Solved Malware help :: google.com searches redirected to google.webhp

Status
Not open for further replies.
F

forgetful

Posts: 13   +0
Hi all,

thanks in advance for providing help and advise.

Step1... Antivirus scanning...

Scanned and cleared. Using AVG with latest updates.


Step2... Temporary File Cleaner:

Installed and runned.



Step3... Malwarebytes log as follows:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6328

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

4/11/2011 12:58:09 PM
mbam-log-2011-04-11 (12-58-09).txt

Scan type: Quick scan
Objects scanned: 176906
Time elapsed: 11 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



Step4... Gmer log as follows:

GMER 1.0.15.15570 - http://www.gmer.net
Rootkit scan 2011-04-15 13:55:36
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort2 WDC_WD5000AADS-00M2B0 rev.01.00A01
Running: oss9e0o8.exe; Driver: C:\DOCUME~1\user\LOCALS~1\Temp\kgaiafod.sys


---- System - GMER 1.0.15 ----

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xBA0F887E]
SSDT spkq.sys ZwEnumerateKey [0xB9ECDDA4]
SSDT spkq.sys ZwEnumerateValueKey [0xB9ECE132]
SSDT spkq.sys ZwOpenKey [0xB9EB50C0]
SSDT spkq.sys ZwQueryKey [0xB9ECE20A]
SSDT spkq.sys ZwQueryValueKey [0xB9ECE08A]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xBA0F8BFE]

INT 0x62 ? 8A856BF8
INT 0x63 ? 8A856BF8
INT 0x63 ? 8A856BF8
INT 0x63 ? 8A697BF8
INT 0x63 ? 8A856BF8
INT 0x82 ? 8A856BF8
INT 0x83 ? 8A697BF8
INT 0xA4 ? 8A697BF8
INT 0xB4 ? 8A697BF8

---- Kernel code sections - GMER 1.0.15 ----

? spkq.sys The system cannot find the file specified. !
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB8F9D360, 0x37388D, 0xE8000020]
.text USBPORT.SYS!DllUnload B8F388AC 5 Bytes JMP 8A6971D8
.text a9brw5nt.SYS B8E6B386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text a9brw5nt.SYS B8E6B3AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text a9brw5nt.SYS B8E6B3C4 3 Bytes [00, 80, 02]
.text a9brw5nt.SYS B8E6B3C9 1 Byte [30]
.text a9brw5nt.SYS B8E6B3C9 11 Bytes [30, 00, 00, 00, 5E, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESI; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\svchost.exe[1200] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00E5000A
.text C:\WINDOWS\System32\svchost.exe[1200] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00E6000A
.text C:\WINDOWS\System32\svchost.exe[1200] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00E4000C
.text C:\WINDOWS\System32\svchost.exe[1200] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 0089000A
.text C:\WINDOWS\System32\svchost.exe[1200] USER32.dll!WindowFromPoint 7E429766 5 Bytes JMP 008A000A
.text C:\WINDOWS\System32\svchost.exe[1200] USER32.dll!GetForegroundWindow 7E429823 5 Bytes JMP 008B000A
.text C:\WINDOWS\System32\svchost.exe[1200] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 00EE000A
.text C:\WINDOWS\Explorer.EXE[2404] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00CF000A
.text C:\WINDOWS\Explorer.EXE[2404] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00D0000A
.text C:\WINDOWS\Explorer.EXE[2404] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00C3000C

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B9EB6042] spkq.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B9EB613E] spkq.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B9EB60C0] spkq.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B9EB6800] spkq.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B9EB66D6] spkq.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B9EC5B90] spkq.sys
IAT \SystemRoot\System32\Drivers\a9brw5nt.SYS[HAL.dll!KfAcquireSpinLock] 18C4830E
IAT \SystemRoot\System32\Drivers\a9brw5nt.SYS[HAL.dll!READ_PORT_UCHAR] 1C959E88
IAT \SystemRoot\System32\Drivers\a9brw5nt.SYS[HAL.dll!KeGetCurrentIrql] 9E880000
IAT \SystemRoot\System32\Drivers\a9brw5nt.SYS[HAL.dll!KfRaiseIrql] 00001CB1
IAT \SystemRoot\System32\Drivers\a9brw5nt.SYS[HAL.dll!KfLowerIrql] 0E798366
IAT \SystemRoot\System32\Drivers\a9brw5nt.SYS[HAL.dll!HalGetInterruptVector] 74AAB000
IAT \SystemRoot\System32\Drivers\a9brw5nt.SYS[HAL.dll!HalTranslateBusAddress] 8986C636
IAT \SystemRoot\System32\Drivers\a9brw5nt.SYS[HAL.dll!KeStallExecutionProcessor] 1A00001C
IAT \SystemRoot\System32\Drivers\a9brw5nt.SYS[HAL.dll!KfReleaseSpinLock] 1C8B86C6
IAT \SystemRoot\System32\Drivers\a9brw5nt.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] C6020000
IAT \SystemRoot\System32\Drivers\a9brw5nt.SYS[HAL.dll!READ_PORT_USHORT] 001C9686
IAT \SystemRoot\System32\Drivers\a9brw5nt.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 86C60200
IAT \SystemRoot\System32\Drivers\a9brw5nt.SYS[HAL.dll!WRITE_PORT_UCHAR] 00001CB2
IAT \SystemRoot\System32\Drivers\a9brw5nt.SYS[WMILIB.SYS!WmiSystemControl] 8800001C
IAT \SystemRoot\System32\Drivers\a9brw5nt.SYS[WMILIB.SYS!WmiCompleteRequest] 001CB99E

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8A8551F8
Device \FileSystem\Fastfat \FatCdrom 8A5D8500
Device \Driver\NetBT \Device\NetBT_Tcpip_{7E7B004A-0321-4519-9FDC-B7A0326145B2} 8A3A5500

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\usbuhci \Device\USBPDO-0 8A6961F8
Device \Driver\usbuhci \Device\USBPDO-1 8A6961F8
Device \Driver\usbuhci \Device\USBPDO-2 8A6961F8
Device \Driver\usbuhci \Device\USBPDO-3 8A6961F8
Device \Driver\usbehci \Device\USBPDO-4 8A6691F8

AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\Ftdisk \Device\HarddiskVolume1 8A8CB1F8
Device \Driver\Cdrom \Device\CdRom0 8A64A1F8
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 8A7CD27F
Device \Driver\atapi \Device\Ide\IdePort0 [B9E2FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP0T0L0-3 8A7CD27F
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [B9E2FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 8A7CD27F
Device \Driver\atapi \Device\Ide\IdePort1 [B9E2FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort2 8A7CD27F
Device \Driver\atapi \Device\Ide\IdePort2 [B9E2FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort3 8A7CD27F
Device \Driver\atapi \Device\Ide\IdePort3 [B9E2FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\Cdrom \Device\CdRom1 8A64A1F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 8A3A5500
Device \Driver\PCI_PNP5970 \Device\0000003f spkq.sys
Device \Driver\NetBT \Device\NetbiosSmb 8A3A5500

AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\usbuhci \Device\USBFDO-0 8A6961F8
Device \Driver\usbuhci \Device\USBFDO-1 8A6961F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A3AA500
Device \Driver\usbuhci \Device\USBFDO-2 8A6961F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A3AA500
Device \Driver\usbuhci \Device\USBFDO-3 8A6961F8
Device \Driver\sptd \Device\1560023470 spkq.sys
Device \Driver\usbehci \Device\USBFDO-4 8A6691F8
Device \Driver\Ftdisk \Device\FtControl 8A8CB1F8
Device \Driver\a9brw5nt \Device\Scsi\a9brw5nt1Port4Path0Target0Lun0 8A6451F8
Device \Driver\a9brw5nt \Device\Scsi\a9brw5nt1 8A6451F8
Device \FileSystem\Fastfat \Fat 8A5D8500

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs 8A5892C8
Device \Device\Ide\IdeDeviceP2T0L0-e -> \??\IDE#DiskWDC_WD5000AADS-00M2B0___________________01.00A01#5&2932390f&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x97 0x3E 0x67 0xFF ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x8A 0xF6 0xF5 0x20 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x6E 0x27 0x2F 0xA5 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x97 0x3E 0x67 0xFF ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x8A 0xF6 0xF5 0x20 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x6E 0x27 0x2F 0xA5 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@LoadAppInit_DLLs 1

---- EOF - GMER 1.0.15 ----



Step5... DDS

I am having difficulties running this, downloaded DDS.scr and when i double click on it to run it, it opens a notepad with gibberish on it. Please advise...
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

====================================================================

You're infected with a rootkit, which, most likely, is preventing DDS from running.

Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
Hi Broni :)

Thank you for assisting me! Here is the log file from TDSSKiller:


2011/04/15 18:21:57.0312 2800 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/15 18:21:57.0890 2800 ================================================================================
2011/04/15 18:21:57.0890 2800 SystemInfo:
2011/04/15 18:21:57.0890 2800
2011/04/15 18:21:57.0890 2800 OS Version: 5.1.2600 ServicePack: 3.0
2011/04/15 18:21:57.0890 2800 Product type: Workstation
2011/04/15 18:21:57.0890 2800 ComputerName: USER-D2B75258E8
2011/04/15 18:21:57.0890 2800 UserName: user
2011/04/15 18:21:57.0890 2800 Windows directory: C:\WINDOWS
2011/04/15 18:21:57.0890 2800 System windows directory: C:\WINDOWS
2011/04/15 18:21:57.0890 2800 Processor architecture: Intel x86
2011/04/15 18:21:57.0890 2800 Number of processors: 2
2011/04/15 18:21:57.0890 2800 Page size: 0x1000
2011/04/15 18:21:57.0890 2800 Boot type: Normal boot
2011/04/15 18:21:57.0890 2800 ================================================================================
2011/04/15 18:21:58.0062 2800 Initialize success
2011/04/15 18:22:00.0250 3960 ================================================================================
2011/04/15 18:22:00.0250 3960 Scan started
2011/04/15 18:22:00.0250 3960 Mode: Manual;
2011/04/15 18:22:00.0250 3960 ================================================================================
2011/04/15 18:22:01.0656 3960 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/04/15 18:22:01.0687 3960 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/04/15 18:22:01.0718 3960 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\WINDOWS\system32\drivers\adfs.sys
2011/04/15 18:22:01.0781 3960 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/04/15 18:22:01.0828 3960 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/04/15 18:22:01.0890 3960 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/04/15 18:22:01.0906 3960 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/04/15 18:22:01.0921 3960 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/04/15 18:22:01.0953 3960 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/04/15 18:22:01.0984 3960 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\WINDOWS\system32\Drivers\avgldx86.sys
2011/04/15 18:22:02.0000 3960 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\WINDOWS\system32\Drivers\avgmfx86.sys
2011/04/15 18:22:02.0031 3960 AvgTdiX (22e3b793c3e61720f03d3a22351af410) C:\WINDOWS\system32\Drivers\avgtdix.sys
2011/04/15 18:22:02.0078 3960 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/04/15 18:22:02.0109 3960 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/04/15 18:22:02.0140 3960 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/04/15 18:22:02.0187 3960 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/04/15 18:22:02.0187 3960 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/04/15 18:22:02.0234 3960 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/04/15 18:22:02.0296 3960 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/04/15 18:22:02.0328 3960 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/04/15 18:22:02.0343 3960 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/04/15 18:22:02.0359 3960 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/04/15 18:22:02.0421 3960 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/04/15 18:22:02.0437 3960 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/04/15 18:22:02.0453 3960 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/04/15 18:22:02.0468 3960 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/04/15 18:22:02.0468 3960 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/04/15 18:22:02.0484 3960 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/04/15 18:22:02.0515 3960 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/04/15 18:22:02.0515 3960 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/04/15 18:22:02.0546 3960 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/04/15 18:22:02.0562 3960 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/04/15 18:22:02.0640 3960 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/04/15 18:22:02.0687 3960 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/04/15 18:22:02.0718 3960 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/04/15 18:22:02.0765 3960 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/04/15 18:22:02.0796 3960 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/04/15 18:22:02.0812 3960 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/04/15 18:22:03.0046 3960 IntcAzAudAddService (47c79f7e330cbb829934d00f64d55fc9) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/04/15 18:22:03.0218 3960 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/04/15 18:22:03.0312 3960 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/04/15 18:22:03.0343 3960 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/04/15 18:22:03.0343 3960 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/04/15 18:22:03.0375 3960 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/04/15 18:22:03.0390 3960 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/04/15 18:22:03.0406 3960 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/04/15 18:22:03.0437 3960 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/04/15 18:22:03.0453 3960 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/04/15 18:22:03.0468 3960 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/04/15 18:22:03.0484 3960 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/04/15 18:22:03.0546 3960 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
2011/04/15 18:22:03.0562 3960 Lbd (336abe8721cbc3110f1c6426da633417) C:\WINDOWS\system32\DRIVERS\Lbd.sys
2011/04/15 18:22:03.0625 3960 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/04/15 18:22:03.0656 3960 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/04/15 18:22:03.0656 3960 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/04/15 18:22:03.0687 3960 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/04/15 18:22:03.0687 3960 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/04/15 18:22:03.0703 3960 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/04/15 18:22:03.0718 3960 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/04/15 18:22:03.0734 3960 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/04/15 18:22:03.0750 3960 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/04/15 18:22:03.0765 3960 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/04/15 18:22:03.0781 3960 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/04/15 18:22:03.0812 3960 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/04/15 18:22:03.0843 3960 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/04/15 18:22:03.0859 3960 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
2011/04/15 18:22:03.0875 3960 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/04/15 18:22:03.0890 3960 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/04/15 18:22:03.0906 3960 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/04/15 18:22:03.0921 3960 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/04/15 18:22:03.0953 3960 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/04/15 18:22:04.0000 3960 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/04/15 18:22:04.0000 3960 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/04/15 18:22:04.0031 3960 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/04/15 18:22:04.0031 3960 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/04/15 18:22:04.0062 3960 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/04/15 18:22:04.0078 3960 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/04/15 18:22:04.0093 3960 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/04/15 18:22:04.0140 3960 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/04/15 18:22:04.0281 3960 nv (9f4384aa43548ddd438f7b7825d11699) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/04/15 18:22:04.0343 3960 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/04/15 18:22:04.0359 3960 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/04/15 18:22:04.0359 3960 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/04/15 18:22:04.0375 3960 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/04/15 18:22:04.0390 3960 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/04/15 18:22:04.0421 3960 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/04/15 18:22:04.0437 3960 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/04/15 18:22:04.0453 3960 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/04/15 18:22:04.0515 3960 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/04/15 18:22:04.0515 3960 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/04/15 18:22:04.0546 3960 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/04/15 18:22:04.0578 3960 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/04/15 18:22:04.0578 3960 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/04/15 18:22:04.0609 3960 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/04/15 18:22:04.0609 3960 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/04/15 18:22:04.0640 3960 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/04/15 18:22:04.0640 3960 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/04/15 18:22:04.0703 3960 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/04/15 18:22:04.0718 3960 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/04/15 18:22:04.0734 3960 RTLE8023xp (185641ad7e80bfce0aa545d3ec79d557) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
2011/04/15 18:22:04.0750 3960 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/04/15 18:22:04.0781 3960 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/04/15 18:22:04.0796 3960 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/04/15 18:22:04.0812 3960 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/04/15 18:22:04.0859 3960 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/04/15 18:22:04.0890 3960 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/04/15 18:22:04.0953 3960 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys
2011/04/15 18:22:04.0953 3960 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2011/04/15 18:22:04.0953 3960 sptd - detected Locked file (1)
2011/04/15 18:22:04.0984 3960 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/04/15 18:22:05.0000 3960 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/04/15 18:22:05.0046 3960 StkCMini (36565318396a9d0a880687d1bb9c7f79) C:\WINDOWS\system32\Drivers\StkCMini.sys
2011/04/15 18:22:05.0078 3960 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/04/15 18:22:05.0093 3960 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/04/15 18:22:05.0109 3960 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/04/15 18:22:05.0140 3960 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/04/15 18:22:05.0218 3960 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/04/15 18:22:05.0250 3960 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/04/15 18:22:05.0265 3960 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/04/15 18:22:05.0296 3960 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/04/15 18:22:05.0359 3960 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/04/15 18:22:05.0390 3960 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/04/15 18:22:05.0421 3960 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/04/15 18:22:05.0437 3960 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/04/15 18:22:05.0468 3960 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/04/15 18:22:05.0484 3960 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/04/15 18:22:05.0500 3960 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/04/15 18:22:05.0515 3960 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/04/15 18:22:05.0531 3960 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/04/15 18:22:05.0562 3960 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/04/15 18:22:05.0578 3960 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/04/15 18:22:05.0578 3960 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/04/15 18:22:05.0640 3960 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/04/15 18:22:05.0656 3960 W8335XP (f0bdc2b474e26117ee77bfdba051fb3c) C:\WINDOWS\system32\DRIVERS\WG311v3XP.sys
2011/04/15 18:22:05.0671 3960 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/04/15 18:22:05.0687 3960 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/04/15 18:22:05.0703 3960 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/04/15 18:22:05.0718 3960 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/04/15 18:22:05.0718 3960 ================================================================================
2011/04/15 18:22:05.0734 3960 Scan finished
2011/04/15 18:22:05.0734 3960 ================================================================================
2011/04/15 18:22:05.0734 3444 Detected object count: 2
2011/04/15 18:22:15.0843 3444 Locked file(sptd) - User select action: Skip
2011/04/15 18:22:15.0890 3444 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/04/15 18:22:15.0890 3444 \HardDisk0 - ok
2011/04/15 18:22:15.0890 3444 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/04/15 18:22:20.0031 2224 Deinitialize success
 
Good job :)

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

==============================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
Hi Broni~ many thanks once again!

Logs from MBRcheck are as follows:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000002d

