Solved Malware won't run

[dirtyboy103us]

hi guys
well i have been reading for 2 days and trying a bunch of stuff to get rid of redirecting virus and i have tried everything to no avail

i have started the 8 steps and have not neen able to get malwarebytes to start it downloads and the set up works but then nothing, even when i try to start on icon

where do i go now, and how do i get there, please help

i Tried to not take up your time with this mess but i think i have probably made it worse

 

[Broni]

Welcome aboard

Complete all steps, you can.

 

[dirtyboy103us]

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-09-03 23:53:05
Windows 5.1.2600 Service Pack 3
Running: lm3ukmzi.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\kwdoikod.sys


---- Kernel code sections - GMER 1.0.15 ----

.rsrc C:\WINDOWS\system32\DRIVERS\redbook.sys entry point in ".rsrc" section [0xF76C2F94]

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device -> \Driver\atapi \Device\Harddisk0\DR0 8A9F7ECC

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACllqlmyje.sys
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@group file system
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xE2 0x63 0x26 0xF1 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x6A 0x9C 0xD6 0x61 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0xFF 0x7C 0x85 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x86 0x8C 0x21 0x01 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xCD 0x44 0xCD 0xB9 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xDF 0x20 0x58 0x62 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0xFB 0xA7 0x78 0xE6 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0xAA 0x52 0xC6 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xB2 0x46 0x9A 0xE2 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0xB1 0xCD 0x45 0x5A ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0x2A 0xB7 0xCC 0xB5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0xFA 0xEA 0x66 0x7F ...

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\DRIVERS\redbook.sys suspicious modification
File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----

 

[dirtyboy103us]

DDS (Ver_10-03-17.01) - NTFSx86
Run by Owner at 0:47:14.77 on Sat 09/04/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1309 [GMT -4:00]

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\system32\dla\DLACTRLW.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\WINDOWS\system32\TDispVol.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Sun\SDK\jdk\bin\javaw.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://msn.com/
uInternet Settings,ProxyServer = http=127.0.0.1:6522
uInternet Settings,ProxyOverride = <local>
BHO: TranslatorBar 1 Toolbar: {00bf7b9c-acd2-4080-bea8-b1c41987070f} - c:\program files\translatorbar_1\tbTran.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: TranslatorBar 1 Toolbar: {00bf7b9c-acd2-4080-bea8-b1c41987070f} - c:\program files\translatorbar_1\tbTran.dll
TB: {D0523BB4-21E7-11DD-9AB7-415B56D89593} - No File
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Yahoo! Pager] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quiet
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [jvvwhrlu] c:\documents and settings\owner\local settings\application data\mdelihtqq\dahbcdptssd.exe
uRun: [wmsdk64_32.exe] c:\docume~1\owner\locals~1\temp\wmsdk64_32.exe
uRun: [RegistryBooster] "c:\program files\uniblue\registrybooster\launcher.exe" delay 20000
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [THotkey] c:\program files\toshiba\toshiba applet\thotkey.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [Tvs] c:\program files\toshiba\tvs\TvsTray.exe
mRun: [TPSMain] TPSMain.exe
mRun: [SmoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe
mRun: [dla] c:\windows\system32\dla\DLACTRLW.exe
mRun: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [USBToolTip] "c:\program files\pinnacle\shared files\\programs\usbtip\USBTip.exe"
mRun: [TDispVol] TDispVol.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Verizon_McciTrayApp] "c:\program files\verizon\McciTrayApp.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
dRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 2.1\program\quickstart.exe
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\sdktra~1.lnk - c:\sun\sdk\jdk\bin\javaw.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\deskto~1.lnk - c:\program files\research in motion\blackberry\DesktopMgr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ramasst.lnk - c:\windows\system32\RAMASST.exe
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
dPolicies-system: DisableTaskMgr = 1 (0x1)
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: Web-Based Email Tools - hxxp://email.secureserver.net/Download.CAB
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.0.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - hxxp://driveragent.com/files/driveragent.cab
DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.3.0.cab
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 nwprovau

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-9-2 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-9-2 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-9-2 267432]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-9-2 60936]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 QuickBooksDB17;QuickBooksDB17;c:\progra~1\intuit\quickb~1\qbdbmgrn.exe -hvquickbooksdb17 --> c:\progra~1\intuit\quickb~1\QBDBMgrN.exe -hvQuickBooksDB17 [?]
S1 uxlmjfxw;uxlmjfxw;\??\c:\windows\system32\drivers\uxlmjfxw.sys --> c:\windows\system32\drivers\uxlmjfxw.sys [?]
S2 aawservice;Lavasoft Ad-Aware Service;"c:\program files\lavasoft\ad-aware\aawservice.exe" --> c:\program files\lavasoft\ad-aware\aawservice.exe [?]
S2 gupdate1ca40e5bebe50f4;Google Update Service (gupdate1ca40e5bebe50f4);c:\program files\google\update\GoogleUpdate.exe [2009-9-29 133104]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2006-5-13 30192]
S3 SVRPEDRV;SVRPEDRV;\??\c:\docume~1\owner\locals~1\temp\rarsfx0\s10vwf\pedrv.sys --> c:\docume~1\owner\locals~1\temp\rarsfx0\s10vwf\PEDrv.sys [?]

=============== Created Last 30 ================

2010-09-03 18:53:59 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-03 18:53:57 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-03 18:53:57 0 d-----w- c:\program files\Malwarebytes' Anti-Malware3
2010-09-02 12:02:08 0 d-----w- c:\docume~1\owner\applic~1\Avira
2010-09-02 11:58:10 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-09-02 11:58:10 0 d-----w- c:\program files\Avira
2010-09-02 11:58:10 0 d-----w- c:\docume~1\alluse~1\applic~1\Avira
2010-09-02 11:41:54 0 d-----w- c:\docume~1\owner\applic~1\Uniblue
2010-09-02 02:47:19 1088 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2010-09-01 22:40:09 0 d-----w- c:\docume~1\owner\applic~1\ElevatedDiagnostics
2010-09-01 21:33:36 2607 ----a-w- C:\TIMSLINE.p10
2010-09-01 12:04:22 0 d-----w- c:\program files\Malwarebytes' Anti-Malware2
2010-08-31 12:26:43 0 d-----w- c:\docume~1\alluse~1\applic~1\STOPzilla!
2010-08-31 11:05:30 0 d--h--w- c:\windows\system32\GroupPolicy
2010-08-30 15:56:44 453 ----a-w- c:\program files\0830201011564409.bat
2010-08-08 14:57:21 0 d-----w- C:\0beafcea724b194507f7ff04
2010-08-05 21:52:23 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe

==================== Find3M ====================

2010-08-20 17:08:38 17408 ----a-w- C:\psapi.dll
2010-08-18 19:01:08 46 -c--a-w- c:\documents and settings\owner\jagex_runescape_preferences.dat
2010-08-18 18:58:24 99 ----a-w- c:\documents and settings\owner\jagex_runescape_preferences2.dat
2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\msxml3.dll
2002-07-26 22:02:06 153088 -c--a-w- c:\program files\UNWISE.EXE
2010-01-24 00:00:36 32768 -csha-w- c:\windows\system32\config\systemprofile\application data\microsoft\internet explorer\userdata\index.dat
2010-01-25 05:40:23 245760 -csha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat
2009-04-01 12:08:55 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009040120090402\index.dat
2010-01-25 05:40:23 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012010011820100125\index.dat
2010-01-25 05:40:23 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012010012520100126\index.dat

============= FINISH: 0:49:18.46 ===============

 

[dirtyboy103us]

part 1

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 2/9/2007 4:21:07 PM
System Uptime: 9/3/2010 11:54:33 PM (1 hours ago)

Motherboard: Intel Corporation | | CAPELL VALLEY(NAPA) CRB
Processor: Intel(R) Core(TM)2 CPU T5500 @ 1.66GHz | U2E1 | 1662/mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 149 GiB total, 22.869 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1071: 6/6/2010 5:08:01 AM - System Checkpoint
RP1072: 6/7/2010 8:56:17 PM - System Checkpoint
RP1073: 6/9/2010 8:01:31 AM - System Checkpoint
RP1074: 6/10/2010 8:16:45 AM - System Checkpoint
RP1075: 6/11/2010 5:21:17 PM - System Checkpoint
RP1076: 6/12/2010 11:02:26 PM - System Checkpoint
RP1077: 6/14/2010 8:13:28 AM - System Checkpoint
RP1078: 6/15/2010 5:40:14 PM - System Checkpoint
RP1079: 6/16/2010 11:26:58 PM - System Checkpoint
RP1080: 6/17/2010 1:53:09 PM - Configured Microsoft Office Small Business 2007 Trial
RP1081: 6/17/2010 2:22:56 PM - Configured Microsoft Office Small Business 2007 Trial
RP1082: 6/18/2010 4:13:35 PM - System Checkpoint
RP1083: 6/20/2010 1:07:34 PM - System Checkpoint
RP1084: 6/21/2010 1:27:10 PM - System Checkpoint
RP1085: 6/22/2010 7:26:44 AM - Configured Microsoft Office Small Business 2007 Trial
RP1086: 6/23/2010 11:56:09 AM - System Checkpoint
RP1087: 6/23/2010 7:45:50 PM - Software Distribution Service 3.0
RP1088: 6/25/2010 2:15:50 AM - System Checkpoint
RP1089: 6/25/2010 7:56:55 AM - Configured Microsoft Office Small Business 2007 Trial
RP1090: 6/26/2010 8:34:22 AM - System Checkpoint
RP1091: 6/27/2010 7:37:15 AM - Software Distribution Service 3.0
RP1092: 6/28/2010 8:28:47 AM - System Checkpoint
RP1093: 6/29/2010 12:37:18 PM - System Checkpoint
RP1094: 6/30/2010 10:37:36 PM - System Checkpoint
RP1095: 7/2/2010 12:02:24 PM - System Checkpoint
RP1096: 7/3/2010 12:50:29 PM - System Checkpoint
RP1097: 7/5/2010 1:16:03 PM - System Checkpoint
RP1098: 7/6/2010 3:15:08 PM - System Checkpoint
RP1099: 7/7/2010 3:20:19 PM - System Checkpoint
RP1100: 7/8/2010 11:30:24 PM - System Checkpoint
RP1101: 7/10/2010 5:30:27 AM - System Checkpoint
RP1102: 7/11/2010 11:30:28 AM - System Checkpoint
RP1103: 7/12/2010 3:19:15 PM - System Checkpoint
RP1104: 7/14/2010 2:16:38 AM - System Checkpoint
RP1105: 7/15/2010 9:01:21 AM - System Checkpoint
RP1106: 7/16/2010 1:35:16 PM - System Checkpoint
RP1107: 7/17/2010 7:36:22 PM - System Checkpoint
RP1108: 7/19/2010 1:35:21 AM - System Checkpoint
RP1109: 7/20/2010 5:07:21 AM - System Checkpoint
RP1110: 7/21/2010 11:07:29 AM - System Checkpoint
RP1111: 7/22/2010 2:08:05 PM - System Checkpoint
RP1112: 7/23/2010 9:32:29 PM - System Checkpoint
RP1113: 7/25/2010 3:32:37 AM - System Checkpoint
RP1114: 7/26/2010 11:53:37 AM - System Checkpoint
RP1115: 7/27/2010 4:35:22 PM - System Checkpoint
RP1116: 7/28/2010 5:14:40 PM - System Checkpoint
RP1117: 7/29/2010 11:03:17 PM - System Checkpoint
RP1118: 7/31/2010 5:03:22 AM - System Checkpoint
RP1119: 8/1/2010 11:04:28 AM - System Checkpoint
RP1120: 8/2/2010 6:35:32 PM - System Checkpoint
RP1121: 8/3/2010 11:03:37 PM - System Checkpoint
RP1122: 8/5/2010 5:03:40 AM - System Checkpoint
RP1123: 8/7/2010 9:37:39 PM - System Checkpoint
RP1124: 8/8/2010 10:29:08 AM - Software Distribution Service 3.0
RP1125: 8/8/2010 10:56:19 AM - Software Distribution Service 3.0
RP1126: 8/8/2010 12:09:08 PM - Software Distribution Service 3.0
RP1127: 1/8/2009 11:38:10 AM - Restore Operation
RP1128: 1/8/2009 4:13:38 PM - Restore Operation
RP1129: 8/9/2010 12:22:24 AM - Removed Trend Micro AntiVirus.
RP1130: 8/10/2010 6:34:06 AM - System Checkpoint
RP1131: 8/11/2010 12:44:50 PM - System Checkpoint
RP1132: 8/12/2010 6:34:14 PM - System Checkpoint
RP1133: 8/13/2010 10:07:25 PM - System Checkpoint
RP1134: 8/14/2010 4:41:49 AM - Software Distribution Service 3.0
RP1135: 8/15/2010 4:51:43 PM - System Checkpoint
RP1136: 8/16/2010 6:12:38 PM - System Checkpoint
RP1137: 8/18/2010 11:39:46 AM - System Checkpoint
RP1138: 8/19/2010 4:19:50 PM - System Checkpoint
RP1139: 8/20/2010 10:13:22 PM - System Checkpoint
RP1140: 8/21/2010 4:41:42 PM - Removed hp officejet v series
RP1141: 8/22/2010 6:44:35 PM - System Checkpoint
RP1142: 8/24/2010 12:13:49 AM - System Checkpoint
RP1143: 8/25/2010 6:13:57 AM - System Checkpoint
RP1144: 8/26/2010 12:14:16 PM - System Checkpoint
RP1145: 8/27/2010 7:27:50 PM - System Checkpoint
RP1146: 8/29/2010 3:58:56 PM - System Checkpoint
RP1147: 8/31/2010 7:07:47 AM - Restore Operation
RP1148: 8/31/2010 7:25:58 AM - avast! Free Antivirus Setup
RP1149: 8/31/2010 7:34:42 AM - avast! Pro Antivirus Setup
RP1150: 8/31/2010 8:26:27 AM - Installed STOPzilla. Available with Windows Installer version 1.2 and later.
RP1151: 9/1/2010 6:27:21 PM - Software Distribution Service 3.0
RP1152: 9/1/2010 6:34:13 PM - Installed %1 %2.
RP1153: 9/2/2010 6:56:36 AM - Removed STOPzilla. Available with Windows Installer version 1.2 and later.
RP1154: 9/2/2010 7:19:34 AM - avast! Pro Antivirus Setup
RP1155: 9/2/2010 7:29:39 AM - Removed Thunder Screenreader
RP1156: 9/2/2010 7:30:34 AM - Removed WebbIE 3 and Accessible Programs
RP1157: 9/3/2010 10:29:58 AM - System Checkpoint

