Solved Search engine redirect problem 1

Status
Not open for further replies.
P

pompman

Posts: 15   +0
Can I get help with a search engine redirect problem?

performed the 8 step process. Malwarebytes' Anti-Malware & GMER logs follow:

DDS Logs in 2nd post due to character limit

Malwarebytes' Anti-Malware 1.50

Database version: 5248

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

12/5/2010 1:10:46 PM
mbam-log-2010-12-05 (13-10-46).txt

Scan type: Quick scan
Objects scanned: 139750
Time elapsed: 4 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

GMER log

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-12-05 18:02:53
Windows 5.1.2600 Service Pack 2 Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-17 HDS722580VLSA80 rev.V32OA60A
Running: kmm9bbmx.exe; Driver: C:\DOCUME~1\Steve\LOCALS~1\Temp\uxtdypow.sys


---- System - GMER 1.0.15 ----

SSDT F7AB4436 ZwCreateKey
SSDT F7AB442C ZwCreateThread
SSDT F7AB443B ZwDeleteKey
SSDT F7AB4445 ZwDeleteValueKey
SSDT F7AB444A ZwLoadKey
SSDT F7AB4418 ZwOpenProcess
SSDT F7AB441D ZwOpenThread
SSDT F7AB4454 ZwReplaceKey
SSDT F7AB444F ZwRestoreKey
SSDT F7AB4440 ZwSetValueKey

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB9979360, 0x32E00D, 0xE8000020]
init C:\WINDOWS\system32\drivers\senfilt.sys entry point in "init" section [0xB9857F80]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\NETGEAR\NETGEAR Digital Entertainer for Windows\receiver.exe[452] WS2_32.dll!send 71AB428A 5 Bytes JMP 0206B028
.text C:\Program Files\NETGEAR\NETGEAR Digital Entertainer for Windows\receiver.exe[452] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 0206B33D
.text C:\Program Files\NETGEAR\NETGEAR Digital Entertainer for Windows\receiver.exe[452] WS2_32.dll!recv 71AB615A 5 Bytes JMP 0206B109
.text C:\Program Files\NETGEAR\NETGEAR Digital Entertainer for Windows\receiver.exe[452] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 0206B1DC
.text C:\Program Files\NETGEAR\NETGEAR Digital Entertainer for Windows\receiver.exe[452] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 0206B48B
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[472] WS2_32.dll!send 71AB428A 5 Bytes JMP 00C9B028
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[472] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 00C9B33D
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[472] WS2_32.dll!recv 71AB615A 5 Bytes JMP 00C9B109
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[472] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 00C9B1DC
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[472] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 00C9B48B
.text C:\WINDOWS\system32\winlogon.exe[708] Secur32.dll!LsaLogonUser 77FE33E8 5 Bytes JMP 01482946
.text C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe[1580] WS2_32.dll!send 71AB428A 5 Bytes JMP 00B2B028
.text C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe[1580] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 00B2B33D
.text C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe[1580] WS2_32.dll!recv 71AB615A 5 Bytes JMP 00B2B109
.text C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe[1580] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 00B2B1DC
.text C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe[1580] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 00B2B48B
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1628] WS2_32.dll!send 71AB428A 5 Bytes JMP 0164B028
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1628] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 0164B33D
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1628] WS2_32.dll!recv 71AB615A 5 Bytes JMP 0164B109
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1628] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 0164B1DC
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1628] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 0164B48B
.text C:\WINDOWS\Explorer.EXE[1808] USER32.dll!DisplayExitWindowsWarnings 77D89B89 5 Bytes JMP 00C02758
.text C:\WINDOWS\Explorer.EXE[1808] WS2_32.dll!send 71AB428A 5 Bytes JMP 011EB028
.text C:\WINDOWS\Explorer.EXE[1808] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 011EB33D
.text C:\WINDOWS\Explorer.EXE[1808] WS2_32.dll!recv 71AB615A 5 Bytes JMP 011EB109
.text C:\WINDOWS\Explorer.EXE[1808] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 011EB1DC
.text C:\WINDOWS\Explorer.EXE[1808] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 011EB48B
.text C:\WINDOWS\system32\Tablet.exe[2416] WS2_32.dll!send 71AB428A 5 Bytes JMP 0142B028
.text C:\WINDOWS\system32\Tablet.exe[2416] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 0142B33D
.text C:\WINDOWS\system32\Tablet.exe[2416] WS2_32.dll!recv 71AB615A 5 Bytes JMP 0142B109
.text C:\WINDOWS\system32\Tablet.exe[2416] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 0142B1DC
.text C:\WINDOWS\system32\Tablet.exe[2416] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 0142B48B
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[3580] WS2_32.dll!send 71AB428A 5 Bytes JMP 009AB028
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[3580] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 009AB33D
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[3580] WS2_32.dll!recv 71AB615A 5 Bytes JMP 009AB109
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[3580] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 009AB1DC
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[3580] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 009AB48B
.text C:\WINDOWS\System32\alg.exe[4060] WS2_32.dll!send 71AB428A 5 Bytes JMP 008FB028
.text C:\WINDOWS\System32\alg.exe[4060] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 008FB33D
.text C:\WINDOWS\System32\alg.exe[4060] WS2_32.dll!recv 71AB615A 5 Bytes JMP 008FB109
.text C:\WINDOWS\System32\alg.exe[4060] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 008FB1DC
.text C:\WINDOWS\System32\alg.exe[4060] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 008FB48B

---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device rdpdr.sys (Microsoft RDP Device redirector/Microsoft Corporation)
Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xE2 0x63 0x26 0xF1 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x46 0x47 0x15 0xB0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x7A 0x45 0x05 0xFD ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xCD 0x44 0xCD 0xB9 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xB0 0x18 0xED 0xA7 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0x31 0x77 0xE1 0xBA ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0xAA 0x52 0xC6 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xB2 0x46 0x9A 0xE2 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x3D 0xCE 0xEA 0x26 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xE3 0x0E 0x66 0xD5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0xFA 0xEA 0x66 0x7F ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{088BEC22-1854-4EEE-1509-9A64DC6C441F}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{088BEC22-1854-4EEE-1509-9A64DC6C441F}@eajdpdaekb 0x66 0x61 0x64 0x70 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{088BEC22-1854-4EEE-1509-9A64DC6C441F}@daidehao 0x64 0x62 0x66 0x6E ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{088BEC22-1854-4EEE-1509-9A64DC6C441F}@iabohmpmmgdfpgijlp 0x69 0x61 0x62 0x64 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{088BEC22-1854-4EEE-1509-9A64DC6C441F}@halnicaagkhaolhi 0x69 0x61 0x61 0x64 ...

---- EOF - GMER 1.0.15 ----

Steve Pomp
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

========================================================================

Please, post DDS logs, you posted in another topic. right here.
 
THANKS for your reply / assistance!!

files follow,

Steve


DDS (Ver_10-12-05.01) - NTFSx86
Run by Steve at 20:37:33.12 on Sun 12/05/2010
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3070.2488 [GMT -5:00]

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: CA Personal Firewall *enabled* {38102F93-1B6E-4922-90E1-A35D8DC6DAA3}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE
C:\WINDOWS\OV550EM.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe
C:\Program Files\NETGEAR\NETGEAR Digital Entertainer for Windows\receiver.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe
C:\WINDOWS\system32\NLSSRV32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Documents and Settings\Steve\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [PowerPanel Personal Edition User Interaction] "c:\program files\cyberpower powerpanel personal edition\pppeuser.exe"
uRun: [scheduler_monitor] c:\program files\reaconverter 5.5 pro\init_scheduler.exe
uRun: [NETGEARDigitalEntertainer] c:\program files\netgear\netgear digital entertainer for windows\receiver.exe
uRun: [Google Update] "c:\documents and settings\steve\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [SoundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe
mRun: [EPSON Stylus Photo R200 Series] c:\windows\system32\spool\drivers\w32x86\3\E_S4I2H1.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"
mRun: [UVS12 Preload] c:\program files\corel\corel videostudio 12\uvPL.exe
mRun: [dvd43] c:\program files\dvd43\dvd43_tray.exe
mRun: [PinnacleDriverCheck] c:\windows\system32\PSDrvCheck.exe -CheckReg
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [Ovt Wia] c:\windows\OV550EM.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\tabuse~1.lnk - c:\windows\system32\wtablet\TabUserW.exe
IE: Download with Xilisoft YouTube Video Converter - c:\program files\xilisoft\youtube video converter\upod_link.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {722FE9B2-6895-42D9-9984-F4CB26616023} - {722FE9B2-6895-42D9-9984-F4CB26616023} - c:\program files\cosmi\perfect pdf creator essentials\pdfshell.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: intuit.com\ttlc
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1235405046781
DPF: {88D969C0-F192-11D4-A65F-0040963251E5} - file://c:\documents and settings\steve\local settings\temp\ei40_5\msxml4.cab
DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} - hxxp://picture.vzw.com/activex/VerizonWirelessUploadControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
AppInit_DLLs: c:\windows\system32\UmxSbxExw.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\steve\applic~1\mozilla\firefox\profiles\18konbno.default\
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=867034&p=
FF - plugin: c:\documents and settings\steve\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Extension: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - c:\docume~1\steve\applic~1\mozilla\firefox\profiles\18konbno.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-12-5 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-12-5 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-12-5 267944]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-12-5 60936]
R2 IOPort;IOPort;c:\windows\system32\drivers\IOPORT.SYS [1998-11-27 6144]
R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\nitro pdf\professional\NitroPDFDriverService.exe [2010-7-9 196928]
R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2010-7-9 65856]
R3 imvad_multi;NETGEAR Digital Entertainer Virtual Audio Device;c:\windows\system32\drivers\imvad.sys [2007-4-26 22600]
S2 DVR2INS;ADS Instant DVD 2.0;c:\windows\system32\drivers\dvr2ins.sys [2009-1-15 34792]
S3 APL531;CRS Photo Scanner;c:\windows\system32\drivers\ov550i.sys [2008-1-28 580992]
S3 ATICXCAP;ATI TV Wonder Pro A/V Capture;c:\windows\system32\drivers\aticxcap.sys [2009-1-15 175232]
S3 ATICXTUN;ATI TV Wonder 200 Tuner (Philips 1236 MK3);c:\windows\system32\drivers\aticxtun.sys [2009-1-15 29184]
S3 ATICXXBR;ATI TV Wonder 200 A/V Crossbar;c:\windows\system32\drivers\aticxxbr.sys [2009-1-15 9088]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-9-20 34248]
S3 rcp_service;ReaConverter scheduler service;c:\program files\reaconverter 5.5 pro\rcp_scheduler.exe [2007-11-30 558592]
S3 SBUSBAV;Video Blaster Editor;c:\windows\system32\drivers\sbusbav.sys [2009-9-16 104448]
S3 SureThing Labelflash service;SureThing Labelflash service;c:\program files\common files\surething shared\stllssvr.exe [2009-1-15 74384]
S3 WPEServ;soft Xpansion Print2Document;c:\program files\common files\wpe\wpeserv.exe [2010-3-7 323584]

=============== Created Last 30 ================

2010-12-05 18:05:48 -------- d-----w- c:\docume~1\steve\applic~1\Malwarebytes
2010-12-05 18:05:36 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-05 18:05:31 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-12-05 18:05:27 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-05 18:05:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-05 16:07:08 -------- d-----w- c:\docume~1\steve\applic~1\Avira
2010-12-05 16:05:56 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-12-05 16:05:55 -------- d-----w- c:\program files\Avira
2010-12-05 16:05:55 -------- d-----w- c:\docume~1\alluse~1\applic~1\Avira
2010-12-05 14:36:03 -------- d-sha-r- C:\cmdcons
2010-12-05 14:34:33 98816 ----a-w- c:\windows\sed.exe
2010-12-05 14:34:33 89088 ----a-w- c:\windows\MBR.exe
2010-12-05 14:34:33 256512 ----a-w- c:\windows\PEV.exe
2010-12-05 14:34:33 161792 ----a-w- c:\windows\SWREG.exe
2010-12-04 21:27:26 -------- d-----w- c:\program files\Free WMA to MP3 Converter
2010-12-04 13:52:58 -------- d-----w- c:\program files\CCleaner
2010-12-04 13:21:22 -------- d-----w- c:\docume~1\alluse~1\applic~1\FrontLine Registry Cleaner
2010-12-04 13:21:16 -------- d-----w- c:\program files\Frontline Registry Cleaner
2010-12-03 22:07:52 -------- d-----w- c:\program files\common files\Symantec Shared
2010-12-03 06:23:10 -------- d-----w- c:\docume~1\alluse~1\applic~1\Symantec
2010-12-03 06:23:10 -------- d-----w- c:\docume~1\alluse~1\applic~1\Norton
2010-12-03 06:23:07 -------- d-----w- c:\docume~1\alluse~1\applic~1\NortonInstaller
2010-12-03 04:50:48 -------- d-----w- c:\docume~1\steve\applic~1\Moyea
2010-12-03 04:50:43 -------- d-----w- c:\docume~1\steve\applic~1\Leawo
2010-12-03 04:50:33 165376 ----a-w- c:\windows\system32\unrar.dll
2010-12-03 04:50:27 606208 ----a-w- c:\windows\system32\xvidcore.dll
2010-12-03 04:47:09 -------- d-----w- c:\program files\Leawo
2010-12-03 04:47:09 -------- d-----w- c:\docume~1\alluse~1\applic~1\Leawo
2010-12-03 04:39:03 6144 ----a-w- c:\windows\system32\ff_acm.acm
2010-12-03 04:39:03 60273 ----a-w- c:\windows\system32\pthreadGC2.dll
2010-12-03 04:39:03 57344 ----a-w- c:\windows\system32\ff_vfw.dll
2010-12-03 04:39:03 258352 ----a-w- c:\windows\system32\unicows.dll
2010-12-03 04:23:47 -------- d-----w- C:\myyoutube
2010-12-03 04:09:04 -------- d-----w- c:\program files\You Tube Video Converter
2010-12-03 03:58:32 -------- d-----w- c:\docume~1\steve\applic~1\Xilisoft Corporation
2010-12-03 03:58:15 -------- d-----w- c:\program files\Xilisoft
2010-12-03 03:48:26 -------- d-----w- c:\program files\1-Click YouTube Downloader
2010-12-03 03:39:09 -------- d-----w- c:\program files\FoxTabFlvConverter
2010-12-03 03:17:44 -------- d-----w- c:\windows\system32\Adobe
2010-12-02 04:21:54 -------- d-----w- C:\New Folder (2)
2010-12-02 04:21:53 -------- d-----w- C:\New Folder
2010-11-30 00:29:34 -------- d-----w- c:\docume~1\alluse~1\applic~1\CA-SupportBridge

==================== Find3M ====================

2010-11-08 04:59:45 95568 ----a-w- c:\windows\system32\vetredir.dll
2010-11-08 04:59:45 128336 ----a-w- c:\windows\system32\isafeif.dll
2010-10-01 19:20:50 307200 ----a-w- c:\windows\system32\TubeFinder.exe
2010-09-24 15:16:18 272976 ----a-w- c:\windows\system32\UmxSbxw.dll
2010-09-24 15:16:18 113232 ----a-w- c:\windows\system32\UmxSbxExw.dll

============= FINISH: 20:37:55.51 ===============



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-05.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 1/14/2009 6:56:23 PM
System Uptime: 12/5/2010 12:48:20 PM (8 hours ago)

Motherboard: Intel Corporation | | D865PERL
Processor: Intel(R) Pentium(R) 4 CPU 2.60GHz | J2E1 | 2593/200mhz
Processor: Intel(R) Pentium(R) 4 CPU 2.60GHz | J2E1 | 2593/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 77 GiB total, 24.75 GiB free.
D: is FIXED (NTFS) - 932 GiB total, 761.414 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is FIXED (NTFS) - 112 GiB total, 111.721 GiB free.
H: is Removable
I: is Removable
J: is Removable
K: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: ATI TV Wonder 200 A/V Capture
Device ID: PCI\VEN_14F1&DEV_8800&SUBSYS_00F81002&REV_05\4&2E98101C&0&08F0
Manufacturer: ATI Technologies
Name: ATI TV Wonder 200 A/V Capture
PNP Device ID: PCI\VEN_14F1&DEV_8800&SUBSYS_00F81002&REV_05\4&2E98101C&0&08F0
Service: ATICXCAP

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: McAfee Inc. mferkdk
Device ID: ROOT\LEGACY_MFERKDK\0000
Manufacturer:
Name: McAfee Inc. mferkdk
PNP Device ID: ROOT\LEGACY_MFERKDK\0000
Service: mferkdk

==== System Restore Points ===================

RP371: 7/7/2010 1:54:47 AM - System Checkpoint
RP372: 7/8/2010 2:55:52 AM - System Checkpoint
RP373: 7/9/2010 3:54:48 AM - System Checkpoint
RP374: 7/10/2010 4:53:00 AM - System Checkpoint
RP375: 7/11/2010 5:52:52 AM - System Checkpoint
RP376: 7/12/2010 6:52:51 AM - System Checkpoint
RP377: 7/13/2010 7:34:37 AM - System Checkpoint
RP378: 7/14/2010 7:35:41 AM - System Checkpoint
RP379: 7/15/2010 8:22:42 AM - System Checkpoint
RP380: 7/16/2010 9:22:43 AM - System Checkpoint
RP381: 7/17/2010 9:24:39 AM - System Checkpoint
RP382: 7/18/2010 10:24:39 AM - System Checkpoint
RP383: 7/19/2010 11:24:39 AM - System Checkpoint
RP384: 7/20/2010 12:24:40 PM - System Checkpoint
RP385: 7/21/2010 12:25:44 PM - System Checkpoint
RP386: 7/22/2010 1:24:39 PM - System Checkpoint
RP387: 7/23/2010 2:25:45 PM - System Checkpoint
RP388: 7/24/2010 2:41:05 PM - System Checkpoint
RP389: 7/25/2010 2:53:05 PM - System Checkpoint
RP390: 7/26/2010 3:42:10 PM - System Checkpoint
RP391: 7/27/2010 4:41:05 PM - System Checkpoint
RP392: 7/28/2010 5:34:29 PM - System Checkpoint
RP393: 7/29/2010 6:01:35 PM - System Checkpoint
RP394: 7/30/2010 7:00:24 PM - System Checkpoint
RP395: 7/31/2010 8:01:28 PM - System Checkpoint
RP396: 8/1/2010 9:01:28 PM - System Checkpoint
RP397: 8/2/2010 11:13:19 PM - System Checkpoint
RP398: 8/4/2010 12:25:11 AM - System Checkpoint
RP399: 8/5/2010 1:06:38 AM - System Checkpoint
RP400: 8/6/2010 2:00:23 AM - System Checkpoint
RP401: 8/7/2010 2:58:49 AM - System Checkpoint
RP402: 8/8/2010 3:58:15 AM - System Checkpoint
RP403: 8/9/2010 5:23:41 AM - System Checkpoint
RP404: 8/10/2010 6:13:49 AM - System Checkpoint
RP405: 8/11/2010 7:03:28 AM - System Checkpoint
RP406: 8/12/2010 7:07:31 AM - System Checkpoint
RP407: 8/13/2010 7:26:48 AM - System Checkpoint
RP408: 8/14/2010 8:02:50 AM - System Checkpoint
RP409: 8/15/2010 9:02:49 AM - System Checkpoint
RP410: 8/16/2010 9:03:53 AM - System Checkpoint
RP411: 8/17/2010 10:02:50 AM - System Checkpoint
RP412: 8/18/2010 11:02:50 AM - System Checkpoint
RP413: 8/19/2010 11:16:52 AM - System Checkpoint
RP414: 8/20/2010 11:48:05 AM - System Checkpoint
RP415: 8/21/2010 12:16:52 PM - System Checkpoint
RP416: 8/22/2010 12:25:22 PM - System Checkpoint
RP417: 8/23/2010 2:01:28 PM - System Checkpoint
RP418: 8/24/2010 2:06:29 PM - System Checkpoint
RP419: 8/25/2010 3:06:30 PM - System Checkpoint
RP420: 8/26/2010 3:57:25 PM - System Checkpoint
RP421: 8/27/2010 4:34:24 PM - System Checkpoint
RP422: 8/28/2010 6:01:04 PM - System Checkpoint
RP423: 8/29/2010 6:33:19 PM - System Checkpoint
RP424: 8/30/2010 6:34:24 PM - System Checkpoint
RP425: 8/31/2010 7:10:41 PM - System Checkpoint
RP426: 9/1/2010 7:34:24 PM - System Checkpoint
RP427: 9/2/2010 7:43:26 PM - System Checkpoint
RP428: 9/3/2010 8:03:41 PM - System Checkpoint
RP429: 9/4/2010 8:27:53 PM - System Checkpoint
RP430: 9/5/2010 9:57:04 PM - System Checkpoint
RP431: 9/6/2010 10:01:12 PM - System Checkpoint
RP432: 9/7/2010 11:39:43 PM - System Checkpoint
RP433: 9/8/2010 11:58:52 PM - System Checkpoint
RP434: 9/10/2010 12:19:45 AM - System Checkpoint
RP435: 9/11/2010 1:36:52 AM - System Checkpoint
RP436: 9/12/2010 2:20:50 AM - System Checkpoint
RP437: 9/13/2010 3:19:45 AM - System Checkpoint
RP438: 9/14/2010 4:19:45 AM - System Checkpoint
RP439: 9/15/2010 5:40:00 AM - System Checkpoint
RP440: 9/16/2010 6:34:59 AM - System Checkpoint
RP441: 9/17/2010 6:41:58 AM - System Checkpoint
RP442: 9/18/2010 7:20:08 AM - System Checkpoint
RP443: 9/19/2010 9:13:27 AM - System Checkpoint
RP444: 9/20/2010 9:17:36 AM - System Checkpoint
RP445: 9/21/2010 9:54:45 AM - System Checkpoint
RP446: 9/21/2010 9:51:15 PM - Removed Adobe Reader 9.1.3.
RP447: 9/22/2010 10:46:32 PM - System Checkpoint
RP448: 9/23/2010 10:49:34 PM - System Checkpoint
RP449: 9/24/2010 11:48:29 PM - System Checkpoint
RP450: 9/25/2010 11:49:35 PM - System Checkpoint
RP451: 9/26/2010 11:23:46 PM - Installed Nitro PDF Professional
RP452: 9/27/2010 11:48:29 PM - System Checkpoint
RP453: 9/29/2010 12:24:49 AM - System Checkpoint
RP454: 9/30/2010 12:33:10 AM - System Checkpoint
RP455: 10/1/2010 1:33:09 AM - System Checkpoint
RP456: 10/2/2010 2:26:42 AM - System Checkpoint
RP457: 10/3/2010 3:21:30 AM - System Checkpoint
RP458: 10/4/2010 4:20:25 AM - System Checkpoint
RP459: 10/4/2010 10:35:45 AM - Removed Adobe Reader 9.2.
RP460: 10/4/2010 12:01:40 PM - CA Internet Security Suite
RP461: 11/28/2010 8:36:25 AM - Installed Connect Service
RP462: 11/29/2010 7:36:11 PM - CA Internet Security Suite
RP463: 12/2/2010 11:09:00 PM - Installed YouTube Video Converter
RP464: 12/4/2010 9:09:54 AM - CA Internet Security Suite
RP465: 12/4/2010 9:12:10 AM - CA Internet Security Suite
RP466: 12/4/2010 9:15:44 AM - Removed CA Personal Firewall.
RP467: 12/4/2010 9:27:57 AM - Removed CA Personal Firewall.
RP468: 12/5/2010 9:23:02 AM - Removed CA Personal Firewall.

==== Installed Programs ======================


Leawo FLV Converter version 3.0.0.1
1Click DVD Copy 5.8.8.9
1Click DVD Copy Pro 4.1.7.0
Adobe AIR
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Help Center 2.1
Adobe Photoshop CS2
Adobe Premiere Elements 3.0.2
Adobe Premiere Elements 3.0.2 Templates
Adobe Reader 9.3.4
Adobe Shockwave Player 11.5
Adobe Stock Photos 1.0
ADS Tech V3.6.1 Instant DVD CapWiz
Audio Converter
Avira AntiVir Personal - Free Antivirus
AVS Image Converter 1.1.3.71
AVS Update Manager 1.0
AVS4YOU Software Navigator 1.3
Brother HL-2040
CCleaner
CD Trustee
Compatibility Pack for the 2007 Office system
Corel VideoStudio 12
Creative System Information
CRS Photo Scanner
CyberPower PowerPanel Personal Edition 1.2.1
Driver Whiz
DVD43 v4.6.0
EPSON Print CD
EPSON Printer Software
Flash DVD Ripper
Flickr Uploadr 3.2.1
Free FLV Converter V 6.93.0
Free WMA to MP3 Converter 1.16
Google Chrome
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB954550-v5)
Intel(R) Desktop Control Center
Intel(R) Network Connections 12.4.38.0
iSEEK AnswerWorks English Runtime
Java Auto Updater
Java(TM) 6 Update 18
JPEG Lossless Rotator 6.6
Leawo Youtube Downloader Version: 3.1.1.4
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ Run Time Lib Setup
Mozilla Firefox (3.5.12)
MSXML 6.0 Parser (KB933579)
Nero 6 Ultra Edition
NETGEAR Digital Entertainer for Windows
Nitro PDF Professional
NVIDIA Drivers
Perfect PDF Creator Essentials
Pinnacle Hollywood FX for Edition
Pinnacle Liquid
Pixillion Image Converter
Plus! MP3 Audio Converter LE
Prism Video Converter
QuickTime
ReaConverter 5.5 Pro
SoundMAX
Spelling Dictionaries Support For Adobe Reader 9
SureThing CD Labeler Deluxe 5
Switch Sound File Converter
TitleDeko
TotalImageConverter
TurboTax 2009
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wnciper
TurboTax 2009 wrapper
Video Blaster Editor
VideoStudio
Wacom Tablet Driver
Walmart MP3 Music Downloads
WavePad Sound Editor
WebFldrs XP
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 2
Xilisoft YouTube Video Converter
YouTube Video Converter