Kernel Drivers (total 115):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E5000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9EB4000 spzq.sys
0xBA5AA000 \WINDOWS\System32\Drivers\WMILIB.SYS
0xB9E9C000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
0xB9E6E000 ACPI.sys
0xB9E5D000 pci.sys
0xBA0A8000 isapnp.sys
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xBA0B8000 MountMgr.sys
0xB9E3E000 ftdisk.sys
0xBA330000 PartMgr.sys
0xBA0C8000 VolSnap.sys
0xB9E26000 atapi.sys
0xBA0D8000 disk.sys
0xBA0E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9E06000 fltMgr.sys
0xB9DF4000 sr.sys
0xBA0F8000 Lbd.sys
0xB9DDD000 KSecDD.sys
0xB9D50000 Ntfs.sys
0xB9D23000 NDIS.sys
0xB9D09000 Mup.sys
0xBA268000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB8F59000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xB8F45000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB8F1D000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB8F00000 \SystemRoot\system32\DRIVERS\Rtenicxp.sys
0xBA3E0000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB8EDC000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA3E8000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB8E97000 \SystemRoot\system32\DRIVERS\WG311v3XP.sys
0xBA3F0000 \SystemRoot\system32\DRIVERS\fdc.sys
0xB8E83000 \SystemRoot\system32\DRIVERS\parport.sys
0xBA5C2000 \SystemRoot\system32\DRIVERS\ASACPI.sys
0xBA278000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xBA3F8000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBA400000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA288000 \SystemRoot\system32\DRIVERS\serial.sys
0xBA578000 \SystemRoot\system32\DRIVERS\serenum.sys
0xBA298000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBA2A8000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xBA2B8000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB8E60000 \SystemRoot\system32\DRIVERS\ks.sys
0xBA408000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xB8E27000 \SystemRoot\System32\Drivers\aqukvcrg.SYS
0xBA6E6000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBA2C8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xBA58C000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB8E10000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBA2D8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBA2E8000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBA470000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB8DFF000 \SystemRoot\system32\DRIVERS\psched.sys
0xBA2F8000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA478000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA480000 \SystemRoot\system32\DRIVERS\raspti.sys
0xBA308000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA5C8000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB8DA1000 \SystemRoot\system32\DRIVERS\update.sys
0xBA598000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xB962A000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xB6449000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xB6425000 \SystemRoot\system32\drivers\portcls.sys
0xB95FA000 \SystemRoot\system32\drivers\drmk.sys
0xB95EA000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBA5CC000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xBA4B0000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xBA5CE000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA7FE000 \SystemRoot\System32\Drivers\Null.SYS
0xBA5D0000 \SystemRoot\System32\Drivers\Beep.SYS
0xBA348000 \SystemRoot\System32\drivers\vga.sys
0xBA5D2000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA5D4000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xBA370000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBA378000 \SystemRoot\System32\Drivers\Npfs.SYS
0xBA55C000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB570A000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB56B1000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB5677000 \SystemRoot\System32\Drivers\avgtdix.sys
0xB5629000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xB95AA000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xB5601000 \SystemRoot\system32\DRIVERS\netbt.sys
0xB55DF000 \SystemRoot\System32\drivers\afd.sys
0xB959A000 \SystemRoot\system32\DRIVERS\netbios.sys
0xB5514000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB54A4000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xBA168000 \SystemRoot\System32\Drivers\Fips.SYS
0xBA380000 \SystemRoot\System32\Drivers\avgmfx86.sys
0xB5470000 \SystemRoot\System32\Drivers\avgldx86.sys
0xBA1F8000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB5458000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xBA610000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB573D000 \SystemRoot\System32\drivers\Dxapi.sys
0xBA3C0000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA7A4000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xBF5E6000 \SystemRoot\System32\ATMFD.DLL
0xB5140000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB4E6B000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xBA664000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xB4E32000 \SystemRoot\System32\Drivers\adfs.SYS
0xB4C22000 \SystemRoot\system32\DRIVERS\srv.sys
0xB49CE000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xB48A1000 \SystemRoot\system32\drivers\wdmaud.sys
0xB4A4A000 \SystemRoot\system32\drivers\sysaudio.sys
0xB4338000 \SystemRoot\System32\Drivers\HTTP.sys
0xB358A000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll
0x10000000 \Program Files\DAEMON Tools Lite\Engine.dll

Processes (total 52):
0 System Idle Process
4 System
768 C:\WINDOWS\system32\smss.exe
832 csrss.exe
856 C:\WINDOWS\system32\winlogon.exe
900 C:\WINDOWS\system32\services.exe
912 C:\WINDOWS\system32\lsass.exe
1080 C:\WINDOWS\system32\svchost.exe
1148 svchost.exe
1188 C:\WINDOWS\system32\svchost.exe
1244 svchost.exe
1332 svchost.exe
1476 C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
1500 C:\Program Files\AVG\AVG9\avgchsvx.exe
1508 C:\Program Files\AVG\AVG9\avgrsx.exe
1588 C:\Program Files\AVG\AVG9\avgcsrvx.exe
1664 C:\WINDOWS\system32\spoolsv.exe
1744 svchost.exe
1780 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1796 C:\Program Files\AVG\AVG9\avgwdsvc.exe
1820 C:\Program Files\Bonjour\mDNSResponder.exe
248 C:\Program Files\Java\jre6\bin\jqs.exe
356 C:\WINDOWS\system32\nvsvc32.exe
448 C:\WINDOWS\system32\svchost.exe
496 C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
652 C:\WINDOWS\system32\wuauclt.exe
3456 C:\Program Files\AVG\AVG9\avgemc.exe
3516 C:\Program Files\AVG\AVG9\avgnsx.exe
3904 C:\WINDOWS\explorer.exe
4048 C:\Program Files\AVG\AVG9\avgcsrvx.exe
1896 unsecapp.exe
2096 alg.exe
2184 wmiprvse.exe
2624 C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
2652 C:\WINDOWS\RTHDCPL.exe
2776 C:\WINDOWS\system32\rundll32.exe
2828 C:\PROGRA~1\AVG\AVG9\avgtray.exe
2856 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
3160 C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
3200 C:\Program Files\Common Files\Java\Java Update\jusched.exe
3240 C:\Program Files\iTunes\iTunesHelper.exe
3284 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
3336 C:\WINDOWS\system32\ctfmon.exe
3576 C:\Program Files\NETGEAR\WG311v3\WG311v3.exe
2584 C:\Program Files\iPod\bin\iPodService.exe
432 C:\WINDOWS\system32\wuauclt.exe
2080 C:\Program Files\Windows Live\Contacts\wlcomm.exe
3852 C:\Program Files\Mozilla Firefox\firefox.exe
4008 C:\Program Files\Mozilla Firefox\plugin-container.exe
2716 C:\Documents and Settings\user\Desktop\MBRCheck.exe
2736 C:\Program Files\AVG\AVG9\avgscanx.exe
2996 C:\Program Files\AVG\AVG9\avgcsrvx.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: WDCWD5000AADS-00M2B0, Rev: 01.00A01

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!



logs from Combofix as follows:
*note* AVG had been uninstalled using appremover prior to use of combofix

ComboFix 11-04-15.01 - user 04/16/2011 14:52:19.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3583.3098 [GMT 10:00]
Running from: c:\documents and settings\user\Desktop\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((( Files Created from 2011-03-16 to 2011-04-16 )))))))))))))))))))))))))))))))
.
.
2011-04-15 02:18 . 2011-04-12 00:46 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-04-12 01:25 . 2011-04-01 07:22 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-04-12 01:03 . 2011-04-01 07:22 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-04-12 00:39 . 2011-04-12 00:39 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Sunbelt Software
2011-04-12 00:15 . 2011-04-12 00:15 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{6A395471-4AA3-4072-AE1B-9B69A97AD164}
2011-04-12 00:15 . 2011-04-12 00:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2011-04-12 00:15 . 2011-04-12 00:15 -------- d-----w- c:\program files\Lavasoft
2011-04-11 02:59 . 2011-04-11 02:59 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-04-11 02:59 . 2011-04-11 02:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2011-04-11 02:46 . 2011-04-11 02:46 -------- d-----w- c:\documents and settings\user\Application Data\Malwarebytes
2011-04-11 02:43 . 2011-04-11 02:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-04-09 12:02 . 2011-04-12 08:08 -------- d-----w- c:\documents and settings\user\Application Data\Dropbox
2011-04-09 06:48 . 2011-04-09 06:48 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-04-08 10:33 . 2011-04-14 16:02 -------- d-----w- c:\program files\Garena
2011-04-06 01:42 . 2011-04-06 01:42 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2011-04-05 20:19 . 2011-04-05 20:19 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Apple Computer
2011-04-05 16:42 . 2011-04-05 16:42 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2011-04-05 13:52 . 2011-04-05 13:52 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-18 05:36 . 2011-03-12 04:51 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-02-18 05:36 . 2011-03-12 04:51 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-02-09 13:53 . 2008-04-14 12:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2008-04-14 12:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58 . 2010-07-08 21:20 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2010-07-08 21:20 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2008-04-14 12:00 439296 ----a-w- c:\windows\system32\shimgvw.dll
2010-01-23 13:40 . 2010-08-23 11:41 568832 ----a-w- c:\program files\mozilla firefox\plugins\msvcp90.dll
2010-01-23 13:40 . 2010-08-23 11:41 655872 ----a-w- c:\program files\mozilla firefox\plugins\msvcr90.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\user\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\user\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\user\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\user\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-16 16806400]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"nwiz"="nwiz.exe" [2008-05-16 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"UVS10 Preload"="c:\program files\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe" [2006-08-09 36864]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
NETGEAR WG311v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG311v3\WG311v3.exe [2007-9-18 1507328]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\EA GAMES\\Need For Speed Underground\\Speed.exe"=
"c:\\Program Files\\Electronic Arts\\Command & Conquer 4 Tiberian Twilight\\Data\\CNC4.game"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\StarCraft II\\StarCraft II.exe"=
"c:\\Program Files\\Team Fortress 2\\Team Fortress 2\\hl2.exe"=
"c:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Garena\\Garena.exe"=
"c:\\Documents and Settings\\user\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Lavasoft\\Ad-Aware\\Ad-Aware.exe"=
"c:\\Program Files\\Lavasoft\\Ad-Aware\\Ad-AwareAdmin.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [4/12/2011 11:03 AM 64512]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [7/20/2010 7:01 PM 691696]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/9/2011 11:32 AM 136176]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [4/1/2011 5:22 PM 1753048]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\Garena\safedrv.sys --> c:\program files\Garena\safedrv.sys [?]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [4/1/2011 5:22 PM 15232]
S3 StkCMini;Syntek AVStream USB2.0 ATV;c:\windows\system32\drivers\StkCMini.sys [10/22/2010 12:10 PM 1521544]
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-16 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-04-01 13:34]
.
2011-04-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-09 01:32]
.
2011-04-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-09 01:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\w2ak41sc.default\
FF - prefs.js: browser.startup.homepage - SOCCERNET.COM
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
- - - - ORPHANS REMOVED - - - -
.
Notify-avgrsstarter - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-16 14:54
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(692)
c:\windows\system32\MrvGINA.dll
.
- - - - - - - > 'Explorer.exe'(180)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2011-04-16 14:55:47
ComboFix-quarantined-files.txt 2011-04-16 04:55
.
Pre-Run: 110,604,750,848 bytes free
Post-Run: 110,642,774,016 bytes free
.
- - End Of File - - 2F667C5F9319CC3017DE0BB138DE07C5
 
How is redirection?

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
Click to expand...
Please, always follow all of my instructions.
Re-run Combofix, allow Recovery Console installation and post new log.
 
Broni said:
How is redirection?


Please, always follow all of my instructions.
Re-run Combofix, allow Recovery Console installation and post new log.
Click to expand...

