TechSpot

Trojan found by Kaspersky... Dead black screen between sessions?

By RaceFace
Feb 20, 2011
  1. Hi, first I'd like to say thanks for any assistance b/c this stuff can get intimidating... I haven't had any viral, malware, or any other problems in quite some time, however my Kaspersky Internet Security recently found a trojan...

    As mentioned in the title, I've also been periodically experiencing a dead black screen upon returning to my computer, which I leave running most of the time. There are 2 users (accounts) on my system, and instead of logging out each time, a lot of times I just lock my account so that it stays on the welcome/login screen. Recently though, if left for a night or 2, I come back and can't get anything to respond and ultimately have to reset.

    I'm not sure if the trojan and the black screen are even related, but if you feel I should post that elsewhere then please advise ; )

    Thanks again, and here's my logs:

    P.S. I started the 8 steps 1 day and didn't have time to finish by the time I made it through running malwarebytes... So anyway, I basically repeated steps 1 through 3 all over again, but I did want to point out that Malwarebytes did find something the first time, therefore I posted both logs for that one!


    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 5803

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    2/18/2011 6:22:18 PM
    mbam-log-2011-02-18 (18-22-18).txt

    Scan type: Quick scan
    Objects scanned: 163890
    Time elapsed: 3 minute(s), 51 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 1
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 1

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CURRENT_USER\SOFTWARE\Videosoft (Trojan.DNSChanger) -> Quarantined and deleted successfully.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\documents and settings\Kenny\favorites\free porn - stefi on the road from watch4beauty.url (Rogue.Link) -> Quarantined and deleted successfully.



    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 5813

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    2/19/2011 3:44:58 PM
    mbam-log-2011-02-19 (15-44-58).txt

    Scan type: Quick scan
    Objects scanned: 164348
    Time elapsed: 5 minute(s), 4 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit scan 2011-02-19 21:11:12
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-19 ST3320620AS rev.3.AAK
    Running: o212feij.exe; Driver: C:\DOCUME~1\Kenny\LOCALS~1\Temp\agkdipod.sys


    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0xB5C925FA]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwClose [0xB5C92EFE]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwConnectPort [0xB5C93D32]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateEvent [0xB5C9427C]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateFile [0xB5C931DA]
    SSDT B5D41B4E ZwCreateKey
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateMutant [0xB5C94162]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateNamedPipeFile [0xB5C921E8]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreatePort [0xB5C94036]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSection [0xB5C92390]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSemaphore [0xB5C9439C]
    SSDT B5D41B44 ZwCreateThread
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateWaitablePort [0xB5C940CC]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDebugActiveProcess [0xB5C95A84]
    SSDT B5D41B53 ZwDeleteKey
    SSDT B5D41B5D ZwDeleteValueKey
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeviceIoControlFile [0xB5C9365C]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDuplicateObject [0xB5C96C90]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateKey [0xB5C91F74]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateValueKey [0xB5C9200C]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwFsControlFile [0xB5C9346A]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadDriver [0xB5C95B76]
    SSDT B5D41B62 ZwLoadKey
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadKey2 [0xB5C91458]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwMapViewOfSection [0xB5C962DE]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwNotifyChangeKey [0xB5C92138]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenEvent [0xB5C94312]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenFile [0xB5C92F80]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenKey [0xB5C9162A]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenMutant [0xB5C941F2]
    SSDT B5D41B30 ZwOpenProcess
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenSection [0xB5C96078]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenSemaphore [0xB5C94432]
    SSDT B5D41B35 ZwOpenThread
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryKey [0xB5C920A4]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryMultipleValueKey [0xB5C91CDC]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQuerySection [0xB5C96618]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryValueKey [0xB5C91906]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueueApcThread [0xB5C95F0A]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRenameKey [0xB5C91B96]
    SSDT B5D41B6C ZwReplaceKey
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplyPort [0xB5C94796]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0xB5C9465C]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRequestWaitReplyPort [0xB5C9581E]
    SSDT B5D41B67 ZwRestoreKey
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwResumeThread [0xB5C96B32]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSaveKey [0xB5C90E18]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSecureConnectPort [0xB5C93A78]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetContextThread [0xB5C92DA2]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetInformationToken [0xB5C950BE]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetSecurityObject [0xB5C95D14]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetSystemInformation [0xB5C96768]
    SSDT B5D41B58 ZwSetValueKey
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSuspendProcess [0xB5C9685A]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSuspendThread [0xB5C96994]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSystemDebugControl [0xB5C959A8]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwTerminateProcess [0xB5C929D2]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwTerminateThread [0xB5C92932]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwUnmapViewOfSection [0xB5C964BC]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0xB5C92ABC]

    Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) FsRtlCheckLockForReadAccess
    Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) IoIsOperationSynchronous

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!FsRtlCheckLockForReadAccess 804EAF84 5 Bytes JMP B5C84FEC \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)
    .text ntkrnlpa.exe!IoIsOperationSynchronous 804EF912 5 Bytes JMP B5C853C8 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)
    .text ntkrnlpa.exe!ZwCallbackReturn + 2D68 80504604 12 Bytes [76, 5B, C9, B5, 62, 1B, D4, ...]
    .text ntkrnlpa.exe!ZwCallbackReturn + 2EE4 80504780 16 Bytes [96, 1B, C9, B5, 6C, 1B, D4, ...]
    .text ntkrnlpa.exe!ZwCallbackReturn + 2FD8 80504874 12 Bytes [5A, 68, C9, B5, 94, 69, C9, ...]
    .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB847C360, 0x32E00D, 0xE8000020]
    init C:\WINDOWS\System32\drivers\FNETURPX.SYS entry point in "init" section [0xBA634380]

    ---- Kernel IAT/EAT - GMER 1.0.15 ----

    IAT \SystemRoot\system32\DRIVERS\tcpip.sys[TDI.SYS!TdiRegisterDeviceObject] [B9AC7D50] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
    IAT \SystemRoot\system32\DRIVERS\netbt.sys[TDI.SYS!TdiRegisterDeviceObject] [B9AC7D50] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\Tcpip \Device\Ip kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
    AttachedDevice \Driver\Tcpip \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
    AttachedDevice \Driver\Tcpip \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
    AttachedDevice \Driver\Tcpip \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    ---- Registry - GMER 1.0.15 ----

    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D1C5FA3E-EAE9-C33D-45E1-157AFF0B4FC5}
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D1C5FA3E-EAE9-C33D-45E1-157AFF0B4FC5}@iakdnjhcgpmdfmdabj 0x6A 0x61 0x62 0x68 ...
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D1C5FA3E-EAE9-C33D-45E1-157AFF0B4FC5}@haecdncfcdhgaplc 0x6A 0x61 0x62 0x68 ...

    ---- EOF - GMER 1.0.15 ----




    DDS (Ver_10-12-12.02) - NTFSx86
    Run by Kenny at 13:03:14.90 on Sun 02/20/2011
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_10
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2681 [GMT -5:00]

    AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
    AV: Kaspersky Internet Security *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
    FW: Kaspersky Internet Security *Disabled*

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    svchost.exe
    C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\WINDOWS\system32\ZuneBusEnum.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\Rundll32.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Program Files\Microsoft IntelliType Pro\itype.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Zune\ZuneLauncher.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    C:\WINDOWS\system32\wscntfy.exe
    C:\Documents and Settings\Kenny\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.comcast.net/
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\program files\flashget\jccatch.dll
    BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
    BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2011\ievkbd.dll
    BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
    BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2011\klwtbbho.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: FlashGet GetFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - c:\program files\flashget\getflash.dll
    TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
    TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
    TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [Google Update] "c:\documents and settings\kenny\local settings\application data\google\update\GoogleUpdate.exe" /c
    mRun: [UpdReg] c:\windows\UpdReg.EXE
    mRun: [P17Helper] Rundll32 P17.dll,P17Helper
    mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\Iaanotif.exe
    mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
    mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
    mRun: [DiskeeperSystray] "c:\program files\diskeeper corporation\diskeeper\DkIcon.exe"
    mRun: [CTSysVol] c:\program files\creative\sb live! 24-bit\surround mixer\CTSysVol.exe /r
    mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
    mRun: [TurboHddUsb] c:\program files\turbohddusb\TurboHddUsb.exe
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [nwiz] nwiz.exe /install
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2011\avp.exe"
    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
    StartupFolder: c:\docume~1\kenny\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\kenny\application data\dropbox\bin\Dropbox.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
    IE: &Download All with FlashGet - c:\program files\flashget\jc_all.htm
    IE: &Download with FlashGet - c:\program files\flashget\jc_link.htm
    IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
    IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
    IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
    IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
    IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
    IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
    IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\program files\flashget\FlashGet.exe
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
    IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2011\klwtbbho.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2011\klwtbbho.dll
    Trusted Zone: aol.com\free
    DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
    DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab
    DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} - hxxp://www.creative.com/su/ocx/15026/CTSUEng.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
    DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
    DPF: {38AB0814-B09B-4378-9940-14A19638C3C2} - hxxp://www.auctiva.com/Aurigma/ImageUploader57.cab
    DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www1.snapfish.com/SnapfishActivia.cab
    DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
    DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
    DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1254183932078
    DPF: {6F750202-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} - hxxp://web1.shutterfly.com/downloads/Uploader.cab
    DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
    DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
    DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} - hxxp://www.auctiva.com/hostedimages/activex/xupload/XUpload.ocx
    DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/su/ocx/15029/CTPID.cab
    Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
    Notify: klogon - c:\windows\system32\klogon.dll
    Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
    AppInit_DLLs: c:\progra~1\kasper~1\kasper~2\mzvkbd3.dll, c:\progra~1\kasper~1\kasper~2\kloehk.dll c:\progra~1\google\google~2\GOEC62~1.DLL
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
    Hosts: 127.0.0.1 www.spywareinfo.com

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\kenny\applic~1\mozilla\firefox\profiles\4p0ztbns.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.comcast.net
    FF - component: c:\documents and settings\kenny\application data\mozilla\firefox\profiles\4p0ztbns.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
    FF - component: c:\program files\mozilla firefox\extensions\kavantibanner@kaspersky.ru\components\abhelperxpcom.dll
    FF - component: c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\kavlinkfilter.dll
    FF - component: c:\program files\siber systems\ai roboform\firefox\components\rfproxy_31.dll
    FF - plugin: c:\documents and settings\kenny\application data\move networks\plugins\npqmp071706000001.dll
    FF - plugin: c:\documents and settings\kenny\application data\mozilla\firefox\profiles\4p0ztbns.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
    FF - plugin: c:\documents and settings\kenny\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\documents and settings\kenny\local settings\application data\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
    FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
    FF - Ext: Anti-Banner: KavAntiBanner@Kaspersky.ru - c:\program files\mozilla firefox\extensions\KavAntiBanner@Kaspersky.ru
    FF - Ext: Kaspersky URL Advisor: linkfilter@kaspersky.ru - c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    FF - Ext: AnyColor: anycolor.pavlos256@gmail.com - %profile%\extensions\anycolor.pavlos256@gmail.com
    FF - Ext: Cooliris: piclens@cooliris.com - %profile%\extensions\piclens@cooliris.com
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: SearchPreview: {EF522540-89F5-46b9-B6FE-1829E2B572C6} - %profile%\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}
    FF - Ext: Bazzacuda Image Saver Plus: {FF2FA6A4-B3B1-11DD-B910-6C9A55D89593} - %profile%\extensions\{FF2FA6A4-B3B1-11DD-B910-6C9A55D89593}
    FF - Ext: Image Toolbar: {A4732521-77D9-447E-A557-B279AC923F06} - %profile%\extensions\{A4732521-77D9-447E-A557-B279AC923F06}
    FF - Ext: feedly: feedly@devhd - %profile%\extensions\feedly@devhd
    FF - Ext: Myibay Firefox extension: firefox1@myibay.com - %profile%\extensions\firefox1@myibay.com
    FF - Ext: Speed Dial: {64161300-e22b-11db-8314-0800200c9a66} - %profile%\extensions\{64161300-e22b-11db-8314-0800200c9a66}
    FF - Ext: SortPlaces: sortplaces@andyhalford.com - %profile%\extensions\sortplaces@andyhalford.com
    FF - Ext: New Tab King: {FC5BAC7D-D696-4ba6-B913-CF8F000C33DF} - %profile%\extensions\{FC5BAC7D-D696-4ba6-B913-CF8F000C33DF}
    FF - Ext: FastestFox: smarterwiki@wikiatic.com - %profile%\extensions\smarterwiki@wikiatic.com
    FF - Ext: 1-Click YouTube Video Downloader: YoutubeDownloader@PeterOlayev.com - %profile%\extensions\YoutubeDownloader@PeterOlayev.com
    FF - Ext: QuickFox Notes: amin.eft_bmnotes@gmail.com - %profile%\extensions\amin.eft_bmnotes@gmail.com
    FF - Ext: PopupMaster: {35106bca-6c78-48c7-ac28-56df30b51d2d} - %profile%\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2d}
    FF - Ext: Yet Another Smooth Scrolling: yetanothersmoothscrolling@kataho - %profile%\extensions\yetanothersmoothscrolling@kataho
    FF - Ext: The Camelizer: izer@camelcamelcamel.com - %profile%\extensions\izer@camelcamelcamel.com
    FF - Ext: TinEye Reverse Image Search: tineye@ideeinc.com - %profile%\extensions\tineye@ideeinc.com
    FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\kenny\application data\Move Networks
    FF - Ext: AI Roboform Toolbar for Firefox: {22119944-ED35-4ab1-910B-E619EA06A115} - c:\program files\siber systems\ai roboform\Firefox

    ============= SERVICES / DRIVERS ===============

    R0 kl1;kl1;c:\windows\system32\drivers\kl1.sys [2010-6-9 132184]
    R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-2-18 11608]
    R1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [2009-8-18 7040]
    R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2010-6-9 11352]
    R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2009-5-19 475736]
    R2 aawservice;Ad-Aware 2007 Service;c:\program files\lavasoft\ad-aware 2007\aawservice.exe [2007-8-27 566616]
    R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\adobe\photoshop elements 7.0\PhotoshopElementsFileAgent.exe [2008-9-16 169312]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-2-18 135336]
    R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-2-18 267944]
    R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-2-18 61960]
    R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2008-12-21 3712]
    R2 MotoConnect Service;MotoConnect Service;c:\program files\motorola\motoconnectservice\MotoConnectService.exe [2009-11-6 91392]
    R3 FNETTBOH;FNETTBOH;c:\windows\system32\drivers\FNETTBOH.SYS [2009-8-18 17792]
    R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-4-30 32856]
    R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-11-2 19472]
    S2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky internet security 2011\avp.exe -r --> c:\program files\kaspersky lab\kaspersky internet security 2011\avp.exe -r [?]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-10-6 136176]
    S3 androidusb;ADB Interface Driver;c:\windows\system32\drivers\motoandroid.sys [2009-11-6 25856]
    S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-8-5 30192]
    S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2010-3-7 42752]
    S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-8-2 32512]

    =============== Created Last 30 ================

    2011-02-18 21:15:26 -------- d-----w- c:\docume~1\kenny\applic~1\Malwarebytes
    2011-02-18 21:15:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-02-18 21:15:19 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
    2011-02-18 21:15:14 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-02-18 21:15:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-02-18 18:57:38 -------- d-----w- c:\docume~1\kenny\applic~1\Avira
    2011-02-18 18:52:58 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2011-02-18 18:52:58 -------- d-----w- c:\program files\Avira
    2011-02-18 18:52:58 -------- d-----w- c:\docume~1\alluse~1\applic~1\Avira
    2011-01-30 17:33:53 109240 ----a-w- c:\program files\mozilla firefox\extensions\kavantibanner@kaspersky.ru\components\abhelperxpcom.dll
    2011-01-30 17:33:51 150200 ----a-w- c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\kavlinkfilter.dll

    ==================== Find3M ====================

    2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
    2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
    2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys
    2010-12-22 12:34:28 301568 ----a-w- c:\windows\system32\kerberos.dll
    2010-12-20 23:59:20 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-12-20 23:59:19 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-12-20 23:59:19 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2010-12-20 17:26:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
    2010-12-20 12:55:26 385024 ----a-w- c:\windows\system32\html.iec
    2010-12-09 15:15:09 718336 ----a-w- c:\windows\system32\ntdll.dll
    2010-12-09 14:30:22 33280 ----a-w- c:\windows\system32\csrsrv.dll
    2010-12-09 13:42:26 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
    2010-12-09 13:07:07 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2010-11-29 22:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2010-11-29 22:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2005-07-14 18:31:20 27648 --sha-w- c:\windows\system32\AVSredirect.dll

    =================== ROOTKIT ====================

    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 5.1.2600 Disk: ST3320620AS rev.3.AAK -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP5T0L0-3a

    device: opened successfully
    user: MBR read successfully

    Disk trace:
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
    1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8B19CAB8]
    3 CLASSPNP[0xBA108FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\00000077[0x8B23B9E8]
    5 ACPI[0xB9A5D620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Ide\IdeDeviceP2T0L0-19[0x8B19DB00]
    kernel: MBR read successfully
    _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
    user != kernel MBR !!!
    sectors 625142446 (+255): user != kernel

    ============= FINISH: 13:04:00.39 ===============
     
  2. RaceFace

    RaceFace TS Rookie Topic Starter

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-12-12.02)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 4/28/2007 9:56:29 AM
    System Uptime: 2/20/2011 6:24:35 AM (7 hours ago)

    Motherboard: Intel Corporation | | DG965WH
    Processor: Intel(R) Core(TM)2 CPU 6600 @ 2.40GHz | LGA 775 | 2397/266mhz

    ==== Disk Partitions =========================

    A: is Removable
    C: is FIXED (NTFS) - 98 GiB total, 38.545 GiB free.
    D: is FIXED (NTFS) - 200 GiB total, 41.08 GiB free.
    E: is FIXED (NTFS) - 298 GiB total, 37.898 GiB free.
    F: is CDROM ()
    G: is CDROM ()
    H: is Removable
    I: is CDROM ()
    K: is FIXED (NTFS) - 932 GiB total, 140.514 GiB free.
    X: is FIXED (NTFS) - 977 GiB total, 78.089 GiB free.
    Y: is FIXED (NTFS) - 421 GiB total, 48.315 GiB free.

