79CB000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0xF7A6F000 \SystemRoot\System32\Drivers\Null.SYS
    0xF79CD000 \SystemRoot\System32\Drivers\Beep.SYS
    0xF77F7000 \SystemRoot\System32\drivers\vga.sys
    0xF79CF000 \SystemRoot\System32\Drivers\mnmdd.SYS
    0xF79D1000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0xB9AC8000 \SystemRoot\System32\Drivers\Msfs.SYS
    0xB9AC0000 \SystemRoot\System32\Drivers\Npfs.SYS
    0xB8476000 \SystemRoot\System32\Drivers\Udfs.SYS
    0xB842E000 \SystemRoot\System32\Drivers\USIUDF.sys
    0xB9906000 \SystemRoot\system32\DRIVERS\rasacd.sys
    0xB83A3000 \SystemRoot\system32\DRIVERS\ipsec.sys
    0xB834A000 \SystemRoot\system32\DRIVERS\tcpip.sys
    0xB8322000 \SystemRoot\system32\DRIVERS\netbt.sys
    0xB8300000 \SystemRoot\System32\drivers\afd.sys
    0xB82DA000 \SystemRoot\system32\DRIVERS\ipnat.sys
    0xBA655000 \SystemRoot\system32\DRIVERS\netbios.sys
    0xBA645000 \SystemRoot\System32\Drivers\SCDEmu.SYS
    0xB81DE000 \??\C:\WINDOWS\system32\drivers\SandBox.sys
    0xBA635000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0xBA625000 \SystemRoot\system32\DRIVERS\arp1394.sys
    0xB83DA000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0xB9BC4000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0xB9AB8000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0xB9AB0000 \SystemRoot\system32\DRIVERS\NuidFltr.sys
    0xB9BB4000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS
    0xB813A000 \SystemRoot\system32\DRIVERS\Wdf01000.sys
    0xB83D6000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0xB9AA8000 \SystemRoot\system32\DRIVERS\point32.sys
    0xB9AA0000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    0xB83D2000 \SystemRoot\system32\DRIVERS\usbscan.sys
    0xB9A98000 \SystemRoot\system32\DRIVERS\usbprint.sys
    0xB9B94000 \??\C:\WINDOWS\system32\Filt\ASWFilt.dll
    0xB8101000 \??\C:\WINDOWS\system32\drivers\VBEngNT.sys
    0xB9A88000 \??\C:\WINDOWS\system32\Filt\VBFilt.dll
    0xB8015000 \SystemRoot\System32\Filt\tmp\v33c1r5z.vbt
    0xB7FEA000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0xBA2E2000 \SystemRoot\System32\Drivers\PQNTDrv.SYS
    0xB7F7A000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0xB84AF000 \??\C:\WINDOWS\system32\drivers\HFCore.sys
    0xB9697000 \SystemRoot\System32\Drivers\Fips.SYS
    0xB849F000 \SystemRoot\System32\Drivers\ElbyCDIO.sys
    0xB7F3A000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0xF79F3000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
    0xBF800000 \SystemRoot\System32\win32k.sys
    0xB81D6000 \SystemRoot\System32\drivers\Dxapi.sys
    0xB848F000 \SystemRoot\System32\watchdog.sys
    0xBF000000 \SystemRoot\System32\drivers\dxg.sys
    0xBA5D7000 \SystemRoot\System32\drivers\dxgthk.sys
    0xBF012000 \SystemRoot\System32\nv4_disp.dll
    0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
    0xB6CD8000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0xB61E7000 \SystemRoot\system32\DRIVERS\mrxdav.sys
    0xB5982000 \SystemRoot\system32\drivers\wdmaud.sys
    0xB6B3C000 \SystemRoot\system32\drivers\sysaudio.sys
    0xF79B7000 \SystemRoot\System32\Drivers\ParVdm.SYS
    0xF7AB5000 \??\C:\WINDOWS\system32\drivers\aslm75.sys
    0xF77C7000 \SystemRoot\System32\drivers\aspi32.sys
    0xF79E5000 \??\C:\Program Files\InfinaDyne\Shared\CDRPDACC.SYS
    0xB55A0000 \SystemRoot\system32\DRIVERS\srv.sys
    0xF799D000 \??\C:\Program Files\LogMeIn\x86\RaInfo.sys
    0xB9677000 \??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
    0xB56B0000 \SystemRoot\System32\Drivers\Cdfs.SYS
    0xB4C96000 \SystemRoot\System32\Drivers\HTTP.sys
    0xB47C2000 \??\C:\DOCUME~1\Andrew\LOCALS~1\Temp\kwlyrpoc.sys
    0xB253B000 \SystemRoot\System32\Filt\tmp\frfex197.vbt
    0xAF153000 \SystemRoot\system32\drivers\kmixer.sys
    0x7C900000 \WINDOWS\system32\ntdll.dll

    Processes (total 53):
    0 System Idle Process
    4 System
    1440 C:\WINDOWS\system32\smss.exe
    1688 csrss.exe
    1712 C:\WINDOWS\system32\winlogon.exe
    1772 C:\WINDOWS\system32\services.exe
    1784 C:\WINDOWS\system32\lsass.exe
    1956 C:\WINDOWS\system32\svchost.exe
    2044 svchost.exe
    436 C:\WINDOWS\system32\svchost.exe
    708 svchost.exe
    924 svchost.exe
    1184 C:\WINDOWS\system32\LEXBCES.EXE
    1208 C:\WINDOWS\system32\spoolsv.exe
    1228 C:\WINDOWS\system32\LEXPPS.EXE
    1344 svchost.exe
    1604 C:\WINDOWS\explorer.exe
    1728 acs.exe
    288 C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
    308 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    356 C:\Program Files\Bonjour\mDNSResponder.exe
    1464 C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
    1672 C:\Program Files\LogMeIn\x86\ramaint.exe
    976 C:\Program Files\LogMeIn\x86\LogMeIn.exe
    1024 C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
    1136 sqlservr.exe
    1456 C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
    388 C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    2052 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    2232 C:\WINDOWS\system32\svchost.exe
    2300 C:\Program Files\TVersity\Media Server\MediaServer.exe
    2492 C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    2576 C:\WINDOWS\system32\searchindexer.exe
    2780 C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
    2808 C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    2832 op_mon.exe
    2852 C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
    2888 C:\WINDOWS\system32\ctfmon.exe
    2932 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    3004 C:\Program Files\PrintKey2000\Printkey2000.exe
    3100 C:\Documents and Settings\Andrew\Application Data\Dropbox\bin\Dropbox.exe
    3784 C:\Program Files\Netropa\Onscreen Display\osd.exe
    2748 alg.exe
    432 C:\Program Files\SlimBrowser\sbrowser.exe
    736 C:\Program Files\SlimBrowser\sbrowser.exe
    3352 C:\Program Files\SlimBrowser\sbrowser.exe
    3564 C:\WINDOWS\system32\taskmgr.exe
    5872 C:\Program Files\Internet Explorer\iexplore.exe
    5264 C:\Program Files\Internet Explorer\iexplore.exe
    5464 C:\Program Files\Internet Explorer\iexplore.exe
    5012 C:\Documents and Settings\Andrew\Desktop\MBRCheck.exe
    5692 C:\WINDOWS\system32\searchprotocolhost.exe
    1088 searchfilterhost.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
    \\.\D: --> \\.\PhysicalDrive0 at offset 0x0000000d`6dbd4600 (NTFS)
    \\.\E: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)
    \\.\F: --> \\.\PhysicalDrive1 at offset 0x00000009`c45a5600 (NTFS)
    \\.\M: --> \\.\PhysicalDrive2 at offset 0x00000000`00007e00 (NTFS)

    PhysicalDrive0 Model Number: WDCWD1200JB-00FUA0, Rev: 15.05R15
    PhysicalDrive1 Model Number: WDCWD2000JB-00GVA0, Rev: 08.02D08
    PhysicalDrive2 Model Number: WD10EAVS External, Rev: 1.65

    Size Device Name MBR Status
    --------------------------------------------
    111 GB \\.\PhysicalDrive0 Windows XP MBR code detected
    SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
    186 GB \\.\PhysicalDrive1 Windows XP MBR code detected
    SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
    931 GB \\.\PhysicalDrive2 RE: Western Digital MBR code detected
    SHA1: CCCF1B32EE08ECFB66B30883CFF6110F69219FEA


    Done!

    Combofix:
    ComboFix 10-12-03.01 - Andrew 12/03/2010 21:51:20.1.1 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2384 [GMT -5:00]
    Running from: c:\documents and settings\Andrew\Desktop\ComboFix.exe
    AV: Outpost Security Suite Pro *On-access scanning disabled* (Updated) {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}
    FW: Outpost Security Suite Pro *disabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}
    * Resident AV is active

    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\system32\lsprst7.dll
    c:\windows\system32\Memman.vxd
    c:\windows\system32\skinboxer43.dll
    c:\windows\system32\ssprs.dll
    c:\windows\system32\sstray.exe
    M:\Autorun.inf

    .
    ((((((((((((((((((((((((( Files Created from 2010-11-04 to 2010-12-04 )))))))))))))))))))))))))))))))
    .

    2010-12-03 13:43 . 2010-12-03 13:43 -------- d-----w- c:\documents and settings\Andrew\Application Data\Malwarebytes
    2010-12-03 13:42 . 2010-12-03 13:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-12-03 13:42 . 2010-11-29 22:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-12-03 13:42 . 2010-12-03 13:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-12-03 13:42 . 2010-11-29 22:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-12-03 02:10 . 2010-12-03 02:10 -------- d-sh--w- c:\documents and settings\Andrew\IECompatCache
    2010-11-28 00:07 . 2010-11-28 00:08 -------- d-----w- c:\program files\iTunes
    2010-11-28 00:07 . 2010-11-28 00:08 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    2010-11-28 00:02 . 2010-11-28 00:02 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
    2010-11-28 00:02 . 2010-11-28 00:02 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
    2010-11-28 00:02 . 2010-11-28 00:02 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
    2010-11-28 00:02 . 2010-11-28 00:02 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
    2010-11-28 00:02 . 2010-11-28 00:02 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
    2010-11-28 00:02 . 2010-11-28 00:02 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin7.dll
    2010-11-28 00:02 . 2010-11-28 00:02 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin6.dll
    2010-11-28 00:02 . 2010-11-28 00:02 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin5.dll
    2010-11-28 00:02 . 2010-11-28 00:02 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll
    2010-11-28 00:02 . 2010-11-28 00:02 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin3.dll
    2010-11-28 00:02 . 2010-11-28 00:02 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll
    2010-11-28 00:02 . 2010-11-28 00:02 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin.dll
    2010-11-28 00:01 . 2010-11-28 00:01 -------- d-----w- c:\documents and settings\Andrew\Local Settings\Application Data\Apple
    2010-11-28 00:01 . 2010-11-28 00:01 -------- d-----w- c:\program files\Apple Software Update
    2010-11-27 23:56 . 2010-11-28 00:07 -------- d-----w- c:\program files\Common Files\Apple
    2010-11-27 23:56 . 2010-11-27 23:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
    2010-11-21 18:37 . 2010-11-19 08:30 971072 ----a-w- c:\windows\system32\drivers\vbcorent.sys
    2010-11-15 03:09 . 2010-11-15 03:09 -------- d-----w- c:\program files\Common Files\Common Share
    2010-11-15 03:09 . 2010-11-15 03:09 -------- d-----w- c:\program files\OJOsoft

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-10-13 00:03 . 2010-10-10 00:21 2018272 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
    2010-10-10 00:21 . 2010-10-10 00:21 18368 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VSA\9.0\1033\ResourceCache.dll
    2010-10-07 17:23 . 2010-10-07 17:23 91424 ----a-w- c:\windows\system32\dnssd.dll
    2010-10-07 17:23 . 2010-10-07 17:23 75040 ----a-w- c:\windows\system32\jdns_sd.dll
    2010-10-07 17:23 . 2010-10-07 17:23 197920 ----a-w- c:\windows\system32\dnssdX.dll
    2010-10-07 17:23 . 2010-10-07 17:23 107808 ----a-w- c:\windows\system32\dns-sd.exe
    2010-10-03 02:11 . 2010-10-03 02:08 3140 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
    2010-10-03 02:08 . 2010-10-03 02:08 8 --sh--r- c:\documents and settings\All Users\Application Data\EE09D06103.sys
    2010-10-02 23:51 . 2010-10-02 23:51 286720 ----a-w- c:\windows\iun507.exe
    2010-10-02 19:03 . 2010-10-02 19:03 29184 ----a-r- c:\documents and settings\Andrew\Application Data\Microsoft\Installer\{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}\Icon21AE04E8.exe
    2010-10-02 18:59 . 2010-10-02 18:59 223128 ----a-w- c:\windows\system32\drivers\dtscsi.sys
    2010-10-02 18:56 . 2010-10-02 18:56 96384 ----a-w- c:\windows\system32\drivers\sptd6093.sys
    2010-10-02 18:56 . 2010-10-02 18:56 643072 ----a-w- c:\windows\system32\drivers\sptd.sys
    2010-09-27 18:50 . 2010-10-03 13:05 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
    2010-09-27 18:49 . 2010-10-03 13:05 53632 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
    2010-09-27 18:49 . 2010-10-03 13:05 29568 ----a-w- c:\windows\system32\LMIport.dll
    2010-09-27 18:49 . 2010-10-03 13:05 87424 ----a-w- c:\windows\system32\LMIinit.dll
    2010-09-18 16:23 . 2004-08-04 04:56 974848 ----a-w- c:\windows\system32\mfc42u.dll
    2010-09-18 06:53 . 2004-08-04 04:56 974848 ----a-w- c:\windows\system32\mfc42.dll
    2010-09-18 06:53 . 2001-08-23 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
    2010-09-18 06:53 . 2001-08-23 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
    2010-09-10 05:58 . 2004-08-04 04:56 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-09-10 05:58 . 2004-08-04 04:56 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2010-09-10 05:58 . 2004-08-04 04:56 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-09-08 16:17 . 2010-09-08 16:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2010-09-08 16:17 . 2010-09-08 16:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
    .

