TechSpot

Searches sometimes redirected and Generic Host errors

By Kevin562
Jan 4, 2011
  1. Hi,
    First off thanks for the help. This issue has really been killing me. So a few days ago my computer started regularly giving me a windows error about the Generic Host erroring and having to close. Since then occasionally my searches Firefox will be redirected to a random spam looking page. This doesn't always seem to happen. Also I occasionally get a Threat Blocked from AVG that comes from svchost.exe. The most resent was an "Exploit Pheonix" but I've seen a few different ones. I have ran AVG and it finds nothing. I ran the 8 steps and here are the logs:

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 5418

    Windows 5.1.2600 Service Pack 3 (Safe Mode)
    Internet Explorer 8.0.6001.18702

    1/4/2011 11:07:41 AM
    mbam-log-2011-01-04 (11-07-41).txt

    Scan type: Quick scan
    Objects scanned: 180304
    Time elapsed: 13 minute(s), 42 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit quick scan 2011-01-04 11:39:56
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort1 ST9120823ASG rev.3.ADD
    Running: zi7vxsdd.exe; Driver: C:\DOCUME~1\ksmith\LOCALS~1\Temp\kgtoqpoc.sys


    ---- Disk sectors - GMER 1.0.15 ----

    Disk \Device\Harddisk0\DR0 sector 10: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 32: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 57: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior;

    ---- System - GMER 1.0.15 ----

    SSDT spgw.sys ZwEnumerateKey [0xB7EC8CA2]
    SSDT spgw.sys ZwEnumerateValueKey [0xB7EC9030]

    ---- Devices - GMER 1.0.15 ----

    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP0T0L0-3 8A75639B
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [B7DE1B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 8A75639B
    Device \Driver\atapi \Device\Ide\IdePort0 [B7DE1B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 8A75639B
    Device \Driver\atapi \Device\Ide\IdePort1 [B7DE1B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\aa8uxesn \Device\Scsi\aa8uxesn1 8A5591F8
    Device \Driver\aa8uxesn \Device\Scsi\aa8uxesn1Port2Path0Target0Lun0 8A5591F8
    Device \FileSystem\Ntfs \Ntfs 8A7E01F8

    AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

    Device \Device\Ide\IdeDeviceP1T0L0-e -> \??\IDE#DiskST9120823ASG____________________________3.ADD___#5&266ff5a6&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

    ---- EOF - GMER 1.0.15 ----


    DDS (Ver_10-12-12.02) - NTFSx86
    Run by ksmith at 11:40:57.92 on Tue 01/04/2011
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1220 [GMT -8:00]

    AV: AVG Anti-Virus Business Edition *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

    ============== Running Processes ===============

    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    svchost.exe
    svchost.exe
    C:\Program Files\AVG\AVG9\avgchsvx.exe
    C:\Program Files\AVG\AVG9\avgrsx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    svchost.exe
    C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
    C:\Program Files\AVG\AVG9\avgwdsvc.exe
    C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    C:\WINDOWS\System32\DkLog.exe
    C:\Program Files\AVG\AVG9\avgam.exe
    C:\WINDOWS\system32\dkvcm.exe
    C:\Program Files\AVG\AVG9\avgnsx.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\libusbd-nt.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\MySQL\MySQL Server 4.1\bin\mysqld-nt.exe
    C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\SonyEricsson\JavaME_SDK_CLDC\OnDeviceDebug\lib\jsl.exe
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\WINDOWS\system32\StacSV.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\WINDOWS\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe
    C:\WINDOWS\system32\CCM\CcmExec.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\System32\dkcktkn.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
    C:\Program Files\UltraMon\UltraMon.exe
    C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
    C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    C:\WINDOWS\system32\KADxMain.exe
    C:\Program Files\GeoTrust\GeoTrust Token\iKey 2000 Series Software\DkAutoReg.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\PROGRA~1\AVG\AVG9\avgtray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Apoint\ApMsgFwd.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\UltraMon\UltraMonTaskbar.exe
    C:\Program Files\Apoint\HidFind.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    C:\Documents and Settings\ksmith\Application Data\Dropbox\bin\Dropbox.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\Documents and Settings\ksmith\My Documents\My Dropbox\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.msn.com
    uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
    uDefault_Page_URL = hxxp://www.msn.com
    BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 8\SnagItBHO.dll
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
    BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 8\SnagItIEAddin.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
    mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe
    mRun: [VaCtrl] c:\program files\voiceage\common\VaCtrl.exe
    mRun: [UltraMon] "c:\program files\ultramon\UltraMon.exe" /auto
    mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
    mRun: [SecureUpgrade] c:\program files\wave systems corp\SecureUpgrade.exe
    mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
    mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    mRun: [KADxMain] c:\windows\system32\KADxMain.exe
    mRun: [DkStartup] c:\program files\geotrust\geotrust token\ikey 2000 series software\DkStartup.exe
    mRun: [DkAutoReg.exe] c:\program files\geotrust\geotrust token\ikey 2000 series software\DkAutoReg.exe
    mRun: [Apoint] c:\program files\apoint\Apoint.exe
    mRun: [nwiz] nwiz.exe /installquiet
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
    StartupFolder: c:\docume~1\ksmith\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\ksmith\application data\dropbox\bin\Dropbox.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1261861118671
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1274492011630
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
    DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: avgrsstarter - avgrsstx.dll
    Notify: DkWLNP - DkWLNP.dll
    Notify: gemsafe - c:\program files\gemplus\gemsafe libraries\bin\WLEventNotify.dll
    Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
    LSA: Authentication Packages = msv1_0 wvauth

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\ksmith\applic~1\mozilla\firefox\profiles\7cdheibj.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
    FF - prefs.js: network.proxy.http - kungfu7msrv.attdev.mforma.com
    FF - prefs.js: network.proxy.http_port - 9109
    FF - prefs.js: network.proxy.type - 4
    FF - component: c:\documents and settings\ksmith\application data\mozilla\firefox\profiles\7cdheibj.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
    FF - component: c:\documents and settings\ksmith\application data\mozilla\firefox\profiles\7cdheibj.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
    FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
    FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
    FF - plugin: c:\documents and settings\ksmith.mforma\application data\move networks\plugins\npqmp071701000002.dll
    FF - plugin: c:\documents and settings\ksmith\application data\mozilla\firefox\profiles\7cdheibj.default\extensions\{0c7e3f01-99e9-4095-9bdc-f84724960b57}\plugins\NPCpnMgr.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\NpIpx32.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
    FF - Ext: Woot Watcher: {a92aadf8-193f-4a62-8740-5cce81775afc} - %profile%\extensions\{a92aadf8-193f-4a62-8740-5cce81775afc}
    FF - Ext: Flashblock: {3d7eb24f-2740-49df-8937-200b1cc08f8a} - %profile%\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
    FF - Ext: wmlbrowser: {c4dc572a-3295-40eb-b30f-b54aa4cdc4b7} - %profile%\extensions\{c4dc572a-3295-40eb-b30f-b54aa4cdc4b7}
    FF - Ext: Coupon Manager: {0C7E3F01-99E9-4095-9BDC-F84724960B57} - %profile%\extensions\{0C7E3F01-99E9-4095-9BDC-F84724960B57}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - %profile%\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
    FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg9\Firefox

    ============= SERVICES / DRIVERS ===============

    R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2010-9-24 52872]
    R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-9-24 216400]
    R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-9-24 29584]
    R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-9-24 243024]
    R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2006-12-19 79432]
    R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-9-24 308136]
    R2 DkVcm;Datakey's Virtual Channel Monitor;c:\windows\system32\dkvcm.exe [2005-3-18 122880]
    R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
    R2 MSSQL$MYMOVIES;SQL Server (MYMOVIES);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2009-5-27 29262680]
    R2 SEMC_SDK_Service;SEMC SDK Service;c:\sonyericsson\javame_sdk_cldc\ondevicedebug\lib\jsl.exe [2008-10-21 49152]
    R2 UltraMonUtility;UltraMon Utility Driver;c:\program files\common files\realtime soft\ultramonmirrordrv\x32\UltraMonUtility.sys [2006-9-24 11776]
    R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [2004-8-11 5120]
    R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [2006-11-2 97536]
    R3 iKeyEnum;Rainbow iKey Enumerator;c:\windows\system32\drivers\IKEYENUM.SYS [2008-7-16 12480]
    R3 iKeyIFD;Rainbow iKey Virtual Reader;c:\windows\system32\drivers\IKEYIFD.SYS [2008-7-16 19232]
    R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2008-9-1 33792]
    R3 UltraMonMirror;UltraMonMirror;c:\windows\system32\drivers\UltraMonMirror.sys [2006-9-24 3584]
    S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?]
    S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2008-8-31 42112]
    S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-8-2 32512]
    S3 RnbToken;Rainbow iKey Token Service;c:\windows\system32\drivers\RNBTOKEN.SYS [2008-7-16 22304]
    S3 Smcinst;Symantec Auto-upgrade Agent;c:\program files\symantec\symantec endpoint protection\smclu\setup\smcinst.exe --> c:\program files\symantec\symantec endpoint protection\smclu\setup\smcinst.exe [?]

    =============== Created Last 30 ================

    2011-01-04 19:31:44 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-01-04 19:31:44 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    2011-01-03 21:45:30 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2011-01-03 21:45:30 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
    2010-12-30 01:52:13 -------- d-----w- C:\TDSSKiller_Quarantine
    2010-12-29 20:09:51 -------- d-----w- c:\docume~1\ksmith\applic~1\Malwarebytes
    2010-12-29 20:09:45 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-12-29 20:09:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-12-29 20:09:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-12-28 19:57:45 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2010-12-28 19:49:27 -------- d-----w- c:\docume~1\ksmith\locals~1\applic~1\Sunbelt Software
    2010-12-15 20:47:38 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
    2010-12-15 20:47:16 45568 ------w- c:\windows\system32\dllcache\wab.exe

    ==================== Find3M ====================

    2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
    2010-11-13 00:34:10 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-11-06 00:26:58 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-11-06 00:26:58 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec
    2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll
    2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys

    =================== ROOTKIT ====================

    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 5.1.2600 Disk: ST9120823ASG rev.3.ADD -> Harddisk0\DR0 -> \Device\Ide\IdePort1 P1T0L0-e

    device: opened successfully
    user: MBR read successfully

    Disk trace:
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8A756555]<<
    _asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8a75c7b0]; MOV EAX, [0x8a75c82c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
    1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8A6C3AB8]
    3 CLASSPNP[0xB80E8FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x8A71EB80]
    \Driver\atapi[0x8A6EC8C0] -> IRP_MJ_CREATE -> 0x8A756555
    kernel: MBR read successfully
    _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
    detected disk devices:
    \Device\Ide\IdeDeviceP1T0L0-e -> \??\IDE#DiskST9120823ASG____________________________3.ADD___#5&266ff5a6&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
    detected hooks:
    \Driver\atapi DriverStartIo -> 0x8A75639B
    user & kernel MBR OK
    Warning: possible TDL3 rootkit infection !

    ============= FINISH: 11:42:57.04 ===============


    DDS (Ver_10-12-12.02)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 6/4/2008 12:13:07 PM
    System Uptime: 1/4/2011 11:34:51 AM (0 hours ago)

    Motherboard: Dell Inc. | | 0WM416
    Processor: Intel(R) Core(TM)2 Duo CPU T7500 @ 2.20GHz | Microprocessor | 2194/200mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 112 GiB total, 31.592 GiB free.
    D: is CDROM ()
    E: is CDROM ()

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    No restore point in system.

    ==== Installed Programs ======================

    Adobe Bridge 1.0
    Adobe Common File Installer
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Help Center 1.0
    Adobe Photoshop CS2
    Adobe Reader 8.2.5
    Adobe Stock Photos 1.0
    Apple Application Support
    Apple Software Update
    AuthenTec Fingerprint Sensor Minimum Install
    AutoUpdate
    AVG 9.0
    biolsp patch
    Broadcom ASF Management Applications
    Broadcom Management Programs
    Browser Address Error Redirector
    CCleaner
    CDDRV_Installer
    Compatibility Pack for the 2007 Office system
    Conexant HDA D330 MDC V.92 Modem
    Coupon Printer for Windows
    CR9MMsetup
    Critical Update for Windows Media Player 11 (KB959772)
    Dell Drivers MSI
    Dell Embassy Trust Suite by Wave Systems
    Dell Touchpad
    Dexster v3.5
    Digital Line Detect
    Diskeeper 2007 Pro Premier
    DivX Codec
    DJ Java Decompiler v.3.10.10.93
    Document Manager Lite
    Dropbox
    EditPlus 2
    EMBASSY Security Center
    EMBASSY Security Setup
    EMBASSY Trust Suite by Wave Systems
    ESC Home Page Plugin
    Ethereal 0.99.0
    Flash&Backup
    GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)
    GDR 4053 for SQL Server Tools and Workstation Components 2005 ENU (KB970892)
    Gemalto
    GemSafe Standard Edition 5.1
    GeoTrust Token - iKey 2000 Series v4.7 MU20.3
    GNUstep Windows Core 0.22.0
    GNUstep Windows Developer 1.0.0
    GNUstep Windows System 0.22.0
    HexEdit
    High Definition Audio Driver Package - KB835221
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB915800-v4)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    Intel(R) PROSet/Wireless Software
    IntelliJ IDEA 7.0.3
    IntelliJ IDEA 8.0
    IntelliJ IDEA 8.0.1
    IntelliJ IDEA 8.1
    IntelliJ IDEA 9.0
    IntelliSonic Speech Enhancement
    Java Auto Updater
    Java DB 10.3.1.4
    Java(TM) 6 Update 23
    Java(TM) 6 Update 5
    Java(TM) 6 Update 6
    Java(TM) SE Development Kit 6 Update 6
    KhalInstallWrapper
    Labeler
    LibUSB-Win32-0.1.10.1
    LiveUpdate 3.3 (Symantec Corporation)
    Logitech SetPoint
    Logitech Updater
    Malwarebytes' Anti-Malware
    mCore
    mDrWiFi
    mHlpDell
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Standard Edition 2003
    Microsoft Silverlight
    Microsoft SQL Server 2005
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft SQL Server 2005 Express Edition (MYMOVIES)
    Microsoft SQL Server 2005 Tools Express Edition
    Microsoft SQL Server Native Client
    Microsoft SQL Server Setup Support Files (English)
    Microsoft SQL Server VSS Writer
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Windows Media Center SDK 5.3
    mIWA
    mLogView
    mMHouse
    MobileAsset
    Modem Diagnostic Tool
    MotoKup 0.2
    Motorola Driver Installation 3.5.0
    Motorola iDEN SDK for J2ME (MIDP 2.0)
    Mozilla Firefox (3.6.13)
    mPfMgr
    mPfWiz
    mProSafe
    mSCfg
    mSSO
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 6.0 Parser (KB933579)
    mWlsSafe
    mWMI
    MX-700 Editor
    MySQL Server 4.1
    mZConfig
    NetWaiting
    Network Stumbler 0.4.0 (remove only)
    NTRU TCG Software Stack
    NVIDIA Drivers
    NVIDIA nView Desktop Manager
    NVIDIA PhysX
    OGA Notifier 2.0.0048.0
    PNGGauntlet
    PowerDVD
    Preboot Manager
    Private Information Manager
    ProjectCenter 0.5.0
    QuickSet
    QuickTime
    SafeNet iKey Driver v4.0.0.11
    SC Ver 2.70
    Secure Update
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Internet Explorer 7 (KB938127-v2)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows Media Player 9 (KB936782)
    Security Update for Windows Search 4 - KB963093
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371-v2)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Security Wizards
    Skype Toolbars
    Skype™ 4.2
    SMS Advanced Client
    SnagIt 8
    Sony Ericsson SDK 2.5.0.3 (build 1143) for the Java(TM) ME Platform
    SPOT xde(R) Player DLL
    Sprint Wireless Toolkit 3.3.2 - Powered by Sun Java Technology
    Spybot - Search & Destroy
    SSH Secure Shell
    Sun Java (TM) Wireless Toolkit 2.5.2 for CLDC
    Synergy
    TestTrack
    TestTrack Pro
    TextPad 5
    TomTom HOME 2.5.2.60
    TortoiseSVN 1.5.2.13595 (32 bit)
    Trillian
    Trusted Drive Manager
    tsp patch
    UltraMon
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Windows (KB971513)
    Update for Windows Internet Explorer 8 (KB975364)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    upekmsi
    VC_MergeModuleToMSI
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    Visual C++ 8.0 ATL (x86) WinSXS MSM
    Visual C++ 8.0 CRT (x86) WinSXS MSM
    VLC media player 1.1.4
    Wave Infrastructure Installer
    Wave Support Software
    WebFldrs XP
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Installer 3.1 (KB893803)
    Windows Internet Explorer 8
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows PowerShell(TM) 1.0
    Windows Search 4.0
    Windows XP Service Pack 3
    WinMerge 2.8.0.0
    WinPcap 3.1
    WinRAR archiver
    YourKit Java Profiler 6.0.16