Hi Broni.

Sorry, i forgot to mention that i did click yes to all the above, but prior, had turned my internet connection off, hence no recovery console was installed, i left for lunch and left combofix to run, and returned to post up the previous logs.

As now, i have left my internet connection on, a recovery console (i think) was download from microsoft and combofix was runned again with the following logs:





ComboFix 11-04-15.03 - 04/16/2011 18:14:07.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3583.3065 [GMT 10:00]
Running from: c:\documents and settings\user\Desktop\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.
.
((((((((((((((((((((((((( Files Created from 2011-03-16 to 2011-04-16 )))))))))))))))))))))))))))))))
.
.
2011-04-15 03:06 . 2010-12-20 08:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-15 03:06 . 2011-04-15 03:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-15 03:06 . 2010-12-20 08:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-15 02:18 . 2011-04-12 00:46 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-04-12 01:25 . 2011-04-01 07:22 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-04-12 01:03 . 2011-04-01 07:22 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-04-12 00:39 . 2011-04-12 00:39 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Sunbelt Software
2011-04-12 00:15 . 2011-04-12 00:15 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{6A395471-4AA3-4072-AE1B-9B69A97AD164}
2011-04-12 00:15 . 2011-04-12 00:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2011-04-12 00:15 . 2011-04-12 00:15 -------- d-----w- c:\program files\Lavasoft
2011-04-11 02:59 . 2011-04-11 02:59 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-04-11 02:59 . 2011-04-11 02:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2011-04-11 02:46 . 2011-04-11 02:46 -------- d-----w- c:\documents and settings\user\Application Data\Malwarebytes
2011-04-11 02:43 . 2011-04-11 02:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-04-09 12:02 . 2011-04-12 08:08 -------- d-----w- c:\documents and settings\user\Application Data\Dropbox
2011-04-09 06:48 . 2011-04-09 06:48 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-04-08 10:33 . 2011-04-14 16:02 -------- d-----w- c:\program files\Garena
2011-04-06 01:42 . 2011-04-06 01:42 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2011-04-05 20:19 . 2011-04-05 20:19 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Apple Computer
2011-04-05 16:42 . 2011-04-05 16:42 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2011-04-05 13:52 . 2011-04-05 13:52 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-18 05:36 . 2011-03-12 04:51 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-02-18 05:36 . 2011-03-12 04:51 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-02-09 13:53 . 2008-04-14 12:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2008-04-14 12:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58 . 2010-07-08 21:20 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2010-07-08 21:20 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2008-04-14 12:00 439296 ----a-w- c:\windows\system32\shimgvw.dll
2010-01-23 13:40 . 2010-08-23 11:41 568832 ----a-w- c:\program files\mozilla firefox\plugins\msvcp90.dll
2010-01-23 13:40 . 2010-08-23 11:41 655872 ----a-w- c:\program files\mozilla firefox\plugins\msvcr90.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-04-16_04.54.52 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-04-16 08:15 . 2011-04-16 08:15 53248 c:\windows\Temp\catchme.dll
+ 2008-04-14 12:00 . 2011-04-16 05:02 68360 c:\windows\system32\perfc009.dat
- 2008-04-14 12:00 . 2011-04-16 04:53 68360 c:\windows\system32\perfc009.dat
+ 2008-04-14 12:00 . 2011-04-16 05:02 435590 c:\windows\system32\perfh009.dat
- 2008-04-14 12:00 . 2011-04-16 04:53 435590 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\user\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\user\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\user\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\user\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-16 16806400]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"nwiz"="nwiz.exe" [2008-05-16 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"UVS10 Preload"="c:\program files\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe" [2006-08-09 36864]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
NETGEAR WG311v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG311v3\WG311v3.exe [2007-9-18 1507328]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\EA GAMES\\Need For Speed Underground\\Speed.exe"=
"c:\\Program Files\\Electronic Arts\\Command & Conquer 4 Tiberian Twilight\\Data\\CNC4.game"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\StarCraft II\\StarCraft II.exe"=
"c:\\Program Files\\Team Fortress 2\\Team Fortress 2\\hl2.exe"=
"c:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Garena\\Garena.exe"=
"c:\\Documents and Settings\\user\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Lavasoft\\Ad-Aware\\Ad-Aware.exe"=
"c:\\Program Files\\Lavasoft\\Ad-Aware\\Ad-AwareAdmin.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [4/12/2011 11:03 AM 64512]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [7/20/2010 7:01 PM 691696]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/9/2011 11:32 AM 136176]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [4/1/2011 5:22 PM 1753048]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\Garena\safedrv.sys --> c:\program files\Garena\safedrv.sys [?]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [4/1/2011 5:22 PM 15232]
S3 StkCMini;Syntek AVStream USB2.0 ATV;c:\windows\system32\drivers\StkCMini.sys [10/22/2010 12:10 PM 1521544]
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-16 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-04-01 13:34]
.
2011-04-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-09 01:32]
.
2011-04-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-09 01:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\w2ak41sc.default\
FF - prefs.js: browser.startup.homepage - SOCCERNET.COM
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-16 18:15
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(692)
c:\windows\system32\MrvGINA.dll
.
- - - - - - - > 'Explorer.exe'(160)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2011-04-16 18:16:54
ComboFix-quarantined-files.txt 2011-04-16 08:16
ComboFix2.txt 2011-04-16 04:55
.
Pre-Run: 110,559,019,008 bytes free
Post-Run: 110,548,787,200 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 7BA806617A4512F72A8326948094074A
 
Good :)

You didn't say, if you're still getting redirected.

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
Oh Sorry Broni, i thought you mean the redirections of instructions from you, so i didn't reply.

i have been restricting my internet usage till this problem is fixed, so far there have been no redirection problems yet.

this is the log file from extras.txt:


OTL Extras logfile created on: 4/17/2011 4:56:49 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\user\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 82.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 102.95 Gb Free Space | 22.11% Space Free | Partition Type: NTFS

Computer Name: USER-D2B75258E8 | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1078081533-790525478-682003330-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"C:\Program Files\EA GAMES\Need For Speed Underground\Speed.exe" = C:\Program Files\EA GAMES\Need For Speed Underground\Speed.exe:*:Enabled:Speed -- ()
"C:\Program Files\Electronic Arts\Command & Conquer 4 Tiberian Twilight\Data\CNC4.game" = C:\Program Files\Electronic Arts\Command & Conquer 4 Tiberian Twilight\Data\CNC4.game:*:Enabled:Command & Conquer™ 4 -- (Electronic Arts Inc.)
"C:\Program Files\SopCast\SopCast.exe" = C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com)
"C:\Program Files\SopCast\adv\SopAdver.exe" = C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (www.sopcast.com)
"C:\Program Files\StarCraft II\StarCraft II.exe" = C:\Program Files\StarCraft II\StarCraft II.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"C:\Program Files\Team Fortress 2\Team Fortress 2\hl2.exe" = C:\Program Files\Team Fortress 2\Team Fortress 2\hl2.exe:*:Enabled:hl2 -- ()
"C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe" = C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:*:Enabled:Football Manager 2008 -- (Sports Interactive)
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\Garena\Garena.exe" = C:\Program Files\Garena\Garena.exe:*:Enabled:Garena -- (Garena Online PTE LTD)
"C:\Documents and Settings\user\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\user\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe" = C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe:*:Enabled:Ad-Aware -- (Lavasoft Limited)
"C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe" = C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe:*:Enabled:Ad-AwareAdmin -- (Lavasoft Limited )


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP210_series" = Canon MP210 series
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{342F5437-C87D-4BB5-89B9-B23E16C6A395}" = Microsoft VC80 Support DLLs
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45518B6D-9DDF-4144-83E4-A56762524F35}" = USB2.0 Grabber
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{54DBAF71-635A-45CB-A7DD-7EAB60F5C460}" = V-Ray for Rhinoceros 4.0
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5783F2D7-6001-0409-0002-0060B0CE6BBA}" = AutoCAD 2008 - English
"{5C2CBFFD-FC3B-4AA9-993B-CE2B8DA25B87}" = Rhinoceros 4.0
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{70014586-7BBA-4A92-A610-CDC896C48F8F}" = NETGEAR WG311v3 PCI Adapter
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{82696435-8572-4D8B-A230-D1AA567D0F0F}" = Command & Conquer™ 4 Tiberian Twilight
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{8F8D9297-FDD2-405A-97E7-E52C7B2F97B3}" = Ulead VideoStudio SE DVD
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A346205-EA92-4406-B1AB-50379DA3F057}" = Autodesk DWF Viewer 7
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A45F3795-1527-47FA-BE1A-2DD242B439E5}_is1" = Need for Speed - Shift
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A99968BE-C155-474C-0089-33239DEE1CE2}" = Need For Speed Underground
"{AB93BD84-F5E7-4373-9B75-F47FCC00742E}_is1" = Gangland version 1.2
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C768790F-04FB-11E0-9B2C-001AA037B01E}" = Google Earth
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{ECC0CADD-0491-4FB0-AAB8-5DC6C371890E}" = Rhinoceros 4.0 SR7
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_b2d6abde968e6f277ddbfd501383e02" = Adobe Creative Suite 4 Master Collection
"AutoCAD 2008 - English" = AutoCAD 2008 - English
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Football Manager 2008" = Football Manager 2008
"Garena" = Garena 2010
"Grasshopper" = Grasshopper
"Heroes of Might and Magic® III" = Heroes of Might and Magic® III
"ie8" = Windows Internet Explorer 8
"InstallShield_{70014586-7BBA-4A92-A610-CDC896C48F8F}" = NETGEAR WG311v3 PCI Adapter
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.2.0 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"NVIDIA Drivers" = NVIDIA Drivers
"RealPlayer 6.0" = RealPlayer
"Rhino RDK" = Rhino RDK
"SopCast" = SopCast 3.2.9
"StarCraft II" = StarCraft II
"VLC media player" = VLC media player 1.1.2
"VLC Setup Helper_is1" = VLC Setup Helper 3.04
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1078081533-790525478-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Warcraft III" = Warcraft III: All Products

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/22/2011 7:08:00 PM | Computer Name = USER-D2B75258E8 | Source = Application Hang | ID = 1002
Description = Hanging application vlc.exe, version 1.1.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 3/28/2011 9:03:41 AM | Computer Name = USER-D2B75258E8 | Source = Application Error | ID = 1000
Description = Faulting application wg311v3.exe, version 3.2.41.306, faulting module
ntdll.dll, version 5.1.2600.6055, fault address 0x00019af2.