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP1446: 1/17/2011 8:29:28 PM - System Checkpoint
    RP1447: 1/18/2011 8:33:17 PM - System Checkpoint
    RP1448: 1/19/2011 8:34:14 PM - System Checkpoint
    RP1449: 1/20/2011 8:55:18 PM - System Checkpoint
    RP1450: 1/21/2011 9:33:23 PM - System Checkpoint
    RP1451: 1/22/2011 9:45:23 PM - System Checkpoint
    RP1452: 1/23/2011 10:45:23 PM - System Checkpoint
    RP1453: 1/24/2011 10:46:53 PM - System Checkpoint
    RP1454: 1/25/2011 11:41:05 PM - System Checkpoint
    RP1455: 1/26/2011 11:45:23 PM - System Checkpoint
    RP1456: 1/28/2011 12:45:25 AM - System Checkpoint
    RP1457: 1/29/2011 1:52:32 AM - System Checkpoint
    RP1458: 1/30/2011 2:37:51 AM - System Checkpoint
    RP1459: 1/30/2011 12:30:00 PM - Installed Kaspersky Internet Security 2011.
    RP1460: 1/31/2011 12:55:02 PM - System Checkpoint
    RP1461: 2/1/2011 12:56:36 PM - System Checkpoint
    RP1462: 2/2/2011 1:00:04 PM - System Checkpoint
    RP1463: 2/3/2011 1:56:03 PM - System Checkpoint
    RP1464: 2/4/2011 1:56:36 PM - System Checkpoint
    RP1465: 2/5/2011 2:57:06 PM - System Checkpoint
    RP1466: 2/6/2011 3:19:31 PM - System Checkpoint
    RP1467: 2/7/2011 10:45:43 PM - System Checkpoint
    RP1468: 2/8/2011 11:24:16 PM - System Checkpoint
    RP1469: 2/10/2011 12:06:24 AM - System Checkpoint
    RP1470: 2/10/2011 3:00:17 AM - Software Distribution Service 3.0
    RP1471: 2/11/2011 3:13:38 AM - System Checkpoint
    RP1472: 2/12/2011 4:13:37 AM - System Checkpoint
    RP1473: 2/13/2011 4:42:59 AM - System Checkpoint
    RP1474: 2/14/2011 5:36:31 AM - System Checkpoint
    RP1475: 2/15/2011 6:36:32 AM - System Checkpoint
    RP1476: 2/16/2011 8:26:30 AM - System Checkpoint
    RP1477: 2/17/2011 9:06:05 AM - System Checkpoint
    RP1478: 2/18/2011 10:56:11 AM - System Checkpoint
    RP1479: 2/19/2011 11:40:24 AM - System Checkpoint
    RP1480: 2/20/2011 12:29:34 PM - System Checkpoint

    ==== Installed Programs ======================

    µTorrent
    1300
    1300_Help
    1300Tour
    1300Trb
    Ad-Aware 2007
    Adobe Acrobat 5.0
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Photoshop Elements 7.0
    Adobe Photoshop.com Inspiration Browser
    Adobe Reader 8.2.5
    AI RoboForm
    AiO_Scan
    AIOMinimal
    AiOSoftware
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ASUS nVidia Driver
    AVIConverter 3.0
    Avira AntiVir Personal - Free Antivirus
    AVS Update Manager 1.0
    AVS Video Converter 6
    AVS4YOU Software Navigator 1.3
    Bink and Smacker
    BitTorrent 5.0.7
    Bonjour
    CCleaner
    CDDRV_Installer
    Coby Media Manager
    Compatibility Pack for the 2007 Office system
    Conduit Engine
    ConvertXtoDVD 3.0.0.1
    Creative CD Burner Drive Update
    Creative EAX Console
    Creative Jukebox Driver
    Creative MediaSource
    Creative MediaSource 5
    Creative Speaker Settings
    Creative System Information
    Critical Update for Windows Media Player 11 (KB959772)
    Cucusoft DVD to Zune + Zune Video Converter Suite 7.7.7.6
    DAZzle
    Device Control
    Diskeeper Home Edition
    DivX Setup
    DR Systems Web Ambassador
    Dropbox
    DVD Decrypter (Remove Only)
    DVD Shrink 3.2
    DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.2.5.0
    DVDFab 6.0.1.0 (May 15, 2009)
    DVDFab Decrypter 3.0.9.6
    DVDFab Platinum 3.1.2.6
    Fax
    FlashGet 1.9.6.1073
    Free WMA to MP3 Converter 1.16
    Google Chrome
    Google Desktop
    Google Earth
    Google Earth Plug-in
    Google Update Helper
    Handbrake 0.9.4
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB932716-v2)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    HP PSC & OfficeJet 3.5
    Image Resizer Powertoy for Windows XP
    ImgBurn
    Intel(R) Management Engine Interface
    Intel(R) Matrix Storage Manager
    Intel(R) PRO Network Connections
    InterVideo MediaOne Gallery
    InterVideo WinDVD
    iTunes
    Java(TM) 6 Update 10
    Kaspersky Internet Security 2011
    KhalInstallWrapper
    KODAK EASYSHARE Gallery Upload ActiveX Control
    LightScribe System Software 1.10.27.1
    LimeWire 5.5.8
    Logitech SetPoint
    Magic ISO Maker v5.5 (build 0273)
    Malwarebytes' Anti-Malware
    MediaMonkey 3.2
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft IntelliType Pro 6.1
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    Microsoft National Language Support Downlevel APIs
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Professional 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft Software Update for Web Folders (English) 12
    Microsoft User-Mode Driver Framework Feature Pack 1.9
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft WinUsb 1.0
    Microsoft XML Parser
    MotoConnect
    Motorola Driver Installation 4.5.0
    Move Media Player
    Mozilla Firefox (3.6.13)
    MSXML 4.0 SP2 (KB925672)
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    MSXML 6.0 Parser (KB933579)
    Nero 7 Essentials
    neroxml
    NOMAD_MuVo_NX
    NVIDIA Drivers
    NVIDIA PhysX v8.09.04
    OGA Notifier 2.0.0048.0
    Overland
    PhotoshopdotcomInspirationBrowser
    Picasa 2
    PrintScreen
    QuickTime
    Readme
    Replay AV 8
    Sansa Media Converter
    Scan
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2289158)
    Security Update for 2007 Microsoft Office System (KB2344875)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Excel 2007 (KB2345035)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB982158)
    Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
    Security Update for Microsoft Office Publisher 2007 (KB2284697)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Security Update for Windows Internet Explorer 7 (KB928090)
    Security Update for Windows Internet Explorer 7 (KB929969)
    Security Update for Windows Internet Explorer 7 (KB931768)
    Security Update for Windows Internet Explorer 7 (KB933566)
    Security Update for Windows Internet Explorer 7 (KB937143)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB939653)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB2482017)
    Security Update for Windows Internet Explorer 8 (KB969897)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB972260)
    Security Update for Windows Internet Explorer 8 (KB974455)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Encoder (KB2447961)
    Security Update for Windows Media Encoder (KB954156)
    Security Update for Windows Media Encoder (KB979332)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows Media Player 9 (KB917734)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Slice Uninstall
    Smart WAV Converter Pro
    Sound Blaster Live! 24-bit
    SpywareBlaster v3.5.1
    Stamp Uninstall
    stream_ON
    Tag&Rename 3.5.6
    Turbo Lister 2
    TurboHddUsb
    Ulead DVD DiskRecorder 2.1.1
    Ulead DVD MovieFactory 5 Plus
    Ulead Pocket DV Show
    Ulead VideoStudio 9.0 SE DVD
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office Outlook 2007 (KB2412171)
    Update for Outlook 2007 Junk Email Filter (KB2492475)
    Update for Windows Internet Explorer 8 (KB971180)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB976749)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    VC80CRTRedist - 8.0.50727.4053
    Videora Android Converter 5.03
    VoiceOver Kit
    Vuze
    Vuze Remote Toolbar
    WebFldrs XP
    Winamp
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Live installer
    Windows Live Messenger
    Windows Live OneCare safety scanner
    Windows Live Sign-in Assistant
    Windows Media Encoder 9 Series
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows XP Service Pack 3
    WinPcap 3.1
    WinRAR archiver
    Xvid 1.1.3 final uninstall
    Yahoo! BrowserPlus 2.9.8
    YouTube Downloader App 2.03
    Zune
    Zune Language Pack (ES)
    Zune Language Pack (FR)

    ==== Event Viewer Messages From Past Week ========

    2/19/2011 7:05:54 PM, error: atapi [9] - The device, \Device\Ide\IdePort2, did not respond within the timeout period.
    2/18/2011 3:53:56 PM, error: Service Control Manager [7034] - The Ulead Burning Helper service terminated unexpectedly. It has done this 1 time(s).
    2/18/2011 3:53:56 PM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
    2/18/2011 3:53:56 PM, error: Service Control Manager [7034] - The NMIndexingService service terminated unexpectedly. It has done this 1 time(s).
    2/18/2011 3:53:56 PM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
    2/18/2011 3:53:56 PM, error: Service Control Manager [7031] - The Zune Bus Enumerator service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
    2/18/2011 3:53:56 PM, error: Service Control Manager [7031] - The MotoConnect Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 6000 milliseconds: Restart the service.
    2/18/2011 3:53:55 PM, error: Service Control Manager [7034] - The LightScribeService Direct Disc Labeling Service service terminated unexpectedly. It has done this 1 time(s).
    2/18/2011 3:53:55 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
    2/18/2011 3:53:55 PM, error: Service Control Manager [7034] - The Intel(R) Matrix Storage Event Monitor service terminated unexpectedly. It has done this 1 time(s).
    2/18/2011 3:53:55 PM, error: Service Control Manager [7034] - The Diskeeper service terminated unexpectedly. It has done this 1 time(s).
    2/18/2011 3:53:55 PM, error: Service Control Manager [7034] - The Creative Service for CDROM Access service terminated unexpectedly. It has done this 1 time(s).
    2/18/2011 3:53:55 PM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
    2/18/2011 3:53:55 PM, error: Service Control Manager [7034] - The Adobe Active File Monitor V7 service terminated unexpectedly. It has done this 1 time(s).
    2/18/2011 3:53:55 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    2/18/2011 3:53:55 PM, error: Service Control Manager [7031] - The Ad-Aware 2007 Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
    2/18/2011 10:10:08 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: iaStor

    ==== End Of File ===========================
     
  3. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =======================================================================

    You're running two AV programs, Avira and Kaspersky.
    One of them has to go.
    Your choice.

    Now...

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  4. RaceFace

    RaceFace TS Rookie Topic Starter

    Thanks Broni! I just uninstalled Avira... Here's the log:


    2011/02/20 22:25:47.0046 5096 TDSS rootkit removing tool 2.4.17.0 Feb 10 2011 11:07:20
    2011/02/20 22:25:47.0265 5096 ================================================================================
    2011/02/20 22:25:47.0265 5096 SystemInfo:
    2011/02/20 22:25:47.0265 5096
    2011/02/20 22:25:47.0265 5096 OS Version: 5.1.2600 ServicePack: 3.0
    2011/02/20 22:25:47.0265 5096 Product type: Workstation
    2011/02/20 22:25:47.0265 5096 ComputerName: KEN-5E098FBB7AF
    2011/02/20 22:25:47.0265 5096 UserName: Kenny
    2011/02/20 22:25:47.0265 5096 Windows directory: C:\WINDOWS
    2011/02/20 22:25:47.0265 5096 System windows directory: C:\WINDOWS
    2011/02/20 22:25:47.0265 5096 Processor architecture: Intel x86
    2011/02/20 22:25:47.0265 5096 Number of processors: 2
    2011/02/20 22:25:47.0265 5096 Page size: 0x1000
    2011/02/20 22:25:47.0265 5096 Boot type: Normal boot
    2011/02/20 22:25:47.0265 5096 ================================================================================
    2011/02/20 22:25:47.0734 5096 Initialize success
    2011/02/20 22:25:53.0468 4424 ================================================================================
    2011/02/20 22:25:53.0468 4424 Scan started
    2011/02/20 22:25:53.0468 4424 Mode: Manual;
    2011/02/20 22:25:53.0468 4424 ================================================================================
    2011/02/20 22:25:54.0609 4424 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    2011/02/20 22:25:54.0640 4424 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    2011/02/20 22:25:54.0687 4424 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    2011/02/20 22:25:54.0718 4424 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
    2011/02/20 22:25:54.0812 4424 androidusb (0a43169e115b5e9346a4ba1effcb04cb) C:\WINDOWS\system32\Drivers\motoandroid.sys
    2011/02/20 22:25:54.0843 4424 APLMp50 (a9a22d7bad607cf7f698e32fb2983d2d) C:\WINDOWS\system32\Drivers\APLMp50.sys
    2011/02/20 22:25:54.0875 4424 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
    2011/02/20 22:25:54.0937 4424 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    2011/02/20 22:25:54.0968 4424 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    2011/02/20 22:25:55.0000 4424 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    2011/02/20 22:25:55.0031 4424 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    2011/02/20 22:25:55.0093 4424 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    2011/02/20 22:25:55.0140 4424 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    2011/02/20 22:25:55.0171 4424 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    2011/02/20 22:25:55.0187 4424 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    2011/02/20 22:25:55.0234 4424 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    2011/02/20 22:25:55.0328 4424 ctsfm2k (8db84de3aab34a8b4c2f644eff41cd76) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
    2011/02/20 22:25:55.0375 4424 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    2011/02/20 22:25:55.0406 4424 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    2011/02/20 22:25:55.0437 4424 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    2011/02/20 22:25:55.0453 4424 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    2011/02/20 22:25:55.0484 4424 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    2011/02/20 22:25:55.0515 4424 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    2011/02/20 22:25:55.0562 4424 e1express (00192f0c612591d585594e9467e6ca8b) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
    2011/02/20 22:25:55.0593 4424 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    2011/02/20 22:25:55.0625 4424 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
    2011/02/20 22:25:55.0656 4424 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    2011/02/20 22:25:55.0671 4424 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    2011/02/20 22:25:55.0718 4424 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    2011/02/20 22:25:55.0750 4424 FNETTBOH (b91c51d44558985ed0593fd5963d1866) C:\WINDOWS\system32\drivers\FNETTBOH.SYS
    2011/02/20 22:25:55.0781 4424 FNETURPX (0a79334fb069c6b38df7ad56a109ea01) C:\WINDOWS\system32\drivers\FNETURPX.SYS
    2011/02/20 22:25:55.0796 4424 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    2011/02/20 22:25:55.0812 4424 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    2011/02/20 22:25:55.0859 4424 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
    2011/02/20 22:25:55.0890 4424 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    2011/02/20 22:25:55.0921 4424 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    2011/02/20 22:25:55.0953 4424 HECI (19e26d0402e6d29e67fa74650187567e) C:\WINDOWS\system32\DRIVERS\HECI.sys
    2011/02/20 22:25:55.0984 4424 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    2011/02/20 22:25:56.0046 4424 HPZid412 (287a63bd8509bd78e7978823b38afa81) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
    2011/02/20 22:25:56.0062 4424 HPZipr12 (0b4fda2657c3e0315eaa57f9c6d4fd1f) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
    2011/02/20 22:25:56.0078 4424 HPZius12 (29559db25258b60510a60c4e470fce32) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
    2011/02/20 22:25:56.0109 4424 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    2011/02/20 22:25:56.0171 4424 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    2011/02/20 22:25:56.0203 4424 iaStor (294110966cedd127629c5be48367c8cf) C:\WINDOWS\system32\drivers\iaStor.sys
    2011/02/20 22:25:56.0234 4424 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    2011/02/20 22:25:56.0296 4424 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    2011/02/20 22:25:56.0312 4424 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    2011/02/20 22:25:56.0343 4424 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    2011/02/20 22:25:56.0375 4424 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    2011/02/20 22:25:56.0406 4424 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    2011/02/20 22:25:56.0437 4424 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    2011/02/20 22:25:56.0468 4424 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    2011/02/20 22:25:56.0500 4424 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    2011/02/20 22:25:56.0546 4424 Iviaspi (94a8c9436c36cd9657cfed0043066b9c) C:\WINDOWS\system32\drivers\iviaspi.sys
    2011/02/20 22:25:56.0578 4424 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    2011/02/20 22:25:56.0593 4424 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    2011/02/20 22:25:56.0609 4424 kl1 (94d67d49bd9503bb1d838405d80f2058) C:\WINDOWS\system32\drivers\kl1.sys
    2011/02/20 22:25:56.0640 4424 kl2 (713576569667ac9e0f8556076004a96b) C:\WINDOWS\system32\DRIVERS\kl2.sys
    2011/02/20 22:25:56.0656 4424 KLIF (44ec6b3dbe167c7fa818f9918d2cbf22) C:\WINDOWS\system32\DRIVERS\klif.sys
    2011/02/20 22:25:56.0703 4424 klim5 (8d6e11bfa9927978d25b1b8029554f07) C:\WINDOWS\system32\DRIVERS\klim5.sys
    2011/02/20 22:25:56.0734 4424 klmouflt (3959530f69e19da56f1f24f2c89f1e2c) C:\WINDOWS\system32\DRIVERS\klmouflt.sys
    2011/02/20 22:25:56.0750 4424 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    2011/02/20 22:25:56.0765 4424 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    2011/02/20 22:25:56.0796 4424 L8042Kbd (f3a17f3fd54ca73c0bcbcc3fe0c47e13) C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
    2011/02/20 22:25:56.0828 4424 L8042mou (dba4170da935937a9d8aca5b09df0845) C:\WINDOWS\system32\DRIVERS\L8042mou.Sys
    2011/02/20 22:25:56.0875 4424 LBeepKE (ac3b39817bfde9735f5654468dbf7d49) C:\WINDOWS\system32\Drivers\LBeepKE.sys
    2011/02/20 22:25:56.0953 4424 LHidFilt (24e0ddb99aeccf86bb37702611761459) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
    2011/02/20 22:25:56.0984 4424 LHidKe (dd40c03d85649205ec086722474c8a63) C:\WINDOWS\system32\DRIVERS\LHidKE.Sys
    2011/02/20 22:25:57.0015 4424 LMouFilt (d58b330d318361a66a9fe60d7c9b4951) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
    2011/02/20 22:25:57.0046 4424 LMouKE (2ebd4c02d259944869630a912ec86bce) C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
    2011/02/20 22:25:57.0078 4424 LUsbFilt (d42aa9f3baf17b2e7b0135c741f0be36) C:\WINDOWS\system32\Drivers\LUsbFilt.Sys
    2011/02/20 22:25:57.0109 4424 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    2011/02/20 22:25:57.0140 4424 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    2011/02/20 22:25:57.0171 4424 MotDev (e190ed75bcc7928143f8f2af4c34d91d) C:\WINDOWS\system32\DRIVERS\motodrv.sys
    2011/02/20 22:25:57.0218 4424 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    2011/02/20 22:25:57.0265 4424 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    2011/02/20 22:25:57.0281 4424 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    2011/02/20 22:25:57.0359 4424 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    2011/02/20 22:25:57.0406 4424 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    2011/02/20 22:25:57.0421 4424 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    2011/02/20 22:25:57.0453 4424 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    2011/02/20 22:25:57.0468 4424 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    2011/02/20 22:25:57.0484 4424 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    2011/02/20 22:25:57.0531 4424 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    2011/02/20 22:25:57.0546 4424 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
    2011/02/20 22:25:57.0562 4424 MXOPSWD (216ac775320f64de28cfeb7c179c4ff9) C:\WINDOWS\system32\DRIVERS\mxopswd.sys
    2011/02/20 22:25:57.0593 4424 NAL (16ea7d22102b952621ef4d4f87e3463b) C:\WINDOWS\system32\Drivers\iqvw32.sys
    2011/02/20 22:25:57.0640 4424 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    2011/02/20 22:25:57.0656 4424 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    2011/02/20 22:25:57.0671 4424 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    2011/02/20 22:25:57.0687 4424 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    2011/02/20 22:25:57.0718 4424 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    2011/02/20 22:25:57.0750 4424 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    2011/02/20 22:25:57.0781 4424 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    2011/02/20 22:25:57.0812 4424 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
    2011/02/20 22:25:57.0843 4424 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
    2011/02/20 22:25:57.0875 4424 NPF (d21fee8db254ba762656878168ac1db6) C:\WINDOWS\system32\drivers\npf.sys
    2011/02/20 22:25:57.0890 4424 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    2011/02/20 22:25:57.0906 4424 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    2011/02/20 22:25:57.0937 4424 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    2011/02/20 22:25:58.0109 4424 nv (83780f3a86d2804912f22f6e37cd2254) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    2011/02/20 22:25:58.0281 4424 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    2011/02/20 22:25:58.0296 4424 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    2011/02/20 22:25:58.0312 4424 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
    2011/02/20 22:25:58.0343 4424 ossrv (103a9b117a7d9903111955cdafe65ac6) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
    2011/02/20 22:25:58.0390 4424 P17 (1db419cb76493f6292ccfbdc3466f5ff) C:\WINDOWS\system32\drivers\P17.sys
    2011/02/20 22:25:58.0453 4424 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
    2011/02/20 22:25:58.0468 4424 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    2011/02/20 22:25:58.0484 4424 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    2011/02/20 22:25:58.0515 4424 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    2011/02/20 22:25:58.0531 4424 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    2011/02/20 22:25:58.0562 4424 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
    2011/02/20 22:25:58.0578 4424 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
    2011/02/20 22:25:58.0671 4424 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    2011/02/20 22:25:58.0687 4424 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    2011/02/20 22:25:58.0718 4424 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    2011/02/20 22:25:58.0734 4424 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    2011/02/20 22:25:58.0875 4424 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    2011/02/20 22:25:58.0890 4424 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    2011/02/20 22:25:58.0906 4424 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    2011/02/20 22:25:58.0921 4424 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    2011/02/20 22:25:58.0953 4424 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    2011/02/20 22:25:58.0968 4424 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    2011/02/20 22:25:58.0984 4424 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    2011/02/20 22:25:59.0015 4424 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
    2011/02/20 22:25:59.0046 4424 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    2011/02/20 22:25:59.0078 4424 sbp2port (b244960e5a1db8e9d5d17086de37c1e4) C:\WINDOWS\system32\DRIVERS\sbp2port.sys
    2011/02/20 22:25:59.0125 4424 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    2011/02/20 22:25:59.0156 4424 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    2011/02/20 22:25:59.0171 4424 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
    2011/02/20 22:25:59.0187 4424 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    2011/02/20 22:25:59.0218 4424 sfng32 (5fe18fff6fbcf218290042009eab023d) C:\WINDOWS\system32\drivers\sfng32.sys
    2011/02/20 22:25:59.0281 4424 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    2011/02/20 22:25:59.0328 4424 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    2011/02/20 22:25:59.0359 4424 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
    2011/02/20 22:25:59.0390 4424 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    2011/02/20 22:25:59.0421 4424 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    2011/02/20 22:25:59.0500 4424 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    2011/02/20 22:25:59.0546 4424 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    2011/02/20 22:25:59.0562 4424 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    2011/02/20 22:25:59.0625 4424 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    2011/02/20 22:25:59.0687 4424 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    2011/02/20 22:25:59.0734 4424 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    2011/02/20 22:25:59.0765 4424 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    2011/02/20 22:25:59.0796 4424 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
    2011/02/20 22:25:59.0828 4424 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    2011/02/20 22:25:59.0843 4424 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    2011/02/20 22:25:59.0875 4424 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    2011/02/20 22:25:59.0890 4424 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    2011/02/20 22:25:59.0906 4424 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    2011/02/20 22:25:59.0921 4424 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    2011/02/20 22:25:59.0937 4424 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    2011/02/20 22:25:59.0953 4424 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    2011/02/20 22:25:59.0984 4424 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    2011/02/20 22:26:00.0015 4424 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    2011/02/20 22:26:00.0062 4424 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
    2011/02/20 22:26:00.0093 4424 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    2011/02/20 22:26:00.0140 4424 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys
    2011/02/20 22:26:00.0171 4424 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
    2011/02/20 22:26:00.0218 4424 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
    2011/02/20 22:26:00.0250 4424 WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    2011/02/20 22:26:00.0281 4424 WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    2011/02/20 22:26:00.0375 4424 zumbus (9b2c9d322e3fbb1814d7c17a980c1286) C:\WINDOWS\system32\DRIVERS\zumbus.sys
    2011/02/20 22:26:00.0656 4424 ================================================================================
    2011/02/20 22:26:00.0656 4424 Scan finished
    2011/02/20 22:26:00.0656 4424 ================================================================================
     
  5. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    That looks good.