==== Installed Programs ======================

Adobe Flash Player 10 ActiveX
Adobe Reader 7.1.0
Adobe Shockwave Player 11.5
Avira AntiVir Personal - Free Antivirus
BlackBerry Desktop Software 5.0.1
BlackBerry® Media Sync
Blackhawk Striker 2
Blasterball 2 Revolution
Bluetooth Stack for Windows by Toshiba
CD/DVD Drive Acoustic Silencer
Chilly
Chuzzle Deluxe
Compressor Performance Calculator
Critical Update for Windows Media Player 11 (KB959772)
DanCap
Danfoss RS+3
Desktop Dialer
DiscAPI (Studio 10)
DivX Web Player
DVD-RAM Driver
EPSON Printer Software
ESPNMotion
FATE
GemMaster Mystic
Google Chrome
Google Desktop
Google Toolbar for Internet Explorer
Google Update Helper
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
ieSpell
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet/Wireless Software
InterVideo WinDVD Creator 2
InterVideo WinDVD for TOSHIBA
Java Platform, Enterprise Edition 5 SDK
Java(TM) 6 Update 15
Java(TM) 6 Update 7
Learning QuickBooks 2007
Mah Jong Quest
Malwarebytes' Anti-Malware
mCore
mDrWiFi
mHelp
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2003 Web Components
Microsoft Office Accounting 2007
Microsoft Office Accounting ADP Payroll Addin
Microsoft Office Accounting Equifax Addin
Microsoft Office Accounting Fixed Asset Manager
Microsoft Office Accounting PayPal Addin
Microsoft Office Excel MUI (English) 2007
Microsoft Office Excel Viewer 2003
Microsoft Office OneNote 2003
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business 2007
Microsoft Office Small Business 2007 Trial
Microsoft Office Small Business Connectivity Components
Microsoft Office Standard Edition 2003
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Desktop Engine (PINNACLESYS)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
mIWA
mLogView
mMHouse
Motherboard Monitor 5
mPfMgr
mPfWiz
mProSafe
MSN
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6 Service Pack 2 (KB954459)
mWlsSafe
mXML
mZConfig
Office 2003 Trial Assistant
OpenOffice.org 2.1
Otto
Penguins!
Petersons
Picasa 2
Pinnacle Instant DVD Recorder
Pinnacle MediaServer
Pixelfusion WMP Plugin 1.60
Polar Bowler
Polar Golfer
QuickBooks Pro 2007
QuickBooks Product Listing Service
QuickTime
RAPID (Studio 10)

 

[Broni]

You're infected with a rootkit....

Download TDSSKiller and save it to your desktop.

• Extract (unzip) its contents to your desktop.
• Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
• If an infected file is detected, the default action will be Cure, click on Continue.
• If a suspicious file is detected, the default action will be Skip, click on Continue.
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
• If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

 

[dirtyboy103us]

part 2

RealNetworks - Microsoft Visual C++ 2005 Runtime
RealPlayer
Realtek High Definition Audio Driver
SCRABBLE
Scrabble Blast Deluxe
SD Secure Module
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
SmartSound Quicktracks Plugin
Sonic DLA
Sonic Encoders
Sonic RecordNow!
StanrefProHX 06-01-2008
Studio 10
Studio 10 Bonus DVD
SupportSoft Assisted Service
Synaptics Pointing Device Driver
Temperature Converter
Texas Instruments PCIxx21/x515/xx12 drivers.
TIPCI
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Controls
TOSHIBA Game Console
TOSHIBA Hotkey Utility
Toshiba Media Center Game Console
TOSHIBA PC Diagnostic Tool
TOSHIBA Power Saver
Toshiba Registration
TOSHIBA SD Memory Card Format
TOSHIBA Software Modem
TOSHIBA Software Upgrades
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA TouchPad ON/Off Utility
TOSHIBA TV Tuner 4.0.12.73
TOSHIBA Utilities
TOSHIBA Virtual Sound
TOSHIBA Zooming Utility
TranslatorBar 1 Toolbar
TVAnts 1.0
Unity Web Player
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
Verizon Help and Support Tool
VeryPDF PDF2Word v3.0
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Vz In Home Agent
WebFldrs XP
WildTangent Web Driver
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live OneCare safety scanner
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell(TM) 1.0
Windows XP Media Center Edition 2005 KB888316
Windows XP Media Center Edition 2005 KB894553
Windows XP Media Center Edition 2005 KB895678
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Music Jukebox
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

9/3/2010 9:05:36 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD avgio avipbb Fips intelppm IPSec mbmiodrvr MRxSmb NetBIOS NetBT PCLEPCI RasAcd Rdbss ssmdrv Tcpip Tcpip6
9/3/2010 2:42:44 PM, error: Service Control Manager [7031] - The Avira AntiVir Guard service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
9/3/2010 2:42:39 PM, error: Service Control Manager [7031] - The Avira AntiVir Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
9/2/2010 12:28:42 PM, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
9/1/2010 8:46:30 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service ntmssvc with arguments "-Service" in order to run the server: {D61A27C6-8F53-11D0-BFA0-00A024151983}
9/1/2010 8:39:35 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the ConfigFree Service service to connect.
9/1/2010 8:04:09 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 aswSnx aswSP aswTdi Fips intelppm KR10N mbmiodrvr ohci1394 PCLEPCI
9/1/2010 5:30:53 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 aswSnx aswSP aswTdi avgio avipbb Fips intelppm KR10N mbmiodrvr ohci1394 PCLEPCI ssmdrv
9/1/2010 5:20:21 PM, error: Service Control Manager [7024] - The SQL Server (MSSMLBIZ) service terminated with service-specific error 1814 (0x716).
9/1/2010 5:20:21 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the QuickBooks Database Manager Service service to connect.
9/1/2010 5:10:36 PM, error: Service Control Manager [7034] - The Pinnacle Systems Media Service service terminated unexpectedly. It has done this 1 time(s).
9/1/2010 5:10:35 PM, error: Service Control Manager [7034] - The TOSHIBA Application Service service terminated unexpectedly. It has done this 1 time(s).
9/1/2010 5:10:33 PM, error: Service Control Manager [7034] - The Swupdtmr service terminated unexpectedly. It has done this 1 time(s).
9/1/2010 5:10:33 PM, error: Service Control Manager [7034] - The SQL Server (MSSMLBIZ) service terminated unexpectedly. It has done this 1 time(s).
9/1/2010 5:10:33 PM, error: Service Control Manager [7034] - The MSSQL$PINNACLESYS service terminated unexpectedly. It has done this 1 time(s).
9/1/2010 5:10:32 PM, error: Service Control Manager [7034] - The QuickBooks Database Manager Service service terminated unexpectedly. It has done this 1 time(s).
9/1/2010 5:10:32 PM, error: Service Control Manager [7034] - The Intel(R) PROSet/Wireless Registry Service service terminated unexpectedly. It has done this 1 time(s).
9/1/2010 5:10:31 PM, error: Service Control Manager [7034] - The McciCMService service terminated unexpectedly. It has done this 1 time(s).
9/1/2010 5:10:31 PM, error: Service Control Manager [7034] - The EPSON V3 Service4(01) service terminated unexpectedly. It has done this 1 time(s).
9/1/2010 5:10:30 PM, error: Service Control Manager [7034] - The DVD-RAM_Service service terminated unexpectedly. It has done this 1 time(s).
9/1/2010 5:10:26 PM, error: Service Control Manager [7031] - The AOL TopSpeed Monitor service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
9/1/2010 5:10:24 PM, error: Service Control Manager [7034] - The Intel(R) PROSet/Wireless Service service terminated unexpectedly. It has done this 1 time(s).
9/1/2010 5:10:24 PM, error: Service Control Manager [7034] - The Intel(R) PROSet/Wireless Event Log service terminated unexpectedly. It has done this 1 time(s).
9/1/2010 10:42:01 PM, error: Service Control Manager [7034] - The ConfigFree Service service terminated unexpectedly. It has done this 1 time(s).
8/31/2010 8:33:54 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: KR10N
8/31/2010 6:50:10 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the SQL Server (MSSMLBIZ) service to connect.
8/31/2010 6:50:10 AM, error: Service Control Manager [7000] - The SQL Server (MSSMLBIZ) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/30/2010 8:40:41 AM, error: RemoteAccess [20106] - Unable to add the interface {E8944181-3B5B-4CFB-944B-CD632302E395} with the Router Manager for the IP protocol. The following error occurred: Cannot complete this function.
8/30/2010 11:36:49 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 aswSP aswTdi Fips intelppm mbmiodrvr PCLEPCI
8/30/2010 11:07:48 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Lavasoft Ad-Aware Service service to connect.
8/30/2010 11:07:48 AM, error: Service Control Manager [7000] - The DgiVecp service failed to start due to the following error: The system cannot find the file specified.
8/30/2010 11:05:39 AM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
8/30/2010 11:05:39 AM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
8/29/2010 6:49:22 AM, error: Service Control Manager [7022] - The Pinnacle Systems Media Service service hung on starting.
8/29/2010 6:23:02 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
8/29/2010 10:41:04 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
8/29/2010 10:39:43 AM, error: Service Control Manager [7034] - The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s).
8/28/2010 3:46:11 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/28/2010 3:46:05 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
8/28/2010 1:40:04 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
8/28/2010 1:38:39 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD aswSP aswTdi Fips intelppm IPSec mbmiodrvr MRxSmb NetBIOS NetBT PCLEPCI RasAcd Rdbss Tcpip Tcpip6
8/28/2010 1:38:39 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
8/28/2010 1:38:39 PM, error: Service Control Manager [7001] - The IPv6 Helper Service service depends on the Microsoft IPv6 Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/28/2010 1:38:39 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/28/2010 1:38:39 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/28/2010 1:38:39 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.