Error - 3/31/2011 1:26:14 AM | Computer Name = USER-D2B75258E8 | Source = Application Error | ID = 1000
Description = Faulting application wg311v3.exe, version 3.2.41.306, faulting module
ntdll.dll, version 5.1.2600.6055, fault address 0x00019af2.

Error - 4/2/2011 1:00:38 AM | Computer Name = USER-D2B75258E8 | Source = Application Error | ID = 1000
Description = Faulting application wg311v3.exe, version 3.2.41.306, faulting module
ntdll.dll, version 5.1.2600.6055, fault address 0x00019af2.

Error - 4/4/2011 9:19:00 AM | Computer Name = USER-D2B75258E8 | Source = Application Error | ID = 1000
Description = Faulting application wg311v3.exe, version 3.2.41.306, faulting module
ntdll.dll, version 5.1.2600.6055, fault address 0x00019af2.

Error - 4/5/2011 9:51:10 AM | Computer Name = USER-D2B75258E8 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 4/5/2011 9:51:11 AM | Computer Name = USER-D2B75258E8 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 4/5/2011 9:52:05 AM | Computer Name = USER-D2B75258E8 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 4/5/2011 9:52:06 AM | Computer Name = USER-D2B75258E8 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 4/5/2011 12:05:29 PM | Computer Name = USER-D2B75258E8 | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module ntdll.dll, version 5.1.2600.6055, fault address 0x00022235.

[ System Events ]
Error - 4/14/2011 11:02:41 PM | Computer Name = USER-D2B75258E8 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM
Service service to connect.

Error - 4/14/2011 11:02:41 PM | Computer Name = USER-D2B75258E8 | Source = Service Control Manager | ID = 7000
Description = The IMAPI CD-Burning COM Service service failed to start due to the
following error: %%1053

Error - 4/14/2011 11:18:23 PM | Computer Name = USER-D2B75258E8 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort2, did not respond within the timeout
period.

Error - 4/14/2011 11:18:27 PM | Computer Name = USER-D2B75258E8 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort2, did not respond within the timeout
period.

Error - 4/14/2011 11:20:17 PM | Computer Name = USER-D2B75258E8 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort2, did not respond within the timeout
period.

Error - 4/16/2011 12:38:10 AM | Computer Name = USER-D2B75258E8 | Source = Service Control Manager | ID = 7034
Description = The AVG Free E-mail Scanner service terminated unexpectedly. It has
done this 1 time(s).

Error - 4/16/2011 12:38:11 AM | Computer Name = USER-D2B75258E8 | Source = Service Control Manager | ID = 7031
Description = The AVG Free WatchDog service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 0 milliseconds:
Restart the service.

Error - 4/16/2011 12:38:11 AM | Computer Name = USER-D2B75258E8 | Source = Service Control Manager | ID = 7034
Description = The AVG Free WatchDog service terminated unexpectedly. It has done
this 2 time(s).

Error - 4/16/2011 3:01:07 AM | Computer Name = USER-D2B75258E8 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.102 for the Network Card with network
address 001E2ACC4C69 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 4/16/2011 11:47:15 AM | Computer Name = USER-D2B75258E8 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.102 for the Network Card with network
address 001E2ACC4C69 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).


< End of report >
 
and now, this is the report from OTL.txt (part 1)


OTL logfile created on: 4/17/2011 4:56:49 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\user\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 82.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 102.95 Gb Free Space | 22.11% Space Free | Partition Type: NTFS

Computer Name: USER-D2B75258E8 | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/17 04:55:28 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe
PRC - [2011/04/01 20:11:50 | 002,651,992 | ---- | M] (Garena Online PTE LTD) -- C:\Program Files\Garena\Garena.exe
PRC - [2011/03/24 13:07:12 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2008/06/12 15:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2008/04/14 22:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/18 09:01:44 | 001,507,328 | ---- | M] () -- C:\Program Files\NETGEAR\WG311v3\WG311v3.exe
PRC - [2006/09/28 19:20:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


========== Modules (SafeList) ==========

MOD - [2011/04/17 04:55:28 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe
MOD - [2010/08/24 02:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/04/11 23:33:54 | 001,753,048 | ---- | M] (Lavasoft Limited) [Auto | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/07/21 06:48:33 | 000,078,536 | ---- | M] (Macrovision ) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe -- (InstallShield Licensing Service)
SRV - [2010/07/21 05:35:44 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/07/19 18:54:30 | 000,085,096 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2006/09/28 19:20:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (GGSAFERDriver)
DRV - [2011/04/01 17:22:02 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2011/04/01 17:22:01 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2010/07/20 19:01:30 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/04/17 06:59:44 | 001,521,544 | ---- | M] (Syntek) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\StkCMini.sys -- (StkCMini)
DRV - [2008/09/25 23:51:42 | 000,115,328 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008/07/17 04:52:00 | 004,747,776 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/12/30 11:07:50 | 000,282,624 | R--- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WG311v3XP.sys -- (W8335XP) NETGEAR WG311v3 802.11g Wireless PCI Adapter for Windows XP (8335)
DRV - [2004/08/15 20:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1078081533-790525478-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKU\S-1-5-21-1078081533-790525478-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1078081533-790525478-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "SOCCERNET.COM"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2010/07/18 19:55:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/01 02:27:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/24 13:07:16 | 000,000,000 | ---D | M]

[2010/07/12 19:52:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Extensions
[2011/04/16 15:11:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\w2ak41sc.default\extensions
[2010/11/10 23:59:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\w2ak41sc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/04/16 15:11:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/11 17:26:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/11 17:26:04 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/01/23 23:40:18 | 000,568,832 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\msvcp90.dll
[2010/01/23 23:40:18 | 000,655,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\msvcr90.dll
[2010/12/11 17:26:03 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/09/11 05:47:06 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/09/11 05:47:06 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/09/11 05:47:06 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/09/11 05:47:06 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/07/21 06:00:20 | 000,000,767 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1078081533-790525478-682003330-1004\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe (Ulead Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG311v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG311v3\WG311v3.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1078081533-790525478-682003330-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1078081533-790525478-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1078081533-790525478-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1078081533-790525478-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (MrvGINA.dll) - C:\WINDOWS\System32\MrvGINA.dll (Marvell(R))
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/07/09 07:24:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.dvacm - C:\Program Files\Common Files\Ulead Systems\VIO\DVACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.MPEGacm - C:\Program Files\Common Files\Ulead Systems\MPEG\MPEGACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.ulmp3acm - C:\Program Files\Common Files\Ulead Systems\MPEG\ulmp3acm.acm (Ulead systems)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2011/04/17 04:55:27 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe
[2011/04/16 18:13:34 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/04/16 14:49:24 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/04/16 14:49:24 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/04/16 14:49:24 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/04/16 14:49:24 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/04/16 14:49:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/04/16 14:33:18 | 006,238,248 | ---- | C] (OPSWAT, Inc.) -- C:\Documents and Settings\user\Desktop\AppRemover.exe
[2011/04/15 18:21:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Desktop\tdsskiller
[2011/04/15 13:06:08 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/04/15 13:06:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/15 13:06:05 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/04/15 13:06:05 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/15 12:52:27 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\TFC.exe
[2011/04/15 12:50:56 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\user\Desktop\mbam-setup-1.50.1.1100(2).exe
[2011/04/15 12:31:34 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/04/15 12:18:52 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/04/13 18:45:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Desktop\Mid_Sem_Save_Folder Folder
[2011/04/12 11:03:27 | 000,064,512 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2011/04/12 10:39:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\Sunbelt Software
[2011/04/12 10:15:47 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{6A395471-4AA3-4072-AE1B-9B69A97AD164}
[2011/04/12 10:15:29 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2011/04/12 10:15:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Lavasoft
[2011/04/12 10:15:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2011/04/11 12:59:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011/04/11 12:46:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Malwarebytes
[2011/04/11 12:43:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/04/09 22:04:05 | 000,000,000 | R--D | C] -- C:\Documents and Settings\user\My Documents\Dropbox
[2011/04/09 22:03:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Start Menu\Programs\Dropbox
[2011/04/09 22:02:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Dropbox
[2011/04/09 16:48:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/04/08 20:33:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Start Menu\Programs\Garena
[2011/04/08 20:33:29 | 000,000,000 | ---D | C] -- C:\Program Files\Garena
[2011/04/06 12:59:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/04/06 11:42:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer
[2011/04/06 06:21:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Real
[2011/04/06 06:19:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Apple Computer
[2011/04/06 02:43:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/04/06 02:42:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/04/05 23:58:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/04/05 23:58:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/03/31 14:56:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Desktop\Laneways
[2011/03/23 15:37:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Desktop\pp3 ref
[2011/03/22 14:24:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Desktop\Blur
[2011/03/22 13:52:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Desktop\3D Trains
[2011/03/22 13:50:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Desktop\Victorian Railway Maps 1860 - 2000
[2011/03/22 12:55:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Desktop\reference_files_oakleigh_armstrong