    ==== Event Viewer Messages From Past Week ========

    12/29/2010 3:18:21 PM, error: NetBT [4311] - Initialization failed because the driver device could not be created.
    12/29/2010 3:06:25 PM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
    12/29/2010 12:25:02 PM, error: System Error [1003] - Error code 10000050, parameter1 a2708000, parameter2 00000001, parameter3 8053a5b3, parameter4 00000000.
    12/29/2010 12:23:30 PM, error: DCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {7E89FF0B-F649-4F9A-A9C3-F05DFAAA3DA1} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be modified using the Component Services administrative tool.
    12/29/2010 11:02:34 AM, error: NetBT [4307] - Initialization failed because the transport refused to open initial Addresses.
    12/28/2010 4:01:07 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Fax service to connect.
    12/28/2010 4:01:07 PM, error: Service Control Manager [7000] - The Fax service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    1/4/2011 11:37:44 AM, error: Service Control Manager [7022] - The SQL Server Browser service hung on starting.
    1/4/2011 11:16:28 AM, error: Service Control Manager [7034] - The SMS Remote Control Agent service terminated unexpectedly. It has done this 1 time(s).
    1/4/2011 11:16:28 AM, error: Service Control Manager [7031] - The SMS Agent Host service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    1/4/2011 11:16:27 AM, error: Service Control Manager [7034] - The Intel(R) PROSet/Wireless SSO Service service terminated unexpectedly. It has done this 1 time(s).
    1/4/2011 11:16:27 AM, error: Service Control Manager [7034] - The Datakey's Token Service service terminated unexpectedly. It has done this 1 time(s).
    1/4/2011 11:16:26 AM, error: Service Control Manager [7034] - The TdmService service terminated unexpectedly. It has done this 1 time(s).
    1/4/2011 11:16:26 AM, error: Service Control Manager [7034] - The SQL Server VSS Writer service terminated unexpectedly. It has done this 1 time(s).
    1/4/2011 11:16:26 AM, error: Service Control Manager [7034] - The SigmaTel Audio Service service terminated unexpectedly. It has done this 1 time(s).
    1/4/2011 11:16:26 AM, error: Service Control Manager [7034] - The SEMC SDK Service service terminated unexpectedly. It has done this 1 time(s).
    1/4/2011 11:16:26 AM, error: Service Control Manager [7034] - The MySQL service terminated unexpectedly. It has done this 1 time(s).
    1/4/2011 11:16:25 AM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
    1/4/2011 11:16:25 AM, error: Service Control Manager [7034] - The NICCONFIGSVC service terminated unexpectedly. It has done this 1 time(s).
    1/4/2011 11:16:25 AM, error: Service Control Manager [7034] - The LibUsb-Win32 - Daemon, Version 0.1.10.1 service terminated unexpectedly. It has done this 1 time(s).
    1/4/2011 11:16:25 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
    1/4/2011 11:16:25 AM, error: Service Control Manager [7034] - The Intel(R) PROSet/Wireless Service service terminated unexpectedly. It has done this 1 time(s).
    1/4/2011 11:16:25 AM, error: Service Control Manager [7034] - The Intel(R) PROSet/Wireless Registry Service service terminated unexpectedly. It has done this 1 time(s).
    1/4/2011 11:16:25 AM, error: Service Control Manager [7034] - The Intel(R) PROSet/Wireless Event Log service terminated unexpectedly. It has done this 1 time(s).
    1/4/2011 11:16:25 AM, error: Service Control Manager [7034] - The Diskeeper service terminated unexpectedly. It has done this 1 time(s).
    1/4/2011 11:16:25 AM, error: Service Control Manager [7034] - The Datakey's Virtual Channel Monitor service terminated unexpectedly. It has done this 1 time(s).
    1/4/2011 11:16:25 AM, error: Service Control Manager [7034] - The Datakey's Log Service service terminated unexpectedly. It has done this 1 time(s).
    1/4/2011 11:16:25 AM, error: Service Control Manager [7034] - The Broadcom ASF IP and SMBIOS Mailbox Monitor service terminated unexpectedly. It has done this 1 time(s).
    1/4/2011 11:16:25 AM, error: Service Control Manager [7031] - The AVG WatchDog service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
    1/4/2011 10:55:06 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
    1/4/2011 10:53:26 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
    1/4/2011 10:53:13 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD APPDRV AvgLdx86 AvgMfx86 AvgTdiX Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
    1/4/2011 10:53:13 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
    1/4/2011 10:53:13 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
    1/4/2011 10:53:13 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    1/4/2011 10:53:13 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
    1/4/2011 10:53:11 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

    ==== End Of File ===========================


    Thanks again for the help

    -Kevin
     
  2. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ========================================================================

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  3. Kevin562

    Kevin562 TS Rookie Topic Starter

    Hi Broni,
    Thanks for taking my case. I downloaded and ran TDSSKiller and it looks like it found and cured something. Could it be this simple? :) Here are the logs:

    2011/01/04 17:19:07.0156 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46
    2011/01/04 17:19:07.0156 ================================================================================
    2011/01/04 17:19:07.0156 SystemInfo:
    2011/01/04 17:19:07.0156
    2011/01/04 17:19:07.0156 OS Version: 5.1.2600 ServicePack: 3.0
    2011/01/04 17:19:07.0156 Product type: Workstation
    2011/01/04 17:19:07.0156 ComputerName: SD-KSMITH1
    2011/01/04 17:19:07.0156 UserName: ksmith
    2011/01/04 17:19:07.0156 Windows directory: C:\WINDOWS
    2011/01/04 17:19:07.0156 System windows directory: C:\WINDOWS
    2011/01/04 17:19:07.0156 Processor architecture: Intel x86
    2011/01/04 17:19:07.0156 Number of processors: 2
    2011/01/04 17:19:07.0156 Page size: 0x1000
    2011/01/04 17:19:07.0156 Boot type: Normal boot
    2011/01/04 17:19:07.0156 ================================================================================
    2011/01/04 17:19:07.0375 Initialize success
    2011/01/04 17:19:21.0687 ================================================================================
    2011/01/04 17:19:21.0687 Scan started
    2011/01/04 17:19:21.0687 Mode: Manual;
    2011/01/04 17:19:21.0687 ================================================================================
    2011/01/04 17:19:22.0796 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
    2011/01/04 17:19:22.0906 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    2011/01/04 17:19:22.0937 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    2011/01/04 17:19:23.0015 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
    2011/01/04 17:19:23.0093 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    2011/01/04 17:19:23.0156 AegisP (a1ad1a4a9f18d900ca9c93fa3efdcb56) C:\WINDOWS\system32\DRIVERS\AegisP.sys
    2011/01/04 17:19:23.0218 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
    2011/01/04 17:19:23.0281 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
    2011/01/04 17:19:23.0328 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
    2011/01/04 17:19:23.0375 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
    2011/01/04 17:19:23.0406 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
    2011/01/04 17:19:23.0421 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
    2011/01/04 17:19:23.0500 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
    2011/01/04 17:19:23.0578 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
    2011/01/04 17:19:23.0625 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
    2011/01/04 17:19:23.0718 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
    2011/01/04 17:19:23.0796 ApfiltrService (b8d65da679a4a8d048783ede2691b5d4) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
    2011/01/04 17:19:23.0875 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
    2011/01/04 17:19:23.0984 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
    2011/01/04 17:19:24.0078 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
    2011/01/04 17:19:24.0187 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
    2011/01/04 17:19:24.0281 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
    2011/01/04 17:19:24.0453 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    2011/01/04 17:19:24.0546 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    2011/01/04 17:19:24.0734 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    2011/01/04 17:19:24.0875 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    2011/01/04 17:19:24.0968 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\WINDOWS\system32\Drivers\avgldx86.sys
    2011/01/04 17:19:25.0046 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\WINDOWS\system32\Drivers\avgmfx86.sys
    2011/01/04 17:19:25.0093 AvgRkx86 (5bbcd8646074a3af4ee9b321d12c2b64) C:\WINDOWS\system32\Drivers\avgrkx86.sys
    2011/01/04 17:19:25.0140 AvgTdiX (22e3b793c3e61720f03d3a22351af410) C:\WINDOWS\system32\Drivers\avgtdix.sys
    2011/01/04 17:19:25.0234 b57w2k (f96038aa1ec4013a93d2420fc689d1e9) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
    2011/01/04 17:19:25.0343 BASFND (5c68ac6f3e5b3e6d6a78e97d05e42c3a) C:\Program Files\Broadcom\ASFIPMon\BASFND.sys
    2011/01/04 17:19:25.0500 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    2011/01/04 17:19:25.0609 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
    2011/01/04 17:19:25.0640 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    2011/01/04 17:19:25.0750 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
    2011/01/04 17:19:25.0796 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    2011/01/04 17:19:25.0859 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    2011/01/04 17:19:25.0890 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    2011/01/04 17:19:25.0968 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
    2011/01/04 17:19:26.0015 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
    2011/01/04 17:19:26.0062 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
    2011/01/04 17:19:26.0109 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
    2011/01/04 17:19:26.0140 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
    2011/01/04 17:19:26.0187 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
    2011/01/04 17:19:26.0265 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    2011/01/04 17:19:26.0359 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    2011/01/04 17:19:26.0546 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    2011/01/04 17:19:26.0625 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    2011/01/04 17:19:26.0796 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    2011/01/04 17:19:26.0890 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
    2011/01/04 17:19:26.0968 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    2011/01/04 17:19:27.0031 DXEC01 (549734664886d91222969845e4311d1b) C:\WINDOWS\system32\drivers\dxec01.sys
    2011/01/04 17:19:27.0093 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
    2011/01/04 17:19:27.0218 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    2011/01/04 17:19:27.0296 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
    2011/01/04 17:19:27.0390 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    2011/01/04 17:19:27.0453 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    2011/01/04 17:19:27.0578 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    2011/01/04 17:19:27.0687 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    2011/01/04 17:19:27.0859 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    2011/01/04 17:19:27.0968 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    2011/01/04 17:19:28.0062 guardian2 (7031a936832967a93b0e5d5f1c76745a) C:\WINDOWS\system32\Drivers\oz776.sys
    2011/01/04 17:19:28.0187 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    2011/01/04 17:19:28.0328 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    2011/01/04 17:19:28.0453 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
    2011/01/04 17:19:28.0593 HSFHWAZL (290cdbb05903742ea06b7203c5a662f5) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
    2011/01/04 17:19:28.0734 HSF_DPV (7ab812355f98858b9ecdd46e6fcc221f) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
    2011/01/04 17:19:29.0000 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    2011/01/04 17:19:29.0093 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
    2011/01/04 17:19:29.0156 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
    2011/01/04 17:19:29.0265 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    2011/01/04 17:19:29.0359 idisw2km (da242c93d44675136c719cb1e83cd2a1) C:\WINDOWS\system32\DRIVERS\idisw2km.sys
    2011/01/04 17:19:29.0437 iKeyEnum (74ab6b88d44da36488ea2deaa5dd85ce) C:\WINDOWS\system32\DRIVERS\ikeyenum.sys
    2011/01/04 17:19:29.0578 iKeyIFD (a30a8c032de8d3c4932f512d93ec32d2) C:\WINDOWS\system32\DRIVERS\ikeyifd.sys
    2011/01/04 17:19:29.0750 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    2011/01/04 17:19:29.0875 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
    2011/01/04 17:19:29.0984 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
    2011/01/04 17:19:30.0109 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    2011/01/04 17:19:30.0156 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    2011/01/04 17:19:30.0218 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    2011/01/04 17:19:30.0390 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    2011/01/04 17:19:30.0500 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    2011/01/04 17:19:30.0546 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    2011/01/04 17:19:30.0640 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    2011/01/04 17:19:30.0687 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    2011/01/04 17:19:30.0765 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    2011/01/04 17:19:30.0781 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    2011/01/04 17:19:30.0921 kbstuff (ee79516334a94d263c784958e1ed0ae4) C:\WINDOWS\system32\DRIVERS\kbstuff5.sys
    2011/01/04 17:19:30.0984 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    2011/01/04 17:19:31.0015 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    2011/01/04 17:19:31.0140 LHidFilt (24e0ddb99aeccf86bb37702611761459) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
    2011/01/04 17:19:31.0203 libusb0 (e2f1dcf4a68cc6cf694fbfba1842f4cd) C:\WINDOWS\system32\drivers\libusb0.sys
    2011/01/04 17:19:31.0265 LMouFilt (d58b330d318361a66a9fe60d7c9b4951) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
    2011/01/04 17:19:31.0281 LUsbFilt (144011d14bd35f4e36136ae057b1aadd) C:\WINDOWS\system32\Drivers\LUsbFilt.Sys
    2011/01/04 17:19:31.0343 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
    2011/01/04 17:19:31.0437 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    2011/01/04 17:19:31.0531 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    2011/01/04 17:19:31.0578 MotDev (80bda4ac4b2834ca522b7386fc1f6a20) C:\WINDOWS\system32\DRIVERS\motodrv.sys
    2011/01/04 17:19:31.0640 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    2011/01/04 17:19:31.0687 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    2011/01/04 17:19:31.0765 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    2011/01/04 17:19:31.0859 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
    2011/01/04 17:19:31.0968 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    2011/01/04 17:19:32.0078 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    2011/01/04 17:19:32.0234 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    2011/01/04 17:19:32.0359 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    2011/01/04 17:19:32.0468 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    2011/01/04 17:19:32.0546 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    2011/01/04 17:19:32.0625 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    2011/01/04 17:19:32.0812 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
    2011/01/04 17:19:32.0937 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    2011/01/04 17:19:33.0046 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    2011/01/04 17:19:33.0109 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    2011/01/04 17:19:33.0187 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    2011/01/04 17:19:33.0312 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    2011/01/04 17:19:33.0437 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    2011/01/04 17:19:33.0562 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    2011/01/04 17:19:33.0828 NETw4x32 (b5ab1108b377b5f3d37409fabda01453) C:\WINDOWS\system32\DRIVERS\NETw4x32.sys
    2011/01/04 17:19:34.0062 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
    2011/01/04 17:19:34.0140 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
    2011/01/04 17:19:34.0203 NPF (d21fee8db254ba762656878168ac1db6) C:\WINDOWS\system32\drivers\npf.sys
    2011/01/04 17:19:34.0390 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    2011/01/04 17:19:34.0484 NSNDIS5 (53f7546e8daefb3a0813f5e19c4613c9) C:\WINDOWS\system32\NSNDIS5.SYS
    2011/01/04 17:19:34.0687 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    2011/01/04 17:19:34.0796 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    2011/01/04 17:19:35.0265 nv (96601379e76522e144a795629fd3e2db) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    2011/01/04 17:19:35.0781 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    2011/01/04 17:19:35.0875 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    2011/01/04 17:19:36.0031 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
    2011/01/04 17:19:36.0093 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
    2011/01/04 17:19:36.0125 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    2011/01/04 17:19:36.0171 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    2011/01/04 17:19:36.0203 PBADRV (9ec004140e1b675acdeb07f66ee797a4) C:\WINDOWS\system32\DRIVERS\PBADRV.sys
    2011/01/04 17:19:36.0234 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    2011/01/04 17:19:36.0375 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    2011/01/04 17:19:36.0421 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
    2011/01/04 17:19:36.0640 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
    2011/01/04 17:19:36.0812 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
    2011/01/04 17:19:37.0000 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    2011/01/04 17:19:37.0109 prepdrvr (9b322103efe09f5f4a957af62b0387b1) C:\WINDOWS\system32\CCM\prepdrv.sys
    2011/01/04 17:19:37.0156 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    2011/01/04 17:19:37.0250 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    2011/01/04 17:19:37.0359 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
    2011/01/04 17:19:37.0406 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
    2011/01/04 17:19:37.0453 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
    2011/01/04 17:19:37.0625 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
    2011/01/04 17:19:37.0718 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
    2011/01/04 17:19:37.0828 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    2011/01/04 17:19:37.0921 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    2011/01/04 17:19:38.0031 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    2011/01/04 17:19:38.0109 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    2011/01/04 17:19:38.0218 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    2011/01/04 17:19:38.0359 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    2011/01/04 17:19:38.0437 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    2011/01/04 17:19:38.0593 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
    2011/01/04 17:19:38.0703 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    2011/01/04 17:19:38.0828 RnbToken (da77d9bb07cc6a292d8e70754a302c58) C:\WINDOWS\system32\DRIVERS\rnbtoken.sys
    2011/01/04 17:19:39.0031 s24trans (eadfb87f911a7a75d1b80617f92901e8) C:\WINDOWS\system32\DRIVERS\s24trans.sys
    2011/01/04 17:19:39.0203 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    2011/01/04 17:19:39.0453 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    2011/01/04 17:19:39.0828 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
    2011/01/04 17:19:39.0906 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    2011/01/04 17:19:40.0500 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
    2011/01/04 17:19:40.0703 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
    2011/01/04 17:19:40.0781 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    2011/01/04 17:19:40.0875 sptd (7f1b7c4d446cd3f926af45b8c48bd593) C:\WINDOWS\system32\Drivers\sptd.sys
    2011/01/04 17:19:40.0937 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 7f1b7c4d446cd3f926af45b8c48bd593
    2011/01/04 17:19:40.0937 sptd - detected Locked file (1)
    2011/01/04 17:19:40.0984 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    2011/01/04 17:19:41.0031 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
    2011/01/04 17:19:41.0203 STHDA (951801dfb54d86f611f0af47825476f9) C:\WINDOWS\system32\drivers\sthda.sys
    2011/01/04 17:19:41.0453 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    2011/01/04 17:19:41.0531 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    2011/01/04 17:19:41.0593 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
    2011/01/04 17:19:41.0640 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
    2011/01/04 17:19:41.0718 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
    2011/01/04 17:19:41.0828 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
    2011/01/04 17:19:41.0968 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    2011/01/04 17:19:42.0109 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    2011/01/04 17:19:42.0328 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    2011/01/04 17:19:42.0437 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    2011/01/04 17:19:42.0515 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    2011/01/04 17:19:42.0656 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
    2011/01/04 17:19:42.0796 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    2011/01/04 17:19:42.0937 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
    2011/01/04 17:19:43.0078 UltraMonMirror (26401a2c5e5466857077eadaaec7cdd0) C:\WINDOWS\system32\DRIVERS\UltraMonMirror.sys
    2011/01/04 17:19:43.0218 UltraMonUtility (6fc85b4505eefbfdfc817787e4b3e26f) C:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys
    2011/01/04 17:19:43.0359 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    2011/01/04 17:19:43.0500 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
    2011/01/04 17:19:43.0640 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    2011/01/04 17:19:43.0765 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    2011/01/04 17:19:43.0890 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    2011/01/04 17:19:44.0000 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    2011/01/04 17:19:44.0140 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    2011/01/04 17:19:44.0312 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    2011/01/04 17:19:44.0421 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    2011/01/04 17:19:44.0500 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    2011/01/04 17:19:44.0609 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
    2011/01/04 17:19:44.0734 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
    2011/01/04 17:19:44.0828 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    2011/01/04 17:19:44.0906 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    2011/01/04 17:19:45.0031 WaveFDE (db626c46997c2430d4958da5c7ffb969) C:\WINDOWS\system32\DRIVERS\WaveFDE.sys
    2011/01/04 17:19:45.0125 WavxDMgr (51e756f2bfb5e3adcb15f966ad293231) C:\WINDOWS\system32\DRIVERS\WavxDMgr.sys
    2011/01/04 17:19:45.0265 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
    2011/01/04 17:19:45.0421 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    2011/01/04 17:19:45.0531 winachsf (a8596cf86d445269a42ecc08b7066a4c) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
    2011/01/04 17:19:45.0687 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
    2011/01/04 17:19:45.0796 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    2011/01/04 17:19:45.0890 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    2011/01/04 17:19:45.0937 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
    2011/01/04 17:19:45.0937 ================================================================================
    2011/01/04 17:19:45.0937 Scan finished
    2011/01/04 17:19:45.0937 ================================================================================
    2011/01/04 17:19:45.0953 Detected object count: 2
    2011/01/04 17:20:02.0343 Locked file(sptd) - User select action: Skip
    2011/01/04 17:20:02.0437 \HardDisk0 - will be cured after reboot
    2011/01/04 17:20:02.0437 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
    2011/01/04 17:20:05.0359 Deinitialize success
     
  4. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    We just killed a rootkit, but we'll have to run some more scans to make sure, your computer is totally clean.

    Is redirection still there?

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.

    =====================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  5. Kevin562

    Kevin562 TS Rookie Topic Starter

    So far no redirection, but it doesn't happen all the time so I will keep look out for it. I have run the MBRCheck and have attached the logs. As for ComboFix, technically this computer is a work machine. It currently uses AVG Business edition, but I don't want to uninstall it until I make sure that there isn't going to be any licensing issue or anything on the reinstall. Is there another way to work around the Virus checker without an uninstall? Like running in Safe Mode? Otherwise I will figure everything out tomorrow with IT and run the program. Thanks again for your help.