==== Event Viewer Messages From Past Week ========

12/5/2010 9:36:57 AM, error: Service Control Manager [7034] - The PowerPanel Personal Edition Service service terminated unexpectedly. It has done this 1 time(s).
12/5/2010 9:36:02 AM, error: WMPNetworkSvc [14344] - A new media server was not initialized because WMCreateDeviceRegistration() encountered error '0xc00d2711'. The Windows Media DRM components on your computer might be corrupted. Verify that protected files play correctly in Windows Media Player, and then restart the WMPNetworkSvc service.
12/5/2010 9:35:32 AM, error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
12/5/2010 9:23:01 AM, error: DCOM [10000] - Unable to start a DCOM Server: {B8417502-7095-4D02-AF41-92134CEA5ED0}. The error: "%2" Happened while starting this command: C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.Exe -Embedding
12/5/2010 8:56:37 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss sf Tcpip
12/5/2010 12:47:23 PM, error: Service Control Manager [7034] - The Ulead Burning Helper service terminated unexpectedly. It has done this 1 time(s).
12/5/2010 12:47:22 PM, error: Service Control Manager [7034] - The TabletService service terminated unexpectedly. It has done this 1 time(s).
12/5/2010 12:47:22 PM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
12/5/2010 12:47:22 PM, error: Service Control Manager [7034] - The NLS Service service terminated unexpectedly. It has done this 1 time(s).
12/5/2010 12:47:22 PM, error: Service Control Manager [7034] - The NitroPDFDriverCreatorReadSpool service terminated unexpectedly. It has done this 1 time(s).
12/5/2010 12:47:22 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
12/5/2010 12:00:44 PM, error: Service Control Manager [7034] - The MS Software Shadow Copy Provider service terminated unexpectedly. It has done this 12 time(s).
12/5/2010 11:59:50 AM, error: Service Control Manager [7034] - The MS Software Shadow Copy Provider service terminated unexpectedly. It has done this 11 time(s).
12/5/2010 11:59:49 AM, error: Service Control Manager [7034] - The MS Software Shadow Copy Provider service terminated unexpectedly. It has done this 10 time(s).
12/5/2010 11:18:24 AM, error: Service Control Manager [7034] - The MS Software Shadow Copy Provider service terminated unexpectedly. It has done this 9 time(s).
12/5/2010 11:16:38 AM, error: Service Control Manager [7034] - The MS Software Shadow Copy Provider service terminated unexpectedly. It has done this 8 time(s).
12/5/2010 11:15:31 AM, error: Service Control Manager [7034] - The COM+ System Application service terminated unexpectedly. It has done this 5 time(s).
12/5/2010 11:15:26 AM, error: Service Control Manager [7034] - The MS Software Shadow Copy Provider service terminated unexpectedly. It has done this 7 time(s).
12/5/2010 11:15:25 AM, error: Service Control Manager [7034] - The MS Software Shadow Copy Provider service terminated unexpectedly. It has done this 6 time(s).
12/5/2010 11:15:25 AM, error: Service Control Manager [7034] - The MS Software Shadow Copy Provider service terminated unexpectedly. It has done this 5 time(s).
12/5/2010 11:09:41 AM, error: Service Control Manager [7034] - The MS Software Shadow Copy Provider service terminated unexpectedly. It has done this 4 time(s).
12/5/2010 11:07:53 AM, error: Service Control Manager [7034] - The COM+ System Application service terminated unexpectedly. It has done this 4 time(s).
12/5/2010 11:07:47 AM, error: Service Control Manager [7034] - The MS Software Shadow Copy Provider service terminated unexpectedly. It has done this 3 time(s).
12/5/2010 11:07:47 AM, error: Service Control Manager [7034] - The COM+ System Application service terminated unexpectedly. It has done this 3 time(s).
12/5/2010 11:07:46 AM, error: Service Control Manager [7034] - The MS Software Shadow Copy Provider service terminated unexpectedly. It has done this 2 time(s).
12/5/2010 11:07:46 AM, error: Service Control Manager [7031] - The COM+ System Application service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
12/5/2010 11:07:45 AM, error: Service Control Manager [7034] - The MS Software Shadow Copy Provider service terminated unexpectedly. It has done this 1 time(s).
12/5/2010 11:07:45 AM, error: Service Control Manager [7031] - The COM+ System Application service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
12/5/2010 11:03:44 AM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: The referenced assembly is not installed on your system. .
12/5/2010 11:03:44 AM, error: SideBySide [59] - Generate Activation Context failed for C:\DOCUME~1\Steve\LOCALS~1\Temp\RarSFX0\redist.dll. Reference error message: The operation completed successfully. .
12/5/2010 11:03:44 AM, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system.
12/3/2010 5:15:08 PM, error: Service Control Manager [7034] - The Intuit Update Service service terminated unexpectedly. It has done this 1 time(s).
12/1/2010 9:51:52 PM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer POMP-LAPTOP that believes that it is the master browser for the domain on transport NetBT_Tcpip_{2B8285C0-7D77-48. The master browser is stopping or an election is being forced.
11/29/2010 8:54:43 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {9B1F122C-2982-4E91-AA8B-E071D54F2A4D}
11/29/2010 8:54:37 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
11/29/2010 8:54:31 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service CaCCProvSP with arguments "" in order to run the server: {AACF4A1C-BC69-4359-9518-DF3F77E462BF}
11/29/2010 8:54:22 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service UmxCfg with arguments "" in order to run the server: {8449273F-059F-4B7C-BF37-2E3C028E93D2}
11/29/2010 8:54:22 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service UmxCfg with arguments "" in order to run the server: {5EBFD120-E4FE-46C5-8E21-05D903BAAEEC}
11/29/2010 8:54:20 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
11/29/2010 8:46:50 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
11/29/2010 7:42:24 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm KmxAgent KmxFile KmxFw KmxStart sf
11/29/2010 7:42:06 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/29/2010 7:41:44 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service UmxPol with arguments "-Service" in order to run the server: {4C89C3FD-5F94-4678-BBB5-F64759C3C54A}
11/29/2010 7:37:14 PM, error: System Error [1003] - Error code 1000000a, parameter1 00000017, parameter2 0000001c, parameter3 00000000, parameter4 804e63a3.
11/29/2010 7:35:27 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: KmxAgent KmxFile
11/29/2010 7:33:30 PM, error: Service Control Manager [7000] - The KmxCF service failed to start due to the following error: A device attached to the system is not functioning.
11/29/2010 7:13:20 PM, error: Service Control Manager [7022] - The TabletService service hung on starting.
11/29/2010 7:11:19 PM, error: Service Control Manager [7000] - The ADS Instant DVD 2.0 service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
11/28/2010 8:28:52 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service UmxCfg with arguments "" in order to run the server: {B8417502-7095-4D02-AF41-92134CEA5ED0}
11/28/2010 8:28:01 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
11/28/2010 8:24:42 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec KmxAgent KmxFile KmxFw KmxStart MRxSmb NetBIOS NetBT RasAcd Rdbss sf Tcpip
11/28/2010 8:24:42 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.
11/28/2010 8:24:42 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/28/2010 8:24:42 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/28/2010 8:24:42 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.

==== End Of File ===========================
 
Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

======================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AVG Remover to uninstall it: http://www.avg.com/us-en/download-tools
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.pif
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
Broni,

REALLY apppreciate your help ..... hopefully we can kill this beast soon.

Steve

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 2 (build 2600)
Logical Drives Mask: 0x000007fd

Kernel Drivers (total 138):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x80701000 \WINDOWS\system32\hal.dll
0xF7987000 \WINDOWS\system32\KDCOM.DLL
0xF7897000 \WINDOWS\system32\BOOTVID.dll
0xF75A8000 ACPI.sys
0xF7989000 \WINDOWS\System32\DRIVERS\WMILIB.SYS
0xF7597000 pci.sys
0xF75F7000 isapnp.sys
0xF7607000 ohci1394.sys
0xF7617000 \WINDOWS\System32\DRIVERS\1394BUS.SYS
0xF789B000 compbatt.sys
0xF789F000 \WINDOWS\System32\DRIVERS\BATTC.SYS
0xF7A4F000 pciide.sys
0xF7707000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
0xF7627000 MountMgr.sys
0xF74D8000 ftdisk.sys
0xF798B000 dmload.sys
0xF74B2000 dmio.sys
0xF770F000 PartMgr.sys
0xF7637000 VolSnap.sys
0xF749A000 atapi.sys
0xF7647000 disk.sys
0xF7657000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
0xF747B000 fltmgr.sys
0xF7469000 sr.sys
0xF7717000 PxHelp20.sys
0xF7452000 KSecDD.sys
0xF743F000 WudfPf.sys
0xF798D000 PenClass.sys
0xF7B52000 Ntfs.sys
0xF7412000 NDIS.sys
0xF787C000 Mup.sys
0xF7667000 agp440.sys
0xBA051000 \SystemRoot\system32\DRIVERS\SMBios.sys
0xF7697000 \SystemRoot\System32\DRIVERS\intelppm.sys
0xB9979000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xB9965000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF775F000 \SystemRoot\System32\DRIVERS\usbuhci.sys
0xB9942000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
0xF7767000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF76A7000 \SystemRoot\System32\DRIVERS\nic1394.sys
0xB991B000 \SystemRoot\system32\DRIVERS\e100b325.sys
0xF76B7000 \SystemRoot\System32\DRIVERS\i8042prt.sys
0xF776F000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xF7777000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xF777F000 \SystemRoot\System32\DRIVERS\fdc.sys
0xF76C7000 \SystemRoot\System32\DRIVERS\serial.sys
0xBA7A4000 \SystemRoot\System32\DRIVERS\serenum.sys
0xB9907000 \SystemRoot\System32\DRIVERS\parport.sys
0xF76D7000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF7787000 \SystemRoot\system32\drivers\Afc.sys
0xF778F000 \SystemRoot\System32\DRIVERS\dvd43llh.sys
0xF7797000 \SystemRoot\system32\drivers\ASAPIW2k.sys
0xF76E7000 \SystemRoot\System32\DRIVERS\cdrom.sys
0xF76F7000 \SystemRoot\System32\DRIVERS\redbook.sys
0xB98E4000 \SystemRoot\System32\DRIVERS\ks.sys
0xB98A4000 \SystemRoot\system32\drivers\smwdm.sys
0xB9880000 \SystemRoot\system32\drivers\portcls.sys
0xF7587000 \SystemRoot\system32\drivers\drmk.sys
0xB9860000 \SystemRoot\system32\drivers\aeaudio.sys
0xB9802000 \SystemRoot\system32\drivers\senfilt.sys
0xF779F000 \SystemRoot\system32\drivers\sf.sys
0xF77A7000 \SystemRoot\system32\drivers\imvad.sys
0xF7A5A000 \SystemRoot\System32\DRIVERS\audstub.sys
0xF7577000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xBA794000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xB97EB000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xF7567000 \SystemRoot\System32\DRIVERS\raspppoe.sys
0xF7557000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xF77AF000 \SystemRoot\System32\DRIVERS\TDI.SYS
0xB97DA000 \SystemRoot\System32\DRIVERS\psched.sys
0xF7547000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xF77B7000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xF77BF000 \SystemRoot\System32\DRIVERS\raspti.sys
0xF7537000 \SystemRoot\System32\Drivers\pcouffin.sys
0xB97A9000 \SystemRoot\System32\DRIVERS\rdpdr.sys
0xF7527000 \SystemRoot\System32\DRIVERS\termdd.sys
0xF79D7000 \SystemRoot\System32\DRIVERS\swenum.sys
0xB9775000 \SystemRoot\System32\DRIVERS\update.sys
0xBA343000 \SystemRoot\System32\DRIVERS\mssmbios.sys
0xF7517000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF7507000 \SystemRoot\System32\DRIVERS\usbhub.sys
0xF79EF000 \SystemRoot\System32\DRIVERS\USBD.SYS
0xF77D7000 \SystemRoot\System32\DRIVERS\flpydisk.sys
0xF79F3000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xB96D0000 \SystemRoot\System32\Drivers\Null.SYS
0xF79F5000 \SystemRoot\System32\Drivers\Beep.SYS
0xF77E7000 \SystemRoot\System32\drivers\vga.sys
0xF79F7000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF79F9000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF77EF000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF77F7000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF794B000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xB74CE000 \SystemRoot\System32\DRIVERS\ipsec.sys
0xB7476000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xB7455000 \SystemRoot\System32\DRIVERS\ipnat.sys
0xB742D000 \SystemRoot\System32\DRIVERS\netbt.sys
0xBA780000 \SystemRoot\System32\DRIVERS\wanarp.sys
0xB740B000 \SystemRoot\System32\drivers\afd.sys
0xBA770000 \SystemRoot\System32\DRIVERS\netbios.sys
0xBA760000 \SystemRoot\System32\DRIVERS\arp1394.sys
0xF780F000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0xBA7C8000 \SystemRoot\System32\DRIVERS\hidusb.sys
0xBA740000 \SystemRoot\System32\DRIVERS\HIDCLASS.SYS
0xF7817000 \SystemRoot\System32\DRIVERS\HIDPARSE.SYS
0xB738F000 \SystemRoot\System32\DRIVERS\rdbss.sys
0xB7320000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0xBA700000 \SystemRoot\System32\Drivers\Fips.SYS
0xB72FD000 \SystemRoot\system32\DRIVERS\avipbb.sys
0xBA039000 \SystemRoot\System32\DRIVERS\usbprint.sys
0xB9FF1000 \SystemRoot\System32\DRIVERS\USBSTOR.SYS
0xBA0C1000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB72BD000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF79A3000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF77DF000 \SystemRoot\System32\watchdog.sys
0xB7511000 \SystemRoot\System32\drivers\Dxapi.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xB970F000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xB6F60000 \SystemRoot\System32\DRIVERS\ndisuio.sys
0xB6BEA000 \SystemRoot\system32\drivers\wdmaud.sys
0xB6EBF000 \SystemRoot\system32\drivers\sysaudio.sys
0xB6983000 \SystemRoot\System32\DRIVERS\mrxdav.sys
0xB73C3000 \SystemRoot\System32\drivers\BrPar.sys
0xB9F77000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xF77CF000 \??\C:\WINDOWS\system32\DRIVERS\IOPORT.SYS
0xB63F3000 \SystemRoot\System32\DRIVERS\srv.sys
0xF77C7000 \SystemRoot\System32\Drivers\TDTCP.SYS
0xB588F000 \SystemRoot\System32\Drivers\RDPWD.SYS
0xB57AE000 \SystemRoot\System32\Drivers\HTTP.sys
0xB4C04000 \??\C:\DOCUME~1\Steve\LOCALS~1\Temp\uxtdypow.sys
0xB4C7E000 \??\C:\DOCUME~1\Steve\LOCALS~1\Temp\mbr.sys
0xB4BE1000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xB4AEE000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xB3C20000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 41):
0 System Idle Process
4 System
632 C:\WINDOWS\system32\smss.exe
684 csrss.exe
708 C:\WINDOWS\system32\winlogon.exe
756 C:\WINDOWS\system32\services.exe
768 C:\WINDOWS\system32\lsass.exe
960 C:\WINDOWS\system32\svchost.exe
1032 svchost.exe
1128 C:\WINDOWS\system32\svchost.exe
1168 C:\WINDOWS\system32\svchost.exe
1216 svchost.exe
1328 svchost.exe
1544 C:\WINDOWS\system32\spoolsv.exe
1628 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1808 C:\WINDOWS\explorer.exe
128 C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S4I2H1.EXE
260 C:\WINDOWS\OV550EM.exe
268 C:\Program Files\Common Files\Java\Java Update\jusched.exe
276 C:\WINDOWS\system32\rundll32.exe
336 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
432 C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe
452 C:\Program Files\NETGEAR\NETGEAR Digital Entertainer for Windows\receiver.exe
472 C:\Program Files\Windows Media Player\wmpnscfg.exe
912 C:\WINDOWS\system32\WTablet\TabUserW.exe
1580 C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
1712 C:\Program Files\Java\jre6\bin\jqs.exe
1464 C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe
2144 C:\WINDOWS\system32\NLSSRV32.EXE
2156 C:\WINDOWS\system32\nvsvc32.exe
2176 C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe
2368 C:\WINDOWS\system32\svchost.exe
2416 C:\WINDOWS\system32\Tablet.exe
2628 C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
3256 C:\WINDOWS\system32\wscntfy.exe
2260 C:\WINDOWS\system32\svchost.exe
3580 wmpnetwk.exe
4060 alg.exe
3384 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
2352 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
3856 C:\Documents and Settings\Steve\My Documents\Downloads\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive2 at offset 0x00000000`00007e00 (NTFS)
\\.\G: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive1 Model Number: HDS722580VLSA80, Rev: V32OA60A
PhysicalDrive2 Model Number: ST31000340AS, Rev: SD15
PhysicalDrive0 Model Number: WDCWD1200BB-22CAA0, Rev: 16.06V16

Size Device Name MBR Status
--------------------------------------------
76 GB \\.\PhysicalDrive1 MBR Code Faked (known infection: Whistler / Black Internet)!
SHA1: ED0B19E36914D028E2802BBB4AC96BBF34B6CF5B
931 GB \\.\PhysicalDrive2 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
111 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!



ComboFix 10-12-06.01 - Steve 12/06/2010 21:40:44.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3070.2302 [GMT -5:00]
Running from: c:\documents and settings\Steve\My Documents\Downloads\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: CA Personal Firewall *enabled* {38102F93-1B6E-4922-90E1-A35D8DC6DAA3}
.

((((((((((((((((((((((((( Files Created from 2010-11-07 to 2010-12-07 )))))))))))))))))))))))))))))))
.

2010-12-05 18:05 . 2010-12-05 18:05 -------- d-----w- c:\documents and settings\Steve\Application Data\Malwarebytes
2010-12-05 18:05 . 2010-11-29 22:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-05 18:05 . 2010-12-05 18:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-12-05 18:05 . 2010-12-05 18:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-05 18:05 . 2010-11-29 22:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-05 16:07 . 2010-12-05 16:07 -------- d-----w- c:\documents and settings\Steve\Application Data\Avira
2010-12-05 16:05 . 2010-12-06 17:49 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-12-05 16:05 . 2010-08-02 21:10 126856 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-12-05 16:05 . 2010-06-17 20:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-12-05 16:05 . 2010-06-17 20:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-12-05 16:05 . 2010-12-05 16:05 -------- d-----w- c:\program files\Avira
2010-12-05 16:05 . 2010-12-05 16:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-12-04 21:27 . 2010-12-04 21:27 -------- d-----w- c:\program files\Free WMA to MP3 Converter
2010-12-04 13:52 . 2010-12-04 13:52 -------- d-----w- c:\program files\CCleaner
2010-12-04 13:21 . 2010-12-04 13:21 -------- d-----w- c:\documents and settings\All Users\Application Data\FrontLine Registry Cleaner
2010-12-04 13:21 . 2010-12-05 18:54 -------- d-----w- c:\program files\Frontline Registry Cleaner
2010-12-03 22:07 . 2010-12-04 14:07 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-12-03 06:23 . 2010-12-04 14:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-12-03 06:23 . 2010-12-03 06:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-12-03 04:50 . 2010-12-03 04:50 -------- d-----w- c:\documents and settings\Steve\Application Data\Moyea
2010-12-03 04:50 . 2010-12-03 04:50 -------- d-----w- c:\documents and settings\Steve\Application Data\Leawo
2010-12-03 04:50 . 2010-03-15 09:31 165376 ----a-w- c:\windows\system32\unrar.dll
2010-12-03 04:50 . 2008-10-08 14:45 606208 ----a-w- c:\windows\system32\xvidcore.dll
2010-12-03 04:47 . 2010-12-03 04:50 -------- d-----w- c:\program files\Leawo
2010-12-03 04:47 . 2010-12-03 04:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Leawo
2010-12-03 04:39 . 2008-12-18 06:22 57344 ----a-w- c:\windows\system32\ff_vfw.dll
2010-12-03 04:39 . 2008-06-16 02:13 6144 ----a-w- c:\windows\system32\ff_acm.acm
2010-12-03 04:39 . 2008-06-15 15:01 60273 ----a-w- c:\windows\system32\pthreadGC2.dll
2010-12-03 04:39 . 2008-06-15 15:01 258352 ----a-w- c:\windows\system32\unicows.dll
2010-12-03 04:23 . 2010-12-03 04:28 -------- d-----w- C:\myyoutube
2010-12-03 04:09 . 2010-12-05 18:54 -------- d-----w- c:\program files\You Tube Video Converter
2010-12-03 03:58 . 2010-12-03 03:58 -------- d-----w- c:\documents and settings\Steve\Application Data\Xilisoft Corporation
2010-12-03 03:58 . 2010-12-03 03:58 -------- d-----w- c:\program files\Xilisoft
2010-12-03 03:48 . 2010-12-05 16:13 -------- d-----w- c:\program files\1-Click YouTube Downloader
2010-12-03 03:39 . 2010-12-03 03:39 -------- d-----w- c:\program files\FoxTabFlvConverter
2010-12-03 03:17 . 2010-12-03 03:17 -------- d-----w- c:\windows\system32\Adobe
2010-12-02 04:21 . 2010-12-02 04:21 -------- d-----w- C:\New Folder (2)
2010-12-02 04:21 . 2010-12-02 04:21 -------- d-----w- C:\New Folder
2010-11-30 00:29 . 2010-11-30 00:29 -------- d-----w- c:\documents and settings\All Users\Application Data\CA-SupportBridge
2010-11-28 13:23 . 2010-11-28 13:23 -------- d-----w- c:\documents and settings\Administrator

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-08 04:59 . 2010-10-04 16:02 95568 ----a-w- c:\windows\system32\vetredir.dll
2010-11-08 04:59 . 2010-10-04 16:02 128336 ----a-w- c:\windows\system32\isafeif.dll
2010-10-01 19:20 . 2009-02-24 00:11 307200 ----a-w- c:\windows\system32\TubeFinder.exe
2010-09-24 15:16 . 2010-09-24 15:16 272976 ----a-w- c:\windows\system32\UmxSbxw.dll
2010-09-24 15:16 . 2010-09-24 15:16 113232 ----a-w- c:\windows\system32\UmxSbxExw.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-12-05_14.42.31 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-12 05:02 . 2009-07-12 05:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
+ 2009-07-12 05:05 . 2009-07-12 05:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
+ 2009-07-12 05:05 . 2009-07-12 05:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
+ 2010-12-05 17:49 . 2010-12-05 17:49 16384 c:\windows\Temp\Perflib_Perfdata_6b0.dat
+ 2010-12-05 16:05 . 2010-06-17 20:27 28520 c:\windows\system32\drivers\ssmdrv.sys
+ 2009-07-12 05:02 . 2009-07-12 05:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
+ 2009-07-12 05:05 . 2009-07-12 05:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
+ 2010-12-05 16:03 . 2010-12-05 16:03 219648 c:\windows\Installer\57c65c.msi
+ 2009-07-12 05:02 . 2009-07-12 05:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PowerPanel Personal Edition User Interaction"="c:\program files\CyberPower PowerPanel Personal Edition\pppeuser.exe" [2007-12-07 315392]
"scheduler_monitor"="c:\program files\ReaConverter 5.5 Pro\init_scheduler.exe" [2007-06-15 27136]
"NETGEARDigitalEntertainer"="c:\program files\NETGEAR\NETGEAR Digital Entertainer for Windows\receiver.exe" [2009-04-29 3498712]
"Google Update"="c:\documents and settings\Steve\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-09-08 136176]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"nwiz"="nwiz.exe" [2008-10-07 1630208]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-07-27 1388544]
"EPSON Stylus Photo R200 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE" [2003-07-08 99840]
"UVS12 Preload"="c:\program files\Corel\Corel VideoStudio 12\uvPL.exe" [2008-06-09 397456]
"dvd43"="c:\program files\dvd43\dvd43_tray.exe" [2009-10-24 827904]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2004-03-10 406016]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Ovt Wia"="c:\windows\OV550EM.exe" [2008-01-28 36864]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-02 281768]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
TabUserW.exe.lnk - c:\windows\system32\WTablet\TabUserW.exe [2009-1-15 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\UmxSbxExw.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"McSysmon"=3 (0x3)
"McShield"=2 (0x2)
"McProxy"=2 (0x2)
"McODS"=3 (0x3)
"McNASvc"=2 (0x2)
"mcmscsvc"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiMalware]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Liquid.6\\Program\\RM.exe"=
"c:\\Program Files\\Liquid.6\\Program\\Studiou.mod"=
"c:\\Program Files\\NETGEAR\\NETGEAR Digital Entertainer for Windows\\receiver.exe"=
"c:\\Program Files\\NETGEAR\\NETGEAR Digital Entertainer for Windows\\tagtool.exe"=
"c:\\Program Files\\NETGEAR\\NETGEAR Digital Entertainer for Windows\\sjcmdwiz.exe"=
"c:\\Program Files\\NETGEAR\\NETGEAR Digital Entertainer for Windows\\ffmpeg.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1250:TCP"= 1250:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
"4294:TCP"= 4294:TCP:Akamai NetSession Interface
"4418:TCP"= 4418:TCP:Akamai NetSession Interface
"4428:TCP"= 4428:TCP:Akamai NetSession Interface
"4478:TCP"= 4478:TCP:Akamai NetSession Interface
"1065:TCP"= 1065:TCP:Akamai NetSession Interface
"1079:TCP"= 1079:TCP:Akamai NetSession Interface
"1094:TCP"= 1094:TCP:Akamai NetSession Interface
"1117:TCP"= 1117:TCP:Akamai NetSession Interface
"1792:TCP"= 1792:TCP:Akamai NetSession Interface
"3316:TCP"= 3316:TCP:Akamai NetSession Interface
"1293:TCP"= 1293:TCP:Akamai NetSession Interface
"1302:TCP"= 1302:TCP:Akamai NetSession Interface
"1312:TCP"= 1312:TCP:Akamai NetSession Interface
"1355:TCP"= 1355:TCP:Akamai NetSession Interface
"2330:TCP"= 2330:TCP:Akamai NetSession Interface
"2784:TCP"= 2784:TCP:Akamai NetSession Interface
"2792:TCP"= 2792:TCP:Akamai NetSession Interface
"3230:TCP"= 3230:TCP:Akamai NetSession Interface
"3288:TCP"= 3288:TCP:Akamai NetSession Interface
"4038:TCP"= 4038:TCP:Akamai NetSession Interface
"1152:TCP"= 1152:TCP:Akamai NetSession Interface
"3730:TCP"= 3730:TCP:Akamai NetSession Interface
"1220:TCP"= 1220:TCP:Akamai NetSession Interface
"2241:TCP"= 2241:TCP:Akamai NetSession Interface
"2830:TCP"= 2830:TCP:Akamai NetSession Interface
"2538:TCP"= 2538:TCP:Akamai NetSession Interface
"4969:TCP"= 4969:TCP:Akamai NetSession Interface
"1151:TCP"= 1151:TCP:Akamai NetSession Interface
"1262:TCP"= 1262:TCP:Akamai NetSession Interface
"1456:TCP"= 1456:TCP:Akamai NetSession Interface
"4270:TCP"= 4270:TCP:Akamai NetSession Interface
"1294:TCP"= 1294:TCP:Akamai NetSession Interface
"1790:TCP"= 1790:TCP:Akamai NetSession Interface
"2261:TCP"= 2261:TCP:Akamai NetSession Interface
"1679:TCP"= 1679:TCP:Akamai NetSession Interface
"2682:TCP"= 2682:TCP:Akamai NetSession Interface
"3153:TCP"= 3153:TCP:Akamai NetSession Interface
"2334:TCP"= 2334:TCP:Akamai NetSession Interface
"3863:TCP"= 3863:TCP:Akamai NetSession Interface
"4888:TCP"= 4888:TCP:Akamai NetSession Interface
"2463:TCP"= 2463:TCP:Akamai NetSession Interface
"2471:TCP"= 2471:TCP:Akamai NetSession Interface
"3410:TCP"= 3410:TCP:Akamai NetSession Interface
"4272:TCP"= 4272:TCP:Akamai NetSession Interface
"4774:TCP"= 4774:TCP:Akamai NetSession Interface
"3705:TCP"= 3705:TCP:Akamai NetSession Interface
"3715:TCP"= 3715:TCP:Akamai NetSession Interface
"4033:TCP"= 4033:TCP:Akamai NetSession Interface
"1378:TCP"= 1378:TCP:Akamai NetSession Interface
"1793:TCP"= 1793:TCP:Akamai NetSession Interface
"2270:TCP"= 2270:TCP:Akamai NetSession Interface
"2712:TCP"= 2712:TCP:Akamai NetSession Interface
"4046:TCP"= 4046:TCP:Akamai NetSession Interface
"4929:TCP"= 4929:TCP:Akamai NetSession Interface
"3244:TCP"= 3244:TCP:Akamai NetSession Interface
"3630:TCP"= 3630:TCP:Akamai NetSession Interface
"4335:TCP"= 4335:TCP:Akamai NetSession Interface
"3139:TCP"= 3139:TCP:Akamai NetSession Interface
"4431:TCP"= 4431:TCP:Akamai NetSession Interface
"4555:TCP"= 4555:TCP:Akamai NetSession Interface
"1139:TCP"= 1139:TCP:Akamai NetSession Interface
"1285:TCP"= 1285:TCP:Akamai NetSession Interface
"2164:TCP"= 2164:TCP:Akamai NetSession Interface
"<NO NAME>"=
"49152:UDP"= 49152:UDP:UDP49152
"49153:UDP"= 49153:UDP:UDP49153
"49154:UDP"= 49154:UDP:UDP49154
"49155:UDP"= 49155:UDP:UDP49155
"49156:TCP"= 49156:TCP:TCP49156
"49158:TCP"= 49158:TCP:TCP49158
"49159:TCP"= 49159:TCP:TCP49159
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"5194:TCP"= 5194:TCP:Services
"8888:TCP"= 8888:TCP:Services
"6776:TCP"= 6776:TCP:Services
"6777:TCP"= 6777:TCP:Services
"5868:TCP"= 5868:TCP:Services
"5869:TCP"= 5869:TCP:Services
"8465:TCP"= 8465:TCP:Services
"8466:TCP"= 8466:TCP:Services

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [12/5/2010 11:05 AM 135336]
R2 IOPort;IOPort;c:\windows\system32\drivers\IOPORT.SYS [11/27/1998 3:57 PM 6144]
R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\Nitro PDF\Professional\NitroPDFDriverService.exe [7/9/2010 11:40 AM 196928]
R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [7/9/2010 11:40 AM 65856]
R3 imvad_multi;NETGEAR Digital Entertainer Virtual Audio Device;c:\windows\system32\drivers\imvad.sys [4/26/2007 12:35 PM 22600]
S2 DVR2INS;ADS Instant DVD 2.0;c:\windows\system32\drivers\dvr2ins.sys [1/15/2009 4:43 PM 34792]
S3 APL531;CRS Photo Scanner;c:\windows\system32\drivers\ov550i.sys [1/28/2008 8:53 AM 580992]
S3 ATICXCAP;ATI TV Wonder Pro A/V Capture;c:\windows\system32\drivers\aticxcap.sys [1/15/2009 3:00 PM 175232]
S3 ATICXTUN;ATI TV Wonder 200 Tuner (Philips 1236 MK3);c:\windows\system32\drivers\aticxtun.sys [1/15/2009 3:01 PM 29184]
S3 ATICXXBR;ATI TV Wonder 200 A/V Crossbar;c:\windows\system32\drivers\aticxxbr.sys [1/15/2009 3:01 PM 9088]
S3 rcp_service;ReaConverter scheduler service;c:\program files\ReaConverter 5.5 Pro\rcp_scheduler.exe [11/30/2007 11:27 AM 558592]
S3 SBUSBAV;Video Blaster Editor;c:\windows\system32\drivers\sbusbav.sys [9/16/2009 8:15 PM 104448]
S3 SureThing Labelflash service;SureThing Labelflash service;c:\program files\Common Files\SureThing Shared\stllssvr.exe [1/15/2009 3:37 PM 74384]
S3 WPEServ;soft Xpansion Print2Document;c:\program files\Common Files\WPE\wpeserv.exe [3/7/2010 8:15 AM 323584]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - SSMDRV
*NewlyCreated* - UXTDYPOW
*Deregistered* - uxtdypow
.
Contents of the 'Scheduled Tasks' folder

2010-12-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-1647877149-725345543-1003Core.job
- c:\documents and settings\Steve\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-08 01:56]

2010-12-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-1647877149-725345543-1003UA.job
- c:\documents and settings\Steve\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-08 01:56]

2010-12-04 c:\windows\Tasks\wavepadDowngrade.job
- c:\program files\NCH Swift Sound\WavePad\wavepad.exe [2010-04-29 10:58]

2010-12-04 c:\windows\Tasks\wavepadShakeIcon.job
- c:\program files\NCH Swift Sound\WavePad\wavepad.exe [2010-04-29 10:58]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: Download with Xilisoft YouTube Video Converter - c:\program files\Xilisoft\YouTube Video Converter\upod_link.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: intuit.com\ttlc
FF - ProfilePath - c:\documents and settings\Steve\Application Data\Mozilla\Firefox\Profiles\18konbno.default\
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=867034&p=
FF - plugin: c:\documents and settings\Steve\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Extension: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - c:\documents and settings\Steve\Application Data\Mozilla\Firefox\Profiles\18konbno.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-06 21:46
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2000478354-1647877149-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{088BEC22-1854-4EEE-1509-9A64DC6C441F}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"eajdpdaekb"=hex:66,61,64,70,6d,65,68,6b,64,65,62,64,00,31
"daidehao"=hex:64,62,66,6e,69,64,70,61,6b,66,6b,62,65,67,6f,6d,6f,63,6b,6f,65,
66,6c,6d,6c,67,6c,6b,65,68,6a,6c,67,70,6a,62,68,68,68,6b,00,00
"iabohmpmmgdfpgijlp"=hex:69,61,62,64,69,70,6f,6c,6e,65,6b,66,70,69,6a,66,6b,63,
00,00
"halnicaagkhaolhi"=hex:69,61,61,64,62,6b,70,6e,6f,6c,67,6f,6f,6d,6b,66,6e,6a,
00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1380)
c:\windows\system32\tabhook.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-12-06 21:49:00
ComboFix-quarantined-files.txt 2010-12-07 02:48
ComboFix2.txt 2010-12-05 15:17
ComboFix3.txt 2010-12-05 14:44

Pre-Run: 26,475,089,920 bytes free
Post-Run: 26,460,938,240 bytes free

- - End Of File - - 7F36F528C2D6D905E6D3D1360E877099
 
I can see, you ran Combofix on your own. Never a good idea.