    ------- Sigcheck -------

    [7] 2009-08-06 . 62BB79160F86CD962F312C68C6239BFD . 53472 . . [7.4.7600.226] . . c:\windows\system32\dllcache\wuauclt.exe
    [7] 2004-08-04 . 4126D27CECE4471E00E425411F7306B5 . 111104 . . [5.4.3790.2180] . . c:\windows\$NtServicePackUninstall$\wuauclt.exe

    c:\windows\System32\wuauclt.exe ... is missing !!
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Andrew\Application Data\Dropbox\bin\DropboxExt.13.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Andrew\Application Data\Dropbox\bin\DropboxExt.13.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Andrew\Application Data\Dropbox\bin\DropboxExt.13.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Outpost]
    @="{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}"
    [HKEY_CLASSES_ROOT\CLSID\{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}]
    2010-08-27 15:40 283240 ----a-w- c:\program files\Agnitum\Outpost Security Suite Pro\op_shell.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\P4EXPCheckoutOverlay]
    @="{80E008A4-EAE7-4867-AEB0-1A245F070F25}"
    [HKEY_CLASSES_ROOT\CLSID\{80E008A4-EAE7-4867-AEB0-1A245F070F25}]
    2009-12-18 20:14 860160 ----a-w- c:\program files\Perforce\p4exp.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\P4EXPSyncdOverlay]
    @="{ADF262C1-E8FE-49BE-AD63-F77CD4A6CCD9}"
    [HKEY_CLASSES_ROOT\CLSID\{ADF262C1-E8FE-49BE-AD63-F77CD4A6CCD9}]
    2009-12-18 20:14 860160 ----a-w- c:\program files\Perforce\p4exp.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\P4EXPUpdateOverlay]
    @="{C550CDA2-37D7-4838-A9D7-65ECB1EB5AB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C550CDA2-37D7-4838-A9D7-65ECB1EB5AB2}]
    2009-12-18 20:14 860160 ----a-w- c:\program files\Perforce\p4exp.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-10-02 39408]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MULTIMEDIA KEYBOARD"="c:\program files\Netropa\Multimedia Keyboard\MMKeybd.exe" [2002-03-17 151552]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2005-12-05 461584]
    "OutpostMonitor"="c:\progra~1\Agnitum\OUTPOS~1\op_mon.exe" [2010-09-03 2840432]
    "OutpostFeedBack"="c:\program files\Agnitum\Outpost Security Suite Pro\feedback.exe" [2010-08-27 491288]
    "LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2010-05-31 63048]

    c:\documents and settings\Andrew\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\documents and settings\Andrew\Application Data\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Printkey2000.lnk - c:\program files\PrintKey2000\Printkey2000.exe [2010-10-2 869376]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
    2010-09-27 18:49 87424 ----a-w- c:\windows\system32\LMIinit.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ WinCinema Manager.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ WinCinema Manager.lnk
    backup=c:\windows\pss\ WinCinema Manager.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^APC UPS Status.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\APC UPS Status.lnk
    backup=c:\windows\pss\APC UPS Status.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LUMIX Simple Viewer.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\LUMIX Simple Viewer.lnk
    backup=c:\windows\pss\LUMIX Simple Viewer.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
    backup=c:\windows\pss\Windows Search.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^Andrew^Start Menu^Programs^Startup^Dropbox.lnk]
    path=c:\documents and settings\Andrew\Start Menu\Programs\Startup\Dropbox.lnk
    backup=c:\windows\pss\Dropbox.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
    2007-05-11 02:46 624248 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0EYTHM]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
    2007-09-20 19:35 202024 ----a-w- c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    2008-04-14 09:42 15360 ----a-w- c:\windows\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
    2006-10-27 04:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2010-11-18 01:59 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X1100 Series]
    2003-08-19 10:43 57344 ----a-w- c:\program files\Lexmark X1100 Series\lxbkbmgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
    2007-09-20 13:51 1836328 ----a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    2007-03-01 19:57 153136 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
    2006-10-11 16:45 75304 ----a-w- c:\program files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
    2008-11-02 08:38 167936 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-09-08 16:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
    2004-11-03 00:24 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
    2009-03-05 20:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
    2006-09-28 17:16 185896 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2010-10-02 23:29 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USIUDF_Eject_Monitor]
    2004-12-23 21:27 81920 ----a-w- c:\program files\Common Files\Ulead Systems\DVD\USISrv.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
    "c:\\Program Files\\Rhapsody\\rhapsody.exe"=
    "c:\\Program Files\\TVersity\\Media Server\\MediaServer.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Documents and Settings\\Andrew\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
    "3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
    "50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
    "50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
    "2799:UDP"= 2799:UDP:Altova License Metering Port (UDP)
    "2799:TCP"= 2799:TCP:Altova License Metering Port (TCP)

    R0 SI3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\system32\drivers\SI3112r.sys [8/29/2007 2:04 AM 116264]
    R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10/2/2010 1:56 PM 643072]
    R1 HFCore;HFCore;c:\windows\system32\drivers\HFCore.sys [5/30/2006 6:46 AM 18816]
    R1 msikbd2k;Multimedia Keyboard Filter Driver;c:\windows\system32\drivers\Msikbd2k.sys [10/1/2010 11:27 PM 6656]
    R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [10/2/2010 9:17 AM 713672]
    R2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\OUTPOS~1\acs.exe [10/2/2010 9:16 AM 2035520]
    R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [9/27/2010 1:47 PM 374152]
    R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [5/31/2010 10:31 AM 12856]
    R2 MotoConnect Service;MotoConnect Service;c:\program files\Motorola\MotoConnectService\MotoConnectService.exe [11/1/2010 6:07 PM 91456]
    R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [10/2/2010 9:16 AM 34280]
    R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [10/2/2010 9:17 AM 267752]
    R3 ASWFilt;ASWFilt;c:\windows\system32\Filt\ASWFilt.dll [10/2/2010 9:17 AM 72232]
    R3 VBEngNT;VBEngNT;c:\windows\system32\drivers\VBEngNT.sys [10/2/2010 9:17 AM 241088]
    R3 VBFilt;VBFilt;c:\windows\system32\Filt\VBFilt.dll [10/2/2010 9:17 AM 36168]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/2/2010 6:30 PM 135664]
    S2 nhksrv;Netropa NHK Server;c:\program files\Netropa\Multimedia Keyboard\nhksrv.exe --> c:\program files\Netropa\Multimedia Keyboard\nhksrv.exe [?]
    S3 androidusb;ADB Interface Driver;c:\windows\system32\drivers\motoandroid.sys [11/1/2010 6:07 PM 25856]
    S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [11/1/2010 6:07 PM 42752]
    S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [10/2/2010 9:14 PM 27064]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]
    S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [7/22/2009 10:08 PM 47128]
    S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [3/30/2009 2:09 AM 239336]
    S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [3/30/2009 2:23 AM 366936]

    --- Other Services/Drivers In Memory ---

    *Deregistered* - VBCoreNT.0

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5084F01D-458E-45EB-A6FD-692D4C9D2789}]
    2008-05-19 05:57 95744 ----a-w- c:\windows\system32\msiexec.exe
    .
    Contents of the 'Scheduled Tasks' folder

    2010-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-10-02 23:29]

    2010-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-10-02 23:29]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyOverride = *.local
    IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Edit with Altova X&MLSpy - c:\program files\Altova\XMLSpy2008\spy.htm
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
    FF - ProfilePath - c:\documents and settings\Andrew\Application Data\Mozilla\Firefox\Profiles\it3ji75m.default\
    FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    .
    - - - - ORPHANS REMOVED - - - -

    MSConfigStartUp-nForce Tray Options - sstray.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-12-03 22:05
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 5.1.2600 Disk: WDC_WD1200JB-00FUA0 rev.15.05R15 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4

    device: opened successfully
    user: MBR read successfully

    Disk trace:
    called modules: ntoskrnl.exe >>UNKNOWN [0x8A1BBA40]<<
    _asm { MOV EAX, 0x8a1bb960; XCHG [ESP], EAX; PUSH EAX; PUSH 0x8a209c94; RET ; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; }
    1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x8A13DAB8]
    \Driver\Disk[0x8A0A2900] -> IRP_MJ_CREATE -> 0x8A1BBA40
    kernel: MBR read successfully
    _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
    detected disk devices:
    detected hooks:
    \Driver\Disk -> 0x8a1bba40
    user & kernel MBR OK
    Warning: possible MBR rootkit infection !

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(1728)
    c:\windows\system32\LMIinit.dll
    c:\windows\system32\LMIRfsClientNP.dll

    - - - - - - - > 'explorer.exe'(3236)
    c:\windows\system32\WININET.dll
    c:\documents and settings\Andrew\Application Data\Dropbox\bin\DropboxExt.13.dll
    c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
    c:\program files\Agnitum\Outpost Security Suite Pro\op_shell.dll
    c:\program files\Perforce\p4exp.dll
    c:\windows\system32\msi.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\program files\ArcSoft\Software Suite\PhotoImpression\share\pihook.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    c:\windows\system32\LMIRfsClientNP.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\LEXBCES.EXE
    c:\windows\system32\LEXPPS.EXE
    c:\program files\APC\APC PowerChute Personal Edition\mainserv.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\LogMeIn\x86\RaMaint.exe
    c:\program files\Netropa\Onscreen Display\OSD.exe
    c:\program files\LogMeIn\x86\LogMeIn.exe
    c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
    c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
    c:\program files\Motorola\MotoConnectService\MotoConnect.exe
    c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    c:\program files\TVersity\Media Server\MediaServer.exe
    c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    c:\windows\system32\SearchIndexer.exe
    .
    **************************************************************************
    .
    Completion time: 2010-12-03 22:10:09 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-12-04 03:10

    Pre-Run: 28,271,353,856 bytes free
    Post-Run: 27,972,960,256 bytes free

    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

    - - End Of File - - D09599B335BA2E7E0980D358330038F3
     
  6. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    1. Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box.

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    File::
    c:\documents and settings\All Users\Application Data\EE09D06103.sys
    
    FCopy::
    c:\windows\system32\dllcache\wuauclt.exe | c:\windows\System32\wuauclt.exe
    
    
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
     
  7. Donnegs

    Donnegs TS Rookie Topic Starter Posts: 18

    Combofix log

    ComboFix 10-12-03.01 - Andrew 12/03/2010 22:36:08.2.1 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2422 [GMT -5:00]
    Running from: c:\documents and settings\Andrew\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Andrew\Desktop\CFScript.txt
    AV: Outpost Security Suite Pro *On-access scanning disabled* (Updated) {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}
    FW: Outpost Security Suite Pro *disabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}
    * Resident AV is active


    FILE ::
    "c:\documents and settings\All Users\Application Data\EE09D06103.sys"
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\All Users\Application Data\EE09D06103.sys

    .
    --------------- FCopy ---------------

    c:\windows\system32\dllcache\wuauclt.exe --> c:\windows\System32\wuauclt.exe
    .
    ((((((((((((((((((((((((( Files Created from 2010-11-04 to 2010-12-04 )))))))))))))))))))))))))))))))
    .