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows XP Professional
    Windows Information: Service Pack 3 (build 2600)
    Logical Drives Mask: 0x0000001c

    Kernel Drivers (total 152):
    0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
    0x806E4000 \WINDOWS\system32\hal.dll
    0xB85A8000 \WINDOWS\system32\KDCOM.DLL
    0xB84B8000 \WINDOWS\system32\BOOTVID.dll
    0xB7EAA000 spvx.sys
    0xB85AA000 \WINDOWS\System32\Drivers\WMILIB.SYS
    0xB7E92000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
    0xB7E64000 ACPI.sys
    0xB7E53000 pci.sys
    0xB80A8000 isapnp.sys
    0xB84BC000 compbatt.sys
    0xB84C0000 \WINDOWS\system32\DRIVERS\BATTC.SYS
    0xB8670000 pciide.sys
    0xB8328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    0xB7E35000 pcmcia.sys
    0xB80B8000 MountMgr.sys
    0xB7E16000 ftdisk.sys
    0xB7DF0000 dmio.sys
    0xB8330000 PartMgr.sys
    0xB80C8000 VolSnap.sys
    0xB7DD8000 atapi.sys
    0xB80D8000 disk.sys
    0xB80E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    0xB7DB8000 fltmgr.sys
    0xB7DA1000 KSecDD.sys
    0xB7D14000 Ntfs.sys
    0xB7CE7000 NDIS.sys
    0xB80F8000 PBADRV.sys
    0xB8108000 ohci1394.sys
    0xB8118000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
    0xB7CCD000 Mup.sys
    0xB8128000 avgrkx86.sys
    0xB8148000 \SystemRoot\system32\DRIVERS\nic1394.sys
    0xB86F0000 \SystemRoot\system32\DRIVERS\idisw2km.sys
    0xB7538000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    0xB85EE000 \SystemRoot\system32\DRIVERS\kbstuff5.sys
    0xB8430000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0xB8438000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0xB8228000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0xB6F41000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
    0xB8440000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0xB6F1D000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0xB8448000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0xB6EF5000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0xB6CD9000 \SystemRoot\system32\DRIVERS\NETw4x32.sys
    0xB6CAE000 \SystemRoot\system32\DRIVERS\b57xp32.sys
    0xB8238000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0xB6C8A000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
    0xB8248000 \SystemRoot\system32\DRIVERS\serial.sys
    0xB7C8D000 \SystemRoot\system32\DRIVERS\serenum.sys
    0xB6C76000 \SystemRoot\system32\DRIVERS\parport.sys
    0xB8258000 \SystemRoot\system32\DRIVERS\imapi.sys
    0xB8268000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0xB8278000 \SystemRoot\system32\DRIVERS\redbook.sys
    0xB6C53000 \SystemRoot\system32\DRIVERS\ks.sys
    0xB6BEE000 \SystemRoot\System32\Drivers\ay5j28ac.SYS
    0xB8564000 \SystemRoot\system32\DRIVERS\CmBatt.sys
    0xB8568000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
    0xB872C000 \SystemRoot\system32\DRIVERS\UltraMonMirror.sys
    0xB872D000 \SystemRoot\system32\DRIVERS\audstub.sys
    0xB8288000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0xB856C000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0xB6BB5000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0xB8298000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0xB82A8000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0xB8498000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0xB6BA4000 \SystemRoot\system32\DRIVERS\psched.sys
    0xB82B8000 \SystemRoot\system32\DRIVERS\msgpc.sys
    0xB84A8000 \SystemRoot\system32\DRIVERS\ptilink.sys
    0xB84B0000 \SystemRoot\system32\DRIVERS\raspti.sys
    0xB6B74000 \SystemRoot\system32\DRIVERS\rdpdr.sys
    0xB82C8000 \SystemRoot\system32\DRIVERS\termdd.sys
    0xB85FC000 \SystemRoot\system32\DRIVERS\ikeyenum.sys
    0xB85FE000 \SystemRoot\system32\DRIVERS\swenum.sys
    0xB6AEE000 \SystemRoot\system32\DRIVERS\update.sys
    0xB8588000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0xB8340000 \SystemRoot\system32\DRIVERS\WaveFDE.sys
    0xB82D8000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0xB7CA5000 \SystemRoot\system32\DRIVERS\ikeyifd.sys
    0xB7CA1000 \SystemRoot\system32\DRIVERS\SMCLIB.SYS
    0xB82E8000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0xB8608000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0xB82F8000 \SystemRoot\system32\drivers\libusb0.sys
    0xB59A8000 \SystemRoot\system32\drivers\sthda.sys
    0xB5984000 \SystemRoot\system32\drivers\portcls.sys
    0xB8318000 \SystemRoot\system32\drivers\drmk.sys
    0xB596C000 \SystemRoot\system32\drivers\dxec01.sys
    0xB5938000 \SystemRoot\system32\DRIVERS\HSFHWAZL.sys
    0xB5846000 \SystemRoot\system32\DRIVERS\HSF_DPV.sys
    0xB5793000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
    0xB8378000 \SystemRoot\System32\Drivers\Modem.SYS
    0xB8558000 \SystemRoot\System32\Drivers\i2omgmt.SYS
    0xB8622000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0xB87F5000 \SystemRoot\System32\Drivers\Null.SYS
    0xB8624000 \SystemRoot\System32\Drivers\Beep.SYS
    0xB8398000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0xB83A0000 \SystemRoot\System32\drivers\vga.sys
    0xB8626000 \SystemRoot\System32\Drivers\mnmdd.SYS
    0xB8628000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0xB83A8000 \SystemRoot\System32\Drivers\Msfs.SYS
    0xB83B0000 \SystemRoot\System32\Drivers\Npfs.SYS
    0xB8560000 \SystemRoot\system32\DRIVERS\rasacd.sys
    0xB5738000 \SystemRoot\system32\DRIVERS\ipsec.sys
    0xB56DF000 \SystemRoot\system32\DRIVERS\tcpip.sys
    0xB56A5000 \SystemRoot\System32\Drivers\avgtdix.sys
    0xB567F000 \SystemRoot\system32\DRIVERS\ipnat.sys
    0xB8168000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0xB75DC000 \SystemRoot\system32\DRIVERS\arp1394.sys
    0xB5657000 \SystemRoot\system32\DRIVERS\netbt.sys
    0xB5635000 \SystemRoot\System32\drivers\afd.sys
    0xB75CC000 \SystemRoot\system32\DRIVERS\netbios.sys
    0xB560A000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0xB559A000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0xB75BC000 \SystemRoot\System32\Drivers\Fips.SYS
    0xB83B8000 \SystemRoot\System32\Drivers\avgmfx86.sys
    0xB54C6000 \SystemRoot\System32\Drivers\avgldx86.sys
    0xB83C8000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0xB759C000 \SystemRoot\System32\Drivers\oz776.sys
    0xB83D0000 \SystemRoot\System32\Drivers\LUsbFilt.Sys
    0xB757C000 \SystemRoot\System32\Drivers\WDFLDR.SYS
    0xB5423000 \SystemRoot\system32\DRIVERS\Wdf01000.sys
    0xB6AEA000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0xB756C000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0xB83D8000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys
    0xB6AE2000 \SystemRoot\system32\DRIVERS\kbdhid.sys
    0xB6ADE000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0xB83E0000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys
    0xB5777000 \SystemRoot\SYSTEM32\DRIVERS\APPDRV.SYS
    0xB754C000 \SystemRoot\System32\Drivers\Cdfs.SYS
    0xB540B000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0xB866C000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
    0xBF800000 \SystemRoot\System32\win32k.sys
    0xB54BE000 \SystemRoot\System32\drivers\Dxapi.sys
    0xB8400000 \SystemRoot\System32\watchdog.sys
    0xBD000000 \SystemRoot\System32\drivers\dxg.sys
    0xB879E000 \SystemRoot\System32\drivers\dxgthk.sys
    0xBD012000 \SystemRoot\System32\nv4_disp.dll
    0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
    0xB3DA3000 \SystemRoot\system32\DRIVERS\WavxDMgr.sys
    0xB8420000 \SystemRoot\system32\DRIVERS\AegisP.sys
    0xB3DEF000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0xB3DE3000 \SystemRoot\system32\DRIVERS\s24trans.sys
    0xB398E000 \SystemRoot\system32\DRIVERS\mrxdav.sys
    0xB861C000 \??\C:\Program Files\Broadcom\ASFIPMon\BASFND.sys
    0xB363E000 \SystemRoot\system32\DRIVERS\srv.sys
    0xB3796000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
    0xB3539000 \SystemRoot\system32\drivers\wdmaud.sys
    0xB374E000 \SystemRoot\system32\drivers\sysaudio.sys
    0xB3067000 \??\C:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys
    0xB24DC000 \SystemRoot\System32\Drivers\HTTP.sys
    0xB0760000 \SystemRoot\system32\drivers\kmixer.sys
    0x7C900000 \WINDOWS\system32\ntdll.dll

    Processes (total 86):
    0 System Idle Process
    4 System
    872 C:\WINDOWS\system32\smss.exe
    936 csrss.exe
    968 C:\WINDOWS\system32\winlogon.exe
    1012 C:\WINDOWS\system32\services.exe
    1024 C:\WINDOWS\system32\lsass.exe
    1196 C:\WINDOWS\system32\nvsvc32.exe
    1224 C:\WINDOWS\system32\svchost.exe
    1292 svchost.exe
    1540 C:\WINDOWS\system32\svchost.exe
    1664 C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    1700 svchost.exe
    1800 svchost.exe
    1992 C:\Program Files\AVG\AVG9\avgchsvx.exe
    2004 C:\Program Files\AVG\AVG9\avgrsx.exe
    136 C:\WINDOWS\system32\spoolsv.exe
    300 scardsvr.exe
    396 C:\Program Files\AVG\AVG9\avgcsrvx.exe
    696 svchost.exe
    732 C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
    772 C:\Program Files\AVG\AVG9\avgwdsvc.exe
    1216 C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    1752 C:\Program Files\AVG\AVG9\avgam.exe
    1836 C:\WINDOWS\system32\dklog.exe
    1852 C:\Program Files\AVG\AVG9\avgnsx.exe
    1916 C:\WINDOWS\system32\dkvcm.exe
    1792 C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    1168 C:\Program Files\Java\jre6\bin\jqs.exe
    1340 C:\WINDOWS\system32\libusbd-nt.exe
    1452 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    1748 sqlservr.exe
    2148 C:\Program Files\MySQL\MySQL Server 4.1\bin\mysqld-nt.exe
    2224 C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
    2360 C:\WINDOWS\explorer.exe
    2404 C:\WINDOWS\system32\svchost.exe
    2424 C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    2528 C:\SonyEricsson\JavaME_SDK_CLDC\OnDeviceDebug\lib\jsl.exe
    2716 sqlbrowser.exe
    2828 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    2912 C:\WINDOWS\system32\stacsv.exe
    3160 C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
    3320 C:\WINDOWS\system32\svchost.exe
    3468 tcsd_win32.exe
    3532 C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
    3956 C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
    3996 C:\WINDOWS\system32\dllhost.exe
    700 C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
    1504 C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
    1776 C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
    2244 C:\Program Files\UltraMon\UltraMon.exe
    2264 C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
    2288 wmiprvse.exe
    2312 C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    2656 C:\WINDOWS\system32\KADxMain.exe
    2964 C:\WINDOWS\system32\searchindexer.exe
    3172 C:\Program Files\GeoTrust\GeoTrust Token\iKey 2000 Series Software\dkAutoReg.exe
    2280 C:\Program Files\UltraMon\UltraMonTaskbar.exe
    3288 C:\Program Files\Apoint\Apoint.exe
    3308 wmiprvse.exe
    3512 C:\WINDOWS\system32\rundll32.exe
    3520 C:\WINDOWS\system32\rundll32.exe
    3584 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    3684 C:\PROGRA~1\AVG\AVG9\avgtray.exe
    3764 C:\WINDOWS\system32\ctfmon.exe
    2860 C:\Program Files\Digital Line Detect\DLG.exe
    2296 C:\Program Files\Logitech\SetPoint\SetPoint.exe
    3208 C:\Program Files\Apoint\ApMsgFwd.exe
    3508 C:\WINDOWS\system32\CCM\clicomp\RemCtrl\Wuser32.exe
    3612 C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    3664 C:\WINDOWS\system32\CCM\CcmExec.exe
    3868 C:\Documents and Settings\ksmith\Application Data\Dropbox\bin\Dropbox.exe
    4088 C:\Program Files\Apoint\hidfind.exe
    1624 C:\WINDOWS\system32\dkcktkn.exe
    1608 C:\Program Files\Apoint\ApntEx.exe
    5104 C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
    6092 C:\WINDOWS\system32\dllhost.exe
    4368 alg.exe
    4808 msdtc.exe
    5276 wmiprvse.exe
    5680 wmiprvse.exe
    5100 C:\Program Files\AVG\AVG9\avgcsrvx.exe
    4576 C:\Program Files\Synergy\synergys.exe
    1028 searchfilterhost.exe
    1076 C:\WINDOWS\system32\searchprotocolhost.exe
    5824 C:\Documents and Settings\ksmith\Desktop\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`05e21800 (NTFS)

    PhysicalDrive0 Model Number: ST9120823ASG, Rev: 3.ADD

    Size Device Name MBR Status
    --------------------------------------------
    111 GB \\.\PhysicalDrive0 Windows XP MBR code detected
    SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


    Done!
     
  6. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Unfortunately, in case of AVG, there is no other way, but to uninstall it, run my tools and reinstall it, when we're done.
     
  7. Kevin562

    Kevin562 TS Rookie Topic Starter

    Ok I just uninstalled it. I'm sure we have the license key around here somewhere and I'm not going to use this machine tonight. It is for the greater good. :) here are the logs

    ComboFix 11-01-04.02 - ksmith 01/04/2011 18:58:54.1.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1494 [GMT -8:00]
    Running from: c:\documents and settings\ksmith\Desktop\ComboFix.exe
    .
    ADS - WINDOWS: deleted 24 bytes in 1 streams.

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\popcinfot.dat
    c:\windows\system32\kill.exe
    c:\windows\system32\Temp

    .
    ((((((((((((((((((((((((( Files Created from 2010-12-05 to 2011-01-05 )))))))))))))))))))))))))))))))
    .

    2011-01-04 23:51 . 2011-01-04 23:51 -------- d-sh--w- c:\documents and settings\ksmith\IECompatCache
    2011-01-04 19:31 . 2010-11-13 02:53 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-01-04 19:31 . 2010-11-13 02:53 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
    2011-01-03 21:45 . 2011-01-03 23:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2011-01-03 21:45 . 2011-01-03 21:47 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2010-12-30 01:52 . 2010-12-30 01:52 -------- d-----w- C:\TDSSKiller_Quarantine
    2010-12-29 20:09 . 2010-12-29 20:09 -------- d-----w- c:\documents and settings\ksmith\Application Data\Malwarebytes
    2010-12-29 20:09 . 2010-12-21 02:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-12-29 20:09 . 2010-12-29 20:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-12-29 20:09 . 2010-12-21 02:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-12-29 01:10 . 2010-12-29 01:11 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
    2010-12-28 19:57 . 2010-12-28 19:57 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2010-12-28 19:49 . 2010-12-28 19:49 -------- d-----w- c:\documents and settings\ksmith\Local Settings\Application Data\Sunbelt Software
    2010-12-28 19:48 . 2010-12-28 19:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
    2010-12-15 20:47 . 2010-11-02 15:17 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
    2010-12-15 20:47 . 2010-10-11 14:59 45568 ------w- c:\windows\system32\dllcache\wab.exe

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-01-05 03:05 . 2008-06-04 19:13 0 ----a-w- c:\documents and settings\ksmith\Local Settings\Application Data\WavXMapDrive.bat
    2010-11-18 18:12 . 2004-08-11 22:12 81920 ----a-w- c:\windows\system32\isign32.dll
    2010-11-13 00:34 . 2008-05-31 11:03 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2010-11-06 00:26 . 2004-08-11 22:00 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-11-06 00:26 . 2004-08-11 22:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-11-06 00:26 . 2004-08-11 22:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2010-11-03 12:25 . 2004-08-11 22:00 385024 ----a-w- c:\windows\system32\html.iec
    2010-11-02 15:17 . 2004-08-11 22:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
    2010-10-28 13:13 . 2004-08-11 22:00 290048 ----a-w- c:\windows\system32\atmfd.dll
    2010-10-26 13:25 . 2004-08-11 22:00 1853312 ----a-w- c:\windows\system32\win32k.sys
    2000-06-06 00:47 . 2009-06-17 20:11 32768 ----a-w- c:\program files\mozilla firefox\plugins\AppSub32.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
    @="{C5994560-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
    2008-01-17 00:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
    @="{C5994561-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
    2008-01-17 00:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
    @="{C5994562-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
    2008-01-17 00:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
    @="{C5994563-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
    2008-01-17 00:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
    @="{C5994564-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
    2008-01-17 00:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
    @="{C5994565-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
    2008-01-17 00:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
    @="{C5994566-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
    2008-01-17 00:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
    @="{C5994567-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
    2008-01-17 00:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
    @="{C5994568-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
    2008-01-17 00:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2009-12-09 01:19 94208 ----a-w- c:\documents and settings\ksmith\Application Data\Dropbox\bin\DropboxExt.13.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2009-12-09 01:19 94208 ----a-w- c:\documents and settings\ksmith\Application Data\Dropbox\bin\DropboxExt.13.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2009-12-09 01:19 94208 ----a-w- c:\documents and settings\ksmith\Application Data\Dropbox\bin\DropboxExt.13.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-07-25 823296]
    "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-07-25 974848]
    "WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2007-09-10 92160]
    "VaCtrl"="c:\program files\VoiceAge\Common\VaCtrl.exe" [2003-08-28 90112]
    "UltraMon"="c:\program files\UltraMon\UltraMon.exe" [2006-10-13 304640]
    "SecureUpgrade"="c:\program files\Wave Systems Corp\SecureUpgrade.exe" [2007-09-14 218424]
    "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2007-09-17 124200]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
    "KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]
    "DkStartup"="c:\program files\GeoTrust\GeoTrust Token\iKey 2000 Series Software\DkStartup.exe" [2005-03-18 217088]
    "DkAutoReg.exe"="c:\program files\GeoTrust\GeoTrust Token\iKey 2000 Series Software\DkAutoReg.exe" [2005-03-18 245760]
    "Apoint"="c:\program files\Apoint\Apoint.exe" [2007-01-25 159744]
    "nwiz"="nwiz.exe" [2009-03-11 1657376]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-11 13594624]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-11 86016]
    "NVHotkey"="nvHotkey.dll" [2009-03-11 90112]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

    c:\documents and settings\ksmith.MFORMA\Start Menu\Programs\Startup\
    Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
    Dropbox.lnk - c:\documents and settings\ksmith\Application Data\Dropbox\bin\Dropbox.exe [2010-2-25 21979992]

    c:\documents and settings\ksmith\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\documents and settings\ksmith\Application Data\Dropbox\bin\Dropbox.exe [2010-2-25 21979992]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-5-31 50688]
    Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-6-19 805392]
    Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DkWLNP]
    2005-03-18 21:05 61440 ----a-w- c:\windows\system32\DkWLNP.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gemsafe]
    2006-11-16 20:20 73728 ----a-w- c:\program files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
    2008-05-02 09:42 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=""