    [​IMG] Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.

    =========================================================================

    [​IMG] Please download Rootkit Unhooker from one of the following links and save it to your desktop.
    In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

    • Double-click on RKUnhookerLE.exe to start the program.
      Vista/Windows 7 users right-click and select Run As Administrator.
    • Click the Report tab, then click Scan.
    • Check Drivers, Stealth, and uncheck the rest.
    • Click OK.
    • Wait until it's finished and then go to File > Save Report.
    • Save the report to your Desktop.
    • Copy and paste the contents of the report into your next reply.
    -- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".
     
  6. RaceFace

    RaceFace TS Rookie Topic Starter

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows XP Professional
    Windows Information: Service Pack 3 (build 2600)
    Logical Drives Mask: 0x018005fd

    Kernel Drivers (total 141):
    0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
    0x806E5000 \WINDOWS\system32\hal.dll
    0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
    0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
    0xB9A85000 kl1.sys
    0xB9A57000 ACPI.sys
    0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
    0xB9A46000 pci.sys
    0xBA0A8000 isapnp.sys
    0xBA0B8000 ohci1394.sys
    0xBA0C8000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
    0xBA670000 pciide.sys
    0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    0xBA0D8000 MountMgr.sys
    0xB9A27000 ftdisk.sys
    0xBA5AC000 dmload.sys
    0xB9A01000 dmio.sys
    0xBA330000 PartMgr.sys
    0xBA0E8000 VolSnap.sys
    0xB99E9000 atapi.sys
    0xBA0F8000 disk.sys
    0xBA108000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    0xB9912000 fltmgr.sys
    0xB9900000 sr.sys
    0xBA118000 PxHelp20.sys
    0xB98E9000 KSecDD.sys
    0xB98D2000 WudfPf.sys
    0xB9845000 Ntfs.sys
    0xB9818000 NDIS.sys
    0xB97FE000 Mup.sys
    0xB903A000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0xB8A20000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
    0xB8A0C000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    0xB902A000 \SystemRoot\system32\DRIVERS\HECI.sys
    0xB89D3000 \SystemRoot\system32\DRIVERS\e1e5132.sys
    0xBA3A0000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0xB89AF000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0xBA3A8000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0xB901A000 \SystemRoot\system32\DRIVERS\imapi.sys
    0xBA548000 \SystemRoot\system32\drivers\iviaspi.sys
    0xB900A000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0xB8FFA000 \SystemRoot\system32\DRIVERS\redbook.sys
    0xB898C000 \SystemRoot\system32\DRIVERS\ks.sys
    0xBA3B0000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    0xB8838000 \SystemRoot\system32\drivers\P17.sys
    0xB8814000 \SystemRoot\system32\drivers\portcls.sys
    0xBA1E8000 \SystemRoot\system32\drivers\drmk.sys
    0xB87E4000 \SystemRoot\system32\DRIVERS\ctoss2k.sys
    0xB87BE000 \SystemRoot\system32\DRIVERS\ctsfm2k.sys
    0xBA1F8000 \SystemRoot\system32\DRIVERS\nic1394.sys
    0xBA3B8000 \SystemRoot\system32\DRIVERS\fdc.sys
    0xB87AA000 \SystemRoot\system32\DRIVERS\parport.sys
    0xBA208000 \SystemRoot\system32\DRIVERS\serial.sys
    0xBA558000 \SystemRoot\system32\DRIVERS\serenum.sys
    0xBA218000 \SystemRoot\system32\DRIVERS\klim5.sys
    0xBA755000 \SystemRoot\system32\DRIVERS\audstub.sys
    0xBA228000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0xB937E000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0xB8793000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0xBA238000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0xBA248000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0xBA3C0000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0xB8782000 \SystemRoot\system32\DRIVERS\psched.sys
    0xBA258000 \SystemRoot\system32\DRIVERS\msgpc.sys
    0xBA3C8000 \SystemRoot\system32\DRIVERS\ptilink.sys
    0xBA3D0000 \SystemRoot\system32\DRIVERS\raspti.sys
    0xBA268000 \SystemRoot\System32\Drivers\pcouffin.sys
    0xB8752000 \SystemRoot\system32\DRIVERS\rdpdr.sys
    0xBA278000 \SystemRoot\system32\DRIVERS\termdd.sys
    0xBA3D8000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0xBA3E0000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0xBA5E8000 \SystemRoot\system32\DRIVERS\swenum.sys
    0xB86F4000 \SystemRoot\system32\DRIVERS\update.sys
    0xB936A000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0xBA288000 \SystemRoot\system32\DRIVERS\zumbus.sys
    0xBA298000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS
    0xB8683000 \SystemRoot\system32\DRIVERS\Wdf01000.sys
    0xBA2B8000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0xBA2C8000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0xBA5EC000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0xBA3E8000 \SystemRoot\system32\DRIVERS\flpydisk.sys
    0xB645C000 \SystemRoot\system32\DRIVERS\klif.sys
    0xBA3F0000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0xBA5F0000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0xBA6B8000 \SystemRoot\System32\Drivers\Null.SYS
    0xBA5F2000 \SystemRoot\System32\Drivers\Beep.SYS
    0xBA5F4000 \SystemRoot\System32\drivers\FNETURPX.SYS
    0xBA408000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0xBA410000 \SystemRoot\System32\drivers\vga.sys
    0xBA5F6000 \SystemRoot\System32\Drivers\mnmdd.SYS
    0xBA5F8000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0xBA418000 \SystemRoot\System32\Drivers\Msfs.SYS
    0xBA420000 \SystemRoot\System32\Drivers\Npfs.SYS
    0xBA5A4000 \SystemRoot\system32\DRIVERS\rasacd.sys
    0xBA428000 \SystemRoot\system32\DRIVERS\kl2.sys
    0xB97C9000 \SystemRoot\system32\DRIVERS\usbscan.sys
    0xBA430000 \SystemRoot\system32\DRIVERS\usbprint.sys
    0xBA438000 \SystemRoot\system32\DRIVERS\HPZius12.sys
    0xBA440000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    0xB61A5000 \SystemRoot\system32\DRIVERS\ipsec.sys
    0xB614C000 \SystemRoot\system32\DRIVERS\tcpip.sys
    0xB6124000 \SystemRoot\system32\DRIVERS\netbt.sys
    0xB60FE000 \SystemRoot\system32\DRIVERS\ipnat.sys
    0xB6547000 \SystemRoot\System32\drivers\ws2ifsl.sys
    0xB60DC000 \SystemRoot\System32\drivers\afd.sys
    0xBA308000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0xBA318000 \SystemRoot\system32\DRIVERS\netbios.sys
    0xB6011000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0xBA128000 \SystemRoot\system32\DRIVERS\arp1394.sys
    0xB5F79000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0xBA148000 \SystemRoot\System32\Drivers\Fips.SYS
    0xBA158000 \SystemRoot\system32\DRIVERS\HPZid412.sys
    0xB6533000 \SystemRoot\system32\DRIVERS\HPZipr12.sys
    0xBA450000 \SystemRoot\System32\drivers\FNETTBOH.SYS
    0xB652F000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0xBA168000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0xBA460000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys
    0xB652B000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0xBA468000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys
    0xBA178000 \SystemRoot\system32\DRIVERS\klmouflt.sys
    0xB6523000 \SystemRoot\system32\DRIVERS\kbdhid.sys
    0xB907A000 \SystemRoot\System32\Drivers\Cdfs.SYS
    0xB5684000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0xBA666000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
    0xBF800000 \SystemRoot\System32\win32k.sys
    0xB64FB000 \SystemRoot\System32\drivers\Dxapi.sys
    0xBA390000 \SystemRoot\System32\watchdog.sys
    0xBF000000 \SystemRoot\System32\drivers\dxg.sys
    0xBA739000 \SystemRoot\System32\drivers\dxgthk.sys
    0xBF012000 \SystemRoot\System32\nv4_disp.dll
    0xBF5DA000 \SystemRoot\System32\ATMFD.DLL
    0xA685B000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0xA65E2000 \SystemRoot\system32\DRIVERS\mrxdav.sys
    0xA65A5000 \SystemRoot\system32\drivers\wdmaud.sys
    0xA6877000 \SystemRoot\system32\drivers\sysaudio.sys
    0xBA656000 \SystemRoot\System32\Drivers\ParVdm.SYS
    0xBA6E4000 \SystemRoot\System32\Drivers\LBeepKE.sys
    0xA5DC7000 \SystemRoot\system32\DRIVERS\srv.sys
    0xA4B20000 \SystemRoot\System32\Drivers\HTTP.sys
    0xBA478000 \??\C:\DOCUME~1\Kenny\LOCALS~1\Temp\mbr.sys
    0x7C900000 \WINDOWS\system32\ntdll.dll

    Processes (total 50):
    0 System Idle Process
    4 System
    1204 C:\WINDOWS\system32\smss.exe
    1260 csrss.exe
    1284 C:\WINDOWS\system32\winlogon.exe
    1332 C:\WINDOWS\system32\services.exe
    1344 C:\WINDOWS\system32\lsass.exe
    1540 C:\WINDOWS\system32\svchost.exe
    1640 svchost.exe
    1768 C:\WINDOWS\system32\svchost.exe
    1816 C:\WINDOWS\system32\svchost.exe
    244 svchost.exe
    292 C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    428 C:\WINDOWS\system32\spoolsv.exe
    564 svchost.exe
    112 C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
    1696 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    1964 C:\Program Files\Bonjour\mDNSResponder.exe
    236 C:\WINDOWS\system32\CTSVCCDA.EXE
    616 C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    2184 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    2248 C:\Program Files\Java\jre6\bin\jqs.exe
    2320 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    2596 C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
    3120 C:\WINDOWS\system32\nvsvc32.exe
    3240 C:\WINDOWS\system32\svchost.exe
    3316 C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    3400 C:\WINDOWS\system32\MsPMSPSv.exe
    3512 C:\WINDOWS\system32\ZuneBusEnum.exe
    2224 C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    2464 C:\Program Files\iPod\bin\iPodService.exe
    2928 alg.exe
    4232 C:\WINDOWS\explorer.exe
    1152 C:\WINDOWS\system32\rundll32.exe
    5376 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    2404 C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    4316 C:\Program Files\Microsoft IntelliType Pro\itype.exe
    568 C:\Program Files\Java\jre6\bin\jusched.exe
    4188 C:\Program Files\Zune\ZuneLauncher.exe
    1708 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    5280 C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
    928 C:\Program Files\iTunes\iTunesHelper.exe
    6128 C:\WINDOWS\system32\ctfmon.exe
    2780 C:\Program Files\Logitech\SetPoint\SetPoint.exe
    1680 C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
    4368 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
    1764 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
    1896 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtblfs.exe
    6080 C:\WINDOWS\system32\wuauclt.exe
    5336 C:\Documents and Settings\Kenny\Desktop\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
    \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000018`69e61600 (NTFS)
    \\.\E: --> \\.\PhysicalDrive1 at offset 0x00000000`007e0000 (NTFS)
    \\.\K: --> \\.\PhysicalDrive4 at offset 0x00000000`00007e00 (NTFS)
    \\.\X: --> \\.\PhysicalDrive2 at offset 0x00000000`00007e00 (NTFS)
    \\.\Y: --> \\.\PhysicalDrive2 at offset 0x000000f4`23f2f400 (NTFS)

    PhysicalDrive0 Model Number: ST3320620AS, Rev: 3.AAK
    PhysicalDrive1 Model Number: ST3320620AS, Rev: 3.AAK
    PhysicalDrive4 Model Number: HitachiHDT721010SLA360, Rev:
    PhysicalDrive2 Model Number: ST31500341AS, Rev: SD17

    Size Device Name MBR Status
    --------------------------------------------
    298 GB \\.\PhysicalDrive0 Windows XP MBR code detected
    SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
    298 GB \\.\PhysicalDrive1 Unknown MBR code
    SHA1: 639AC5CDF8A5CF3245975932C6A4215450A7B98F
    931 GB \\.\PhysicalDrive4 RE: Windows XP MBR code detected
    SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
    1397 GB \\.\PhysicalDrive2 Windows XP MBR code detected
    SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


    Found non-standard or infected MBR.
    Enter 'Y' and hit ENTER for more options, or 'N' to exit:

    Done!




    RkU Version: 3.8.388.590, Type LE (SR2)
    ==============================================
    OS Name: Windows XP
    Version 5.1.2600 (Service Pack 3)
    Number of processors #2
    ==============================================
    >Drivers
    ==============================================
    0xB8A20000 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 6135808 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 178.24 )
    0xBF012000 C:\WINDOWS\System32\nv4_disp.dll 6062080 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 178.24 )
    0xB9A85000 kl1.sys 5382144 bytes (Kaspersky Lab ZAO, Kaspersky Unified Driver)
    0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2154496 bytes (Microsoft Corporation, NT Kernel & System)
    0x804D7000 PnpManager 2154496 bytes
    0x804D7000 RAW 2154496 bytes
    0x804D7000 WMIxWDM 2154496 bytes
    0xBF800000 Win32k 1855488 bytes
    0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
    0xB8838000 C:\WINDOWS\system32\drivers\P17.sys 1392640 bytes (Creative Technology Ltd., WDM Audio Miniport)
    0xB9845000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
    0xB645C000 C:\WINDOWS\system32\DRIVERS\klif.sys 520192 bytes (Kaspersky Lab, Klif Mini-Filter [fre_wnet_x86])
    0xB8683000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
    0xB5F79000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
    0xB86F4000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
    0xB614C000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
    0xA5DC7000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
    0xBF5DA000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
    0xA4B20000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
    0xB89D3000 C:\WINDOWS\system32\DRIVERS\e1e5132.sys 233472 bytes (Intel Corporation, Intel(R) PRO/1000 Adapter NDIS 5.2 deserialized driver)
    0xB87E4000 C:\WINDOWS\system32\DRIVERS\ctoss2k.sys 196608 bytes (Creative Technology Ltd., Creative OS Services Driver (WDM))
    0xB8752000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
    0xB9A57000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
    0xA65E2000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
    0xB9818000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
    0x9C7AE000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
    0xB6011000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
    0xB6124000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
    0xB87BE000 C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys 155648 bytes (Creative Technology Ltd, SoundFont(R) Manager (WDM))
    0xB9A01000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
    0xB60FE000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
    0xB8814000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
    0xB89AF000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
    0xB898C000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
    0xB60DC000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
    0x806E5000 ACPI_HAL 134400 bytes
    0x806E5000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
    0xB9912000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
    0xB9A27000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
    0xB97FE000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
    0xB99E9000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
    0xB5684000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
    0xB98E9000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
    0xB8793000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
    0xB98D2000 WudfPf.sys 94208 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
    0xA65A5000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
    0xB87AA000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
    0xB8A0C000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
    0xB61A5000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
    0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
    0xB9900000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
    0xB9A46000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
    0xB8782000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
    0xB907A000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
    0xB900A000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
    0xBA1F8000 C:\WINDOWS\system32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
    0xBA0B8000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
    0xBA208000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
    0xBA128000 C:\WINDOWS\system32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
    0xBA1E8000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
    0xB8FFA000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
    0xA6877000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
    0xBA2C8000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
    0xBA0C8000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
    0xBA298000 C:\WINDOWS\system32\DRIVERS\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
    0xBA108000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
    0xBA158000 C:\WINDOWS\system32\DRIVERS\HPZid412.sys 53248 bytes (HP, IEEE-1284.4-1999 Driver (Windows 2000))
    0xBA228000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
    0xBA0E8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
    0xBA268000 C:\WINDOWS\System32\Drivers\pcouffin.sys 49152 bytes (VSO Software, low level access layer for CD/DVD/BD devices)
    0xBA248000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
    0xBA148000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
    0xB902A000 C:\WINDOWS\system32\DRIVERS\HECI.sys 45056 bytes (Intel Corporation, Intel(R) Management Engine Interface)
    0xB901A000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
    0xBA0D8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
    0xBA238000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
    0xBA0A8000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
    0xBA218000 C:\WINDOWS\system32\DRIVERS\klim5.sys 40960 bytes (Kaspersky Lab ZAO, Kaspersky Lab Intermediate Network Driver)
    0xBA2B8000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
    0xBA118000 PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
    0xBA278000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
    0xBA288000 C:\WINDOWS\system32\DRIVERS\zumbus.sys 40960 bytes (Microsoft Corporation, Zune User-Mode Bus Enumerator)
    0xBA0F8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
    0xBA168000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
    0xB903A000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
    0xBA178000 C:\WINDOWS\system32\DRIVERS\klmouflt.sys 36864 bytes (Kaspersky Lab, KLMOUFLT Mouse Device Filter [fre_wnet_x86])
    0xBA258000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
    0xBA318000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
    0xA614F000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
    0xBA308000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
    0xBA468000 C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys 32768 bytes (Logitech, Inc., Logitech Mouse Filter Driver.)
    0xBA420000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
    0xBA3F0000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
    0xBA3A8000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
    0xBA3B8000 C:\WINDOWS\system32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
    0xBA408000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
    0xBA460000 C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys 28672 bytes (Logitech, Inc., Logitech HID Filter Driver.)
    0xBA478000 C:\DOCUME~1\Kenny\LOCALS~1\Temp\mbr.sys 28672 bytes
    0xBA328000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
    0xBA430000 C:\WINDOWS\system32\DRIVERS\usbprint.sys 28672 bytes (Microsoft Corporation, USB Printer driver)
    0xBA440000 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
    0xBA3B0000 C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
    0xBA438000 C:\WINDOWS\system32\DRIVERS\HPZius12.sys 24576 bytes (HP, 1284.4<->Usb Datalink Driver (Windows 2000))
    0xBA3D8000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
    0xBA428000 C:\WINDOWS\system32\DRIVERS\kl2.sys 24576 bytes (Kaspersky Lab ZAO, Kaspersky Unified Driver)
    0xBA3E0000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
    0xBA3A0000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
    0xBA410000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
    0xBA3E8000 C:\WINDOWS\system32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
    0xBA450000 C:\WINDOWS\System32\drivers\FNETTBOH.SYS 20480 bytes (FNet Co., Ltd., FNetTboH.sys)
    0xBA418000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
    0xBA330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
    0xBA3C8000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
    0xBA3D0000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
    0xBA3C0000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
    0xBA390000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
    0xB6533000 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys 16384 bytes (HP, IEEE-1284.4-1999 Print Class Driver)
    0xB6523000 C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID Mouse Filter Driver)
    0xB936A000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
    0xA685B000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
    0xBA558000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
    0xB97C9000 C:\WINDOWS\system32\DRIVERS\usbscan.sys 16384 bytes (Microsoft Corporation, USB Scanner Driver)
    0xBA4B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
    0xB64FB000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
    0xB652F000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
    0xBA548000 C:\WINDOWS\system32\drivers\iviaspi.sys 12288 bytes (InterVideo, Inc., InterVideo ASPI Shell)
    0xB652B000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
    0xB937E000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
    0xBA5A4000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
    0xB6547000 C:\WINDOWS\System32\drivers\ws2ifsl.sys 12288 bytes (Microsoft Corporation, Winsock2 IFS Layer)
    0xBA5F2000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
    0xBA5AC000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
    0xBA666000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
    0xBA5F4000 C:\WINDOWS\System32\drivers\FNETURPX.SYS 8192 bytes (FNet Co., Ltd., FNetUrPx.sys)
    0xBA5F0000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
    0xBA5A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
    0xBA5F6000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
    0xBA656000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
    0xBA5F8000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
    0xBA5E8000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
    0xBA5EC000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
    0xBA5AA000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
    0xBA755000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
    0xBA739000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
    0xBA6E4000 C:\WINDOWS\System32\Drivers\LBeepKE.sys 4096 bytes (Logitech, Inc., Logitech Consumer Control Filter Driver.)
    0xBA6B8000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
    0xBA670000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
    ==============================================
    >Stealth
    ==============================================
    0xB5E7A183 Unknown thread object [ ETHREAD 0x8A1AA8B8 ] , 600 bytes


    !!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)
     
  7. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  8. RaceFace

    RaceFace TS Rookie Topic Starter

    OK, so I attempted to run Combofix, but at about 5 minutes in, it restarted my PC. I noticed your notes about what to do if it refuses to run, but I wasn't sure if rebooting is considered the same or not? I chose the option to reboot normally and then came straight here to post before I proceed again....
     