==== End Of File ===========================

 

[Broni]

We posted at the same time, so I'm not sure, if you saw my previous reply....

 

[dirtyboy103us]

i hope i did this right and thanks for the help

 

[Broni]

You did fine.
Make sure to read my reply #6.

 

[dirtyboy103us]

wow that was amazing

 

[Broni]

What was?...LOL

 

[dirtyboy103us]

i didn't even finish posting and you had the cure

C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/09/04 01:15:05.0602 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/09/04 01:15:05.0649 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/09/04 01:15:05.0696 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/09/04 01:15:05.0758 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/09/04 01:15:05.0836 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/09/04 01:15:05.0977 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/09/04 01:15:06.0133 w39n51 (b1f126e7e28877106d60e6ff3998d033) C:\WINDOWS\system32\DRIVERS\w39n51.sys
2010/09/04 01:15:06.0305 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/09/04 01:15:06.0383 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
2010/09/04 01:15:06.0446 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/09/04 01:15:06.0508 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2010/09/04 01:15:06.0555 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/09/04 01:15:06.0633 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/09/04 01:15:06.0774 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/09/04 01:15:06.0852 ================================================================================
2010/09/04 01:15:06.0852 Scan finished
2010/09/04 01:15:06.0852 ================================================================================
2010/09/04 01:15:06.0852 Detected object count: 1
2010/09/04 01:15:39.0774 redbook (ac144fee380b4cda31b8247beccee1d6) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/09/04 01:15:39.0774 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\redbook.sys. Real md5: ac144fee380b4cda31b8247beccee1d6, Fake md5: f828dd7e1419b6653894a8f97a0094c5
2010/09/04 01:15:40.0821 Backup copy found, using it..
2010/09/04 01:15:40.0836 C:\WINDOWS\system32\DRIVERS\redbook.sys - will be cured after reboot
2010/09/04 01:15:40.0836 Rootkit.Win32.TDSS.tdl3(redbook) - User select action: Cure
2010/09/04 01:15:55.0024 Deinitialize success

 

[Broni]

Haha....

1. Delete your GMER file, download new one and post fresh log.

2. Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

3. Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
   NOTE1. If Combofix asks you to install Recovery Console, please allow it.
   NOTE 2. If Combofix asks you to update the program, always do so.
   • Close any open browsers.
   • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
   • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
   • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
4. Double click on combofix.exe & follow the prompts.
5. When finished, it will produce a report for you.
6. Please post the "C:\ComboFix.txt"

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

 

[dirtyboy103us]

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-09-05 00:58:11
Windows 5.1.2600 Service Pack 3
Running: nn3dfywv.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\kwdoikod.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACllqlmyje.sys
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@group file system
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xE2 0x63 0x26 0xF1 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x6A 0x9C 0xD6 0x61 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0xFF 0x7C 0x85 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x86 0x8C 0x21 0x01 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xCD 0x44 0xCD 0xB9 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xDF 0x20 0x58 0x62 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0xFB 0xA7 0x78 0xE6 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0xAA 0x52 0xC6 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xB2 0x46 0x9A 0xE2 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0xB1 0xCD 0x45 0x5A ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0x2A 0xB7 0xCC 0xB5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0xFA 0xEA 0x66 0x7F ...

---- EOF - GMER 1.0.15 ----

 

[dirtyboy103us]

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 164):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806FF000 \WINDOWS\system32\hal.dll
0xF7987000 \WINDOWS\system32\KDCOM.DLL
0xF7897000 \WINDOWS\system32\BOOTVID.dll
0xF75A8000 ACPI.sys
0xF7989000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7597000 pci.sys
0xF75F7000 isapnp.sys
0xF7607000 ohci1394.sys
0xF7617000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF789B000 compbatt.sys
0xF789F000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7A4F000 pciide.sys
0xF7707000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF74D9000 pcmcia.sys
0xF7627000 MountMgr.sys
0xF74BA000 ftdisk.sys
0xF798B000 dmload.sys
0xF7494000 dmio.sys
0xF78A3000 ACPIEC.sys
0xF7A50000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xF770F000 PartMgr.sys
0xF7637000 VolSnap.sys
0xF747C000 atapi.sys
0xF744A000 KR10N.sys
0xF7432000 \WINDOWS\system32\drivers\SCSIPORT.SYS
0xF7647000 disk.sys
0xF7657000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF7412000 fltmgr.sys
0xF7400000 sr.sys
0xF7881000 DRVMCDB.SYS
0xF7667000 PxHelp20.sys
0xBA7E9000 KSecDD.sys
0xBA75C000 Ntfs.sys
0xBA72F000 NDIS.sys
0xBA715000 Mup.sys
0xF7687000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xF792B000 \SystemRoot\system32\DRIVERS\tunmp.sys
0xBA635000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF792F000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xB94F3000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
0xB94DF000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB94B7000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB935A000 \SystemRoot\system32\DRIVERS\w39n51.sys
0xB9D43000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB9336000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xB9D3B000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB930E000 \SystemRoot\system32\drivers\tifm21.sys
0xB92FA000 \SystemRoot\system32\DRIVERS\sdbus.sys
0xB92D2000 \SystemRoot\system32\DRIVERS\e100b325.sys
0xBA625000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xB9D33000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xB92A3000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xF79D1000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xB9D2B000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA615000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF7747000 \SystemRoot\System32\Drivers\ASAPIW2K.sys
0xF774F000 \SystemRoot\system32\drivers\iviaspi.sys
0xF7933000 \SystemRoot\system32\drivers\pfc.sys
0xF79D3000 \SystemRoot\System32\Drivers\DLACDBHM.SYS
0xBA605000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF7697000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB9280000 \SystemRoot\system32\DRIVERS\ks.sys
0xF7AA2000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF79D5000 \SystemRoot\System32\Drivers\RootMdm.sys
0xF77C7000 \SystemRoot\System32\Drivers\Modem.SYS
0xF76A7000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF794B000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB9269000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF76B7000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF76C7000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF77CF000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB9258000 \SystemRoot\system32\DRIVERS\psched.sys
0xF76D7000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF77DF000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF77E7000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF77EF000 \SystemRoot\system32\DRIVERS\RimSerial.sys
0xB9228000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF76F7000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF79D9000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB91A2000 \SystemRoot\system32\DRIVERS\update.sys
0xBA6D5000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xB9174000 \SystemRoot\system32\DRIVERS\MarvinBus.sys
0xBA6D1000 \SystemRoot\system32\DRIVERS\tbiosdrv.sys
0xF79DB000 \SystemRoot\system32\DRIVERS\NBSMI.sys
0xF7587000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xA8C05000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xA8BE1000 \SystemRoot\system32\drivers\portcls.sys
0xF7547000 \SystemRoot\system32\drivers\drmk.sys
0xF7537000 \SystemRoot\system32\DRIVERS\Tvs.sys
0xF77FF000 \SystemRoot\system32\DRIVERS\tsxt_kern_i386.sys
0xF780F000 \SystemRoot\system32\DRIVERS\wowhd_kern_i386.sys
0xF7527000 \SystemRoot\system32\DRIVERS\csiidecoder_kern_i386.sys
0xA89B7000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0xBA695000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7993000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xB9DB0000 \SystemRoot\System32\Drivers\Null.SYS
0xF7995000 \SystemRoot\System32\Drivers\Beep.SYS
0xB9D6B000 \SystemRoot\System32\Drivers\DLARTL_N.SYS
0xB9D63000 \SystemRoot\System32\drivers\vga.sys
0xF7997000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7999000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xA8870000 \SystemRoot\System32\Drivers\meiudf.sys
0xA885F000 \SystemRoot\System32\Drivers\Udfs.SYS
0xB9D5B000 \SystemRoot\System32\Drivers\Msfs.SYS
0xB9D53000 \SystemRoot\System32\Drivers\Npfs.SYS
0xBA6E9000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xA884C000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xA87F3000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xA873A000 \SystemRoot\system32\DRIVERS\netbt.sys
0xA8714000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xA86DC000 \SystemRoot\system32\DRIVERS\tcpip6.sys
0xBA665000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xA8692000 \SystemRoot\System32\drivers\afd.sys
0xBA655000 \SystemRoot\system32\drivers\ip6fw.sys
0xBA645000 \SystemRoot\system32\DRIVERS\netbios.sys
0xB9D4B000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0xA8667000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB9204000 \??\C:\WINDOWS\system32\drivers\pclepci.sys
0xBA1C7000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xA85F7000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF7AAE000 \??\C:\WINDOWS\system32\mbmiodrvr.sys
0xBA1B7000 \SystemRoot\System32\Drivers\Fips.SYS
0xA85D5000 \SystemRoot\system32\DRIVERS\avipbb.sys
0xF79A5000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0xA7611000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF79FF000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xA7D34000 \SystemRoot\System32\drivers\Dxapi.sys
0xA7CB0000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xA779B000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF020000 \SystemRoot\System32\ialmdnt5.dll
0xBF012000 \SystemRoot\System32\ialmrnt5.dll
0xBF042000 \SystemRoot\System32\ialmdev5.DLL
0xBF077000 \SystemRoot\System32\ialmdd5.DLL
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xA7584000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xA77DD000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
0xA83DC000 \SystemRoot\System32\DLA\DLADResN.SYS
0xA7546000 \SystemRoot\System32\DLA\DLAIFS_M.SYS
0xA75F9000 \SystemRoot\System32\DLA\DLAOPIOM.SYS
0xF79B3000 \SystemRoot\System32\DLA\DLAPoolM.SYS
0xA7786000 \SystemRoot\System32\DLA\DLABOIOM.SYS
0xA752E000 \SystemRoot\System32\DLA\DLAUDFAM.SYS
0xA7518000 \SystemRoot\System32\DLA\DLAUDF_M.SYS
0xA776E000 \SystemRoot\system32\DRIVERS\AegisP.sys
0xA74B2000 \SystemRoot\system32\DRIVERS\nwlnkipx.sys
0xBA167000 \SystemRoot\system32\DRIVERS\nwlnknb.sys
0xA757C000 \SystemRoot\system32\DRIVERS\s24trans.sys
0xA7568000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA7564000 \SystemRoot\system32\DRIVERS\netdevio.sys
0xA73C2000 \SystemRoot\system32\DRIVERS\nwrdr.sys
0xA7395000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xA72B4000 \SystemRoot\System32\Drivers\HTTP.sys
0xA7145000 \SystemRoot\system32\DRIVERS\srv.sys
0xA707D000 \SystemRoot\system32\DRIVERS\nwlnkspx.sys
0xA702D000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xF7807000 \SystemRoot\system32\DRIVERS\nwlnkfwd.sys
0xA69F9000 \SystemRoot\system32\DRIVERS\nwlnkflt.sys
0xA67D0000 \SystemRoot\system32\drivers\wdmaud.sys
0xA6825000 \SystemRoot\system32\drivers\sysaudio.sys
0xA5CF0000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 78):
0 System Idle Process
4 System
1000 C:\WINDOWS\system32\smss.exe
1048 csrss.exe
1076 C:\WINDOWS\system32\winlogon.exe
1124 C:\WINDOWS\system32\services.exe
1136 C:\WINDOWS\system32\lsass.exe
1352 C:\WINDOWS\system32\svchost.exe
1424 svchost.exe
1468 C:\WINDOWS\system32\svchost.exe
1592 C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
1628 C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
1728 svchost.exe
1840 svchost.exe
172 C:\WINDOWS\system32\spoolsv.exe
236 C:\Program Files\Avira\AntiVir Desktop\sched.exe
320 svchost.exe
832 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
852 C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
904 C:\WINDOWS\system32\DVDRAMSV.exe
920 C:\WINDOWS\ehome\ehrecvr.exe
956 C:\WINDOWS\ehome\ehSched.exe
976 C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
1032 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
1496 C:\WINDOWS\system32\svchost.exe
1528 C:\Program Files\Java\jre6\bin\jqs.exe
1600 C:\Program Files\Common Files\Motive\McciCMService.exe
1704 C:\Program Files\Google\Update\GoogleUpdate.exe
1660 sqlservr.exe
1968 C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
712 C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
840 C:\Program Files\Intuit\QuickBooks 2007\QBDBMgrN.exe
912 C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
1692 sqlbrowser.exe
2052 svchost.exe
2124 C:\WINDOWS\system32\svchost.exe
2160 C:\TOSHIBA\IVP\swupdate\swupdtmr.exe
2188 C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
2296 mcrdsvc.exe
2528 C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
2632 wmpnetwk.exe
3212 C:\WINDOWS\system32\dllhost.exe
3336 alg.exe
4088 C:\WINDOWS\explorer.exe
660 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
664 C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe
3916 C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
4036 C:\WINDOWS\system32\TPSMain.exe
400 C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
696 C:\WINDOWS\system32\DLA\DLACTRLW.EXE
196 C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
2168 C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
2184 C:\WINDOWS\system32\TDispVol.exe
4080 C:\WINDOWS\system32\TPSBattM.exe
2424 C:\WINDOWS\system32\igfxpers.exe
2640 C:\WINDOWS\system32\hkcmd.exe
2912 C:\WINDOWS\ehome\ehtray.exe
1828 C:\WINDOWS\agrsmmsg.exe
2684 C:\Program Files\Java\jre6\bin\jusched.exe
2384 C:\Program Files\Verizon\McciTrayApp.exe
3072 C:\WINDOWS\ehome\ehmsas.exe
3076 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
3096 C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
3140 C:\WINDOWS\system32\ctfmon.exe
3104 C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
2420 C:\Program Files\Synaptics\SynTP\Toshiba.exe
3236 C:\Program Files\Messenger\msmsgs.exe
3332 C:\Program Files\Windows Media Player\wmpnscfg.exe
1284 C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
3572 C:\WINDOWS\system32\RAMASST.exe
1020 C:\Sun\SDK\jdk\bin\javaw.exe
3660 C:\Program Files\OpenOffice.org 2.1\program\soffice.exe
3644 C:\Program Files\OpenOffice.org 2.1\program\soffice.bin
1860 C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
3960 C:\Program Files\Internet Explorer\iexplore.exe
2316 C:\Program Files\Internet Explorer\iexplore.exe
2928 C:\Program Files\Internet Explorer\iexplore.exe
4256 C:\Documents and Settings\Owner\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: TOSHIBAMK1637GSX, Rev: DL020M