    2010-12-04 03:36 . 2009-08-06 23:24 53472 -c--a-w- c:\windows\system32\dllcache\wuauclt.exe
    2010-12-04 03:36 . 2009-08-06 23:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
    2010-12-03 13:43 . 2010-12-03 13:43 -------- d-----w- c:\documents and settings\Andrew\Application Data\Malwarebytes
    2010-12-03 13:42 . 2010-12-03 13:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-12-03 13:42 . 2010-11-29 22:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-12-03 13:42 . 2010-12-03 13:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-12-03 13:42 . 2010-11-29 22:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-12-03 02:10 . 2010-12-03 02:10 -------- d-sh--w- c:\documents and settings\Andrew\IECompatCache
    2010-11-28 00:07 . 2010-11-28 00:08 -------- d-----w- c:\program files\iTunes
    2010-11-28 00:07 . 2010-11-28 00:08 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    2010-11-28 00:02 . 2010-11-28 00:02 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
    2010-11-28 00:02 . 2010-11-28 00:02 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
    2010-11-28 00:02 . 2010-11-28 00:02 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
    2010-11-28 00:02 . 2010-11-28 00:02 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
    2010-11-28 00:02 . 2010-11-28 00:02 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
    2010-11-28 00:02 . 2010-11-28 00:02 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin7.dll
    2010-11-28 00:02 . 2010-11-28 00:02 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin6.dll
    2010-11-28 00:02 . 2010-11-28 00:02 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin5.dll
    2010-11-28 00:02 . 2010-11-28 00:02 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll
    2010-11-28 00:02 . 2010-11-28 00:02 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin3.dll
    2010-11-28 00:02 . 2010-11-28 00:02 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll
    2010-11-28 00:02 . 2010-11-28 00:02 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin.dll
    2010-11-28 00:01 . 2010-11-28 00:01 -------- d-----w- c:\documents and settings\Andrew\Local Settings\Application Data\Apple
    2010-11-28 00:01 . 2010-11-28 00:01 -------- d-----w- c:\program files\Apple Software Update
    2010-11-27 23:56 . 2010-11-28 00:07 -------- d-----w- c:\program files\Common Files\Apple
    2010-11-27 23:56 . 2010-11-27 23:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
    2010-11-21 18:37 . 2010-11-19 08:30 971072 ----a-w- c:\windows\system32\drivers\vbcorent.sys
    2010-11-15 03:09 . 2010-11-15 03:09 -------- d-----w- c:\program files\Common Files\Common Share
    2010-11-15 03:09 . 2010-11-15 03:09 -------- d-----w- c:\program files\OJOsoft

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-10-13 00:03 . 2010-10-10 00:21 2018272 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
    2010-10-10 00:21 . 2010-10-10 00:21 18368 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VSA\9.0\1033\ResourceCache.dll
    2010-10-07 17:23 . 2010-10-07 17:23 91424 ----a-w- c:\windows\system32\dnssd.dll
    2010-10-07 17:23 . 2010-10-07 17:23 75040 ----a-w- c:\windows\system32\jdns_sd.dll
    2010-10-07 17:23 . 2010-10-07 17:23 197920 ----a-w- c:\windows\system32\dnssdX.dll
    2010-10-07 17:23 . 2010-10-07 17:23 107808 ----a-w- c:\windows\system32\dns-sd.exe
    2010-10-03 02:11 . 2010-10-03 02:08 3140 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
    2010-10-02 23:51 . 2010-10-02 23:51 286720 ----a-w- c:\windows\iun507.exe
    2010-10-02 19:03 . 2010-10-02 19:03 29184 ----a-r- c:\documents and settings\Andrew\Application Data\Microsoft\Installer\{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}\Icon21AE04E8.exe
    2010-10-02 18:59 . 2010-10-02 18:59 223128 ----a-w- c:\windows\system32\drivers\dtscsi.sys
    2010-10-02 18:56 . 2010-10-02 18:56 96384 ----a-w- c:\windows\system32\drivers\sptd6093.sys
    2010-10-02 18:56 . 2010-10-02 18:56 643072 ----a-w- c:\windows\system32\drivers\sptd.sys
    2010-09-27 18:50 . 2010-10-03 13:05 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
    2010-09-27 18:49 . 2010-10-03 13:05 53632 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
    2010-09-27 18:49 . 2010-10-03 13:05 29568 ----a-w- c:\windows\system32\LMIport.dll
    2010-09-27 18:49 . 2010-10-03 13:05 87424 ----a-w- c:\windows\system32\LMIinit.dll
    2010-09-18 16:23 . 2004-08-04 04:56 974848 ----a-w- c:\windows\system32\mfc42u.dll
    2010-09-18 06:53 . 2004-08-04 04:56 974848 ----a-w- c:\windows\system32\mfc42.dll
    2010-09-18 06:53 . 2001-08-23 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
    2010-09-18 06:53 . 2001-08-23 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
    2010-09-10 05:58 . 2004-08-04 04:56 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-09-10 05:58 . 2004-08-04 04:56 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2010-09-10 05:58 . 2004-08-04 04:56 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-09-08 16:17 . 2010-09-08 16:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2010-09-08 16:17 . 2010-09-08 16:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Andrew\Application Data\Dropbox\bin\DropboxExt.13.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Andrew\Application Data\Dropbox\bin\DropboxExt.13.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Andrew\Application Data\Dropbox\bin\DropboxExt.13.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Outpost]
    @="{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}"
    [HKEY_CLASSES_ROOT\CLSID\{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}]
    2010-08-27 15:40 283240 ----a-w- c:\program files\Agnitum\Outpost Security Suite Pro\op_shell.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\P4EXPCheckoutOverlay]
    @="{80E008A4-EAE7-4867-AEB0-1A245F070F25}"
    [HKEY_CLASSES_ROOT\CLSID\{80E008A4-EAE7-4867-AEB0-1A245F070F25}]
    2009-12-18 20:14 860160 ----a-w- c:\program files\Perforce\p4exp.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\P4EXPSyncdOverlay]
    @="{ADF262C1-E8FE-49BE-AD63-F77CD4A6CCD9}"
    [HKEY_CLASSES_ROOT\CLSID\{ADF262C1-E8FE-49BE-AD63-F77CD4A6CCD9}]
    2009-12-18 20:14 860160 ----a-w- c:\program files\Perforce\p4exp.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\P4EXPUpdateOverlay]
    @="{C550CDA2-37D7-4838-A9D7-65ECB1EB5AB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C550CDA2-37D7-4838-A9D7-65ECB1EB5AB2}]
    2009-12-18 20:14 860160 ----a-w- c:\program files\Perforce\p4exp.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-10-02 39408]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MULTIMEDIA KEYBOARD"="c:\program files\Netropa\Multimedia Keyboard\MMKeybd.exe" [2002-03-17 151552]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2005-12-05 461584]
    "OutpostMonitor"="c:\progra~1\Agnitum\OUTPOS~1\op_mon.exe" [2010-09-03 2840432]
    "OutpostFeedBack"="c:\program files\Agnitum\Outpost Security Suite Pro\feedback.exe" [2010-08-27 491288]
    "LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2010-05-31 63048]

    c:\documents and settings\Andrew\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\documents and settings\Andrew\Application Data\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Printkey2000.lnk - c:\program files\PrintKey2000\Printkey2000.exe [2010-10-2 869376]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
    2010-09-27 18:49 87424 ----a-w- c:\windows\system32\LMIinit.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ WinCinema Manager.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ WinCinema Manager.lnk
    backup=c:\windows\pss\ WinCinema Manager.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^APC UPS Status.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\APC UPS Status.lnk
    backup=c:\windows\pss\APC UPS Status.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LUMIX Simple Viewer.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\LUMIX Simple Viewer.lnk
    backup=c:\windows\pss\LUMIX Simple Viewer.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
    backup=c:\windows\pss\Windows Search.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^Andrew^Start Menu^Programs^Startup^Dropbox.lnk]
    path=c:\documents and settings\Andrew\Start Menu\Programs\Startup\Dropbox.lnk
    backup=c:\windows\pss\Dropbox.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
    2007-05-11 02:46 624248 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0EYTHM]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
    2007-09-20 19:35 202024 ----a-w- c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    2008-04-14 09:42 15360 ----a-w- c:\windows\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
    2006-10-27 04:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2010-11-18 01:59 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X1100 Series]
    2003-08-19 10:43 57344 ----a-w- c:\program files\Lexmark X1100 Series\lxbkbmgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
    2007-09-20 13:51 1836328 ----a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    2007-03-01 19:57 153136 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
    2006-10-11 16:45 75304 ----a-w- c:\program files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
    2008-11-02 08:38 167936 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-09-08 16:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
    2004-11-03 00:24 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
    2009-03-05 20:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
    2006-09-28 17:16 185896 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2010-10-02 23:29 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USIUDF_Eject_Monitor]
    2004-12-23 21:27 81920 ----a-w- c:\program files\Common Files\Ulead Systems\DVD\USISrv.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
    "c:\\Program Files\\Rhapsody\\rhapsody.exe"=
    "c:\\Program Files\\TVersity\\Media Server\\MediaServer.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Documents and Settings\\Andrew\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
    "3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
    "50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
    "50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
    "2799:UDP"= 2799:UDP:Altova License Metering Port (UDP)
    "2799:TCP"= 2799:TCP:Altova License Metering Port (TCP)

    R0 SI3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\system32\drivers\SI3112r.sys [8/29/2007 2:04 AM 116264]
    R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10/2/2010 1:56 PM 643072]
    R1 HFCore;HFCore;c:\windows\system32\drivers\HFCore.sys [5/30/2006 6:46 AM 18816]
    R1 msikbd2k;Multimedia Keyboard Filter Driver;c:\windows\system32\drivers\Msikbd2k.sys [10/1/2010 11:27 PM 6656]
    R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [10/2/2010 9:17 AM 713672]
    R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [9/27/2010 1:47 PM 374152]
    R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [5/31/2010 10:31 AM 12856]
    R2 MotoConnect Service;MotoConnect Service;c:\program files\Motorola\MotoConnectService\MotoConnectService.exe [11/1/2010 6:07 PM 91456]
    R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [10/2/2010 9:16 AM 34280]
    R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [10/2/2010 9:17 AM 267752]
    R3 ASWFilt;ASWFilt;c:\windows\system32\Filt\ASWFilt.dll [10/2/2010 9:17 AM 72232]
    R3 VBEngNT;VBEngNT;c:\windows\system32\drivers\VBEngNT.sys [10/2/2010 9:17 AM 241088]
    R3 VBFilt;VBFilt;c:\windows\system32\Filt\VBFilt.dll [10/2/2010 9:17 AM 36168]
    S2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\OUTPOS~1\acs.exe [10/2/2010 9:16 AM 2035520]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/2/2010 6:30 PM 135664]
    S2 nhksrv;Netropa NHK Server;c:\program files\Netropa\Multimedia Keyboard\nhksrv.exe --> c:\program files\Netropa\Multimedia Keyboard\nhksrv.exe [?]
    S3 androidusb;ADB Interface Driver;c:\windows\system32\drivers\motoandroid.sys [11/1/2010 6:07 PM 25856]
    S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [11/1/2010 6:07 PM 42752]
    S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [10/2/2010 9:14 PM 27064]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]
    S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [7/22/2009 10:08 PM 47128]
    S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [3/30/2009 2:09 AM 239336]
    S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [3/30/2009 2:23 AM 366936]

    --- Other Services/Drivers In Memory ---

    *Deregistered* - VBCoreNT.0

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5084F01D-458E-45EB-A6FD-692D4C9D2789}]
    2008-05-19 05:57 95744 ----a-w- c:\windows\system32\msiexec.exe
    .
    Contents of the 'Scheduled Tasks' folder

    2010-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-10-02 23:29]

    2010-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-10-02 23:29]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyOverride = *.local
    IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Edit with Altova X&MLSpy - c:\program files\Altova\XMLSpy2008\spy.htm
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
    FF - ProfilePath - c:\documents and settings\Andrew\Application Data\Mozilla\Firefox\Profiles\it3ji75m.default\
    FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-12-03 22:43
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 5.1.2600 Disk: WDC_WD1200JB-00FUA0 rev.15.05R15 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4

    device: opened successfully
    user: MBR read successfully

    Disk trace:
    called modules: ntoskrnl.exe catchme.sys >>UNKNOWN [0x8A1BBA40]<<
    c:\combofix\catchme.sys
    _asm { MOV EAX, 0x8a1bb960; XCHG [ESP], EAX; PUSH EAX; PUSH 0x8a209c94; RET ; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; }
    1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x8A13DAB8]
    \Driver\Disk[0x8A0A2900] -> IRP_MJ_CREATE -> 0x8A1BBA40
    kernel: MBR read successfully
    _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
    detected disk devices:
    detected hooks:
    \Driver\Disk -> 0x8a1bba40
    user & kernel MBR OK
    Warning: possible MBR rootkit infection !