Go to C:\Qoobox and post ComboFix2.txt and ComboFix3.txt logs.
 
Yep ....struggling before I found someone as compentent as yourself to help.

Steve


ComboFix 10-12-04.01 - Steve 12/05/2010 10:10:41.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3070.2633 [GMT -5:00]
Running from: c:\documents and settings\Steve\My Documents\Downloads\ComboFix.exe
Command switches used :: /u
FW: CA Personal Firewall *enabled* {38102F93-1B6E-4922-90E1-A35D8DC6DAA3}
.

((((((((((((((((((((((((( Files Created from 2010-11-05 to 2010-12-05 )))))))))))))))))))))))))))))))
.

2010-12-04 21:27 . 2010-12-04 21:27 -------- d-----w- c:\program files\Free WMA to MP3 Converter
2010-12-04 13:52 . 2010-12-04 13:52 -------- d-----w- c:\program files\CCleaner
2010-12-04 13:21 . 2010-12-04 13:21 -------- d-----w- c:\documents and settings\All Users\Application Data\FrontLine Registry Cleaner
2010-12-04 13:21 . 2010-12-04 13:21 -------- d-----w- c:\program files\Frontline Registry Cleaner
2010-12-03 22:07 . 2010-12-04 14:07 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-12-03 06:23 . 2010-12-04 14:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-12-03 06:23 . 2010-12-03 06:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-12-03 04:50 . 2010-12-03 04:50 -------- d-----w- c:\documents and settings\Steve\Application Data\Moyea
2010-12-03 04:50 . 2010-12-03 04:50 -------- d-----w- c:\documents and settings\Steve\Application Data\Leawo
2010-12-03 04:50 . 2010-03-15 09:31 165376 ----a-w- c:\windows\system32\unrar.dll
2010-12-03 04:50 . 2008-10-08 14:45 606208 ----a-w- c:\windows\system32\xvidcore.dll
2010-12-03 04:47 . 2010-12-03 04:50 -------- d-----w- c:\program files\Leawo
2010-12-03 04:47 . 2010-12-03 04:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Leawo
2010-12-03 04:39 . 2008-12-18 06:22 57344 ----a-w- c:\windows\system32\ff_vfw.dll
2010-12-03 04:39 . 2008-06-16 02:13 6144 ----a-w- c:\windows\system32\ff_acm.acm
2010-12-03 04:39 . 2008-06-15 15:01 60273 ----a-w- c:\windows\system32\pthreadGC2.dll
2010-12-03 04:39 . 2008-06-15 15:01 258352 ----a-w- c:\windows\system32\unicows.dll
2010-12-03 04:35 . 2010-12-03 04:35 -------- d-----w- c:\program files\Common Files\Common Share
2010-12-03 04:35 . 2010-12-03 04:35 -------- d-----w- c:\program files\OJOsoft
2010-12-03 04:23 . 2010-12-03 04:28 -------- d-----w- C:\myyoutube
2010-12-03 04:09 . 2010-12-03 05:47 -------- d-----w- c:\program files\You Tube Video Converter
2010-12-03 03:58 . 2010-12-03 03:58 -------- d-----w- c:\documents and settings\Steve\Application Data\Xilisoft Corporation
2010-12-03 03:58 . 2010-12-03 03:58 -------- d-----w- c:\program files\Xilisoft
2010-12-03 03:48 . 2010-12-03 04:23 -------- d-----w- c:\program files\1-Click YouTube Downloader
2010-12-03 03:39 . 2010-12-03 03:39 -------- d-----w- c:\program files\FoxTabFlvConverter
2010-12-03 03:17 . 2010-12-03 03:17 -------- d-----w- c:\windows\system32\Adobe
2010-12-02 04:21 . 2010-12-02 04:21 -------- d-----w- C:\New Folder (2)
2010-12-02 04:21 . 2010-12-02 04:21 -------- d-----w- C:\New Folder
2010-11-30 00:29 . 2010-11-30 00:29 -------- d-----w- c:\documents and settings\All Users\Application Data\CA-SupportBridge
2010-11-28 13:23 . 2010-11-28 13:23 -------- d-----w- c:\documents and settings\Administrator

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-08 04:59 . 2010-10-04 16:02 95568 ----a-w- c:\windows\system32\vetredir.dll
2010-11-08 04:59 . 2010-10-04 16:02 128336 ----a-w- c:\windows\system32\isafeif.dll
2010-10-01 19:20 . 2009-02-24 00:11 307200 ----a-w- c:\windows\system32\TubeFinder.exe
2010-09-24 15:16 . 2010-09-24 15:16 272976 ----a-w- c:\windows\system32\UmxSbxw.dll
2010-09-24 15:16 . 2010-09-24 15:16 113232 ----a-w- c:\windows\system32\UmxSbxExw.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PowerPanel Personal Edition User Interaction"="c:\program files\CyberPower PowerPanel Personal Edition\pppeuser.exe" [2007-12-07 315392]
"scheduler_monitor"="c:\program files\ReaConverter 5.5 Pro\init_scheduler.exe" [2007-06-15 27136]
"NETGEARDigitalEntertainer"="c:\program files\NETGEAR\NETGEAR Digital Entertainer for Windows\receiver.exe" [2009-04-29 3498712]
"Google Update"="c:\documents and settings\Steve\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-09-08 136176]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"nwiz"="nwiz.exe" [2008-10-07 1630208]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-07-27 1388544]
"EPSON Stylus Photo R200 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE" [2003-07-08 99840]
"UVS12 Preload"="c:\program files\Corel\Corel VideoStudio 12\uvPL.exe" [2008-06-09 397456]
"dvd43"="c:\program files\dvd43\dvd43_tray.exe" [2009-10-24 827904]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2004-03-10 406016]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Ovt Wia"="c:\windows\OV550EM.exe" [2008-01-28 36864]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
TabUserW.exe.lnk - c:\windows\system32\WTablet\TabUserW.exe [2009-1-15 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\UmxSbxExw.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"McSysmon"=3 (0x3)
"McShield"=2 (0x2)
"McProxy"=2 (0x2)
"McODS"=3 (0x3)
"McNASvc"=2 (0x2)
"mcmscsvc"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiMalware]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Liquid.6\\Program\\RM.exe"=
"c:\\Program Files\\Liquid.6\\Program\\Studiou.mod"=
"c:\\Program Files\\NETGEAR\\NETGEAR Digital Entertainer for Windows\\receiver.exe"=
"c:\\Program Files\\NETGEAR\\NETGEAR Digital Entertainer for Windows\\tagtool.exe"=
"c:\\Program Files\\NETGEAR\\NETGEAR Digital Entertainer for Windows\\sjcmdwiz.exe"=
"c:\\Program Files\\NETGEAR\\NETGEAR Digital Entertainer for Windows\\ffmpeg.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1250:TCP"= 1250:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
"4294:TCP"= 4294:TCP:Akamai NetSession Interface
"4418:TCP"= 4418:TCP:Akamai NetSession Interface
"4428:TCP"= 4428:TCP:Akamai NetSession Interface
"4478:TCP"= 4478:TCP:Akamai NetSession Interface
"1065:TCP"= 1065:TCP:Akamai NetSession Interface
"1079:TCP"= 1079:TCP:Akamai NetSession Interface
"1094:TCP"= 1094:TCP:Akamai NetSession Interface
"1117:TCP"= 1117:TCP:Akamai NetSession Interface
"1792:TCP"= 1792:TCP:Akamai NetSession Interface
"3316:TCP"= 3316:TCP:Akamai NetSession Interface
"1293:TCP"= 1293:TCP:Akamai NetSession Interface
"1302:TCP"= 1302:TCP:Akamai NetSession Interface
"1312:TCP"= 1312:TCP:Akamai NetSession Interface
"1355:TCP"= 1355:TCP:Akamai NetSession Interface
"2330:TCP"= 2330:TCP:Akamai NetSession Interface
"2784:TCP"= 2784:TCP:Akamai NetSession Interface
"2792:TCP"= 2792:TCP:Akamai NetSession Interface
"3230:TCP"= 3230:TCP:Akamai NetSession Interface
"3288:TCP"= 3288:TCP:Akamai NetSession Interface
"4038:TCP"= 4038:TCP:Akamai NetSession Interface
"1152:TCP"= 1152:TCP:Akamai NetSession Interface
"3730:TCP"= 3730:TCP:Akamai NetSession Interface
"1220:TCP"= 1220:TCP:Akamai NetSession Interface
"2241:TCP"= 2241:TCP:Akamai NetSession Interface
"2830:TCP"= 2830:TCP:Akamai NetSession Interface
"2538:TCP"= 2538:TCP:Akamai NetSession Interface
"4969:TCP"= 4969:TCP:Akamai NetSession Interface
"1151:TCP"= 1151:TCP:Akamai NetSession Interface
"1262:TCP"= 1262:TCP:Akamai NetSession Interface
"1456:TCP"= 1456:TCP:Akamai NetSession Interface
"4270:TCP"= 4270:TCP:Akamai NetSession Interface
"1294:TCP"= 1294:TCP:Akamai NetSession Interface
"1790:TCP"= 1790:TCP:Akamai NetSession Interface
"2261:TCP"= 2261:TCP:Akamai NetSession Interface
"1679:TCP"= 1679:TCP:Akamai NetSession Interface
"2682:TCP"= 2682:TCP:Akamai NetSession Interface
"3153:TCP"= 3153:TCP:Akamai NetSession Interface
"2334:TCP"= 2334:TCP:Akamai NetSession Interface
"3863:TCP"= 3863:TCP:Akamai NetSession Interface
"4888:TCP"= 4888:TCP:Akamai NetSession Interface
"2463:TCP"= 2463:TCP:Akamai NetSession Interface
"2471:TCP"= 2471:TCP:Akamai NetSession Interface
"3410:TCP"= 3410:TCP:Akamai NetSession Interface
"4272:TCP"= 4272:TCP:Akamai NetSession Interface
"4774:TCP"= 4774:TCP:Akamai NetSession Interface
"3705:TCP"= 3705:TCP:Akamai NetSession Interface
"3715:TCP"= 3715:TCP:Akamai NetSession Interface
"4033:TCP"= 4033:TCP:Akamai NetSession Interface
"1378:TCP"= 1378:TCP:Akamai NetSession Interface
"1793:TCP"= 1793:TCP:Akamai NetSession Interface
"2270:TCP"= 2270:TCP:Akamai NetSession Interface
"2712:TCP"= 2712:TCP:Akamai NetSession Interface
"4046:TCP"= 4046:TCP:Akamai NetSession Interface
"4929:TCP"= 4929:TCP:Akamai NetSession Interface
"3244:TCP"= 3244:TCP:Akamai NetSession Interface
"3630:TCP"= 3630:TCP:Akamai NetSession Interface
"4335:TCP"= 4335:TCP:Akamai NetSession Interface
"3139:TCP"= 3139:TCP:Akamai NetSession Interface
"4431:TCP"= 4431:TCP:Akamai NetSession Interface
"4555:TCP"= 4555:TCP:Akamai NetSession Interface
"1139:TCP"= 1139:TCP:Akamai NetSession Interface
"1285:TCP"= 1285:TCP:Akamai NetSession Interface
"2164:TCP"= 2164:TCP:Akamai NetSession Interface
"<NO NAME>"=
"49152:UDP"= 49152:UDP:UDP49152
"49153:UDP"= 49153:UDP:UDP49153
"49154:UDP"= 49154:UDP:UDP49154
"49155:UDP"= 49155:UDP:UDP49155
"49156:TCP"= 49156:TCP:TCP49156
"49158:TCP"= 49158:TCP:TCP49158
"49159:TCP"= 49159:TCP:TCP49159
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"5194:TCP"= 5194:TCP:Services
"8888:TCP"= 8888:TCP:Services
"6776:TCP"= 6776:TCP:Services
"6777:TCP"= 6777:TCP:Services
"5868:TCP"= 5868:TCP:Services
"5869:TCP"= 5869:TCP:Services

R2 IOPort;IOPort;c:\windows\system32\drivers\IOPORT.SYS [11/27/1998 3:57 PM 6144]
R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\Nitro PDF\Professional\NitroPDFDriverService.exe [7/9/2010 11:40 AM 196928]
R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [7/9/2010 11:40 AM 65856]
R3 imvad_multi;NETGEAR Digital Entertainer Virtual Audio Device;c:\windows\system32\drivers\imvad.sys [4/26/2007 12:35 PM 22600]
S2 DVR2INS;ADS Instant DVD 2.0;c:\windows\system32\drivers\dvr2ins.sys [1/15/2009 4:43 PM 34792]
S3 APL531;CRS Photo Scanner;c:\windows\system32\drivers\ov550i.sys [1/28/2008 8:53 AM 580992]
S3 ATICXCAP;ATI TV Wonder Pro A/V Capture;c:\windows\system32\drivers\aticxcap.sys [1/15/2009 3:00 PM 175232]
S3 ATICXTUN;ATI TV Wonder 200 Tuner (Philips 1236 MK3);c:\windows\system32\drivers\aticxtun.sys [1/15/2009 3:01 PM 29184]
S3 ATICXXBR;ATI TV Wonder 200 A/V Crossbar;c:\windows\system32\drivers\aticxxbr.sys [1/15/2009 3:01 PM 9088]
S3 rcp_service;ReaConverter scheduler service;c:\program files\ReaConverter 5.5 Pro\rcp_scheduler.exe [11/30/2007 11:27 AM 558592]
S3 SBUSBAV;Video Blaster Editor;c:\windows\system32\drivers\sbusbav.sys [9/16/2009 8:15 PM 104448]
S3 SureThing Labelflash service;SureThing Labelflash service;c:\program files\Common Files\SureThing Shared\stllssvr.exe [1/15/2009 3:37 PM 74384]
S3 WPEServ;soft Xpansion Print2Document;c:\program files\Common Files\WPE\wpeserv.exe [3/7/2010 8:15 AM 323584]
.
Contents of the 'Scheduled Tasks' folder

2010-12-05 c:\windows\Tasks\FrontLine Registry Cleaner Scheduled Scan - Steve.job
- c:\program files\Frontline Registry Cleaner\FrontlineRegistryCleaner.exe [2010-05-11 22:20]

2010-12-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-1647877149-725345543-1003Core.job
- c:\documents and settings\Steve\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-08 01:56]

2010-12-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-1647877149-725345543-1003UA.job
- c:\documents and settings\Steve\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-08 01:56]

2010-12-04 c:\windows\Tasks\wavepadDowngrade.job
- c:\program files\NCH Swift Sound\WavePad\wavepad.exe [2010-04-29 10:58]

2010-12-04 c:\windows\Tasks\wavepadShakeIcon.job
- c:\program files\NCH Swift Sound\WavePad\wavepad.exe [2010-04-29 10:58]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: Download with Xilisoft YouTube Video Converter - c:\program files\Xilisoft\YouTube Video Converter\upod_link.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: intuit.com\ttlc
FF - ProfilePath - c:\documents and settings\Steve\Application Data\Mozilla\Firefox\Profiles\18konbno.default\
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=867034&p=
FF - plugin: c:\documents and settings\Steve\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Extension: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - c:\documents and settings\Steve\Application Data\Mozilla\Firefox\Profiles\18konbno.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-05 10:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2000478354-1647877149-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{088BEC22-1854-4EEE-1509-9A64DC6C441F}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"eajdpdaekb"=hex:66,61,64,70,6d,65,68,6b,64,65,62,64,00,31
"daidehao"=hex:64,62,66,6e,69,64,70,61,6b,66,6b,62,65,67,6f,6d,6f,63,6b,6f,65,
66,6c,6d,6c,67,6c,6b,65,68,6a,6c,67,70,6a,62,68,68,68,6b,00,00
"iabohmpmmgdfpgijlp"=hex:69,61,62,64,69,70,6f,6c,6e,65,6b,66,70,69,6a,66,6b,63,
00,00
"halnicaagkhaolhi"=hex:69,61,61,64,62,6b,70,6e,6f,6c,67,6f,6f,6d,6b,66,6e,6a,
00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3424)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-12-05 10:17:21
ComboFix-quarantined-files.txt 2010-12-05 15:17
ComboFix2.txt 2010-12-05 14:44

Pre-Run: 26,475,892,736 bytes free
Post-Run: 26,462,683,136 bytes free

- - End Of File - - 647184647750DCB33B9BF473773E375D

ComboFix 10-12-04.01 - Steve 12/05/2010 9:37.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3070.2618 [GMT -5:00]
Running from: c:\documents and settings\Steve\My Documents\Downloads\ComboFix.exe
FW: CA Personal Firewall *enabled* {38102F93-1B6E-4922-90E1-A35D8DC6DAA3}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Steve\Application Data\inst.exe
c:\documents and settings\Steve\Favorites\Thumbs.db
C:\Thumbs.db
c:\windows\system32\Ijl11.dll
c:\windows\system32\reg.dll
D:\resycled

.
((((((((((((((((((((((((( Files Created from 2010-11-05 to 2010-12-05 )))))))))))))))))))))))))))))))
.

2010-12-04 13:21 . 2010-12-04 13:21 -------- d-----w- c:\documents and settings\All Users\Application Data\FrontLine Registry Cleaner
2010-12-04 13:21 . 2010-12-04 13:21 -------- d-----w- c:\program files\Frontline Registry Cleaner
2010-12-03 22:07 . 2010-12-04 14:07 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-12-03 06:23 . 2010-12-04 14:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-12-03 06:23 . 2010-12-03 06:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-12-03 04:50 . 2010-12-03 04:50 -------- d-----w- c:\documents and settings\Steve\Application Data\Moyea
2010-12-03 04:50 . 2010-12-03 04:50 -------- d-----w- c:\documents and settings\Steve\Application Data\Leawo
2010-12-03 04:50 . 2010-03-15 09:31 165376 ----a-w- c:\windows\system32\unrar.dll
2010-12-03 04:50 . 2008-10-08 14:45 606208 ----a-w- c:\windows\system32\xvidcore.dll
2010-12-03 04:47 . 2010-12-03 04:50 -------- d-----w- c:\program files\Leawo
2010-12-03 04:47 . 2010-12-03 04:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Leawo
2010-12-03 04:39 . 2008-12-18 06:22 57344 ----a-w- c:\windows\system32\ff_vfw.dll
2010-12-03 04:39 . 2008-06-16 02:13 6144 ----a-w- c:\windows\system32\ff_acm.acm
2010-12-03 04:39 . 2008-06-15 15:01 60273 ----a-w- c:\windows\system32\pthreadGC2.dll
2010-12-03 04:39 . 2008-06-15 15:01 258352 ----a-w- c:\windows\system32\unicows.dll
2010-12-03 04:35 . 2010-12-03 04:35 -------- d-----w- c:\program files\Common Files\Common Share
2010-12-03 04:35 . 2010-12-03 04:35 -------- d-----w- c:\program files\OJOsoft
2010-12-03 04:23 . 2010-12-03 04:28 -------- d-----w- C:\myyoutube
2010-12-03 04:09 . 2010-12-03 05:47 -------- d-----w- c:\program files\You Tube Video Converter
2010-12-03 03:58 . 2010-12-03 03:58 -------- d-----w- c:\documents and settings\Steve\Application Data\Xilisoft Corporation
2010-12-03 03:58 . 2010-12-03 03:58 -------- d-----w- c:\program files\Xilisoft
2010-12-03 03:48 . 2010-12-03 04:23 -------- d-----w- c:\program files\1-Click YouTube Downloader
2010-12-03 03:39 . 2010-12-03 03:39 -------- d-----w- c:\program files\FoxTabFlvConverter
2010-12-03 03:17 . 2010-12-03 03:17 -------- d-----w- c:\windows\system32\Adobe
2010-12-02 04:21 . 2010-12-02 04:21 -------- d-----w- C:\New Folder (2)
2010-12-02 04:21 . 2010-12-02 04:21 -------- d-----w- C:\New Folder
2010-11-30 00:29 . 2010-11-30 00:29 -------- d-----w- c:\documents and settings\All Users\Application Data\CA-SupportBridge
2010-11-28 13:23 . 2010-11-28 13:23 -------- d-----w- c:\documents and settings\Administrator

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-08 04:59 . 2010-10-04 16:02 95568 ----a-w- c:\windows\system32\vetredir.dll
2010-11-08 04:59 . 2010-10-04 16:02 128336 ----a-w- c:\windows\system32\isafeif.dll
2010-10-01 19:20 . 2009-02-24 00:11 307200 ----a-w- c:\windows\system32\TubeFinder.exe
2010-09-24 15:16 . 2010-09-24 15:16 272976 ----a-w- c:\windows\system32\UmxSbxw.dll
2010-09-24 15:16 . 2010-09-24 15:16 113232 ----a-w- c:\windows\system32\UmxSbxExw.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PowerPanel Personal Edition User Interaction"="c:\program files\CyberPower PowerPanel Personal Edition\pppeuser.exe" [2007-12-07 315392]
"scheduler_monitor"="c:\program files\ReaConverter 5.5 Pro\init_scheduler.exe" [2007-06-15 27136]
"NETGEARDigitalEntertainer"="c:\program files\NETGEAR\NETGEAR Digital Entertainer for Windows\receiver.exe" [2009-04-29 3498712]
"Google Update"="c:\documents and settings\Steve\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-09-08 136176]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"nwiz"="nwiz.exe" [2008-10-07 1630208]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-07-27 1388544]
"EPSON Stylus Photo R200 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE" [2003-07-08 99840]
"UVS12 Preload"="c:\program files\Corel\Corel VideoStudio 12\uvPL.exe" [2008-06-09 397456]
"dvd43"="c:\program files\dvd43\dvd43_tray.exe" [2009-10-24 827904]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2004-03-10 406016]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Ovt Wia"="c:\windows\OV550EM.exe" [2008-01-28 36864]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
TabUserW.exe.lnk - c:\windows\system32\WTablet\TabUserW.exe [2009-1-15 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\UmxSbxExw.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"McSysmon"=3 (0x3)
"McShield"=2 (0x2)
"McProxy"=2 (0x2)
"McODS"=3 (0x3)
"McNASvc"=2 (0x2)
"mcmscsvc"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiMalware]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Liquid.6\\Program\\RM.exe"=
"c:\\Program Files\\Liquid.6\\Program\\Studiou.mod"=
"c:\\Program Files\\NETGEAR\\NETGEAR Digital Entertainer for Windows\\receiver.exe"=
"c:\\Program Files\\NETGEAR\\NETGEAR Digital Entertainer for Windows\\tagtool.exe"=
"c:\\Program Files\\NETGEAR\\NETGEAR Digital Entertainer for Windows\\sjcmdwiz.exe"=
"c:\\Program Files\\NETGEAR\\NETGEAR Digital Entertainer for Windows\\ffmpeg.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1250:TCP"= 1250:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
"4294:TCP"= 4294:TCP:Akamai NetSession Interface
"4418:TCP"= 4418:TCP:Akamai NetSession Interface
"4428:TCP"= 4428:TCP:Akamai NetSession Interface
"4478:TCP"= 4478:TCP:Akamai NetSession Interface
"1065:TCP"= 1065:TCP:Akamai NetSession Interface
"1079:TCP"= 1079:TCP:Akamai NetSession Interface
"1094:TCP"= 1094:TCP:Akamai NetSession Interface
"1117:TCP"= 1117:TCP:Akamai NetSession Interface
"1792:TCP"= 1792:TCP:Akamai NetSession Interface
"3316:TCP"= 3316:TCP:Akamai NetSession Interface
"1293:TCP"= 1293:TCP:Akamai NetSession Interface
"1302:TCP"= 1302:TCP:Akamai NetSession Interface
"1312:TCP"= 1312:TCP:Akamai NetSession Interface
"1355:TCP"= 1355:TCP:Akamai NetSession Interface
"2330:TCP"= 2330:TCP:Akamai NetSession Interface
"2784:TCP"= 2784:TCP:Akamai NetSession Interface
"2792:TCP"= 2792:TCP:Akamai NetSession Interface
"3230:TCP"= 3230:TCP:Akamai NetSession Interface
"3288:TCP"= 3288:TCP:Akamai NetSession Interface
"4038:TCP"= 4038:TCP:Akamai NetSession Interface
"1152:TCP"= 1152:TCP:Akamai NetSession Interface
"3730:TCP"= 3730:TCP:Akamai NetSession Interface
"1220:TCP"= 1220:TCP:Akamai NetSession Interface
"2241:TCP"= 2241:TCP:Akamai NetSession Interface
"2830:TCP"= 2830:TCP:Akamai NetSession Interface
"2538:TCP"= 2538:TCP:Akamai NetSession Interface
"4969:TCP"= 4969:TCP:Akamai NetSession Interface
"1151:TCP"= 1151:TCP:Akamai NetSession Interface
"1262:TCP"= 1262:TCP:Akamai NetSession Interface
"1456:TCP"= 1456:TCP:Akamai NetSession Interface
"4270:TCP"= 4270:TCP:Akamai NetSession Interface
"1294:TCP"= 1294:TCP:Akamai NetSession Interface
"1790:TCP"= 1790:TCP:Akamai NetSession Interface
"2261:TCP"= 2261:TCP:Akamai NetSession Interface
"1679:TCP"= 1679:TCP:Akamai NetSession Interface
"2682:TCP"= 2682:TCP:Akamai NetSession Interface
"3153:TCP"= 3153:TCP:Akamai NetSession Interface
"2334:TCP"= 2334:TCP:Akamai NetSession Interface
"3863:TCP"= 3863:TCP:Akamai NetSession Interface
"4888:TCP"= 4888:TCP:Akamai NetSession Interface
"2463:TCP"= 2463:TCP:Akamai NetSession Interface
"2471:TCP"= 2471:TCP:Akamai NetSession Interface
"3410:TCP"= 3410:TCP:Akamai NetSession Interface
"4272:TCP"= 4272:TCP:Akamai NetSession Interface
"4774:TCP"= 4774:TCP:Akamai NetSession Interface
"3705:TCP"= 3705:TCP:Akamai NetSession Interface
"3715:TCP"= 3715:TCP:Akamai NetSession Interface
"4033:TCP"= 4033:TCP:Akamai NetSession Interface
"1378:TCP"= 1378:TCP:Akamai NetSession Interface
"1793:TCP"= 1793:TCP:Akamai NetSession Interface
"2270:TCP"= 2270:TCP:Akamai NetSession Interface
"2712:TCP"= 2712:TCP:Akamai NetSession Interface
"4046:TCP"= 4046:TCP:Akamai NetSession Interface
"4929:TCP"= 4929:TCP:Akamai NetSession Interface
"3244:TCP"= 3244:TCP:Akamai NetSession Interface
"3630:TCP"= 3630:TCP:Akamai NetSession Interface
"4335:TCP"= 4335:TCP:Akamai NetSession Interface
"3139:TCP"= 3139:TCP:Akamai NetSession Interface
"4431:TCP"= 4431:TCP:Akamai NetSession Interface
"4555:TCP"= 4555:TCP:Akamai NetSession Interface
"1139:TCP"= 1139:TCP:Akamai NetSession Interface
"1285:TCP"= 1285:TCP:Akamai NetSession Interface
"2164:TCP"= 2164:TCP:Akamai NetSession Interface
"<NO NAME>"=
"49152:UDP"= 49152:UDP:UDP49152
"49153:UDP"= 49153:UDP:UDP49153
"49154:UDP"= 49154:UDP:UDP49154
"49155:UDP"= 49155:UDP:UDP49155
"49156:TCP"= 49156:TCP:TCP49156
"49158:TCP"= 49158:TCP:TCP49158
"49159:TCP"= 49159:TCP:TCP49159
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"5194:TCP"= 5194:TCP:Services
"8888:TCP"= 8888:TCP:Services
"6776:TCP"= 6776:TCP:Services
"6777:TCP"= 6777:TCP:Services
"5868:TCP"= 5868:TCP:Services
"5869:TCP"= 5869:TCP:Services