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: 31D100779DE502702C374F7C15687B56FCFD5528


Done!

 

[dirtyboy103us]

ComboFix 10-09-04.06 - Owner 09/05/2010 8:46:21.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1284 [GMT -4:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\Owner\Application Data\PriceGong\Data\1.xml
C:\Documents and Settings\Owner\Application Data\PriceGong\Data\a.xml
C:\Documents and Settings\Owner\Application Data\PriceGong\Data\b.xml
C:\Documents and Settings\Owner\Application Data\PriceGong\Data\c.xml
C:\Documents and Settings\Owner\Application Data\PriceGong\Data\d.xml
C:\Documents and Settings\Owner\Application Data\PriceGong\Data\e.xml
C:\Documents and Settings\Owner\Application Data\PriceGong\Data\f.xml
C:\Documents and Settings\Owner\Application Data\PriceGong\Data\g.xml
C:\Documents and Settings\Owner\Application Data\PriceGong\Data\h.xml
C:\Documents and Settings\Owner\Application Data\PriceGong\Data\i.xml
C:\Documents and Settings\Owner\Application Data\PriceGong\Data\J.xml
C:\Documents and Settings\Owner\Application Data\PriceGong\Data\k.xml
C:\Documents and Settings\Owner\Application Data\PriceGong\Data\l.xml
C:\Documents and Settings\Owner\Application Data\PriceGong\Data\m.xml
C:\Documents and Settings\Owner\Application Data\PriceGong\Data\mru.xml
C:\Documents and Settings\Owner\Application Data\PriceGong\Data\n.xml
C:\Documents and Settings\Owner\Application Data\PriceGong\Data\o.xml
C:\Documents and Settings\Owner\Application Data\PriceGong\Data\p.xml
C:\Documents and Settings\Owner\Application Data\PriceGong\Data\q.xml
C:\Documents and Settings\Owner\Application Data\PriceGong\Data\r.xml
C:\Documents and Settings\Owner\Application Data\PriceGong\Data\s.xml
C:\Documents and Settings\Owner\Application Data\PriceGong\Data\t.xml
C:\Documents and Settings\Owner\Application Data\PriceGong\Data\u.xml
C:\Documents and Settings\Owner\Application Data\PriceGong\Data\v.xml
C:\Documents and Settings\Owner\Application Data\PriceGong\Data\w.xml
C:\Documents and Settings\Owner\Application Data\PriceGong\Data\x.xml
C:\Documents and Settings\Owner\Application Data\PriceGong\Data\y.xml
C:\Documents and Settings\Owner\Application Data\PriceGong\Data\z.xml
C:\Program Files\UNWISE.EXE
C:\WINDOWS\Fonts\advapi32.dll
C:\WINDOWS\system32\11478.exe
C:\WINDOWS\system32\11538.exe
C:\WINDOWS\system32\11942.exe
C:\WINDOWS\system32\12382.exe
C:\WINDOWS\system32\14604.exe
C:\WINDOWS\system32\14771.exe
C:\WINDOWS\system32\153.exe
C:\WINDOWS\system32\15724.exe
C:\WINDOWS\system32\16827.exe
C:\WINDOWS\system32\17421.exe
C:\WINDOWS\system32\18716.exe
C:\WINDOWS\system32\19718.exe
C:\WINDOWS\system32\19895.exe
C:\WINDOWS\system32\21726.exe
C:\WINDOWS\system32\23281.exe
C:\WINDOWS\system32\24464.exe
C:\WINDOWS\system32\26962.exe
C:\WINDOWS\system32\28145.exe
C:\WINDOWS\system32\292.exe
C:\WINDOWS\system32\29358.exe
C:\WINDOWS\system32\2995.exe
C:\WINDOWS\system32\32391.exe
C:\WINDOWS\system32\3902.exe
C:\WINDOWS\system32\404Fix.exe
C:\WINDOWS\system32\4827.exe
C:\WINDOWS\system32\491.exe
C:\WINDOWS\system32\5436.exe
C:\WINDOWS\system32\5447.exe
C:\WINDOWS\system32\5705.exe
C:\WINDOWS\system32\9961.exe
C:\WINDOWS\system32\Agent.OMZ.Fix.exe
C:\WINDOWS\system32\dumphive.exe
C:\WINDOWS\system32\IEDFix.C.exe
C:\WINDOWS\system32\o4Patch.exe
C:\WINDOWS\system32\Process.exe
C:\WINDOWS\system32\SrchSTS.exe
C:\WINDOWS\system32\Thumbs.db
C:\WINDOWS\system32\tmp.reg
C:\WINDOWS\system32\UAClmneityn.log
C:\WINDOWS\system32\UACroyeheos.dat
C:\WINDOWS\system32\UACxvmefkje.log
C:\WINDOWS\system32\VACFix.exe
C:\WINDOWS\system32\VCCLSID.exe
C:\WINDOWS\system32\WS2Fix.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_UACD.SYS


((((((((((((((((((((((((( Files Created from 2010-08-05 to 2010-09-05 )))))))))))))))))))))))))))))))
.