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(1728)
    c:\windows\system32\LMIinit.dll
    c:\windows\system32\LMIRfsClientNP.dll
    .
    Completion time: 2010-12-03 22:46:51
    ComboFix-quarantined-files.txt 2010-12-04 03:46
    ComboFix2.txt 2010-12-04 03:10

    Pre-Run: 27,962,380,288 bytes free
    Post-Run: 27,955,130,368 bytes free

    - - End Of File - - B7BBD67CDFD2709BDEF04B8B042E270E
     
  8. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  9. Donnegs

    Donnegs TS Rookie Topic Starter Posts: 18

    Sent the log but it said its waiting for administrator approval.
     
  10. Donnegs

    Donnegs TS Rookie Topic Starter Posts: 18

    Clicked on continue, not skip.

    Log:
    2010/12/03 23:01:22.0593 TDSS rootkit removing tool 2.4.10.1 Dec 2 2010 12:28:01
    2010/12/03 23:01:22.0593 ================================================================================
    2010/12/03 23:01:22.0593 SystemInfo:
    2010/12/03 23:01:22.0593
    2010/12/03 23:01:22.0593 OS Version: 5.1.2600 ServicePack: 3.0
    2010/12/03 23:01:22.0593 Product type: Workstation
    2010/12/03 23:01:22.0593 ComputerName: DON-451A1F95FB9
    2010/12/03 23:01:22.0593 UserName: Andrew
    2010/12/03 23:01:22.0593 Windows directory: C:\WINDOWS
    2010/12/03 23:01:22.0593 System windows directory: C:\WINDOWS
    2010/12/03 23:01:22.0593 Processor architecture: Intel x86
    2010/12/03 23:01:22.0593 Number of processors: 1
    2010/12/03 23:01:22.0593 Page size: 0x1000
    2010/12/03 23:01:22.0593 Boot type: Normal boot
    2010/12/03 23:01:22.0593 ================================================================================
    2010/12/03 23:01:31.0312 Initialize success
    2010/12/03 23:01:46.0718 ================================================================================
    2010/12/03 23:01:46.0718 Scan started
    2010/12/03 23:01:46.0718 Mode: Manual;
    2010/12/03 23:01:46.0718 ================================================================================
    2010/12/03 23:01:48.0109 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    2010/12/03 23:01:48.0171 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    2010/12/03 23:01:48.0312 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    2010/12/03 23:01:48.0390 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\WINDOWS\system32\drivers\Afc.sys
    2010/12/03 23:01:48.0484 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
    2010/12/03 23:01:48.0546 afw (14ba5ca5d11771ce8e8b6cc6830a2436) C:\WINDOWS\system32\DRIVERS\afw.sys
    2010/12/03 23:01:48.0640 afwcore (0a13e26a143f28cfbf53caec34a89512) C:\WINDOWS\system32\drivers\afwcore.sys
    2010/12/03 23:01:48.0875 AmdK7 (8fce268cdbdd83b23419d1f35f42c7b1) C:\WINDOWS\system32\DRIVERS\amdk7.sys
    2010/12/03 23:01:48.0984 androidusb (0a43169e115b5e9346a4ba1effcb04cb) C:\WINDOWS\system32\Drivers\motoandroid.sys
    2010/12/03 23:01:49.0078 AnyDVD (b8f9d3ae038810c6ea08e123cada765e) C:\WINDOWS\system32\Drivers\AnyDVD.sys
    2010/12/03 23:01:49.0140 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
    2010/12/03 23:01:49.0343 aslm75 (71356a1370739e25375a1d17b6ae318f) C:\WINDOWS\system32\drivers\aslm75.sys
    2010/12/03 23:01:49.0421 Aspi32 (54ab078660e536da72b21a27f56b035b) C:\WINDOWS\system32\drivers\aspi32.sys
    2010/12/03 23:01:49.0531 ASWFilt (0ebb41fcccfff32a3d35d5cad77eba8f) C:\WINDOWS\system32\Filt\ASWFilt.dll
    2010/12/03 23:01:49.0593 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    2010/12/03 23:01:49.0656 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    2010/12/03 23:01:49.0781 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    2010/12/03 23:01:49.0859 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    2010/12/03 23:01:49.0937 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    2010/12/03 23:01:50.0062 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    2010/12/03 23:01:50.0156 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    2010/12/03 23:01:50.0203 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    2010/12/03 23:01:50.0250 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    2010/12/03 23:01:50.0343 CDRPDACC (30b37c18e1725eb9f25039e9a1fb9b7e) C:\Program Files\InfinaDyne\Shared\CDRPDACC.SYS
    2010/12/03 23:01:50.0515 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
    2010/12/03 23:01:50.0750 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    2010/12/03 23:01:50.0859 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    2010/12/03 23:01:50.0937 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    2010/12/03 23:01:50.0984 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    2010/12/03 23:01:51.0062 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    2010/12/03 23:01:51.0171 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    2010/12/03 23:01:51.0250 dtscsi (12aca694b50ea53563c1e7c99e7bb27d) C:\WINDOWS\System32\Drivers\dtscsi.sys
    2010/12/03 23:01:51.0250 Suspicious file (NoAccess): C:\WINDOWS\System32\Drivers\dtscsi.sys. md5: 12aca694b50ea53563c1e7c99e7bb27d
    2010/12/03 23:01:51.0265 dtscsi - detected Locked file (1)
    2010/12/03 23:01:51.0343 ElbyCDIO (44996a2addd2db7454f2ca40b67d8941) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
    2010/12/03 23:01:51.0437 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    2010/12/03 23:01:51.0500 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
    2010/12/03 23:01:51.0531 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    2010/12/03 23:01:51.0609 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    2010/12/03 23:01:51.0671 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    2010/12/03 23:01:51.0718 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    2010/12/03 23:01:51.0765 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    2010/12/03 23:01:51.0828 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
    2010/12/03 23:01:51.0890 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
    2010/12/03 23:01:51.0984 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    2010/12/03 23:01:52.0078 HFCore (16356ad1958731a63aae6da2c03a9aeb) C:\WINDOWS\system32\drivers\HFCore.sys
    2010/12/03 23:01:52.0125 HidBatt (748031ff4fe45ccc47546294905feab8) C:\WINDOWS\system32\DRIVERS\HidBatt.sys
    2010/12/03 23:01:52.0203 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    2010/12/03 23:01:52.0328 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    2010/12/03 23:01:52.0515 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    2010/12/03 23:01:52.0578 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    2010/12/03 23:01:52.0750 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    2010/12/03 23:01:52.0843 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    2010/12/03 23:01:52.0921 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    2010/12/03 23:01:52.0984 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    2010/12/03 23:01:53.0046 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    2010/12/03 23:01:53.0109 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    2010/12/03 23:01:53.0171 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    2010/12/03 23:01:53.0265 Iviaspi (4ac11b2250106774f694df2db4ffed61) C:\WINDOWS\system32\drivers\iviaspi.sys
    2010/12/03 23:01:53.0312 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    2010/12/03 23:01:53.0375 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    2010/12/03 23:01:53.0453 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    2010/12/03 23:01:53.0656 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys
    2010/12/03 23:01:53.0734 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\lmimirr.sys
    2010/12/03 23:01:53.0828 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
    2010/12/03 23:01:53.0984 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    2010/12/03 23:01:54.0062 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    2010/12/03 23:01:54.0140 MotDev (e190ed75bcc7928143f8f2af4c34d91d) C:\WINDOWS\system32\DRIVERS\motodrv.sys
    2010/12/03 23:01:54.0234 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    2010/12/03 23:01:54.0281 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    2010/12/03 23:01:54.0343 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    2010/12/03 23:01:54.0453 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    2010/12/03 23:01:54.0546 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    2010/12/03 23:01:54.0656 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    2010/12/03 23:01:54.0718 msikbd2k (9b99b04c28ccd19741dbbed64480195c) C:\WINDOWS\system32\DRIVERS\msikbd2k.sys
    2010/12/03 23:01:54.0812 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    2010/12/03 23:01:54.0890 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    2010/12/03 23:01:54.0953 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    2010/12/03 23:01:55.0015 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    2010/12/03 23:01:55.0093 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys
    2010/12/03 23:01:55.0156 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
    2010/12/03 23:01:55.0234 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    2010/12/03 23:01:55.0281 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    2010/12/03 23:01:55.0328 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    2010/12/03 23:01:55.0375 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    2010/12/03 23:01:55.0437 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
    2010/12/03 23:01:55.0500 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    2010/12/03 23:01:55.0546 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    2010/12/03 23:01:55.0656 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
    2010/12/03 23:01:55.0718 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    2010/12/03 23:01:55.0796 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    2010/12/03 23:01:55.0890 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
    2010/12/03 23:01:55.0984 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    2010/12/03 23:01:56.0109 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    2010/12/03 23:01:56.0234 nvax (47b3852808dd579a463fce7085b77413) C:\WINDOWS\system32\drivers\nvax.sys
    2010/12/03 23:01:56.0328 NVENET (e07c1f16e5a4e32fc3c0f62b59815ef0) C:\WINDOWS\system32\DRIVERS\NVENET.sys
    2010/12/03 23:01:56.0390 nvnforce (adbcba116496229a163193bbe0bb28ce) C:\WINDOWS\system32\drivers\nvapu.sys
    2010/12/03 23:01:56.0453 nv_agp (29291c3a7256337327051cc37e4fc09a) C:\WINDOWS\system32\DRIVERS\nv_agp.sys
    2010/12/03 23:01:56.0515 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    2010/12/03 23:01:56.0578 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    2010/12/03 23:01:56.0656 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
    2010/12/03 23:01:56.0734 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
    2010/12/03 23:01:56.0781 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    2010/12/03 23:01:56.0859 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    2010/12/03 23:01:56.0906 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    2010/12/03 23:01:57.0000 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    2010/12/03 23:01:57.0062 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
    2010/12/03 23:01:57.0453 pfc (6c1618a07b49e3873582b6449e744088) C:\WINDOWS\system32\drivers\pfc.sys
    2010/12/03 23:01:57.0531 Point32 (d0be72557de73acabbab536496d23115) C:\WINDOWS\system32\DRIVERS\point32.sys
    2010/12/03 23:01:57.0593 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    2010/12/03 23:01:57.0687 PQNTDrv (04f3971b70a7855f04d351aa4bee7799) C:\WINDOWS\system32\drivers\PQNTDrv.sys
    2010/12/03 23:01:57.0734 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    2010/12/03 23:01:57.0796 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    2010/12/03 23:01:57.0890 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    2010/12/03 23:01:58.0140 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    2010/12/03 23:01:58.0218 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    2010/12/03 23:01:58.0265 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    2010/12/03 23:01:58.0312 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    2010/12/03 23:01:58.0390 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    2010/12/03 23:01:58.0437 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    2010/12/03 23:01:58.0500 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    2010/12/03 23:01:58.0578 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
    2010/12/03 23:01:58.0671 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    2010/12/03 23:01:58.0765 Revoflt (8b5b8a11306190c6963d3473f052d3c8) C:\WINDOWS\system32\DRIVERS\revoflt.sys
    2010/12/03 23:01:58.0875 RsFx0103 (fd692c6ffade58f7c4c3c3c9a0ec35bd) C:\WINDOWS\system32\DRIVERS\RsFx0103.sys
    2010/12/03 23:01:59.0000 SandBox (f03bef3b3d56ab5b4e131a1e784a319b) C:\WINDOWS\system32\drivers\SandBox.sys
    2010/12/03 23:01:59.0109 SANDRA (06f201d57302d4b5ee1871060c326357) C:\Program Files\SiSoftware\SiSoftware Sandra Professional 2005.SR1\Sandra.sys
    2010/12/03 23:01:59.0203 SCDEmu (c23dbd9bfba8b1170706e0896b3cf7da) C:\WINDOWS\system32\drivers\SCDEmu.sys
    2010/12/03 23:01:59.0296 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    2010/12/03 23:01:59.0375 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    2010/12/03 23:01:59.0437 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
    2010/12/03 23:01:59.0531 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    2010/12/03 23:01:59.0640 SI3112r (3da2f680bfc8e92a535cea5a5d80ac37) C:\WINDOWS\system32\DRIVERS\SI3112r.sys
    2010/12/03 23:01:59.0687 SiFilter (d893aa1d1ee007b7ab1b16e1099e9f17) C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys
    2010/12/03 23:01:59.0875 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    2010/12/03 23:01:59.0984 sptd (95afc2d9fbeed55d89694ec4aa46622d) C:\WINDOWS\system32\Drivers\sptd.sys
    2010/12/03 23:01:59.0984 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 95afc2d9fbeed55d89694ec4aa46622d
    2010/12/03 23:02:00.0000 sptd - detected Locked file (1)
    2010/12/03 23:02:00.0078 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    2010/12/03 23:02:00.0171 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
    2010/12/03 23:02:00.0265 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    2010/12/03 23:02:00.0328 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    2010/12/03 23:02:00.0593 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    2010/12/03 23:02:00.0718 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    2010/12/03 23:02:00.0781 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    2010/12/03 23:02:00.0843 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    2010/12/03 23:02:00.0906 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    2010/12/03 23:02:01.0046 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    2010/12/03 23:02:01.0156 ULCDRHlp (a4e07da3ae2078bd96e84d4baa07b71d) C:\WINDOWS\system32\Drivers\ULCDRHlp.sys
    2010/12/03 23:02:01.0312 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    2010/12/03 23:02:01.0406 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    2010/12/03 23:02:01.0468 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    2010/12/03 23:02:01.0531 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    2010/12/03 23:02:01.0593 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
    2010/12/03 23:02:01.0656 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    2010/12/03 23:02:01.0734 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    2010/12/03 23:02:01.0781 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    2010/12/03 23:02:01.0875 USIUDF (d46ceaf88f2973e4368c9febea89526b) C:\WINDOWS\system32\Drivers\USIUDF.sys
    2010/12/03 23:02:01.0953 VBEngNT (66aeeb2e471b88628c11f4cabe68a7c4) C:\WINDOWS\system32\drivers\VBEngNT.sys
    2010/12/03 23:02:02.0015 VBFilt (df37510bdfc84a895da1255d993a431d) C:\WINDOWS\system32\Filt\VBFilt.dll
    2010/12/03 23:02:02.0093 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    2010/12/03 23:02:02.0171 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    2010/12/03 23:02:02.0265 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    2010/12/03 23:02:02.0375 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
    2010/12/03 23:02:02.0500 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    2010/12/03 23:02:02.0640 WmBEnum (bc3ecbcb40147bdae3ad2fd0b4b346d8) C:\WINDOWS\system32\drivers\WmBEnum.sys
    2010/12/03 23:02:02.0718 WmFilter (19f9881d8b3484fedb605d0216876898) C:\WINDOWS\system32\drivers\WmFilter.sys
    2010/12/03 23:02:02.0812 WmXlCore (1f083b3bc73017e60c3ca85cf4a70753) C:\WINDOWS\system32\drivers\WmXlCore.sys
    2010/12/03 23:02:02.0921 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    2010/12/03 23:02:03.0000 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    2010/12/03 23:02:03.0125 yukonwxp (4322c32ced8c4772e039616dcbf01d3f) C:\WINDOWS\system32\DRIVERS\yk51x86.sys
    2010/12/03 23:02:03.0375 ================================================================================
    2010/12/03 23:02:03.0375 Scan finished
    2010/12/03 23:02:03.0375 ================================================================================
    2010/12/03 23:02:03.0390 Detected object count: 2
    2010/12/03 23:02:53.0593 Locked file(dtscsi) - User select action: Skip
    2010/12/03 23:02:53.0593 Locked file(sptd) - User select action: Skip
     