R2 IOPort;IOPort;c:\windows\system32\drivers\IOPORT.SYS [11/27/1998 3:57 PM 6144]
R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\Nitro PDF\Professional\NitroPDFDriverService.exe [7/9/2010 11:40 AM 196928]
R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [7/9/2010 11:40 AM 65856]
R3 imvad_multi;NETGEAR Digital Entertainer Virtual Audio Device;c:\windows\system32\drivers\imvad.sys [4/26/2007 12:35 PM 22600]
S2 DVR2INS;ADS Instant DVD 2.0;c:\windows\system32\drivers\dvr2ins.sys [1/15/2009 4:43 PM 34792]
S3 APL531;CRS Photo Scanner;c:\windows\system32\drivers\ov550i.sys [1/28/2008 8:53 AM 580992]
S3 ATICXCAP;ATI TV Wonder Pro A/V Capture;c:\windows\system32\drivers\aticxcap.sys [1/15/2009 3:00 PM 175232]
S3 ATICXTUN;ATI TV Wonder 200 Tuner (Philips 1236 MK3);c:\windows\system32\drivers\aticxtun.sys [1/15/2009 3:01 PM 29184]
S3 ATICXXBR;ATI TV Wonder 200 A/V Crossbar;c:\windows\system32\drivers\aticxxbr.sys [1/15/2009 3:01 PM 9088]
S3 rcp_service;ReaConverter scheduler service;c:\program files\ReaConverter 5.5 Pro\rcp_scheduler.exe [11/30/2007 11:27 AM 558592]
S3 SBUSBAV;Video Blaster Editor;c:\windows\system32\drivers\sbusbav.sys [9/16/2009 8:15 PM 104448]
S3 SureThing Labelflash service;SureThing Labelflash service;c:\program files\Common Files\SureThing Shared\stllssvr.exe [1/15/2009 3:37 PM 74384]
S3 WPEServ;soft Xpansion Print2Document;c:\program files\Common Files\WPE\wpeserv.exe [3/7/2010 8:15 AM 323584]
.
Contents of the 'Scheduled Tasks' folder

2010-12-05 c:\windows\Tasks\FrontLine Registry Cleaner Scheduled Scan - Steve.job
- c:\program files\Frontline Registry Cleaner\FrontlineRegistryCleaner.exe [2010-05-11 22:20]

2010-12-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-1647877149-725345543-1003Core.job
- c:\documents and settings\Steve\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-08 01:56]

2010-12-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-1647877149-725345543-1003UA.job
- c:\documents and settings\Steve\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-08 01:56]

2010-12-04 c:\windows\Tasks\wavepadDowngrade.job
- c:\program files\NCH Swift Sound\WavePad\wavepad.exe [2010-04-29 10:58]

2010-12-04 c:\windows\Tasks\wavepadShakeIcon.job
- c:\program files\NCH Swift Sound\WavePad\wavepad.exe [2010-04-29 10:58]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: Download with Xilisoft YouTube Video Converter - c:\program files\Xilisoft\YouTube Video Converter\upod_link.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: intuit.com\ttlc
FF - ProfilePath - c:\documents and settings\Steve\Application Data\Mozilla\Firefox\Profiles\18konbno.default\
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=867034&p=
FF - plugin: c:\documents and settings\Steve\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Extension: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - c:\documents and settings\Steve\Application Data\Mozilla\Firefox\Profiles\18konbno.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
- - - - ORPHANS REMOVED - - - -

BHO-{45011CF5-E4A9-4F13-9093-F30A784EB9B2} - (no file)
Toolbar-{0123B506-0AD9-43AA-B0CF-916C122AD4C5} - (no file)
AddRemove-CRS Photo Scanner - c:\windows\omniuns.exe USB\VID_0FEB&PID_2015 CRS Photo Scanner



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-05 09:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2000478354-1647877149-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{088BEC22-1854-4EEE-1509-9A64DC6C441F}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"eajdpdaekb"=hex:66,61,64,70,6d,65,68,6b,64,65,62,64,00,31
"daidehao"=hex:64,62,66,6e,69,64,70,61,6b,66,6b,62,65,67,6f,6d,6f,63,6b,6f,65,
66,6c,6d,6c,67,6c,6b,65,68,6a,6c,67,70,6a,62,68,68,68,6b,00,00
"iabohmpmmgdfpgijlp"=hex:69,61,62,64,69,70,6f,6c,6e,65,6b,66,70,69,6a,66,6b,63,
00,00
"halnicaagkhaolhi"=hex:69,61,61,64,62,6b,70,6e,6f,6c,67,6f,6f,6d,6b,66,6e,6a,
00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2010-12-05 09:44:37
ComboFix-quarantined-files.txt 2010-12-05 14:44

Pre-Run: 26,510,069,760 bytes free
Post-Run: 26,469,568,512 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

- - End Of File - - F31D782184020D1D7852304F267857F9
 
OK, you're infected with a rootkit, to start with....

Please download NTBR by noahdfear and save it to your Desktop.
File size: 2.44 MB (2,565,432 bytes)

  • Place a blank CD in your CD drive.
  • Double click on NTBR_CD.exe file and a folder of the same name will appear.
  • Open the folder and double click on BurnItCD.cmd file. If your CD drive will open, simply close it back.
  • Follow the prompts to burn the CD.
  • Now you will need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see HERE)
  • If you have any questions about this step, ask before you proceed. If you enter the BIOS and are unsure if you have carried out the step correctly, there should be an option to exit without keeping changes, so you won't do any harm.
  • Insert the newly created CD into your infected PC and reboot your computer.
  • Once you have rebooted please press Enter when prompted to continue booting from CD - you have a whole 15 seconds to do this!
  • Read the warning and then continue as prompted.
  • You first need to select your keyboard layout - press Enter for English.
  • Next you want to select the appropriate tool. Enter 1 to choose 1. MBRWORK
  • On the following screen enter 5 to select Install Standard MBR code.
  • Enter 1 to overwrite the infected MBR Code with the Standard MBR code.
  • When asked to confirm please do so.
  • Afterwards, please enter E to leave MBRWORK, then 6 to leave the bootable CD.
  • Eject the disc and then press ctrl+alt+del to reboot the PC.
Once rebooted, run MBRCheck again and post its log.
 
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 2 (build 2600)
Logical Drives Mask: 0x000007fd

Kernel Drivers (total 138):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x80701000 \WINDOWS\system32\hal.dll
0xF7987000 \WINDOWS\system32\KDCOM.DLL
0xF7897000 \WINDOWS\system32\BOOTVID.dll
0xF75A8000 ACPI.sys
0xF7989000 \WINDOWS\System32\DRIVERS\WMILIB.SYS
0xF7597000 pci.sys
0xF75F7000 isapnp.sys
0xF7607000 ohci1394.sys
0xF7617000 \WINDOWS\System32\DRIVERS\1394BUS.SYS
0xF789B000 compbatt.sys
0xF789F000 \WINDOWS\System32\DRIVERS\BATTC.SYS
0xF7A4F000 pciide.sys
0xF7707000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
0xF7627000 MountMgr.sys
0xF74D8000 ftdisk.sys
0xF798B000 dmload.sys
0xF74B2000 dmio.sys
0xF770F000 PartMgr.sys
0xF7637000 VolSnap.sys
0xF749A000 atapi.sys
0xF7647000 disk.sys
0xF7657000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
0xF747B000 fltmgr.sys
0xF7469000 sr.sys
0xF7717000 PxHelp20.sys
0xF7452000 KSecDD.sys
0xF743F000 WudfPf.sys
0xF798D000 PenClass.sys
0xF7B52000 Ntfs.sys
0xF7412000 NDIS.sys
0xF787C000 Mup.sys
0xF7667000 agp440.sys
0xBA051000 \SystemRoot\system32\DRIVERS\SMBios.sys
0xF7697000 \SystemRoot\System32\DRIVERS\intelppm.sys
0xB9979000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xB9965000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF775F000 \SystemRoot\System32\DRIVERS\usbuhci.sys
0xB9942000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
0xF7767000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF76A7000 \SystemRoot\System32\DRIVERS\nic1394.sys
0xB991B000 \SystemRoot\system32\DRIVERS\e100b325.sys
0xF76B7000 \SystemRoot\System32\DRIVERS\i8042prt.sys
0xF776F000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xF7777000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xF777F000 \SystemRoot\System32\DRIVERS\fdc.sys
0xF76C7000 \SystemRoot\System32\DRIVERS\serial.sys
0xBA7A4000 \SystemRoot\System32\DRIVERS\serenum.sys
0xB9907000 \SystemRoot\System32\DRIVERS\parport.sys
0xF76D7000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF7787000 \SystemRoot\system32\drivers\Afc.sys
0xF778F000 \SystemRoot\System32\DRIVERS\dvd43llh.sys
0xF7797000 \SystemRoot\system32\drivers\ASAPIW2k.sys
0xF76E7000 \SystemRoot\System32\DRIVERS\cdrom.sys
0xF76F7000 \SystemRoot\System32\DRIVERS\redbook.sys
0xB98E4000 \SystemRoot\System32\DRIVERS\ks.sys
0xB98A4000 \SystemRoot\system32\drivers\smwdm.sys
0xB9880000 \SystemRoot\system32\drivers\portcls.sys
0xF7587000 \SystemRoot\system32\drivers\drmk.sys
0xB9860000 \SystemRoot\system32\drivers\aeaudio.sys
0xB9802000 \SystemRoot\system32\drivers\senfilt.sys
0xF779F000 \SystemRoot\system32\drivers\sf.sys
0xF77A7000 \SystemRoot\system32\drivers\imvad.sys
0xF7A5A000 \SystemRoot\System32\DRIVERS\audstub.sys
0xF7577000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xBA794000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xB97EB000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xF7567000 \SystemRoot\System32\DRIVERS\raspppoe.sys
0xF7557000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xF77AF000 \SystemRoot\System32\DRIVERS\TDI.SYS
0xB97DA000 \SystemRoot\System32\DRIVERS\psched.sys
0xF7547000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xF77B7000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xF77BF000 \SystemRoot\System32\DRIVERS\raspti.sys
0xF7537000 \SystemRoot\System32\Drivers\pcouffin.sys
0xB97A9000 \SystemRoot\System32\DRIVERS\rdpdr.sys
0xF7527000 \SystemRoot\System32\DRIVERS\termdd.sys
0xF79D7000 \SystemRoot\System32\DRIVERS\swenum.sys
0xB9775000 \SystemRoot\System32\DRIVERS\update.sys
0xBA343000 \SystemRoot\System32\DRIVERS\mssmbios.sys
0xF7517000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF7507000 \SystemRoot\System32\DRIVERS\usbhub.sys
0xF79EF000 \SystemRoot\System32\DRIVERS\USBD.SYS
0xF77D7000 \SystemRoot\System32\DRIVERS\flpydisk.sys
0xF79F3000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xB96D0000 \SystemRoot\System32\Drivers\Null.SYS
0xF79F5000 \SystemRoot\System32\Drivers\Beep.SYS
0xF77E7000 \SystemRoot\System32\drivers\vga.sys
0xF79F7000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF79F9000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF77EF000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF77F7000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF794B000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xB74CE000 \SystemRoot\System32\DRIVERS\ipsec.sys
0xB7476000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xB7455000 \SystemRoot\System32\DRIVERS\ipnat.sys
0xB742D000 \SystemRoot\System32\DRIVERS\netbt.sys
0xBA780000 \SystemRoot\System32\DRIVERS\wanarp.sys
0xB740B000 \SystemRoot\System32\drivers\afd.sys
0xBA770000 \SystemRoot\System32\DRIVERS\netbios.sys
0xBA760000 \SystemRoot\System32\DRIVERS\arp1394.sys
0xF780F000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0xBA7C8000 \SystemRoot\System32\DRIVERS\hidusb.sys
0xBA740000 \SystemRoot\System32\DRIVERS\HIDCLASS.SYS
0xF7817000 \SystemRoot\System32\DRIVERS\HIDPARSE.SYS
0xB738F000 \SystemRoot\System32\DRIVERS\rdbss.sys
0xB7320000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0xBA700000 \SystemRoot\System32\Drivers\Fips.SYS
0xB72FD000 \SystemRoot\system32\DRIVERS\avipbb.sys
0xBA039000 \SystemRoot\System32\DRIVERS\usbprint.sys
0xB9FF1000 \SystemRoot\System32\DRIVERS\USBSTOR.SYS
0xBA0C1000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB72BD000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF79A3000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF77DF000 \SystemRoot\System32\watchdog.sys
0xB7511000 \SystemRoot\System32\drivers\Dxapi.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xB970F000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xB6F60000 \SystemRoot\System32\DRIVERS\ndisuio.sys
0xB6BEA000 \SystemRoot\system32\drivers\wdmaud.sys
0xB6EBF000 \SystemRoot\system32\drivers\sysaudio.sys
0xB6983000 \SystemRoot\System32\DRIVERS\mrxdav.sys
0xB73C3000 \SystemRoot\System32\drivers\BrPar.sys
0xB9F77000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xF77CF000 \??\C:\WINDOWS\system32\DRIVERS\IOPORT.SYS
0xB63F3000 \SystemRoot\System32\DRIVERS\srv.sys
0xF77C7000 \SystemRoot\System32\Drivers\TDTCP.SYS
0xB588F000 \SystemRoot\System32\Drivers\RDPWD.SYS
0xB57AE000 \SystemRoot\System32\Drivers\HTTP.sys
0xB4C04000 \??\C:\DOCUME~1\Steve\LOCALS~1\Temp\uxtdypow.sys
0xB4C7E000 \??\C:\DOCUME~1\Steve\LOCALS~1\Temp\mbr.sys
0xB4BE1000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xB4AEE000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xB3C20000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 41):
0 System Idle Process
4 System
632 C:\WINDOWS\system32\smss.exe
684 csrss.exe
708 C:\WINDOWS\system32\winlogon.exe
756 C:\WINDOWS\system32\services.exe
768 C:\WINDOWS\system32\lsass.exe
960 C:\WINDOWS\system32\svchost.exe
1032 svchost.exe
1128 C:\WINDOWS\system32\svchost.exe
1168 C:\WINDOWS\system32\svchost.exe
1216 svchost.exe
1328 svchost.exe
1544 C:\WINDOWS\system32\spoolsv.exe
1628 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1808 C:\WINDOWS\explorer.exe
128 C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S4I2H1.EXE
260 C:\WINDOWS\OV550EM.exe
268 C:\Program Files\Common Files\Java\Java Update\jusched.exe
276 C:\WINDOWS\system32\rundll32.exe
336 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
432 C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe
452 C:\Program Files\NETGEAR\NETGEAR Digital Entertainer for Windows\receiver.exe
472 C:\Program Files\Windows Media Player\wmpnscfg.exe
912 C:\WINDOWS\system32\WTablet\TabUserW.exe
1580 C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
1712 C:\Program Files\Java\jre6\bin\jqs.exe
1464 C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe
2144 C:\WINDOWS\system32\NLSSRV32.EXE
2156 C:\WINDOWS\system32\nvsvc32.exe
2176 C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe
2368 C:\WINDOWS\system32\svchost.exe
2416 C:\WINDOWS\system32\Tablet.exe
2628 C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
3256 C:\WINDOWS\system32\wscntfy.exe
2260 C:\WINDOWS\system32\svchost.exe
3580 wmpnetwk.exe
4060 alg.exe
3384 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
2352 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
3856 C:\Documents and Settings\Steve\My Documents\Downloads\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive2 at offset 0x00000000`00007e00 (NTFS)
\\.\G: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive1 Model Number: HDS722580VLSA80, Rev: V32OA60A
PhysicalDrive2 Model Number: ST31000340AS, Rev: SD15
PhysicalDrive0 Model Number: WDCWD1200BB-22CAA0, Rev: 16.06V16

Size Device Name MBR Status
--------------------------------------------
76 GB \\.\PhysicalDrive1 MBR Code Faked (known infection: Whistler / Black Internet)!
SHA1: ED0B19E36914D028E2802BBB4AC96BBF34B6CF5B
931 GB \\.\PhysicalDrive2 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
111 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!
 
Unfortunately, our tool didn't work.
Let's try different way...

Restart computer
When you reboot you will see an option to boot into the Recovery Console or the normal Windows installation.
You have to use the up/down arrows to choose the Recovery Console. Then press Enter but you only have 2 seconds by default.
If you find this hard to do then you can go into Control Panel, System, Advanced, Startup and Recovery, Settings. Where it says Time to Display List of Operating Systems, change it to 10 or more seconds. OK Then reboot.

You should get a black screen with a C:\> prompt. Type with an Enter after each line:

fixmbr

(If it asks you if you are sure then say "Y".)

exit

Reboot computer.

Post fresh MBRCheck log.
 
Looks like we got it this time . Anything else that I need / should do?

Steve

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 2 (build 2600)
Logical Drives Mask: 0x000007fd

Kernel Drivers (total 137):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x80701000 \WINDOWS\system32\hal.dll
0xF7987000 \WINDOWS\system32\KDCOM.DLL
0xF7897000 \WINDOWS\system32\BOOTVID.dll
0xF75A8000 ACPI.sys
0xF7989000 \WINDOWS\System32\DRIVERS\WMILIB.SYS
0xF7597000 pci.sys
0xF75F7000 isapnp.sys
0xF7607000 ohci1394.sys
0xF7617000 \WINDOWS\System32\DRIVERS\1394BUS.SYS
0xF789B000 compbatt.sys
0xF789F000 \WINDOWS\System32\DRIVERS\BATTC.SYS
0xF7A4F000 pciide.sys
0xF7707000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
0xF7627000 MountMgr.sys
0xF74D8000 ftdisk.sys
0xF798B000 dmload.sys
0xF74B2000 dmio.sys
0xF770F000 PartMgr.sys
0xF7637000 VolSnap.sys
0xF749A000 atapi.sys
0xF7647000 disk.sys
0xF7657000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
0xF747B000 fltmgr.sys
0xF7469000 sr.sys
0xF7717000 PxHelp20.sys
0xF7452000 KSecDD.sys
0xF743F000 WudfPf.sys
0xF798D000 PenClass.sys
0xF7B52000 Ntfs.sys
0xF7412000 NDIS.sys
0xF787C000 Mup.sys
0xF7667000 agp440.sys
0xF76F7000 \SystemRoot\system32\DRIVERS\SMBios.sys
0xF7577000 \SystemRoot\System32\DRIVERS\intelppm.sys
0xB8EFD000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xB8EE9000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB9C16000 \SystemRoot\System32\DRIVERS\usbuhci.sys
0xB8EC6000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
0xB9C0E000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF7567000 \SystemRoot\System32\DRIVERS\nic1394.sys
0xB8E9F000 \SystemRoot\system32\DRIVERS\e100b325.sys
0xF7557000 \SystemRoot\System32\DRIVERS\i8042prt.sys
0xB9C06000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xB9BFE000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xB9BF6000 \SystemRoot\System32\DRIVERS\fdc.sys
0xB9589000 \SystemRoot\System32\DRIVERS\serial.sys
0xBA79C000 \SystemRoot\System32\DRIVERS\serenum.sys
0xB8E8B000 \SystemRoot\System32\DRIVERS\parport.sys
0xB9579000 \SystemRoot\system32\DRIVERS\imapi.sys
0xB9BEE000 \SystemRoot\system32\drivers\Afc.sys
0xF778F000 \SystemRoot\System32\DRIVERS\dvd43llh.sys
0xF7797000 \SystemRoot\system32\drivers\ASAPIW2k.sys
0xB9569000 \SystemRoot\System32\DRIVERS\cdrom.sys
0xB9559000 \SystemRoot\System32\DRIVERS\redbook.sys
0xB8E68000 \SystemRoot\System32\DRIVERS\ks.sys
0xB8E28000 \SystemRoot\system32\drivers\smwdm.sys
0xB8E04000 \SystemRoot\system32\drivers\portcls.sys
0xB9549000 \SystemRoot\system32\drivers\drmk.sys
0xB8DE4000 \SystemRoot\system32\drivers\aeaudio.sys
0xB8D86000 \SystemRoot\system32\drivers\senfilt.sys
0xF779F000 \SystemRoot\system32\drivers\sf.sys
0xF77A7000 \SystemRoot\system32\drivers\imvad.sys
0xF7A8E000 \SystemRoot\System32\DRIVERS\audstub.sys
0xB9539000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xBA37D000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xB8D6F000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xB9529000 \SystemRoot\System32\DRIVERS\raspppoe.sys
0xB9519000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xF77AF000 \SystemRoot\System32\DRIVERS\TDI.SYS
0xB8D5E000 \SystemRoot\System32\DRIVERS\psched.sys
0xB9509000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xF77B7000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xF77BF000 \SystemRoot\System32\DRIVERS\raspti.sys
0xB94F9000 \SystemRoot\System32\Drivers\pcouffin.sys
0xB8D2D000 \SystemRoot\System32\DRIVERS\rdpdr.sys
0xF7547000 \SystemRoot\System32\DRIVERS\termdd.sys
0xF79EF000 \SystemRoot\System32\DRIVERS\swenum.sys
0xB8CD1000 \SystemRoot\System32\DRIVERS\update.sys
0xBA359000 \SystemRoot\System32\DRIVERS\mssmbios.sys
0xF7527000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF7517000 \SystemRoot\System32\DRIVERS\usbhub.sys
0xF79F1000 \SystemRoot\System32\DRIVERS\USBD.SYS
0xF77C7000 \SystemRoot\System32\DRIVERS\flpydisk.sys
0xF79FD000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7A9F000 \SystemRoot\System32\Drivers\Null.SYS
0xF79FF000 \SystemRoot\System32\Drivers\Beep.SYS
0xF77D7000 \SystemRoot\System32\drivers\vga.sys
0xF7A01000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7A03000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF77DF000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF77E7000 \SystemRoot\System32\Drivers\Npfs.SYS
0xBA7DC000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xB6A52000 \SystemRoot\System32\DRIVERS\ipsec.sys
0xB69FA000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xB69D2000 \SystemRoot\System32\DRIVERS\netbt.sys
0xB69B1000 \SystemRoot\System32\DRIVERS\ipnat.sys
0xB698F000 \SystemRoot\System32\drivers\afd.sys
0xF74F7000 \SystemRoot\System32\DRIVERS\wanarp.sys
0xBA780000 \SystemRoot\System32\DRIVERS\netbios.sys
0xF77EF000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0xBA760000 \SystemRoot\System32\DRIVERS\arp1394.sys
0xB6913000 \SystemRoot\System32\DRIVERS\rdbss.sys
0xB68A4000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0xBA750000 \SystemRoot\System32\Drivers\Fips.SYS
0xBA7C0000 \SystemRoot\System32\DRIVERS\hidusb.sys
0xBA740000 \SystemRoot\System32\DRIVERS\HIDCLASS.SYS
0xF77FF000 \SystemRoot\System32\DRIVERS\HIDPARSE.SYS
0xF7807000 \SystemRoot\System32\DRIVERS\usbprint.sys
0xF780F000 \SystemRoot\System32\DRIVERS\USBSTOR.SYS
0xB6881000 \SystemRoot\system32\DRIVERS\avipbb.sys
0xBA15F000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0xB6836000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xB681E000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF79BD000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF776F000 \SystemRoot\System32\watchdog.sys
0xB6A9D000 \SystemRoot\System32\drivers\Dxapi.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7ABD000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xB6458000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xB6454000 \SystemRoot\System32\DRIVERS\ndisuio.sys
0xB614B000 \SystemRoot\system32\drivers\wdmaud.sys
0xB62A8000 \SystemRoot\system32\drivers\sysaudio.sys
0xB60A9000 \SystemRoot\System32\DRIVERS\mrxdav.sys
0xB6947000 \SystemRoot\System32\drivers\BrPar.sys
0xF79E5000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xB63F0000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xF77F7000 \??\C:\WINDOWS\system32\DRIVERS\IOPORT.SYS
0xB5294000 \SystemRoot\System32\DRIVERS\srv.sys
0xB9C1E000 \SystemRoot\System32\Drivers\TDTCP.SYS
0xB4E57000 \SystemRoot\System32\Drivers\RDPWD.SYS
0xB4D9E000 \SystemRoot\System32\Drivers\HTTP.sys
0xB4B59000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 43):
0 System Idle Process
4 System
624 C:\WINDOWS\system32\smss.exe
688 csrss.exe
712 C:\WINDOWS\system32\winlogon.exe
756 C:\WINDOWS\system32\services.exe
768 C:\WINDOWS\system32\lsass.exe
952 C:\WINDOWS\system32\svchost.exe
1020 svchost.exe
1116 C:\WINDOWS\system32\svchost.exe
1148 C:\WINDOWS\system32\svchost.exe
1244 svchost.exe
1344 svchost.exe
1532 C:\WINDOWS\system32\spoolsv.exe
1620 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1864 C:\WINDOWS\explorer.exe
1996 C:\Program Files\dvd43\DVD43_Tray.exe
192 C:\WINDOWS\OV550EM.exe
164 C:\Program Files\Common Files\Java\Java Update\jusched.exe
216 C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
248 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
256 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
264 C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe
360 C:\Program Files\NETGEAR\NETGEAR Digital Entertainer for Windows\receiver.exe
392 C:\Program Files\Windows Media Player\wmpnscfg.exe
472 C:\WINDOWS\system32\WTablet\TabUserW.exe
772 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
1172 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
1228 C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
1328 C:\Program Files\Java\jre6\bin\jqs.exe
1456 C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe
1628 C:\WINDOWS\system32\NLSSRV32.EXE
1804 C:\WINDOWS\system32\nvsvc32.exe
1908 C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe
416 C:\WINDOWS\system32\svchost.exe
460 C:\WINDOWS\system32\Tablet.exe
676 C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
2116 C:\WINDOWS\system32\wscntfy.exe
2368 C:\WINDOWS\system32\wuauclt.exe
2584 C:\WINDOWS\system32\svchost.exe
2780 wmpnetwk.exe
3088 alg.exe
2516 C:\Documents and Settings\Steve\My Documents\Downloads\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive2 at offset 0x00000000`00007e00 (NTFS)
\\.\G: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive1 Model Number: HDS722580VLSA80, Rev: V32OA60A
PhysicalDrive2 Model Number: ST31000340AS, Rev: SD15
PhysicalDrive0 Model Number: WDCWD1200BB-22CAA0, Rev: 16.06V16

Size Device Name MBR Status
--------------------------------------------
76 GB \\.\PhysicalDrive1 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
931 GB \\.\PhysicalDrive2 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
111 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!
 