2010-09-03 18:53:59 . 2010-04-29 19:39:38 38224 ----a-w- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-09-03 18:53:57 . 2010-09-03 18:54:03 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware3
2010-09-03 18:53:57 . 2010-04-29 19:39:26 20952 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys
2010-09-02 12:02:08 . 2010-09-02 12:02:08 -------- d-----w- C:\Documents and Settings\Owner\Application Data\Avira
2010-09-02 11:58:10 . 2010-09-02 11:58:10 -------- d-----w- C:\Program Files\Avira
2010-09-02 11:58:10 . 2010-09-02 11:58:10 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Avira
2010-09-02 11:58:10 . 2010-03-01 14:05:26 124784 ----a-w- C:\WINDOWS\system32\drivers\avipbb.sys
2010-09-02 11:58:10 . 2010-02-16 18:24:02 60936 ----a-w- C:\WINDOWS\system32\drivers\avgntflt.sys
2010-09-02 11:58:10 . 2009-05-11 16:49:28 45416 ----a-w- C:\WINDOWS\system32\drivers\avgntdd.sys
2010-09-02 11:58:10 . 2009-05-11 16:49:28 22360 ----a-w- C:\WINDOWS\system32\drivers\avgntmgr.sys
2010-09-02 11:41:54 . 2010-09-02 11:41:54 -------- d-----w- C:\Documents and Settings\Owner\Application Data\Uniblue
2010-09-01 22:40:09 . 2010-09-01 22:40:09 -------- d-----w- C:\Documents and Settings\Owner\Application Data\ElevatedDiagnostics
2010-09-01 12:04:22 . 2010-09-01 12:07:47 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware2
2010-08-31 12:37:50 . 2010-08-31 12:36:37 1129120 ----a-w- C:\Documents and Settings\All Users\Application Data\STOPzilla!\vdb\vbcorent.dll
2010-08-31 12:26:43 . 2010-09-02 10:56:41 -------- d-----w- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2010-08-31 11:05:30 . 2010-08-31 11:05:30 -------- d--h--w- C:\WINDOWS\system32\GroupPolicy
2010-08-30 15:56:44 . 2010-08-30 15:56:44 453 ----a-w- C:\Program Files\0830201011564409.bat
2010-08-08 14:57:21 . 2009-01-08 21:10:53 -------- d-----w- C:\0beafcea724b194507f7ff04
2010-08-08 09:16:56 . 2009-01-08 21:15:03 -------- d-----w- C:\Documents and Settings\Owner\Local Settings\Application Data\mdelihtqq

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-05 12:41:09 . 2010-04-03 22:03:57 256 ----a-w- C:\WINDOWS\system32\pool.bin
2010-09-05 12:39:17 . 2007-02-13 12:33:47 -------- d-----w- C:\Documents and Settings\Owner\Application Data\OpenOffice.org2
2010-09-04 06:07:03 . 2010-01-24 16:10:27 -------- d-----w- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2010-09-04 05:17:23 . 2006-02-15 07:32:10 57600 ----a-w- C:\WINDOWS\system32\drivers\redbook.sys
2010-09-03 18:53:57 . 2010-01-24 16:10:21 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-09-02 11:34:00 . 2006-02-16 09:55:04 -------- d-----w- C:\Program Files\Common Files\AOL
2010-09-02 11:27:51 . 2006-02-16 09:55:11 -------- d-----w- C:\Documents and Settings\All Users\Application Data\AOL
2010-09-02 11:27:38 . 2007-02-09 21:21:24 -------- d-----w- C:\Documents and Settings\Owner\Application Data\AOL
2010-09-02 11:19:40 . 2010-05-21 17:16:54 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Alwil Software
2010-09-02 11:10:54 . 2009-03-08 15:31:42 -------- d---a-w- C:\Documents and Settings\All Users\Application Data\TEMP
2010-09-02 11:06:20 . 2009-06-01 11:19:56 -------- d-----w- C:\Documents and Settings\Owner\Application Data\WebbIE
2010-09-02 02:47:49 . 2010-09-02 02:47:19 1088 ----a-w- C:\WINDOWS\system32\drivers\kgpcpy.cfg
2010-09-01 19:44:18 . 2006-02-17 09:57:20 -------- d-----w- C:\Program Files\DIGStream
2010-08-31 11:05:34 . 2007-11-17 17:05:15 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Lavasoft
2010-08-31 10:53:02 . 2007-11-17 17:05:15 -------- d-----w- C:\Program Files\Lavasoft
2010-08-30 16:05:08 . 2006-02-25 07:02:55 1324 ----a-w- C:\WINDOWS\system32\d3d9caps.dat
2010-08-30 16:04:59 . 2010-05-17 00:33:27 -------- d-----w- C:\Program Files\Oberon Media
2010-08-25 11:00:03 . 2007-02-17 17:24:00 3485 ----a-w- C:\Documents and Settings\All Users\Application Data\Intuit\QuickBooks 2007\qbbackup.sys
2010-08-20 17:08:38 . 2008-10-29 16:38:21 17408 ----a-w- C:\psapi.dll
2010-08-18 19:01:08 . 2008-07-02 16:17:01 46 -c--a-w- C:\Documents and Settings\Owner\jagex_runescape_preferences.dat
2010-08-18 18:58:24 . 2009-12-23 01:00:12 99 ----a-w- C:\Documents and Settings\Owner\jagex_runescape_preferences2.dat
2010-08-09 04:23:01 . 2007-02-10 00:20:21 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Trend Micro
2010-08-06 18:07:56 . 2010-01-08 23:31:16 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Norton
2010-08-06 18:07:55 . 2008-01-05 01:56:15 -------- d-----w- C:\Program Files\Norton Security Scan
2010-07-25 00:30:46 . 2010-07-25 00:30:46 -------- d-----w- C:\Documents and Settings\Owner\Application Data\Unity
2010-07-24 23:20:04 . 2010-07-24 23:20:04 -------- d-----w- C:\Program Files\Unity
2010-07-18 08:45:20 . 2010-07-18 08:45:20 -------- d-----w- C:\Documents and Settings\Owner\Application Data\iWin
2010-07-18 08:40:59 . 2010-07-18 08:40:59 -------- d-----w- C:\Program Files\Common Files\Oberon Media
2010-07-18 08:35:01 . 2010-07-18 08:35:01 -------- d-----w- C:\Program Files\Conduit
2010-07-18 08:35:01 . 2010-07-18 08:34:59 -------- d-----w- C:\Program Files\TranslatorBar_1
2010-07-10 15:53:10 . 2009-09-30 14:09:08 -------- d-----w- C:\Program Files\My.Freeze.com Toolbar
2010-06-30 12:31:35 . 2006-02-15 14:03:52 149504 ----a-w- C:\WINDOWS\system32\schannel.dll
2010-06-29 18:38:57 . 2010-04-30 16:13:39 439816 -c--a-w- C:\Documents and Settings\Owner\Application Data\Real\Update\setup3.10\setup.exe
2010-06-24 12:22:03 . 2006-02-15 14:04:21 916480 ----a-w- C:\WINDOWS\system32\wininet.dll
2010-06-23 13:44:04 . 2006-02-15 14:04:21 1851904 ----a-w- C:\WINDOWS\system32\win32k.sys
2010-06-21 15:27:11 . 2006-02-15 14:04:02 354304 ----a-w- C:\WINDOWS\system32\drivers\srv.sys
2010-06-17 14:03:00 . 2006-02-15 14:02:52 80384 ----a-w- C:\WINDOWS\system32\iccvid.dll
2010-06-15 00:23:14 . 2010-06-27 17:09:10 607472 -c--a-w- C:\Documents and Settings\All Users\Application Data\Yahoo!\YUPDATER\yupdater.exe
2010-06-14 14:31:20 . 2006-02-15 15:36:36 744448 ----a-w- C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41:45 . 2006-02-15 14:03:21 1172480 ----a-w- C:\WINDOWS\system32\msxml3.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00bf7b9c-acd2-4080-bea8-b1c41987070f}]
2010-06-03 22:24:50 2736736 ----a-w- C:\Program Files\TranslatorBar_1\tbTran.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{00bf7b9c-acd2-4080-bea8-b1c41987070f}"= "C:\Program Files\TranslatorBar_1\tbTran.dll" [2010-06-03 22:24:50 2736736]

[HKEY_CLASSES_ROOT\clsid\{00bf7b9c-acd2-4080-bea8-b1c41987070f}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{00BF7B9C-ACD2-4080-BEA8-B1C41987070F}"= "C:\Program Files\TranslatorBar_1\tbTran.dll" [2010-06-03 22:24:50 2736736]

[HKEY_CLASSES_ROOT\clsid\{00bf7b9c-acd2-4080-bea8-b1c41987070f}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 08:32:20 65536]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 00:05:26 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 08:32:58 761945]
"THotkey"="C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-05 22:02:24 352256]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-12-16 08:34:16 82009]
"Tvs"="C:\Program Files\Toshiba\Tvs\TvsTray.exe" [2005-11-30 20:25:22 73728]
"TPSMain"="TPSMain.exe" [2005-06-01 05:00:12 282624]
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-27 00:13:20 122880]
"dla"="C:\WINDOWS\system32\dla\DLACTRLW.exe" [2005-10-06 13:20:00 122940]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-18 01:37:26 151552]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 20:37:40 667718]
"USBToolTip"="C:\Program Files\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe" [2006-06-01 07:37:48 196608]
"TDispVol"="TDispVol.exe" [2005-03-11 23:03:16 73728]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-11-28 05:55:14 98304]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-11-28 05:55:58 118784]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-11-28 05:52:00 77824]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 21:56:34 64512]
"AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 14:29:08 88203]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2009-09-30 10:59:28 149280]
"Verizon_McciTrayApp"="C:\Program Files\Verizon\McciTrayApp.exe" [2010-03-17 20:55:42 1565696]
"avgnt"="C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 15:28:32 282792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 21:18:15 443968]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
OpenOffice.org 2.1.lnk - C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe [2006-11-27 393216]
SDK Tray Menu.lnk - C:\Sun\SDK\jdk\bin\javaw.exe [2009-3-8 139264]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
Desktop Manager.lnk - C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe [2009-11-19 1807704]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2009-9-16 972064]
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2006-2-15 155648]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"C:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= C:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Yahoo!\\Yahoo! Music Engine\\YahooMusicEngine.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Intuit\\QuickBooks 2007\\QBDBMgrN.exe"=
"C:\\WINDOWS\\system32\\fxsclnt.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"C:\\Program Files\\Pinnacle\\Shared Files\\Programs\\MediaManager\\PMSManager.exe"=
"C:\\Program Files\\Petersons\\GED\\jre\\bin\\java.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\DesktopDialer\\DesktopDialer.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\TOSHIBA\\ConfigFree\\CFXFER.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\CTpdpsrv.exe"=
"C:\\Program Files\\TVAnts\\Tvants.exe"=
"C:\\Sun\\SDK\\jdk\\bin\\java.exe"=
"C:\\WINDOWS\\system32\\spoolsv.exe"=

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files\Avira\AntiVir Desktop\sched.exe [9/2/2010 7:58:12 AM 135336]
R2 QuickBooksDB17;QuickBooksDB17;C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB17 --> C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB17 [?]
S1 uxlmjfxw;uxlmjfxw;\??\C:\WINDOWS\system32\drivers\uxlmjfxw.sys --> C:\WINDOWS\system32\drivers\uxlmjfxw.sys [?]
S2 gupdate1ca40e5bebe50f4;Google Update Service (gupdate1ca40e5bebe50f4);C:\Program Files\Google\Update\GoogleUpdate.exe [9/29/2009 5:17:48 AM 133104]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [5/13/2006 7:21:54 PM 30192]
S3 SVRPEDRV;SVRPEDRV;\??\C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX0\S10VWF\PEDrv.sys --> C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX0\S10VWF\PEDrv.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2010-09-05 C:\WINDOWS\Tasks\Malwarebytes' Anti-Malware.job
- C:\PROGRA~1\MALWAR~1\mbam.exe [2010-09-03 18:53:58 . 2010-04-29 19:39:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://msn.com/
uInternet Settings,ProxyServer = http=127.0.0.1:6522
uInternet Settings,ProxyOverride = <local>
DPF: Web-Based Email Tools - hxxp://email.secureserver.net/Download.CAB
DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
WebBrowser-{D0523BB4-21E7-11DD-9AB7-415B56D89593} - (no file)
HKCU-Run-RegistryBooster - C:\Program Files\Uniblue\RegistryBooster\launcher.exe
SafeBoot-klmdb.sys



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-05 08:54:11
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@C:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="C:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------


.