========== Files - Modified Within 30 Days ==========

[2011/04/17 04:55:28 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe
[2011/04/17 04:37:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/16 23:41:55 | 000,046,706 | ---- | M] () -- C:\Documents and Settings\user\Application Data\room.dat
[2011/04/16 18:13:38 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/04/16 18:12:08 | 004,322,269 | R--- | M] () -- C:\Documents and Settings\user\Desktop\ComboFix.exe
[2011/04/16 15:02:48 | 000,435,590 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/16 15:02:48 | 000,068,360 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/16 14:43:21 | 000,026,590 | ---- | M] () -- C:\WINDOWS\System32\nvwsapps.xml
[2011/04/16 14:43:15 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/16 14:43:15 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/16 14:43:03 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/04/16 14:43:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/16 14:33:27 | 006,238,248 | ---- | M] (OPSWAT, Inc.) -- C:\Documents and Settings\user\Desktop\AppRemover.exe
[2011/04/16 14:32:20 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\user\Desktop\MBRCheck.exe
[2011/04/15 18:21:14 | 001,263,721 | ---- | M] () -- C:\Documents and Settings\user\Desktop\tdsskiller.zip
[2011/04/15 17:39:03 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/15 13:57:19 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\user\Desktop\dds.scr
[2011/04/15 13:06:09 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/04/15 12:53:28 | 000,301,568 | ---- | M] () -- C:\Documents and Settings\user\Desktop\oss9e0o8.exe
[2011/04/15 12:52:27 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\TFC.exe
[2011/04/15 12:51:22 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\user\Desktop\mbam-setup-1.50.1.1100(2).exe
[2011/04/14 12:43:14 | 000,105,472 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/13 19:59:31 | 004,481,024 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Mid_Sem.indd
[2011/04/13 19:59:20 | 008,785,133 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Mid_Sem.pdf
[2011/04/13 19:57:34 | 004,755,456 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Mid_Sem_Save_Folder.indd
[2011/04/13 19:54:14 | 006,049,950 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Week06_Oakleigh_DesignB_Section_Edited.pdf
[2011/04/13 19:43:13 | 000,664,608 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Week06_oakleigh_site_plan_DesignB_001.dwg
[2011/04/13 19:43:02 | 006,043,104 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Week06_Oakleigh_DesignB_Section.pdf
[2011/04/13 19:38:48 | 000,119,453 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Week06_oakleigh_site_plan_DesignB_Plans.pdf
[2011/04/13 19:36:15 | 000,028,955 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Week06_oakleigh_site_plan_DesignB_001 Model (1).pdf
[2011/04/13 19:21:12 | 001,820,384 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Week06_oakleigh_site_plan_DesignB_001.bak
[2011/04/13 19:18:04 | 032,654,747 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Week06_Oakleigh_DesignB 006.3dm
[2011/04/13 19:17:51 | 000,319,603 | ---- | M] () -- C:\Documents and Settings\user\Desktop\MID_SEM_RenderBirds_Eye_Future_ground.png
[2011/04/13 19:12:02 | 000,545,889 | ---- | M] () -- C:\Documents and Settings\user\Desktop\MID_SEM_RenderBirds_Eye_Future_Exploded.png
[2011/04/13 19:11:46 | 000,076,228 | ---- | M] () -- C:\Documents and Settings\user\Desktop\MID_SEM_RenderBirds_Eye_Future_Exploded.jpg
[2011/04/13 19:09:23 | 000,074,076 | ---- | M] () -- C:\Documents and Settings\user\Desktop\MID_SEM_RenderBirds_Eye_Future.jpg
[2011/04/13 19:09:06 | 000,522,320 | ---- | M] () -- C:\Documents and Settings\user\Desktop\MID_SEM_RenderBirds_Eye_Future.png
[2011/04/13 18:43:53 | 001,632,911 | ---- | M] () -- C:\Documents and Settings\user\Desktop\MID_SEM_Render003_002_edited.jpg
[2011/04/13 18:43:31 | 020,261,301 | ---- | M] () -- C:\Documents and Settings\user\Desktop\MID_SEM_Render003_001.psd
[2011/04/13 18:33:37 | 002,510,028 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Blue Skies Over Max Patch.JPG
[2011/04/13 18:32:47 | 000,133,074 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Sky9.jpg
[2011/04/13 18:27:21 | 001,066,961 | ---- | M] () -- C:\Documents and Settings\user\Desktop\MID_SEM_Render002_002edited.jpg
[2011/04/13 18:20:57 | 000,042,229 | ---- | M] () -- C:\Documents and Settings\user\Desktop\6802975-casual-man-reading-a-book-standing-up--isolated-background.jpg
[2011/04/13 18:16:50 | 001,038,385 | ---- | M] () -- C:\Documents and Settings\user\Desktop\MID_SEM_Render001a_002edited.jpg
[2011/04/13 18:14:50 | 000,039,303 | ---- | M] () -- C:\Documents and Settings\user\Desktop\lower-library-bookshelf-mural.jpg
[2011/04/13 18:05:23 | 000,835,722 | ---- | M] () -- C:\Documents and Settings\user\Desktop\MID_SEM_RenderBirds_Eye001.jpg
[2011/04/13 17:52:55 | 000,987,196 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Nearmap_oakleigh_1_20.jpg
[2011/04/13 17:48:25 | 001,849,715 | ---- | M] () -- C:\Documents and Settings\user\Desktop\MID_SEM_RenderBirds_Eye001.png
[2011/04/13 17:39:02 | 001,379,808 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Week05_oakleigh_site_plan_cleaned.dwg
[2011/04/13 17:38:40 | 032,212,552 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Week06_Oakleigh_DesignB 005.3dm
[2011/04/13 17:37:31 | 002,492,039 | ---- | M] () -- C:\Documents and Settings\user\Desktop\MID_SEM_Render002_001.png
[2011/04/13 17:21:54 | 002,027,699 | ---- | M] () -- C:\Documents and Settings\user\Desktop\MID_SEM_Render003_001.png
[2011/04/13 17:14:27 | 002,391,060 | ---- | M] () -- C:\Documents and Settings\user\Desktop\MID_SEM_Render001a_001.png
[2011/04/13 16:36:08 | 002,501,178 | ---- | M] () -- C:\Documents and Settings\user\Desktop\MID_SEM_Render001_001.png
[2011/04/13 15:26:10 | 032,654,708 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Week06_Oakleigh_DesignB 005.3dm.bak
[2011/04/13 15:20:53 | 032,612,067 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Week06_Oakleigh_DesignB 004.3dm
[2011/04/13 15:14:00 | 031,711,831 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Week06_Oakleigh_DesignB 004.3dm.bak
[2011/04/13 06:17:21 | 013,469,868 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Week06_Oakleigh_DesignB 003.3dm
[2011/04/13 01:54:15 | 001,379,808 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Week05_oakleigh_site_plan_cleaned.bak
[2011/04/13 01:54:11 | 013,392,152 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Week06_Oakleigh_DesignB 002.3dm
[2011/04/13 01:24:48 | 013,682,704 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Week06_Oakleigh_DesignB 002.3dm.bak
[2011/04/13 00:36:26 | 013,616,315 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Week06_Oakleigh_DesignB 001.3dm
[2011/04/12 22:27:58 | 000,442,752 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Week05_oakleigh_site_plan_cleaned_RHINO_IMPORT.dwg
[2011/04/12 21:46:20 | 000,440,704 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Week05_oakleigh_site_plan_cleaned_RHINO_IMPORT.bak
[2011/04/12 21:26:13 | 013,515,490 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Week06_Oakleigh_DesignB 001.3dm.bak
[2011/04/12 21:03:56 | 013,511,700 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Week06_Oakleigh_DesignB.3dm
[2011/04/12 10:46:27 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/04/12 10:15:46 | 000,000,885 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2011/04/12 10:15:46 | 000,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2011/04/12 01:40:35 | 013,144,030 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Week06_Oakleigh_DesignB.3dm.bak
[2011/04/11 12:59:24 | 000,016,968 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/04/11 12:24:11 | 000,000,377 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Shortcut to RMIT.lnk
[2011/04/11 02:59:15 | 012,966,802 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Week05_Oakleigh001 009.3dm
[2011/04/11 02:59:09 | 014,991,669 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Week06_Oakleigh_DesignA 001.3dm
[2011/04/11 02:13:25 | 012,964,271 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Week05_Oakleigh001 008.3dm
[2011/04/10 14:52:26 | 012,918,658 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Week05_Oakleigh001 007.3dm
[2011/04/09 22:04:05 | 000,000,991 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Dropbox.lnk
[2011/04/08 20:33:34 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Garena.lnk
[2011/04/07 00:59:14 | 002,565,856 | ---- | M] () -- C:\Documents and Settings\user\Desktop\oakleigh_site_plan.dwg
[2011/04/07 00:09:14 | 013,969,406 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Week06_Oakleigh_DesignA.3dm
[2011/04/06 03:43:23 | 012,890,689 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Week05_Oakleigh001 006.3dm
[2011/04/03 15:33:01 | 001,202,737 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Nearmap_oakleigh_1_50_OP50.jpg
[2011/04/02 03:02:49 | 000,244,672 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Week04_oakleigh_site_plan_RHINO_IMPORT.dwg
[2011/04/01 17:22:02 | 000,064,512 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2011/04/01 17:22:01 | 000,016,432 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2011/03/31 15:17:06 | 000,522,400 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Assignment001-putting the pieces together.dwg
[2011/03/26 00:40:53 | 000,077,597 | ---- | M] () -- C:\WINDOWS\War3Unin.dat
[2011/03/23 16:03:32 | 000,773,118 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Nearmap_ArmstrongCreek_1-50BW.jpg
[2011/03/23 16:00:26 | 000,938,650 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Nearmap_ArmstrongCreek_1-50.jpg
[2011/03/22 12:54:24 | 046,762,525 | ---- | M] () -- C:\Documents and Settings\user\Desktop\reference_files_oakleigh_armstrong.rar
[2011/03/18 11:18:54 | 001,436,696 | ---- | M] () -- C:\Documents and Settings\user\Desktop\armstrong_creek_brief_details.pdf
[2011/03/18 11:18:50 | 002,844,646 | ---- | M] () -- C:\Documents and Settings\user\Desktop\armstrong_creek_reduced_presentation_.pdf
[2011/03/18 11:18:50 | 000,340,798 | ---- | M] () -- C:\Documents and Settings\user\Desktop\oakleigh_station_brief_details_issued.pdf
[2011/03/18 11:18:40 | 003,400,550 | ---- | M] () -- C:\Documents and Settings\user\Desktop\10042fl-a.dwg