Good job :)

1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code: 
File::

Folder::
c:\documents and settings\All Users\Application Data\FrontLine Registry Cleaner
c:\program files\Frontline Registry Cleaner
c:\program files\Common Files\Symantec Shared
c:\documents and settings\All Users\Application Data\Norton
c:\documents and settings\All Users\Application Data\Symantec


Driver::

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdReg"=-

RegNull::
[HKEY_USERS\S-1-5-21-2000478354-1647877149-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{088BEC22-1854-4EEE-1509-9A64DC6C441F}*]


3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif



6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
 
ComboFix 10-12-06.04 - Steve 12/07/2010 20:36:27.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3070.2468 [GMT -5:00]
Running from: c:\documents and settings\Steve\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Steve\Desktop\CFScript.lnk
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: CA Personal Firewall *enabled* {38102F93-1B6E-4922-90E1-A35D8DC6DAA3}
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2010-11-08 to 2010-12-08 )))))))))))))))))))))))))))))))
.

2010-12-05 18:05 . 2010-12-05 18:05 -------- d-----w- c:\documents and settings\Steve\Application Data\Malwarebytes
2010-12-05 18:05 . 2010-11-29 22:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-05 18:05 . 2010-12-05 18:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-12-05 18:05 . 2010-12-05 18:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-05 18:05 . 2010-11-29 22:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-05 16:07 . 2010-12-05 16:07 -------- d-----w- c:\documents and settings\Steve\Application Data\Avira
2010-12-05 16:05 . 2010-12-06 17:49 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-12-05 16:05 . 2010-08-02 21:10 126856 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-12-05 16:05 . 2010-06-17 20:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-12-05 16:05 . 2010-06-17 20:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-12-05 16:05 . 2010-12-05 16:05 -------- d-----w- c:\program files\Avira
2010-12-05 16:05 . 2010-12-05 16:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-12-04 21:27 . 2010-12-04 21:27 -------- d-----w- c:\program files\Free WMA to MP3 Converter
2010-12-04 13:52 . 2010-12-04 13:52 -------- d-----w- c:\program files\CCleaner
2010-12-04 13:21 . 2010-12-04 13:21 -------- d-----w- c:\documents and settings\All Users\Application Data\FrontLine Registry Cleaner
2010-12-04 13:21 . 2010-12-05 18:54 -------- d-----w- c:\program files\Frontline Registry Cleaner
2010-12-03 22:07 . 2010-12-04 14:07 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-12-03 06:23 . 2010-12-04 14:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-12-03 06:23 . 2010-12-03 06:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-12-03 04:50 . 2010-12-03 04:50 -------- d-----w- c:\documents and settings\Steve\Application Data\Moyea
2010-12-03 04:50 . 2010-12-03 04:50 -------- d-----w- c:\documents and settings\Steve\Application Data\Leawo
2010-12-03 04:50 . 2010-03-15 09:31 165376 ----a-w- c:\windows\system32\unrar.dll
2010-12-03 04:50 . 2008-10-08 14:45 606208 ----a-w- c:\windows\system32\xvidcore.dll
2010-12-03 04:47 . 2010-12-03 04:50 -------- d-----w- c:\program files\Leawo
2010-12-03 04:47 . 2010-12-03 04:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Leawo
2010-12-03 04:39 . 2008-12-18 06:22 57344 ----a-w- c:\windows\system32\ff_vfw.dll
2010-12-03 04:39 . 2008-06-16 02:13 6144 ----a-w- c:\windows\system32\ff_acm.acm
2010-12-03 04:39 . 2008-06-15 15:01 60273 ----a-w- c:\windows\system32\pthreadGC2.dll
2010-12-03 04:39 . 2008-06-15 15:01 258352 ----a-w- c:\windows\system32\unicows.dll
2010-12-03 04:23 . 2010-12-03 04:28 -------- d-----w- C:\myyoutube
2010-12-03 04:09 . 2010-12-05 18:54 -------- d-----w- c:\program files\You Tube Video Converter
2010-12-03 03:58 . 2010-12-03 03:58 -------- d-----w- c:\documents and settings\Steve\Application Data\Xilisoft Corporation
2010-12-03 03:58 . 2010-12-03 03:58 -------- d-----w- c:\program files\Xilisoft
2010-12-03 03:48 . 2010-12-05 16:13 -------- d-----w- c:\program files\1-Click YouTube Downloader
2010-12-03 03:39 . 2010-12-03 03:39 -------- d-----w- c:\program files\FoxTabFlvConverter
2010-12-03 03:17 . 2010-12-03 03:17 -------- d-----w- c:\windows\system32\Adobe
2010-12-02 04:21 . 2010-12-02 04:21 -------- d-----w- C:\New Folder (2)
2010-12-02 04:21 . 2010-12-02 04:21 -------- d-----w- C:\New Folder
2010-11-30 00:29 . 2010-11-30 00:29 -------- d-----w- c:\documents and settings\All Users\Application Data\CA-SupportBridge
2010-11-28 13:23 . 2010-11-28 13:23 -------- d-----w- c:\documents and settings\Administrator

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-08 04:59 . 2010-10-04 16:02 95568 ----a-w- c:\windows\system32\vetredir.dll
2010-11-08 04:59 . 2010-10-04 16:02 128336 ----a-w- c:\windows\system32\isafeif.dll
2010-10-01 19:20 . 2009-02-24 00:11 307200 ----a-w- c:\windows\system32\TubeFinder.exe
2010-09-24 15:16 . 2010-09-24 15:16 272976 ----a-w- c:\windows\system32\UmxSbxw.dll
2010-09-24 15:16 . 2010-09-24 15:16 113232 ----a-w- c:\windows\system32\UmxSbxExw.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-12-05_14.42.31 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-12 05:02 . 2009-07-12 05:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
+ 2009-07-12 05:05 . 2009-07-12 05:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
+ 2009-07-12 05:05 . 2009-07-12 05:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
+ 2010-12-07 13:55 . 2010-12-07 13:55 16384 c:\windows\Temp\Perflib_Perfdata_4d4.dat
+ 2010-12-05 16:05 . 2010-06-17 20:27 28520 c:\windows\system32\drivers\ssmdrv.sys
+ 2009-07-12 05:02 . 2009-07-12 05:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
+ 2009-07-12 05:05 . 2009-07-12 05:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
+ 2010-12-05 16:03 . 2010-12-05 16:03 219648 c:\windows\Installer\57c65c.msi
+ 2009-07-12 05:02 . 2009-07-12 05:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PowerPanel Personal Edition User Interaction"="c:\program files\CyberPower PowerPanel Personal Edition\pppeuser.exe" [2007-12-07 315392]
"scheduler_monitor"="c:\program files\ReaConverter 5.5 Pro\init_scheduler.exe" [2007-06-15 27136]
"NETGEARDigitalEntertainer"="c:\program files\NETGEAR\NETGEAR Digital Entertainer for Windows\receiver.exe" [2009-04-29 3498712]
"Google Update"="c:\documents and settings\Steve\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-09-08 136176]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"nwiz"="nwiz.exe" [2008-10-07 1630208]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-07-27 1388544]
"EPSON Stylus Photo R200 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE" [2003-07-08 99840]
"UVS12 Preload"="c:\program files\Corel\Corel VideoStudio 12\uvPL.exe" [2008-06-09 397456]
"dvd43"="c:\program files\dvd43\dvd43_tray.exe" [2009-10-24 827904]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2004-03-10 406016]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Ovt Wia"="c:\windows\OV550EM.exe" [2008-01-28 36864]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-02 281768]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
TabUserW.exe.lnk - c:\windows\system32\WTablet\TabUserW.exe [2009-1-15 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\UmxSbxExw.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"McSysmon"=3 (0x3)
"McShield"=2 (0x2)
"McProxy"=2 (0x2)
"McODS"=3 (0x3)
"McNASvc"=2 (0x2)
"mcmscsvc"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiMalware]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Liquid.6\\Program\\RM.exe"=
"c:\\Program Files\\Liquid.6\\Program\\Studiou.mod"=
"c:\\Program Files\\NETGEAR\\NETGEAR Digital Entertainer for Windows\\receiver.exe"=
"c:\\Program Files\\NETGEAR\\NETGEAR Digital Entertainer for Windows\\tagtool.exe"=
"c:\\Program Files\\NETGEAR\\NETGEAR Digital Entertainer for Windows\\sjcmdwiz.exe"=
"c:\\Program Files\\NETGEAR\\NETGEAR Digital Entertainer for Windows\\ffmpeg.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1250:TCP"= 1250:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
"4294:TCP"= 4294:TCP:Akamai NetSession Interface
"4418:TCP"= 4418:TCP:Akamai NetSession Interface
"4428:TCP"= 4428:TCP:Akamai NetSession Interface
"4478:TCP"= 4478:TCP:Akamai NetSession Interface
"1065:TCP"= 1065:TCP:Akamai NetSession Interface
"1079:TCP"= 1079:TCP:Akamai NetSession Interface
"1094:TCP"= 1094:TCP:Akamai NetSession Interface
"1117:TCP"= 1117:TCP:Akamai NetSession Interface
"1792:TCP"= 1792:TCP:Akamai NetSession Interface
"3316:TCP"= 3316:TCP:Akamai NetSession Interface
"1293:TCP"= 1293:TCP:Akamai NetSession Interface
"1302:TCP"= 1302:TCP:Akamai NetSession Interface
"1312:TCP"= 1312:TCP:Akamai NetSession Interface
"1355:TCP"= 1355:TCP:Akamai NetSession Interface
"2330:TCP"= 2330:TCP:Akamai NetSession Interface
"2784:TCP"= 2784:TCP:Akamai NetSession Interface
"2792:TCP"= 2792:TCP:Akamai NetSession Interface
"3230:TCP"= 3230:TCP:Akamai NetSession Interface
"3288:TCP"= 3288:TCP:Akamai NetSession Interface
"4038:TCP"= 4038:TCP:Akamai NetSession Interface
"1152:TCP"= 1152:TCP:Akamai NetSession Interface
"3730:TCP"= 3730:TCP:Akamai NetSession Interface
"1220:TCP"= 1220:TCP:Akamai NetSession Interface
"2241:TCP"= 2241:TCP:Akamai NetSession Interface
"2830:TCP"= 2830:TCP:Akamai NetSession Interface
"2538:TCP"= 2538:TCP:Akamai NetSession Interface
"4969:TCP"= 4969:TCP:Akamai NetSession Interface
"1151:TCP"= 1151:TCP:Akamai NetSession Interface
"1262:TCP"= 1262:TCP:Akamai NetSession Interface
"1456:TCP"= 1456:TCP:Akamai NetSession Interface
"4270:TCP"= 4270:TCP:Akamai NetSession Interface
"1294:TCP"= 1294:TCP:Akamai NetSession Interface
"1790:TCP"= 1790:TCP:Akamai NetSession Interface
"2261:TCP"= 2261:TCP:Akamai NetSession Interface
"1679:TCP"= 1679:TCP:Akamai NetSession Interface
"2682:TCP"= 2682:TCP:Akamai NetSession Interface
"3153:TCP"= 3153:TCP:Akamai NetSession Interface
"2334:TCP"= 2334:TCP:Akamai NetSession Interface
"3863:TCP"= 3863:TCP:Akamai NetSession Interface
"4888:TCP"= 4888:TCP:Akamai NetSession Interface
"2463:TCP"= 2463:TCP:Akamai NetSession Interface
"2471:TCP"= 2471:TCP:Akamai NetSession Interface
"3410:TCP"= 3410:TCP:Akamai NetSession Interface
"4272:TCP"= 4272:TCP:Akamai NetSession Interface
"4774:TCP"= 4774:TCP:Akamai NetSession Interface
"3705:TCP"= 3705:TCP:Akamai NetSession Interface
"3715:TCP"= 3715:TCP:Akamai NetSession Interface
"4033:TCP"= 4033:TCP:Akamai NetSession Interface
"1378:TCP"= 1378:TCP:Akamai NetSession Interface
"1793:TCP"= 1793:TCP:Akamai NetSession Interface
"2270:TCP"= 2270:TCP:Akamai NetSession Interface
"2712:TCP"= 2712:TCP:Akamai NetSession Interface
"4046:TCP"= 4046:TCP:Akamai NetSession Interface
"4929:TCP"= 4929:TCP:Akamai NetSession Interface
"3244:TCP"= 3244:TCP:Akamai NetSession Interface
"3630:TCP"= 3630:TCP:Akamai NetSession Interface
"4335:TCP"= 4335:TCP:Akamai NetSession Interface
"3139:TCP"= 3139:TCP:Akamai NetSession Interface
"4431:TCP"= 4431:TCP:Akamai NetSession Interface
"4555:TCP"= 4555:TCP:Akamai NetSession Interface
"1139:TCP"= 1139:TCP:Akamai NetSession Interface
"1285:TCP"= 1285:TCP:Akamai NetSession Interface
"2164:TCP"= 2164:TCP:Akamai NetSession Interface
"<NO NAME>"=
"49152:UDP"= 49152:UDP:UDP49152
"49153:UDP"= 49153:UDP:UDP49153
"49154:UDP"= 49154:UDP:UDP49154
"49155:UDP"= 49155:UDP:UDP49155
"49156:TCP"= 49156:TCP:TCP49156
"49158:TCP"= 49158:TCP:TCP49158
"49159:TCP"= 49159:TCP:TCP49159
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"5194:TCP"= 5194:TCP:Services
"8888:TCP"= 8888:TCP:Services
"6776:TCP"= 6776:TCP:Services
"6777:TCP"= 6777:TCP:Services
"5868:TCP"= 5868:TCP:Services
"5869:TCP"= 5869:TCP:Services
"8465:TCP"= 8465:TCP:Services
"8466:TCP"= 8466:TCP:Services

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [12/5/2010 11:05 AM 135336]
R2 IOPort;IOPort;c:\windows\system32\drivers\IOPORT.SYS [11/27/1998 3:57 PM 6144]
R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\Nitro PDF\Professional\NitroPDFDriverService.exe [7/9/2010 11:40 AM 196928]
R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [7/9/2010 11:40 AM 65856]
R3 imvad_multi;NETGEAR Digital Entertainer Virtual Audio Device;c:\windows\system32\drivers\imvad.sys [4/26/2007 12:35 PM 22600]
S2 DVR2INS;ADS Instant DVD 2.0;c:\windows\system32\drivers\dvr2ins.sys [1/15/2009 4:43 PM 34792]
S3 APL531;CRS Photo Scanner;c:\windows\system32\drivers\ov550i.sys [1/28/2008 8:53 AM 580992]
S3 ATICXCAP;ATI TV Wonder Pro A/V Capture;c:\windows\system32\drivers\aticxcap.sys [1/15/2009 3:00 PM 175232]
S3 ATICXTUN;ATI TV Wonder 200 Tuner (Philips 1236 MK3);c:\windows\system32\drivers\aticxtun.sys [1/15/2009 3:01 PM 29184]
S3 ATICXXBR;ATI TV Wonder 200 A/V Crossbar;c:\windows\system32\drivers\aticxxbr.sys [1/15/2009 3:01 PM 9088]
S3 rcp_service;ReaConverter scheduler service;c:\program files\ReaConverter 5.5 Pro\rcp_scheduler.exe [11/30/2007 11:27 AM 558592]
S3 SBUSBAV;Video Blaster Editor;c:\windows\system32\drivers\sbusbav.sys [9/16/2009 8:15 PM 104448]
S3 SureThing Labelflash service;SureThing Labelflash service;c:\program files\Common Files\SureThing Shared\stllssvr.exe [1/15/2009 3:37 PM 74384]
S3 WPEServ;soft Xpansion Print2Document;c:\program files\Common Files\WPE\wpeserv.exe [3/7/2010 8:15 AM 323584]
.
Contents of the 'Scheduled Tasks' folder

2010-12-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-1647877149-725345543-1003Core.job
- c:\documents and settings\Steve\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-08 01:56]

2010-12-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-1647877149-725345543-1003UA.job
- c:\documents and settings\Steve\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-08 01:56]

2010-12-04 c:\windows\Tasks\wavepadDowngrade.job
- c:\program files\NCH Swift Sound\WavePad\wavepad.exe [2010-04-29 10:58]

2010-12-04 c:\windows\Tasks\wavepadShakeIcon.job
- c:\program files\NCH Swift Sound\WavePad\wavepad.exe [2010-04-29 10:58]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: Download with Xilisoft YouTube Video Converter - c:\program files\Xilisoft\YouTube Video Converter\upod_link.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: intuit.com\ttlc
FF - ProfilePath - c:\documents and settings\Steve\Application Data\Mozilla\Firefox\Profiles\18konbno.default\
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=867034&p=
FF - plugin: c:\documents and settings\Steve\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Extension: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - c:\documents and settings\Steve\Application Data\Mozilla\Firefox\Profiles\18konbno.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-07 20:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2000478354-1647877149-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{088BEC22-1854-4EEE-1509-9A64DC6C441F}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"eajdpdaekb"=hex:66,61,64,70,6d,65,68,6b,64,65,62,64,00,31
"daidehao"=hex:64,62,66,6e,69,64,70,61,6b,66,6b,62,65,67,6f,6d,6f,63,6b,6f,65,
66,6c,6d,6c,67,6c,6b,65,68,6a,6c,67,70,6a,62,68,68,68,6b,00,00
"iabohmpmmgdfpgijlp"=hex:69,61,62,64,69,70,6f,6c,6e,65,6b,66,70,69,6a,66,6b,63,
00,00
"halnicaagkhaolhi"=hex:69,61,61,64,62,6b,70,6e,6f,6c,67,6f,6f,6d,6b,66,6e,6a,
00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3744)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-12-07 20:45:28
ComboFix-quarantined-files.txt 2010-12-08 01:45
ComboFix2.txt 2010-12-07 02:49
ComboFix3.txt 2010-12-05 15:17
ComboFix4.txt 2010-12-05 14:44

Pre-Run: 26,378,113,024 bytes free
Post-Run: 26,395,774,976 bytes free

- - End Of File - - 5392CD2C76B10A85F7E6F605C07D61A7
 
Broni,

I ran it again. Am I mis-interupting what is in the code bos ? Here's what I entered and saved as CFScript.txt

Code:
---------
File::

Folder::
c:\documents and settings\All Users\Application Data\FrontLine Registry Cleaner c:\program files\Frontline Registry Cleaner c:\program files\Common Files\Symantec Shared c:\documents and settings\All Users\Application Data\Norton c:\documents and settings\All Users\Application Data\Symantec


Driver::

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdReg"=-

RegNull::
[HKEY_USERS\S-1-5-21-2000478354-1647877149-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{088BEC22-1854-4EEE-1509-9A64DC6C441F}*]
---------



ComboFix 10-12-06.04 - Steve 12/07/2010 21:08:33.6.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3070.2605 [GMT -5:00]
Running from: c:\documents and settings\Steve\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Steve\Desktop\cfscript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: CA Personal Firewall *enabled* {38102F93-1B6E-4922-90E1-A35D8DC6DAA3}
.

((((((((((((((((((((((((( Files Created from 2010-11-08 to 2010-12-08 )))))))))))))))))))))))))))))))
.

2010-12-05 18:05 . 2010-12-05 18:05 -------- d-----w- c:\documents and settings\Steve\Application Data\Malwarebytes
2010-12-05 18:05 . 2010-11-29 22:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-05 18:05 . 2010-12-05 18:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-12-05 18:05 . 2010-12-05 18:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-05 18:05 . 2010-11-29 22:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-05 16:07 . 2010-12-05 16:07 -------- d-----w- c:\documents and settings\Steve\Application Data\Avira
2010-12-05 16:05 . 2010-12-06 17:49 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-12-05 16:05 . 2010-08-02 21:10 126856 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-12-05 16:05 . 2010-06-17 20:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-12-05 16:05 . 2010-06-17 20:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-12-05 16:05 . 2010-12-05 16:05 -------- d-----w- c:\program files\Avira
2010-12-05 16:05 . 2010-12-05 16:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-12-04 21:27 . 2010-12-04 21:27 -------- d-----w- c:\program files\Free WMA to MP3 Converter
2010-12-04 13:52 . 2010-12-04 13:52 -------- d-----w- c:\program files\CCleaner
2010-12-04 13:21 . 2010-12-04 13:21 -------- d-----w- c:\documents and settings\All Users\Application Data\FrontLine Registry Cleaner
2010-12-04 13:21 . 2010-12-05 18:54 -------- d-----w- c:\program files\Frontline Registry Cleaner
2010-12-03 22:07 . 2010-12-04 14:07 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-12-03 06:23 . 2010-12-04 14:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-12-03 06:23 . 2010-12-03 06:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-12-03 04:50 . 2010-12-03 04:50 -------- d-----w- c:\documents and settings\Steve\Application Data\Moyea
2010-12-03 04:50 . 2010-12-03 04:50 -------- d-----w- c:\documents and settings\Steve\Application Data\Leawo
2010-12-03 04:50 . 2010-03-15 09:31 165376 ----a-w- c:\windows\system32\unrar.dll
2010-12-03 04:50 . 2008-10-08 14:45 606208 ----a-w- c:\windows\system32\xvidcore.dll
2010-12-03 04:47 . 2010-12-03 04:50 -------- d-----w- c:\program files\Leawo
2010-12-03 04:47 . 2010-12-03 04:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Leawo
2010-12-03 04:39 . 2008-12-18 06:22 57344 ----a-w- c:\windows\system32\ff_vfw.dll
2010-12-03 04:39 . 2008-06-16 02:13 6144 ----a-w- c:\windows\system32\ff_acm.acm
2010-12-03 04:39 . 2008-06-15 15:01 60273 ----a-w- c:\windows\system32\pthreadGC2.dll
2010-12-03 04:39 . 2008-06-15 15:01 258352 ----a-w- c:\windows\system32\unicows.dll
2010-12-03 04:23 . 2010-12-03 04:28 -------- d-----w- C:\myyoutube
2010-12-03 04:09 . 2010-12-05 18:54 -------- d-----w- c:\program files\You Tube Video Converter
2010-12-03 03:58 . 2010-12-03 03:58 -------- d-----w- c:\documents and settings\Steve\Application Data\Xilisoft Corporation
2010-12-03 03:58 . 2010-12-03 03:58 -------- d-----w- c:\program files\Xilisoft
2010-12-03 03:48 . 2010-12-05 16:13 -------- d-----w- c:\program files\1-Click YouTube Downloader
2010-12-03 03:39 . 2010-12-03 03:39 -------- d-----w- c:\program files\FoxTabFlvConverter
2010-12-03 03:17 . 2010-12-03 03:17 -------- d-----w- c:\windows\system32\Adobe
2010-12-02 04:21 . 2010-12-02 04:21 -------- d-----w- C:\New Folder (2)
2010-12-02 04:21 . 2010-12-02 04:21 -------- d-----w- C:\New Folder
2010-11-30 00:29 . 2010-11-30 00:29 -------- d-----w- c:\documents and settings\All Users\Application Data\CA-SupportBridge
2010-11-28 13:23 . 2010-11-28 13:23 -------- d-----w- c:\documents and settings\Administrator

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-08 04:59 . 2010-10-04 16:02 95568 ----a-w- c:\windows\system32\vetredir.dll
2010-11-08 04:59 . 2010-10-04 16:02 128336 ----a-w- c:\windows\system32\isafeif.dll
2010-10-01 19:20 . 2009-02-24 00:11 307200 ----a-w- c:\windows\system32\TubeFinder.exe
2010-09-24 15:16 . 2010-09-24 15:16 272976 ----a-w- c:\windows\system32\UmxSbxw.dll
2010-09-24 15:16 . 2010-09-24 15:16 113232 ----a-w- c:\windows\system32\UmxSbxExw.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-12-05_14.42.31 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-12 05:02 . 2009-07-12 05:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
+ 2009-07-12 05:05 . 2009-07-12 05:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
+ 2009-07-12 05:05 . 2009-07-12 05:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
+ 2010-12-08 01:58 . 2010-12-08 01:58 16384 c:\windows\Temp\Perflib_Perfdata_4fc.dat
+ 2010-12-05 16:05 . 2010-06-17 20:27 28520 c:\windows\system32\drivers\ssmdrv.sys
+ 2009-07-12 05:02 . 2009-07-12 05:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
+ 2009-07-12 05:05 . 2009-07-12 05:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
+ 2010-12-05 16:03 . 2010-12-05 16:03 219648 c:\windows\Installer\57c65c.msi
+ 2009-07-12 05:02 . 2009-07-12 05:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PowerPanel Personal Edition User Interaction"="c:\program files\CyberPower PowerPanel Personal Edition\pppeuser.exe" [2007-12-07 315392]
"scheduler_monitor"="c:\program files\ReaConverter 5.5 Pro\init_scheduler.exe" [2007-06-15 27136]
"NETGEARDigitalEntertainer"="c:\program files\NETGEAR\NETGEAR Digital Entertainer for Windows\receiver.exe" [2009-04-29 3498712]
"Google Update"="c:\documents and settings\Steve\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-09-08 136176]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"nwiz"="nwiz.exe" [2008-10-07 1630208]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-07-27 1388544]
"EPSON Stylus Photo R200 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE" [2003-07-08 99840]
"UVS12 Preload"="c:\program files\Corel\Corel VideoStudio 12\uvPL.exe" [2008-06-09 397456]
"dvd43"="c:\program files\dvd43\dvd43_tray.exe" [2009-10-24 827904]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2004-03-10 406016]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Ovt Wia"="c:\windows\OV550EM.exe" [2008-01-28 36864]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-02 281768]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
TabUserW.exe.lnk - c:\windows\system32\WTablet\TabUserW.exe [2009-1-15 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\UmxSbxExw.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"McSysmon"=3 (0x3)
"McShield"=2 (0x2)
"McProxy"=2 (0x2)
"McODS"=3 (0x3)
"McNASvc"=2 (0x2)
"mcmscsvc"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiMalware]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Liquid.6\\Program\\RM.exe"=
"c:\\Program Files\\Liquid.6\\Program\\Studiou.mod"=
"c:\\Program Files\\NETGEAR\\NETGEAR Digital Entertainer for Windows\\receiver.exe"=
"c:\\Program Files\\NETGEAR\\NETGEAR Digital Entertainer for Windows\\tagtool.exe"=
"c:\\Program Files\\NETGEAR\\NETGEAR Digital Entertainer for Windows\\sjcmdwiz.exe"=
"c:\\Program Files\\NETGEAR\\NETGEAR Digital Entertainer for Windows\\ffmpeg.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1250:TCP"= 1250:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
"4294:TCP"= 4294:TCP:Akamai NetSession Interface
"4418:TCP"= 4418:TCP:Akamai NetSession Interface
"4428:TCP"= 4428:TCP:Akamai NetSession Interface
"4478:TCP"= 4478:TCP:Akamai NetSession Interface
"1065:TCP"= 1065:TCP:Akamai NetSession Interface
"1079:TCP"= 1079:TCP:Akamai NetSession Interface
"1094:TCP"= 1094:TCP:Akamai NetSession Interface
"1117:TCP"= 1117:TCP:Akamai NetSession Interface
"1792:TCP"= 1792:TCP:Akamai NetSession Interface
"3316:TCP"= 3316:TCP:Akamai NetSession Interface
"1293:TCP"= 1293:TCP:Akamai NetSession Interface
"1302:TCP"= 1302:TCP:Akamai NetSession Interface
"1312:TCP"= 1312:TCP:Akamai NetSession Interface
"1355:TCP"= 1355:TCP:Akamai NetSession Interface
"2330:TCP"= 2330:TCP:Akamai NetSession Interface
"2784:TCP"= 2784:TCP:Akamai NetSession Interface
"2792:TCP"= 2792:TCP:Akamai NetSession Interface
"3230:TCP"= 3230:TCP:Akamai NetSession Interface
"3288:TCP"= 3288:TCP:Akamai NetSession Interface
"4038:TCP"= 4038:TCP:Akamai NetSession Interface
"1152:TCP"= 1152:TCP:Akamai NetSession Interface
"3730:TCP"= 3730:TCP:Akamai NetSession Interface
"1220:TCP"= 1220:TCP:Akamai NetSession Interface
"2241:TCP"= 2241:TCP:Akamai NetSession Interface
"2830:TCP"= 2830:TCP:Akamai NetSession Interface
"2538:TCP"= 2538:TCP:Akamai NetSession Interface
"4969:TCP"= 4969:TCP:Akamai NetSession Interface
"1151:TCP"= 1151:TCP:Akamai NetSession Interface
"1262:TCP"= 1262:TCP:Akamai NetSession Interface
"1456:TCP"= 1456:TCP:Akamai NetSession Interface
"4270:TCP"= 4270:TCP:Akamai NetSession Interface
"1294:TCP"= 1294:TCP:Akamai NetSession Interface
"1790:TCP"= 1790:TCP:Akamai NetSession Interface
"2261:TCP"= 2261:TCP:Akamai NetSession Interface
"1679:TCP"= 1679:TCP:Akamai NetSession Interface
"2682:TCP"= 2682:TCP:Akamai NetSession Interface
"3153:TCP"= 3153:TCP:Akamai NetSession Interface
"2334:TCP"= 2334:TCP:Akamai NetSession Interface
"3863:TCP"= 3863:TCP:Akamai NetSession Interface
"4888:TCP"= 4888:TCP:Akamai NetSession Interface
"2463:TCP"= 2463:TCP:Akamai NetSession Interface
"2471:TCP"= 2471:TCP:Akamai NetSession Interface
"3410:TCP"= 3410:TCP:Akamai NetSession Interface
"4272:TCP"= 4272:TCP:Akamai NetSession Interface
"4774:TCP"= 4774:TCP:Akamai NetSession Interface
"3705:TCP"= 3705:TCP:Akamai NetSession Interface
"3715:TCP"= 3715:TCP:Akamai NetSession Interface
"4033:TCP"= 4033:TCP:Akamai NetSession Interface
"1378:TCP"= 1378:TCP:Akamai NetSession Interface
"1793:TCP"= 1793:TCP:Akamai NetSession Interface
"2270:TCP"= 2270:TCP:Akamai NetSession Interface
"2712:TCP"= 2712:TCP:Akamai NetSession Interface
"4046:TCP"= 4046:TCP:Akamai NetSession Interface
"4929:TCP"= 4929:TCP:Akamai NetSession Interface
"3244:TCP"= 3244:TCP:Akamai NetSession Interface
"3630:TCP"= 3630:TCP:Akamai NetSession Interface
"4335:TCP"= 4335:TCP:Akamai NetSession Interface
"3139:TCP"= 3139:TCP:Akamai NetSession Interface
"4431:TCP"= 4431:TCP:Akamai NetSession Interface
"4555:TCP"= 4555:TCP:Akamai NetSession Interface
"1139:TCP"= 1139:TCP:Akamai NetSession Interface
"1285:TCP"= 1285:TCP:Akamai NetSession Interface
"2164:TCP"= 2164:TCP:Akamai NetSession Interface
"<NO NAME>"=
"49152:UDP"= 49152:UDP:UDP49152
"49153:UDP"= 49153:UDP:UDP49153
"49154:UDP"= 49154:UDP:UDP49154
"49155:UDP"= 49155:UDP:UDP49155
"49156:TCP"= 49156:TCP:TCP49156
"49158:TCP"= 49158:TCP:TCP49158
"49159:TCP"= 49159:TCP:TCP49159
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"5194:TCP"= 5194:TCP:Services
"8888:TCP"= 8888:TCP:Services
"6776:TCP"= 6776:TCP:Services
"6777:TCP"= 6777:TCP:Services
"5868:TCP"= 5868:TCP:Services
"5869:TCP"= 5869:TCP:Services
"8465:TCP"= 8465:TCP:Services
"8466:TCP"= 8466:TCP:Services