  11. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    All looks good now :)

    How is computer doing?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  12. Donnegs

    Donnegs TS Rookie Topic Starter Posts: 18

    Its getting better, however i find when i open my browser, SlimBroswer, it never opens... I go into the Windows Task Manager under Processes and sbrowswer.exe is running the cpu from 95-98%... then causes the slowness of the computer again... the only way around it is to right click on the sbrowser.exe process and put the priority to low... and open IE browser..

    running the other scan now.. will post results soon...
     
  13. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    I also suggest, you reinstall SlimBrowser.
     
  14. Donnegs

    Donnegs TS Rookie Topic Starter Posts: 18

    OTL log Part 1

    OTL logfile created on: 12/3/2010 11:46:13 PM - Run 1
    OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Andrew\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 77.00% Memory free
    5.00 Gb Paging File | 4.00 Gb Available in Paging File | 89.00% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 53.71 Gb Total Space | 26.06 Gb Free Space | 48.52% Space Free | Partition Type: NTFS
    Drive D: | 58.07 Gb Total Space | 37.57 Gb Free Space | 64.70% Space Free | Partition Type: NTFS
    Drive E: | 39.07 Gb Total Space | 19.17 Gb Free Space | 49.07% Space Free | Partition Type: NTFS
    Drive F: | 147.23 Gb Total Space | 59.52 Gb Free Space | 40.42% Space Free | Partition Type: NTFS
    Drive M: | 931.51 Gb Total Space | 549.35 Gb Free Space | 58.97% Space Free | Partition Type: NTFS

    Computer Name: DON-451A1F95FB9 | User Name: Andrew | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2010/12/03 23:40:06 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Andrew\Desktop\OTL.exe
    PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    PRC - [2010/10/02 18:29:40 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    PRC - [2010/09/27 13:49:10 | 000,116,104 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
    PRC - [2010/09/27 13:47:14 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
    PRC - [2010/06/24 13:34:52 | 000,091,456 | ---- | M] () -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
    PRC - [2010/06/24 13:34:50 | 000,279,360 | ---- | M] (Motorola) -- C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
    PRC - [2010/05/31 10:31:10 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
    PRC - [2010/05/31 10:31:10 | 000,063,040 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
    PRC - [2010/02/26 00:10:20 | 021,979,992 | ---- | M] () -- C:\Documents and Settings\Andrew\Application Data\Dropbox\bin\Dropbox.exe
    PRC - [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2004/03/13 03:04:16 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    PRC - [2004/01/21 08:44:28 | 000,155,770 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
    PRC - [2002/03/17 06:39:30 | 000,151,552 | ---- | M] (Netropa Corp.) -- C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
    PRC - [2001/11/14 02:03:12 | 000,090,112 | ---- | M] (Netropa Corp.) -- C:\Program Files\Netropa\Onscreen Display\osd.exe
    PRC - [1999/09/30 20:31:38 | 000,869,376 | ---- | M] (Fred's Software) -- C:\Program Files\PrintKey2000\Printkey2000.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/12/03 23:40:06 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Andrew\Desktop\OTL.exe
    MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Auto | Stopped] -- C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe -- (nhksrv)
    SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
    SRV - [2010/10/02 07:44:43 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2010/09/27 13:49:10 | 000,116,104 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
    SRV - [2010/09/27 13:47:14 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
    SRV - [2010/09/03 10:51:36 | 002,035,520 | ---- | M] (Agnitum Ltd.) [Auto | Running] -- C:\Program Files\Agnitum\Outpost Security Suite Pro\acs.exe -- (acssrv)
    SRV - [2010/06/24 13:34:52 | 000,091,456 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe -- (MotoConnect Service)
    SRV - [2010/05/31 10:31:10 | 000,063,040 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
    SRV - [2010/03/18 15:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)
    SRV - [2010/03/18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
    SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/03/18 12:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing)
    SRV - [2010/01/18 18:08:44 | 000,856,064 | ---- | M] () [Auto | Stopped] -- C:\Program Files\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer)
    SRV - [2007/03/20 15:41:24 | 000,153,792 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3)
    SRV - [2005/01/29 17:29:16 | 000,173,040 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Professional 2005.SR1\RpcDataSrv.exe -- (SandraDataSrv)
    SRV - [2005/01/29 17:29:12 | 001,135,592 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Professional 2005.SR1\RpcSandraSrv.exe -- (SandraTheSrv)
    SRV - [2004/03/13 03:04:16 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
    SRV - [2004/01/21 08:44:28 | 000,155,770 | ---- | M] (American Power Conversion Corporation) [Auto | Running] -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe -- (APC UPS Service)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- H:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
    DRV - File not found [Kernel | On_Demand | Running] -- C:\ComboFix\catchme.sys -- (catchme)
    DRV - [2010/10/02 13:59:51 | 000,223,128 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\dtscsi.sys -- (dtscsi)
    DRV - [2010/10/02 13:56:57 | 000,643,072 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
    DRV - [2010/09/27 13:50:44 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
    DRV - [2010/08/13 10:48:44 | 000,713,672 | ---- | M] (Agnitum Ltd.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SandBox.sys -- (SandBox)
    DRV - [2010/08/13 10:48:06 | 000,036,168 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\Filt\VBFilt.dll -- (VBFilt)
    DRV - [2010/08/13 10:48:02 | 000,072,232 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\Filt\ASWFilt.dll -- (ASWFilt)
    DRV - [2010/08/11 17:24:12 | 000,267,752 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afwcore.sys -- (afwcore)
    DRV - [2010/06/09 08:44:20 | 000,241,088 | ---- | M] (VirusBuster Kft.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VBEngNT.sys -- (VBEngNT)
    DRV - [2010/05/31 10:31:12 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
    DRV - [2010/05/31 10:31:10 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
    DRV - [2010/04/20 15:05:16 | 000,034,280 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afw.sys -- (afw)
    DRV - [2009/12/30 11:20:54 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt)
    DRV - [2009/12/19 13:22:01 | 000,104,512 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
    DRV - [2009/12/17 17:25:12 | 000,026,024 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
    DRV - [2009/07/10 12:01:06 | 000,025,856 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motoandroid.sys -- (androidusb)
    DRV - [2009/05/08 10:56:12 | 000,042,752 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motodrv.sys -- (MotDev)
    DRV - [2009/03/30 02:09:28 | 000,239,336 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\RsFx0103.sys -- (RsFx0103)
    DRV - [2009/02/05 22:25:02 | 000,016,512 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32)
    DRV - [2008/11/02 03:44:10 | 000,056,572 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
    DRV - [2008/04/13 23:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
    DRV - [2007/12/06 08:51:00 | 000,285,952 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
    DRV - [2007/08/29 02:04:04 | 000,116,264 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SI3112r.sys -- (SI3112r)
    DRV - [2007/08/29 02:04:04 | 000,019,240 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys -- (SiFilter)
    DRV - [2006/05/30 06:46:40 | 000,018,816 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\HFCore.sys -- (HFCore)
    DRV - [2005/09/20 16:27:20 | 000,010,368 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi)
    DRV - [2005/02/23 13:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
    DRV - [2004/12/23 16:27:56 | 000,027,392 | ---- | M] (Ulead Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ULCDRHlp.sys -- (ULCDRHlp)
    DRV - [2004/12/08 12:02:46 | 000,019,416 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Professional 2005.SR1\sandra.sys -- (SANDRA)
    DRV - [2004/08/03 17:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
    DRV - [2004/07/07 01:33:02 | 000,292,896 | ---- | M] (Ulead Systems, Inc.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\USIUDF.sys -- (USIUDF)
    DRV - [2004/05/25 14:58:04 | 000,396,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvapu.sys -- (nvnforce) Service for NVIDIA(R) nForce(TM)
    DRV - [2004/05/25 14:58:02 | 000,048,640 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvax.sys -- (nvax) Service for NVIDIA(R) nForce(TM)
    DRV - [2004/05/05 20:48:40 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\PQNTDRV.sys -- (PQNTDrv)
    DRV - [2004/04/14 10:08:00 | 000,044,064 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore)
    DRV - [2004/04/14 10:08:00 | 000,021,280 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter)
    DRV - [2004/04/14 10:08:00 | 000,010,144 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum)
    DRV - [2003/10/28 15:17:52 | 000,005,273 | ---- | M] (Arrowkey) [Kernel | Auto | Running] -- C:\Program Files\InfinaDyne\Shared\CDRPDACC.SYS -- (CDRPDACC)
    DRV - [2003/09/20 07:45:48 | 000,021,248 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
    DRV - [2003/06/06 17:53:16 | 000,070,656 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENET.sys -- (NVENET)
    DRV - [2003/03/19 02:51:00 | 000,018,688 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nv_agp.sys -- (nv_agp)
    DRV - [2001/12/20 07:02:12 | 000,006,656 | ---- | M] (Netropa Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Msikbd2k.sys -- (msikbd2k)
    DRV - [2001/08/17 09:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
    DRV - [1997/04/22 09:16:00 | 000,006,272 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASLM75.SYS -- (aslm75)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========


    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========


    FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/30 17:08:50 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/27 19:02:54 | 000,000,000 | ---D | M]

    [2010/11/30 17:13:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Mozilla\Extensions
    [2010/11/30 17:13:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Mozilla\Firefox\Profiles\it3ji75m.default\extensions
    [2010/11/30 17:13:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Andrew\Application Data\Mozilla\Firefox\Profiles\it3ji75m.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2010/11/30 17:13:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Mozilla\Firefox\Profiles\it3ji75m.default\extensions\staged-xpis
    [2010/10/02 13:48:06 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2010/10/02 18:41:06 | 000,001,919 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing-zugo.xml