 

[dirtyboy103us]

part 2 combofix

- - - - - - - > 'explorer.exe'(2884)
C:\WINDOWS\system32\WININET.dll
C:\WINDOWS\system32\TDispVol.dll
C:\WINDOWS\system32\ieframe.dll
C:\WINDOWS\system32\webcheck.dll
C:\WINDOWS\system32\WPDShServiceObj.dll
C:\WINDOWS\system32\PortableDeviceTypes.dll
C:\WINDOWS\system32\PortableDeviceApi.dll
C:\WINDOWS\system32\TPwrCfg.DLL
C:\WINDOWS\system32\TPwrReg.dll
C:\WINDOWS\system32\TPSTrace.DLL
C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll

 

[Broni]

1. Please open Notepad

• Click Start , then Run
• Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\Documents and Settings\All Users\Application Data\STOPzilla!\vdb\vbcorent.dll
C:\Program Files\0830201011564409.bat
C:\WINDOWS\system32\drivers\kgpcpy.cfg
C:\WINDOWS\system32\drivers\uxlmjfxw.sys


Folder::
C:\Documents and Settings\Owner\Application Data\Uniblue
C:\Documents and Settings\All Users\Application Data\STOPzilla!
C:\Documents and Settings\Owner\Local Settings\Application Data\mdelihtqq


DirLook::
C:\0beafcea724b194507f7ff04

Driver::
uxlmjfxw

Registry::
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"=-
"NoActiveDesktopChanges"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=-

DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:6522
uInternet Settings,ProxyOverride = <local>

3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

• Combofix.txt

 

[dirtyboy103us]

part 1

ComboFix 10-09-04.06 - Owner 09/05/2010 12:40:43.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1376 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

FILE ::
"c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vbcorent.dll"
"c:\program files\0830201011564409.bat"
"c:\windows\system32\drivers\kgpcpy.cfg"
"c:\windows\system32\drivers\uxlmjfxw.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\STOPzilla!
c:\documents and settings\All Users\Application Data\STOPzilla!\modules_scanned.db
c:\documents and settings\All Users\Application Data\STOPzilla!\modules_scanned.db.bak
c:\documents and settings\All Users\Application Data\STOPzilla!\scanner.log
c:\documents and settings\All Users\Application Data\STOPzilla!\userdata.db
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-000.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-001.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-002.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-003.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-004.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-005.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-006.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-007.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-008.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-009.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-010.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-011.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-012.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-013.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-014.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-015.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-016.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-017.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-018.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-019.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-020.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-021.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-022.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-023.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-024.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-025.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-026.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-027.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-028.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-029.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-030.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-031.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-032.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-033.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-034.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-035.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-036.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-037.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-038.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-039.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-040.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-041.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-042.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-043.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-044.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-045.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-046.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-047.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-048.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-049.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-050.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-051.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-052.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-053.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-054.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-055.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-056.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-057.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-058.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-059.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-060.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-061.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-062.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-063.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-064.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-065.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-066.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-067.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-068.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-069.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-070.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-071.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-072.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-073.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-074.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-075.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-076.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-077.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-078.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-079.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-080.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-081.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-082.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-083.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-084.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-085.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-086.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-087.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-088.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-089.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-090.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-daily.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vbcorent.dll
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vdb.xml
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\xml_edk.log
c:\documents and settings\All Users\Application Data\STOPzilla!\zilla5.log
c:\documents and settings\Owner\Application Data\PriceGong
c:\documents and settings\Owner\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\z.xml
c:\documents and settings\Owner\Application Data\Uniblue
c:\documents and settings\Owner\Application Data\Uniblue\RegistryBooster\backup\20100902.074801.zip
c:\documents and settings\Owner\Application Data\Uniblue\RegistryBooster\error.log
c:\documents and settings\Owner\Application Data\Uniblue\RegistryBooster\history\20100902-074523_repair.xml
c:\documents and settings\Owner\Application Data\Uniblue\RegistryBooster\history\latest_scan_results.html
c:\documents and settings\Owner\Application Data\Uniblue\RegistryBooster\last_scan.dat
c:\documents and settings\Owner\Application Data\Uniblue\RegistryBooster\settings.dat
c:\documents and settings\Owner\Application Data\Uniblue\RegistryBooster\track_installs.txt
c:\documents and settings\Owner\Local Settings\Application Data\mdelihtqq
c:\program files\0830201011564409.bat
c:\windows\system32\drivers\kgpcpy.cfg

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_UACD.SYS
-------\Service_uxlmjfxw


((((((((((((((((((((((((( Files Created from 2010-08-05 to 2010-09-05 )))))))))))))))))))))))))))))))
.

2010-09-03 18:53 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-03 18:53 . 2010-09-03 18:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware3
2010-09-03 18:53 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-02 12:02 . 2010-09-02 12:02 -------- d-----w- c:\documents and settings\Owner\Application Data\Avira
2010-09-02 11:58 . 2010-09-02 11:58 -------- d-----w- c:\program files\Avira
2010-09-02 11:58 . 2010-09-02 11:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-09-02 11:58 . 2010-03-01 14:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-09-02 11:58 . 2010-02-16 18:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-09-02 11:58 . 2009-05-11 16:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-09-02 11:58 . 2009-05-11 16:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-09-01 22:40 . 2010-09-01 22:40 -------- d-----w- c:\documents and settings\Owner\Application Data\ElevatedDiagnostics
2010-09-01 12:04 . 2010-09-01 12:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2
2010-08-31 11:05 . 2010-08-31 11:05 -------- d--h--w- c:\windows\system32\GroupPolicy
2010-08-08 14:57 . 2009-01-08 21:10 -------- d-----w- C:\0beafcea724b194507f7ff04

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-05 17:03 . 2010-04-03 22:03 256 ----a-w- c:\windows\system32\pool.bin
2010-09-05 17:02 . 2007-02-13 12:33 -------- d-----w- c:\documents and settings\Owner\Application Data\OpenOffice.org2
2010-09-04 06:07 . 2010-01-24 16:10 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2010-09-04 05:17 . 2006-02-15 07:32 57600 ----a-w- c:\windows\system32\drivers\redbook.sys
2010-09-03 18:53 . 2010-01-24 16:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-09-02 11:34 . 2006-02-16 09:55 -------- d-----w- c:\program files\Common Files\AOL
2010-09-02 11:27 . 2006-02-16 09:55 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
2010-09-02 11:27 . 2007-02-09 21:21 -------- d-----w- c:\documents and settings\Owner\Application Data\AOL
2010-09-02 11:19 . 2010-05-21 17:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-09-02 11:10 . 2009-03-08 15:31 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-09-02 11:06 . 2009-06-01 11:19 -------- d-----w- c:\documents and settings\Owner\Application Data\WebbIE
2010-09-01 19:44 . 2006-02-17 09:57 -------- d-----w- c:\program files\DIGStream
2010-08-31 11:05 . 2007-11-17 17:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-08-31 10:53 . 2007-11-17 17:05 -------- d-----w- c:\program files\Lavasoft
2010-08-30 16:05 . 2006-02-25 07:02 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-30 16:04 . 2010-05-17 00:33 -------- d-----w- c:\program files\Oberon Media
2010-08-25 11:00 . 2007-02-17 17:24 3485 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2007\qbbackup.sys
2010-08-20 17:08 . 2008-10-29 16:38 17408 ----a-w- C:\psapi.dll
2010-08-18 19:01 . 2008-07-02 16:17 46 -c--a-w- c:\documents and settings\Owner\jagex_runescape_preferences.dat
2010-08-18 18:58 . 2009-12-23 01:00 99 ----a-w- c:\documents and settings\Owner\jagex_runescape_preferences2.dat
2010-08-09 04:23 . 2007-02-10 00:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Trend Micro
2010-08-06 18:07 . 2010-01-08 23:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-08-06 18:07 . 2008-01-05 01:56 -------- d-----w- c:\program files\Norton Security Scan
2010-07-25 00:30 . 2010-07-25 00:30 -------- d-----w- c:\documents and settings\Owner\Application Data\Unity
2010-07-24 23:20 . 2010-07-24 23:20 -------- d-----w- c:\program files\Unity
2010-07-18 08:45 . 2010-07-18 08:45 -------- d-----w- c:\documents and settings\Owner\Application Data\iWin
2010-07-18 08:40 . 2010-07-18 08:40 -------- d-----w- c:\program files\Common Files\Oberon Media
2010-07-18 08:35 . 2010-07-18 08:35 -------- d-----w- c:\program files\Conduit
2010-07-18 08:35 . 2010-07-18 08:34 -------- d-----w- c:\program files\TranslatorBar_1
2010-07-10 15:53 . 2009-09-30 14:09 -------- d-----w- c:\program files\My.Freeze.com Toolbar
2010-06-30 12:31 . 2006-02-15 14:03 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-29 18:38 . 2010-04-30 16:13 439816 -c--a-w- c:\documents and settings\Owner\Application Data\Real\Update\setup3.10\setup.exe
2010-06-24 12:22 . 2006-02-15 14:04 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2006-02-15 14:04 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2006-02-15 14:04 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2006-02-15 14:02 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-15 00:23 . 2010-06-27 17:09 607472 -c--a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUPDATER\yupdater.exe
2010-06-14 14:31 . 2006-02-15 15:36 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2006-02-15 14:03 1172480 ----a-w- c:\windows\system32\msxml3.dll
.