    [HKLM\~\startupfolder\C:^Documents and Settings^ksmith.MFORMA^Start Menu^Programs^Startup^Connection Proxy.lnk]
    path=c:\documents and settings\ksmith.MFORMA\Start Menu\Programs\Startup\Connection Proxy.lnk
    backup=c:\windows\pss\Connection Proxy.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2010-09-24 09:15 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
    2008-02-22 11:30 217544 ----a-w- c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-08-10 12:15 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
    2008-12-09 10:12 234856 ----a-w- c:\program files\TomTom HOME 2\HOMERunner.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=
    "c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\Synergy\\synergys.exe"=
    "c:\\Documents and Settings\\ksmith\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
    "c:\\Program Files\\JetBrains\\IntelliJ IDEA 9.0\\bin\\idea.exe"=
    "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
    "c:\\Program Files\\Trillian\\trillian.exe"=

    R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [11/19/2008 3:30 PM 716272]
    R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [12/19/2006 11:21 AM 79432]
    R2 DkVcm;Datakey's Virtual Channel Monitor;c:\windows\system32\dkvcm.exe [3/18/2005 1:05 PM 122880]
    R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
    R2 MSSQL$MYMOVIES;SQL Server (MYMOVIES);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [5/27/2009 2:27 AM 29262680]
    R2 SEMC_SDK_Service;SEMC SDK Service;c:\sonyericsson\JavaME_SDK_CLDC\OnDeviceDebug\lib\jsl.exe [10/21/2008 1:00 AM 49152]
    R2 UltraMonUtility;UltraMon Utility Driver;c:\program files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [9/24/2006 8:22 PM 11776]
    R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [8/11/2004 2:00 PM 5120]
    R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [11/2/2006 9:32 AM 97536]
    R3 iKeyEnum;Rainbow iKey Enumerator;c:\windows\system32\drivers\IKEYENUM.SYS [7/16/2008 9:46 AM 12480]
    R3 iKeyIFD;Rainbow iKey Virtual Reader;c:\windows\system32\drivers\IKEYIFD.SYS [7/16/2008 9:46 AM 19232]
    R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [9/1/2008 10:46 AM 33792]
    R3 UltraMonMirror;UltraMonMirror;c:\windows\system32\drivers\UltraMonMirror.sys [9/24/2006 8:23 PM 3584]
    S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
    S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [8/31/2008 1:05 PM 42112]
    S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [8/2/2005 1:10 PM 32512]
    S3 RnbToken;Rainbow iKey Token Service;c:\windows\system32\drivers\RNBTOKEN.SYS [7/16/2008 9:46 AM 22304]
    S3 Smcinst;Symantec Auto-upgrade Agent;c:\program files\Symantec\Symantec Endpoint Protection\SmcLU\Setup\smcinst.exe --> c:\program files\Symantec\Symantec Endpoint Protection\SmcLU\Setup\smcinst.exe [?]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    .
    Contents of the 'Scheduled Tasks' folder
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.msn.com
    mStart Page = hxxp://www.msn.com
    FF - ProfilePath - c:\documents and settings\ksmith\Application Data\Mozilla\Firefox\Profiles\8n2yi5up.default\
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    .
    - - - - ORPHANS REMOVED - - - -

    Toolbar-Locked - (no file)
    HKLM-Run-SigmatelSysTrayApp - %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-01-04 19:07
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]
    "ImagePath"="\"c:\program files\MySQL\MySQL Server 4.1\bin\mysqld-nt\" --defaults-file=\"c:\program files\MySQL\MySQL Server 4.1\my.ini\" MySQL"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(960)
    c:\windows\system32\DkWLNP.dll
    c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
    c:\program files\common files\logishrd\bluetooth\LBTServ.dll

    - - - - - - - > 'explorer.exe'(4488)
    c:\windows\system32\WININET.dll
    c:\program files\UltraMon\RTSUltraMonHook.dll
    c:\program files\Logitech\SetPoint\lgscroll.dll
    c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
    c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    c:\program files\TortoiseSVN\bin\TortoiseStub.dll
    c:\program files\TortoiseSVN\bin\TortoiseSVN.dll
    c:\program files\TortoiseSVN\bin\intl3_tsvn.dll
    c:\documents and settings\ksmith\Application Data\Dropbox\bin\DropboxExt.13.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\program files\UltraMon\Resources\en\RTSUltraMonHookRes.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\nvsvc32.exe
    c:\program files\Intel\Wireless\Bin\S24EvMon.exe
    c:\windows\System32\SCardSvr.exe
    c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
    c:\windows\System32\DkLog.exe
    c:\program files\Intel\Wireless\Bin\EvtEng.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\windows\system32\libusbd-nt.exe
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\program files\MySQL\MySQL Server 4.1\bin\mysqld-nt.exe
    c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
    c:\program files\TortoiseSVN\bin\TSVNCache.exe
    c:\program files\Intel\Wireless\Bin\RegSrvc.exe
    c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    c:\windows\system32\StacSV.exe
    c:\program files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
    c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
    c:\windows\system32\RUNDLL32.EXE
    c:\windows\system32\rundll32.exe
    c:\program files\Apoint\ApMsgFwd.exe
    c:\program files\Apoint\HidFind.exe
    c:\program files\Intel\Wireless\Bin\WLKeeper.exe
    c:\program files\Apoint\Apntex.exe
    c:\windows\system32\SearchIndexer.exe
    c:\windows\system32\wscntfy.exe
    c:\windows\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe
    c:\windows\system32\CCM\CcmExec.exe
    c:\windows\System32\dkcktkn.exe
    c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    c:\windows\system32\msiexec.exe
    c:\windows\system32\msdtc.exe
    c:\program files\UltraMon\UltraMonTaskbar.exe
    .
    **************************************************************************
    .
    Completion time: 2011-01-04 19:10:31 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-01-05 03:10

    Pre-Run: 33,574,379,520 bytes free
    Post-Run: 34,074,324,992 bytes free

    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

    - - End Of File - - DBB0D5B8557E66CEE5E12E7AD120DF21
     
  8. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Good, we ran it.
    kill.exe is a backdoor trojan.

    Combofix log looks good now :)

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  9. Kevin562

    Kevin562 TS Rookie Topic Starter

    Hi,
    Back at it. Here are the logs you requested: OTL.txt was too long to post so I cut it into parts:

    OTL logfile created on: 1/5/2011 12:11:33 PM - Run 1
    OTL by OldTimer - Version 3.2.20.1 Folder = C:\Documents and Settings\ksmith\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 63.00% Memory free
    4.00 Gb Paging File | 3.00 Gb Available in Paging File | 80.00% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 111.69 Gb Total Space | 31.56 Gb Free Space | 28.26% Space Free | Partition Type: NTFS

    Computer Name: SD-KSMITH1 | User Name: ksmith | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/01/05 12:08:12 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
    PRC - [2011/01/05 12:08:12 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
    PRC - [2011/01/05 12:08:12 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
    PRC - [2011/01/05 12:08:11 | 000,725,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
    PRC - [2011/01/05 12:08:08 | 002,069,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
    PRC - [2011/01/05 12:08:07 | 000,842,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgam.exe
    PRC - [2011/01/05 12:08:03 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
    PRC - [2011/01/05 12:07:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ksmith\Desktop\OTL.exe
    PRC - [2010/02/25 21:10:20 | 021,979,992 | ---- | M] () -- C:\Documents and Settings\ksmith\Application Data\Dropbox\bin\Dropbox.exe
    PRC - [2008/10/21 01:00:18 | 000,049,152 | ---- | M] () -- C:\SonyEricsson\JavaME_SDK_CLDC\OnDeviceDebug\lib\jsl.exe
    PRC - [2008/07/31 16:26:40 | 000,575,488 | ---- | M] (http://tortoisesvn.net) -- C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
    PRC - [2008/05/02 01:44:08 | 000,805,392 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
    PRC - [2008/05/02 01:40:56 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
    PRC - [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2008/02/22 09:40:20 | 000,475,136 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
    PRC - [2007/12/05 14:24:44 | 000,094,208 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\stacsv.exe
    PRC - [2007/11/08 19:50:10 | 001,552,384 | ---- | M] () -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
    PRC - [2007/09/17 08:56:08 | 000,124,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    PRC - [2007/09/14 07:53:16 | 000,218,424 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
    PRC - [2007/09/10 06:55:04 | 000,092,160 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
    PRC - [2007/09/07 14:29:04 | 000,737,280 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
    PRC - [2007/07/25 13:41:42 | 000,647,168 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    PRC - [2007/07/25 13:32:50 | 000,823,296 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
    PRC - [2007/07/25 13:32:34 | 000,294,912 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
    PRC - [2007/07/25 13:30:36 | 000,974,848 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
    PRC - [2007/07/25 13:29:38 | 000,987,136 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    PRC - [2007/07/25 13:22:44 | 000,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    PRC - [2007/01/29 01:07:18 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApMsgFwd.exe
    PRC - [2007/01/24 23:34:22 | 000,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
    PRC - [2006/12/21 16:09:00 | 000,913,408 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    PRC - [2006/12/19 11:21:48 | 000,079,432 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
    PRC - [2006/11/03 15:02:14 | 000,050,688 | ---- | M] (Avanquest Software ) -- C:\Program Files\Digital Line Detect\DLG.exe
    PRC - [2006/11/02 11:05:50 | 000,282,624 | ---- | M] (Knowles Acoustics) -- C:\WINDOWS\system32\KADxMain.exe
    PRC - [2006/10/12 20:27:40 | 000,257,536 | ---- | M] (Realtime Soft) -- C:\Program Files\UltraMon\UltraMonTaskbar.exe
    PRC - [2006/10/12 20:27:20 | 000,304,640 | ---- | M] (Realtime Soft) -- C:\Program Files\UltraMon\UltraMon.exe
    PRC - [2006/09/07 21:10:22 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\hidfind.exe
    PRC - [2006/09/07 21:06:08 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
    PRC - [2006/07/19 19:46:54 | 003,600,384 | ---- | M] () -- C:\Program Files\MySQL\MySQL Server 4.1\bin\mysqld-nt.exe
    PRC - [2006/04/02 12:20:16 | 000,733,184 | ---- | M] () -- C:\Program Files\Synergy\synergys.exe
    PRC - [2006/02/09 01:50:00 | 000,578,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\CCM\CcmExec.exe
    PRC - [2006/02/09 01:50:00 | 000,248,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\CCM\clicomp\RemCtrl\Wuser32.exe
    PRC - [2005/03/18 13:05:36 | 000,122,880 | ---- | M] (Datakey, Inc.) -- C:\WINDOWS\system32\dkvcm.exe
    PRC - [2005/03/18 12:58:38 | 000,245,760 | ---- | M] (Datakey, Inc.) -- C:\Program Files\GeoTrust\GeoTrust Token\iKey 2000 Series Software\dkAutoReg.exe
    PRC - [2005/03/18 12:57:04 | 000,729,088 | ---- | M] (Datakey, Inc.) -- C:\WINDOWS\system32\dkcktkn.exe
    PRC - [2005/03/18 12:50:36 | 000,106,496 | ---- | M] (Datakey, Inc.) -- C:\WINDOWS\system32\dklog.exe
    PRC - [2005/03/09 19:50:18 | 000,018,944 | ---- | M] (http://libusb-win32.sourceforge.net) -- C:\WINDOWS\system32\libusbd-nt.exe


    ========== Modules (SafeList) ==========

    MOD - [2011/01/05 12:07:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ksmith\Desktop\OTL.exe
    MOD - [2010/08/23 08:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
    MOD - [2009/07/12 01:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
    MOD - [2008/05/02 01:42:50 | 000,045,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\lgscroll.dll
    MOD - [2006/10/12 20:26:26 | 000,198,144 | ---- | M] (Realtime Soft) -- C:\Program Files\UltraMon\RTSUltraMonHook.dll
    MOD - [2006/04/02 12:20:00 | 000,024,576 | ---- | M] () -- C:\Program Files\Synergy\synrgyhk.dll
    MOD - [2005/06/10 11:30:56 | 000,002,560 | ---- | M] (Realtime Soft) -- C:\Program Files\UltraMon\Resources\en\RTSUltraMonHookRes.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcLU\Setup\smcinst.exe -- (Smcinst)
    SRV - [2011/01/05 12:08:03 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
    SRV - [2009/03/20 19:10:15 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
    SRV - [2008/10/21 01:00:18 | 000,049,152 | ---- | M] () [Auto | Running] -- C:\SonyEricsson\JavaME_SDK_CLDC\OnDeviceDebug\lib\jsl.exe -- (SEMC_SDK_Service)
    SRV - [2008/05/02 01:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
    SRV - [2008/02/22 09:40:20 | 000,475,136 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)
    SRV - [2007/12/05 14:24:44 | 000,094,208 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\WINDOWS\system32\stacsv.exe -- (STacSV)
    SRV - [2007/11/08 19:50:10 | 001,552,384 | ---- | M] () [Auto | Running] -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)
    SRV - [2007/09/13 11:31:44 | 000,192,512 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Wave Systems Corp\Authentication Manager\WaveEnrollmentService.exe -- (WaveEnrollmentService)
    SRV - [2007/09/07 14:29:04 | 000,737,280 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe -- (TdmService)
    SRV - [2007/08/31 14:39:18 | 000,486,400 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
    SRV - [2007/07/25 13:41:42 | 000,647,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel(R)
    SRV - [2007/07/25 13:32:34 | 000,294,912 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel(R)
    SRV - [2007/07/25 13:29:38 | 000,987,136 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel(R)
    SRV - [2007/07/25 13:22:44 | 000,327,680 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel(R)
    SRV - [2006/12/21 16:09:00 | 000,913,408 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
    SRV - [2006/12/19 11:21:48 | 000,079,432 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe -- (ASFIPmon)
    SRV - [2006/07/19 19:46:54 | 003,600,384 | ---- | M] () [Auto | Running] -- C:\Program Files\MySQL\MySQL Server 4.1\bin\mysqld-nt.exe -- (MySQL)
    SRV - [2006/02/09 01:50:00 | 000,578,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\CCM\CcmExec.exe -- (CcmExec)
    SRV - [2006/02/09 01:50:00 | 000,248,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\CCM\clicomp\RemCtrl\Wuser32.exe -- (Wuser32)
    SRV - [2005/11/14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
    SRV - [2005/08/02 13:18:49 | 000,086,016 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
    SRV - [2005/03/18 13:05:36 | 000,122,880 | ---- | M] (Datakey, Inc.) [Auto | Running] -- C:\WINDOWS\system32\dkvcm.exe -- (DkVcm)
    SRV - [2005/03/18 12:57:04 | 000,729,088 | ---- | M] (Datakey, Inc.) [Auto | Running] -- C:\WINDOWS\system32\dkcktkn.exe -- (DkTknSrv)
    SRV - [2005/03/18 12:50:36 | 000,106,496 | ---- | M] (Datakey, Inc.) [Auto | Running] -- C:\WINDOWS\system32\dklog.exe -- (DkLogger)
    SRV - [2005/03/09 19:50:18 | 000,018,944 | ---- | M] (http://libusb-win32.sourceforge.net) [Auto | Running] -- C:\WINDOWS\system32\libusbd-nt.exe -- (libusbd)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys -- (Lavasoft Kernexplorer)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
    DRV - [2011/01/05 12:08:41 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)
    DRV - [2011/01/05 12:08:41 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\System32\Drivers\avgrkx86.sys -- (AvgRkx86)
    DRV - [2011/01/05 12:08:34 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
    DRV - [2011/01/05 12:08:32 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
    DRV - [2009/03/11 14:04:00 | 006,251,168 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
    DRV - [2008/11/19 15:30:10 | 000,716,272 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
    DRV - [2008/04/13 10:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
    DRV - [2008/04/13 10:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
    DRV - [2008/04/13 10:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
    DRV - [2008/04/13 10:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
    DRV - [2008/04/13 08:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
    DRV - [2008/02/29 02:13:46 | 000,028,944 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
    DRV - [2008/02/29 02:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
    DRV - [2008/02/29 02:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
    DRV - [2007/12/05 14:24:44 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
    DRV - [2007/12/02 15:26:22 | 000,989,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
    DRV - [2007/12/02 15:26:20 | 000,731,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
    DRV - [2007/12/02 15:26:20 | 000,211,200 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
    DRV - [2007/11/28 13:18:24 | 000,062,208 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\oz776.sys -- (guardian2)
    DRV - [2007/10/10 16:41:50 | 000,042,112 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motodrv.sys -- (MotDev)
    DRV - [2007/09/10 06:55:00 | 000,161,280 | ---- | M] (Wave Systems Corp.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\WavxDMgr.sys -- (WavxDMgr)
    DRV - [2007/09/07 06:57:14 | 000,026,608 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\PBADRV.sys -- (PBADRV)
    DRV - [2007/09/06 06:18:40 | 000,018,176 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WaveFDE.sys -- (WaveFDE)
    DRV - [2007/08/12 15:05:34 | 002,211,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel(R)
    DRV - [2007/05/29 12:29:30 | 000,012,416 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
    DRV - [2007/03/12 20:26:06 | 000,160,256 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
    DRV - [2007/02/17 03:00:42 | 000,132,608 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
    DRV - [2006/12/19 11:21:52 | 000,010,480 | ---- | M] (Broadcom Corporation) [Kernel | Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\BASFND.sys -- (BASFND)
    DRV - [2006/11/02 09:32:32 | 000,097,536 | ---- | M] (Knowles Acoustics) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dxec01.sys -- (DXEC01)
    DRV - [2006/09/26 08:28:06 | 000,022,304 | ---- | M] (SafeNet, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RNBTOKEN.SYS -- (RnbToken)
    DRV - [2006/09/26 08:28:04 | 000,019,232 | ---- | M] (SafeNet, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IKEYIFD.SYS -- (iKeyIFD)
    DRV - [2006/09/26 08:28:04 | 000,012,480 | ---- | M] (SafeNet, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IKEYENUM.SYS -- (iKeyEnum)
    DRV - [2006/09/24 20:23:14 | 000,003,584 | ---- | M] (Realtime Soft) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\UltraMonMirror.sys -- (UltraMonMirror)
    DRV - [2006/09/24 20:22:52 | 000,011,776 | ---- | M] (Realtime Soft) [Kernel | Auto | Running] -- C:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys -- (UltraMonUtility)
    DRV - [2006/02/09 01:50:00 | 000,020,704 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CCM\PrepDrv.sys -- (prepdrvr)
    DRV - [2006/02/09 01:50:00 | 000,011,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\kbstuff5.sys -- (kbstuff)
    DRV - [2006/02/09 01:50:00 | 000,008,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\idisw2km.sys -- (idisw2km)
    DRV - [2005/08/12 13:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
    DRV - [2005/08/02 13:10:13 | 000,032,512 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
    DRV - [2005/03/09 19:50:16 | 000,033,792 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\libusb0.sys -- (libusb0)
    DRV - [2004/03/23 18:12:34 | 000,017,280 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\nsndis5.sys -- (NSNDIS5)
    DRV - [2001/08/17 11:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
    DRV - [2001/08/17 11:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
    DRV - [2001/08/17 11:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
    DRV - [2001/08/17 11:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
    DRV - [2001/08/17 11:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
    DRV - [2001/08/17 10:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
    DRV - [2001/08/17 10:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
    DRV - [2001/08/17 10:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
    DRV - [2001/08/17 10:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
    DRV - [2001/08/17 10:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
    DRV - [2001/08/17 10:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
    DRV - [2001/08/17 10:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
    DRV - [2001/08/17 10:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
    DRV - [2001/08/17 10:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
    DRV - [2001/08/17 10:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.live.com [binary data]
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = www.live.com [binary data]
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3080531
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3080531