  9. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Proceed with those steps, when Combofix doesn't want to run.
     
  10. RaceFace

    RaceFace TS Rookie Topic Starter

    OK, so I ran Combofix in safe mode... I stepped away for a few and when I returned I noticed it was rebooting again. I chose to boot in safe mode again, and then noticed Combofix running upon startup and it then proceeded to produce a report log. I then rebooted and it rebooted into a selective startup, as I learned b/c I could not get on the internet... I then restarted normally, and then came directly here to post the log:


    ComboFix 11-02-20.01 - Kenny 02/20/2011 23:59:04.2.2 - x86 MINIMAL
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2990 [GMT -5:00]
    Running from: c:\documents and settings\Kenny\Desktop\ComboFix.exe
    .
    PEV Error: LocalSettingsFile

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    ---- Previous Run -------
    .
    c:\documents and settings\Kenny\Application Data\inst.exe
    C:\Images
    c:\images\DirCfg.ini
    c:\images\Thumbs.db
    C:\Thumbs.db
    c:\windows\Downloaded Program Files\ODCTOOLS
    c:\windows\settings.reg
    c:\windows\system32\Data

    c:\windows\regedit.exe . . . is infected!!

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_USNJSVC
    -------\Service_usnjsvc
    -------\Legacy_USNJSVC


    ((((((((((((((((((((((((( Files Created from 2011-01-21 to 2011-02-21 )))))))))))))))))))))))))))))))
    .

    2011-02-18 21:15 . 2011-02-18 21:15 -------- d-----w- c:\documents and settings\Kenny\Application Data\Malwarebytes
    2011-02-18 21:15 . 2011-02-18 21:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2011-02-18 21:15 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-02-18 21:15 . 2011-02-18 21:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-02-18 21:15 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-01-30 17:33 . 2010-10-06 01:26 109240 ----a-w- c:\program files\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru\components\abhelperxpcom.dll
    2011-01-30 17:33 . 2010-10-06 01:27 150200 ----a-w- c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\kavlinkfilter.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-01-21 14:44 . 2004-08-04 12:00 439296 ----a-w- c:\windows\system32\shimgvw.dll
    2011-01-07 14:09 . 2004-08-04 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
    2010-12-31 13:10 . 2004-08-04 12:00 1854976 ----a-w- c:\windows\system32\win32k.sys
    2010-12-22 12:34 . 2004-08-04 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll
    2010-12-20 23:59 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-12-20 23:59 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-12-20 23:59 . 2004-08-04 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2010-12-20 17:26 . 2004-08-04 12:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
    2010-12-20 12:55 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
    2010-12-09 15:15 . 2004-08-04 12:00 718336 ----a-w- c:\windows\system32\ntdll.dll
    2010-12-09 14:30 . 2004-08-04 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
    2010-12-09 13:42 . 2004-08-04 12:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
    2010-12-09 13:07 . 2004-08-03 22:59 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2010-11-29 22:38 . 2010-11-29 22:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2010-11-29 22:38 . 2010-11-29 22:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2010-08-13 06:41 . 2008-08-30 04:16 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
    2005-07-14 18:31 27648 --sha-w- c:\windows\system32\AVSredirect.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2010-10-18 3908192]

    [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
    2010-10-18 16:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
    2010-10-18 16:26 3908192 ----a-w- c:\program files\Vuze_Remote\tbVuze.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2010-10-18 3908192]
    "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-10-18 3908192]

    [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

    [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2010-10-18 3908192]

    [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Kenny\Application Data\Dropbox\bin\DropboxExt.13.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Kenny\Application Data\Dropbox\bin\DropboxExt.13.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Kenny\Application Data\Dropbox\bin\DropboxExt.13.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
    2008-05-02 07:42 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
    @="Service"

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
    backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^Kenny^Start Menu^Programs^Startup^Dropbox.lnk]
    path=c:\documents and settings\Kenny\Start Menu\Programs\Startup\Dropbox.lnk
    backup=c:\windows\pss\Dropbox.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2010-09-24 09:15 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
    2003-09-17 14:43 57344 ----a-w- c:\program files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray]
    2006-02-24 23:29 196709 ----a-w- c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
    2010-09-16 20:04 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
    2010-08-13 06:41 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    2008-11-17 00:06 133104 ----atw- c:\documents and settings\Kenny\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
    2004-05-12 19:18 241664 ----a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
    2006-05-11 15:47 151552 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2010-12-13 22:16 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\itype]
    2006-11-21 22:08 813912 ----a-w- c:\program files\Microsoft IntelliType Pro\itype.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
    2008-02-29 08:12 76304 ----a-w- c:\windows\KHALMNPR.Exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    2007-03-01 20:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    2008-10-07 05:33 13574144 ----a-w- c:\windows\system32\nvcpl.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    2008-10-07 05:33 86016 ----a-w- c:\windows\system32\nvmctray.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    2008-10-07 05:33 1630208 ----a-w- c:\windows\system32\nwiz.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P17Helper]
    2005-05-03 23:38 64512 ----a-w- c:\windows\system32\P17.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2008-11-17 01:34 136600 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TurboHddUsb]
    2009-08-18 22:25 3327488 ----a-w- c:\program files\TurboHddUsb\TurboHddUsb.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead Quick-Drop]
    2006-07-20 07:04 118784 ----a-w- c:\program files\Ulead Systems\Ulead DVD MovieFactory 5 Plus\Ulead DVD MovieFactory 5\Quick-Drop.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
    2000-05-11 05:00 90112 ------w- c:\windows\Updreg.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
    2009-09-04 17:16 158448 ----a-w- c:\program files\Zune\ZuneLauncher.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "ZuneWlanCfgSvc"=3 (0x3)
    "ZuneNetworkSvc"=3 (0x3)
    "ZuneBusEnum"=2 (0x2)
    "xmlprov"=3 (0x3)
    "WZCSVC"=2 (0x2)
    "WudfSvc"=2 (0x2)
    "wuauserv"=2 (0x2)
    "wscsvc"=2 (0x2)
    "WMPNetworkSvc"=3 (0x3)
    "WmiApSrv"=3 (0x3)
    "Wmi"=3 (0x3)
    "WmdmPmSN"=3 (0x3)
    "WMDM PMSP Service"=2 (0x2)
    "WLSetupSvc"=3 (0x3)
    "winmgmt"=2 (0x2)
    "WebClient"=2 (0x2)
    "W32Time"=2 (0x2)
    "VSS"=3 (0x3)
    "UPS"=3 (0x3)
    "upnphost"=3 (0x3)
    "UleadBurningHelper"=2 (0x2)
    "TrkWks"=2 (0x2)
    "TlntSvr"=3 (0x3)
    "Themes"=2 (0x2)
    "TermService"=3 (0x3)
    "TapiSrv"=3 (0x3)
    "SysmonLog"=3 (0x3)
    "SwPrv"=3 (0x3)
    "stisvc"=2 (0x2)
    "SSDPSRV"=3 (0x3)
    "srservice"=2 (0x2)
    "Spooler"=2 (0x2)
    "ShellHWDetection"=2 (0x2)
    "SharedAccess"=2 (0x2)
    "SENS"=2 (0x2)
    "seclogon"=2 (0x2)
    "Schedule"=2 (0x2)
    "SCardSvr"=3 (0x3)
    "SamSs"=2 (0x2)
    "RSVP"=3 (0x3)
    "rpcapd"=3 (0x3)
    "RemoteRegistry"=2 (0x2)
    "RDSessMgr"=3 (0x3)
    "RasMan"=3 (0x3)
    "RasAuto"=3 (0x3)
    "ProtectedStorage"=2 (0x2)
    "PolicyAgent"=2 (0x2)
    "Pml Driver HPZ12"=3 (0x3)
    "PlugPlay"=2 (0x2)
    "PEVSystemStart"=2 (0x2)
    "ose"=3 (0x3)
    "odserv"=3 (0x3)
    "NVSvc"=2 (0x2)
    "NtmsSvc"=3 (0x3)
    "NtLmSsp"=3 (0x3)
    "NMIndexingService"=3 (0x3)
    "Nla"=3 (0x3)
    "Netman"=3 (0x3)
    "Netlogon"=3 (0x3)
    "NBService"=3 (0x3)
    "napagent"=3 (0x3)
    "MSIServer"=3 (0x3)
    "MSDTC"=3 (0x3)
    "MotoConnect Service"=2 (0x2)
    "mnmsrvc"=3 (0x3)
    "LmHosts"=2 (0x2)
    "LightScribeService"=2 (0x2)
    "LBTServ"=3 (0x3)
    "lanmanworkstation"=2 (0x2)
    "lanmanserver"=2 (0x2)
    "JavaQuickStarterService"=2 (0x2)
    "iPod Service"=3 (0x3)
    "ImapiService"=3 (0x3)
    "idsvc"=3 (0x3)
    "IDriverT"=3 (0x3)
    "IAANTMON"=2 (0x2)
    "HTTPFilter"=3 (0x3)
    "hkmsvc"=3 (0x3)
    "HidServ"=2 (0x2)
    "helpsvc"=2 (0x2)
    "gusvc"=3 (0x3)
    "gupdate"=2 (0x2)
    "GoogleDesktopManager-051210-111108"=3 (0x3)
    "FontCache3.0.0.0"=3 (0x3)
    "FLEXnet Licensing Service"=3 (0x3)
    "FastUserSwitchingCompatibility"=3 (0x3)
    "EventSystem"=3 (0x3)
    "Eventlog"=2 (0x2)
    "ERSvc"=2 (0x2)
    "EapHost"=3 (0x3)
    "Dot3svc"=3 (0x3)
    "dmserver"=2 (0x2)
    "dmadmin"=3 (0x3)
    "Diskeeper"=2 (0x2)
    "Dhcp"=2 (0x2)
    "CryptSvc"=2 (0x2)
    "Creative Service for CDROM Access"=2 (0x2)
    "COMSysApp"=3 (0x3)
    "clr_optimization_v2.0.50727_32"=3 (0x3)
    "ClipSrv"=3 (0x3)
    "CiSvc"=3 (0x3)
    "Browser"=2 (0x2)
    "Bonjour Service"=2 (0x2)
    "BITS"=2 (0x2)
    "AVP"=2 (0x2)
    "AudioSrv"=2 (0x2)
    "aspnet_state"=3 (0x3)
    "AppMgmt"=3 (0x3)
    "Apple Mobile Device"=2 (0x2)
    "ALG"=3 (0x3)
    "AdobeActiveFileMonitor7.0"=2 (0x2)
    "aawservice"=2 (0x2)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\WINDOWS\\system32\\mshta.exe"=
    "c:\\Program Files\\BitTorrent\\bittorrent.exe"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\FlashGet\\flashget.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
    "c:\\Documents and Settings\\Kenny\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
    "c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
    "c:\\Program Files\\Vuze\\Azureus.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=

    R1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [8/18/2009 5:25 PM 7040]
    R3 FNETTBOH;FNETTBOH;c:\windows\system32\drivers\FNETTBOH.SYS [8/18/2009 5:25 PM 17792]
    S1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [6/9/2010 4:43 PM 11352]
    S2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [12/21/2008 2:42 PM 3712]
    S3 androidusb;ADB Interface Driver;c:\windows\system32\drivers\motoandroid.sys [11/6/2009 6:15 PM 25856]
    S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [4/30/2008 4:06 PM 32856]
    S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [11/2/2009 7:27 PM 19472]
    S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [3/7/2010 6:35 PM 42752]
    S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [8/2/2005 4:10 PM 32512]
    S4 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [9/16/2008 12:03 PM 169312]
    S4 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [8/5/2007 11:27 PM 30192]
    S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/6/2010 5:25 PM 136176]
    S4 MotoConnect Service;MotoConnect Service;c:\program files\Motorola\MotoConnectService\MotoConnectService.exe [11/6/2009 6:14 PM 91392]

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2007-12-05 17:27 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
    .
    Contents of the 'Scheduled Tasks' folder

    2011-02-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-10-06 12:40]

    2011-02-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-10-06 12:40]

    2011-02-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-1383384898-725345543-1003Core.job
    - c:\documents and settings\Kenny\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-17 00:06]

    2011-02-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-1383384898-725345543-1003UA.job
    - c:\documents and settings\Kenny\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-17 00:06]

    2011-02-21 c:\windows\Tasks\User_Feed_Synchronization-{FBCDC0A0-191B-45C6-A5E7-9A92D024FACD}.job
    - c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.comcast.net/
    uInternet Settings,ProxyOverride = *.local
    IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
    IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
    IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    Trusted Zone: aol.com\free
    FF - ProfilePath - c:\documents and settings\Kenny\Application Data\Mozilla\Firefox\Profiles\4p0ztbns.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.comcast.net
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
    FF - Ext: Anti-Banner: KavAntiBanner@Kaspersky.ru - c:\program files\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru
    FF - Ext: Kaspersky URL Advisor: linkfilter@kaspersky.ru - c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: AnyColor: anycolor.pavlos256@gmail.com - %profile%\extensions\anycolor.pavlos256@gmail.com
    FF - Ext: Cooliris: piclens@cooliris.com - %profile%\extensions\piclens@cooliris.com
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: SearchPreview: {EF522540-89F5-46b9-B6FE-1829E2B572C6} - %profile%\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}
    FF - Ext: Bazzacuda Image Saver Plus: {FF2FA6A4-B3B1-11DD-B910-6C9A55D89593} - %profile%\extensions\{FF2FA6A4-B3B1-11DD-B910-6C9A55D89593}
    FF - Ext: Image Toolbar: {A4732521-77D9-447E-A557-B279AC923F06} - %profile%\extensions\{A4732521-77D9-447E-A557-B279AC923F06}
    FF - Ext: feedly: feedly@devhd - %profile%\extensions\feedly@devhd
    FF - Ext: Myibay Firefox extension: firefox1@myibay.com - %profile%\extensions\firefox1@myibay.com
    FF - Ext: Speed Dial: {64161300-e22b-11db-8314-0800200c9a66} - %profile%\extensions\{64161300-e22b-11db-8314-0800200c9a66}
    FF - Ext: SortPlaces: sortplaces@andyhalford.com - %profile%\extensions\sortplaces@andyhalford.com
    FF - Ext: New Tab King: {FC5BAC7D-D696-4ba6-B913-CF8F000C33DF} - %profile%\extensions\{FC5BAC7D-D696-4ba6-B913-CF8F000C33DF}
    FF - Ext: FastestFox: smarterwiki@wikiatic.com - %profile%\extensions\smarterwiki@wikiatic.com
    FF - Ext: 1-Click YouTube Video Downloader: YoutubeDownloader@PeterOlayev.com - %profile%\extensions\YoutubeDownloader@PeterOlayev.com
    FF - Ext: QuickFox Notes: amin.eft_bmnotes@gmail.com - %profile%\extensions\amin.eft_bmnotes@gmail.com
    FF - Ext: PopupMaster: {35106bca-6c78-48c7-ac28-56df30b51d2d} - %profile%\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2d}
    FF - Ext: Yet Another Smooth Scrolling: yetanothersmoothscrolling@kataho - %profile%\extensions\yetanothersmoothscrolling@kataho
    FF - Ext: The Camelizer: izer@camelcamelcamel.com - %profile%\extensions\izer@camelcamelcamel.com
    FF - Ext: TinEye Reverse Image Search: tineye@ideeinc.com - %profile%\extensions\tineye@ideeinc.com
    FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\Kenny\Application Data\Move Networks
    FF - Ext: AI Roboform Toolbar for Firefox: {22119944-ED35-4ab1-910B-E619EA06A115} - c:\program files\Siber Systems\AI RoboForm\Firefox
    .
    - - - - ORPHANS REMOVED - - - -

    SafeBoot-WudfPf
    SafeBoot-WudfRd



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-02-21 00:09
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 5.1.2600 Disk: ST3320620AS rev.3.AAK -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP5T0L0-3a

    device: opened successfully
    user: MBR read successfully
    kernel: MBR read successfully
    user != kernel MBR !!!
    sectors 625142446 (+255): user != kernel

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-117609710-1383384898-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)

    [HKEY_USERS\S-1-5-21-117609710-1383384898-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D1C5FA3E-EAE9-C33D-45E1-157AFF0B4FC5}*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)
    "iakdnjhcgpmdfmdabj"=hex:6a,61,62,68,61,6b,68,68,6f,69,62,6a,62,6a,6a,62,6c,65,
    70,69,00,64
    "haecdncfcdhgaplc"=hex:6a,61,62,68,61,6b,68,68,6f,69,62,6a,62,6a,6a,62,6c,65,
    70,69,00,64

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(252)
    c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
    c:\program files\common files\logitech\bluetooth\LBTServ.dll

    - - - - - - - > 'explorer.exe'(1084)
    c:\windows\system32\WININET.dll
    c:\documents and settings\Kenny\Application Data\Dropbox\bin\DropboxExt.13.dll
    .
    Completion time: 2011-02-21 00:15:09 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-02-21 05:15

    Pre-Run: 43,741,675,520 bytes free
    Post-Run: 43,555,016,704 bytes free

    - - End Of File - - A53152B7E700740C06E417744B0E3B00
     
  11. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Well done :)

    Open Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to Show hidden files, and folders.
    Upload following files to http://www.virustotal.com/ for security check:
    - c:\windows\regedit.exe
    IMPORTANT! If the file is listed as already analyzed, click on Reanalyse file now button.
    Post scan results.
     
  12. RaceFace

    RaceFace TS Rookie Topic Starter

    Hope this copy and paste works...