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [12/5/2010 11:05 AM 135336]
R2 IOPort;IOPort;c:\windows\system32\drivers\IOPORT.SYS [11/27/1998 3:57 PM 6144]
R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\Nitro PDF\Professional\NitroPDFDriverService.exe [7/9/2010 11:40 AM 196928]
R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [7/9/2010 11:40 AM 65856]
R3 imvad_multi;NETGEAR Digital Entertainer Virtual Audio Device;c:\windows\system32\drivers\imvad.sys [4/26/2007 12:35 PM 22600]
S2 DVR2INS;ADS Instant DVD 2.0;c:\windows\system32\drivers\dvr2ins.sys [1/15/2009 4:43 PM 34792]
S3 APL531;CRS Photo Scanner;c:\windows\system32\drivers\ov550i.sys [1/28/2008 8:53 AM 580992]
S3 ATICXCAP;ATI TV Wonder Pro A/V Capture;c:\windows\system32\drivers\aticxcap.sys [1/15/2009 3:00 PM 175232]
S3 ATICXTUN;ATI TV Wonder 200 Tuner (Philips 1236 MK3);c:\windows\system32\drivers\aticxtun.sys [1/15/2009 3:01 PM 29184]
S3 ATICXXBR;ATI TV Wonder 200 A/V Crossbar;c:\windows\system32\drivers\aticxxbr.sys [1/15/2009 3:01 PM 9088]
S3 rcp_service;ReaConverter scheduler service;c:\program files\ReaConverter 5.5 Pro\rcp_scheduler.exe [11/30/2007 11:27 AM 558592]
S3 SBUSBAV;Video Blaster Editor;c:\windows\system32\drivers\sbusbav.sys [9/16/2009 8:15 PM 104448]
S3 SureThing Labelflash service;SureThing Labelflash service;c:\program files\Common Files\SureThing Shared\stllssvr.exe [1/15/2009 3:37 PM 74384]
S3 WPEServ;soft Xpansion Print2Document;c:\program files\Common Files\WPE\wpeserv.exe [3/7/2010 8:15 AM 323584]
.
Contents of the 'Scheduled Tasks' folder

2010-12-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-1647877149-725345543-1003Core.job
- c:\documents and settings\Steve\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-08 01:56]

2010-12-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-1647877149-725345543-1003UA.job
- c:\documents and settings\Steve\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-08 01:56]

2010-12-04 c:\windows\Tasks\wavepadDowngrade.job
- c:\program files\NCH Swift Sound\WavePad\wavepad.exe [2010-04-29 10:58]

2010-12-04 c:\windows\Tasks\wavepadShakeIcon.job
- c:\program files\NCH Swift Sound\WavePad\wavepad.exe [2010-04-29 10:58]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: Download with Xilisoft YouTube Video Converter - c:\program files\Xilisoft\YouTube Video Converter\upod_link.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: intuit.com\ttlc
FF - ProfilePath - c:\documents and settings\Steve\Application Data\Mozilla\Firefox\Profiles\18konbno.default\
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=867034&p=
FF - plugin: c:\documents and settings\Steve\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Extension: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - c:\documents and settings\Steve\Application Data\Mozilla\Firefox\Profiles\18konbno.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-07 21:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3416)
c:\windows\system32\tabhook.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-12-07 21:17:18
ComboFix-quarantined-files.txt 2010-12-08 02:17
ComboFix2.txt 2010-12-08 01:45
ComboFix3.txt 2010-12-07 02:49
ComboFix4.txt 2010-12-05 15:17
ComboFix5.txt 2010-12-08 01:55

Pre-Run: 26,402,279,424 bytes free
Post-Run: 26,385,199,104 bytes free

- - End Of File - - 8144F27BF8BF9D901B7B615B9877CB29
 
Broni,

Ran it again that way (pretty sure that was the way the 1st run was done) output looks the same to me. I see CA personal fire wire is running. I've take numerous steps to get rid of all of the old CA files (before you and I started).

Steve
ComboFix 10-12-06.04 - Steve 12/07/2010 21:37:59.7.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3070.2654 [GMT -5:00]
Running from: c:\documents and settings\Steve\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Steve\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: CA Personal Firewall *enabled* {38102F93-1B6E-4922-90E1-A35D8DC6DAA3}
.

((((((((((((((((((((((((( Files Created from 2010-11-08 to 2010-12-08 )))))))))))))))))))))))))))))))
.

2010-12-05 18:05 . 2010-12-05 18:05 -------- d-----w- c:\documents and settings\Steve\Application Data\Malwarebytes
2010-12-05 18:05 . 2010-11-29 22:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-05 18:05 . 2010-12-05 18:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-12-05 18:05 . 2010-12-05 18:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-05 18:05 . 2010-11-29 22:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-05 16:07 . 2010-12-05 16:07 -------- d-----w- c:\documents and settings\Steve\Application Data\Avira
2010-12-05 16:05 . 2010-12-06 17:49 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-12-05 16:05 . 2010-08-02 21:10 126856 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-12-05 16:05 . 2010-06-17 20:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-12-05 16:05 . 2010-06-17 20:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-12-05 16:05 . 2010-12-05 16:05 -------- d-----w- c:\program files\Avira
2010-12-05 16:05 . 2010-12-05 16:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-12-04 21:27 . 2010-12-04 21:27 -------- d-----w- c:\program files\Free WMA to MP3 Converter
2010-12-04 13:52 . 2010-12-04 13:52 -------- d-----w- c:\program files\CCleaner
2010-12-04 13:21 . 2010-12-04 13:21 -------- d-----w- c:\documents and settings\All Users\Application Data\FrontLine Registry Cleaner
2010-12-04 13:21 . 2010-12-05 18:54 -------- d-----w- c:\program files\Frontline Registry Cleaner
2010-12-03 22:07 . 2010-12-04 14:07 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-12-03 06:23 . 2010-12-04 14:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-12-03 06:23 . 2010-12-03 06:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-12-03 04:50 . 2010-12-03 04:50 -------- d-----w- c:\documents and settings\Steve\Application Data\Moyea
2010-12-03 04:50 . 2010-12-03 04:50 -------- d-----w- c:\documents and settings\Steve\Application Data\Leawo
2010-12-03 04:50 . 2010-03-15 09:31 165376 ----a-w- c:\windows\system32\unrar.dll
2010-12-03 04:50 . 2008-10-08 14:45 606208 ----a-w- c:\windows\system32\xvidcore.dll
2010-12-03 04:47 . 2010-12-03 04:50 -------- d-----w- c:\program files\Leawo
2010-12-03 04:47 . 2010-12-03 04:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Leawo
2010-12-03 04:39 . 2008-12-18 06:22 57344 ----a-w- c:\windows\system32\ff_vfw.dll
2010-12-03 04:39 . 2008-06-16 02:13 6144 ----a-w- c:\windows\system32\ff_acm.acm
2010-12-03 04:39 . 2008-06-15 15:01 60273 ----a-w- c:\windows\system32\pthreadGC2.dll
2010-12-03 04:39 . 2008-06-15 15:01 258352 ----a-w- c:\windows\system32\unicows.dll
2010-12-03 04:23 . 2010-12-03 04:28 -------- d-----w- C:\myyoutube
2010-12-03 04:09 . 2010-12-05 18:54 -------- d-----w- c:\program files\You Tube Video Converter
2010-12-03 03:58 . 2010-12-03 03:58 -------- d-----w- c:\documents and settings\Steve\Application Data\Xilisoft Corporation
2010-12-03 03:58 . 2010-12-03 03:58 -------- d-----w- c:\program files\Xilisoft
2010-12-03 03:48 . 2010-12-05 16:13 -------- d-----w- c:\program files\1-Click YouTube Downloader
2010-12-03 03:39 . 2010-12-03 03:39 -------- d-----w- c:\program files\FoxTabFlvConverter
2010-12-03 03:17 . 2010-12-03 03:17 -------- d-----w- c:\windows\system32\Adobe
2010-12-02 04:21 . 2010-12-02 04:21 -------- d-----w- C:\New Folder (2)
2010-12-02 04:21 . 2010-12-02 04:21 -------- d-----w- C:\New Folder
2010-11-30 00:29 . 2010-11-30 00:29 -------- d-----w- c:\documents and settings\All Users\Application Data\CA-SupportBridge
2010-11-28 13:23 . 2010-11-28 13:23 -------- d-----w- c:\documents and settings\Administrator

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-08 04:59 . 2010-10-04 16:02 95568 ----a-w- c:\windows\system32\vetredir.dll
2010-11-08 04:59 . 2010-10-04 16:02 128336 ----a-w- c:\windows\system32\isafeif.dll
2010-10-01 19:20 . 2009-02-24 00:11 307200 ----a-w- c:\windows\system32\TubeFinder.exe
2010-09-24 15:16 . 2010-09-24 15:16 272976 ----a-w- c:\windows\system32\UmxSbxw.dll
2010-09-24 15:16 . 2010-09-24 15:16 113232 ----a-w- c:\windows\system32\UmxSbxExw.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-12-05_14.42.31 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-12 05:02 . 2009-07-12 05:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
+ 2009-07-12 05:05 . 2009-07-12 05:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
+ 2009-07-12 05:05 . 2009-07-12 05:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
+ 2010-12-08 01:58 . 2010-12-08 01:58 16384 c:\windows\Temp\Perflib_Perfdata_4fc.dat
+ 2010-12-05 16:05 . 2010-06-17 20:27 28520 c:\windows\system32\drivers\ssmdrv.sys
+ 2009-07-12 05:02 . 2009-07-12 05:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
+ 2009-07-12 05:05 . 2009-07-12 05:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
+ 2010-12-05 16:03 . 2010-12-05 16:03 219648 c:\windows\Installer\57c65c.msi
+ 2009-07-12 05:02 . 2009-07-12 05:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PowerPanel Personal Edition User Interaction"="c:\program files\CyberPower PowerPanel Personal Edition\pppeuser.exe" [2007-12-07 315392]
"scheduler_monitor"="c:\program files\ReaConverter 5.5 Pro\init_scheduler.exe" [2007-06-15 27136]
"NETGEARDigitalEntertainer"="c:\program files\NETGEAR\NETGEAR Digital Entertainer for Windows\receiver.exe" [2009-04-29 3498712]
"Google Update"="c:\documents and settings\Steve\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-09-08 136176]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"nwiz"="nwiz.exe" [2008-10-07 1630208]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-07-27 1388544]
"EPSON Stylus Photo R200 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE" [2003-07-08 99840]
"UVS12 Preload"="c:\program files\Corel\Corel VideoStudio 12\uvPL.exe" [2008-06-09 397456]
"dvd43"="c:\program files\dvd43\dvd43_tray.exe" [2009-10-24 827904]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2004-03-10 406016]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Ovt Wia"="c:\windows\OV550EM.exe" [2008-01-28 36864]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-02 281768]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
TabUserW.exe.lnk - c:\windows\system32\WTablet\TabUserW.exe [2009-1-15 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\UmxSbxExw.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"McSysmon"=3 (0x3)
"McShield"=2 (0x2)
"McProxy"=2 (0x2)
"McODS"=3 (0x3)
"McNASvc"=2 (0x2)
"mcmscsvc"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiMalware]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Liquid.6\\Program\\RM.exe"=
"c:\\Program Files\\Liquid.6\\Program\\Studiou.mod"=
"c:\\Program Files\\NETGEAR\\NETGEAR Digital Entertainer for Windows\\receiver.exe"=
"c:\\Program Files\\NETGEAR\\NETGEAR Digital Entertainer for Windows\\tagtool.exe"=
"c:\\Program Files\\NETGEAR\\NETGEAR Digital Entertainer for Windows\\sjcmdwiz.exe"=
"c:\\Program Files\\NETGEAR\\NETGEAR Digital Entertainer for Windows\\ffmpeg.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1250:TCP"= 1250:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
"4294:TCP"= 4294:TCP:Akamai NetSession Interface
"4418:TCP"= 4418:TCP:Akamai NetSession Interface
"4428:TCP"= 4428:TCP:Akamai NetSession Interface
"4478:TCP"= 4478:TCP:Akamai NetSession Interface
"1065:TCP"= 1065:TCP:Akamai NetSession Interface
"1079:TCP"= 1079:TCP:Akamai NetSession Interface
"1094:TCP"= 1094:TCP:Akamai NetSession Interface
"1117:TCP"= 1117:TCP:Akamai NetSession Interface
"1792:TCP"= 1792:TCP:Akamai NetSession Interface
"3316:TCP"= 3316:TCP:Akamai NetSession Interface
"1293:TCP"= 1293:TCP:Akamai NetSession Interface
"1302:TCP"= 1302:TCP:Akamai NetSession Interface
"1312:TCP"= 1312:TCP:Akamai NetSession Interface
"1355:TCP"= 1355:TCP:Akamai NetSession Interface
"2330:TCP"= 2330:TCP:Akamai NetSession Interface
"2784:TCP"= 2784:TCP:Akamai NetSession Interface
"2792:TCP"= 2792:TCP:Akamai NetSession Interface
"3230:TCP"= 3230:TCP:Akamai NetSession Interface
"3288:TCP"= 3288:TCP:Akamai NetSession Interface
"4038:TCP"= 4038:TCP:Akamai NetSession Interface
"1152:TCP"= 1152:TCP:Akamai NetSession Interface
"3730:TCP"= 3730:TCP:Akamai NetSession Interface
"1220:TCP"= 1220:TCP:Akamai NetSession Interface
"2241:TCP"= 2241:TCP:Akamai NetSession Interface
"2830:TCP"= 2830:TCP:Akamai NetSession Interface
"2538:TCP"= 2538:TCP:Akamai NetSession Interface
"4969:TCP"= 4969:TCP:Akamai NetSession Interface
"1151:TCP"= 1151:TCP:Akamai NetSession Interface
"1262:TCP"= 1262:TCP:Akamai NetSession Interface
"1456:TCP"= 1456:TCP:Akamai NetSession Interface
"4270:TCP"= 4270:TCP:Akamai NetSession Interface
"1294:TCP"= 1294:TCP:Akamai NetSession Interface
"1790:TCP"= 1790:TCP:Akamai NetSession Interface
"2261:TCP"= 2261:TCP:Akamai NetSession Interface
"1679:TCP"= 1679:TCP:Akamai NetSession Interface
"2682:TCP"= 2682:TCP:Akamai NetSession Interface
"3153:TCP"= 3153:TCP:Akamai NetSession Interface
"2334:TCP"= 2334:TCP:Akamai NetSession Interface
"3863:TCP"= 3863:TCP:Akamai NetSession Interface
"4888:TCP"= 4888:TCP:Akamai NetSession Interface
"2463:TCP"= 2463:TCP:Akamai NetSession Interface
"2471:TCP"= 2471:TCP:Akamai NetSession Interface
"3410:TCP"= 3410:TCP:Akamai NetSession Interface
"4272:TCP"= 4272:TCP:Akamai NetSession Interface
"4774:TCP"= 4774:TCP:Akamai NetSession Interface
"3705:TCP"= 3705:TCP:Akamai NetSession Interface
"3715:TCP"= 3715:TCP:Akamai NetSession Interface
"4033:TCP"= 4033:TCP:Akamai NetSession Interface
"1378:TCP"= 1378:TCP:Akamai NetSession Interface
"1793:TCP"= 1793:TCP:Akamai NetSession Interface
"2270:TCP"= 2270:TCP:Akamai NetSession Interface
"2712:TCP"= 2712:TCP:Akamai NetSession Interface
"4046:TCP"= 4046:TCP:Akamai NetSession Interface
"4929:TCP"= 4929:TCP:Akamai NetSession Interface
"3244:TCP"= 3244:TCP:Akamai NetSession Interface
"3630:TCP"= 3630:TCP:Akamai NetSession Interface
"4335:TCP"= 4335:TCP:Akamai NetSession Interface
"3139:TCP"= 3139:TCP:Akamai NetSession Interface
"4431:TCP"= 4431:TCP:Akamai NetSession Interface
"4555:TCP"= 4555:TCP:Akamai NetSession Interface
"1139:TCP"= 1139:TCP:Akamai NetSession Interface
"1285:TCP"= 1285:TCP:Akamai NetSession Interface
"2164:TCP"= 2164:TCP:Akamai NetSession Interface
"<NO NAME>"=
"49152:UDP"= 49152:UDP:UDP49152
"49153:UDP"= 49153:UDP:UDP49153
"49154:UDP"= 49154:UDP:UDP49154
"49155:UDP"= 49155:UDP:UDP49155
"49156:TCP"= 49156:TCP:TCP49156
"49158:TCP"= 49158:TCP:TCP49158
"49159:TCP"= 49159:TCP:TCP49159
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"5194:TCP"= 5194:TCP:Services
"8888:TCP"= 8888:TCP:Services
"6776:TCP"= 6776:TCP:Services
"6777:TCP"= 6777:TCP:Services
"5868:TCP"= 5868:TCP:Services
"5869:TCP"= 5869:TCP:Services
"8465:TCP"= 8465:TCP:Services
"8466:TCP"= 8466:TCP:Services

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [12/5/2010 11:05 AM 135336]
R2 IOPort;IOPort;c:\windows\system32\drivers\IOPORT.SYS [11/27/1998 3:57 PM 6144]
R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\Nitro PDF\Professional\NitroPDFDriverService.exe [7/9/2010 11:40 AM 196928]
R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [7/9/2010 11:40 AM 65856]
R3 imvad_multi;NETGEAR Digital Entertainer Virtual Audio Device;c:\windows\system32\drivers\imvad.sys [4/26/2007 12:35 PM 22600]
S2 DVR2INS;ADS Instant DVD 2.0;c:\windows\system32\drivers\dvr2ins.sys [1/15/2009 4:43 PM 34792]
S3 APL531;CRS Photo Scanner;c:\windows\system32\drivers\ov550i.sys [1/28/2008 8:53 AM 580992]
S3 ATICXCAP;ATI TV Wonder Pro A/V Capture;c:\windows\system32\drivers\aticxcap.sys [1/15/2009 3:00 PM 175232]
S3 ATICXTUN;ATI TV Wonder 200 Tuner (Philips 1236 MK3);c:\windows\system32\drivers\aticxtun.sys [1/15/2009 3:01 PM 29184]
S3 ATICXXBR;ATI TV Wonder 200 A/V Crossbar;c:\windows\system32\drivers\aticxxbr.sys [1/15/2009 3:01 PM 9088]
S3 rcp_service;ReaConverter scheduler service;c:\program files\ReaConverter 5.5 Pro\rcp_scheduler.exe [11/30/2007 11:27 AM 558592]
S3 SBUSBAV;Video Blaster Editor;c:\windows\system32\drivers\sbusbav.sys [9/16/2009 8:15 PM 104448]
S3 SureThing Labelflash service;SureThing Labelflash service;c:\program files\Common Files\SureThing Shared\stllssvr.exe [1/15/2009 3:37 PM 74384]
S3 WPEServ;soft Xpansion Print2Document;c:\program files\Common Files\WPE\wpeserv.exe [3/7/2010 8:15 AM 323584]
.
Contents of the 'Scheduled Tasks' folder

2010-12-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-1647877149-725345543-1003Core.job
- c:\documents and settings\Steve\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-08 01:56]

2010-12-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-1647877149-725345543-1003UA.job
- c:\documents and settings\Steve\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-08 01:56]

2010-12-04 c:\windows\Tasks\wavepadDowngrade.job
- c:\program files\NCH Swift Sound\WavePad\wavepad.exe [2010-04-29 10:58]

2010-12-04 c:\windows\Tasks\wavepadShakeIcon.job
- c:\program files\NCH Swift Sound\WavePad\wavepad.exe [2010-04-29 10:58]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: Download with Xilisoft YouTube Video Converter - c:\program files\Xilisoft\YouTube Video Converter\upod_link.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: intuit.com\ttlc
FF - ProfilePath - c:\documents and settings\Steve\Application Data\Mozilla\Firefox\Profiles\18konbno.default\
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=867034&p=
FF - plugin: c:\documents and settings\Steve\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Extension: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - c:\documents and settings\Steve\Application Data\Mozilla\Firefox\Profiles\18konbno.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-07 21:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3188)
c:\windows\system32\tabhook.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-12-07 21:44:55
ComboFix-quarantined-files.txt 2010-12-08 02:44
ComboFix2.txt 2010-12-08 02:17
ComboFix3.txt 2010-12-08 01:45
ComboFix4.txt 2010-12-07 02:49
ComboFix5.txt 2010-12-08 02:37

Pre-Run: 26,397,978,624 bytes free
Post-Run: 26,381,348,864 bytes free

- - End Of File - - A3584723F34B848CB8CB3F150F31E24B
 
That's fine.
I can see, that the most important item has been removed, so we can get rid of the rest through another program.
That CA firewall is just some registry leftover. Nothing to worry about.