    O1 HOSTS File: ([2010/12/03 22:43:19 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
    O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
    O4 - HKLM..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe (Netropa Corp.)
    O4 - HKLM..\Run: [OutpostFeedBack] C:\Program Files\Agnitum\Outpost Security Suite Pro\feedback.exe (Agnitum Ltd.)
    O4 - HKLM..\Run: [OutpostMonitor] C:\Program Files\Agnitum\Outpost Security Suite Pro\op_mon.exe (Agnitum Ltd.)
    O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe (Fred's Software)
    O4 - Startup: C:\Documents and Settings\Andrew\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Andrew\Application Data\Dropbox\bin\Dropbox.exe ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Edit with Altova X&MLSpy - C:\Program Files\Altova\XMLSpy2008\spy.htm ()
    O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)
    O9 - Extra Button: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files\Altova\XMLSpy2008\spy.htm ()
    O9 - Extra 'Tools' menuitem : Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files\Altova\XMLSpy2008\spy.htm ()
    O9 - Extra Button: Outpost Security Suite Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Program Files\Agnitum\Outpost Security Suite Pro\ie_bar.dll (Agnitum Ltd.)
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1286030481671 (WUWebControl Class)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
    O24 - Desktop WallPaper: C:\Documents and Settings\Andrew\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Andrew\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2010/10/01 23:09:42 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2009/07/02 14:34:27 | 000,000,000 | ---D | M] - M:\autorun -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    Drivers32: msacm.dvacm - C:\Program Files\Common Files\Ulead Systems\vio\DVACM.acm (Ulead Systems, Inc.)
    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.mpegacm - C:\Program Files\Common Files\Ulead Systems\MPEG\MPEGACM.acm (Ulead Systems, Inc.)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: msacm.ulmp3acm - C:\Program Files\Common Files\Ulead Systems\MPEG\ulmp3acm.acm (Ulead systems)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
    Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point (16902109354000384)

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/12/03 23:39:59 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Andrew\Desktop\OTL.exe
    [2010/12/03 23:01:05 | 001,344,600 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Andrew\Desktop\TDSSKiller.exe
    [2010/12/03 22:46:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
    [2010/12/03 22:34:26 | 000,000,000 | ---D | C] -- C:\ComboFix
    [2010/12/03 21:48:56 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2010/12/03 21:46:55 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2010/12/03 21:46:53 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2010/12/03 21:46:51 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2010/12/03 21:46:51 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2010/12/03 21:46:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2010/12/03 21:46:06 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2010/12/03 08:51:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrew\Desktop\gmer
    [2010/12/03 08:43:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrew\Application Data\Malwarebytes
    [2010/12/03 08:42:59 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/12/03 08:42:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2010/12/03 08:42:54 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010/12/03 08:42:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2010/12/03 00:26:47 | 007,622,112 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Andrew\Desktop\mbam-setup-1.50.0.0.exe
    [2010/12/03 00:24:42 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Andrew\Desktop\TFC.exe
    [2010/12/02 21:10:09 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Andrew\IECompatCache
    [2010/12/02 21:03:57 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Andrew\Recent
    [2010/11/27 19:07:22 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2010/11/27 19:07:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2010/11/27 19:01:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrew\Local Settings\Application Data\Apple
    [2010/11/27 19:01:20 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
    [2010/11/27 18:56:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
    [2010/11/27 18:56:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
    [2010/11/24 23:15:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrew\Desktop\Movies
    [2010/11/21 13:37:34 | 000,971,072 | ---- | C] (VirusBuster Kft.) -- C:\WINDOWS\System32\drivers\vbcorent.sys
    [2010/11/14 22:10:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrew\My Documents\OJOsoft Corporation
    [2010/11/14 22:09:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Common Share
    [2010/11/14 22:09:44 | 000,000,000 | ---D | C] -- C:\Program Files\OJOsoft

    ========== Files - Modified Within 30 Days ==========

    [2010/12/03 23:40:06 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Andrew\Desktop\OTL.exe
    [2010/12/03 23:40:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2010/12/03 23:00:31 | 001,230,433 | ---- | M] () -- C:\Documents and Settings\Andrew\Desktop\tdsskiller.zip
    [2010/12/03 22:47:49 | 000,002,228 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/12/03 22:47:00 | 000,000,245 | ---- | M] () -- C:\WINDOWS\Msiosd.ini
    [2010/12/03 22:43:19 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2010/12/03 22:03:32 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2010/12/03 22:03:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/12/03 22:03:25 | 3220,758,528 | -HS- | M] () -- C:\hiberfil.sys
    [2010/12/03 21:49:05 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2010/12/03 21:43:10 | 003,984,255 | R--- | M] () -- C:\Documents and Settings\Andrew\Desktop\ComboFix.exe
    [2010/12/03 21:40:57 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Andrew\Desktop\MBRCheck.exe
    [2010/12/03 18:51:00 | 000,000,257 | ---- | M] () -- C:\WINDOWS\lexstat.ini
    [2010/12/03 08:43:00 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/12/03 00:29:47 | 000,000,999 | ---- | M] () -- C:\Documents and Settings\Andrew\Start Menu\Programs\Startup\Dropbox.lnk
    [2010/12/03 00:27:48 | 000,630,272 | ---- | M] () -- C:\Documents and Settings\Andrew\Desktop\dds.scr
    [2010/12/03 00:26:47 | 007,622,112 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Andrew\Desktop\mbam-setup-1.50.0.0.exe
    [2010/12/03 00:24:47 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Andrew\Desktop\TFC.exe
    [2010/12/02 21:31:05 | 000,000,211 | ---- | M] () -- C:\Boot.bak
    [2010/12/02 12:29:14 | 001,344,600 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Andrew\Desktop\TDSSKiller.exe
    [2010/11/30 19:01:42 | 000,000,721 | ---- | M] () -- C:\Documents and Settings\Andrew\Application Data\Microsoft\Internet Explorer\Quick Launch\FlashPeak SlimBrowser.lnk
    [2010/11/30 13:47:10 | 000,000,122 | ---- | M] () -- C:\WINDOWS\hlist
    [2010/11/30 13:45:14 | 000,114,176 | ---- | M] () -- C:\Documents and Settings\Andrew\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/11/30 13:45:14 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
    [2010/11/30 10:01:59 | 000,425,925 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.bak
    [2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010/11/19 03:30:18 | 000,971,072 | ---- | M] (VirusBuster Kft.) -- C:\WINDOWS\System32\drivers\vbcorent.sys
    [2010/11/14 22:09:56 | 000,000,874 | ---- | M] () -- C:\Documents and Settings\Andrew\Desktop\OJOsoft Total Video Converter.lnk
    [2010/11/10 20:54:43 | 000,002,313 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RSD Lite.lnk
    [2010/11/10 20:12:55 | 000,591,082 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2010/11/10 20:12:55 | 000,119,646 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2010/11/08 01:20:24 | 000,089,088 | ---- | M] () -- C:\WINDOWS\MBR.exe
    [2010/11/07 14:44:42 | 000,000,851 | ---- | M] () -- C:\Documents and Settings\Andrew\Desktop\myEasySync Backup.lnk

    ========== Files Created - No Company Name ==========

    [2010/12/03 23:00:18 | 001,230,433 | ---- | C] () -- C:\Documents and Settings\Andrew\Desktop\tdsskiller.zip
    [2010/12/03 21:49:05 | 000,000,211 | ---- | C] () -- C:\Boot.bak
    [2010/12/03 21:49:03 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2010/12/03 21:46:56 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2010/12/03 21:46:54 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2010/12/03 21:46:53 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2010/12/03 21:46:52 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2010/12/03 21:46:52 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2010/12/03 21:43:08 | 003,984,255 | R--- | C] () -- C:\Documents and Settings\Andrew\Desktop\ComboFix.exe
    [2010/12/03 21:40:53 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Andrew\Desktop\MBRCheck.exe
    [2010/12/03 08:43:00 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/12/03 00:29:47 | 000,000,999 | ---- | C] () -- C:\Documents and Settings\Andrew\Start Menu\Programs\Startup\Dropbox.lnk
    [2010/12/03 00:27:42 | 000,630,272 | ---- | C] () -- C:\Documents and Settings\Andrew\Desktop\dds.scr
    [2010/11/30 19:01:42 | 000,000,721 | ---- | C] () -- C:\Documents and Settings\Andrew\Application Data\Microsoft\Internet Explorer\Quick Launch\FlashPeak SlimBrowser.lnk
    [2010/11/14 22:09:56 | 000,000,874 | ---- | C] () -- C:\Documents and Settings\Andrew\Desktop\OJOsoft Total Video Converter.lnk
    [2010/10/26 20:54:27 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Andrew\Application Data\ADA667
    [2010/10/26 20:54:25 | 000,870,128 | ---- | C] () -- C:\Documents and Settings\Andrew\Application Data\mcs.rma
    [2010/10/10 21:40:20 | 000,358,930 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1454471165-261478967-839522115-1003-0.dat
    [2010/10/10 21:40:18 | 000,358,930 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
    [2010/10/07 16:36:24 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
    [2010/10/03 08:48:33 | 000,000,198 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\RmUserCfg.ini
    [2010/10/03 08:48:33 | 000,000,044 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Logo_Language.ini
    [2010/10/03 08:48:33 | 000,000,028 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\IpAndPort.fig
    [2010/10/02 22:34:04 | 000,667,754 | ---- | C] () -- C:\WINDOWS\System32\RM_DVRNET_DLL.dll
    [2010/10/02 22:34:04 | 000,074,240 | ---- | C] () -- C:\WINDOWS\System32\CovH264ToAvi.dll
    [2010/10/02 22:34:04 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\Logo_Language.ini
    [2010/10/02 22:34:03 | 000,229,442 | ---- | C] () -- C:\WINDOWS\System32\winpubf.dll
    [2010/10/02 22:34:03 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvrfs.dll
    [2010/10/02 21:08:36 | 000,003,140 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
    [2010/10/02 19:25:29 | 000,000,043 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
    [2010/10/02 18:51:13 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
    [2010/10/02 18:51:13 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
    [2010/10/02 18:51:13 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
    [2010/10/02 13:59:51 | 000,223,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\dtscsi.sys
    [2010/10/02 13:56:57 | 000,643,072 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
    [2010/10/02 13:56:57 | 000,096,384 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd6093.sys
    [2010/10/02 13:55:21 | 000,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
    [2010/10/02 13:55:21 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
    [2010/10/02 13:55:21 | 000,112,640 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
    [2010/10/02 13:55:20 | 002,255,360 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
    [2010/10/02 13:53:21 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
    [2010/10/02 13:53:21 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
    [2010/10/02 11:22:09 | 000,114,176 | ---- | C] () -- C:\Documents and Settings\Andrew\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/10/02 09:10:02 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
    [2010/10/02 07:53:27 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
    [2010/10/02 07:38:48 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\IPPCPUID.DLL
    [2010/10/02 07:38:28 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll
    [2010/10/02 07:37:23 | 000,000,416 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
    [2010/10/02 07:29:42 | 000,000,257 | ---- | C] () -- C:\WINDOWS\lexstat.ini
    [2010/10/02 07:29:24 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxbkvs.dll
    [2010/10/02 07:29:23 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\LXBKLCNP.DLL
    [2010/10/02 07:29:07 | 000,000,266 | ---- | C] () -- C:\WINDOWS\System32\lxbkcoin.ini
    [2010/10/01 23:27:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WININIT.INI
    [2010/10/01 23:27:56 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\msiosd32.dll
    [2010/10/01 23:27:56 | 000,000,245 | ---- | C] () -- C:\WINDOWS\Msiosd.ini
    [2010/10/01 23:26:55 | 000,006,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASLM75.SYS
    [2010/10/01 23:23:20 | 000,018,253 | R--- | C] () -- C:\WINDOWS\System32\ssnvfx.ini
    [2010/10/01 23:22:09 | 000,003,611 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
    [2010/10/01 23:22:07 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
    [2010/10/01 23:21:05 | 000,000,162 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2010/10/01 18:59:04 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2009/09/06 17:00:02 | 001,481,728 | ---- | C] () -- C:\WINDOWS\System32\LegitCheckControl.dll
    [2009/09/06 17:00:02 | 000,190,976 | ---- | C] () -- C:\WINDOWS\System32\WgaLogon.dll
    [2008/04/25 01:55:06 | 000,495,616 | R--- | C] () -- C:\WINDOWS\System32\XmlSpyLib.dll
    [2007/09/27 09:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
    [2007/09/27 09:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
    [2007/09/27 09:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
    [2006/05/30 06:46:40 | 000,018,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\HFCore.sys
    [2005/08/03 14:54:08 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\Manipulate.dll
    [2005/01/18 23:18:52 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\FoxImager.dll
    [2004/05/20 10:50:14 | 001,537,536 | ---- | C] () -- C:\WINDOWS\System32\erdmpg-hi.dll
    [2004/05/13 17:39:30 | 001,208,320 | ---- | C] () -- C:\WINDOWS\System32\cygxml2-2.dll
    [2004/02/01 14:21:56 | 000,097,280 | ---- | C] () -- C:\WINDOWS\System32\Uncommon.dll
    [2003/12/04 10:03:42 | 000,062,464 | ---- | C] () -- C:\WINDOWS\System32\cygz.dll
    [2003/08/11 03:59:20 | 000,980,992 | ---- | C] () -- C:\WINDOWS\System32\cygiconv-2.dll
    [2003/08/07 14:01:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
    [2002/11/24 07:40:36 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\ac3encode.dll