 

[dirtyboy103us]

part 2

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of C:\0beafcea724b194507f7ff04 ----

2010-08-08 14:57 . 2010-08-08 14:57 788 ---ha-w- c:\0beafcea724b194507f7ff04\$shtdwn$.req
2010-07-02 16:56 . 2010-07-02 16:56 6325362 ----a-w- c:\0beafcea724b194507f7ff04\mrt.exe._p
2010-07-02 16:39 . 2010-07-02 16:39 58312 ----a-w- c:\0beafcea724b194507f7ff04\mrtstub.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00bf7b9c-acd2-4080-bea8-b1c41987070f}]
2010-06-03 22:24 2736736 ----a-w- c:\program files\TranslatorBar_1\tbTran.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{00bf7b9c-acd2-4080-bea8-b1c41987070f}"= "c:\program files\TranslatorBar_1\tbTran.dll" [2010-06-03 2736736]

[HKEY_CLASSES_ROOT\clsid\{00bf7b9c-acd2-4080-bea8-b1c41987070f}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{00BF7B9C-ACD2-4080-BEA8-B1C41987070F}"= "c:\program files\TranslatorBar_1\tbTran.dll" [2010-06-03 2736736]

[HKEY_CLASSES_ROOT\clsid\{00bf7b9c-acd2-4080-bea8-b1c41987070f}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"RegistryBooster"="c:\program files\Uniblue\RegistryBooster\launcher.exe" [BU]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 761945]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-05 352256]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-12-16 82009]
"Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2005-11-30 73728]
"TPSMain"="TPSMain.exe" [2005-06-01 282624]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-27 122880]
"dla"="c:\windows\system32\dla\DLACTRLW.exe" [2005-10-06 122940]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-18 151552]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]
"USBToolTip"="c:\program files\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe" [2006-06-01 196608]
"TDispVol"="TDispVol.exe" [2005-03-11 73728]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 88203]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-30 149280]
"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2010-03-17 1565696]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 443968]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
OpenOffice.org 2.1.lnk - c:\program files\OpenOffice.org 2.1\program\quickstart.exe [2006-11-27 393216]
SDK Tray Menu.lnk - c:\sun\SDK\jdk\bin\javaw.exe [2009-3-8 139264]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
Desktop Manager.lnk - c:\program files\Research In Motion\BlackBerry\DesktopMgr.exe [2009-11-19 1807704]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2009-9-16 972064]
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-2-15 155648]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Engine\\YahooMusicEngine.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2007\\QBDBMgrN.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"c:\\Program Files\\Pinnacle\\Shared Files\\Programs\\MediaManager\\PMSManager.exe"=
"c:\\Program Files\\Petersons\\GED\\jre\\bin\\java.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\DesktopDialer\\DesktopDialer.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\TOSHIBA\\ConfigFree\\CFXFER.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\CTpdpsrv.exe"=
"c:\\Program Files\\TVAnts\\Tvants.exe"=
"c:\\Sun\\SDK\\jdk\\bin\\java.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [9/2/2010 7:58 AM 135336]
R2 QuickBooksDB17;QuickBooksDB17;c:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB17 --> c:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB17 [?]
S2 gupdate1ca40e5bebe50f4;Google Update Service (gupdate1ca40e5bebe50f4);c:\program files\Google\Update\GoogleUpdate.exe [9/29/2009 5:17 AM 133104]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [5/13/2006 7:21 PM 30192]
S3 SVRPEDRV;SVRPEDRV;\??\c:\docume~1\Owner\LOCALS~1\Temp\RarSFX0\S10VWF\PEDrv.sys --> c:\docume~1\Owner\LOCALS~1\Temp\RarSFX0\S10VWF\PEDrv.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2010-09-05 c:\windows\Tasks\Malwarebytes' Anti-Malware.job
- c:\progra~1\MALWAR~1\mbam.exe [2010-09-03 19:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://msn.com/
DPF: Web-Based Email Tools - hxxp://email.secureserver.net/Download.CAB
DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
WebBrowser-{D0523BB4-21E7-11DD-9AB7-415B56D89593} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-05 13:01
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2188)
c:\windows\system32\WININET.dll
c:\windows\system32\TDispVol.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\TPwrCfg.DLL
c:\windows\system32\TPwrReg.dll
c:\windows\system32\TPSTrace.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\windows\system32\DVDRAMSV.exe
c:\windows\eHome\ehRecvr.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\eHome\ehSched.exe
c:\documents and settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\toshiba\IVP\swupdate\swupdtmr.exe
c:\program files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\windows\system32\dllhost.exe
c:\program files\Synaptics\SynTP\Toshiba.exe
c:\windows\system32\TPSMain.exe
c:\program files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
c:\windows\system32\TPSBattM.exe
c:\windows\system32\TDispVol.exe
c:\windows\AGRSMMSG.exe
c:\windows\eHome\ehmsas.exe
c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
c:\program files\OpenOffice.org 2.1\program\soffice.exe
c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\OpenOffice.org 2.1\program\soffice.BIN
c:\program files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe
c:\program files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
.
**************************************************************************
.
Completion time: 2010-09-05 13:10:16 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-05 17:10

Pre-Run: 24,265,314,304 bytes free
Post-Run: 24,244,707,328 bytes free

Current=5 Default=5 Failed=4 LastKnownGood=1 Sets=1,2,3,4,5
- - End Of File - - 9DE0E7590E8102D2EEFCDC0ABF2EF5A5

 

[Broni]

It looks good now

How is computer doing?

Download OTL to your Desktop.

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Under the Custom Scan box paste this in:

netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\system32\spool\prtprocs\w32x86\*.tmp
%systemroot%\*. /mp /s
/md5start
/md5stop
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[dirtyboy103us]

otl text part 1 of 4

OTL logfile created on: 9/5/2010 1:55:33 PM - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 67.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.80 Gb Total Space | 22.55 Gb Free Space | 15.15% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TIMSLAPTOP
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/09/05 13:53:11 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2010/04/01 13:33:20 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/03/17 16:55:42 | 001,565,696 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\Verizon\McciTrayApp.exe
PRC - [2010/03/02 11:28:32 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/02/24 10:28:10 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/01/14 22:11:02 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/09/16 22:17:24 | 000,972,064 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
PRC - [2009/09/16 19:01:16 | 000,020,480 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2009/03/08 11:01:06 | 000,139,264 | ---- | M] (Sun Microsystems, Inc.) -- C:\Sun\SDK\jdk\bin\javaw.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/30 18:43:18 | 004,670,704 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2007/01/11 05:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
PRC - [2006/11/30 16:54:50 | 002,486,272 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 2.1\program\soffice.bin
PRC - [2006/11/30 16:54:34 | 002,334,720 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 2.1\program\soffice.exe
PRC - [2006/09/13 14:32:12 | 000,128,536 | ---- | M] (iAnywhere Solutions, Inc.) -- C:\Program Files\Intuit\QuickBooks 2007\QBDBMgrN.exe
PRC - [2006/06/01 03:37:48 | 000,196,608 | ---- | M] (Pinnacle Systems GmbH) -- C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
PRC - [2006/04/14 11:07:20 | 028,933,976 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2006/04/14 11:05:58 | 000,240,416 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2006/01/19 09:22:20 | 000,049,152 | ---- | M] (Pinnacle Systems) -- c:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
PRC - [2006/01/05 18:02:24 | 000,352,256 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe
PRC - [2005/12/20 15:22:14 | 000,035,328 | ---- | M] (TOSHIBA Corp.) -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
PRC - [2005/12/16 04:21:00 | 000,151,552 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\Toshiba.exe
PRC - [2005/12/05 16:37:40 | 000,667,718 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2005/11/30 16:25:22 | 000,073,728 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
PRC - [2005/11/28 15:37:52 | 000,397,381 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2005/11/28 15:31:32 | 000,540,745 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2005/11/28 15:29:00 | 000,114,753 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2005/11/28 15:28:14 | 000,217,164 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2005/10/06 09:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2005/07/12 21:14:42 | 000,040,960 | ---- | M] () -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
PRC - [2005/06/01 01:00:12 | 000,282,624 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSMain.exe
PRC - [2005/06/01 00:59:58 | 000,045,056 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSBattM.exe
PRC - [2005/05/04 00:04:28 | 009,150,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
PRC - [2005/04/26 20:13:20 | 000,122,880 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
PRC - [2005/03/11 19:03:16 | 000,073,728 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TDispVol.exe
PRC - [2005/01/17 20:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2004/12/30 04:32:20 | 000,065,536 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
PRC - [2004/08/28 00:37:00 | 000,155,648 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\RAMASST.exe
PRC - [2004/08/28 00:33:00 | 000,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe


========== Modules (SafeList) ==========

MOD - [2010/09/05 13:53:11 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2010/03/17 16:53:28 | 000,198,656 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\Common Files\Motive\McciContextHook_DSR.dll
MOD - [2008/04/14 05:40:22 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2007/08/30 18:43:14 | 000,006,144 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\idle.dll
MOD - [2007/08/30 17:17:38 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Yahoo!\Messenger\msvcr71.dll
MOD - [2002/03/03 08:40:00 | 000,045,056 | ---- | M] () -- C:\WINDOWS\system32\TDispVol.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
SRV - [2010/08/26 16:33:33 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-051210-111108)
SRV - [2010/04/01 13:33:20 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/02/24 10:28:10 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/09/16 19:01:16 | 000,020,480 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2007/01/11 05:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)
SRV - [2006/11/09 19:30:14 | 000,065,536 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2006/09/13 14:32:12 | 000,128,536 | ---- | M] (iAnywhere Solutions, Inc.) [Auto | Running] -- C:\Program Files\Intuit\QuickBooks 2007\QBDBMgrN.exe -- (QuickBooksDB17)
SRV - [2006/04/14 11:07:20 | 028,933,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ)
SRV - [2006/04/14 11:05:58 | 000,240,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2006/04/14 11:04:54 | 000,087,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2006/01/19 09:22:20 | 000,049,152 | ---- | M] (Pinnacle Systems) [Auto | Running] -- c:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe -- (PinnacleSys.MediaServer)
SRV - [2005/12/20 15:22:14 | 000,035,328 | ---- | M] (TOSHIBA Corp.) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe -- (TAPPSRV)
SRV - [2005/11/28 15:31:32 | 000,540,745 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel(R)
SRV - [2005/11/28 15:29:00 | 000,114,753 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV - [2005/11/28 15:28:14 | 000,217,164 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV - [2005/10/14 04:50:20 | 000,045,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2005/07/12 21:14:42 | 000,040,960 | ---- | M] () [Auto | Running] -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2005/05/04 00:04:28 | 009,150,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe -- (MSSQL$PINNACLESYS)
SRV - [2005/05/03 21:42:56 | 000,323,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE -- (SQLAgent$PINNACLESYS)
SRV - [2005/01/17 20:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2004/08/28 00:33:00 | 000,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Auto | Running] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX0\S10VWF\PEDrv.sys -- (SVRPEDRV)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS -- (MRESP50a64)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS -- (MREMP50a64)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\Drivers\DgiVecp.sys -- (DgiVecp)
DRV - File not found [Kernel | On_Demand | Running] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2010/03/17 16:53:38 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/03/17 16:53:22 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2010/03/01 10:05:26 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/02/16 14:24:02 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/02/11 08:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009/05/11 12:49:20 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/05/11 10:12:50 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008/04/14 00:26:08 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/13 22:06:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2006/05/09 00:27:22 | 000,426,624 | ---- | M] (Pinnacle Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MarvinUsb.sys -- (PinnacleMarvinUsb)
DRV - [2005/12/16 04:15:06 | 000,191,936 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2005/12/09 20:48:40 | 004,123,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/12/04 13:55:30 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel(R)
DRV - [2005/11/30 15:01:02 | 000,043,392 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Tvs.sys -- (Tvs)
DRV - [2005/11/30 14:12:00 | 000,162,560 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/11/28 16:09:26 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005/11/25 06:38:00 | 000,028,800 | ---- | M] (UPEK Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tcusb.sys -- (TcUsb)
DRV - [2005/11/15 13:00:22 | 001,122,656 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/10/20 18:03:42 | 000,006,144 | ---- | M] (Toshiba Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NBSMI.sys -- (TVALD)
DRV - [2005/10/06 09:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/10/06 09:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/10/06 09:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/10/06 09:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/10/06 09:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/10/06 09:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/10/06 09:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/09/14 06:24:08 | 000,179,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel(R)
DRV - [2005/09/12 07:30:00 | 000,089,264 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2005/09/09 18:47:10 | 000,009,344 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2005/08/25 16:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 16:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/08/24 19:20:28 | 000,009,472 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tbiosdrv.sys -- (tbiosdrv)
DRV - [2005/08/12 09:20:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2005/07/13 16:55:22 | 000,171,008 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MarvinBus.sys -- (MarvinBus)
DRV - [2005/06/02 03:33:00 | 000,102,384 | ---- | M] (Matsushita Electric Industrial Co.,Ltd.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf)
DRV - [2005/02/23 18:40:26 | 000,011,264 | ---- | M] (VOB Computersysteme GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\asapiW2k.sys -- (ASAPIW2K)
DRV - [2005/02/09 12:59:00 | 000,014,165 | ---- | M] (Pinnacle Systems GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Pclepci.sys -- (PCLEPCI)
DRV - [2005/01/12 04:05:46 | 000,204,160 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\KR10N.sys -- (KR10N)
DRV - [2004/08/10 08:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/10 08:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2004/04/10 10:42:36 | 000,002,944 | ---- | M] (cansoft@livewiredev.com) [Kernel | System | Running] -- C:\WINDOWS\system32\mbmiodrvr.sys -- (mbmiodrvr)
DRV - [2003/11/30 22:54:20 | 000,043,136 | R--- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2003/09/19 05:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
DRV - [2003/09/11 03:36:54 | 000,021,060 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi)
DRV - [2003/01/29 18:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)
DRV - [2003/01/10 16:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr8/*http://www.yahoo.com/ext/search/search.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