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
OTL Extras logfile created on: 12/7/2010 10:14:07 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Steve\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 84.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 1024 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76.68 Gb Total Space | 24.60 Gb Free Space | 32.08% Space Free | Partition Type: NTFS
Drive D: | 931.51 Gb Total Space | 764.70 Gb Free Space | 82.09% Space Free | Partition Type: NTFS
Drive G: | 111.79 Gb Total Space | 30.50 Gb Free Space | 27.29% Space Free | Partition Type: NTFS

Computer Name: VIDEOPC | User Name: Steve | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiMalware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002
"49152:UDP" = 49152:UDP:*:Enabled:UDP49152
"49153:UDP" = 49153:UDP:*:Enabled:UDP49153
"49154:UDP" = 49154:UDP:*:Enabled:UDP49154
"49155:UDP" = 49155:UDP:*:Enabled:UDP49155
"49156:TCP" = 49156:TCP:*:Enabled:TCP49156
"49158:TCP" = 49158:TCP:*:Enabled:TCP49158
"49159:TCP" = 49159:TCP:*:Enabled:TCP49159
"" =
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"5194:TCP" = 5194:TCP:*:Enabled:Services
"8888:TCP" = 8888:TCP:*:Enabled:Services
"6776:TCP" = 6776:TCP:*:Enabled:Services
"6777:TCP" = 6777:TCP:*:Enabled:Services
"5868:TCP" = 5868:TCP:*:Enabled:Services
"5869:TCP" = 5869:TCP:*:Enabled:Services
"8465:TCP" = 8465:TCP:*:Enabled:Services
"8466:TCP" = 8466:TCP:*:Enabled:Services

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
"1250:TCP" = 1250:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface
"4294:TCP" = 4294:TCP:*:Enabled:Akamai NetSession Interface
"4418:TCP" = 4418:TCP:*:Enabled:Akamai NetSession Interface
"4428:TCP" = 4428:TCP:*:Enabled:Akamai NetSession Interface
"4478:TCP" = 4478:TCP:*:Enabled:Akamai NetSession Interface
"1065:TCP" = 1065:TCP:*:Enabled:Akamai NetSession Interface
"1079:TCP" = 1079:TCP:*:Enabled:Akamai NetSession Interface
"1094:TCP" = 1094:TCP:*:Enabled:Akamai NetSession Interface
"1117:TCP" = 1117:TCP:*:Enabled:Akamai NetSession Interface
"1792:TCP" = 1792:TCP:*:Enabled:Akamai NetSession Interface
"3316:TCP" = 3316:TCP:*:Enabled:Akamai NetSession Interface
"1293:TCP" = 1293:TCP:*:Enabled:Akamai NetSession Interface
"1302:TCP" = 1302:TCP:*:Enabled:Akamai NetSession Interface
"1312:TCP" = 1312:TCP:*:Enabled:Akamai NetSession Interface
"1355:TCP" = 1355:TCP:*:Enabled:Akamai NetSession Interface
"2330:TCP" = 2330:TCP:*:Enabled:Akamai NetSession Interface
"2784:TCP" = 2784:TCP:*:Enabled:Akamai NetSession Interface
"2792:TCP" = 2792:TCP:*:Enabled:Akamai NetSession Interface
"3230:TCP" = 3230:TCP:*:Enabled:Akamai NetSession Interface
"3288:TCP" = 3288:TCP:*:Enabled:Akamai NetSession Interface
"4038:TCP" = 4038:TCP:*:Enabled:Akamai NetSession Interface
"1152:TCP" = 1152:TCP:*:Enabled:Akamai NetSession Interface
"3730:TCP" = 3730:TCP:*:Enabled:Akamai NetSession Interface
"1220:TCP" = 1220:TCP:*:Enabled:Akamai NetSession Interface
"2241:TCP" = 2241:TCP:*:Enabled:Akamai NetSession Interface
"2830:TCP" = 2830:TCP:*:Enabled:Akamai NetSession Interface
"2538:TCP" = 2538:TCP:*:Enabled:Akamai NetSession Interface
"4969:TCP" = 4969:TCP:*:Enabled:Akamai NetSession Interface
"1151:TCP" = 1151:TCP:*:Enabled:Akamai NetSession Interface
"1262:TCP" = 1262:TCP:*:Enabled:Akamai NetSession Interface
"1456:TCP" = 1456:TCP:*:Enabled:Akamai NetSession Interface
"4270:TCP" = 4270:TCP:*:Enabled:Akamai NetSession Interface
"1294:TCP" = 1294:TCP:*:Enabled:Akamai NetSession Interface
"1790:TCP" = 1790:TCP:*:Enabled:Akamai NetSession Interface
"2261:TCP" = 2261:TCP:*:Enabled:Akamai NetSession Interface
"1679:TCP" = 1679:TCP:*:Enabled:Akamai NetSession Interface
"2682:TCP" = 2682:TCP:*:Enabled:Akamai NetSession Interface
"3153:TCP" = 3153:TCP:*:Enabled:Akamai NetSession Interface
"2334:TCP" = 2334:TCP:*:Enabled:Akamai NetSession Interface
"3863:TCP" = 3863:TCP:*:Enabled:Akamai NetSession Interface
"4888:TCP" = 4888:TCP:*:Enabled:Akamai NetSession Interface
"2463:TCP" = 2463:TCP:*:Enabled:Akamai NetSession Interface
"2471:TCP" = 2471:TCP:*:Enabled:Akamai NetSession Interface
"3410:TCP" = 3410:TCP:*:Enabled:Akamai NetSession Interface
"4272:TCP" = 4272:TCP:*:Enabled:Akamai NetSession Interface
"4774:TCP" = 4774:TCP:*:Enabled:Akamai NetSession Interface
"3705:TCP" = 3705:TCP:*:Enabled:Akamai NetSession Interface
"3715:TCP" = 3715:TCP:*:Enabled:Akamai NetSession Interface
"4033:TCP" = 4033:TCP:*:Enabled:Akamai NetSession Interface
"1378:TCP" = 1378:TCP:*:Enabled:Akamai NetSession Interface
"1793:TCP" = 1793:TCP:*:Enabled:Akamai NetSession Interface
"2270:TCP" = 2270:TCP:*:Enabled:Akamai NetSession Interface
"2712:TCP" = 2712:TCP:*:Enabled:Akamai NetSession Interface
"4046:TCP" = 4046:TCP:*:Enabled:Akamai NetSession Interface
"4929:TCP" = 4929:TCP:*:Enabled:Akamai NetSession Interface
"3244:TCP" = 3244:TCP:*:Enabled:Akamai NetSession Interface
"3630:TCP" = 3630:TCP:*:Enabled:Akamai NetSession Interface
"4335:TCP" = 4335:TCP:*:Enabled:Akamai NetSession Interface
"3139:TCP" = 3139:TCP:*:Enabled:Akamai NetSession Interface
"4431:TCP" = 4431:TCP:*:Enabled:Akamai NetSession Interface
"4555:TCP" = 4555:TCP:*:Enabled:Akamai NetSession Interface
"1139:TCP" = 1139:TCP:*:Enabled:Akamai NetSession Interface
"1285:TCP" = 1285:TCP:*:Enabled:Akamai NetSession Interface
"2164:TCP" = 2164:TCP:*:Enabled:Akamai NetSession Interface
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"" =
"139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002
"49152:UDP" = 49152:UDP:*:Enabled:UDP49152
"49153:UDP" = 49153:UDP:*:Enabled:UDP49153
"49154:UDP" = 49154:UDP:*:Enabled:UDP49154
"49155:UDP" = 49155:UDP:*:Enabled:UDP49155
"49156:TCP" = 49156:TCP:*:Enabled:TCP49156
"49158:TCP" = 49158:TCP:*:Enabled:TCP49158
"49159:TCP" = 49159:TCP:*:Enabled:TCP49159
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"5194:TCP" = 5194:TCP:*:Enabled:Services
"8888:TCP" = 8888:TCP:*:Enabled:Services
"6776:TCP" = 6776:TCP:*:Enabled:Services
"6777:TCP" = 6777:TCP:*:Enabled:Services
"5868:TCP" = 5868:TCP:*:Enabled:Services
"5869:TCP" = 5869:TCP:*:Enabled:Services
"8465:TCP" = 8465:TCP:*:Enabled:Services
"8466:TCP" = 8466:TCP:*:Enabled:Services

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\NETGEAR\NETGEAR Digital Entertainer for Windows\sjcmdwiz.exe" = C:\Program Files\NETGEAR\NETGEAR Digital Entertainer for Windows\sjcmdwiz.exe:*:Enabled:NETGEAR Digital Entertainer for Windows -- (NETGEAR, Inc.)
"C:\Program Files\NETGEAR\NETGEAR Digital Entertainer for Windows\receiver.exe" = C:\Program Files\NETGEAR\NETGEAR Digital Entertainer for Windows\receiver.exe:*:Enabled:NETGEAR Digital Entertainer for Windows -- (NETGEAR, Inc.)
"C:\Program Files\NETGEAR\NETGEAR Digital Entertainer for Windows\tagtool.exe" = C:\Program Files\NETGEAR\NETGEAR Digital Entertainer for Windows\tagtool.exe:*:Enabled:NETGEAR Digital Entertainer for Windows -- (NETGEAR, Inc.)
"C:\Program Files\NETGEAR\NETGEAR Digital Entertainer for Windows\sharefolder.exe" = C:\Program Files\NETGEAR\NETGEAR Digital Entertainer for Windows\sharefolder.exe:*:Enabled:NETGEAR Digital Entertainer for Windows -- File not found
"" =
"C:\Program Files\NETGEAR\NETGEAR Digital Entertainer for Windows\ffmpeg.exe" = C:\Program Files\NETGEAR\NETGEAR Digital Entertainer for Windows\ffmpeg.exe:*:Enabled:NETGEAR Digital Entertainer for Windows -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Liquid.6\Program\RM.exe" = C:\Program Files\Liquid.6\Program\RM.exe:*:Enabled:Render Manager -- (Pinnacle Inc.)
"C:\Program Files\Liquid.6\Program\Studiou.mod" = C:\Program Files\Liquid.6\Program\Studiou.mod:*:Enabled:Liquid -- (Pinnacle Systems)
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)
"C:\Program Files\NETGEAR\NETGEAR Digital Entertainer for Windows\receiver.exe" = C:\Program Files\NETGEAR\NETGEAR Digital Entertainer for Windows\receiver.exe:*:Enabled:NETGEAR Digital Entertainer for Windows -- (NETGEAR, Inc.)
"C:\Program Files\NETGEAR\NETGEAR Digital Entertainer for Windows\tagtool.exe" = C:\Program Files\NETGEAR\NETGEAR Digital Entertainer for Windows\tagtool.exe:*:Enabled:NETGEAR Digital Entertainer for Windows -- (NETGEAR, Inc.)
"C:\Program Files\NETGEAR\NETGEAR Digital Entertainer for Windows\sjcmdwiz.exe" = C:\Program Files\NETGEAR\NETGEAR Digital Entertainer for Windows\sjcmdwiz.exe:*:Enabled:NETGEAR Digital Entertainer for Windows -- (NETGEAR, Inc.)
"C:\Program Files\NETGEAR\NETGEAR Digital Entertainer for Windows\ffmpeg.exe" = C:\Program Files\NETGEAR\NETGEAR Digital Entertainer for Windows\ffmpeg.exe:*:Enabled:NETGEAR Digital Entertainer for Windows -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{02C2F0BB-B480-4121-BE86-33B70E53070B}" = Perfect PDF Creator Essentials
"{107254A0-0ADF-11D4-9397-00D0B7020B38}" =
"{1E375369-0831-45BE-BDB7-5070583075CE}" =
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21E2A921-24B3-4A41-AD62-B171DDD3136F}" = Nitro PDF Professional
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{25569723-DC5A-4467-A639-79535BF01B71}" = Adobe Help Center 2.1
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{27B80B13-BCEF-4E99-87AE-22976590B6F2}" =
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{3938850F-423F-4C13-AC64-655387539156}" = TitleDeko
"{3A90BE50-EAA2-012B-AE2D-000000000000}" = TurboTax 2009 wnciper
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{3F241C2B-5D9B-443E-B732-E634EFAD5051}" = Brother HL-2040
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4ED7D297-58F7-45C3-A9BA-A7CD6FA0D373}_is1" = SureThing CD Labeler Deluxe 5
"{52E1698D-8B87-4B79-B609-77C763C3E6D9}" = YouTube Video Converter
"{530AFAFF-6F0A-48BB-88D0-04F9658322D3}" = Adobe Premiere Elements 3.0.2
"{6EACDDF4-4220-49A3-9204-984C86852C3D}" = Adobe Premiere Elements 3.0.2 Templates
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{888D0F50-FF0A-4808-966E-23D63277BF2A}" = Intel(R) Network Connections 12.4.38.0
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{93B8C73B-C8FB-4B60-A22E-1C40AE661AB7}" = CRS Photo Scanner
"{97BBECCF-B1FD-4010-8D4B-EFC9E3CCEECF}" = Driver Whiz
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = iSEEK AnswerWorks English Runtime
"{9E887DDE-2882-43E3-8AAF-127F8198030D}_is1" = Leawo Youtube Downloader Version: 3.1.1.4
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AAF4238F-7C29-451D-9925-C753271A5728}" = Microsoft Visual C++ Run Time Lib Setup
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B36915FC-182C-4A1E-BEEB-8987F3059E02}" =
"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
"{B909D476-A90E-4A8F-B247-8C75A82FA869}" = NETGEAR Digital Entertainer for Windows
"{BE7F66B5-75F8-43BF-A7D4-E4AB2BF481BC}" = Video Blaster Editor
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CCD540BF-511F-4320-8830-FA105D74EA52}" =
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D3A44800-CDD9-4289-90E9-6E42EF8ADDC8}" = CyberPower PowerPanel Personal Edition 1.2.1
"{D4AC70B6-B0B8-4CA6-A4C7-BB8255FC85CA}" =
"{DBFE5FBD-A7D9-4F74-88A1-2B042722F2DB}" = Intel(R) Desktop Control Center
"{EAB4C5E4-44CE-4C6F-88B9-95C6D0920DC6}" =
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0AF91F4-D1ED-490E-8751-997AF2A3FF0D}_is1" = Leawo FLV Converter version 3.0.0.1
"{F0FDF9C9-1DDC-401F-B638-36F1CAE8A875}" = VideoStudio
"{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}" = EPSON Print CD
"1Click DVD Copy 5_is1" = 1Click DVD Copy 5.8.8.9
"1Click DVD Copy Pro_is1" = 1Click DVD Copy Pro 4.1.7.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"ADS Tech V3.6.1 Instant DVD CapWiz" = ADS Tech V3.6.1 Instant DVD CapWiz
"audcle" = Plus! MP3 Audio Converter LE
"Audio Converter" = Audio Converter
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVS Image Converter_is1" = AVS Image Converter 1.1.3.71
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"CCleaner" = CCleaner
"CD Trustee" = CD Trustee
"DVD43_is1" = DVD43 v4.6.0
"EPSON Printer and Utilities" = EPSON Printer Software
"Flash DVD Ripper" = Flash DVD Ripper
"Flickr Uploadr" = Flickr Uploadr 3.2.1
"Free FLV Converter_is1" = Free FLV Converter V 6.93.0
"Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16
"Hollywood FX for Edition" = Pinnacle Hollywood FX for Edition
"InstallShield_{F0FDF9C9-1DDC-401F-B638-36F1CAE8A875}" = Corel VideoStudio 12
"JPEG Lossless Rotator_is1" = JPEG Lossless Rotator 6.6
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.12)" = Mozilla Firefox (3.5.12)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"NVIDIA Drivers" = NVIDIA Drivers
"Pinnacle Liquid" = Pinnacle Liquid
"Pixillion" = Pixillion Image Converter
"PremElem30" = Adobe Premiere Elements 3.0.2
"Prism" = Prism Video Converter
"QuickTime" = QuickTime
"ReaConverter 5.5 Pro_is1" = ReaConverter 5.5 Pro
"Switch" = Switch Sound File Converter
"SysInfo" = Creative System Information
"Total Image Converter_is1" = TotalImageConverter
"TurboTax 2009" = TurboTax 2009
"Wacom Tablet Driver" = Wacom Tablet Driver
"Walmart MP3 Music Downloads" = Walmart MP3 Music Downloads
"WavePad" = WavePad Sound Editor
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 2
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xilisoft YouTube Video Converter" = Xilisoft YouTube Video Converter

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/5/2010 12:59:51 PM | Computer Name = VIDEOPC | Source = COM+ | ID = 135894
Description = A condition has occurred that indicates this COM+ application is in
an unstable state or is not functioning correctly. Assertion Failure: SUCCEEDED(hr)

Server
Application ID: {02D4B3F1-FD88-11D1-960D-00805FC79235} Server Application Instance
ID: {73D9A39C-A8E6-453F-BDED-76B64E627D60} Server Application Name: System Application
The
serious nature of this error has caused the process to terminate. Error Code = 0x8000ffff
: Catastrophic failure COM+ Services Internals Information: File: d:\qxp_slp\com\com1x\src\comsvcs\tracker\trksvr\trksvrimpl.cpp,
Line: 3000 Comsvcs.dll file version: ENU 2001.12.4414.258 s

Error - 12/5/2010 12:59:55 PM | Computer Name = VIDEOPC | Source = COM+ | ID = 135894
Description = A condition has occurred that indicates this COM+ application is in
an unstable state or is not functioning correctly. Assertion Failure: SUCCEEDED(hr)

Server
Application ID: {02D4B3F1-FD88-11D1-960D-00805FC79235} Server Application Instance
ID: {AD0D64FF-00E2-4B5B-92A3-C7C85472AE59} Server Application Name: System Application
The
serious nature of this error has caused the process to terminate. Error Code = 0x8000ffff
: Catastrophic failure COM+ Services Internals Information: File: d:\qxp_slp\com\com1x\src\comsvcs\tracker\trksvr\trksvrimpl.cpp,
Line: 3000 Comsvcs.dll file version: ENU 2001.12.4414.258 s

Error - 12/5/2010 1:00:43 PM | Computer Name = VIDEOPC | Source = COM+ | ID = 135894
Description = A condition has occurred that indicates this COM+ application is in
an unstable state or is not functioning correctly. Assertion Failure: SUCCEEDED(hr)

Server
Application ID: {02D4B3F1-FD88-11D1-960D-00805FC79235} Server Application Instance
ID: {F3C7D85D-8E18-4139-BD55-E26A8C985231} Server Application Name: System Application
The
serious nature of this error has caused the process to terminate. Error Code = 0x8000ffff
: Catastrophic failure COM+ Services Internals Information: File: d:\qxp_slp\com\com1x\src\comsvcs\tracker\trksvr\trksvrimpl.cpp,
Line: 3000 Comsvcs.dll file version: ENU 2001.12.4414.258 s

Error - 12/5/2010 1:00:44 PM | Computer Name = VIDEOPC | Source = COM+ | ID = 135761
Description = The run-time environment has detected an inconsistency in its internal
state. This indicates a potential instability in the process that could be caused
by the custom components running in the COM+ application, the components they make
use of, or other factors. Error in d:\qxp_slp\com\com1x\src\comsvcs\package\cpackage.cpp(1184),
hr = 80080005: InitEventCollector fail

Error - 12/5/2010 1:00:44 PM | Computer Name = VIDEOPC | Source = VSS | ID = 12292
Description = Volume Shadow Copy Service error: Error creating the Shadow Copy Provider
COM class with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80080005].

Error - 12/5/2010 1:00:45 PM | Computer Name = VIDEOPC | Source = COM+ | ID = 135894
Description = A condition has occurred that indicates this COM+ application is in
an unstable state or is not functioning correctly. Assertion Failure: SUCCEEDED(hr)

Server
Application ID: {02D4B3F1-FD88-11D1-960D-00805FC79235} Server Application Instance
ID: {4723A603-1F32-4049-9C5E-05CDB0E5C107} Server Application Name: System Application
The
serious nature of this error has caused the process to terminate. Error Code = 0x8000ffff
: Catastrophic failure COM+ Services Internals Information: File: d:\qxp_slp\com\com1x\src\comsvcs\tracker\trksvr\trksvrimpl.cpp,
Line: 3000 Comsvcs.dll file version: ENU 2001.12.4414.258 s

Error - 12/5/2010 1:00:50 PM | Computer Name = VIDEOPC | Source = COM+ | ID = 135894
Description = A condition has occurred that indicates this COM+ application is in
an unstable state or is not functioning correctly. Assertion Failure: SUCCEEDED(hr)

Server
Application ID: {02D4B3F1-FD88-11D1-960D-00805FC79235} Server Application Instance
ID: {6290DDDF-990D-4E76-88FA-51C2799FBDC9} Server Application Name: System Application
The
serious nature of this error has caused the process to terminate. Error Code = 0x8000ffff
: Catastrophic failure COM+ Services Internals Information: File: d:\qxp_slp\com\com1x\src\comsvcs\tracker\trksvr\trksvrimpl.cpp,
Line: 3000 Comsvcs.dll file version: ENU 2001.12.4414.258 s

Error - 12/7/2010 9:57:14 AM | Computer Name = VIDEOPC | Source = ESENT | ID = 490
Description = svchost (1124) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 12/7/2010 6:50:23 PM | Computer Name = VIDEOPC | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting
module unknown, version 0.0.0.0, fault address 0x4003d0a8.

Error - 12/7/2010 9:26:08 PM | Computer Name = VIDEOPC | Source = Application Hang | ID = 1002
Description = Hanging application OUTLOOK.EXE, version 11.0.5510.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 12/7/2010 9:58:19 PM | Computer Name = VIDEOPC | Source = Service Control Manager | ID = 7000
Description = The ADS Instant DVD 2.0 service failed to start due to the following
error: %%1058

Error - 12/7/2010 10:07:17 PM | Computer Name = VIDEOPC | Source = Service Control Manager | ID = 7031
Description = The Windows Media Player Network Sharing Service service terminated
unexpectedly. It has done this 1 time(s). The following corrective action will
be taken in 30000 milliseconds: Restart the service.

Error - 12/7/2010 10:07:48 PM | Computer Name = VIDEOPC | Source = WMPNetworkSvc | ID = 866312
Description = A new media server was not initialized because WMCreateDeviceRegistration()
encountered error '0xc00d2711'. The Windows Media DRM components on your computer
might be corrupted. Verify that protected files play correctly in Windows Media
Player, and then restart the WMPNetworkSvc service.

Error - 12/7/2010 10:07:50 PM | Computer Name = VIDEOPC | Source = WMPNetworkSvc | ID = 866312
Description = A new media server was not initialized because WMCreateDeviceRegistration()
encountered error '0xc00d2711'. The Windows Media DRM components on your computer
might be corrupted. Verify that protected files play correctly in Windows Media
Player, and then restart the WMPNetworkSvc service.

Error - 12/7/2010 10:08:16 PM | Computer Name = VIDEOPC | Source = Service Control Manager | ID = 7034
Description = The PowerPanel Personal Edition Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 12/7/2010 10:08:18 PM | Computer Name = VIDEOPC | Source = Service Control Manager | ID = 7031
Description = The Windows Media Player Network Sharing Service service terminated
unexpectedly. It has done this 1 time(s). The following corrective action will
be taken in 30000 milliseconds: Restart the service.

Error - 12/7/2010 10:12:58 PM | Computer Name = VIDEOPC | Source = Service Control Manager | ID = 7031
Description = The Windows Media Player Network Sharing Service service terminated
unexpectedly. It has done this 1 time(s). The following corrective action will
be taken in 30000 milliseconds: Restart the service.

Error - 12/7/2010 10:36:47 PM | Computer Name = VIDEOPC | Source = Service Control Manager | ID = 7031
Description = The Windows Media Player Network Sharing Service service terminated
unexpectedly. It has done this 1 time(s). The following corrective action will
be taken in 30000 milliseconds: Restart the service.

Error - 12/7/2010 10:37:48 PM | Computer Name = VIDEOPC | Source = Service Control Manager | ID = 7031
Description = The Windows Media Player Network Sharing Service service terminated
unexpectedly. It has done this 1 time(s). The following corrective action will
be taken in 30000 milliseconds: Restart the service.

Error - 12/7/2010 10:40:54 PM | Computer Name = VIDEOPC | Source = Service Control Manager | ID = 7031
Description = The Windows Media Player Network Sharing Service service terminated
unexpectedly. It has done this 1 time(s). The following corrective action will
be taken in 30000 milliseconds: Restart the service.


< End of report >
 
OTL too long ..... had to split across 2 replies

Steve

OTL logfile created on: 12/7/2010 10:14:07 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Steve\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 84.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 1024 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76.68 Gb Total Space | 24.60 Gb Free Space | 32.08% Space Free | Partition Type: NTFS
Drive D: | 931.51 Gb Total Space | 764.70 Gb Free Space | 82.09% Space Free | Partition Type: NTFS
Drive G: | 111.79 Gb Total Space | 30.50 Gb Free Space | 27.29% Space Free | Partition Type: NTFS

Computer Name: VIDEOPC | User Name: Steve | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/07 22:13:40 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Steve\Desktop\OTL.exe
PRC - [2010/08/02 16:10:00 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/08/02 16:09:55 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/08/02 16:09:55 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/07/09 11:40:24 | 000,065,856 | ---- | M] (Nalpeiron Ltd.) -- C:\WINDOWS\system32\NLSSRV32.EXE
PRC - [2010/07/09 11:40:14 | 000,196,928 | ---- | M] (Nitro PDF Software) -- C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe
PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/10/23 19:34:36 | 000,827,904 | ---- | M] () -- C:\Program Files\dvd43\DVD43_Tray.exe
PRC - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2009/04/29 12:22:16 | 003,498,712 | ---- | M] (NETGEAR, Inc.) -- C:\Program Files\NETGEAR\NETGEAR Digital Entertainer for Windows\receiver.exe
PRC - [2008/06/09 10:37:44 | 000,053,392 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2004/08/04 00:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003/12/04 17:00:34 | 000,634,880 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Tablet.exe
PRC - [2003/12/04 16:48:40 | 000,077,824 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\WTablet\TabUserW.exe
PRC - [2003/07/08 02:00:00 | 000,099,840 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S4I2H1.EXE


========== Modules (SafeList) ==========

MOD - [2010/12/07 22:13:40 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Steve\Desktop\OTL.exe
MOD - [2010/09/24 10:16:18 | 000,272,976 | ---- | M] (CA) -- C:\WINDOWS\system32\UmxSbxw.dll
MOD - [2010/09/24 10:16:18 | 000,113,232 | ---- | M] (CA) -- C:\WINDOWS\system32\UmxSbxExw.dll
MOD - [2004/08/04 00:57:02 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
MOD - [2003/12/04 16:46:46 | 000,044,544 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\TabHook.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/08/02 16:10:00 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/08/02 16:09:55 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/07/09 11:40:24 | 000,065,856 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\WINDOWS\system32\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2010/07/09 11:40:14 | 000,196,928 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe -- (NitroDriverReadSpool)
SRV - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2008/06/09 10:37:44 | 000,053,392 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2008/02/05 11:35:18 | 000,872,448 | ---- | M] () [Auto | Stopped] -- C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe -- (ppped)
SRV - [2007/11/30 11:27:22 | 000,558,592 | ---- | M] (ReaSoft) [On_Demand | Stopped] -- C:\Program Files\ReaConverter 5.5 Pro\rcp_scheduler.exe -- (rcp_service)
SRV - [2007/05/08 15:30:48 | 000,323,584 | ---- | M] (soft Xpansion) [On_Demand | Stopped] -- C:\Program Files\Common Files\WPE\wpeserv.exe -- (WPEServ)
SRV - [2003/12/04 17:00:34 | 000,634,880 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\WINDOWS\system32\Tablet.exe -- (TabletService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\MidiSyn.sys -- (MidiSyn)
DRV - File not found [Kernel | On_Demand | Running] -- C:\DOCUME~1\Steve\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/12/06 12:49:44 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/08/02 16:10:08 | 000,126,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/06/17 15:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/17 15:27:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/12/13 22:56:59 | 000,018,816 | ---- | M] (RIF) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dvd43llh.sys -- (dvd43llh)
DRV - [2009/09/16 09:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/04/29 12:22:08 | 000,022,600 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\imvad.sys -- (imvad_multi)
DRV - [2008/10/07 00:33:00 | 006,133,856 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008/01/28 08:53:00 | 000,580,992 | ---- | M] (Omnivision Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ov550i.sys -- (APL531)
DRV - [2006/11/21 02:50:02 | 000,104,448 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sbusbav.sys -- (SBUSBAV)
DRV - [2006/11/10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/10/12 13:57:00 | 000,021,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\intelsmb.sys -- (smbusp) Intel(R)
DRV - [2004/08/28 12:54:38 | 000,033,995 | ---- | M] (Sonic Focus, Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sf.sys -- (sf)
DRV - [2004/04/26 09:49:56 | 000,381,056 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/03/10 15:27:18 | 000,011,264 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\asapiW2k.sys -- (ASAPIW2k)
DRV - [2003/09/17 08:06:00 | 000,036,484 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SMBios.sys -- (SMBios) Intel (R)
DRV - [2003/04/14 19:42:32 | 000,034,792 | ---- | M] (cypress semiconductor) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\dvr2ins.sys -- (DVR2INS)
DRV - [2001/04/09 12:45:00 | 000,008,138 | ---- | M] (Wacom Technology Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PenClass.sys -- (PenClass)
DRV - [2000/07/24 01:01:00 | 000,019,537 | ---- | M] (Brother Industries Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\BrPar.sys -- (BrPar)
DRV - [1998/11/27 15:57:18 | 000,006,144 | ---- | M] (Erik Salaj) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\IOPORT.SYS -- (IOPort)


========== Standard Registry (SafeList) ==========
 
========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=867034"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.6.5
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=867034&p="

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/25 07:26:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/04 09:37:24 | 000,000,000 | ---D | M]

[2009/02/19 23:38:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Mozilla\Extensions
[2010/12/06 22:23:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\18konbno.default\extensions
[2009/12/07 10:02:06 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\18konbno.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/12/06 22:23:20 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/12/05 09:42:22 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [dvd43] C:\Program Files\dvd43\DVD43_Tray.exe ()
O4 - HKLM..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [Ovt Wia] C:\WINDOWS\OV550EM.exe (OmniVision Technologies, Inc)
O4 - HKLM..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe ()
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [UVS12 Preload] C:\Program Files\Corel\Corel VideoStudio 12\uvPL.exe (Corel TW Corp.)
O4 - HKCU..\Run: [NETGEARDigitalEntertainer] C:\Program Files\NETGEAR\NETGEAR Digital Entertainer for Windows\receiver.exe (NETGEAR, Inc.)
O4 - HKCU..\Run: [PowerPanel Personal Edition User Interaction] C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe ()
O4 - HKCU..\Run: [scheduler_monitor] C:\Program Files\ReaConverter 5.5 Pro\init_scheduler.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe (Wacom Technology, Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Download with Xilisoft YouTube Video Converter - C:\Program Files\Xilisoft\YouTube Video Converter\upod_link.HTM ()
O9 - Extra Button: Send to 'Perfect PDF Creator Essentials' - {722FE9B2-6895-42D9-9984-F4CB26616023} - C:\Program Files\Cosmi\Perfect PDF Creator Essentials\pdfshell.dll (soft Xpansion)
O9 - Extra 'Tools' menuitem : Send to 'Perfect PDF Creator Essentials' - {722FE9B2-6895-42D9-9984-F4CB26616023} - C:\Program Files\Cosmi\Perfect PDF Creator Essentials\pdfshell.dll (soft Xpansion)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft.com/fwlink/?linkid=58813 (Office Genuine Advantage Validation Tool)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab (DLM Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1235405046781 (WUWebControl Class)
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} file://C:\Documents and Settings\Steve\Local Settings\Temp\EI40_5\msxml4.cab (XML DOM Document 4.0)
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} http://picture.vzw.com/activex/VerizonWirelessUploadControl.cab (Verizon Wireless Media Upload)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 97.64.180.150 97.64.168.13
O20 - AppInit_DLLs: (C:\WINDOWS\system32\UmxSbxExw.dll) - C:\WINDOWS\system32\UmxSbxExw.dll (CA)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/01/01 00:19:19 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.dvacm - C:\Program Files\Common Files\Ulead Systems\VIO\DVACM.acm (Corel TW Corp.)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.MPEGacm - C:\Program Files\Common Files\Ulead Systems\MPEG\MPEGACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.ulmp3acm - C:\Program Files\Common Files\Ulead Systems\MPEG\ulmp3acm.acm (Ulead systems)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FPS1 - C:\WINDOWS\System32\frapsvid.dll (Beepa P/L)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.WMV3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17746478449557504)