    2 VT Community user(s) with a total of 7 reputation credit(s) say(s) this sample is goodware. 2 VT Community user(s) with a total of 2 reputation credit(s) say(s) this sample is malware.
    File name:
    regedit.exe
    Submission date:
    2011-02-21 06:08:44 (UTC)
    Current status:
    queued queued analysing finished
    Result:
    0/ 43 (0.0%)

    VT Community

    goodware
    Safety score: 77.8%
    Compact
    Print results
    Antivirus Version Last Update Result
    AhnLab-V3 2011.02.14.02 2011.02.14 -
    AntiVir 7.11.3.165 2011.02.20 -
    Antiy-AVL 2.0.3.7 2011.02.19 -
    Avast 4.8.1351.0 2011.02.20 -
    Avast5 5.0.677.0 2011.02.20 -
    AVG 10.0.0.1190 2011.02.20 -
    BitDefender 7.2 2011.02.21 -
    CAT-QuickHeal 11.00 2011.02.21 -
    ClamAV 0.96.4.0 2011.02.21 -
    Commtouch 5.2.11.5 2011.02.20 -
    Comodo 7755 2011.02.21 -
    DrWeb 5.0.2.03300 2011.02.21 -
    Emsisoft 5.1.0.2 2011.02.21 -
    eSafe 7.0.17.0 2011.02.17 -
    eTrust-Vet 36.1.8170 2011.02.18 -
    F-Prot 4.6.2.117 2011.02.20 -
    F-Secure 9.0.16160.0 2011.02.21 -
    Fortinet 4.2.254.0 2011.02.21 -
    GData 21 2011.02.21 -
    Ikarus T3.1.1.97.0 2011.02.21 -
    Jiangmin 13.0.900 2011.02.21 -
    K7AntiVirus 9.87.3906 2011.02.19 -
    Kaspersky 7.0.0.125 2011.02.21 -
    McAfee 5.400.0.1158 2011.02.21 -
    McAfee-GW-Edition 2010.1C 2011.02.21 -
    Microsoft 1.6502 2011.02.21 -
    NOD32 5891 2011.02.20 -
    Norman 6.07.03 2011.02.20 -
    nProtect 2011-02-10.01 2011.02.15 -
    Panda 10.0.3.5 2011.02.20 -
    PCTools 7.0.3.5 2011.02.21 -
    Prevx 3.0 2011.02.21 -
    Rising 23.45.04.06 2011.02.18 -
    Sophos 4.61.0 2011.02.21 -
    SUPERAntiSpyware 4.40.0.1006 2011.02.21 -
    Symantec 20101.3.0.103 2011.02.21 -
    TheHacker 6.7.0.1.134 2011.02.21 -
    TrendMicro 9.200.0.1012 2011.02.21 -
    TrendMicro-HouseCall 9.200.0.1012 2011.02.15 -
    VBA32 3.12.14.3 2011.02.18 -
    VIPRE 8490 2011.02.21 -
    ViRobot 2011.2.21.4320 2011.02.21 -
    VirusBuster 13.6.210.1 2011.02.20 -
    Additional information
    Show all
    MD5 : 058710b720282ca82b909912d3ef28db
    SHA1 : 48f4612efeb713a5860726fdb999ceceff07557d
    SHA256: 97535e75ca6a77e6bcb81216b0fb383024709539727fd656df6afd33a50cad04
    ssdeep: 3072:NtkaZgxktEdSja2qLckP+4AnrIKvOBI+huG0TG0uvJb9w:NtkqxrqLckP+xn0YOBI+AG0T
    G0
    File size : 146432 bytes
    First seen: 2009-02-12 04:39:45
    Last seen : 2011-02-21 06:08:44
    TrID:
    Win32 Executable MS Visual C++ (generic) (53.1%)
    Windows Screen Saver (18.4%)
    Win32 Executable Generic (12.0%)
    Win32 Dynamic Link Library (generic) (10.6%)
    Generic Win/DOS Executable (2.8%)
    sigcheck:
    publisher....: Microsoft Corporation
    copyright....: (c) Microsoft Corporation. All rights reserved.
    product......: Microsoft_ Windows_ Operating System
    description..: Registry Editor
    original name: REGEDIT.EXE
    internal name: REGEDIT
    file version.: 5.1.2600.5512 (xpsp.080413-2111)
    comments.....: n/a
    signers......: -
    signing date.: -
    verified.....: Unsigned
    PEInfo: PE structure information

    [[ basic data ]]
    entrypointaddress: 0x1691E
    timedatestamp....: 0x48025214 (Sun Apr 13 18:33:56 2008)
    machinetype......: 0x14c (I386)

    [[ 3 section(s) ]]
    name, viradd, virsiz, rawdsiz, ntropy, md5
    .text, 0x1000, 0x17902, 0x17A00, 6.37, 8d566c1e457741cced3b34f6d18c225d
    .data, 0x19000, 0x40DA0, 0x400, 1.20, def7edb164ce2210badeb06959cdaa48
    .rsrc, 0x5A000, 0xB8B0, 0xBA00, 3.68, 55c800dc56999ec2683a54271953b1b7

    [[ 14 import(s) ]]
    msvcrt.dll: __p__commode, _adjust_fdiv, __p__fmode, _initterm, __getmainargs, _acmdln, __set_app_type, _except_handler3, __setusermatherr, _controlfp, exit, _XcptFilter, _exit, _c_exit, swprintf, iswprint, wcsncpy, wcslen, wcscat, wcscpy, _purecall, iswctype, wcscmp, wcschr, wcsncmp, wcsrchr, _cexit, memmove
    ADVAPI32.dll: RegQueryValueExA, RegOpenKeyExA, InitializeSecurityDescriptor, RegDeleteValueW, InitializeAcl, SetSecurityDescriptorDacl, SetSecurityDescriptorSacl, SetSecurityDescriptorOwner, SetSecurityDescriptorGroup, GetInheritanceSourceW, LookupAccountSidW, GetSidSubAuthorityCount, GetSidSubAuthority, GetSecurityDescriptorControl, GetSecurityDescriptorOwner, GetSecurityDescriptorGroup, GetSecurityDescriptorDacl, GetSecurityDescriptorSacl, SetSecurityInfo, SetNamedSecurityInfoW, GetNamedSecurityInfoW, MapGenericMask, RegSetValueExA, RegSetValueW, RegFlushKey, RegSaveKeyW, RegRestoreKeyW, RegConnectRegistryW, RegQueryValueExW, RegCloseKey, RegOpenKeyW, RegSetValueExW, RegCreateKeyW, RegEnumValueW, RegEnumKeyW, AdjustTokenPrivileges, LookupPrivilegeValueW, OpenProcessToken, RegUnLoadKeyW, RegLoadKeyW, RegOpenKeyExW, RegQueryInfoKeyW, RegDeleteKeyW
    KERNEL32.dll: ReadFile, DeleteFileW, WriteFile, WideCharToMultiByte, CreateFileW, OutputDebugStringW, GetLastError, SetFilePointer, GetFileSize, SearchPathW, GetTimeFormatW, GetDateFormatW, GetSystemDefaultLCID, FileTimeToSystemTime, FileTimeToLocalFileTime, FreeLibrary, LoadLibraryW, MulDiv, lstrcpynW, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetModuleHandleA, GetStartupInfoA, MultiByteToWideChar, lstrcmpW, FormatMessageW, GetThreadLocale, GetModuleHandleW, ExitProcess, GetCommandLineW, GetProcessHeap, lstrcatW, LocalAlloc, GetCurrentProcess, CloseHandle, LocalFree, GetComputerNameW, lstrcmpiW, lstrlenW, lstrcpyW, LocalReAlloc, GlobalAlloc, GlobalLock, GlobalUnlock, GetProcAddress, LoadLibraryA
    GDI32.dll: GetStockObject, SetAbortProc, StartDocW, StartPage, SetViewportOrgEx, EndPage, EndDoc, AbortDoc, DeleteDC, CreateBitmap, CreatePatternBrush, PatBlt, ExcludeClipRect, SelectClipRgn, DeleteObject, SetBkColor, SetTextColor, ExtTextOutW, GetDeviceCaps, CreateFontIndirectW, SelectObject, GetTextMetricsW
    USER32.dll: SendDlgItemMessageW, SetDlgItemTextW, SetWindowLongW, DefWindowProcW, ReleaseDC, GetDC, SetScrollInfo, wsprintfW, DestroyCaret, ReleaseCapture, KillTimer, SetCaretPos, ScrollWindowEx, ShowCaret, HideCaret, InvalidateRect, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, GetClipboardData, WinHelpW, EndDialog, GetWindowLongW, EndPaint, BeginPaint, CreateCaret, SetTimer, SetCapture, SetFocus, CharLowerW, GetDlgItem, DestroyMenu, TrackPopupMenuEx, IsClipboardFormatAvailable, EnableMenuItem, GetSubMenu, LoadMenuW, GetKeyState, RegisterClassW, LoadCursorW, RegisterClipboardFormatW, CheckRadioButton, SendMessageW, GetWindowTextW, GetParent, GetDlgItemTextW, IsDlgButtonChecked, GetDlgCtrlID, CallWindowProcW, GetWindowTextLengthW, GetDlgItemInt, PostQuitMessage, GetWindowPlacement, SetWindowTextW, EnableWindow, GetWindowRect, DrawMenuBar, InsertMenuItemW, DeleteMenu, SetMenuItemInfoW, GetMenu, GetMenuItemInfoW, EndDeferWindowPos, DeferWindowPos, BeginDeferWindowPos, IsIconic, DestroyIcon, LoadImageW, GetSysColor, SetCursor, ShowCursor, ShowWindow, SetWindowPlacement, CreateWindowExW, GetProcessDefaultLayout, GetMessageW, ScreenToClient, SetCursorPos, DispatchMessageW, ClientToScreen, GetDesktopWindow, LoadIconW, PostMessageW, SetMenuDefaultItem, InsertMenuW, GetMenuItemID, CheckMenuItem, UpdateWindow, RegisterClassExW, CharNextW, GetClientRect, DestroyWindow, CreateDialogParamW, CheckDlgButton, DrawAnimatedRects, IntersectRect, ModifyMenuW, GetMessagePos, TranslateMessage, TranslateAcceleratorW, LoadAcceleratorsW, SetForegroundWindow, GetLastActivePopup, BringWindowToTop, FindWindowW, LoadStringW, GetWindow, IsDialogMessageW, PeekMessageW, MessageBoxW, CharUpperBuffW, CharUpperW, IsCharAlphaNumericW, GetSystemMetrics, MoveWindow, MapWindowPoints, DialogBoxParamW, SetWindowPos, MessageBeep
    COMCTL32.dll: -, -, -, -, InitCommonControlsEx, -, -, ImageList_SetBkColor, ImageList_Create, ImageList_Destroy, -, -, ImageList_ReplaceIcon, -, -, -, -, CreateStatusWindowW
    comdlg32.dll: GetOpenFileNameW, GetSaveFileNameW, PrintDlgExW
    SHELL32.dll: ShellAboutW, DragQueryFileW, DragFinish
    AUTHZ.dll: AuthzInitializeContextFromSid, AuthzAccessCheck, AuthzFreeContext, AuthzFreeResourceManager, AuthzInitializeResourceManager
    ACLUI.dll: -
    ole32.dll: CoCreateInstance, CoUninitialize, CoInitializeEx, ReleaseStgMedium
    ulib.dll: _Resize@DSTRING@@UAEEK@Z, _Initialize@ARRAY@@QAEEKK@Z, _NewBuf@DSTRING@@UAEEK@Z, __1DSTRING@@UAE@XZ, __1OBJECT@@UAE@XZ, __0OBJECT@@IAE@XZ, _Compare@OBJECT@@UBEJPBV1@@Z, __0DSTRING@@QAE@XZ, _Initialize@WSTRING@@QAEEPBV1@KK@Z, _Strcat@WSTRING@@QAEEPBV1@@Z, __0ARRAY@@QAE@XZ, _Initialize@WSTRING@@QAEEPBGK@Z
    clb.dll: ClbAddData, ClbSetColumnWidths
    ntdll.dll: RtlFreeHeap, RtlAllocateHeap
    ExifTool:
    file metadata
    CharacterSet: Unicode
    CodeSize: 96768
    CompanyName: Microsoft Corporation
    EntryPoint: 0x1691e
    FileDescription: Registry Editor
    FileFlagsMask: 0x003f
    FileOS: Windows NT 32-bit
    FileSize: 143 kB
    FileSubtype: 0
    FileType: Win32 EXE
    FileVersion: 5.1.2600.5512 (xpsp.080413-2111)
    FileVersionNumber: 5.1.2600.5512
    ImageVersion: 5.1
    InitializedDataSize: 313344
    InternalName: REGEDIT
    LanguageCode: English (U.S.)
    LegalCopyright: Microsoft Corporation. All rights reserved.
    LinkerVersion: 7.1
    MIMEType: application/octet-stream
    MachineType: Intel 386 or later, and compatibles
    OSVersion: 5.1
    ObjectFileType: Executable application
    OriginalFilename: REGEDIT.EXE
    PEType: PE32
    ProductName: Microsoft Windows Operating System
    ProductVersion: 5.1.2600.5512
    ProductVersionNumber: 5.1.2600.5512
    Subsystem: Windows GUI
    SubsystemVersion: 4.0
    TimeStamp: 2008:04:13 20:33:56+02:00
    UninitializedDataSize: 0
     
  13. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    All good then :)

    How is computer doing?

    Bed time here, so I'll leave you with a homework....:)

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  14. RaceFace

    RaceFace TS Rookie Topic Starter

    Everything seems OK! Thanks again for the boat load of super fast help! I'm glad you're tapping out though b/c I'm ready for bed as well! Here's the latest logs:





    OTL logfile created on: 2/21/2011 1:36:37 AM - Run 1
    OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Kenny\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 80.00% Memory free
    5.00 Gb Paging File | 5.00 Gb Available in Paging File | 90.00% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 97.65 Gb Total Space | 40.55 Gb Free Space | 41.52% Space Free | Partition Type: NTFS
    Drive D: | 200.43 Gb Total Space | 41.08 Gb Free Space | 20.50% Space Free | Partition Type: NTFS
    Drive E: | 298.08 Gb Total Space | 36.53 Gb Free Space | 12.26% Space Free | Partition Type: NTFS
    Drive K: | 931.51 Gb Total Space | 140.51 Gb Free Space | 15.08% Space Free | Partition Type: NTFS
    Drive X: | 976.56 Gb Total Space | 78.09 Gb Free Space | 8.00% Space Free | Partition Type: NTFS
    Drive Y: | 420.70 Gb Total Space | 48.31 Gb Free Space | 11.48% Space Free | Partition Type: NTFS

    Computer Name: KEN-5E098FBB7AF | User Name: Kenny | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/02/21 01:33:21 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kenny\Desktop\OTL.exe
    PRC - [2010/11/02 22:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
    PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    PRC - [2010/09/16 15:04:06 | 001,164,584 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    PRC - [2010/08/13 01:41:56 | 000,030,192 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    PRC - [2010/02/26 00:10:20 | 021,979,992 | ---- | M] () -- C:\Documents and Settings\Kenny\Application Data\Dropbox\bin\Dropbox.exe
    PRC - [2010/02/02 17:31:56 | 000,279,296 | ---- | M] (Motorola) -- C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
    PRC - [2010/01/27 11:37:22 | 000,091,392 | ---- | M] () -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
    PRC - [2009/09/04 12:16:54 | 000,158,448 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneLauncher.exe
    PRC - [2009/09/04 12:16:54 | 000,058,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ZuneBusEnum.exe
    PRC - [2009/08/18 17:25:04 | 003,327,488 | ---- | M] (FNet Co., Ltd.) -- C:\Program Files\TurboHddUsb\TurboHddUsb.exe
    PRC - [2008/09/16 12:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
    PRC - [2008/05/02 02:44:08 | 000,805,392 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
    PRC - [2008/05/02 02:40:56 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
    PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2007/09/07 20:12:20 | 000,566,616 | ---- | M] (Lavasoft AB) -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    PRC - [2006/05/11 10:47:24 | 000,151,552 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    PRC - [2006/05/11 10:46:54 | 000,090,112 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    PRC - [2006/03/09 14:30:34 | 000,630,905 | ---- | M] (Diskeeper® Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    PRC - [2005/01/31 09:45:20 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    PRC - [2003/09/17 09:43:36 | 000,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe


    ========== Modules (SafeList) ==========

    MOD - [2011/02/21 01:33:21 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kenny\Desktop\OTL.exe
    MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
    MOD - [2009/07/12 00:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
    MOD - [2008/05/02 02:42:50 | 000,045,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\lgscroll.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2010/11/02 22:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe -- (AVP)
    SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
    SRV - [2010/08/13 01:41:56 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-051210-111108)
    SRV - [2010/01/27 11:37:22 | 000,091,392 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe -- (MotoConnect Service)
    SRV - [2009/09/04 12:17:00 | 000,447,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
    SRV - [2009/09/04 12:16:54 | 005,893,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
    SRV - [2009/09/04 12:16:54 | 000,058,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ZuneBusEnum.exe -- (ZuneBusEnum)
    SRV - [2008/12/07 20:57:41 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2008/09/16 12:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0)
    SRV - [2008/05/02 02:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)
    SRV - [2007/10/25 14:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
    SRV - [2007/09/07 20:12:20 | 000,566,616 | ---- | M] (Lavasoft AB) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe -- (aawservice)
    SRV - [2006/05/11 10:46:54 | 000,090,112 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
    SRV - [2006/03/09 14:30:34 | 000,630,905 | ---- | M] (Diskeeper® Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
    SRV - [2005/08/02 16:18:49 | 000,086,016 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
    SRV - [2005/01/31 09:45:20 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
    SRV - [2004/01/05 02:27:32 | 000,065,795 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\hpzipm12.exe -- (Pml Driver HPZ12)


    ========== Driver Services (SafeList) ==========

    DRV - [2010/10/01 10:37:50 | 000,475,736 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
    DRV - [2010/06/09 16:43:52 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kl2.sys -- (kl2)
    DRV - [2010/06/09 16:43:50 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1)
    DRV - [2010/05/07 11:06:26 | 000,032,856 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
    DRV - [2009/11/02 19:27:24 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt)
    DRV - [2009/08/18 17:25:13 | 000,007,040 | ---- | M] (FNet Co., Ltd.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\FNETURPX.SYS -- (FNETURPX)
    DRV - [2009/08/18 17:25:07 | 000,017,792 | ---- | M] (FNet Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\FNETTBOH.SYS -- (FNETTBOH)
    DRV - [2009/07/10 13:01:04 | 000,025,856 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motoandroid.sys -- (androidusb)
    DRV - [2009/05/08 11:56:12 | 000,042,752 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motodrv.sys -- (MotDev)
    DRV - [2008/10/07 00:33:00 | 006,133,856 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
    DRV - [2008/04/13 13:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
    DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
    DRV - [2008/02/29 03:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
    DRV - [2008/02/29 03:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
    DRV - [2007/11/29 02:18:12 | 000,028,432 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
    DRV - [2007/11/29 02:17:34 | 000,063,120 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
    DRV - [2007/11/29 02:17:28 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
    DRV - [2007/05/03 13:37:08 | 000,022,152 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxopswd.sys -- (MXOPSWD)
    DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
    DRV - [2006/07/28 22:20:28 | 000,043,392 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel(R)
    DRV - [2006/07/19 02:42:16 | 000,230,400 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel(R)
    DRV - [2006/07/05 14:35:54 | 000,024,064 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iqvw32.sys -- (NAL)
    DRV - [2006/06/30 00:53:44 | 000,003,712 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
    DRV - [2006/05/11 10:30:52 | 000,247,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
    DRV - [2006/05/10 09:56:54 | 000,027,264 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidKE.Sys -- (LHidKe)
    DRV - [2006/05/10 09:56:50 | 000,071,680 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
    DRV - [2005/12/02 04:38:04 | 000,041,728 | ---- | M] (Sonic Focus, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sfng32.sys -- (sfng32)
    DRV - [2005/08/02 16:10:13 | 000,032,512 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
    DRV - [2005/07/26 02:07:14 | 000,010,368 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi)
    DRV - [2005/07/07 15:14:30 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P17.sys -- (P17)
    DRV - [2005/02/16 02:06:18 | 000,018,816 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\APLMp50.sys -- (APLMp50)
    DRV - [2005/01/10 17:15:30 | 000,106,496 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
    DRV - [2005/01/10 17:15:24 | 000,138,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========



    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-117609710-1383384898-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
    IE - HKU\S-1-5-21-117609710-1383384898-725345543-1003\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
    IE - HKU\S-1-5-21-117609710-1383384898-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-117609710-1383384898-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://www.comcast.net"
    FF - prefs.js..extensions.enabledItems: YoutubeDownloader@PeterOlayev.com:1.5
    FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.10.1
    FF - prefs.js..extensions.enabledItems: anycolor.pavlos256@gmail.com:0.3.3
    FF - prefs.js..extensions.enabledItems: {FF2FA6A4-B3B1-11DD-B910-6C9A55D89593}:0.36
    FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.12.0.36949
    FF - prefs.js..extensions.enabledItems: smarterwiki@wikiatic.com:4.1.8
    FF - prefs.js..extensions.enabledItems: feedly@devhd:5.2
    FF - prefs.js..extensions.enabledItems: {A4732521-77D9-447E-A557-B279AC923F06}:0.6.8
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
    FF - prefs.js..extensions.enabledItems: firefox1@myibay.com:1.1.8
    FF - prefs.js..extensions.enabledItems: {FC5BAC7D-D696-4ba6-B913-CF8F000C33DF}:5.0.3
    FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2d}:1.2.4
    FF - prefs.js..extensions.enabledItems: amin.eft_bmnotes@gmail.com:2.4D
    FF - prefs.js..extensions.enabledItems: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:4.9.4
    FF - prefs.js..extensions.enabledItems: sortplaces@andyhalford.com:1.7.2
    FF - prefs.js..extensions.enabledItems: {64161300-e22b-11db-8314-0800200c9a66}:0.9.5.8
    FF - prefs.js..extensions.enabledItems: yetanothersmoothscrolling@kataho:3.0.16
    FF - prefs.js..extensions.enabledItems: izer@camelcamelcamel.com:1.4
    FF - prefs.js..extensions.enabledItems: tineye@ideeinc.com:1.1
    FF - prefs.js..extensions.enabledItems: KavAntiBanner@Kaspersky.ru:11.0.2.556
    FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.2.556