========== Files Created - No Company Name ==========

[2011/04/16 18:13:38 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/04/16 18:13:36 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/04/16 14:49:24 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/04/16 14:49:24 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/04/16 14:49:24 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/04/16 14:49:24 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/04/16 14:49:24 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/04/16 14:32:35 | 004,322,269 | R--- | C] () -- C:\Documents and Settings\user\Desktop\ComboFix.exe
[2011/04/16 14:32:19 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\user\Desktop\MBRCheck.exe
[2011/04/15 18:21:13 | 001,263,721 | ---- | C] () -- C:\Documents and Settings\user\Desktop\tdsskiller.zip
[2011/04/15 13:56:54 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\user\Desktop\dds.scr
[2011/04/15 13:06:08 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/04/15 12:53:28 | 000,301,568 | ---- | C] () -- C:\Documents and Settings\user\Desktop\oss9e0o8.exe
[2011/04/13 19:58:30 | 008,785,133 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Mid_Sem.pdf
[2011/04/13 19:58:24 | 004,481,024 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Mid_Sem.indd
[2011/04/13 19:54:14 | 006,049,950 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Week06_Oakleigh_DesignB_Section_Edited.pdf
[2011/04/13 19:43:02 | 006,043,104 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Week06_Oakleigh_DesignB_Section.pdf
[2011/04/13 19:38:46 | 000,119,453 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Week06_oakleigh_site_plan_DesignB_Plans.pdf
[2011/04/13 19:36:15 | 000,028,955 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Week06_oakleigh_site_plan_DesignB_001 Model (1).pdf
[2011/04/13 19:18:01 | 032,654,747 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Week06_Oakleigh_DesignB 006.3dm
[2011/04/13 19:17:51 | 000,319,603 | ---- | C] () -- C:\Documents and Settings\user\Desktop\MID_SEM_RenderBirds_Eye_Future_ground.png
[2011/04/13 19:12:02 | 000,545,889 | ---- | C] () -- C:\Documents and Settings\user\Desktop\MID_SEM_RenderBirds_Eye_Future_Exploded.png
[2011/04/13 19:11:46 | 000,076,228 | ---- | C] () -- C:\Documents and Settings\user\Desktop\MID_SEM_RenderBirds_Eye_Future_Exploded.jpg
[2011/04/13 19:09:23 | 000,074,076 | ---- | C] () -- C:\Documents and Settings\user\Desktop\MID_SEM_RenderBirds_Eye_Future.jpg
[2011/04/13 19:09:06 | 000,522,320 | ---- | C] () -- C:\Documents and Settings\user\Desktop\MID_SEM_RenderBirds_Eye_Future.png
[2011/04/13 18:49:07 | 001,820,384 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Week06_oakleigh_site_plan_DesignB_001.bak
[2011/04/13 18:44:52 | 004,755,456 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Mid_Sem_Save_Folder.indd
[2011/04/13 18:43:52 | 001,632,911 | ---- | C] () -- C:\Documents and Settings\user\Desktop\MID_SEM_Render003_002_edited.jpg
[2011/04/13 18:43:30 | 020,261,301 | ---- | C] () -- C:\Documents and Settings\user\Desktop\MID_SEM_Render003_001.psd
[2011/04/13 18:33:36 | 002,510,028 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Blue Skies Over Max Patch.JPG
[2011/04/13 18:32:47 | 000,133,074 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Sky9.jpg
[2011/04/13 18:27:19 | 001,066,961 | ---- | C] () -- C:\Documents and Settings\user\Desktop\MID_SEM_Render002_002edited.jpg
[2011/04/13 18:20:57 | 000,042,229 | ---- | C] () -- C:\Documents and Settings\user\Desktop\6802975-casual-man-reading-a-book-standing-up--isolated-background.jpg
[2011/04/13 18:16:48 | 001,038,385 | ---- | C] () -- C:\Documents and Settings\user\Desktop\MID_SEM_Render001a_002edited.jpg
[2011/04/13 18:14:50 | 000,039,303 | ---- | C] () -- C:\Documents and Settings\user\Desktop\lower-library-bookshelf-mural.jpg
[2011/04/13 18:05:22 | 000,835,722 | ---- | C] () -- C:\Documents and Settings\user\Desktop\MID_SEM_RenderBirds_Eye001.jpg
[2011/04/13 17:52:53 | 000,987,196 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Nearmap_oakleigh_1_20.jpg
[2011/04/13 17:48:16 | 001,849,715 | ---- | C] () -- C:\Documents and Settings\user\Desktop\MID_SEM_RenderBirds_Eye001.png
[2011/04/13 17:37:18 | 002,492,039 | ---- | C] () -- C:\Documents and Settings\user\Desktop\MID_SEM_Render002_001.png
[2011/04/13 17:21:45 | 002,027,699 | ---- | C] () -- C:\Documents and Settings\user\Desktop\MID_SEM_Render003_001.png
[2011/04/13 17:14:10 | 002,391,060 | ---- | C] () -- C:\Documents and Settings\user\Desktop\MID_SEM_Render001a_001.png
[2011/04/13 16:36:07 | 002,501,178 | ---- | C] () -- C:\Documents and Settings\user\Desktop\MID_SEM_Render001_001.png
[2011/04/13 15:26:07 | 032,654,708 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Week06_Oakleigh_DesignB 005.3dm.bak
[2011/04/13 15:26:07 | 032,212,552 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Week06_Oakleigh_DesignB 005.3dm
[2011/04/13 11:53:20 | 032,612,067 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Week06_Oakleigh_DesignB 004.3dm
[2011/04/13 11:53:20 | 031,711,831 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Week06_Oakleigh_DesignB 004.3dm.bak
[2011/04/13 07:50:24 | 000,664,608 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Week06_oakleigh_site_plan_DesignB_001.dwg
[2011/04/13 06:17:19 | 013,469,868 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Week06_Oakleigh_DesignB 003.3dm
[2011/04/13 01:24:47 | 013,682,704 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Week06_Oakleigh_DesignB 002.3dm.bak
[2011/04/13 01:24:47 | 013,392,152 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Week06_Oakleigh_DesignB 002.3dm
[2011/04/12 21:26:12 | 013,616,315 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Week06_Oakleigh_DesignB 001.3dm
[2011/04/12 21:26:12 | 013,515,490 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Week06_Oakleigh_DesignB 001.3dm.bak
[2011/04/12 11:25:09 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2011/04/12 11:05:26 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/04/12 10:15:46 | 000,000,885 | ---- | C] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2011/04/12 10:15:46 | 000,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2011/04/11 22:55:51 | 000,440,704 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Week05_oakleigh_site_plan_cleaned_RHINO_IMPORT.bak
[2011/04/11 12:59:24 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/04/11 12:42:28 | 013,511,700 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Week06_Oakleigh_DesignB.3dm
[2011/04/11 12:42:28 | 013,144,030 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Week06_Oakleigh_DesignB.3dm.bak
[2011/04/11 12:24:11 | 000,000,377 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Shortcut to RMIT.lnk
[2011/04/11 02:13:30 | 012,966,802 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Week05_Oakleigh001 009.3dm
[2011/04/10 19:34:37 | 012,964,271 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Week05_Oakleigh001 008.3dm
[2011/04/09 22:04:05 | 000,000,991 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Dropbox.lnk
[2011/04/08 20:33:54 | 000,046,706 | ---- | C] () -- C:\Documents and Settings\user\Application Data\room.dat
[2011/04/08 20:33:34 | 000,000,654 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Garena.lnk
[2011/04/06 18:46:21 | 014,991,669 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Week06_Oakleigh_DesignA 001.3dm
[2011/04/06 12:26:43 | 013,969,406 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Week06_Oakleigh_DesignA.3dm
[2011/04/06 03:49:04 | 012,918,658 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Week05_Oakleigh001 007.3dm
[2011/04/06 02:34:43 | 004,010,538 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Pano10.jpg
[2011/04/05 23:59:27 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/04 15:12:45 | 012,890,689 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Week05_Oakleigh001 006.3dm
[2011/04/03 17:30:36 | 000,442,752 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Week05_oakleigh_site_plan_cleaned_RHINO_IMPORT.dwg
[2011/04/03 15:32:59 | 001,202,737 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Nearmap_oakleigh_1_50_OP50.jpg
[2011/04/01 15:08:30 | 001,379,808 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Week05_oakleigh_site_plan_cleaned.dwg
[2011/04/01 15:08:30 | 001,379,808 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Week05_oakleigh_site_plan_cleaned.bak
[2011/03/31 09:45:30 | 000,522,400 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Assignment001-putting the pieces together.dwg
[2011/03/23 16:03:23 | 000,773,118 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Nearmap_ArmstrongCreek_1-50BW.jpg
[2011/03/23 16:00:24 | 000,938,650 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Nearmap_ArmstrongCreek_1-50.jpg
[2011/03/23 12:20:20 | 000,244,672 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Week04_oakleigh_site_plan_RHINO_IMPORT.dwg
[2011/03/22 22:29:55 | 002,565,856 | ---- | C] () -- C:\Documents and Settings\user\Desktop\oakleigh_site_plan.dwg
[2011/03/22 21:39:01 | 030,403,404 | ---- | C] () -- C:\Documents and Settings\user\Desktop\oakleigh.dwg
[2011/03/22 12:53:34 | 046,762,525 | ---- | C] () -- C:\Documents and Settings\user\Desktop\reference_files_oakleigh_armstrong.rar
[2011/03/18 11:18:52 | 001,436,696 | ---- | C] () -- C:\Documents and Settings\user\Desktop\armstrong_creek_brief_details.pdf
[2011/03/18 11:18:50 | 000,340,798 | ---- | C] () -- C:\Documents and Settings\user\Desktop\oakleigh_station_brief_details_issued.pdf
[2011/03/18 11:18:47 | 002,844,646 | ---- | C] () -- C:\Documents and Settings\user\Desktop\armstrong_creek_reduced_presentation_.pdf
[2011/03/18 11:18:39 | 003,400,550 | ---- | C] () -- C:\Documents and Settings\user\Desktop\10042fl-a.dwg
[2010/11/12 01:27:05 | 000,077,597 | ---- | C] () -- C:\WINDOWS\War3Unin.dat
[2010/10/22 12:10:18 | 000,197,648 | ---- | C] () -- C:\WINDOWS\System32\drivers\StkCSF.sys
[2010/10/22 09:58:33 | 000,084,616 | ---- | C] () -- C:\WINDOWS\StkUnist.exe
[2010/08/06 05:15:00 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/08/06 05:15:00 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010/08/06 05:14:59 | 000,790,528 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/08/06 05:14:59 | 000,134,144 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/08/06 05:14:59 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/08/02 05:51:45 | 000,105,472 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/21 06:49:04 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\BongoSDK.10.v40.dll
[2010/07/21 06:49:04 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\BongoSDK.dll
[2010/07/12 19:52:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/07/09 07:40:28 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2010/07/09 07:31:32 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2010/07/09 07:31:23 | 000,022,696 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2010/07/09 07:31:21 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2010/07/09 07:25:46 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/07/09 07:22:11 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/07/09 00:15:53 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/07/09 00:13:17 | 002,241,176 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/05/17 07:01:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/05/17 07:01:00 | 001,630,208 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2008/05/17 07:01:00 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/05/17 07:01:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2008/05/17 07:01:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/05/17 07:01:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/05/17 07:01:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2008/05/17 07:01:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2008/05/17 07:01:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008/04/14 22:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/14 22:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 22:00:00 | 000,435,590 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/14 22:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 22:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 22:00:00 | 000,068,360 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/14 22:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 22:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 22:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 22:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/14 22:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 22:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
 