[dirtyboy103us]

2 of 4

O1 HOSTS File: ([2010/09/05 13:00:57 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (TranslatorBar 1 Toolbar) - {00bf7b9c-acd2-4080-bea8-b1c41987070f} - C:\Program Files\TranslatorBar_1\tbTran.dll (Conduit Ltd.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (TranslatorBar 1 Toolbar) - {00bf7b9c-acd2-4080-bea8-b1c41987070f} - C:\Program Files\TranslatorBar_1\tbTran.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (TranslatorBar 1 Toolbar) - {00BF7B9C-ACD2-4080-BEA8-B1C41987070F} - C:\Program Files\TranslatorBar_1\tbTran.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [dla] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TDispVol] C:\WINDOWS\System32\TDispVol.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [THotkey] C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe (TOSHIBA)
O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [USBToolTip] C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe (Pinnacle Systems GmbH)
O4 - HKLM..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe (Alcatel-Lucent)
O4 - HKCU..\Run: [RegistryBooster] C:\Program Files\Uniblue\RegistryBooster\launcher.exe File not found
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - HKCU..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe (Research In Motion Limited)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe (Matsushita Electric Industrial Co., Ltd.)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe ()
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\SDK Tray Menu.lnk = C:\Sun\SDK\jdk\bin\javaw.exe (Sun Microsystems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.0.cab (DownloadManager Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab (Windows Live Safety Center Base Module)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.com/controls/cpcScanner.cab (Crucial cpcScan)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} http://mobileapps.blackberry.com/devicesoftware/AxLoader.cab (RIM AxLoader)
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} http://driveragent.com/files/driveragent.cab (Driver Agent ActiveX Control)
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.3.0.cab (DLM Control)
O16 - DPF: Web-Based Email Tools http://email.secureserver.net/Download.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/04/09 15:47:54 | 000,000,095 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: aux - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.IYUV - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: VIDC.MJPG - C:\WINDOWS\System32\pvmjpg30.dll (Pegasus Imaging Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YUY2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVU9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 90 Days ==========

[2010/09/05 13:53:11 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/09/05 13:30:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\PriceGong
[2010/09/05 01:41:18 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/09/05 01:38:24 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/09/05 01:38:24 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/09/05 01:38:24 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/09/05 01:38:24 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/09/05 01:38:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/09/05 01:32:03 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/09/04 01:14:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\tdsskiller
[2010/09/03 14:53:59 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/09/03 14:53:57 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/09/03 14:53:57 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware3
[2010/09/03 14:52:47 | 006,153,376 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\sec info.exe
[2010/09/02 10:15:35 | 006,153,376 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup-1.46.exe
[2010/09/02 08:02:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Avira
[2010/09/02 07:58:12 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2010/09/02 07:58:10 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010/09/02 07:58:10 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010/09/02 07:58:10 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2010/09/02 07:58:10 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2010/09/02 07:58:10 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/09/02 07:58:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2010/09/02 07:40:28 | 005,272,448 | ---- | C] (Uniblue Systems Ltd ) -- C:\Documents and Settings\Owner\Desktop\registrybooster.exe
[2010/09/02 07:27:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\AOL Saved PFC
[2010/09/01 18:40:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\ElevatedDiagnostics
[2010/09/01 18:34:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2010/09/01 17:08:37 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\TFC.exe
[2010/09/01 08:04:22 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware2
[2010/08/31 07:05:30 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2010/08/18 19:37:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\My Documents
[2010/08/08 10:57:21 | 000,000,000 | ---D | C] -- C:\0beafcea724b194507f7ff04
[2010/08/08 05:47:41 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2010/07/24 20:30:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Unity
[2010/07/24 19:20:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Unity
[2010/07/24 19:20:04 | 000,000,000 | ---D | C] -- C:\Program Files\Unity
[2010/07/24 19:11:04 | 000,000,000 | ---D | C] -- C:\.jagex_cache_32
[2010/07/22 10:59:14 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Owner\IECompatCache
[2010/07/18 04:46:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Saved Games
[2010/07/18 04:45:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\iWin
[2010/07/18 04:40:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Oberon Media
[2010/07/18 04:35:01 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2010/07/18 04:35:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Conduit
[2010/07/18 04:35:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\TranslatorBar_1
[2010/07/18 04:34:59 | 000,000,000 | ---D | C] -- C:\Program Files\TranslatorBar_1
[2010/06/25 08:28:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Mortons carrier
[2007/02/24 05:18:47 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\implode.dll
[2006/02/15 12:25:00 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\DLLVGA.dll
[1 C:\Documents and Settings\Owner\Application Data\*.tmp files -> C:\Documents and Settings\Owner\Application Data\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/09/05 13:53:11 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/09/05 13:30:36 | 000,000,256 | ---- | M] () -- C:\WINDOWS\System32\pool.bin
[2010/09/05 13:02:33 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\Owner\tray.pid
[2010/09/05 13:01:23 | 000,000,246 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/09/05 13:00:57 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/09/05 13:00:46 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/05 13:00:44 | 000,000,256 | ---- | M] () -- C:\WINDOWS\tasks\Malwarebytes' Anti-Malware.job
[2010/09/05 12:54:18 | 000,616,774 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/09/05 12:54:18 | 000,508,020 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/09/05 12:54:18 | 000,097,720 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/09/05 12:49:39 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/05 12:49:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/05 12:48:00 | 006,815,744 | ---- | M] () -- C:\Documents and Settings\Owner\ntuser.dat
[2010/09/05 12:48:00 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/09/05 08:44:24 | 003,837,097 | R--- | M] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe

 

[dirtyboy103us]

3 of 4

[2010/09/05 01:41:25 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2010/09/05 01:29:13 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MBRCheck.exe
[2010/09/04 15:24:18 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\nn3dfywv.exe
[2010/09/04 01:13:08 | 001,188,006 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\tdsskiller.zip
[2010/09/04 00:45:33 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2010/09/03 14:54:02 | 000,000,765 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010/09/03 14:54:02 | 000,000,747 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/03 14:52:48 | 006,153,376 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\sec info.exe
[2010/09/02 12:49:21 | 000,465,298 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\RootRepeal.rar
[2010/09/02 10:15:40 | 006,153,376 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup-1.46.exe
[2010/09/02 10:05:33 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\TFC.exe
[2010/09/02 07:58:28 | 000,001,753 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010/09/02 07:55:33 | 044,092,504 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\avira_antivir_personal_en.exe
[2010/09/02 07:40:30 | 005,272,448 | ---- | M] (Uniblue Systems Ltd ) -- C:\Documents and Settings\Owner\Desktop\registrybooster.exe
[2010/09/02 07:27:45 | 000,000,603 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/09/02 07:27:37 | 000,000,004 | ---- | M] () -- C:\WINDOWS\msoffice.ini
[2010/09/02 07:19:35 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/09/01 18:27:55 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/09/01 17:33:36 | 000,002,607 | ---- | M] () -- C:\TIMSLINE.p10
[2010/08/30 12:05:08 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/28 06:38:39 | 000,429,909 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\mortons floor 7.a.1
[2010/08/27 19:04:45 | 000,039,544 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\mortons floor 7.JPG
[2010/08/27 19:04:02 | 000,000,345 | -H-- | M] () -- C:\Documents and Settings\Owner\My Documents\Picasa.ini
[2010/08/27 19:02:21 | 000,062,335 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\mortons floor 7.a.2.jpg
[2010/08/27 19:01:01 | 000,465,619 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\mortons floor 7.a.1.png
[2010/08/27 19:00:40 | 000,074,918 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\mortons floor 7.a.1.odg
[2010/08/27 18:56:06 | 000,227,179 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\mortons floor 7.a.png
[2010/08/27 18:53:32 | 000,074,996 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\mortons floor 7.a.odg
[2010/08/27 18:31:41 | 000,247,359 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\mortons floor 6.a.png
[2010/08/27 18:27:40 | 000,092,920 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\mortons floor 6.a.odg
[2010/08/27 18:10:36 | 000,000,349 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\PCLECHAL.INI
[2010/08/24 19:27:40 | 000,023,135 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\company.CSV
[2010/08/21 16:41:50 | 000,000,020 | ---- | M] () -- C:\WINDOWS\Hposcv07.INI
[2010/08/20 12:58:00 | 040,038,634 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Boxload.zip
[2010/08/20 10:17:43 | 000,041,899 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\mortons floor 6.JPG
[2010/08/20 10:03:56 | 000,041,389 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\mortons floor 5.JPG
[2010/08/20 09:44:18 | 000,039,402 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\mortons floor 4.JPG
[2010/08/19 23:31:26 | 000,001,859 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2010/08/18 20:13:44 | 003,606,308 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2010/08/18 19:11:36 | 000,034,495 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\mortons floor 3.JPG
[2010/08/18 15:01:08 | 000,000,046 | ---- | M] () -- C:\Documents and Settings\Owner\jagex_runescape_preferences.dat
[2010/08/18 14:58:24 | 000,000,099 | ---- | M] () -- C:\Documents and Settings\Owner\jagex_runescape_preferences2.dat
[2010/08/14 07:27:24 | 000,322,728 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/07/22 08:58:09 | 009,160,917 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\B_Model_Single_Evaporator_sm.pdf
[2010/07/18 04:45:03 | 000,001,108 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Pogo Games.lnk
[2010/06/25 08:30:13 | 003,630,788 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Mortons carrier.zip
[2010/06/25 06:44:57 | 001,710,113 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\20-10_062009 sporlan distibutors.pdf
[2010/06/25 04:49:05 | 000,069,632 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Proposal mortons plaza.doc
[2010/06/25 04:46:09 | 000,069,632 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Proposal.doc
[2010/06/17 14:39:00 | 003,682,611 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\50A Installation.pdf
[2010/06/17 14:17:52 | 000,135,483 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Morton's Market Rev. 2 Proposal.docx
[2010/06/17 07:11:14 | 000,100,864 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\whitemountainrepair50tc05061610.doc
[1 C:\Documents and Settings\Owner\Application Data\*.tmp files -> C:\Documents and Settings\Owner\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========