    ========== LOP Check ==========

    [2010/10/02 09:16:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Agnitum
    [2010/10/02 20:42:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Altova
    [2010/10/03 08:05:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
    [2010/10/02 13:46:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\nabocorp
    [2010/10/02 07:37:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
    [2010/10/02 19:24:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
    [2010/10/02 09:03:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
    [2010/11/27 19:08:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2010/10/02 14:08:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{FBDA53F5-763E-4114-A576-612E9769C133}
    [2010/10/02 09:16:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Agnitum
    [2010/10/03 12:30:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Auslogics
    [2010/12/03 22:04:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Dropbox
    [2010/10/03 07:34:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\EssentialPIM
    [2010/10/26 21:33:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\HandBrake
    [2010/10/02 07:37:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\ScanSoft
    [2010/10/02 14:07:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Seven Zip
    [2010/11/30 13:43:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\SlimBrowser
    [2010/12/02 21:17:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\uTorrent
    [2010/10/02 11:42:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Windows Desktop Search
    [2010/10/30 12:47:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Windows Search

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2010/10/03 08:05:25 | 000,001,024 | ---- | M] () -- C:\.rnd
    [2010/10/01 23:09:42 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2010/11/27 16:38:04 | 000,115,798 | ---- | M] () -- C:\avi_log.txt
    [2010/12/02 21:31:05 | 000,000,211 | ---- | M] () -- C:\Boot.bak
    [2010/12/03 21:49:05 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
    [2010/12/03 22:46:52 | 000,024,595 | ---- | M] () -- C:\ComboFix.txt
    [2010/10/01 23:09:42 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2010/12/03 22:03:25 | 3220,758,528 | -HS- | M] () -- C:\hiberfil.sys
    [2010/10/01 23:09:42 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2010/10/02 09:07:06 | 000,002,786 | ---- | M] () -- C:\LGSInst.Log
    [2010/10/01 23:09:42 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2004/08/03 21:38:34 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2010/10/01 23:35:58 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2010/12/03 22:03:23 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
    [2010/12/03 23:03:49 | 000,043,140 | ---- | M] () -- C:\TDSSKiller.2.4.10.1_03.12.2010_23.01.22_log.txt
    [2010/10/02 14:06:33 | 000,000,216 | ---- | M] () -- C:\temp.txt
    [2010/10/02 09:04:40 | 000,000,752 | ---- | M] () -- C:\u32usc.log
    [2010/10/02 09:04:40 | 000,000,714 | ---- | M] () -- C:\[Debug]u32usc.log

    < %systemroot%\Fonts\*.com >
    [2006/04/18 14:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
    [2006/06/29 13:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
    [2006/04/18 14:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
    [2006/06/29 13:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2010/10/01 23:09:06 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    [2010/09/27 13:49:26 | 000,053,632 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\LMIproc.dll
    [2003/07/29 04:27:40 | 000,078,336 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\LXBKPP5C.DLL
    [2006/10/26 18:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll
    [2008/07/06 05:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2010/10/01 18:56:44 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
    [2010/10/01 18:56:44 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
    [2010/10/01 18:56:44 | 000,913,408 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
    [2010/10/01 23:38:41 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2010/10/02 07:26:51 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Andrew\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
    [2010/10/01 23:14:25 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Andrew\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

    < %USERPROFILE%\Desktop\*.exe >
    [2010/12/03 21:43:10 | 003,984,255 | R--- | M] () -- C:\Documents and Settings\Andrew\Desktop\ComboFix.exe
    [2010/12/03 00:26:47 | 007,622,112 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Andrew\Desktop\mbam-setup-1.50.0.0.exe
    [2010/12/03 21:40:57 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Andrew\Desktop\MBRCheck.exe
    [2010/12/03 23:40:06 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Andrew\Desktop\OTL.exe
    [2010/12/02 12:29:14 | 001,344,600 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Andrew\Desktop\TDSSKiller.exe
    [2010/12/03 00:24:47 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Andrew\Desktop\TFC.exe
     
  15. Donnegs

    Donnegs TS Rookie Topic Starter Posts: 18

    OTL log Part 2

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2010/10/02 07:26:51 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Andrew\Favorites\Desktop.ini
    [2010/11/03 20:32:27 | 000,001,766 | -H-- | M] () -- C:\Documents and Settings\Andrew\Favorites\MenuOrderW.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >
    [2010/12/03 23:45:06 | 000,032,768 | -HS- | M] () -- C:\Documents and Settings\Andrew\Cookies\index.dat

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >
    [2007/06/26 21:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >
    [2008/04/14 04:41:52 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
    [2004/08/04 00:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
    [2004/08/04 00:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
    [2008/05/02 09:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
    [2008/04/13 22:00:30 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
    [2008/04/14 04:42:30 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
    [2007/04/02 22:37:24 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
    [2007/04/02 22:37:24 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
    [2007/04/02 22:37:26 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
    [2004/08/04 00:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
    [2004/08/04 00:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < End of report >
     
  16. Donnegs

    Donnegs TS Rookie Topic Starter Posts: 18

    Extras log

    OTL Extras logfile created on: 12/3/2010 11:46:13 PM - Run 1
    OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Andrew\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 77.00% Memory free
    5.00 Gb Paging File | 4.00 Gb Available in Paging File | 89.00% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 53.71 Gb Total Space | 26.06 Gb Free Space | 48.52% Space Free | Partition Type: NTFS
    Drive D: | 58.07 Gb Total Space | 37.57 Gb Free Space | 64.70% Space Free | Partition Type: NTFS
    Drive E: | 39.07 Gb Total Space | 19.17 Gb Free Space | 49.07% Space Free | Partition Type: NTFS
    Drive F: | 147.23 Gb Total Space | 59.52 Gb Free Space | 40.42% Space Free | Partition Type: NTFS
    Drive M: | 931.51 Gb Total Space | 549.35 Gb Free Space | 58.97% Space Free | Partition Type: NTFS

    Computer Name: DON-451A1F95FB9 | User Name: Andrew | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Directory [TVersity] -- "C:\Program Files\TVersity\Media Server\GUILaunch.exe" -type "folder" -url "%1" -title "" -tags "" ()
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "3703:TCP" = 3703:TCP:*:Enabled:Adobe Version Cue CS3 Server
    "3704:TCP" = 3704:TCP:*:Enabled:Adobe Version Cue CS3 Server
    "50900:TCP" = 50900:TCP:*:Enabled:Adobe Version Cue CS3 Server
    "50901:TCP" = 50901:TCP:*:Enabled:Adobe Version Cue CS3 Server
    "2799:UDP" = 2799:UDP:*:Enabled:Altova License Metering Port (UDP)
    "2799:TCP" = 2799:TCP:*:Enabled:Altova License Metering Port (TCP)