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.live.com [binary data]
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
    FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

    FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2011/01/05 12:08:03 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/04 15:58:21 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/01/04 15:58:13 | 000,000,000 | ---D | M]

    [2011/01/04 15:58:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ksmith\Application Data\Mozilla\Extensions
    [2011/01/04 16:11:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ksmith\Application Data\Mozilla\Firefox\Profiles\8n2yi5up.default\extensions
    [2011/01/04 16:00:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\ksmith\Application Data\Mozilla\Firefox\Profiles\8n2yi5up.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2010/09/24 13:53:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ksmith\Application Data\Mozilla\Firefox\Profiles\p6tll1fk.default\extensions
    [2010/09/24 13:53:05 | 000,000,000 | ---D | M] (Coupon Manager) -- C:\Documents and Settings\ksmith\Application Data\Mozilla\Firefox\Profiles\p6tll1fk.default\extensions\{0C7E3F01-99E9-4095-9BDC-F84724960B57}
    [2010/09/24 13:53:05 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\ksmith\Application Data\Mozilla\Firefox\Profiles\p6tll1fk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2010/09/24 13:53:05 | 000,000,000 | ---D | M] (SwitchProxy Tool) -- C:\Documents and Settings\ksmith\Application Data\Mozilla\Firefox\Profiles\p6tll1fk.default\extensions\{27A2FD41-CB23-4518-AB5C-C25BAFFDE531}
    [2010/09/24 13:53:05 | 000,000,000 | ---D | M] (Flashblock) -- C:\Documents and Settings\ksmith\Application Data\Mozilla\Firefox\Profiles\p6tll1fk.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
    [2010/09/24 13:53:05 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Documents and Settings\ksmith\Application Data\Mozilla\Firefox\Profiles\p6tll1fk.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
    [2010/09/24 13:53:04 | 000,000,000 | ---D | M] (Woot Watcher) -- C:\Documents and Settings\ksmith\Application Data\Mozilla\Firefox\Profiles\p6tll1fk.default\extensions\{a92aadf8-193f-4a62-8740-5cce81775afc}
    [2010/09/24 13:53:03 | 000,000,000 | ---D | M] (wmlbrowser) -- C:\Documents and Settings\ksmith\Application Data\Mozilla\Firefox\Profiles\p6tll1fk.default\extensions\{c4dc572a-3295-40eb-b30f-b54aa4cdc4b7}
    [2011/01/04 16:09:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2010/05/22 10:03:08 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
    [2011/01/04 11:31:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    [2011/01/05 12:08:03 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG9\FIREFOX
    [2010/03/11 08:23:30 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
    [2000/06/05 16:47:00 | 000,032,768 | ---- | M] (Internet Pictures Corp.) -- C:\Program Files\Mozilla Firefox\plugins\AppSub32.dll
    [2009/11/19 13:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
    [2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
    [2000/06/05 16:48:00 | 000,098,304 | ---- | M] (Internet Pictures Corp.) -- C:\Program Files\Mozilla Firefox\plugins\NpIpx32.dll
    [2009/11/19 13:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll

    O1 HOSTS File: ([2011/01/04 19:05:38 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll (TechSmith Corporation)
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
    O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll (TechSmith Corporation)
    O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
    O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [DkAutoReg.exe] C:\Program Files\GeoTrust\GeoTrust Token\iKey 2000 Series Software\dkAutoReg.exe (Datakey, Inc.)
    O4 - HKLM..\Run: [DkStartup] C:\Program Files\GeoTrust\GeoTrust Token\iKey 2000 Series Software\DkStartup.exe (Datakey, Inc.)
    O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
    O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
    O4 - HKLM..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe (Knowles Acoustics)
    O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
    O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
    O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
    O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [SecureUpgrade] C:\Program Files\Wave Systems Corp\SecureUpgrade.exe (Wave Systems Corp.)
    O4 - HKLM..\Run: [UltraMon] C:\Program Files\UltraMon\UltraMon.exe (Realtime Soft)
    O4 - HKLM..\Run: [VaCtrl] C:\Program Files\VoiceAge\Common\VaCtrl.exe (VoiceAge Corporation)
    O4 - HKLM..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe (Wave Systems Corp.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
    O4 - Startup: C:\Documents and Settings\ksmith\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\ksmith\Application Data\Dropbox\bin\Dropbox.exe ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab (Office Genuine Advantage Validation Tool)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1261861118671 (WUWebControl Class)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1274492011630 (MUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
    O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.120.120.1
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
    O20 - Winlogon\Notify\DkWLNP: DllName - DkWLNP.dll - C:\WINDOWS\System32\DkWLNP.dll (Datakey, Inc.)
    O20 - Winlogon\Notify\gemsafe: DllName - C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll - C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll (Gemplus)
    O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
    O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
    O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
    O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2004/08/11 14:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: msacm.VaAcelpNet - C:\Program Files\VoiceAge\Common\VaAcelpNet.acm (VoiceAge Corporation)
    Drivers32: msacm.VaAmrNbF - C:\Program Files\VoiceAge\Common\VaAmrNbF.acm (VoiceAge Corporation)
    Drivers32: msacm.VaAmrNbV - C:\Program Files\VoiceAge\Common\VaAmrNbV.acm (VoiceAge Corporation)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
    Drivers32: vidc.tscc - C:\WINDOWS\System32\tsccvid.dll (TechSmith Corporation)
    Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point (5318664161067008)

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/01/05 12:08:42 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
    [2011/01/05 12:08:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 9.0
    [2011/01/05 12:08:41 | 000,243,024 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
    [2011/01/05 12:08:41 | 000,052,872 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
    [2011/01/05 12:08:34 | 000,216,400 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
    [2011/01/05 12:08:32 | 000,029,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
    [2011/01/05 12:08:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
    [2011/01/05 12:08:19 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\ksmith\Desktop\OTL.exe
    [2011/01/04 18:53:56 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2011/01/04 18:51:23 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2011/01/04 18:51:23 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2011/01/04 18:51:23 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2011/01/04 18:51:23 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2011/01/04 18:51:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2011/01/04 18:50:50 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/01/04 15:58:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox
    [2011/01/04 15:51:25 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\ksmith\IECompatCache
    [2011/01/04 11:31:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
    [2011/01/03 13:45:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
    [2011/01/03 13:45:30 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
    [2011/01/03 13:45:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    [2010/12/29 17:52:13 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
    [2010/12/29 17:28:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
    [2010/12/29 16:08:54 | 001,345,624 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\ksmith\Desktop\TDSSKiller.exe
    [2010/12/29 12:09:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ksmith\Application Data\Malwarebytes
    [2010/12/29 12:09:45 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/12/29 12:09:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2010/12/29 12:09:42 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010/12/29 12:09:42 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2010/12/29 11:56:33 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\ksmith\Recent
    [2010/12/28 17:10:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
    [2010/12/28 13:24:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
    [2010/12/28 13:24:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
    [2010/12/28 11:57:45 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
    [2010/12/28 11:49:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ksmith\Local Settings\Application Data\Sunbelt Software
    [2010/12/28 11:48:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
    [2010/12/27 16:58:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
    [2010/12/27 16:58:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe

    ========== Files - Modified Within 30 Days ==========

    [2011/01/05 12:10:18 | 069,768,670 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
    [2011/01/05 12:08:42 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
    [2011/01/05 12:08:42 | 000,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 9.0.lnk
    [2011/01/05 12:08:41 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
    [2011/01/05 12:08:41 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
    [2011/01/05 12:08:34 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
    [2011/01/05 12:08:32 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
    [2011/01/05 12:08:32 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
    [2011/01/05 12:07:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ksmith\Desktop\OTL.exe
    [2011/01/05 12:02:18 | 000,214,078 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
    [2011/01/05 12:02:14 | 000,254,278 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
    [2011/01/05 12:02:11 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\ksmith\Local Settings\Application Data\WavXMapDrive.bat
    [2011/01/05 12:02:07 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2011/01/05 11:58:04 | 000,000,496 | ---- | M] () -- C:\WINDOWS\smscfg.ini
    [2011/01/05 11:57:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2011/01/05 11:57:05 | 2145,349,632 | -HS- | M] () -- C:\hiberfil.sys
    [2011/01/04 19:05:38 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2011/01/04 18:54:06 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2011/01/04 18:09:57 | 004,013,176 | R--- | M] () -- C:\Documents and Settings\ksmith\Desktop\ComboFix.exe
    [2011/01/04 18:09:13 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\ksmith\Desktop\MBRCheck.exe
    [2011/01/04 15:58:15 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\ksmith\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2011/01/04 15:58:15 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
    [2011/01/04 15:48:04 | 000,009,060 | ---- | M] () -- C:\Documents and Settings\ksmith\My Documents\password-export-2011-01-04.xml
    [2011/01/04 15:47:26 | 000,036,451 | ---- | M] () -- C:\Documents and Settings\ksmith\My Documents\bookmarks.html
    [2011/01/03 13:45:36 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\ksmith\Desktop\Spybot - Search & Destroy.lnk
    [2010/12/29 17:28:09 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2010/12/29 12:49:41 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\ksmith\My Documents\TicketFight.doc
    [2010/12/29 12:09:46 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/12/29 11:04:31 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\ksmith\My Documents\~$cketFight.doc
    [2010/12/28 11:57:45 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
    [2010/12/27 18:57:21 | 000,000,211 | ---- | M] () -- C:\Boot.bak
    [2010/12/22 16:49:08 | 000,042,496 | ---- | M] () -- C:\Documents and Settings\ksmith\My Documents\KevinSmithTimeSheet_12_24.xls
    [2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010/12/16 17:29:26 | 000,044,000 | ---- | M] () -- C:\Documents and Settings\ksmith\My Documents\cc_20101216_172921.reg
    [2010/12/16 10:23:53 | 000,515,898 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2010/12/16 10:23:53 | 000,098,616 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2010/12/16 10:22:24 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\ksmith\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
    [2010/12/16 10:18:37 | 000,138,056 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2010/12/16 09:47:52 | 001,345,624 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\ksmith\Desktop\TDSSKiller.exe
    [2010/12/10 17:55:29 | 000,043,008 | ---- | M] () -- C:\Documents and Settings\ksmith\My Documents\KevinSmithTimeSheet_12_09.xls
    [2010/12/08 12:00:56 | 002,610,642 | ---- | M] () -- C:\Documents and Settings\ksmith\My Documents\RemoteNotificationsPG.pdf
     
  10. Kevin562

    Kevin562 TS Rookie Topic Starter

    and the second part of OTL.txt


    ========== Files Created - No Company Name ==========

    [2011/01/05 12:08:42 | 000,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 9.0.lnk
    [2011/01/05 12:08:31 | 000,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
    [2011/01/05 12:08:21 | 069,768,670 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
    [2011/01/04 18:54:06 | 000,000,211 | ---- | C] () -- C:\Boot.bak
    [2011/01/04 18:54:04 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2011/01/04 18:51:23 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2011/01/04 18:51:23 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2011/01/04 18:51:23 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2011/01/04 18:51:23 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2011/01/04 18:51:23 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2011/01/04 18:45:04 | 000,000,075 | ---- | C] () -- C:\Documents and Settings\ksmith\AVG License.txt
    [2011/01/04 18:09:55 | 004,013,176 | R--- | C] () -- C:\Documents and Settings\ksmith\Desktop\ComboFix.exe
    [2011/01/04 18:09:31 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\ksmith\Desktop\MBRCheck.exe
    [2011/01/04 15:58:15 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\ksmith\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2011/01/04 15:58:15 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
    [2011/01/04 15:48:04 | 000,009,060 | ---- | C] () -- C:\Documents and Settings\ksmith\My Documents\password-export-2011-01-04.xml
    [2011/01/04 15:47:26 | 000,036,451 | ---- | C] () -- C:\Documents and Settings\ksmith\My Documents\bookmarks.html
    [2011/01/04 11:10:50 | 2145,349,632 | -HS- | C] () -- C:\hiberfil.sys
    [2011/01/03 13:45:36 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\ksmith\Desktop\Spybot - Search & Destroy.lnk
    [2010/12/29 12:09:46 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/12/29 11:04:31 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\ksmith\My Documents\~$cketFight.doc
    [2010/12/22 16:49:08 | 000,042,496 | ---- | C] () -- C:\Documents and Settings\ksmith\My Documents\KevinSmithTimeSheet_12_24.xls
    [2010/12/16 17:29:23 | 000,044,000 | ---- | C] () -- C:\Documents and Settings\ksmith\My Documents\cc_20101216_172921.reg
    [2010/12/10 17:55:29 | 000,043,008 | ---- | C] () -- C:\Documents and Settings\ksmith\My Documents\KevinSmithTimeSheet_12_09.xls
    [2010/12/08 12:00:56 | 002,610,642 | ---- | C] () -- C:\Documents and Settings\ksmith\My Documents\RemoteNotificationsPG.pdf
    [2010/09/24 09:53:53 | 000,002,865 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
    [2010/08/25 10:25:02 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\DetectDxQT.dll
    [2010/08/25 10:24:57 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
    [2010/03/10 12:21:49 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
    [2010/03/10 12:21:49 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
    [2010/03/10 12:21:48 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
    [2010/03/10 12:21:47 | 001,503,232 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
    [2010/01/28 18:01:03 | 000,000,124 | ---- | C] () -- C:\WINDOWS\netdet.ini
    [2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
    [2009/08/03 00:21:54 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
    [2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
    [2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
    [2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
    [2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
    [2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
    [2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
    [2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
    [2009/08/03 00:21:52 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
    [2009/08/03 00:21:52 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
    [2009/01/30 12:28:57 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll
    [2009/01/30 12:28:56 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
    [2009/01/30 12:28:52 | 000,030,740 | ---- | C] () -- C:\WINDOWS\System32\bcfxob.dll
    [2009/01/30 12:28:52 | 000,028,264 | ---- | C] () -- C:\WINDOWS\System32\bcfxoa.dll
    [2009/01/30 12:28:52 | 000,006,272 | ---- | C] () -- C:\WINDOWS\System32\bcfxmr.dll
    [2009/01/30 12:27:34 | 000,300,168 | ---- | C] () -- C:\WINDOWS\System32\WTPDADB.dll
    [2009/01/30 12:27:34 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\N4INST.dll
    [2008/12/13 17:26:54 | 000,000,040 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
    [2008/11/21 13:47:52 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
    [2008/11/21 13:44:16 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
    [2008/11/19 15:30:09 | 000,716,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
    [2008/09/01 10:46:47 | 000,033,792 | ---- | C] () -- C:\WINDOWS\System32\drivers\libusb0.sys
    [2008/07/16 09:46:05 | 000,001,349 | ---- | C] () -- C:\WINDOWS\System32\DkConfig.ini
    [2008/06/04 13:13:36 | 000,000,230 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
    [2008/06/04 11:25:14 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2008/06/04 11:13:26 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\ksmith\Local Settings\Application Data\WavXMapDrive.bat
    [2008/05/31 03:26:51 | 000,000,496 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2008/05/31 03:13:15 | 000,080,368 | ---- | C] () -- C:\WINDOWS\System32\pbadrvdll.dll
    [2008/05/31 03:10:40 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\bioapi_mds300.dll
    [2008/05/31 03:10:40 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\bioapi100.dll
    [2008/05/31 02:42:39 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
    [2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
    [2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
    [2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
    [2007/09/13 11:42:30 | 000,499,712 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ru.dll
    [2007/09/13 11:42:30 | 000,471,040 | ---- | C] () -- C:\WINDOWS\System32\AmRes_pt-BR.dll
    [2007/09/13 11:42:28 | 000,487,424 | ---- | C] () -- C:\WINDOWS\System32\AmRes_it.dll
    [2007/09/13 11:42:28 | 000,487,424 | ---- | C] () -- C:\WINDOWS\System32\AmRes_fr.dll
    [2007/09/13 11:42:28 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ko.dll
    [2007/09/13 11:42:28 | 000,458,752 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ja.dll
    [2007/09/13 11:42:26 | 000,487,424 | ---- | C] () -- C:\WINDOWS\System32\AmRes_es.dll
    [2007/09/13 11:42:26 | 000,487,424 | ---- | C] () -- C:\WINDOWS\System32\AmRes_de.dll
    [2007/09/13 11:42:26 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\AmRes_en.dll
    [2007/09/13 11:42:26 | 000,434,176 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHT.dll
    [2007/09/13 11:36:24 | 000,438,272 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHS.dll
    [2007/09/12 12:05:08 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_pt.dll
    [2007/09/12 12:04:46 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHT.dll
    [2007/09/12 12:04:26 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ko.dll
    [2007/09/12 12:04:06 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_es.dll
    [2007/09/12 12:03:44 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ru.dll
    [2007/09/12 12:03:24 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ja.dll
    [2007/09/12 12:03:04 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_it.dll
    [2007/09/12 12:02:44 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_de.dll
    [2007/09/12 12:02:22 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_fr.dll
    [2007/09/12 12:02:02 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHS.dll
    [2007/09/10 06:53:26 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\wxvault.dll
    [2007/06/15 07:19:20 | 000,835,584 | ---- | C] () -- C:\WINDOWS\System32\DemoLicense.dll
    [2006/08/14 08:02:10 | 000,072,192 | ---- | C] () -- C:\WINDOWS\System32\xltZlib.dll
    [2006/06/12 05:01:16 | 000,348,160 | ---- | C] () -- C:\WINDOWS\tsp.dll
    [2005/08/02 13:24:01 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
    [2005/03/18 12:55:48 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\dkcktknmsg.dll
    [2005/03/18 12:50:26 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\dklogmsg.dll
    [2004/09/10 10:34:00 | 000,917,504 | ---- | C] () -- C:\WINDOWS\System32\lmgr10.dll
    [2004/09/10 10:34:00 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ADsSecurity.dll
    [2004/08/11 14:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
    [2004/08/11 14:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
    [2004/08/11 14:07:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

    ========== LOP Check ==========

    [2011/01/05 12:08:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
    [2010/05/21 17:32:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\My Movies
    [2008/05/31 03:10:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NTRU Cryptosystems
    [2010/02/17 21:41:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
    [2008/12/13 17:27:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
    [2008/06/04 14:51:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
    [2010/01/06 18:33:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2009/02/03 09:41:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
    [2008/05/31 03:17:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wave Systems Corp
    [2011/01/05 12:08:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ksmith\Application Data\Dropbox
    [2010/09/27 17:25:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ksmith\Application Data\Helios
    [2010/09/24 14:20:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ksmith\Application Data\SSH
    [2010/09/24 10:07:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ksmith\Application Data\Subversion
    [2010/09/24 12:12:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ksmith\Application Data\Trillian
    [2008/05/31 03:16:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ksmith\Application Data\Wave Systems Corp
    [2010/09/24 10:07:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ksmith\Application Data\Windows Desktop Search
    [2010/09/24 13:49:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ksmith\Application Data\Windows Search