========== Files/Folders - Created Within 30 Days ==========

[2010/12/07 22:11:41 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Steve\Desktop\OTL.exe
[2010/12/07 21:36:49 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010/12/06 22:44:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\Desktop\NTBR_CD
[2010/12/05 13:05:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\Application Data\Malwarebytes
[2010/12/05 13:05:36 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/12/05 13:05:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/12/05 13:05:27 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/12/05 13:05:27 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/12/05 12:38:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/12/05 11:07:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\Application Data\Avira
[2010/12/05 11:05:58 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2010/12/05 11:05:56 | 000,126,856 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010/12/05 11:05:56 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010/12/05 11:05:56 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2010/12/05 11:05:56 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2010/12/05 11:05:55 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/12/05 11:05:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2010/12/05 09:36:03 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/12/05 09:34:33 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/12/05 09:34:33 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/12/05 09:34:33 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/12/05 09:34:33 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/12/05 09:34:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/12/04 16:27:26 | 000,000,000 | ---D | C] -- C:\Program Files\Free WMA to MP3 Converter
[2010/12/04 08:55:33 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Steve\Recent
[2010/12/04 08:52:58 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/12/04 08:43:33 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/12/04 08:21:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FrontLine Registry Cleaner
[2010/12/04 08:21:16 | 000,000,000 | ---D | C] -- C:\Program Files\Frontline Registry Cleaner
[2010/12/03 17:07:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2010/12/03 01:23:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2010/12/03 01:23:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2010/12/03 01:23:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2010/12/02 23:58:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\Desktop\celtic woman
[2010/12/02 23:50:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\Application Data\Moyea
[2010/12/02 23:50:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\Application Data\Leawo
[2010/12/02 23:50:27 | 000,606,208 | ---- | C] (http://www.xvid.org) -- C:\WINDOWS\System32\xvidcore.dll
[2010/12/02 23:47:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\My Documents\Leawo
[2010/12/02 23:47:09 | 000,000,000 | ---D | C] -- C:\Program Files\Leawo
[2010/12/02 23:47:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Leawo
[2010/12/02 23:39:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\My Documents\Cucusoft
[2010/12/02 23:39:03 | 000,258,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\unicows.dll
[2010/12/02 23:39:03 | 000,060,273 | ---- | C] (Open Source Software community project) -- C:\WINDOWS\System32\pthreadGC2.dll
[2010/12/02 23:35:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\My Documents\OJOsoft Corporation
[2010/12/02 23:23:47 | 000,000,000 | ---D | C] -- C:\myyoutube
[2010/12/02 23:09:04 | 000,000,000 | ---D | C] -- C:\Program Files\You Tube Video Converter
[2010/12/02 22:58:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\My Documents\Xilisoft Corporation
[2010/12/02 22:58:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\Application Data\Xilisoft Corporation
[2010/12/02 22:58:15 | 000,000,000 | ---D | C] -- C:\Program Files\Xilisoft
[2010/12/02 22:48:26 | 000,000,000 | ---D | C] -- C:\Program Files\1-Click YouTube Downloader
[2010/12/02 22:39:09 | 000,000,000 | ---D | C] -- C:\Program Files\FoxTabFlvConverter
[2010/12/02 22:17:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2010/12/01 23:21:54 | 000,000,000 | ---D | C] -- C:\New Folder (2)
[2010/12/01 23:21:53 | 000,000,000 | ---D | C] -- C:\New Folder
[2010/11/29 19:29:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CA-SupportBridge
[2010/11/28 08:34:10 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2009/01/15 17:50:59 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Steve\Application Data\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2010/12/07 22:13:40 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Steve\Desktop\OTL.exe
[2010/12/07 22:06:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-1647877149-725345543-1003UA.job
[2010/12/07 20:58:06 | 000,000,251 | ---- | M] () -- C:\WINDOWS\System32\tablet.dat
[2010/12/07 20:57:53 | 000,194,404 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/12/07 20:57:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/12/07 20:57:43 | 3218,919,424 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/07 20:32:29 | 000,000,660 | ---- | M] () -- C:\Documents and Settings\Steve\Desktop\ComboFix.lnk
[2010/12/07 17:40:55 | 000,071,680 | ---- | M] () -- C:\Documents and Settings\Steve\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/07 17:40:55 | 000,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/12/07 13:06:01 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-1647877149-725345543-1003Core.job
[2010/12/06 22:53:33 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/12/06 22:43:15 | 002,565,432 | ---- | M] () -- C:\Documents and Settings\Steve\Desktop\NTBR_CD.exe
[2010/12/06 12:49:44 | 000,061,960 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010/12/06 09:35:49 | 000,000,109 | ---- | M] () -- C:\Documents and Settings\Steve\Desktop\Techspot.url
[2010/12/05 13:05:36 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/05 11:06:12 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010/12/05 10:37:40 | 000,009,662 | ---- | M] () -- C:\WINDOWS\EPISME00.SWB
[2010/12/05 09:42:22 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/12/05 09:36:10 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010/12/04 16:27:27 | 000,000,760 | ---- | M] () -- C:\Documents and Settings\Steve\Desktop\Jodix Free WMA to MP3 Converter.lnk
[2010/12/04 16:21:54 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\wavepadShakeIcon.job
[2010/12/04 16:21:53 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\wavepadDowngrade.job
[2010/12/04 09:29:30 | 000,127,416 | ---- | M] () -- C:\Documents and Settings\Steve\My Documents\cc_20101204_092847.reg
[2010/12/04 08:52:58 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2010/12/03 22:40:40 | 000,013,824 | ---- | M] () -- C:\Documents and Settings\Steve\My Documents\investment tracking.xls
[2010/12/03 17:18:05 | 000,000,089 | ---- | M] () -- C:\WINDOWS\ULead32.ini
[2010/12/03 01:27:10 | 000,000,799 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Liquid 6.lnk
[2010/12/02 23:50:28 | 000,000,747 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Leawo FLV Converter.lnk
[2010/12/02 23:47:14 | 000,000,862 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Leawo Youtube Downloader.lnk
[2010/12/02 23:09:08 | 000,001,758 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\YouTube Video Converter V2.21.lnk
[2010/12/02 23:07:43 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\Steve\Desktop\Google Chrome.lnk
[2010/12/02 23:07:43 | 000,002,262 | ---- | M] () -- C:\Documents and Settings\Steve\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/12/02 22:58:18 | 000,001,034 | ---- | M] () -- C:\Documents and Settings\Steve\Application Data\Microsoft\Internet Explorer\Quick Launch\Xilisoft YouTube Video Converter.lnk
[2010/12/02 22:58:18 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\Steve\Desktop\Xilisoft FLV Player.lnk
[2010/12/02 22:39:15 | 000,001,163 | ---- | M] () -- C:\Documents and Settings\Steve\Desktop\Continue FoxTab FLV Converter Installation.lnk
[2010/12/02 22:39:11 | 000,000,774 | ---- | M] () -- C:\Documents and Settings\Steve\Desktop\FoxTab FLV Converter.lnk
[2010/12/01 23:30:20 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Steve\Desktop\Free FLV Converter.lnk
[2010/12/01 23:25:55 | 000,001,130 | ---- | M] () -- C:\Documents and Settings\Steve\Desktop\Internet Video Converter HD 3.00 EN.lnk
[2010/12/01 23:17:18 | 000,001,034 | ---- | M] () -- C:\Documents and Settings\Steve\Desktop\Internet Video Converter 1.53 en.lnk
[2010/12/01 23:05:55 | 000,000,098 | ---- | M] () -- C:\Documents and Settings\Steve\Application Data\MPUI.ini
[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/11/23 21:44:47 | 000,851,773 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k1
[2010/11/23 21:44:47 | 000,086,524 | ---- | M] () -- C:\WINDOWS\System32\drivers\KmxAgent.asc
[2010/11/23 21:44:47 | 000,010,421 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k0
[2010/11/23 21:44:47 | 000,000,293 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k2
[2010/11/23 21:44:47 | 000,000,241 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k2
[2010/11/23 21:44:47 | 000,000,241 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k1
[2010/11/23 21:44:47 | 000,000,241 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k0
[2010/11/23 21:44:47 | 000,000,085 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k7
[2010/11/23 21:44:47 | 000,000,085 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k6
[2010/11/23 21:44:47 | 000,000,085 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k5
[2010/11/23 21:44:47 | 000,000,085 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k4
[2010/11/23 21:44:47 | 000,000,085 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k3
[2010/11/23 21:44:47 | 000,000,049 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k7
[2010/11/23 21:44:47 | 000,000,049 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k6
[2010/11/23 21:44:47 | 000,000,049 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k5
[2010/11/23 21:44:47 | 000,000,049 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k4
[2010/11/23 21:44:47 | 000,000,049 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k3
[2010/11/15 08:50:40 | 000,016,896 | ---- | M] () -- C:\Documents and Settings\Steve\My Documents\Bookscreen room costs.xls
[2010/11/10 11:45:22 | 000,029,184 | ---- | M] () -- C:\Documents and Settings\Steve\My Documents\job search.xls
[2010/11/09 07:05:54 | 000,029,184 | ---- | M] () -- C:\Documents and Settings\Steve\My Documents\job search.doc
[2010/11/08 18:33:50 | 000,435,260 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/08 18:33:50 | 000,068,156 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/08 01:20:24 | 000,089,088 | ---- | M] () -- C:\WINDOWS\MBR.exe
[2010/11/07 23:59:45 | 000,128,336 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\isafeif.dll
[2010/11/07 23:59:45 | 000,095,568 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\vetredir.dll

========== Files Created - No Company Name ==========

[2010/12/07 20:31:32 | 000,000,660 | ---- | C] () -- C:\Documents and Settings\Steve\Desktop\ComboFix.lnk
[2010/12/06 22:43:09 | 002,565,432 | ---- | C] () -- C:\Documents and Settings\Steve\Desktop\NTBR_CD.exe
[2010/12/06 09:35:35 | 000,000,109 | ---- | C] () -- C:\Documents and Settings\Steve\Desktop\Techspot.url
[2010/12/05 13:05:36 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/05 11:06:12 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010/12/05 09:36:10 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/12/05 09:36:06 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/12/05 09:34:33 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/12/05 09:34:33 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/12/05 09:34:33 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/12/05 09:34:33 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/12/05 09:34:33 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/12/05 09:17:10 | 3218,919,424 | -HS- | C] () -- C:\hiberfil.sys
[2010/12/04 16:27:27 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\Steve\Desktop\Jodix Free WMA to MP3 Converter.lnk
[2010/12/04 09:28:51 | 000,127,416 | ---- | C] () -- C:\Documents and Settings\Steve\My Documents\cc_20101204_092847.reg
[2010/12/04 08:52:58 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2010/12/03 22:40:39 | 000,013,824 | ---- | C] () -- C:\Documents and Settings\Steve\My Documents\investment tracking.xls
[2010/12/02 23:50:33 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/12/02 23:50:28 | 000,000,747 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Leawo FLV Converter.lnk
[2010/12/02 23:47:14 | 000,000,862 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Leawo Youtube Downloader.lnk
[2010/12/02 23:39:03 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/12/02 23:39:03 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\ff_acm.acm
[2010/12/02 23:09:08 | 000,001,758 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\YouTube Video Converter V2.21.lnk
[2010/12/02 22:58:18 | 000,001,034 | ---- | C] () -- C:\Documents and Settings\Steve\Application Data\Microsoft\Internet Explorer\Quick Launch\Xilisoft YouTube Video Converter.lnk
[2010/12/02 22:58:18 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\Steve\Desktop\Xilisoft FLV Player.lnk
[2010/12/02 22:39:15 | 000,001,163 | ---- | C] () -- C:\Documents and Settings\Steve\Desktop\Continue FoxTab FLV Converter Installation.lnk
[2010/12/02 22:39:11 | 000,000,774 | ---- | C] () -- C:\Documents and Settings\Steve\Desktop\FoxTab FLV Converter.lnk
[2010/12/01 23:25:55 | 000,001,130 | ---- | C] () -- C:\Documents and Settings\Steve\Desktop\Internet Video Converter HD 3.00 EN.lnk
[2010/12/01 23:17:18 | 000,001,034 | ---- | C] () -- C:\Documents and Settings\Steve\Desktop\Internet Video Converter 1.53 en.lnk
[2010/11/27 09:33:52 | 000,009,662 | ---- | C] () -- C:\WINDOWS\EPISME00.SWB
[2010/11/09 20:41:58 | 000,029,184 | ---- | C] () -- C:\Documents and Settings\Steve\My Documents\job search.xls
[2010/11/09 06:58:12 | 000,029,184 | ---- | C] () -- C:\Documents and Settings\Steve\My Documents\job search.doc
[2010/11/08 18:28:57 | 000,000,241 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k2
[2010/11/08 18:28:57 | 000,000,241 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k1
[2010/11/08 18:28:57 | 000,000,049 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k7
[2010/11/08 18:28:57 | 000,000,049 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k6
[2010/11/08 18:28:57 | 000,000,049 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k5
[2010/11/08 18:28:57 | 000,000,049 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k4
[2010/11/08 18:28:57 | 000,000,049 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k3
[2010/11/08 18:28:56 | 000,851,773 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k1
[2010/11/08 18:28:56 | 000,086,524 | ---- | C] () -- C:\WINDOWS\System32\drivers\KmxAgent.asc
[2010/11/08 18:28:56 | 000,010,421 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k0
[2010/11/08 18:28:56 | 000,000,293 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k2
[2010/11/08 18:28:56 | 000,000,241 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k0
[2010/11/08 18:28:56 | 000,000,085 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k7
[2010/11/08 18:28:56 | 000,000,085 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k6
[2010/11/08 18:28:56 | 000,000,085 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k5
[2010/11/08 18:28:56 | 000,000,085 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k4
[2010/11/08 18:28:56 | 000,000,085 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k3
[2010/04/03 20:06:18 | 001,513,232 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/01/03 15:39:52 | 000,000,098 | ---- | C] () -- C:\Documents and Settings\Steve\Application Data\MPUI.ini
[2009/09/16 16:27:58 | 000,508,224 | ---- | C] () -- C:\WINDOWS\System32\ICCProfiles.dll
[2009/08/25 22:54:42 | 000,000,047 | ---- | C] () -- C:\WINDOWS\DVDCreate.INI
[2009/08/17 07:42:00 | 000,001,365 | ---- | C] () -- C:\WINDOWS\VFO.INI
[2009/08/17 07:41:21 | 000,194,248 | ---- | C] () -- C:\WINDOWS\System32\LTRFD13n.DLL
[2009/08/15 13:15:29 | 000,000,089 | ---- | C] () -- C:\WINDOWS\ULead32.ini
[2009/02/18 20:37:15 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2009/02/12 08:57:08 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/01/15 18:09:52 | 000,196,096 | ---- | C] () -- C:\WINDOWS\System32\macd32.dll
[2009/01/15 18:09:52 | 000,138,752 | ---- | C] () -- C:\WINDOWS\System32\mase32.dll
[2009/01/15 18:09:52 | 000,136,192 | ---- | C] () -- C:\WINDOWS\System32\mamc32.dll
[2009/01/15 18:09:52 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\masd32.dll
[2009/01/15 18:09:52 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\ma32.dll
[2009/01/15 17:51:05 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\Steve\Application Data\pcouffin.log
[2009/01/15 17:50:59 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Steve\Application Data\pcouffin.cat
[2009/01/15 17:50:59 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Steve\Application Data\pcouffin.inf
[2009/01/15 17:26:20 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/15 17:03:10 | 000,000,145 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI
[2009/01/15 17:03:10 | 000,000,040 | ---- | C] () -- C:\WINDOWS\BRDIAG.INI
[2009/01/15 17:03:10 | 000,000,023 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2009/01/15 17:03:01 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\BROSNMP.DLL
[2009/01/15 17:03:01 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC32.DLL
[2009/01/15 17:03:01 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC16.DLL
[2009/01/15 17:03:00 | 000,008,975 | ---- | C] () -- C:\WINDOWS\HL-2040.INI
[2009/01/15 17:02:42 | 000,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009/01/15 16:55:01 | 000,000,066 | ---- | C] () -- C:\WINDOWS\ESPR200.ini
[2009/01/15 16:14:51 | 000,209,040 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2009/01/15 16:14:51 | 000,204,944 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2009/01/15 16:14:51 | 000,196,752 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2009/01/15 16:14:51 | 000,196,752 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2009/01/15 16:14:51 | 000,192,656 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2009/01/15 16:14:51 | 000,024,720 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2009/01/15 15:39:44 | 000,071,680 | ---- | C] () -- C:\Documents and Settings\Steve\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/15 14:52:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ATIMMC.INI
[2009/01/15 14:33:29 | 000,000,058 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
[2009/01/15 14:21:03 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TabUnst.dll
[2009/01/15 14:21:03 | 000,015,744 | ---- | C] () -- C:\WINDOWS\System32\wintab.dll
[2009/01/15 14:20:12 | 000,013,408 | ---- | C] () -- C:\WINDOWS\System32\tabinst.dll
[2009/01/15 14:20:12 | 000,004,032 | ---- | C] () -- C:\WINDOWS\System32\tabins16.dll
[2009/01/15 11:16:48 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/01/15 10:46:27 | 000,001,318 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2009/01/15 10:46:27 | 000,000,020 | ---- | C] () -- C:\WINDOWS\calera.ini
[2009/01/15 10:46:21 | 000,269,312 | ---- | C] () -- C:\WINDOWS\System32\FPXIG.DLL
[2009/01/15 10:46:21 | 000,068,096 | ---- | C] () -- C:\WINDOWS\System32\IGFPX32P.DLL
[2009/01/15 10:46:21 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\JPEGACC.DLL
[2009/01/15 10:45:59 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\WELSOF32.DLL
[2009/01/14 19:56:24 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2009/01/14 13:19:18 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/05/16 13:01:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/02/04 18:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/07/23 10:40:54 | 000,000,051 | ---- | C] () -- C:\Documents and Settings\Steve\Local Settings\Application Data\setup.txt
[2006/09/24 13:37:00 | 000,169,472 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2004/03/18 07:44:29 | 001,663,068 | ---- | C] () -- C:\WINDOWS\System32\libmmd.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/01/01 00:36:58 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2002/01/01 00:36:57 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2002/01/01 00:36:56 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2002/01/01 00:36:55 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2001/08/23 07:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/08/16 19:53:03 | 000,000,000 | ---- | M] () -- C:\17_0_53_3.log
[2010/08/16 20:25:13 | 000,000,660 | ---- | M] () -- C:\298061e9_0_14.alp
[2010/08/16 20:25:13 | 001,680,000 | ---- | M] () -- C:\298061e9_0_14.DIF
[2010/07/31 13:11:01 | 000,000,000 | ---- | M] () -- C:\31_18_11_1.log
[2010/08/16 20:25:12 | 000,002,676 | ---- | M] () -- C:\7d60e137_0_90.alp
[2010/08/16 20:25:12 | 010,800,128 | ---- | M] () -- C:\7d60e137_0_90.DIF
[2010/08/16 20:25:15 | 000,084,720 | ---- | M] () -- C:\86805d2a_0_29.alp
[2010/08/16 20:25:15 | 003,360,256 | ---- | M] () -- C:\86805d2a_0_29.DIF
[2010/07/07 19:29:34 | 000,000,038 | ---- | M] () -- C:\8_0_29_33.log
[2010/04/28 14:20:49 | 000,022,016 | ---- | M] () -- C:\alicia.doc
[2009/08/14 17:03:19 | 227,477,504 | ---- | M] () -- C:\Ange.avi
[2009/08/14 17:03:19 | 121,802,444 | ---- | M] () -- C:\Ange.wav
[2010/12/05 20:38:54 | 000,019,903 | ---- | M] () -- C:\Attach.txt
[2002/01/01 00:19:19 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/02/15 23:29:43 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/12/05 09:36:10 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2009/01/14 20:18:56 | 000,036,228 | ---- | M] () -- C:\caavsetupLog.txt
[2010/12/04 09:08:56 | 000,000,850 | ---- | M] () -- C:\caEntitlementLog.txt
[2010/12/04 09:12:40 | 001,581,077 | ---- | M] () -- C:\caisslog.txt
[2010/12/07 20:53:02 | 000,000,631 | ---- | M] () -- C:\CFScript.txt
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2010/12/07 21:44:55 | 000,021,879 | ---- | M] () -- C:\ComboFix.txt
[2002/01/01 00:19:19 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009/02/23 19:03:20 | 000,086,836 | ---- | M] () -- C:\Cucu_Video_log.txt
[2010/12/05 20:39:32 | 000,012,741 | ---- | M] () -- C:\DDS.txt
[2010/12/07 20:57:43 | 3218,919,424 | -HS- | M] () -- C:\hiberfil.sys
[2002/01/01 00:19:19 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/12/05 09:49:18 | 000,018,026 | ---- | M] () -- C:\lPomp Combofix log.txt
[2002/01/01 00:19:19 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2009/01/14 19:53:05 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/01/14 19:53:05 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2010/12/07 20:57:41 | 1073,741,824 | -HS- | M] () -- C:\pagefile.sys
[2009/08/14 15:40:21 | 349,776,896 | ---- | M] () -- C:\Video.avi
[2009/08/17 22:12:36 | 120,373,904 | ---- | M] () -- C:\Video.mpg
[2009/08/14 01:43:53 | 121,802,444 | ---- | M] () -- C:\Video.wav
[2009/01/15 16:34:38 | 000,005,693 | ---- | M] () -- C:\wialog.txt

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/01/14 18:54:10 | 000,000,067 | ---- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2003/06/18 17:31:48 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2008/07/06 05:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
[2007/05/08 15:30:48 | 000,188,416 | ---- | M] (soft Xpansion) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\wpeproc.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2009/01/14 13:17:00 | 000,090,112 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/01/14 13:17:00 | 000,630,784 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/01/14 13:17:00 | 000,413,696 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2009/01/14 19:56:46 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x %systemroot%\*.config %systemroot%\system32\*.db %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x %USERPROFILE%\Desktop\*.exe %PROGRAMFILES%\Common Files\*.* %systemroot%\*.src >
Invalid Switch: x %USERPROFILE%\Desktop\*.exe %PROGRAMFILES%\Common Files\*.* %systemroot%\*.src


< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2009/01/14 20:11:15 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Steve\Favorites\Desktop.ini
[2010/05/06 20:34:37 | 000,000,248 | ---- | M] () -- C:\Documents and Settings\Steve\Favorites\NCH Software Download.lnk

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c dir /b "%systemroot%\*.exe" | find /i " " /c >
0

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2010/12/07 22:11:33 | 000,147,456 | ---- | M] () -- C:\Documents and Settings\Steve\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2006/11/01 17:31:34 | 000,315,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2001/05/02 15:24:18 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\blogo.gif
[2004/08/04 00:56:42 | 000,028,672 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2004/07/17 11:41:10 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2001/03/07 06:00:26 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2001/05/22 13:06:52 | 000,000,866 | ---- | M] () -- C:\Program Files\Messenger\mailtmpl.txt
[2004/08/04 00:56:44 | 000,082,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2004/08/04 00:56:14 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2004/08/04 00:56:54 | 001,667,584 | -HS- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2001/02/01 06:00:26 | 000,000,685 | ---- | M] () -- C:\Program Files\Messenger\msmsgs.exe.manifest
[2001/08/01 21:58:12 | 000,016,415 | ---- | M] () -- C:\Program Files\Messenger\msmsgsin.exe
[2004/07/17 11:41:10 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2004/07/17 11:41:10 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2004/07/17 11:41:10 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2000/12/05 13:10:32 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/07/17 11:41:06 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >


========== Alternate Data Streams ==========

@Alternate Data Stream - 489 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8CE646EE

< End of report >
 
Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.

=====================================================================

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
MOD - [2010/09/24 10:16:18 | 000,272,976 | ---- | M] (CA) -- C:\WINDOWS\system32\UmxSbxw.dll
MOD - [2010/09/24 10:16:18 | 000,113,232 | ---- | M] (CA) -- C:\WINDOWS\system32\UmxSbxExw.dll
DRV - [2009/09/16 09:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No CLSID value found.
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/downlo...22/wmv9VCM.CAB (Reg Error: Key error.)
[2010/12/04 08:21:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FrontLine Registry Cleaner
[2010/12/04 08:21:16 | 000,000,000 | ---D | C] -- C:\Program Files\Frontline Registry Cleaner
[2010/12/03 17:07:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2010/12/03 01:23:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2010/12/03 01:23:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2010/12/03 01:23:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
@Alternate Data Stream - 489 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8CE646EE

:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

=======================================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


2. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


3. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • IMPORTANT! UN-check Remove found threats
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{10134636-E7AF-4AC5-A1DC-C7C44BB97D81} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10134636-E7AF-4AC5-A1DC-C7C44BB97D81}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\intuit.com\ttlc\ deleted successfully.
Starting removal of ActiveX control {33564D57-0000-0010-8000-00AA00389B71}
C:\WINDOWS\Downloaded Program Files\WMV9VCM.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{33564D57-0000-0010-8000-00AA00389B71}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33564D57-0000-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{33564D57-0000-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33564D57-0000-0010-8000-00AA00389B71}\ not found.
C:\Documents and Settings\All Users\Application Data\FrontLine Registry Cleaner folder moved successfully.
C:\Program Files\Frontline Registry Cleaner\RegistryDefrag\Backup folder moved successfully.
C:\Program Files\Frontline Registry Cleaner\RegistryDefrag folder moved successfully.
C:\Program Files\Frontline Registry Cleaner folder moved successfully.
C:\Program Files\Common Files\Symantec Shared folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Symantec folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Norton folder moved successfully.
C:\Documents and Settings\All Users\Application Data\NortonInstaller\Logs\12-04-2010-09h07m12s folder moved successfully.
C:\Documents and Settings\All Users\Application Data\NortonInstaller\Logs\12-04-2010-09h06m26s folder moved successfully.
C:\Documents and Settings\All Users\Application Data\NortonInstaller\Logs\12-03-2010-01h23m07s folder moved successfully.
C:\Documents and Settings\All Users\Application Data\NortonInstaller\Logs folder moved successfully.
C:\Documents and Settings\All Users\Application Data\NortonInstaller folder moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32835 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32835 bytes

User: Steve
->Temp folder emptied: 9257319 bytes
->Temporary Internet Files folder emptied: 7680490 bytes
->Java cache emptied: 2027 bytes
->FireFox cache emptied: 96491892 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 2468 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 108.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService

User: Steve
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.17.3 log created on 12082010_081718

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


Results of screen317's Security Check version 0.99.5
Windows XP Service Pack 2
Out of date service pack!!
Internet Explorer 6 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
Avira AntiVir Personal - Free Antivirus
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner
Java(TM) 6 Update 22
Out of date Java installed!
Adobe Flash Player 10.1.85.3
Adobe Reader 9.3.4
Mozilla Firefox (3.5.12) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````


C:\Documents and Settings\Steve\My Documents\Downloads\RegistryEasy_Setup003.exe a variant of Win32/Adware.RegistryEasy application
C:\System Volume Information\_restore{A66C9FD9-F7F5-41C4-AD8A-08FBAAAA7D0D}\RP436\A0047619.dll Win32/Adware.RegistryEasy application
C:\System Volume Information\_restore{A66C9FD9-F7F5-41C4-AD8A-08FBAAAA7D0D}\RP436\A0047621.exe a variant of Win32/Adware.RegistryEasy application
 
Status
Not open for further replies.

Similar threads

wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
L
Solved Unknown spyware/ Monitoring/ Hijacking of my devices
Replies
15
Views
3K
Broni
Broni
liltxkg
Inactive Cleanup Help - File Explorer Freezing
Replies
6
Views
2K
Broni
Broni

Latest posts

Back