    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/11 18:00:59 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/20 21:22:02 | 000,000,000 | ---D | M]

    [2010/05/25 22:16:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kenny\Application Data\Mozilla\Extensions
    [2010/05/25 22:16:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kenny\Application Data\Mozilla\Extensions\mozswing@mozswing.org
    [2011/02/20 21:06:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\4p0ztbns.default\extensions
    [2010/06/11 17:47:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\4p0ztbns.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2010/02/01 23:13:50 | 000,000,000 | ---D | M] (PopupMaster) -- C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\4p0ztbns.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2d}
    [2009/10/11 17:11:47 | 000,000,000 | ---D | M] (Browse Images) -- C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\4p0ztbns.default\extensions\{62b958b4-9962-4fc2-9983-01a9a42d6f2d}
    [2011/02/12 17:30:05 | 000,000,000 | ---D | M] (Speed Dial) -- C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\4p0ztbns.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}
    [2010/10/08 15:27:43 | 000,000,000 | ---D | M] (Image Toolbar) -- C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\4p0ztbns.default\extensions\{A4732521-77D9-447E-A557-B279AC923F06}
    [2010/11/13 14:42:27 | 000,000,000 | ---D | M] (SearchPreview) -- C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\4p0ztbns.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}
    [2011/02/12 17:30:03 | 000,000,000 | ---D | M] (New Tab King) -- C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\4p0ztbns.default\extensions\{FC5BAC7D-D696-4ba6-B913-CF8F000C33DF}
    [2011/02/12 17:30:08 | 000,000,000 | ---D | M] ("Bazzacuda Image Saver Plus") -- C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\4p0ztbns.default\extensions\{FF2FA6A4-B3B1-11DD-B910-6C9A55D89593}
    [2011/02/12 17:29:58 | 000,000,000 | ---D | M] (QuickFox Notes) -- C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\4p0ztbns.default\extensions\amin.eft_bmnotes@gmail.com
    [2010/09/05 22:56:46 | 000,000,000 | ---D | M] (AnyColor) -- C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\4p0ztbns.default\extensions\anycolor.pavlos256@gmail.com
    [2011/02/12 17:30:07 | 000,000,000 | ---D | M] (feedly) -- C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\4p0ztbns.default\extensions\feedly@devhd
    [2010/08/12 19:53:24 | 000,000,000 | ---D | M] (Myibay Firefox extension) -- C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\4p0ztbns.default\extensions\firefox1@myibay.com
    [2010/12/18 15:44:52 | 000,000,000 | ---D | M] (The Camelizer) -- C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\4p0ztbns.default\extensions\izer@camelcamelcamel.com
    [2010/06/20 12:41:44 | 000,000,000 | ---D | M] (Cooliris) -- C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\4p0ztbns.default\extensions\piclens@cooliris.com
    [2010/06/20 12:41:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\4p0ztbns.default\extensions\piclens@cooliris.com-trash
    [2010/11/13 14:42:13 | 000,000,000 | ---D | M] (FastestFox) -- C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\4p0ztbns.default\extensions\smarterwiki@wikiatic.com
    [2011/02/12 17:30:04 | 000,000,000 | ---D | M] (SortPlaces) -- C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\4p0ztbns.default\extensions\sortplaces@andyhalford.com
    [2011/02/18 13:01:00 | 000,000,000 | ---D | M] (TinEye Reverse Image Search) -- C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\4p0ztbns.default\extensions\tineye@ideeinc.com
    [2011/02/12 17:29:58 | 000,000,000 | ---D | M] (Yet Another Smooth Scrolling) -- C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\4p0ztbns.default\extensions\yetanothersmoothscrolling@kataho
    [2010/08/05 16:22:15 | 000,000,000 | ---D | M] (1-Click YouTube Video Downloader) -- C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\4p0ztbns.default\extensions\YoutubeDownloader@PeterOlayev.com
    [2011/02/12 17:30:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\4p0ztbns.default\extensions\feedly@devhd\content\app\extension
    [2009/09/07 13:20:15 | 000,000,894 | ---- | M] () -- C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\4p0ztbns.default\searchplugins\mininova.xml
    [2010/01/06 20:42:05 | 000,001,863 | ---- | M] () -- C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\4p0ztbns.default\searchplugins\searchalot.xml
    [2011/02/20 21:06:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2011/01/30 12:33:53 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru
    [2011/01/30 12:33:51 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
    [2010/08/17 17:12:40 | 000,000,000 | ---D | M] (Move Media Player) -- C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MOVE NETWORKS
    [2008/11/16 20:34:14 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
    [2007/04/30 21:19:19 | 000,000,000 | ---D | M] (AI Roboform Toolbar for Firefox) -- C:\PROGRAM FILES\SIBER SYSTEMS\AI ROBOFORM\FIREFOX

    O1 HOSTS File: ([2011/02/21 00:09:39 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll (www.flashget.com)
    O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
    O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll (Kaspersky Lab ZAO)
    O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
    O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
    O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
    O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll (www.flashget.com)
    O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
    O3 - HKU\S-1-5-21-117609710-1383384898-725345543-1003\..\Toolbar\ShellBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O3 - HKU\S-1-5-21-117609710-1383384898-725345543-1003\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O3 - HKU\S-1-5-21-117609710-1383384898-725345543-1003\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
    O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [avp] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
    O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
    O4 - HKLM..\Run: [DiskeeperSystray] C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper® Corporation)
    O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
    O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
    O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
    O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
    O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
    O4 - HKLM..\Run: [P17Helper] C:\WINDOWS\System32\P17.dll ()
    O4 - HKLM..\Run: [TurboHddUsb] C:\Program Files\TurboHddUsb\TurboHddUsb.exe (FNet Co., Ltd.)
    O4 - HKLM..\Run: [Ulead Quick-Drop] C:\Program Files\Ulead Systems\Ulead DVD MovieFactory 5 Plus\Ulead DVD MovieFactory 5\Quick-Drop.exe (Ulead Systems, Inc.)
    O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
    O4 - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
    O4 - Startup: C:\Documents and Settings\Kenny\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Kenny\Application Data\Dropbox\bin\Dropbox.exe ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-117609710-1383384898-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-117609710-1383384898-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-21-117609710-1383384898-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-21-117609710-1383384898-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\JC_ALL.HTM ()
    O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\JC_LINK.HTM ()
    O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm ()
    O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
    O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
    O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
    O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
    O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_10.dll (Sun Microsystems, Inc.)
    O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
    O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
    O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
    O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
    O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
    O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
    O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
    O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
    O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
    O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
    O15 - HKU\S-1-5-21-117609710-1383384898-725345543-1003\..Trusted Domains: aol.com ([free] http in Trusted sites)
    O15 - HKU\S-1-5-21-117609710-1383384898-725345543-1003\..Trusted Domains: localhost ([]http in Local intranet)
    O15 - HKU\S-1-5-21-117609710-1383384898-725345543-1003\..Trusted Ranges: GD ([http] in Local intranet)
    O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab (Office Genuine Advantage Validation Tool)
    O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.microsoft.com/OAS/ActiveX/MSDcode.cab (Reg Error: Key error.)
    O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} http://www.creative.com/su/ocx/15026/CTSUEng.cab (Reg Error: Key error.)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-495c-b89f-c1c34c691085/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.)
    O16 - DPF: {38AB0814-B09B-4378-9940-14A19638C3C2} http://www.auctiva.com/Aurigma/ImageUploader57.cab (Auctiva Image Uploader Control)
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www1.snapfish.com/SnapfishActivia.cab (Snapfish Activia)
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab (MSN Photo Upload Tool)
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab (Reg Error: Key error.)
    O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab (Reg Error: Key error.)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1254183932078 (MUWebControl Class)
    O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab (Kodak Gallery Easy Upload Manager Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab (Java Plug-in 1.6.0_10)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} http://web1.shutterfly.com/downloads/Uploader.cab (Shutterfly Picture Upload Plugin)
    O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
    O16 - DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab (Java Plug-in 1.6.0_10)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab (Java Plug-in 1.6.0_10)
    O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} http://www.auctiva.com/hostedimages/activex/xupload/XUpload.ocx (Persits Software XUpload)
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://www.creative.com/su/ocx/15029/CTPID.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.75.198 68.87.64.150
    O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO)
    O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
    O24 - Desktop WallPaper: C:\Documents and Settings\Kenny\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Kenny\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2007/04/28 08:54:52 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    Drivers32: msacm.dvacm - C:\Program Files\Common Files\Ulead Systems\VIO\DVACM.acm (Ulead Systems, Inc.)
    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.mpegacm - C:\Program Files\Common Files\Ulead Systems\MPEG\MPEGACM.acm (Ulead Systems, Inc.)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: msacm.ulmp3acm - C:\Program Files\Common Files\Ulead Systems\MPEG\ulmp3acm.acm (Ulead systems)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
    Drivers32: vidc.ffds - C:\WINDOWS\System32\ffdshow.ax ()
    Drivers32: vidc.I420 - C:\WINDOWS\System32\i420vfw.dll (www.helixcommunity.org)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\Program Files\Replay AV 8\ir50_32.dll (Intel Corporation)
    Drivers32: VIDC.WMV3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation)
    Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
    Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
     
  15. RaceFace

    RaceFace TS Rookie Topic Starter

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point (16902053519425536)

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/02/21 01:33:24 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Kenny\Desktop\OTL.exe
    [2011/02/21 00:15:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
    [2011/02/20 23:28:17 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2011/02/20 23:26:23 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2011/02/20 23:26:23 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2011/02/20 23:26:23 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2011/02/20 23:26:23 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2011/02/20 23:26:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2011/02/20 23:26:01 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/02/20 22:25:34 | 001,366,104 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Kenny\Desktop\TDSSKiller.exe
    [2011/02/20 13:03:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kenny\Desktop\8 step Cleaning PC_files
    [2011/02/19 15:36:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
    [2011/02/18 16:15:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kenny\Application Data\Malwarebytes
    [2011/02/18 16:15:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/02/18 16:15:19 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2011/02/18 16:15:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2011/02/18 16:15:14 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2011/02/18 16:15:14 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2011/02/18 16:12:33 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Kenny\Desktop\mbam-setup-1.50.1.1100.exe
    [2011/02/18 15:53:31 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Kenny\Desktop\TFC.exe
    [2011/01/30 12:33:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Kaspersky Internet Security 2011
    [2007/05/31 17:58:25 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Kenny\Application Data\pcouffin.sys
    [2004/11/24 13:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll
    [2002/04/11 00:41:06 | 000,065,536 | R--- | C] ( ) -- C:\WINDOWS\System32\A3d.dll

    ========== Files - Modified Within 30 Days ==========

    [2011/02/21 01:35:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2011/02/21 01:33:21 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kenny\Desktop\OTL.exe
    [2011/02/21 01:29:40 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{FBCDC0A0-191B-45C6-A5E7-9A92D024FACD}.job
    [2011/02/21 01:24:51 | 000,000,187 | ---- | M] () -- C:\Documents and Settings\Kenny\default.pls
    [2011/02/21 01:24:51 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
    [2011/02/21 00:50:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-117609710-1383384898-725345543-1003UA.job
    [2011/02/21 00:25:07 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2011/02/21 00:24:27 | 000,200,819 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
    [2011/02/21 00:24:19 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2011/02/21 00:24:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2011/02/21 00:22:16 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2011/02/21 00:09:39 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2011/02/20 23:20:36 | 004,271,401 | R--- | M] () -- C:\Documents and Settings\Kenny\Desktop\ComboFix.exe
    [2011/02/20 22:55:42 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\Kenny\Desktop\RKUnhookerLE.EXE
    [2011/02/20 22:53:53 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Kenny\Desktop\MBRCheck.exe
    [2011/02/20 22:22:18 | 001,246,857 | ---- | M] () -- C:\Documents and Settings\Kenny\Desktop\tdsskiller.zip
    [2011/02/20 16:50:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-117609710-1383384898-725345543-1003Core.job
    [2011/02/20 13:03:03 | 000,094,217 | ---- | M] () -- C:\Documents and Settings\Kenny\Desktop\8 step Cleaning PC.htm
    [2011/02/20 13:00:01 | 000,624,128 | ---- | M] () -- C:\Documents and Settings\Kenny\Desktop\dds.scr
    [2011/02/19 16:55:07 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\Kenny\Desktop\o212feij.exe
    [2011/02/18 16:15:20 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/02/18 16:12:34 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Kenny\Desktop\mbam-setup-1.50.1.1100.exe
    [2011/02/18 15:53:31 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kenny\Desktop\TFC.exe
    [2011/02/18 13:51:09 | 049,788,256 | ---- | M] () -- C:\Documents and Settings\Kenny\Desktop\avira_antivir_personal_en.exe
    [2011/02/17 22:57:45 | 000,000,668 | ---- | M] () -- C:\Documents and Settings\Kenny\Application Data\vso_ts_preview.xml
    [2011/02/17 22:54:00 | 000,137,216 | ---- | M] () -- C:\Documents and Settings\Kenny\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/02/10 11:08:26 | 001,366,104 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Kenny\Desktop\TDSSKiller.exe
    [2011/02/10 03:09:47 | 000,228,800 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2011/02/10 03:05:26 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2011/01/30 13:05:36 | 000,114,243 | ---- | M] () -- C:\WINDOWS\System32\drivers\klin.dat
    [2011/01/30 13:05:36 | 000,097,859 | ---- | M] () -- C:\WINDOWS\System32\drivers\klick.dat
    [2011/01/30 12:39:07 | 116,510,496 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
    [2011/01/30 12:39:07 | 002,572,320 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
    [2011/01/30 12:39:07 | 001,570,880 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
    [2011/01/30 12:39:07 | 000,250,508 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
    [2011/01/29 12:37:59 | 000,043,332 | ---- | M] () -- C:\Documents and Settings\Kenny\Desktop\IMG_0859 (Medium).JPG
    [2011/01/29 01:33:26 | 001,855,057 | ---- | M] () -- C:\Documents and Settings\Kenny\Desktop\IMG_0859.JPG

    ========== Files Created - No Company Name ==========

    [2011/02/21 00:22:08 | 000,001,687 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
    [2011/02/21 00:22:08 | 000,000,974 | ---- | C] () -- C:\Documents and Settings\Kenny\Start Menu\Programs\Startup\Dropbox.lnk
    [2011/02/20 23:28:25 | 000,000,211 | ---- | C] () -- C:\Boot.bak
    [2011/02/20 23:28:20 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2011/02/20 23:26:23 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2011/02/20 23:26:23 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2011/02/20 23:26:23 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2011/02/20 23:26:23 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2011/02/20 23:26:23 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2011/02/20 23:20:51 | 004,271,401 | R--- | C] () -- C:\Documents and Settings\Kenny\Desktop\ComboFix.exe
    [2011/02/20 22:55:46 | 000,133,632 | ---- | C] () -- C:\Documents and Settings\Kenny\Desktop\RKUnhookerLE.EXE
    [2011/02/20 22:54:02 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Kenny\Desktop\MBRCheck.exe
    [2011/02/20 22:22:25 | 001,246,857 | ---- | C] () -- C:\Documents and Settings\Kenny\Desktop\tdsskiller.zip
    [2011/02/20 13:03:02 | 000,094,217 | ---- | C] () -- C:\Documents and Settings\Kenny\Desktop\8 step Cleaning PC.htm
    [2011/02/20 13:00:01 | 000,624,128 | ---- | C] () -- C:\Documents and Settings\Kenny\Desktop\dds.scr
    [2011/02/19 16:55:07 | 000,296,448 | ---- | C] () -- C:\Documents and Settings\Kenny\Desktop\o212feij.exe
    [2011/02/18 16:15:20 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/02/18 15:51:34 | 000,025,954 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\AVSCAN-20110218-135750-58EFBAF9.LOG
    [2011/02/18 13:41:56 | 049,788,256 | ---- | C] () -- C:\Documents and Settings\Kenny\Desktop\avira_antivir_personal_en.exe
    [2011/01/29 12:37:58 | 000,043,332 | ---- | C] () -- C:\Documents and Settings\Kenny\Desktop\IMG_0859 (Medium).JPG
    [2011/01/29 12:37:16 | 001,855,057 | ---- | C] () -- C:\Documents and Settings\Kenny\Desktop\IMG_0859.JPG
    [2010/02/25 21:39:38 | 000,000,668 | ---- | C] () -- C:\Documents and Settings\Kenny\Application Data\vso_ts_preview.xml
    [2010/02/01 19:28:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\UnivMgr.INI
    [2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
    [2008/10/07 00:33:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
    [2008/10/07 00:33:00 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
    [2008/10/07 00:33:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
    [2008/10/07 00:33:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
    [2008/10/07 00:33:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
    [2008/06/11 08:02:34 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
    [2008/06/11 08:02:34 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
    [2008/06/11 08:02:34 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
    [2008/06/11 08:02:34 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
    [2008/06/11 08:02:34 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
    [2008/06/11 08:02:34 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
    [2008/06/11 08:02:32 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
    [2008/06/11 08:02:32 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
    [2008/06/11 08:02:32 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
    [2008/06/05 07:58:26 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
    [2008/03/27 23:26:01 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
    [2008/01/13 19:03:50 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
    [2008/01/13 19:03:50 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
    [2008/01/12 14:51:35 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
    [2007/12/24 17:07:44 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\cdga.dll
    [2007/12/23 18:52:05 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
    [2007/12/23 18:52:04 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
    [2007/09/09 19:20:48 | 000,394,240 | ---- | C] () -- C:\WINDOWS\System32\Smab.dll
    [2007/09/09 13:26:56 | 000,000,369 | ---- | C] () -- C:\WINDOWS\IfoEdit.INI
    [2007/08/26 18:11:07 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\Kenny\Application Data\mpauth.dat
    [2007/07/19 17:45:20 | 000,000,049 | ---- | C] () -- C:\WINDOWS\iltwain.ini
    [2007/07/01 05:12:14 | 003,049,984 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
    [2007/07/01 04:59:22 | 000,517,632 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
    [2007/06/17 05:43:56 | 000,404,480 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
    [2007/06/12 05:21:26 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
    [2007/05/31 17:58:29 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\Kenny\Application Data\pcouffin.log
    [2007/05/31 17:58:25 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Kenny\Application Data\pcouffin.cat
    [2007/05/31 17:58:25 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Kenny\Application Data\pcouffin.inf
    [2007/05/06 13:43:01 | 000,137,216 | ---- | C] () -- C:\Documents and Settings\Kenny\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2007/04/30 20:29:03 | 000,000,488 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2007/04/29 23:33:52 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Kenny\Local Settings\Application Data\fusioncache.dat
    [2007/04/29 22:51:34 | 000,001,543 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
    [2007/04/29 04:34:51 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2007/04/28 11:32:00 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
    [2007/04/28 11:31:50 | 000,006,307 | ---- | C] () -- C:\WINDOWS\System32\LudaP17.ini
    [2007/04/28 11:31:50 | 000,000,039 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
    [2007/04/28 11:31:41 | 000,000,072 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
    [2007/04/28 09:26:14 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
    [2007/04/28 09:26:14 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
    [2007/04/28 09:26:14 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
    [2007/04/28 09:26:14 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
    [2007/04/28 09:26:14 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
    [2007/04/28 09:26:14 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
    [2007/01/09 11:05:50 | 000,026,112 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
    [2006/06/02 16:15:44 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\LDecVorbis.dll
    [2006/05/24 11:37:27 | 000,027,648 | -HS- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
    [2006/02/24 02:41:59 | 000,438,272 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
    [2006/02/24 02:41:59 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\libfaac.dll
    [2006/02/23 10:36:20 | 001,798,144 | ---- | C] () -- C:\WINDOWS\System32\ltmm_n.dll
    [2006/02/23 10:36:20 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\LMOggSpl.dll
    [2006/02/23 10:36:20 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\LMOggMux.dll
    [2005/08/02 16:24:01 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
    [2005/05/03 18:38:42 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\P17.dll
    [2004/10/03 11:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll
    [2004/01/05 02:27:36 | 000,565,248 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
    [2003/10/02 17:48:18 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\P17CPI.dll