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2004/08/11 14:15:00 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2010/12/27 18:57:21 | 000,000,211 | ---- | M] () -- C:\Boot.bak
    [2011/01/04 18:54:06 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
    [2011/01/04 19:10:31 | 000,020,586 | ---- | M] () -- C:\ComboFix.txt
    [2004/08/11 14:15:00 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2009/11/27 17:20:44 | 000,133,271 | ---- | M] () -- C:\cookies.txt
    [2009/06/09 13:19:22 | 000,000,092 | ---- | M] () -- C:\data.bin
    [2008/05/31 02:44:52 | 000,006,693 | RH-- | M] () -- C:\dell.sdr
    [2011/01/05 11:57:05 | 2145,349,632 | -HS- | M] () -- C:\hiberfil.sys
    [2008/06/04 11:57:09 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
    [2004/08/11 14:15:00 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
    [2002/01/05 03:48:16 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\mfc70.dll
    [2002/01/05 03:36:38 | 000,964,608 | ---- | M] (Microsoft Corporation) -- C:\mfc70u.dll
    [2010/01/06 18:29:01 | 000,000,676 | ---- | M] () -- C:\mine.swf
    [2004/08/11 14:15:00 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
    [2002/01/05 02:40:20 | 000,487,424 | ---- | M] (Microsoft Corporation) -- C:\msvcp70.dll
    [2002/01/05 02:37:28 | 000,344,064 | ---- | M] (Microsoft Corporation) -- C:\msvcr70.dll
    [2004/08/04 02:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2008/06/04 18:11:45 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2011/01/05 11:57:03 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
    [2011/01/04 17:20:05 | 000,052,642 | ---- | M] () -- C:\TDSSKiller.2.4.12.0_04.01.2011_17.19.07_log.txt
    [2011/01/03 13:31:56 | 000,052,516 | ---- | M] () -- C:\TDSSKiller.2.4.7.0_03.01.2011_13.31.03_log.txt
    [2011/01/04 17:18:50 | 000,001,972 | ---- | M] () -- C:\TDSSKiller.2.4.7.0_04.01.2011_17.17.56_log.txt
    [2010/12/29 16:15:07 | 000,052,516 | ---- | M] () -- C:\TDSSKiller.2.4.7.0_29.12.2010_16.11.04_log.txt
    [2010/12/29 17:52:20 | 000,052,630 | ---- | M] () -- C:\TDSSKiller.2.4.7.0_29.12.2010_17.46.09_log.txt

    < %systemroot%\Fonts\*.com >
    [2006/04/18 14:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
    [2006/06/29 13:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
    [2006/04/18 14:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
    [2006/06/29 13:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2004/08/11 14:14:22 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2008/07/06 04:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    [2007/03/02 17:23:38 | 000,235,520 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp5in.DLL
    [2007/04/09 12:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
    [2008/07/06 02:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2006/10/12 20:26:32 | 000,193,024 | ---- | M] (Realtime Soft) -- C:\WINDOWS\UltraMon.scr

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2004/08/11 14:06:14 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
    [2004/08/11 14:06:14 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
    [2004/08/11 14:06:14 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
    [2008/06/04 18:18:48 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

    < %systemroot%\system32\config\systemprofile\*.dat /x >
    [2008/05/31 03:23:44 | 000,014,090 | ---- | M] () -- C:\WINDOWS\system32\config\systemprofile\msi.log
    [2008/05/31 03:15:43 | 000,000,829 | ---- | M] () -- C:\WINDOWS\system32\config\systemprofile\wave_license.txt

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2010/09/24 10:07:11 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\ksmith\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
    [2004/08/11 14:20:42 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\ksmith\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

    < %USERPROFILE%\Desktop\*.exe >
    [2011/01/04 18:09:57 | 004,013,176 | R--- | M] () -- C:\Documents and Settings\ksmith\Desktop\ComboFix.exe
    [2009/07/08 16:35:29 | 000,151,040 | ---- | M] () -- C:\Documents and Settings\ksmith\Desktop\hexedit.exe
    [2011/01/04 18:09:13 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\ksmith\Desktop\MBRCheck.exe
    [2006/03/20 18:27:12 | 001,274,880 | ---- | M] (MayOneZ) -- C:\Documents and Settings\ksmith\Desktop\mtail.exe
    [2010/01/21 14:46:58 | 000,654,920 | ---- | M] () -- C:\Documents and Settings\ksmith\Desktop\mtinst.exe
    [2011/01/05 12:07:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ksmith\Desktop\OTL.exe
    [2008/09/22 11:36:28 | 000,454,656 | ---- | M] (Simon Tatham) -- C:\Documents and Settings\ksmith\Desktop\putty.exe
    [2009/02/19 10:22:28 | 004,750,024 | ---- | M] (Super Card ) -- C:\Documents and Settings\ksmith\Desktop\setupsdV269en.exe
    [2010/12/16 09:47:52 | 001,345,624 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\ksmith\Desktop\TDSSKiller.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2004/08/04 02:00:00 | 000,000,791 | ---- | M] () -- C:\WINDOWS\addins\fxsext.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2010/09/24 10:07:11 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\ksmith\Favorites\Desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2010/09/24 10:22:28 | 000,001,686 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >
    [2011/01/04 15:51:25 | 000,000,067 | -HS- | M] () -- C:\Documents and Settings\ksmith\Cookies\desktop.ini
    [2011/01/05 12:09:03 | 000,032,768 | -HS- | M] () -- C:\Documents and Settings\ksmith\Cookies\index.dat

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >
    [2007/06/26 22:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

    < %SYSTEMROOT%\Installer\*.exe >
    [2007/08/12 15:22:58 | 000,600,328 | ---- | M] (Intel Corporation) -- C:\WINDOWS\Installer\iProInst.exe

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >
    [2008/04/13 16:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
    [2004/08/03 22:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
    [2004/08/03 22:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
    [2008/05/02 06:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
    [2008/04/13 09:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
    [2008/04/13 16:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
    [2004/08/03 22:06:36 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
    [2004/08/03 22:06:36 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
    [2004/08/03 22:06:36 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
    [2004/08/03 22:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
    [2004/08/03 22:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < End of report >
     
  11. Kevin562

    Kevin562 TS Rookie Topic Starter

    and Extras.txt


    OTL Extras logfile created on: 1/5/2011 12:11:33 PM - Run 1
    OTL by OldTimer - Version 3.2.20.1 Folder = C:\Documents and Settings\ksmith\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 63.00% Memory free
    4.00 Gb Paging File | 3.00 Gb Available in Paging File | 80.00% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 111.69 Gb Total Space | 31.56 Gb Free Space | 28.26% Space Free | Partition Type: NTFS

    Computer Name: SD-KSMITH1 | User Name: ksmith | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0
    "AntiVirusDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX -- (CyberLink Corp.)
    "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" = C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program -- (CyberLink Corp.)
    "C:\Documents and Settings\ksmith.MFORMA\Application Data\mjusbsp\magicJack.exe" = C:\Documents and Settings\ksmith.MFORMA\Application Data\mjusbsp\magicJack.exe:*:Enabled:magicJack -- File not found
    "C:\Documents and Settings\ksmith.MFORMA\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\ksmith.MFORMA\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- ()

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX -- (CyberLink Corp.)
    "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" = C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program -- (CyberLink Corp.)
    "C:\Program Files\Synergy\synergys.exe" = C:\Program Files\Synergy\synergys.exe:*:Enabled:synergys -- ()
    "C:\Documents and Settings\ksmith\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\ksmith\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- ()
    "C:\Program Files\JetBrains\IntelliJ IDEA 9.0\bin\idea.exe" = C:\Program Files\JetBrains\IntelliJ IDEA 9.0\bin\idea.exe:*:Enabled:idea -- (JetBrains s.r.o)
    "C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
    "C:\Program Files\Trillian\trillian.exe" = C:\Program Files\Trillian\trillian.exe:*:Enabled:Trillian -- (Cerulean Studios)
    "C:\Program Files\AVG\AVG9\avgam.exe" = C:\Program Files\AVG\AVG9\avgam.exe:*:Enabled:avgam.exe -- (AVG Technologies CZ, s.r.o.)
    "C:\Program Files\AVG\AVG9\avgdiagex.exe" = C:\Program Files\AVG\AVG9\avgdiagex.exe:*:Enabled:avgdiagex.exe -- (AVG Technologies CZ, s.r.o.)
    "C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
    "C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
    "{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
    "{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
    "{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
    "{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
    "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
    "{1BD1BBE0-95F7-4273-ABDE-2077EC84E35B}" = SPOT xde(R) Player DLL
    "{1DCE6389-E294-11D5-80D0-00104BF87660}" = MX-700 Editor
    "{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
    "{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
    "{24A494F3-5B5F-4183-9F7D-9CE82812C1FC}" = tsp patch
    "{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 23
    "{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
    "{27E25625-DB51-42E6-BEB7-0C8DC878770C}" = Broadcom ASF Management Applications
    "{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MYMOVIES)
    "{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
    "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
    "{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
    "{32A3A4F4-B792-11D6-A78A-00B0D0160060}" = Java(TM) SE Development Kit 6 Update 6
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}" = Preboot Manager
    "{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
    "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
    "{48D85A1A-9A14-41F9-9BFE-E0116062D318}" = Sprint Wireless Toolkit 3.3.2 - Powered by Sun Java Technology
    "{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4BF18ED6-C888-4BCF-A4AF-AC7A16305BC1}" = GemSafe Standard Edition 5.1
    "{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
    "{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
    "{534C28F1-05CE-4753-BE61-785BDBFB50CD}" = MySQL Server 4.1
    "{53735ECE-E461-4FD0-B742-23A352436D3A}" = Logitech Updater
    "{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
    "{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
    "{5961E918-1156-480E-B408-8937075F4388}" = HexEdit
    "{5EC5F187-9D2B-4051-8906-88656819A869}" = Dell Drivers MSI
    "{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
    "{6257E290-5E8E-11D4-9B8D-00D0B72459DD}" = SafeNet iKey Driver v4.0.0.11
    "{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
    "{6461F54A-2927-4EE1-9B38-DB5AA0E7795A}" = Diskeeper 2007 Pro Premier
    "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
    "{687422AC-40E3-4F48-A816-20DC83F98035}" = TortoiseSVN 1.5.2.13595 (32 bit)
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{74E2CD0C-D4A2-11D3-95A6-0000E86CFDE5}" = SSH Secure Shell
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
    "{78DA4EC4-8E94-45D4-B047-027B662EC6A6}" = Labeler
    "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
    "{7D777586-7EB1-48A9-AAF9-4AB0E807E81E}" = PNGGauntlet
    "{7FE2549F-361D-4F9F-BB3E-75D08EFEB313}" = Microsoft Windows Media Center SDK 5.3
    "{829CD169-E692-48E8-9BDE-A3E8D8B65538}" = mSCfg
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{83AD5E71-80C0-4818-B6E4-CA2607B6A141}" = SMS Advanced Client
    "{86D06660-87D3-4809-9152-AF76EB66D941}" = MobileAsset
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
    "{8D3D93DA-B0C4-4C56-8FB9-67CB050EB15D}" = GeoTrust Token - iKey 2000 Series v4.7 MU20.3
    "{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
    "{900A92BA-19EF-4A34-86CF-7B6C85BDD971}" = VC_MergeModuleToMSI
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
    "{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
    "{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
    "{9593C6E5-205E-45C3-B785-05CF146CA76A}" = biolsp patch
    "{97F81AF1-0E47-DC99-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 ATL (x86) WinSXS MSM
    "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
    "{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT (x86) WinSXS MSM
    "{9AB4DC63-48DA-472E-82AB-DE4DAD887F53}" = CR9MMsetup
    "{9EF06A75-C359-4D88-A12D-D3649FF2AE0D}" = Motorola iDEN SDK for J2ME (MIDP 2.0)
    "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
    "{A093D83F-429A-4AB2-A0CD-1F7E9C7B764A}" = Trusted Drive Manager
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}" = Apple Application Support
    "{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Embassy Trust Suite by Wave Systems
    "{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.5
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B6EC7388-E277-4A5B-8C8F-71067A41BA64}" = TextPad 5
    "{B6F0BE9B-41D7-45A2-9A76-D3DB1A89EC6A}" = SnagIt 8
    "{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
    "{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
    "{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
    "{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CD49361E-3FE6-457E-90A1-9C59E29B5D02}" = Java DB 10.3.1.4
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
    "{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update
    "{D2BD3C8F-9D7F-472B-BDF9-7309A5CB813A}" = Motorola Driver Installation 3.5.0
    "{D9FCA292-1186-421F-8D93-9A5D272AD5D0}" = IntelliSonic Speech Enhancement
    "{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
    "{E67FF1A2-23C1-4102-84E9-42115F77AD32}" = UltraMon
    "{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
    "{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
    "{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
    "{EB4DF30B-102B-4F0C-927A-D50E037A325D}" = AuthenTec Fingerprint Sensor Minimum Install
    "{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
    "{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
    "{ECC22AFA-B905-4A6A-8072-10F52B9E09B7}" = Wave Infrastructure Installer
    "{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
    "{EF05BA0F-AC15-4D12-AC5C-276225F5E751}" = Gemalto
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
    "{F1802FA6-54E9-4B24-BD2A-B50866819795}" = EMBASSY Trust Suite by Wave Systems
    "{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
    "{F42F3D32-F9A4-4671-9B1F-6CC3E509A927}" = Sun Java (TM) Wireless Toolkit 2.5.2 for CLDC
    "{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
    "{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
    "{F7646923-2B1C-493E-A38E-D4AD6408E854}" = DJ Java Decompiler v.3.10.10.93
    "{FBEC50B7-537C-4A0E-8B0B-F7A8F8BF13CE}" = upekmsi
    "{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
    "{FEC193E4-6C5F-40E9-A249-7D8C8404A9EC}" = NTRU TCG Software Stack
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
    "AVG9Uninstall" = AVG 9.0
    "CCleaner" = CCleaner
    "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
    "Coupon Printer for Windows4.0" = Coupon Printer for Windows
    "Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
    "Dexster_is1" = Dexster v3.5
    "EditPlus 2" = EditPlus 2
    "Ethereal" = Ethereal 0.99.0
    "Flash&Backup3" = Flash&Backup
    "GNUstep Windows Core" = GNUstep Windows Core 0.22.0
    "GNUstep Windows Developer" = GNUstep Windows Developer 1.0.0
    "GNUstep Windows System" = GNUstep Windows System 0.22.0
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie8" = Windows Internet Explorer 8
    "InstallShield_{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
    "InstallShield_{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
    "InstallShield_{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
    "InstallShield_{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
    "InstallShield_{8D3D93DA-B0C4-4C56-8FB9-67CB050EB15D}" = GeoTrust Token - iKey 2000 Series v4.7 MU20.3
    "InstallShield_{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update
    "InstallShield_{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
    "InstallShield_{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
    "InstallShield_{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
    "IntelliJ IDEA 7.0.3" = IntelliJ IDEA 7.0.3
    "IntelliJ IDEA 8.0" = IntelliJ IDEA 8.0
    "IntelliJ IDEA 8.0.1" = IntelliJ IDEA 8.0.1
    "IntelliJ IDEA 8.1" = IntelliJ IDEA 8.1
    "IntelliJ IDEA 9.0" = IntelliJ IDEA 9.0
    "LibUSB-Win32_is1" = LibUSB-Win32-0.1.10.1
    "LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft SQL Server 2005" = Microsoft SQL Server 2005
    "MotoKup_is1" = MotoKup 0.2
    "Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "Network Stumbler" = Network Stumbler 0.4.0 (remove only)
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "NVIDIA Drivers" = NVIDIA Drivers
    "NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
    "ProInst" = Intel(R) PROSet/Wireless Software
    "ProjectCenter" = ProjectCenter 0.5.0
    "SDK for the Java(TM) ME Platform" = Sony Ericsson SDK 2.5.0.3 (build 1143) for the Java(TM) ME Platform
    "Super Card_is1" = SC Ver 2.70
    "Synergy" = Synergy
    "TestTrack" = TestTrack
    "TestTrack Pro" = TestTrack Pro
    "TomTom HOME" = TomTom HOME 2.5.2.60
    "Trillian" = Trillian
    "VLC media player" = VLC media player 1.1.4
    "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinMerge_is1" = WinMerge 2.8.0.0
    "WinPcapInst" = WinPcap 3.1
    "WinRAR archiver" = WinRAR archiver
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
    "YourKit Java Profiler 6.0.16" = YourKit Java Profiler 6.0.16

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Dropbox" = Dropbox

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 1/4/2011 7:51:19 PM | Computer Name = SD-KSMITH1 | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: The connection with the server was terminated abnormally

    Error - 1/4/2011 7:51:20 PM | Computer Name = SD-KSMITH1 | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: This network connection does not exist.

    Error - 1/4/2011 8:09:42 PM | Computer Name = SD-KSMITH1 | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: The connection with the server was terminated abnormally

    Error - 1/4/2011 8:09:42 PM | Computer Name = SD-KSMITH1 | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: This network connection does not exist.

    Error - 1/4/2011 8:19:36 PM | Computer Name = SD-KSMITH1 | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: The connection with the server was terminated abnormally

    Error - 1/4/2011 8:19:37 PM | Computer Name = SD-KSMITH1 | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: This network connection does not exist.

    Error - 1/4/2011 8:30:16 PM | Computer Name = SD-KSMITH1 | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: The connection with the server was terminated abnormally

    Error - 1/4/2011 8:30:16 PM | Computer Name = SD-KSMITH1 | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: This network connection does not exist.

    Error - 1/4/2011 8:40:17 PM | Computer Name = SD-KSMITH1 | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: The connection with the server was terminated abnormally

    Error - 1/4/2011 8:40:18 PM | Computer Name = SD-KSMITH1 | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: This network connection does not exist.

    [ System Events ]
    Error - 1/4/2011 10:48:21 PM | Computer Name = SD-KSMITH1 | Source = NetBT | ID = 4311
    Description = Initialization failed because the driver device could not be created.

    Error - 1/4/2011 10:48:21 PM | Computer Name = SD-KSMITH1 | Source = NetBT | ID = 4311
    Description = Initialization failed because the driver device could not be created.

    Error - 1/4/2011 10:48:21 PM | Computer Name = SD-KSMITH1 | Source = NetBT | ID = 4311
    Description = Initialization failed because the driver device could not be created.

    Error - 1/4/2011 10:48:21 PM | Computer Name = SD-KSMITH1 | Source = NetBT | ID = 4311
    Description = Initialization failed because the driver device could not be created.

    Error - 1/4/2011 10:48:21 PM | Computer Name = SD-KSMITH1 | Source = NetBT | ID = 4311
    Description = Initialization failed because the driver device could not be created.

    Error - 1/4/2011 10:58:45 PM | Computer Name = SD-KSMITH1 | Source = Service Control Manager | ID = 7034
    Description = The Smart Card service terminated unexpectedly. It has done this
    1 time(s).

    Error - 1/4/2011 10:58:45 PM | Computer Name = SD-KSMITH1 | Source = Service Control Manager | ID = 7034
    Description = The MySQL service terminated unexpectedly. It has done this 1 time(s).

    Error - 1/4/2011 10:58:45 PM | Computer Name = SD-KSMITH1 | Source = Service Control Manager | ID = 7034
    Description = The SEMC SDK Service service terminated unexpectedly. It has done
    this 1 time(s).