part 2, broken up because of character limits per post...



========== LOP Check ==========

[2010/07/23 18:56:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2010/07/19 20:58:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2011/03/15 08:54:18 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/07/20 19:01:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2011/04/11 12:59:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/07/21 06:51:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McNeel
[2010/09/25 21:20:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NFS Underground
[2010/10/22 11:22:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2011/03/12 14:53:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/04/12 10:15:48 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{6A395471-4AA3-4072-AE1B-9B69A97AD164}
[2010/08/31 07:59:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Autodesk
[2010/08/23 07:20:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Canon
[2010/12/16 20:02:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Command and Conquer 4
[2010/07/20 19:08:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\DAEMON Tools Lite
[2011/04/12 18:08:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Dropbox
[2010/07/30 17:22:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Robert McNeel & Associates
[2010/12/04 19:26:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Sports Interactive
[2010/10/22 11:23:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Ulead Systems
[2011/04/16 14:43:03 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2011/04/16 14:42:57 | 000,002,684 | ---- | M] () -- C:\aaw7boot.log
[2010/07/09 07:24:28 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/07/09 07:19:28 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/04/16 18:13:38 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2011/04/16 18:16:55 | 000,014,546 | ---- | M] () -- C:\ComboFix.txt
[2010/07/09 07:24:28 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/07/09 07:24:28 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/07/09 07:24:28 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/04/14 22:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/04/14 22:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/04/16 14:42:57 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2011/04/15 18:22:20 | 000,037,368 | ---- | M] () -- C:\TDSSKiller.2.4.21.0_15.04.2011_18.21.57_log.txt
[2011/04/15 18:26:12 | 000,036,728 | ---- | M] () -- C:\TDSSKiller.2.4.21.0_15.04.2011_18.24.34_log.txt

< %systemroot%\Fonts\*.com >
[2006/04/19 08:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/30 07:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/19 08:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/30 07:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2010/07/09 07:24:05 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2007/03/19 22:00:00 | 000,027,136 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD8S.DLL
[2007/03/19 22:00:00 | 000,069,632 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPP8S.DLL
[2008/07/06 22:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2006/10/27 12:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll
[2008/07/06 20:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

Invalid Environment Variable: APPDATA

< %ALLUSERSPROFILE%\Favorites\*.* >

Invalid Environment Variable: APPDATA

< %PROGRAMFILES%\*.* >

Invalid Environment Variable: APPDATA

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2010/07/09 00:12:27 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2010/07/09 00:12:27 | 001,064,960 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2010/07/09 00:12:26 | 000,917,504 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2010/07/09 07:24:39 | 000,000,294 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

Invalid Environment Variable: APPDATA

< %USERPROFILE%\Desktop\*.exe >
[2011/04/16 14:33:27 | 006,238,248 | ---- | M] (OPSWAT, Inc.) -- C:\Documents and Settings\user\Desktop\AppRemover.exe
[2011/04/16 18:12:08 | 004,322,269 | R--- | M] () -- C:\Documents and Settings\user\Desktop\ComboFix.exe
[2011/04/15 12:51:22 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\user\Desktop\mbam-setup-1.50.1.1100(2).exe
[2011/04/16 14:32:20 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\user\Desktop\MBRCheck.exe
[2011/04/15 12:53:28 | 000,301,568 | ---- | M] () -- C:\Documents and Settings\user\Desktop\oss9e0o8.exe
[2011/04/17 04:55:28 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe
[2011/04/15 12:52:27 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\TFC.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

Invalid Environment Variable: APPDATA

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >
[2007/02/02 11:02:00 | 000,313,344 | ---- | M] () -- C:\Documents and Settings\user\My Documents\hjsplit.exe
[2010/11/16 13:12:29 | 2406,737,012 | ---- | M] () -- C:\Documents and Settings\user\My Documents\Team Fortress 2.exe

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/07/09 07:27:28 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\user\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2011/04/17 00:50:06 | 000,065,536 | ---- | M] () -- C:\Documents and Settings\user\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2008/04/14 22:00:00 | 000,208,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

Invalid Environment Variable: AppData

< %ProgramFiles%\Messenger\*.* >
[2008/04/14 22:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2008/04/14 22:00:00 | 000,004,821 | R--- | M] () -- C:\Program Files\Messenger\logowin.gif
[2007/04/03 16:37:24 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2008/05/03 00:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/14 16:00:30 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/14 22:42:30 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2008/04/14 22:00:00 | 000,009,306 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2008/04/14 22:00:00 | 000,018,052 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2008/04/14 22:00:00 | 000,009,306 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2007/04/03 16:37:28 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2007/04/03 16:34:02 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


< End of report >
 
Good news :)

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.

====================================================================

I don't see any AV program running.
I can see Lavasoft Ad-Watch Live! Anti-Virus, but it's not really a proper protection.
You can safely uninstall it.

Install one of these:
- Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html
- Avira free antivirus: http://www.free-av.com/en/download/1/avira_antivir_personal__free_antivirus.html

======================================================================

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

=====================================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


2. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


3. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • IMPORTANT! UN-check Remove found threats
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
Hi Broni,

for step2, i am unable to remove older version of java. when i close my browser and select remove older version, it prompted me to close Internet Explorer, which is not running, and then it crashes and sends an error report, please advise~

as for the antivirus, i had to uninstall avg, and i had already downloaded avast, and planning to install it when i am done with this fix.
 
Log from OTL as follows:



All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32835 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 2179 bytes

User: user
->Temp folder emptied: 4397 bytes
->Temporary Internet Files folder emptied: 456010 bytes
->Java cache emptied: 2027 bytes
->FireFox cache emptied: 52963220 bytes
->Flash cache emptied: 2211 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 10177671 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 61.00 mb


[EMPTYFLASH]

User: All Users

User: Default User

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

User: user
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.22.3 log created on 04172011_055907

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...




moving onto next step...
 
logs from SercurityChecks.exe as follows:


Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
```````````````````````````````
Anti-malware/Other Utilities Check:
Ad-Aware
Malwarebytes' Anti-Malware
Java(TM) 6 Update 24
Out of date Java installed!
Adobe Flash Player 10.2.153.1
Mozilla Firefox (3.6.16)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Ad-Aware AAWService.exe
Ad-Aware AAWTray.exe
``````````End of Log````````````


Point to note, i have uninstalled Ad Aware after running the checks.
 
Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code: 
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how your computer is doing.
 
Log from OTL

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: user
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 65670 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 4303085 bytes
->Flash cache emptied: 769 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 4.00 mb


[EMPTYFLASH]

User: All Users

User: Default User

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

User: user
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.22.3 log created on 04172011_153104

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\user\Local Settings\Application Data\Mozilla\Firefox\Profiles\w2ak41sc.default\Cache\_CACHE_001_ not found!
File\Folder C:\Documents and Settings\user\Local Settings\Application Data\Mozilla\Firefox\Profiles\w2ak41sc.default\Cache\_CACHE_002_ not found!
File\Folder C:\Documents and Settings\user\Local Settings\Application Data\Mozilla\Firefox\Profiles\w2ak41sc.default\Cache\_CACHE_003_ not found!
File\Folder C:\Documents and Settings\user\Local Settings\Application Data\Mozilla\Firefox\Profiles\w2ak41sc.default\Cache\_CACHE_MAP_ not found!

Registry entries deleted on Reboot...
 
Just cleared up the desktop! Installing avast now and will check feedback here if the computer act up again :)

once again, THANK YOU!!! very much Broni, for your patience and your services to the internet community!

Cheers and God Bless!
 
Status
Not open for further replies.

Similar threads

NonTechyDad
Solved Malware removal for my son's pc
2
Replies
33
Views
5K
Broni
Broni
S
  • Locked
Inactive Please help: Infected-or-not?
Replies
2
Views
3K
Broni
Broni
B
Solved Is this malware and how to remove it? "Received message from unexpected origin : chrome-extension://efaidnbmnnnibpcajpcglclefindmkaj
Replies
6
Views
8K
Broni
Broni

Latest posts

Back