    ========== LOP Check ==========

    [2007/05/30 19:06:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avg7
    [2007/12/04 00:06:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eBay
    [2007/05/21 20:35:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
    [2009/08/18 17:25:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FNET
    [2008/01/11 18:34:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
    [2007/12/30 19:55:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Maxtor
    [2007/11/02 09:58:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
    [2010/03/09 22:46:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
    [2007/11/11 16:40:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
    [2010/02/25 22:38:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
    [2010/12/20 21:23:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2010/01/30 21:03:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\KEN\Application Data\Red Kawa
    [2007/11/13 06:03:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\KEN\Application Data\Ulead Systems
    [2011/02/20 08:55:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\KEN\Application Data\UltimateBet
    [2011/01/21 16:21:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kenny\Application Data\Azureus
    [2007/09/02 23:09:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kenny\Application Data\BitTorrent
    [2010/12/24 17:21:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kenny\Application Data\Coby Media Manager
    [2011/02/21 00:25:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kenny\Application Data\Dropbox
    [2009/06/10 19:14:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kenny\Application Data\DVDFab
    [2008/07/06 20:59:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kenny\Application Data\Endicia
    [2009/12/09 18:46:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kenny\Application Data\HandBrake
    [2008/10/31 16:39:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kenny\Application Data\ImgBurn
    [2007/04/28 09:14:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kenny\Application Data\InterTrust
    [2007/04/28 10:36:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kenny\Application Data\InterVideo
    [2010/09/23 16:24:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kenny\Application Data\LimeWire
    [2009/12/19 16:17:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kenny\Application Data\MoveFab
    [2007/11/02 09:56:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kenny\Application Data\NCH Swift Sound
    [2008/09/22 01:06:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kenny\Application Data\OfficeUpdate12
    [2009/12/22 19:51:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kenny\Application Data\Red Kawa
    [2009/12/22 20:11:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kenny\Application Data\Regensoft
    [2007/12/01 13:55:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kenny\Application Data\Snapfish
    [2007/11/11 17:51:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kenny\Application Data\Ulead Systems
    [2011/02/20 22:56:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kenny\Application Data\uTorrent
    [2011/02/15 18:39:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kenny\Application Data\Vso
    [2011/02/21 01:29:40 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{FBCDC0A0-191B-45C6-A5E7-9A92D024FACD}.job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2009/07/20 20:28:13 | 000,060,403 | ---- | M] () -- C:\AdobeDebug.txt
    [2007/04/28 08:54:52 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2008/03/06 23:00:30 | 000,000,211 | ---- | M] () -- C:\Boot.bak
    [2011/02/21 00:22:16 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
    [2011/02/21 00:15:09 | 000,024,793 | ---- | M] () -- C:\ComboFix.txt
    [2007/04/28 08:54:52 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2008/01/05 13:10:01 | 000,093,552 | ---- | M] () -- C:\Cucu_Video_log.txt
    [2007/09/09 19:25:02 | 000,322,388 | ---- | M] () -- C:\get_video.flv.AVI
    [2007/04/28 09:24:16 | 000,000,183 | ---- | M] () -- C:\IMO.log
    [2009/09/15 20:49:01 | 000,001,912 | ---- | M] () -- C:\InstallHelper.log
    [2007/04/28 08:54:52 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2007/04/28 08:54:52 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2004/08/04 07:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2008/08/27 16:56:20 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2011/02/21 00:24:09 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
    [2007/04/28 09:11:23 | 000,000,172 | ---- | M] () -- C:\sigmatel.log
    [2009/05/04 18:46:07 | 000,000,232 | -H-- | M] () -- C:\sqmdata00.sqm
    [2009/05/05 17:41:35 | 000,000,232 | -H-- | M] () -- C:\sqmdata01.sqm
    [2009/05/05 21:41:35 | 000,000,232 | -H-- | M] () -- C:\sqmdata02.sqm
    [2009/05/05 21:53:28 | 000,000,232 | -H-- | M] () -- C:\sqmdata03.sqm
    [2009/05/09 12:22:27 | 000,000,232 | -H-- | M] () -- C:\sqmdata04.sqm
    [2009/06/14 13:42:32 | 000,000,232 | -H-- | M] () -- C:\sqmdata05.sqm
    [2009/03/08 17:12:17 | 000,000,232 | -H-- | M] () -- C:\sqmdata06.sqm
    [2009/03/08 17:14:05 | 000,000,232 | -H-- | M] () -- C:\sqmdata07.sqm
    [2009/03/23 02:27:16 | 000,000,232 | -H-- | M] () -- C:\sqmdata08.sqm
    [2009/03/23 02:29:54 | 000,000,232 | -H-- | M] () -- C:\sqmdata09.sqm
    [2009/03/23 19:45:20 | 000,000,232 | -H-- | M] () -- C:\sqmdata10.sqm
    [2009/03/23 19:46:04 | 000,000,232 | -H-- | M] () -- C:\sqmdata11.sqm
    [2009/03/23 22:24:47 | 000,000,232 | -H-- | M] () -- C:\sqmdata12.sqm
    [2009/03/24 02:29:45 | 000,000,232 | -H-- | M] () -- C:\sqmdata13.sqm
    [2009/03/24 02:35:49 | 000,000,232 | -H-- | M] () -- C:\sqmdata14.sqm
    [2009/03/24 02:50:38 | 000,000,232 | -H-- | M] () -- C:\sqmdata15.sqm
    [2009/03/29 11:58:56 | 000,000,232 | -H-- | M] () -- C:\sqmdata16.sqm
    [2009/04/09 21:30:16 | 000,000,232 | -H-- | M] () -- C:\sqmdata17.sqm
    [2009/04/09 21:34:41 | 000,000,232 | -H-- | M] () -- C:\sqmdata18.sqm
    [2009/04/29 23:31:51 | 000,000,232 | -H-- | M] () -- C:\sqmdata19.sqm
    [2009/05/04 18:46:07 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
    [2009/05/05 17:41:35 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
    [2009/05/05 21:41:35 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
    [2009/05/05 21:53:28 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
    [2009/05/09 12:22:27 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
    [2009/06/14 13:42:32 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
    [2009/03/08 17:12:17 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
    [2009/03/08 17:14:05 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
    [2009/03/23 02:27:16 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
    [2009/03/23 02:29:54 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
    [2009/03/23 19:45:20 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
    [2009/03/23 19:46:04 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
    [2009/03/23 22:24:47 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
    [2009/03/24 02:29:45 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
    [2009/03/24 02:35:49 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
    [2009/03/24 02:50:38 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
    [2009/03/29 11:58:56 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
    [2009/04/09 21:30:15 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
    [2009/04/09 21:34:41 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
    [2009/04/29 23:31:51 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
    [2007/04/28 09:07:54 | 000,000,090 | ---- | M] () -- C:\storage.log
    [2007/05/21 20:30:35 | 000,000,000 | ---- | M] () -- C:\t2ik.am
    [2007/05/21 20:30:35 | 000,000,000 | ---- | M] () -- C:\t2ik.ar
    [2007/05/21 20:30:35 | 000,000,000 | ---- | M] () -- C:\t2ik.as
    [2007/05/21 20:30:35 | 000,000,000 | ---- | M] () -- C:\t2ik.at
    [2007/05/21 20:30:35 | 000,000,000 | ---- | M] () -- C:\t2ik.b0
    [2007/05/21 20:30:36 | 000,000,000 | ---- | M] () -- C:\t2ik.bd
    [2007/05/21 20:30:36 | 000,000,000 | ---- | M] () -- C:\t2ik.be
    [2007/05/21 20:30:36 | 000,000,000 | ---- | M] () -- C:\t2ik.bm
    [2007/05/21 20:30:36 | 000,000,000 | ---- | M] () -- C:\t2ik.bt
    [2007/05/21 20:30:37 | 000,000,000 | ---- | M] () -- C:\t2ik.cc
    [2007/05/21 20:30:37 | 000,000,000 | ---- | M] () -- C:\t2ik.cf
    [2007/05/21 20:30:38 | 000,000,000 | ---- | M] () -- C:\t2ik.cl
    [2007/05/21 20:30:38 | 000,000,000 | ---- | M] () -- C:\t2ik.cr
    [2007/05/21 20:30:38 | 000,000,000 | ---- | M] () -- C:\t2ik.cs
    [2007/05/21 20:30:40 | 000,000,000 | ---- | M] () -- C:\t2ik.ds
    [2007/05/21 20:30:40 | 000,000,000 | ---- | M] () -- C:\t2ik.dt
    [2007/05/21 20:30:41 | 000,000,000 | ---- | M] () -- C:\t2ik.el
    [2007/05/21 20:30:41 | 000,000,000 | ---- | M] () -- C:\t2ik.et
    [2007/05/21 20:30:44 | 000,000,000 | ---- | M] () -- C:\t2ik.gs
    [2007/05/21 20:30:46 | 000,000,000 | ---- | M] () -- C:\t2ik.hm
    [2007/05/21 20:30:46 | 000,000,000 | ---- | M] () -- C:\t2ik.hu
    [2007/05/21 20:30:47 | 000,000,000 | ---- | M] () -- C:\t2ik.ip
    [2007/05/21 20:30:47 | 000,000,000 | ---- | M] () -- C:\t2ik.j0
    [2007/05/21 20:30:48 | 000,000,000 | ---- | M] () -- C:\t2ik.ja
    [2007/05/21 20:30:50 | 000,000,000 | ---- | M] () -- C:\t2ik.ko
    [2007/05/21 20:30:51 | 000,000,000 | ---- | M] () -- C:\t2ik.l0
    [2011/02/20 22:30:23 | 000,042,826 | ---- | M] () -- C:\TDSSKiller.2.4.17.0_20.02.2011_22.25.47_log.txt
    [2007/04/28 09:26:03 | 000,000,175 | ---- | M] () -- C:\uleadpdv.log
    [2007/04/28 09:25:44 | 000,000,175 | ---- | M] () -- C:\uleadvs.log
    [2007/04/28 09:26:17 | 000,000,163 | ---- | M] () -- C:\WinDVD.log
    [2009/01/08 22:29:49 | 000,000,000 | ---- | M] () -- C:\wizard.txt

    < %systemroot%\Fonts\*.com >
    [2006/04/18 14:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
    [2006/06/29 13:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
    [2006/04/18 14:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
    [2006/06/29 13:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2007/04/28 08:54:40 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    [2007/04/09 12:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
    [2008/07/06 05:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >
    [2008/10/25 16:13:39 | 000,006,468 | ---- | M] () -- C:\WINDOWS\system32\Garth Brooks.jpg

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2009/12/27 15:07:50 | 000,007,680 | -HS- | M] () -- C:\Program Files\Thumbs.db

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2007/04/29 04:32:41 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
    [2007/04/29 04:32:41 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
    [2007/04/29 04:32:41 | 000,905,216 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
    [2008/08/27 17:01:28 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2007/04/28 09:00:02 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Kenny\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
    [2007/04/28 09:00:01 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Kenny\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

    < %USERPROFILE%\Desktop\*.exe >
    [2010/10/08 15:25:37 | 003,018,064 | ---- | M] (Siber Systems) -- C:\Documents and Settings\Kenny\Desktop\AiRoboForm-cnetc.exe
    [2011/02/18 13:51:09 | 049,788,256 | ---- | M] () -- C:\Documents and Settings\Kenny\Desktop\avira_antivir_personal_en.exe
    [2010/09/01 21:33:09 | 003,427,248 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Kenny\Desktop\ccsetup235.exe
    [2011/02/20 23:20:36 | 004,271,401 | R--- | M] () -- C:\Documents and Settings\Kenny\Desktop\ComboFix.exe
    [2010/07/21 20:16:12 | 000,895,256 | ---- | M] (DivX, Inc. ) -- C:\Documents and Settings\Kenny\Desktop\DivXInstaller.exe
    [2011/02/18 16:12:34 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Kenny\Desktop\mbam-setup-1.50.1.1100.exe
    [2011/02/20 22:53:53 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Kenny\Desktop\MBRCheck.exe
    [2010/08/16 18:17:44 | 001,794,896 | ---- | M] () -- C:\Documents and Settings\Kenny\Desktop\MoveMediaPlayerWin_071706000001.exe
    [2011/02/19 16:55:07 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\Kenny\Desktop\o212feij.exe
    [2011/02/21 01:33:21 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kenny\Desktop\OTL.exe
    [2011/02/20 22:55:42 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\Kenny\Desktop\RKUnhookerLE.EXE
    [2010/05/25 18:40:00 | 004,614,113 | ---- | M] (LIGHTNING UK!) -- C:\Documents and Settings\Kenny\Desktop\SetupImgBurn_2.5.1.0.exe
    [2011/01/11 18:55:21 | 005,308,997 | ---- | M] (LIGHTNING UK!) -- C:\Documents and Settings\Kenny\Desktop\SetupImgBurn_2.5.4.0.exe
    [2010/03/11 18:18:41 | 003,396,040 | ---- | M] (Softpointer Inc ) -- C:\Documents and Settings\Kenny\Desktop\TagRename355.exe
    [2010/07/05 08:41:58 | 003,404,848 | ---- | M] (Softpointer Inc ) -- C:\Documents and Settings\Kenny\Desktop\TagRename356.exe
    [2010/11/16 20:17:39 | 003,504,096 | ---- | M] (Softpointer Inc ) -- C:\Documents and Settings\Kenny\Desktop\TagRename357.exe
    [2011/02/10 11:08:26 | 001,366,104 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Kenny\Desktop\TDSSKiller.exe
    [2011/02/18 15:53:31 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kenny\Desktop\TFC.exe
    [2010/05/25 21:45:44 | 008,462,272 | ---- | M] (Vuze Inc.) -- C:\Documents and Settings\Kenny\Desktop\Vuze_Installer.exe
    [2010/12/09 05:39:12 | 012,468,680 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Kenny\Desktop\windows-kb890830-v3.14.exe

    < %PROGRAMFILES%\Common Files\*.* >
    [2009/11/22 14:12:06 | 000,007,680 | -HS- | M] () -- C:\Program Files\Common Files\Thumbs.db

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2007/04/28 09:00:01 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Kenny\Favorites\Desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2009/11/01 21:25:15 | 000,007,680 | -HS- | M] () -- C:\Documents and Settings\All Users\Thumbs.db

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >
    [2009/06/30 19:11:33 | 000,000,067 | -HS- | M] () -- C:\Documents and Settings\Kenny\Cookies\desktop.ini
    [2011/02/21 01:34:50 | 000,147,456 | -HS- | M] () -- C:\Documents and Settings\Kenny\Cookies\index.dat

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >
    [2007/06/26 21:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >
    [2008/04/13 19:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
    [2004/08/04 00:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
    [2004/08/04 00:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
    [2008/05/02 09:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
    [2008/04/13 12:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
    [2008/04/13 19:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
    [2007/04/02 13:07:23 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
    [2007/04/02 13:07:23 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
    [2007/04/02 13:07:24 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
    [2009/11/12 23:34:09 | 000,010,240 | -HS- | M] () -- C:\Program Files\Messenger\Thumbs.db
    [2004/08/04 00:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
    [2004/08/04 00:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < End of report >
     
  16. RaceFace

    RaceFace TS Rookie Topic Starter

    OTL Extras logfile created on: 2/21/2011 1:36:38 AM - Run 1
    OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Kenny\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 80.00% Memory free
    5.00 Gb Paging File | 5.00 Gb Available in Paging File | 90.00% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 97.65 Gb Total Space | 40.55 Gb Free Space | 41.52% Space Free | Partition Type: NTFS
    Drive D: | 200.43 Gb Total Space | 41.08 Gb Free Space | 20.50% Space Free | Partition Type: NTFS
    Drive E: | 298.08 Gb Total Space | 36.53 Gb Free Space | 12.26% Space Free | Partition Type: NTFS
    Drive K: | 931.51 Gb Total Space | 140.51 Gb Free Space | 15.08% Space Free | Partition Type: NTFS
    Drive X: | 976.56 Gb Total Space | 78.09 Gb Free Space | 8.00% Space Free | Partition Type: NTFS
    Drive Y: | 420.70 Gb Total Space | 48.31 Gb Free Space | 11.48% Space Free | Partition Type: NTFS

    Computer Name: KEN-5E098FBB7AF | User Name: Kenny | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