    Error - 1/4/2011 10:58:45 PM | Computer Name = SD-KSMITH1 | Source = Service Control Manager | ID = 7034
    Description = The NTRU TSS v1.2.1.25 TCS service terminated unexpectedly. It has
    done this 1 time(s).

    Error - 1/4/2011 11:05:45 PM | Computer Name = SD-KSMITH1 | Source = DCOM | ID = 10016
    Description = The application-specific permission settings do not grant Local Launch
    permission for the COM Server application with CLSID {7E89FF0B-F649-4F9A-A9C3-F05DFAAA3DA1}

    to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be
    modified using the Component Services administrative tool.


    < End of report >
     
  12. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcLU\Setup\smcinst.exe -- (Smcinst)
      SRV - [2009/03/20 19:10:15 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
      DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys -- (Lavasoft Kernexplorer)
      O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
      O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
      
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.
    • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply. Only one log will be created.

    ======================================================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  13. Kevin562

    Kevin562 TS Rookie Topic Starter

    Hi,
    Welcome back. Thanks again for all this. Here are the logs from the OTL Fix. I am running the other scans now.

    ->Flash cache emptied: 0 bytes

    User: KSMITH~1~MFO

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Temp folder emptied: 16384 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 4373 bytes

    User: TEMP

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 16867 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 20214 bytes

    Total Files Cleaned = 57.00 mb


    [EMPTYFLASH]

    User: Administrator

    User: administrator.MFORMA

    User: All Users

    User: Default User

    User: ksmith
    ->Flash cache emptied: 0 bytes

    User: ksmith.MFORMA
    ->Flash cache emptied: 0 bytes

    User: KSMITH~1~MFO

    User: LocalService
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Flash cache emptied: 0 bytes

    User: TEMP

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.20.1 log created on 01052011_172812

    Files\Folders moved on Reboot...
    File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_14c.dat not found!

    Registry entries deleted on Reboot...
     
  14. Kevin562

    Kevin562 TS Rookie Topic Starter

    And the OTL Quick Scan logs. In to parts again because of length limit:

    OTL logfile created on: 1/5/2011 5:37:47 PM - Run 2
    OTL by OldTimer - Version 3.2.20.1 Folder = C:\Documents and Settings\ksmith\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 58.00% Memory free
    4.00 Gb Paging File | 3.00 Gb Available in Paging File | 78.00% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 111.69 Gb Total Space | 31.55 Gb Free Space | 28.25% Space Free | Partition Type: NTFS

    Computer Name: SD-KSMITH1 | User Name: ksmith | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/01/05 12:08:12 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
    PRC - [2011/01/05 12:08:12 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
    PRC - [2011/01/05 12:08:12 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
    PRC - [2011/01/05 12:08:11 | 000,725,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
    PRC - [2011/01/05 12:08:08 | 002,069,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
    PRC - [2011/01/05 12:08:07 | 000,842,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgam.exe
    PRC - [2011/01/05 12:08:03 | 000,755,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgscanx.exe
    PRC - [2011/01/05 12:08:03 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
    PRC - [2011/01/05 12:07:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ksmith\Desktop\OTL.exe
    PRC - [2010/02/25 21:10:20 | 021,979,992 | ---- | M] () -- C:\Documents and Settings\ksmith\Application Data\Dropbox\bin\Dropbox.exe
    PRC - [2008/10/21 01:00:18 | 000,049,152 | ---- | M] () -- C:\SonyEricsson\JavaME_SDK_CLDC\OnDeviceDebug\lib\jsl.exe
    PRC - [2008/07/31 16:26:40 | 000,575,488 | ---- | M] (http://tortoisesvn.net) -- C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
    PRC - [2008/05/02 01:44:08 | 000,805,392 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
    PRC - [2008/05/02 01:40:56 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
    PRC - [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2008/02/22 09:40:20 | 000,475,136 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
    PRC - [2007/12/05 14:24:44 | 000,094,208 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\stacsv.exe
    PRC - [2007/11/08 19:50:10 | 001,552,384 | ---- | M] () -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
    PRC - [2007/09/17 08:56:08 | 000,124,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    PRC - [2007/09/14 07:53:16 | 000,218,424 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
    PRC - [2007/09/10 06:55:04 | 000,092,160 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
    PRC - [2007/09/07 14:29:04 | 000,737,280 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
    PRC - [2007/07/25 13:41:42 | 000,647,168 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    PRC - [2007/07/25 13:32:50 | 000,823,296 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
    PRC - [2007/07/25 13:32:34 | 000,294,912 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
    PRC - [2007/07/25 13:30:36 | 000,974,848 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
    PRC - [2007/07/25 13:29:38 | 000,987,136 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    PRC - [2007/07/25 13:22:44 | 000,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    PRC - [2007/01/29 01:07:18 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApMsgFwd.exe
    PRC - [2007/01/24 23:34:22 | 000,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
    PRC - [2006/12/21 16:09:00 | 000,913,408 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    PRC - [2006/12/19 11:21:48 | 000,079,432 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
    PRC - [2006/11/03 15:02:14 | 000,050,688 | ---- | M] (Avanquest Software ) -- C:\Program Files\Digital Line Detect\DLG.exe
    PRC - [2006/11/02 11:05:50 | 000,282,624 | ---- | M] (Knowles Acoustics) -- C:\WINDOWS\system32\KADxMain.exe
    PRC - [2006/10/12 20:27:40 | 000,257,536 | ---- | M] (Realtime Soft) -- C:\Program Files\UltraMon\UltraMonTaskbar.exe
    PRC - [2006/10/12 20:27:20 | 000,304,640 | ---- | M] (Realtime Soft) -- C:\Program Files\UltraMon\UltraMon.exe
    PRC - [2006/09/07 21:10:22 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\hidfind.exe
    PRC - [2006/09/07 21:06:08 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
    PRC - [2006/07/19 19:46:54 | 003,600,384 | ---- | M] () -- C:\Program Files\MySQL\MySQL Server 4.1\bin\mysqld-nt.exe
    PRC - [2006/04/02 12:20:16 | 000,733,184 | ---- | M] () -- C:\Program Files\Synergy\synergys.exe
    PRC - [2006/02/09 01:50:00 | 000,578,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\CCM\CcmExec.exe
    PRC - [2006/02/09 01:50:00 | 000,248,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\CCM\clicomp\RemCtrl\Wuser32.exe
    PRC - [2005/03/18 13:05:36 | 000,122,880 | ---- | M] (Datakey, Inc.) -- C:\WINDOWS\system32\dkvcm.exe
    PRC - [2005/03/18 12:58:38 | 000,245,760 | ---- | M] (Datakey, Inc.) -- C:\Program Files\GeoTrust\GeoTrust Token\iKey 2000 Series Software\dkAutoReg.exe
    PRC - [2005/03/18 12:57:04 | 000,729,088 | ---- | M] (Datakey, Inc.) -- C:\WINDOWS\system32\dkcktkn.exe
    PRC - [2005/03/18 12:50:36 | 000,106,496 | ---- | M] (Datakey, Inc.) -- C:\WINDOWS\system32\dklog.exe
    PRC - [2005/03/09 19:50:18 | 000,018,944 | ---- | M] (http://libusb-win32.sourceforge.net) -- C:\WINDOWS\system32\libusbd-nt.exe


    ========== Modules (SafeList) ==========

    MOD - [2011/01/05 12:07:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ksmith\Desktop\OTL.exe
    MOD - [2010/08/23 08:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
    MOD - [2009/07/12 01:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
    MOD - [2008/05/02 01:42:50 | 000,045,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\lgscroll.dll
    MOD - [2006/10/12 20:26:26 | 000,198,144 | ---- | M] (Realtime Soft) -- C:\Program Files\UltraMon\RTSUltraMonHook.dll
    MOD - [2006/04/02 12:20:00 | 000,024,576 | ---- | M] () -- C:\Program Files\Synergy\synrgyhk.dll
    MOD - [2005/06/10 11:30:56 | 000,002,560 | ---- | M] (Realtime Soft) -- C:\Program Files\UltraMon\Resources\en\RTSUltraMonHookRes.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2011/01/05 12:08:03 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
    SRV - [2008/10/21 01:00:18 | 000,049,152 | ---- | M] () [Auto | Running] -- C:\SonyEricsson\JavaME_SDK_CLDC\OnDeviceDebug\lib\jsl.exe -- (SEMC_SDK_Service)
    SRV - [2008/05/02 01:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
    SRV - [2008/02/22 09:40:20 | 000,475,136 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)
    SRV - [2007/12/05 14:24:44 | 000,094,208 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\WINDOWS\system32\stacsv.exe -- (STacSV)
    SRV - [2007/11/08 19:50:10 | 001,552,384 | ---- | M] () [Auto | Running] -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)
    SRV - [2007/09/13 11:31:44 | 000,192,512 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Wave Systems Corp\Authentication Manager\WaveEnrollmentService.exe -- (WaveEnrollmentService)
    SRV - [2007/09/07 14:29:04 | 000,737,280 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe -- (TdmService)
    SRV - [2007/08/31 14:39:18 | 000,486,400 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
    SRV - [2007/07/25 13:41:42 | 000,647,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel(R)
    SRV - [2007/07/25 13:32:34 | 000,294,912 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel(R)
    SRV - [2007/07/25 13:29:38 | 000,987,136 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel(R)
    SRV - [2007/07/25 13:22:44 | 000,327,680 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel(R)
    SRV - [2006/12/21 16:09:00 | 000,913,408 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
    SRV - [2006/12/19 11:21:48 | 000,079,432 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe -- (ASFIPmon)
    SRV - [2006/07/19 19:46:54 | 003,600,384 | ---- | M] () [Auto | Running] -- C:\Program Files\MySQL\MySQL Server 4.1\bin\mysqld-nt.exe -- (MySQL)
    SRV - [2006/02/09 01:50:00 | 000,578,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\CCM\CcmExec.exe -- (CcmExec)
    SRV - [2006/02/09 01:50:00 | 000,248,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\CCM\clicomp\RemCtrl\Wuser32.exe -- (Wuser32)
    SRV - [2005/11/14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
    SRV - [2005/08/02 13:18:49 | 000,086,016 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
    SRV - [2005/03/18 13:05:36 | 000,122,880 | ---- | M] (Datakey, Inc.) [Auto | Running] -- C:\WINDOWS\system32\dkvcm.exe -- (DkVcm)
    SRV - [2005/03/18 12:57:04 | 000,729,088 | ---- | M] (Datakey, Inc.) [Auto | Running] -- C:\WINDOWS\system32\dkcktkn.exe -- (DkTknSrv)
    SRV - [2005/03/18 12:50:36 | 000,106,496 | ---- | M] (Datakey, Inc.) [Auto | Running] -- C:\WINDOWS\system32\dklog.exe -- (DkLogger)
    SRV - [2005/03/09 19:50:18 | 000,018,944 | ---- | M] (http://libusb-win32.sourceforge.net) [Auto | Running] -- C:\WINDOWS\system32\libusbd-nt.exe -- (libusbd)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
    DRV - [2011/01/05 12:08:41 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)
    DRV - [2011/01/05 12:08:41 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\System32\Drivers\avgrkx86.sys -- (AvgRkx86)
    DRV - [2011/01/05 12:08:34 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
    DRV - [2011/01/05 12:08:32 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
    DRV - [2009/03/11 14:04:00 | 006,251,168 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
    DRV - [2008/11/19 15:30:10 | 000,716,272 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
    DRV - [2008/04/13 10:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
    DRV - [2008/04/13 10:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
    DRV - [2008/04/13 10:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
    DRV - [2008/04/13 10:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
    DRV - [2008/04/13 08:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
    DRV - [2008/02/29 02:13:46 | 000,028,944 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
    DRV - [2008/02/29 02:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
    DRV - [2008/02/29 02:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
    DRV - [2007/12/05 14:24:44 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
    DRV - [2007/12/02 15:26:22 | 000,989,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
    DRV - [2007/12/02 15:26:20 | 000,731,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
    DRV - [2007/12/02 15:26:20 | 000,211,200 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
    DRV - [2007/11/28 13:18:24 | 000,062,208 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\oz776.sys -- (guardian2)
    DRV - [2007/10/10 16:41:50 | 000,042,112 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motodrv.sys -- (MotDev)
    DRV - [2007/09/10 06:55:00 | 000,161,280 | ---- | M] (Wave Systems Corp.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\WavxDMgr.sys -- (WavxDMgr)
    DRV - [2007/09/07 06:57:14 | 000,026,608 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\PBADRV.sys -- (PBADRV)
    DRV - [2007/09/06 06:18:40 | 000,018,176 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WaveFDE.sys -- (WaveFDE)
    DRV - [2007/08/12 15:05:34 | 002,211,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel(R)
    DRV - [2007/05/29 12:29:30 | 000,012,416 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
    DRV - [2007/03/12 20:26:06 | 000,160,256 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
    DRV - [2007/02/17 03:00:42 | 000,132,608 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
    DRV - [2006/12/19 11:21:52 | 000,010,480 | ---- | M] (Broadcom Corporation) [Kernel | Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\BASFND.sys -- (BASFND)
    DRV - [2006/11/02 09:32:32 | 000,097,536 | ---- | M] (Knowles Acoustics) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dxec01.sys -- (DXEC01)
    DRV - [2006/09/26 08:28:06 | 000,022,304 | ---- | M] (SafeNet, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RNBTOKEN.SYS -- (RnbToken)
    DRV - [2006/09/26 08:28:04 | 000,019,232 | ---- | M] (SafeNet, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IKEYIFD.SYS -- (iKeyIFD)
    DRV - [2006/09/26 08:28:04 | 000,012,480 | ---- | M] (SafeNet, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IKEYENUM.SYS -- (iKeyEnum)
    DRV - [2006/09/24 20:23:14 | 000,003,584 | ---- | M] (Realtime Soft) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\UltraMonMirror.sys -- (UltraMonMirror)
    DRV - [2006/09/24 20:22:52 | 000,011,776 | ---- | M] (Realtime Soft) [Kernel | Auto | Running] -- C:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys -- (UltraMonUtility)
    DRV - [2006/02/09 01:50:00 | 000,020,704 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CCM\PrepDrv.sys -- (prepdrvr)
    DRV - [2006/02/09 01:50:00 | 000,011,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\kbstuff5.sys -- (kbstuff)
    DRV - [2006/02/09 01:50:00 | 000,008,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\idisw2km.sys -- (idisw2km)
    DRV - [2005/08/12 13:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
    DRV - [2005/08/02 13:10:13 | 000,032,512 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
    DRV - [2005/03/09 19:50:16 | 000,033,792 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\libusb0.sys -- (libusb0)
    DRV - [2004/03/23 18:12:34 | 000,017,280 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\nsndis5.sys -- (NSNDIS5)
    DRV - [2001/08/17 11:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
    DRV - [2001/08/17 11:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
    DRV - [2001/08/17 11:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
    DRV - [2001/08/17 11:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
    DRV - [2001/08/17 11:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
    DRV - [2001/08/17 10:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
    DRV - [2001/08/17 10:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
    DRV - [2001/08/17 10:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
    DRV - [2001/08/17 10:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
    DRV - [2001/08/17 10:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
    DRV - [2001/08/17 10:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
    DRV - [2001/08/17 10:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
    DRV - [2001/08/17 10:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
    DRV - [2001/08/17 10:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
    DRV - [2001/08/17 10:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.live.com [binary data]
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = www.live.com [binary data]
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3080531
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3080531

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.live.com [binary data]
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
    FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

    FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2011/01/05 12:08:03 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/04 15:58:21 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/01/04 15:58:13 | 000,000,000 | ---D | M]

    [2011/01/04 15:58:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ksmith\Application Data\Mozilla\Extensions
    [2011/01/05 17:05:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ksmith\Application Data\Mozilla\Firefox\Profiles\8n2yi5up.default\extensions
    [2011/01/04 16:00:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\ksmith\Application Data\Mozilla\Firefox\Profiles\8n2yi5up.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2010/09/24 13:53:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ksmith\Application Data\Mozilla\Firefox\Profiles\p6tll1fk.default\extensions
    [2010/09/24 13:53:05 | 000,000,000 | ---D | M] (Coupon Manager) -- C:\Documents and Settings\ksmith\Application Data\Mozilla\Firefox\Profiles\p6tll1fk.default\extensions\{0C7E3F01-99E9-4095-9BDC-F84724960B57}
    [2010/09/24 13:53:05 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\ksmith\Application Data\Mozilla\Firefox\Profiles\p6tll1fk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2010/09/24 13:53:05 | 000,000,000 | ---D | M] (SwitchProxy Tool) -- C:\Documents and Settings\ksmith\Application Data\Mozilla\Firefox\Profiles\p6tll1fk.default\extensions\{27A2FD41-CB23-4518-AB5C-C25BAFFDE531}
    [2010/09/24 13:53:05 | 000,000,000 | ---D | M] (Flashblock) -- C:\Documents and Settings\ksmith\Application Data\Mozilla\Firefox\Profiles\p6tll1fk.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
    [2010/09/24 13:53:05 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Documents and Settings\ksmith\Application Data\Mozilla\Firefox\Profiles\p6tll1fk.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
    [2010/09/24 13:53:04 | 000,000,000 | ---D | M] (Woot Watcher) -- C:\Documents and Settings\ksmith\Application Data\Mozilla\Firefox\Profiles\p6tll1fk.default\extensions\{a92aadf8-193f-4a62-8740-5cce81775afc}
    [2010/09/24 13:53:03 | 000,000,000 | ---D | M] (wmlbrowser) -- C:\Documents and Settings\ksmith\Application Data\Mozilla\Firefox\Profiles\p6tll1fk.default\extensions\{c4dc572a-3295-40eb-b30f-b54aa4cdc4b7}
    [2011/01/05 17:05:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2010/05/22 10:03:08 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
    [2011/01/04 11:31:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    [2011/01/05 12:08:03 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG9\FIREFOX
    [2010/03/11 08:23:30 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
    [2000/06/05 16:47:00 | 000,032,768 | ---- | M] (Internet Pictures Corp.) -- C:\Program Files\Mozilla Firefox\plugins\AppSub32.dll
    [2009/11/19 13:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
    [2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
    [2000/06/05 16:48:00 | 000,098,304 | ---- | M] (Internet Pictures Corp.) -- C:\Program Files\Mozilla Firefox\plugins\NpIpx32.dll
    [2009/11/19 13:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll

    O1 HOSTS File: ([2011/01/04 19:05:38 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll (TechSmith Corporation)
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
    O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll (TechSmith Corporation)
    O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
    O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [DkAutoReg.exe] C:\Program Files\GeoTrust\GeoTrust Token\iKey 2000 Series Software\dkAutoReg.exe (Datakey, Inc.)
    O4 - HKLM..\Run: [DkStartup] C:\Program Files\GeoTrust\GeoTrust Token\iKey 2000 Series Software\DkStartup.exe (Datakey, Inc.)
    O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
    O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
    O4 - HKLM..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe (Knowles Acoustics)
    O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
    O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
    O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
    O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [SecureUpgrade] C:\Program Files\Wave Systems Corp\SecureUpgrade.exe (Wave Systems Corp.)
    O4 - HKLM..\Run: [UltraMon] C:\Program Files\UltraMon\UltraMon.exe (Realtime Soft)
    O4 - HKLM..\Run: [VaCtrl] C:\Program Files\VoiceAge\Common\VaCtrl.exe (VoiceAge Corporation)
    O4 - HKLM..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe (Wave Systems Corp.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
    O4 - Startup: C:\Documents and Settings\ksmith\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\ksmith\Application Data\Dropbox\bin\Dropbox.exe ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab (Office Genuine Advantage Validation Tool)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1261861118671 (WUWebControl Class)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1274492011630 (MUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
    O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.120.120.1
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
    O20 - Winlogon\Notify\DkWLNP: DllName - DkWLNP.dll - C:\WINDOWS\System32\DkWLNP.dll (Datakey, Inc.)
    O20 - Winlogon\Notify\gemsafe: DllName - C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll - C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll (Gemplus)
    O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
    O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
    O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
    O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2004/08/11 14:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/01/05 17:28:12 | 000,000,000 | ---D | C] -- C:\_OTL
    [2011/01/05 15:48:25 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2011/01/05 12:08:42 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
    [2011/01/05 12:08:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 9.0
    [2011/01/05 12:08:41 | 000,243,024 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
    [2011/01/05 12:08:41 | 000,052,872 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
    [2011/01/05 12:08:34 | 000,216,400 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
    [2011/01/05 12:08:32 | 000,029,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
    [2011/01/05 12:08:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
    [2011/01/05 12:08:19 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\ksmith\Desktop\OTL.exe
    [2011/01/04 18:53:56 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2011/01/04 18:51:23 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2011/01/04 18:51:23 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2011/01/04 18:51:23 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2011/01/04 18:51:23 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2011/01/04 18:51:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2011/01/04 18:50:50 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/01/04 15:58:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox
    [2011/01/04 15:51:25 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\ksmith\IECompatCache
    [2011/01/04 11:31:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
    [2011/01/03 13:45:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
    [2011/01/03 13:45:30 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
    [2011/01/03 13:45:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    [2010/12/29 17:52:13 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
    [2010/12/29 17:28:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
    [2010/12/29 16:08:54 | 001,345,624 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\ksmith\Desktop\TDSSKiller.exe
    [2010/12/29 12:09:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ksmith\Application Data\Malwarebytes
    [2010/12/29 12:09:45 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/12/29 12:09:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2010/12/29 12:09:42 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010/12/29 12:09:42 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2010/12/29 11:56:33 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\ksmith\Recent
    [2010/12/28 17:10:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
    [2010/12/28 13:24:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
    [2010/12/28 13:24:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
    [2010/12/28 11:57:45 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
    [2010/12/28 11:49:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ksmith\Local Settings\Application Data\Sunbelt Software
    [2010/12/28 11:48:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
    [2010/12/27 16:58:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
    [2010/12/27 16:58:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe

    ========== Files - Modified Within 30 Days ==========

    [2011/01/05 17:38:44 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\ksmith\Local Settings\Application Data\prvlcl.dat
    [2011/01/05 17:36:14 | 069,780,522 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
    [2011/01/05 17:31:59 | 000,000,496 | ---- | M] () -- C:\WINDOWS\smscfg.ini
    [2011/01/05 17:31:15 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2011/01/05 17:30:50 | 000,214,078 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
    [2011/01/05 17:30:49 | 000,254,278 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
    [2011/01/05 17:30:43 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\ksmith\Local Settings\Application Data\WavXMapDrive.bat
    [2011/01/05 17:30:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2011/01/05 17:30:07 | 2145,349,632 | -HS- | M] () -- C:\hiberfil.sys
    [2011/01/05 12:08:42 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
    [2011/01/05 12:08:42 | 000,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 9.0.lnk
    [2011/01/05 12:08:41 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
    [2011/01/05 12:08:41 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
    [2011/01/05 12:08:34 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
    [2011/01/05 12:08:32 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
    [2011/01/05 12:08:32 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
    [2011/01/05 12:07:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ksmith\Desktop\OTL.exe
    [2011/01/04 19:05:38 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2011/01/04 18:54:06 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2011/01/04 18:09:57 | 004,013,176 | R--- | M] () -- C:\Documents and Settings\ksmith\Desktop\ComboFix.exe
    [2011/01/04 18:09:13 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\ksmith\Desktop\MBRCheck.exe
    [2011/01/04 15:58:15 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\ksmith\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2011/01/04 15:58:15 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
    [2011/01/04 15:48:04 | 000,009,060 | ---- | M] () -- C:\Documents and Settings\ksmith\My Documents\password-export-2011-01-04.xml
    [2011/01/04 15:47:26 | 000,036,451 | ---- | M] () -- C:\Documents and Settings\ksmith\My Documents\bookmarks.html
    [2011/01/03 13:45:36 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\ksmith\Desktop\Spybot - Search & Destroy.lnk
    [2010/12/29 17:28:09 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2010/12/29 12:49:41 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\ksmith\My Documents\TicketFight.doc
    [2010/12/29 12:09:46 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/12/29 11:04:31 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\ksmith\My Documents\~$cketFight.doc
    [2010/12/28 11:57:45 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
    [2010/12/27 18:57:21 | 000,000,211 | ---- | M] () -- C:\Boot.bak
    [2010/12/22 16:49:08 | 000,042,496 | ---- | M] () -- C:\Documents and Settings\ksmith\My Documents\KevinSmithTimeSheet_12_24.xls
    [2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010/12/16 17:29:26 | 000,044,000 | ---- | M] () -- C:\Documents and Settings\ksmith\My Documents\cc_20101216_172921.reg
    [2010/12/16 10:23:53 | 000,515,898 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2010/12/16 10:23:53 | 000,098,616 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2010/12/16 10:22:24 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\ksmith\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
    [2010/12/16 10:18:37 | 000,138,056 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2010/12/16 09:47:52 | 001,345,624 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\ksmith\Desktop\TDSSKiller.exe
    [2010/12/10 17:55:29 | 000,043,008 | ---- | M] () -- C:\Documents and Settings\ksmith\My Documents\KevinSmithTimeSheet_12_09.xls
    [2010/12/08 12:00:56 | 002,610,642 | ---- | M] () -- C:\Documents and Settings\ksmith\My Documents\RemoteNotificationsPG.pdf
     
  15. Kevin562

    Kevin562 TS Rookie Topic Starter

    Part 2 OTL Scan:


    ========== Files Created - No Company Name ==========

    [2011/01/05 15:45:33 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\ksmith\Local Settings\Application Data\prvlcl.dat
    [2011/01/05 12:08:42 | 000,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 9.0.lnk
    [2011/01/05 12:08:31 | 000,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
    [2011/01/05 12:08:21 | 069,780,522 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
    [2011/01/04 18:54:06 | 000,000,211 | ---- | C] () -- C:\Boot.bak
    [2011/01/04 18:54:04 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2011/01/04 18:51:23 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2011/01/04 18:51:23 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2011/01/04 18:51:23 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2011/01/04 18:51:23 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2011/01/04 18:51:23 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2011/01/04 18:45:04 | 000,000,075 | ---- | C] () -- C:\Documents and Settings\ksmith\AVG License.txt
    [2011/01/04 18:09:55 | 004,013,176 | R--- | C] () -- C:\Documents and Settings\ksmith\Desktop\ComboFix.exe
    [2011/01/04 18:09:31 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\ksmith\Desktop\MBRCheck.exe
    [2011/01/04 15:58:15 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\ksmith\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2011/01/04 15:58:15 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
    [2011/01/04 15:48:04 | 000,009,060 | ---- | C] () -- C:\Documents and Settings\ksmith\My Documents\password-export-2011-01-04.xml
    [2011/01/04 15:47:26 | 000,036,451 | ---- | C] () -- C:\Documents and Settings\ksmith\My Documents\bookmarks.html
    [2011/01/04 11:10:50 | 2145,349,632 | -HS- | C] () -- C:\hiberfil.sys
    [2011/01/03 13:45:36 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\ksmith\Desktop\Spybot - Search & Destroy.lnk
    [2010/12/29 12:09:46 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/12/29 11:04:31 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\ksmith\My Documents\~$cketFight.doc
    [2010/12/22 16:49:08 | 000,042,496 | ---- | C] () -- C:\Documents and Settings\ksmith\My Documents\KevinSmithTimeSheet_12_24.xls
    [2010/12/16 17:29:23 | 000,044,000 | ---- | C] () -- C:\Documents and Settings\ksmith\My Documents\cc_20101216_172921.reg
    [2010/12/10 17:55:29 | 000,043,008 | ---- | C] () -- C:\Documents and Settings\ksmith\My Documents\KevinSmithTimeSheet_12_09.xls
    [2010/12/08 12:00:56 | 002,610,642 | ---- | C] () -- C:\Documents and Settings\ksmith\My Documents\RemoteNotificationsPG.pdf
    [2010/09/24 09:53:53 | 000,002,865 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
    [2010/08/25 10:25:02 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\DetectDxQT.dll
    [2010/08/25 10:24:57 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
    [2010/03/10 12:21:49 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
    [2010/03/10 12:21:49 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
    [2010/03/10 12:21:48 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
    [2010/03/10 12:21:47 | 001,503,232 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
    [2010/01/28 18:01:03 | 000,000,124 | ---- | C] () -- C:\WINDOWS\netdet.ini
    [2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
    [2009/08/03 00:21:54 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
    [2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
    [2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
    [2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
    [2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
    [2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
    [2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
    [2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
    [2009/08/03 00:21:52 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
    [2009/08/03 00:21:52 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
    [2009/01/30 12:28:57 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll
    [2009/01/30 12:28:56 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
    [2009/01/30 12:28:52 | 000,030,740 | ---- | C] () -- C:\WINDOWS\System32\bcfxob.dll
    [2009/01/30 12:28:52 | 000,028,264 | ---- | C] () -- C:\WINDOWS\System32\bcfxoa.dll
    [2009/01/30 12:28:52 | 000,006,272 | ---- | C] () -- C:\WINDOWS\System32\bcfxmr.dll
    [2009/01/30 12:27:34 | 000,300,168 | ---- | C] () -- C:\WINDOWS\System32\WTPDADB.dll
    [2009/01/30 12:27:34 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\N4INST.dll
    [2008/12/13 17:26:54 | 000,000,040 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
    [2008/11/21 13:47:52 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
    [2008/11/21 13:44:16 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
    [2008/11/19 15:30:09 | 000,716,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
    [2008/09/01 10:46:47 | 000,033,792 | ---- | C] () -- C:\WINDOWS\System32\drivers\libusb0.sys
    [2008/07/16 09:46:05 | 000,001,349 | ---- | C] () -- C:\WINDOWS\System32\DkConfig.ini
    [2008/06/04 13:13:36 | 000,000,230 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
    [2008/06/04 11:25:14 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2008/06/04 11:13:26 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\ksmith\Local Settings\Application Data\WavXMapDrive.bat
    [2008/05/31 03:26:51 | 000,000,496 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2008/05/31 03:13:15 | 000,080,368 | ---- | C] () -- C:\WINDOWS\System32\pbadrvdll.dll
    [2008/05/31 03:10:40 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\bioapi_mds300.dll
    [2008/05/31 03:10:40 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\bioapi100.dll
    [2008/05/31 02:42:39 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
    [2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
    [2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
    [2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
    [2007/09/13 11:42:30 | 000,499,712 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ru.dll
    [2007/09/13 11:42:30 | 000,471,040 | ---- | C] () -- C:\WINDOWS\System32\AmRes_pt-BR.dll
    [2007/09/13 11:42:28 | 000,487,424 | ---- | C] () -- C:\WINDOWS\System32\AmRes_it.dll
    [2007/09/13 11:42:28 | 000,487,424 | ---- | C] () -- C:\WINDOWS\System32\AmRes_fr.dll
    [2007/09/13 11:42:28 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ko.dll
    [2007/09/13 11:42:28 | 000,458,752 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ja.dll
    [2007/09/13 11:42:26 | 000,487,424 | ---- | C] () -- C:\WINDOWS\System32\AmRes_es.dll
    [2007/09/13 11:42:26 | 000,487,424 | ---- | C] () -- C:\WINDOWS\System32\AmRes_de.dll
    [2007/09/13 11:42:26 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\AmRes_en.dll
    [2007/09/13 11:42:26 | 000,434,176 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHT.dll
    [2007/09/13 11:36:24 | 000,438,272 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHS.dll
    [2007/09/12 12:05:08 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_pt.dll
    [2007/09/12 12:04:46 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHT.dll
    [2007/09/12 12:04:26 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ko.dll
    [2007/09/12 12:04:06 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_es.dll
    [2007/09/12 12:03:44 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ru.dll
    [2007/09/12 12:03:24 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ja.dll
    [2007/09/12 12:03:04 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_it.dll
    [2007/09/12 12:02:44 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_de.dll
    [2007/09/12 12:02:22 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_fr.dll
    [2007/09/12 12:02:02 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHS.dll
    [2007/09/10 06:53:26 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\wxvault.dll
    [2007/06/15 07:19:20 | 000,835,584 | ---- | C] () -- C:\WINDOWS\System32\DemoLicense.dll
    [2006/08/14 08:02:10 | 000,072,192 | ---- | C] () -- C:\WINDOWS\System32\xltZlib.dll
    [2006/06/12 05:01:16 | 000,348,160 | ---- | C] () -- C:\WINDOWS\tsp.dll
    [2005/08/02 13:24:01 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
    [2005/03/18 12:55:48 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\dkcktknmsg.dll
    [2005/03/18 12:50:26 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\dklogmsg.dll
    [2004/09/10 10:34:00 | 000,917,504 | ---- | C] () -- C:\WINDOWS\System32\lmgr10.dll
    [2004/09/10 10:34:00 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ADsSecurity.dll
    [2004/08/11 14:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
    [2004/08/11 14:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
    [2004/08/11 14:07:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

    ========== LOP Check ==========

    [2011/01/05 12:08:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
    [2010/05/21 17:32:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\My Movies
    [2008/05/31 03:10:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NTRU Cryptosystems
    [2010/02/17 21:41:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
    [2008/12/13 17:27:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
    [2008/06/04 14:51:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
    [2010/01/06 18:33:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2009/02/03 09:41:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
    [2008/05/31 03:17:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wave Systems Corp
    [2011/01/05 17:33:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ksmith\Application Data\Dropbox
    [2010/09/27 17:25:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ksmith\Application Data\Helios
    [2010/09/24 14:20:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ksmith\Application Data\SSH
    [2010/09/24 10:07:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ksmith\Application Data\Subversion
    [2010/09/24 12:12:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ksmith\Application Data\Trillian
    [2008/05/31 03:16:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ksmith\Application Data\Wave Systems Corp
    [2010/09/24 10:07:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ksmith\Application Data\Windows Desktop Search
    [2010/09/24 13:49:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ksmith\Application Data\Windows Search

    ========== Purity Check ==========



    < End of report >
     
  16. Kevin562

    Kevin562 TS Rookie Topic Starter

    Security Check Logs:

    Results of screen317's Security Check version 0.99.7
    Windows XP Service Pack 3
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    AVG 9.0
    Antivirus up to date!
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    CCleaner
    Sony Ericsson SDK 2.5.0.3 (build 1143) for the Java(TM) ME Platform
    YourKit Java Profiler 6.0.16
    Java(TM) 6 Update 23
    Java(TM) 6 Update 5
    Java(TM) 6 Update 6
    Java(TM) SE Development Kit 6 Update 6
    Sprint Wireless Toolkit 3.3.2 - Powered by Sun Java Technology
    Java DB 10.3.1.4
    Sun Java (TM) Wireless Toolkit 2.5.2 for CLDC
    DJ Java Decompiler v.3.10.10.93
    Out of date Java installed!
    Adobe Flash Player 10.1.102.64
    Adobe Reader 8.2.5
    Out of date Adobe Reader installed!
    Mozilla Firefox (3.6.13)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    AVG avgwdsvc.exe
    AVG avgtray.exe
    AVG avgrsx.exe
    AVG avgnsx.exe
    AVG avgemc.exe
    ``````````End of Log````````````
     
  17. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Uninstall:
    Java(TM) 6 Update 5
    Java(TM) 6 Update 6


    Unless you're Java developer, uninstall also:
    DJ Java Decompiler v.3.10.10.93
    Sun Java (TM) Wireless Toolkit 2.5.2 for CLDC
    Java DB 10.3.1.4
    Sprint Wireless Toolkit 3.3.2 - Powered by Sun Java Technology
    Java(TM) SE Development Kit 6 Update 6
    YourKit Java Profiler 6.0.16
    Sony Ericsson SDK 2.5.0.3 (build 1143) for the Java(TM) ME Platform


    ========================================================================

    Update Adobe Reader

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions.
    Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

    Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
    It's a much smaller file to download and uses a lot less resources than Adobe Reader.
    Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or other garbage.
    On this page:

    [​IMG]

    make sure, you have both boxes UN-checked AND (important!) click on Decline button
     
  18. Kevin562

    Kevin562 TS Rookie Topic Starter

    So it looks like the eset scan came up clean. I updated adobe and uninstalled the java packs. I am indeed a java developer so I need to keep those other programs. Is this the finish line? Thanks again for all your help.
     
  19. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. Run defrag at your convenience.

    11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    12. Please, let me know, how your computer is doing.
     
  20. Kevin562

    Kevin562 TS Rookie Topic Starter

    Hi Broni,
    I have attached the final log you requested. I again thank you for all your help. So far my computer is running much better. I have not received a redirect since our first scan and the Generic Host error messages are gone as well. You truly are the Malware Annihilator. Thank you.

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: administrator.MFORMA
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes

    User: ksmith
    ->Temp folder emptied: 63133 bytes
    ->Temporary Internet Files folder emptied: 5210189 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 3754034 bytes
    ->Flash cache emptied: 405 bytes

    User: ksmith.MFORMA
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: KSMITH~1~MFO

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Temp folder emptied: 16384 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: TEMP

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 483 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 9.00 mb


    [EMPTYFLASH]

    User: Administrator

    User: administrator.MFORMA

    User: All Users

    User: Default User

    User: ksmith
    ->Flash cache emptied: 0 bytes

    User: ksmith.MFORMA
    ->Flash cache emptied: 0 bytes

    User: KSMITH~1~MFO

    User: LocalService
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Flash cache emptied: 0 bytes

    User: TEMP

    Total Flash Files Cleaned = 0.00 mb

    Restore points cleared and new OTL Restore Point set!

    OTL by OldTimer - Version 3.2.20.1 log created on 01062011_112457

    Files\Folders moved on Reboot...
    C:\Documents and Settings\ksmith\Local Settings\Temp\ExchangePerflog_8484fa31ce6b867ccfcccd43.dat moved successfully.
    File\Folder C:\Documents and Settings\ksmith\Local Settings\Temp\~DF5FC.tmp not found!
    File\Folder C:\Documents and Settings\ksmith\Local Settings\Temp\~DFAEC.tmp not found!
    File\Folder C:\Documents and Settings\ksmith\Local Settings\Temporary Internet Files\Content.Word\~WRS0000.tmp not found!
    File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_720.dat not found!
    File\Folder C:\WINDOWS\temp\2cfba842-c3be-4385-81b9-fd1b3016a232.tmp not found!

    Registry entries deleted on Reboot...
     
  21. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Yes!! [​IMG]
    Good luck and stay safe :)
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...