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe" = C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server -- (Adobe Systems Incorporated)
    "C:\Program Files\Rhapsody\rhapsody.exe" = C:\Program Files\Rhapsody\rhapsody.exe:*:Enabled:RealNetworks Rhapsody -- (Rhapsody International Inc.)
    "C:\Program Files\TVersity\Media Server\MediaServer.exe" = C:\Program Files\TVersity\Media Server\MediaServer.exe:*:Enabled:TVersity Media Server -- ()
    "C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
    "C:\Documents and Settings\Andrew\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Andrew\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- ()
    "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
    "{0208A7E3-0D30-11D4-A1FC-00508B9D1BA2}" = ViewMate(TM) Office Keyboard KP102/KP202
    "{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
    "{0327FA9D-975C-448C-A086-577D57BB25B8}" = Adobe Soundbooth CS3 Codecs
    "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
    "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
    "{0DDCEC37-369C-484B-B16D-B4413FD42FB9}" = Microsoft SQL Server 2008 R2 Data-Tier Application Framework
    "{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
    "{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
    "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4802" = CanoScan LiDE 600F
    "{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
    "{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
    "{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}" = Adobe After Effects CS3 Presets
    "{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files
    "{1D58229F-C505-45CA-8223-F35F3A34B963}" = Adobe Version Cue CS3 Server
    "{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
    "{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}" = mkv2vob
    "{21DBBDD6-93A5-4326-9A04-C9A5C9148502}" = Norton PartitionMagic
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{268723B7-A994-4286-9F85-B974D5CAFC7B}" = EasyRecovery Professional
    "{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
    "{2A2F3AE8-246A-4252-BB26-1BEB45627074}" = Microsoft SQL Server System CLR Types
    "{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
    "{2CDCCE7E-55D5-40CC-AEA0-ABA54713501F}" = LUMIX Simple Viewer
    "{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
    "{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
    "{33AE9E89-47C9-4A0D-9E9D-BDD6966A3804}" = Microsoft SQL Server 2008 RsFx Driver
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
    "{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
    "{3BB19A2B-B9C5-3872-8FDF-3047CC9F9841}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3E9324D4-F434-4158-B011-AC3752533590}" = Windows Genuine Advantage Validation v1.9.40.0 Cracked V4
    "{3F470FED-77A1-4545-BF6E-AF687FF0B42D}" = RSDLite
    "{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
    "{4458C442-7376-4CF9-AF58-E8CEA6722363}" = Adobe Setup
    "{448AB2CB-C94A-47DE-80B8-9D7824DEFA57}" = Ulead DVD MovieFactory 4.0
    "{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0
    "{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared
    "{485ACF57-F364-440A-8496-E1E81C8FA1AA}" = Adobe Premiere Pro CS3 Third Party Content
    "{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
    "{4E968D9C-21A7-4915-B698-F7AEB913541D}" = Microsoft SQL Server 2008 R2 Management Objects
    "{4F44B5AE-82A6-4A8A-A3E3-E24D489728E3}" = Microsoft SQL Server 2008 Native Client
    "{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}" = Adobe Premiere Pro CS3 Functional Content
    "{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
    "{53454A1C-26F6-4599-A410-847B6AAD0009}" = Motorola Driver Installation 4.6.5
    "{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
    "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
    "{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = Microsoft SQL Server 2008 Database Engine Services
    "{5A0C892E-FD1C-4203-941E-0956AED20A6A}" = APC PowerChute Personal Edition
    "{5D112C61-C8D0-4718-8DD7-B9115EB9AF90}" = LogMeIn
    "{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.2.3
    "{67692AC8-CB30-472E-88CF-805657AE3E9C}" = Perforce Visual Components
    "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
    "{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
    "{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
    "{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
    "{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
    "{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
    "{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
    "{6ED37A91-7710-3183-BE50-AB043FF6689E}" = Microsoft Team Foundation Server 2010 Object Model - ENU
    "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
    "{729A3000-BC8A-3B74-BA5D-5068FE12D70C}" = Microsoft Visual F# 2.0 Runtime
    "{78C3657E-742C-40B1-9F53-E5A921D40F17}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service
    "{7ACFB90E-8FD0-4397-AD3A-5195412623A3}" = Adobe Help Viewer CS3
    "{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3
    "{7D9B77E1-0078-0001-4447-ADD4C0A93D1D}" = Sansa Media Converter
    "{7DFC1012-D346-46CE-B03E-FF79125AE029}" = Adobe Fireworks CS3
    "{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles
    "{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
    "{8718DC03-D066-4957-94E5-50C3C5042E8E}" = Adobe Creative Suite 3 Master Collection
    "{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}" = Adobe Flash Player 9 Plugin
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
    "{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
    "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
    "{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
    "{97CE8B73-AA5A-4987-A1BE-50DD1A187478}" = Microsoft Sync Framework SDK v1.0 SP1
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9A9DBEBC-C800-4776-A970-D76D6AA405B1}" = PHOTOfunSTUDIO -viewer-
    "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
    "{9E397B40-13F7-4CA2-9943-ADB29ACBBFDF}" = ArcSoft Software Suite
    "{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
    "{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
    "{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
    "{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
    "{AD8E6D29-95EC-494E-8AF5-566E784819A6}" = Ulead Data-Add 2.0
    "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
    "{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
    "{B6ACFF51-248A-4290-B50B-E50C81F25B97}" = iPod for Windows 2005-02-22
    "{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
    "{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
    "{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}" = Microsoft SQL Server VSS Writer
    "{B8B7A4D8-80E1-4DAE-BD33-7FD535BA3931}" = Adobe Encore CS3 Codecs
    "{B9242864-2841-4ADE-86E0-8F90F91B04DD}" = Logitech Gaming Software
    "{B944FA21-81AF-4A77-8328-CE4F4CC51033}" = Nero 8
    "{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
    "{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C1E693A4-B1D5-4DCD-B68D-2087835B7184}" = ScanSoft OmniPage SE 4.0
    "{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
    "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
    "{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
    "{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
    "{C6DD625F-4B61-4561-8286-87CA0275CEA1}" = Microsoft Sync Framework Runtime v1.0 SP1 (x86)
    "{C8C8387B-A98B-44E8-807A-1A9B7F51FFDA}" = Blaze Media Pro
    "{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
    "{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
    "{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
    "{D1696920-9794-4BBC-8A30-7A88763DE5A2}" = ABBYY FineReader 5.0 Sprint
    "{D21903B4-FBB0-432A-AB39-970CCD6CF85C}" = Altova XMLSpy® 2008 rel. 2 Enterprise Edition
    "{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
    "{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}" = Presto! PageManager 7.15.14
    "{D441BD04-E548-4F8E-97A4-1B66135BAAA8}" = Microsoft SQL Server 2008 Setup Support Files
    "{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
    "{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
    "{DC3D6AFB-78B4-489F-81D7-30B66E0C2417}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x86)
    "{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
    "{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
    "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
    "{E5AE9031-79A5-4627-9641-BEFA82819B08}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project
    "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
    "{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
    "{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
    "{EBC91840-41E1-4CC3-AC11-0B889546223C}" = Microsoft IntelliPoint 5.5
    "{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
    "{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
    "{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
    "{F990B526-8F7C-46E0-B1F1-6C893A8B478F}" = Microsoft Sync Framework Services v1.0 SP1 (x86)
    "{FAE36873-1941-4076-A9A5-48812B5EA0B7}" = iTunes
    "{FC053571-8507-44E4-8B6D-AACEAB8CA57C}" = Sansa Media Converter
    "{FC9E08AA-CD59-4C59-BEF9-87E05B9E37D7}" = Adobe Contribute CS3
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe_4dcfd9b7e901b57f81f667144603236" = Add or Remove Adobe Creative Suite 3 Master Collection
    "Agnitum Outpost Security Suite Pro_is1" = Outpost Security Suite Pro 7.0.3
    "AnyDVD" = AnyDVD
    "ASUS Probe V2.21.08" = ASUS Probe V2.21.08
    "AVIGenerator V1.0.0.0_is1" = AVIGenerator V1.0.0.0
    "AviSynth" = AviSynth 2.5
    "BadCopy Pro" = BadCopy Pro
    "Blaze Media Pro" = Blaze Media Pro
    "BookSmart® 2.9.1 2.9.1" = BookSmart® 2.9.1 2.9.1
    "Bulk Rename Utility_is1" = Bulk Rename Utility 2.7.1.1
    "cam2pc" = cam2pc Freeware Edition (remove only)
    "Canon CanoScan LiDE 600F User Registration" = Canon CanoScan LiDE 600F User Registration
    "CanoScan Toolbox 5.0" = Canon CanoScan Toolbox 5.0
    "CCleaner" = CCleaner
    "CD/DVD Diagnostic" = CD/DVD Diagnostic
    "CD/DVD Inspector" = CD/DVD Inspector
    "CloneDVD2" = CloneDVD2
    "Cucusoft MPEG to DVD Author_is1" = Cucusoft MPEG to DVD Author 1.06
    "Cucusoft MPEG/MOV/RM/DivX/AVI to DVD/VCD/SVCD Creator Pro_is1" = Cucusoft MPEG/MOV/RM/DivX/AVI to DVD/VCD/SVCD Creator Pro 7.07
    "DVD Decrypter" = DVD Decrypter (Remove Only)
    "DVDx_is1" = DVDx
    "ENTERPRISE" = Microsoft Office Enterprise 2007
    "EssentialPIM" = EssentialPIM
    "Handbrake" = Handbrake 0.9.4
    "HijackThis" = HijackThis 2.0.2
    "ie8" = Windows Internet Explorer 8
    "InstallShield_{21DBBDD6-93A5-4326-9A04-C9A5C9148502}" = Norton PartitionMagic 8.0
    "InstallShield_{268723B7-A994-4286-9F85-B974D5CAFC7B}" = EasyRecovery Professional
    "InstallShield_{B6ACFF51-248A-4290-B50B-E50C81F25B97}" = iPod for Windows 2005-02-22
    "IrfanView" = IrfanView (remove only)
    "Lexmark X1100 Series" = Lexmark X1100 Series
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
    "Microsoft SQL Server 10" = Microsoft SQL Server 2008
    "Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
    "Microsoft Team Foundation Server 2010 Object Model - ENU" = Microsoft Team Foundation Server 2010 Object Model - ENU
    "Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
    "Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
    "Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "Netviewer V1.2.5.104_is1" = Netviewer V1.2.5.104
    "NVIDIA Drivers" = NVIDIA Drivers
    "OJOsoft Total Video Converter_is1" = OJOsoft Total Video Converter
    "Playback_is1" = Playback 2.3.0.4
    "PowerISO" = PowerISO
    "PrintKey2000" = PrintKey2000
    "PS3 Video 9" = PS3 Video 9 5.04
    "Rainbow Client Activator 2.2 English" = Client Activator 2.2 - English
    "RescuePRO-3.0" = RescuePRO™ 3.0
    "Rhapsody" = Rhapsody
    "SiSoftware Sandra Professional 2005.SR1_is1" = SiSoftware Sandra Professional 2005.SR1 (Win64/32/CE)
    "SlimBrowser" = FlashPeak SlimBrowser
    "The Rosetta Stone" = The Rosetta Stone
    "TVersity Codec Pack" = TVersity Codec Pack 1.2
    "TVersity Media Server" = TVersity Media Server 1.7.4.1 Beta
    "VISPRO" = Microsoft Office Visio Professional 2007
    "VLC media player" = VLC media player 1.0.3
    "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    "Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
    "Winamp" = Winamp
    "Windows Genuine Advantage Validation v1.9.40.0 Cracked V4" = Windows Genuine Advantage Validation v1.9.40.0 Cracked V4
    "Windows Media Encoder 9" = Windows Media Encoder 9 Series
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinRAR archiver" = WinRAR archiver
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
    "Xilisoft DVD Ripper Ultimate 5" = Xilisoft DVD Ripper Ultimate
    "Xvid_is1" = Xvid 1.2.2 final uninstall

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Dropbox" = Dropbox
    "uTorrent" = µTorrent

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 11/12/2010 5:35:45 PM | Computer Name = DON-451A1F95FB9 | Source = Windows Search Service | ID = 3100
    Description = Unable to initialize the filter host process. Terminating. Details:
    This
    operation returned because the timeout period expired. (0x800705b4)

    Error - 11/26/2010 12:27:07 PM | Computer Name = DON-451A1F95FB9 | Source = Windows Search Service | ID = 3013
    Description = The entry <C:\DOCUMENTS AND SETTINGS\ANDREW\RECENT\VIDEO.LNK> in the
    hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A
    device attached to the system is not functioning. (0x8007001f)

    Error - 11/26/2010 12:27:07 PM | Computer Name = DON-451A1F95FB9 | Source = Windows Search Service | ID = 3013
    Description = The entry <C:\DOCUMENTS AND SETTINGS\ANDREW\RECENT\VIDEO.LNK> in the
    hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A
    device attached to the system is not functioning. (0x8007001f)

    Error - 11/26/2010 6:30:13 PM | Computer Name = DON-451A1F95FB9 | Source = Application Hang | ID = 1002
    Description = Hanging application DiskDefrag.exe, version 3.1.2.90, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 11/26/2010 6:30:13 PM | Computer Name = DON-451A1F95FB9 | Source = Application Hang | ID = 1002
    Description = Hanging application DiskDefrag.exe, version 3.1.2.90, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 12/2/2010 10:19:24 PM | Computer Name = DON-451A1F95FB9 | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 12/3/2010 10:54:47 PM | Computer Name = DON-451A1F95FB9 | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: The server name or address could not be resolved

    Error - 12/3/2010 10:56:01 PM | Computer Name = DON-451A1F95FB9 | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: The server name or address could not be resolved

    Error - 12/3/2010 11:40:00 PM | Computer Name = DON-451A1F95FB9 | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: The server name or address could not be resolved

    Error - 12/3/2010 11:41:01 PM | Computer Name = DON-451A1F95FB9 | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: The server name or address could not be resolved

    [ System Events ]
    Error - 10/30/2010 1:41:34 PM | Computer Name = DON-451A1F95FB9 | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service WSearch with
    arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

    Error - 10/30/2010 1:41:49 PM | Computer Name = DON-451A1F95FB9 | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service WSearch with
    arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

    Error - 10/30/2010 1:42:33 PM | Computer Name = DON-451A1F95FB9 | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service netman with
    arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

    Error - 10/30/2010 1:44:20 PM | Computer Name = DON-451A1F95FB9 | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service EventSystem
    with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

    Error - 10/30/2010 1:46:30 PM | Computer Name = DON-451A1F95FB9 | Source = Service Control Manager | ID = 7000
    Description = The Netropa NHK Server service failed to start due to the following
    error: %%2

    Error - 10/30/2010 1:46:30 PM | Computer Name = DON-451A1F95FB9 | Source = Service Control Manager | ID = 7000
    Description = The MCSTRM service failed to start due to the following error: %%2

    Error - 10/30/2010 6:26:57 PM | Computer Name = DON-451A1F95FB9 | Source = MRxSmb | ID = 8003
    Description = The master browser has received a server announcement from the computer
    ACER-LAPTOP that believes that it is the master browser for the domain on transport
    NetBT_Tcpip_{F5FDF3B8-C6EB-46. The master browser is stopping or an election is
    being forced.

    Error - 10/31/2010 9:47:29 AM | Computer Name = DON-451A1F95FB9 | Source = DCOM | ID = 10010
    Description = The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register
    with DCOM within the required timeout.

    Error - 10/31/2010 9:49:53 AM | Computer Name = DON-451A1F95FB9 | Source = Service Control Manager | ID = 7000
    Description = The Netropa NHK Server service failed to start due to the following
    error: %%2

    Error - 10/31/2010 9:49:53 AM | Computer Name = DON-451A1F95FB9 | Source = Service Control Manager | ID = 7000
    Description = The MCSTRM service failed to start due to the following error: %%2


    < End of report >
     
  17. Donnegs

    Donnegs TS Rookie Topic Starter Posts: 18

    i had uninstalled and then reinstalled slimbrowser before i posted to the forum a couple days ago but i will do it again...
     
  18. Donnegs

    Donnegs TS Rookie Topic Starter Posts: 18

    reinstalled slimbrowswer and now i have two sbroswer.exe in the processes one running at 50 and the other at 48...
     
  19. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    =======================================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      [2010/10/02 18:41:06 | 000,001,919 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing-zugo.xml
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      
      
      :Services
      
      :Reg
      
      :Files
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    =====================================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  20. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    I suggest you drop SlimBrowser and use something else.
     
  21. Donnegs

    Donnegs TS Rookie Topic Starter Posts: 18

    OTL scan log

    All processes killed
    ========== OTL ==========
    C:\Program Files\Mozilla Firefox\searchplugins\bing-zugo.xml moved successfully.
    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    C:\WINDOWS\Downloaded Program Files\gp.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: All Users

    User: Andrew
    ->Temp folder emptied: 34248 bytes
    ->Temporary Internet Files folder emptied: 7099042 bytes
    ->Java cache emptied: 2027 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 790 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32835 bytes

    User: LogMeInRemoteUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 86238 bytes

    Total Files Cleaned = 7.00 mb


    [EMPTYFLASH]

    User: Administrator

    User: All Users

    User: Andrew
    ->Flash cache emptied: 0 bytes

    User: Default User

    User: LocalService

    User: LogMeInRemoteUser

    User: NetworkService

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.17.3 log created on 12042010_002917

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...
     
  22. Donnegs

    Donnegs TS Rookie Topic Starter Posts: 18

    This popped up from my AV when i clicked on SecurityCheck.exe
    Worm.Autoit.Gen{virus}
    objlist.exe

    Should i remove, block, or add to exclusion?
     
  23. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Add to exclusions and run it.
     
  24. Donnegs

    Donnegs TS Rookie Topic Starter Posts: 18

    Security Check Log

    Results of screen317's Security Check version 0.99.5
    Windows XP Service Pack 3
    Internet Explorer 8
    Error creating install.txt after 3 tries! Trying alternate method...
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Disabled!
    Adobe After Effects CS3 Presets
    Outpost Security Suite Pro 7.0.3
    Antivirus up to date!
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    HijackThis 2.0.2
    CCleaner
    Java(TM) 6 Update 22
    Out of date Java installed!
    Adobe Flash Player 9 (Out of date Flash Player installed!)
    Adobe Flash Player
    Mozilla Firefox (3.6.) Firefox Out of Date!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    ````````````````````````````````
    DNS Vulnerability Check:

    GREAT! (Not vulnerable to DNS cache poisoning)

    ``````````End of Log````````````
     
  25. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Update Adobe Flash Player and Firefox.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...