    [HKEY_USERS\S-1-5-21-117609710-1383384898-725345543-1003\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [MediaMonkey.1Play] -- "C:\PROGRA~1\MEDIAM~1\MEDIAM~2.EXE" "%1" (Ventis Media Inc.)
    Directory [MediaMonkey.2PlayNext] -- "C:\PROGRA~1\MEDIAM~1\MEDIAM~2.EXE" /NEXT "%1" (Ventis Media Inc.)
    Directory [MediaMonkey.3Enqueue] -- "C:\PROGRA~1\MEDIAM~1\MEDIAM~2.EXE" /ADD "%1" (Ventis Media Inc.)
    Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
    Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
    Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    "139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- ()
    "C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
    "C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
    "C:\Program Files\FlashGet\flashget.exe" = C:\Program Files\FlashGet\flashget.exe:*:Enabled:Flashget -- (FlashGet.com)
    "C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe" = C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe:*:Enabled:Nero ShowTime Essentials -- (Nero AG)
    "C:\Documents and Settings\Kenny\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Kenny\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- ()
    "C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
    "C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze -- (Vuze Inc.)
    "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}" = Zune Language Pack (FR)
    "{0C38EB05-3259-4DD3-9663-74A60C80BA4E}" = Diskeeper Home Edition
    "{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
    "{0FABD3D7-3036-4e78-B29D-58957ADB0A12}" = HP PSC & OfficeJet 3.5
    "{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in
    "{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
    "{1A6A6531-08FC-47AD-BAC4-C41497E71033}" = Nero 7 Essentials
    "{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
    "{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{24C8FBF7-26C6-48ca-834B-A4E5C09E362F}" = AiO_Scan
    "{257EC58E-03FD-472B-A9B6-93F23A3C4CB0}" = Scan
    "{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 10
    "{29CBFC23-05A7-4286-93B8-BABE29BC1033}" = Nero 7 Essentials
    "{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
    "{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource
    "{300D9EF4-2721-4cb4-A6C3-FB2337CFEA2D}" = AIOMinimal
    "{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
    "{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
    "{31E1050B-F69F-4A16-8F5A-E44D31901250}" = Ulead DVD DiskRecorder 2.1.1
    "{34F0D55F-C386-4195-9A5B-961D3F6ACD46}" = InterVideo MediaOne Gallery
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}" = Google Earth
    "{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
    "{52077FB6-B2A4-45EF-8D56-45F6A3247B4E}" = Ulead Pocket DV Show
    "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
    "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
    "{57C7C46A-D35D-492d-A328-4F8C9B5B4B52}" = PrintScreen
    "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
    "{63F2408D-A675-4d97-A256-70EACB6B9B4A}" = AiOSoftware
    "{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011
    "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
    "{734BB64A-5A3D-4624-867D-6358B7068496}" = Sound Blaster Live! 24-bit
    "{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}" = overland
    "{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.0.0.1
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{77A1AE2C-C17A-405C-91C0-8FB90144D7C3}" = MotoConnect
    "{7AD35FDD-A268-44b7-9A8E-4677020CC90B}" = 1300Tour
    "{7C5B4583-7CBF-4289-B195-03B553959DEA}" = VoiceOver Kit
    "{7D59AB1B-B564-44AC-B57F-701A090A7380}" = ASUS nVidia Driver
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
    "{888FFC82-688D-46AB-A776-B417885432B6}" = Zune
    "{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8EAB2384-C794-40ED-A9DD-3270A0D2BB76}" = Ulead VideoStudio 9.0 SE DVD
    "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
    "{90120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
    "{90120000-0014-0000-0000-0000000FF1CE}_PRO_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0014-0000-0000-0000000FF1CE}_PRO_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_PRO_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_PRO_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_PRO_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_PRO_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_PRO_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_PRO_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_PRO_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_PRO_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_PRO_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_PRO_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_PRO_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_PRO_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
    "{9137B992-314D-4DBA-AD25-B5B2575585B2}" = stream_ON
    "{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
    "{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9628389F-8CDE-4D3E-9E06-27CC780E0A6E}" = Intel(R) PRO Network Connections
    "{980606BB-A475-4a85-A665-6E30DB2F28B3}" = 1300Trb
    "{98BCB68E-274F-11D4-B2FA-00105AA9021A}" = DR Systems Web Ambassador
    "{9A4F58EC-AA61-4382-81B3-80971396F851}" = Coby Media Manager
    "{A0673E9E-4510-4AA0-B860-58FD5A7212A1}" = Motorola Driver Installation 4.5.0
    "{A2500497-FD32-493e-B8E5-28D6728DBEF5}" = Readme
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A71822CD-7F77-46a3-B761-D6BA35245E95}" = 1300
    "{A7E07C2B-2220-4415-87E3-784D5814BC93}" = NVIDIA PhysX v8.09.04
    "{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.5
    "{AF226123-1A6F-4ec1-8DEF-E35E7A0D0127}" = Fax
    "{AFBBF30D-ADA9-4313-464E-14458B6BE034}" = PhotoshopdotcomInspirationBrowser
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
    "{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
    "{C73A3AB4-99A4-45E5-B77F-09A3065E0D6A}" = Microsoft IntelliType Pro 6.1
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CB6075D9-F912-40AE-BEA6-E590DA24F16B}" = Adobe Photoshop Elements 7.0
    "{CB83F10A-D02A-4aba-8843-ACAB50D48216}" = 1300_Help
    "{CBCF859F-04BE-4A07-B6FA-F4FAD69EF1ED}" = LightScribe System Software 1.10.27.1
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D186329B-1B4D-408D-ABEC-EA5CE1F182C9}" = Overland
    "{D2A0F8F4-CE50-4857-A21C-3061682B2E87}" = Sansa Media Converter
    "{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware 2007
    "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
    "{EE4ACABF-531E-419A-9225-B8E0FA4955AF}" = Zune Language Pack (ES)
    "{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
    "{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
    "{FF164702-AF8B-4F2F-8038-74A4C536866B}" = Ulead DVD MovieFactory 5 Plus
    "8461-7759-5462-8226" = Vuze
    "Adobe Acrobat 5.0" = Adobe Acrobat 5.0
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Photoshop Elements 7" = Adobe Photoshop Elements 7.0
    "AVIConverter" = AVIConverter 3.0
    "AVS Update Manager_is1" = AVS Update Manager 1.0
    "AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
    "AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
    "Bink and Smacker" = Bink and Smacker
    "BitTorrent" = BitTorrent 5.0.7
    "CCleaner" = CCleaner
    "CDRW Drive Update" = Creative CD Burner Drive Update
    "conduitEngine" = Conduit Engine
    "Creative Jukebox Driver" = Creative Jukebox Driver
    "Cucusoft DVD to Zune + Zune Video Converter Suite_is1" = Cucusoft DVD to Zune + Zune Video Converter Suite 7.7.7.6
    "DAZzle" = DAZzle
    "Device Control" = Device Control
    "DivX Setup.divx.com" = DivX Setup
    "DVD Decrypter" = DVD Decrypter (Remove Only)
    "DVD Shrink_is1" = DVD Shrink 3.2
    "DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5_is1" = DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.2.5.0
    "DVDFab 6_is1" = DVDFab 6.0.1.0 (May 15, 2009)
    "DVDFab Decrypter_is1" = DVDFab Decrypter 3.0.9.6
    "DVDFab Platinum_is1" = DVDFab Platinum 3.1.2.6
    "EAX" = Creative EAX Console
    "FlashGet" = FlashGet 1.9.6.1073
    "Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16
    "Google Desktop" = Google Desktop
    "Handbrake" = Handbrake 0.9.4
    "HECI" = Intel(R) Management Engine Interface
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie7" = Windows Internet Explorer 7
    "ie8" = Windows Internet Explorer 8
    "ImgBurn" = ImgBurn
    "InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011
    "LimeWire" = LimeWire 5.5.8
    "Magic ISO Maker v5.5 (build 0273)" = Magic ISO Maker v5.5 (build 0273)
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "MediaMonkey_is1" = MediaMonkey 3.2
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "Nomad_MuVo_NX" = NOMAD_MuVo_NX
    "NVIDIA Drivers" = NVIDIA Drivers
    "OfotoEZUpload" = KODAK EASYSHARE Gallery Upload ActiveX Control
    "PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1" = Adobe Photoshop.com Inspiration Browser
    "Picasa2" = Picasa 2
    "PRO" = Microsoft Office Professional 2007
    "Replay_AV_800" = Replay AV 8
    "Replay_AV_807" = Replay AV 8
    "Slice" = Slice Uninstall
    "Smart WAV Converter Pro_is1" = Smart WAV Converter Pro
    "SPEAKER" = Creative Speaker Settings
    "SpywareBlaster_is1" = SpywareBlaster v3.5.1
    "Stamp" = Stamp Uninstall
    "SysInfo" = Creative System Information
    "Tag&Rename_is1" = Tag&Rename 3.5.6
    "TurboHddUsb" = TurboHddUsb
    "uTorrent" = µTorrent
    "Videora Android Converter" = Videora Android Converter 5.03
    "Vuze_Remote Toolbar" = Vuze Remote Toolbar
    "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    "Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
    "Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    "Winamp" = Winamp
    "Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
    "Windows Media Encoder 9" = Windows Media Encoder 9 Series
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinPcapInst" = WinPcap 3.1
    "WinRAR archiver" = WinRAR archiver
    "winusb0100" = Microsoft WinUsb 1.0
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01009" = Microsoft User-Mode Driver Framework Feature Pack 1.9
    "Xvid_is1" = Xvid 1.1.3 final uninstall
    "YouTube Downloader App" = YouTube Downloader App 2.03
    "Zune" = Zune

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-117609710-1383384898-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "AI RoboForm" = AI RoboForm
    "Dropbox" = Dropbox
    "Google Chrome" = Google Chrome
    "Move Media Player" = Move Media Player
    "uTorrent" = µTorrent
    "Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 2/16/2011 9:00:34 AM | Computer Name = KEN-5E098FBB7AF | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 2/17/2011 2:20:31 PM | Computer Name = KEN-5E098FBB7AF | Source = crypt32 | ID = 131083
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: An internal certificate chaining error has occurred.

    Error - 2/19/2011 9:02:06 AM | Computer Name = KEN-5E098FBB7AF | Source = Application Error | ID = 1000
    Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
    module jccatch.dll, version 1.8.4.1007, fault address 0x00007859.

    Error - 2/19/2011 9:02:32 AM | Computer Name = KEN-5E098FBB7AF | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 2/19/2011 9:02:33 AM | Computer Name = KEN-5E098FBB7AF | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 2/20/2011 7:36:42 AM | Computer Name = KEN-5E098FBB7AF | Source = Application Error | ID = 1000
    Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
    module jccatch.dll, version 1.8.4.1007, fault address 0x00007859.

    Error - 2/20/2011 7:37:19 AM | Computer Name = KEN-5E098FBB7AF | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 2/20/2011 7:37:22 AM | Computer Name = KEN-5E098FBB7AF | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 2/21/2011 1:18:34 AM | Computer Name = KEN-5E098FBB7AF | Source = EventSystem | ID = 4609
    Description = The COM+ Event System detected a bad return code during its internal
    processing. HRESULT was 80070422 from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
    Please contact Microsoft Product Support Services to report this erro

    Error - 2/21/2011 1:18:34 AM | Computer Name = KEN-5E098FBB7AF | Source = VSS | ID = 8193
    Description = Volume Shadow Copy Service error: Unexpected error calling routine
    CoCreateInstance. hr = 0x80040206.

    [ System Events ]
    Error - 2/21/2011 1:18:38 AM | Computer Name = KEN-5E098FBB7AF | Source = Service Control Manager | ID = 7001
    Description = The Windows Firewall/Internet Connection Sharing (ICS) service depends
    on the Network Connections service which failed to start because of the following
    error: %%1058

    Error - 2/21/2011 1:18:38 AM | Computer Name = KEN-5E098FBB7AF | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    iaStor

    Error - 2/21/2011 1:18:53 AM | Computer Name = KEN-5E098FBB7AF | Source = DCOM | ID = 10005
    Description = DCOM got error "%1058" attempting to start the service netman with
    arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

    Error - 2/21/2011 1:18:54 AM | Computer Name = KEN-5E098FBB7AF | Source = DCOM | ID = 10005
    Description = DCOM got error "%1058" attempting to start the service netman with
    arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

    Error - 2/21/2011 1:18:54 AM | Computer Name = KEN-5E098FBB7AF | Source = DCOM | ID = 10005
    Description = DCOM got error "%1058" attempting to start the service netman with
    arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

    Error - 2/21/2011 1:19:25 AM | Computer Name = KEN-5E098FBB7AF | Source = DCOM | ID = 10005
    Description = DCOM got error "%1058" attempting to start the service EventSystem
    with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

    Error - 2/21/2011 1:19:28 AM | Computer Name = KEN-5E098FBB7AF | Source = DCOM | ID = 10005
    Description = DCOM got error "%1058" attempting to start the service BITS with arguments
    "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

    Error - 2/21/2011 1:19:28 AM | Computer Name = KEN-5E098FBB7AF | Source = DCOM | ID = 10005
    Description = DCOM got error "%1058" attempting to start the service BITS with arguments
    "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

    Error - 2/21/2011 1:19:28 AM | Computer Name = KEN-5E098FBB7AF | Source = DCOM | ID = 10005
    Description = DCOM got error "%1058" attempting to start the service BITS with arguments
    "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

    Error - 2/21/2011 1:24:46 AM | Computer Name = KEN-5E098FBB7AF | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    iaStor


    < End of report >
     
  17. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Good news :)

    [​IMG] 1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    [​IMG] Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
      O15 - HKU\S-1-5-21-117609710-1383384898-725345543-1003\..Trusted Domains: aol.com ([free] http in Trusted sites)
      O15 - HKU\S-1-5-21-117609710-1383384898-725345543-1003\..Trusted Domains: localhost ([]http in Local intranet)
      O15 - HKU\S-1-5-21-117609710-1383384898-725345543-1003\..Trusted Ranges: GD ([http] in Local intranet)
      O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.microsoft.com/OAS/ActiveX/MSDcode.cab (Reg Error: Key error.)
      O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} http://www.creative.com/su/ocx/15026/CTSUEng.cab (Reg Error: Key error.)
      O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/downlo...22/wmv9VCM.CAB (Reg Error: Key error.)
      O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/res...scbase8300.cab (Reg Error: Key error.)
      O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} http://h20270.www2.hp.com/ediags/gmn...tDetection.cab (Reg Error: Key error.)
      O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
      O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://www.creative.com/su/ocx/15029/CTPID.cab (Reg Error: Key error.)
      [2007/05/30 19:06:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avg7
      
      
      :Services
      
      :Reg
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
      "DisableMonitoring" =-
      
      :Files
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    [​IMG] Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  18. RaceFace

    RaceFace TS Rookie Topic Starter

    OK, so I the Eset scan took several hrs to run... It said it was at 99% for like 3 hrs but it was still running... I could see it scanning the 100 of DVD rips I have stored... Anyway, of course, when I woke up this morning I found the black dead screen, and therefore I don't know if the scan completed or not... I do know that up until near the end it did not find any threats...

    Here's what I got:


    All processes killed
    ========== OTL ==========
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.
    Registry key HKEY_USERS\S-1-5-21-117609710-1383384898-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aol.com\free\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-117609710-1383384898-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\localhost\ deleted successfully.
    Registry value HKEY_USERS\S-1-5-21-117609710-1383384898-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\GD\\http deleted successfully.
    Starting removal of ActiveX control {0742B9EF-8C83-41CA-BFBA-830A59E23533}
    Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{0742B9EF-8C83-41CA-BFBA-830A59E23533}\DownloadInformation\\INF .
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{0742B9EF-8C83-41CA-BFBA-830A59E23533}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0742B9EF-8C83-41CA-BFBA-830A59E23533}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{0742B9EF-8C83-41CA-BFBA-830A59E23533}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0742B9EF-8C83-41CA-BFBA-830A59E23533}\ not found.
    Starting removal of ActiveX control {0A5FD7C5-A45C-49FC-ADB5-9952547D5715}
    C:\WINDOWS\Downloaded Program Files\CTSUEng.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{0A5FD7C5-A45C-49FC-ADB5-9952547D5715}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A5FD7C5-A45C-49FC-ADB5-9952547D5715}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{0A5FD7C5-A45C-49FC-ADB5-9952547D5715}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A5FD7C5-A45C-49FC-ADB5-9952547D5715}\ not found.
    Starting removal of ActiveX control {33564D57-0000-0010-8000-00AA00389B71}
    C:\WINDOWS\Downloaded Program Files\WMV9VCM.inf moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{33564D57-0000-0010-8000-00AA00389B71}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33564D57-0000-0010-8000-00AA00389B71}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{33564D57-0000-0010-8000-00AA00389B71}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33564D57-0000-0010-8000-00AA00389B71}\ not found.
    Starting removal of ActiveX control {5ED80217-570B-4DA9-BF44-BE107C0EC166}
    C:\WINDOWS\Downloaded Program Files\wlscBase.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{5ED80217-570B-4DA9-BF44-BE107C0EC166}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5ED80217-570B-4DA9-BF44-BE107C0EC166}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5ED80217-570B-4DA9-BF44-BE107C0EC166}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5ED80217-570B-4DA9-BF44-BE107C0EC166}\ not found.
    Starting removal of ActiveX control {6B75345B-AA36-438A-BBE6-4078B4C6984D}
    C:\WINDOWS\Downloaded Program Files\setup.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{6B75345B-AA36-438A-BBE6-4078B4C6984D}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6B75345B-AA36-438A-BBE6-4078B4C6984D}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6B75345B-AA36-438A-BBE6-4078B4C6984D}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6B75345B-AA36-438A-BBE6-4078B4C6984D}\ not found.
    Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
    C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Starting removal of ActiveX control {F6ACF75C-C32C-447B-9BEF-46B766368D29}
    C:\WINDOWS\Downloaded Program Files\CTPID.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{F6ACF75C-C32C-447B-9BEF-46B766368D29}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F6ACF75C-C32C-447B-9BEF-46B766368D29}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{F6ACF75C-C32C-447B-9BEF-46B766368D29}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F6ACF75C-C32C-447B-9BEF-46B766368D29}\ not found.
    C:\Documents and Settings\All Users\Application Data\Avg7 folder moved successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\\DisableMonitoring deleted successfully.
    ========== FILES ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: KEN
    ->Temp folder emptied: 426079 bytes
    ->Temporary Internet Files folder emptied: 46170908 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 1667 bytes

    User: Kenny
    ->Temp folder emptied: 10430162 bytes
    ->Temporary Internet Files folder emptied: 175800 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 47378304 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 3175 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 2805683 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 159757 bytes

    Total Files Cleaned = 103.00 mb


    [EMPTYFLASH]

    User: Administrator

    User: All Users

    User: Default User

    User: KEN
    ->Flash cache emptied: 0 bytes

    User: Kenny
    ->Flash cache emptied: 0 bytes

    User: LocalService

    User: NetworkService

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.20.6 log created on 02212011_194223

    Files\Folders moved on Reboot...
    File\Folder C:\WINDOWS\temp\kls732D.tmp not found!

    Registry entries deleted on Reboot...








    Results of screen317's Security Check version 0.99.7
    Windows XP Service Pack 3
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Disabled!
    Kaspersky Internet Security 2011
    Antivirus up to date!
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Ad-Aware
    Malwarebytes' Anti-Malware
    CCleaner
    Java(TM) 6 Update 24
    Out of date Java installed!
    Adobe Flash Player 10.2.152.26
    Adobe Reader 8.2.5
    Out of date Adobe Reader installed!
    Mozilla Firefox (3.6.13)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Ad-Aware AAWService.exe
    Ad-Aware AAWTray.exe is disabled!
    Kaspersky Lab Kaspersky Internet Security 2011 avp.exe
    Kaspersky Lab Kaspersky Internet Security 2011 klwtblfs.exe
    ``````````End of Log````````````
     
  19. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Update Adobe Reader

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions.
    Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

    Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
    It's a much smaller file to download and uses a lot less resources than Adobe Reader.
    Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or other garbage.

    ======================================================================

    This scan should be faster....

    Please run a BitDefender Online Scan

    • Disable your antivirus program.
    • Click Start Scanner button.
    • Click Free scan now button
    • Allow browser plug-in to be installed when prompted.
    • Click I Agree to agree to the EULA.
    • Please refrain from using the computer until the scan is finished.
    • When the scan is finished, click on View report.
    • Notepad will open with scan results.
    • Save the report to your desktop and post its content in your next reply.
     
  20. RaceFace

    RaceFace TS Rookie Topic Starter

    OK, the BitDefender Scan did complete, however I was not sure exactly how to remove old versions of Adobe Reader...? I did not see any old versions listed under add/remove prgms anyway...

    The BitFender report was simply a html link, but here's the text:


    BitDefender Online Scanner







    Scan report generated at: Wed, Feb 23, 2011 - 02:34:45









    Scan path: A:\;C:\;D:\;E:\;F:\;G:\;H:\;I:\;K:\;X:\;Y:\;















    Statistics

    Time


    01:16:03

    Files


    418272

    Folders


    17374

    Boot Sectors


    0

    Archives


    8292

    Packed Files


    18019







    Results

    Identified Viruses


    1

    Infected Files


    1

    Suspect Files


    0

    Warnings


    0

    Disinfected


    0

    Deleted Files


    2







    Engines Info

    Virus Definitions


    6678229

    Engine build


    AVCORE v2.1 Windows/i386 11.0.0.42 (Oct 18 2010)

    Scan plugins


    18

    Archive plugins


    44

    Unpack plugins


    10

    E-mail plugins


    6

    System plugins


    4







    Scan Settings

    First Action


    Disinfect

    Second Action


    Delete

    Heuristics


    Yes

    Enable Warnings


    Yes

    Scanned Extensions


    *;

    Exclude Extensions




    Scan Emails


    Yes

    Scan Archives


    Yes

    Scan Packed


    Yes

    Scan Files


    Yes

    Scan Boot


    Yes








    Scanned File



    C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP11\QB\6856f0790cac470e.klq=>(Quarantine-6)


    Infected with: Trojan.Generic.KD.136441

    C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP11\QB\6856f0790cac470e.klq=>(Quarantine-6)


    Deleted

    C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP11\QB\6856f0790cac470e.klq


    Deleted
     
  21. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. Run defrag at your convenience.

    11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    12. Please, let me know, how your computer is doing.
     
  22. RaceFace

    RaceFace TS Rookie Topic Starter

    Great! Thanks again for the help! The computer seems OK, and over night it did not get the dead black screen so that's good. The only new issue I noticed is that "Jusched.exe" always crashes (windows warning saying it had to close) a few minutes after I startup...?

    Here's the OTL log:



    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: KEN
    ->Temp folder emptied: 638089 bytes
    ->Temporary Internet Files folder emptied: 48817488 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 786 bytes

    User: Kenny
    ->Temp folder emptied: 1302256 bytes
    ->Temporary Internet Files folder emptied: 14720903 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 69278053 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 971 bytes

    User: LocalService
    ->Temp folder emptied: 16384 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 251469 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 129.00 mb


    [EMPTYFLASH]

    User: Administrator

    User: All Users

    User: Default User

    User: KEN
    ->Flash cache emptied: 0 bytes

    User: Kenny
    ->Flash cache emptied: 0 bytes

    User: LocalService

    User: NetworkService

    Total Flash Files Cleaned = 0.00 mb

    Restore points cleared and new OTL Restore Point set!

    OTL by OldTimer - Version 3.2.20.6 log created on 02232011_193038

    Files\Folders moved on Reboot...
    File\Folder C:\WINDOWS\temp\klsF1EC.tmp not found!

    Registry entries deleted on Reboot...
     
  23. Broni

    Broni Malware Annihilator Posts: 52,898   +344

  24. RaceFace

    RaceFace TS Rookie Topic Starter

    Thank you!

    Hey Broni, just wanted to say everything's been good and I thank you and this site soo much! I really appreciate the help!
     
  25. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    You're very welcome [​IMG]
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...