Solved Search results go to spam sites

Status
Not open for further replies.

deznpj

Posts: 25   +0
Hi guys...hope you can help. Everytime I click on a search result it goes to different spam sites. I ran (and later purchased the full version) MBAM and it continually blocks the following ip: 209.212.147.208
I ran the logs (hopefully correctly) that you mention in one of your posts and here they are:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5520

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/14/2011 10:05:02 AM
mbam-log-2011-01-14 (10-05-02).txt

Scan type: Quick scan
Objects scanned: 140309
Time elapsed: 3 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2011-01-14 10:35:44
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e ST3320620AS rev.3.AAD
Running: lio6xq45.exe; Driver: C:\DOCUME~1\Desi\LOCALS~1\Temp\kfliypow.sys


---- System - GMER 1.0.15 ----

SSDT sptd.sys ZwEnumerateKey [0xB7EC3FB2]
SSDT sptd.sys ZwEnumerateValueKey [0xB7EC4340]

---- Devices - GMER 1.0.15 ----

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [B7E12B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 [B7E12B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [B7E12B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort2 [B7E12B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort3 [B7E12B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort4 [B7E12B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort5 [B7E12B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort6 [B7E12B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort7 [B7E12B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e [B7E12B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atll3y0j \Device\Scsi\atll3y0j1Port8Path0Target0Lun0 8A57C5D0
Device \Driver\atll3y0j \Device\Scsi\atll3y0j1 8A57C5D0
Device \FileSystem\Ntfs \Ntfs 8A85A1E8
Device \FileSystem\Fastfat \Fat 893271E8

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Threads - GMER 1.0.15 ----

Thread System [4:176] 8A6CF53C
Thread System [4:180] 8A6D152D

---- EOF - GMER 1.0.15 ----

x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x

DDS (Ver_10-12-12.02)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 6/30/2007 12:18:44 AM
System Uptime: 1/14/2011 9:52:49 AM (1 hours ago)

Motherboard: http://www.abit.com.tw/ | | AN9 32X series(C51XE-MCP55XE/C51-MCP55)
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5600+ | Socket M2 | 2813/201mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 29 GiB total, 2.232 GiB free.
D: is FIXED (NTFS) - 269 GiB total, 95.523 GiB free.
E: is CDROM ()
F: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description:
Device ID: ACPI\ABT2005\3&2411E6FE&0
Manufacturer:
Name:
PNP Device ID: ACPI\ABT2005\3&2411E6FE&0
Service:

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Hamachi Network Interface
Device ID: ROOT\NET\0000
Manufacturer: LogMeIn, Inc.
Name: Hamachi Network Interface
PNP Device ID: ROOT\NET\0000
Service: hamachi

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0001
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0001
Service: CVirtA

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

AA3Deploy
Add or Remove Adobe Creative Suite 3 Design Premium
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Creative Suite 3 Design Premium
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Fonts All
Adobe Help Viewer CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Reader X
Adobe Setup
Adobe Shockwave Player
Adobe SING CS3
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
AHV content for Acrobat and Flash
America's Army
AnyDVD
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Battlefield 1942
Battlefield 2(TM)
Bonjour
Cheat Engine 5.6
Cisco Systems VPN Client 5.0.04.0300
DVD Decrypter (Remove Only)
DVD Shrink 3.2
Easy Edit Software
EnCase v6.17
Full Tilt Poker
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Hamachi 1.0.2.5
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Photo Creations
HP PhotoSmart Photo Printing Software
iTunes
Java(TM) 6 Update 17
JS World 2nd Grade
JSWorld2GMain
JSWPFCom
JSWPFGrade2
JumpStart Toddlers 2001
K-Lite Codec Pack 6.4.0 (Standard)
LiveUpdate 3.3 (Symantec Corporation)
Logitech QuickCam Software
Logitech® Camera Driver
Malwarebytes' Anti-Malware
McAfee Security Scan Plus
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft IntelliPoint 5.2
Microsoft IntelliType Pro 5.2
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Move Media Player
Mozilla Firefox (3.6.13)
MSXML 6 Service Pack 2 (KB973686)
MyPublisher
Norton Security Scan
Norton Security Scan (Symantec Corporation)
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA nView Desktop Manager
OGA Notifier 2.0.0048.0
PDF Settings
Picasa 3
Plants vs. Zombies
Poker Night at the Inventory
PunkBuster Services
QuickTime
Realtek AC'97 Audio
Realtek High Definition Audio Driver
Renegade Paintball
Runes of Magic
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Skype Toolbars
Skype™ 5.0
Steam
Swords and Sandals 2
Swords and Sandals 3
Swords and Sandals 4
Symantec Endpoint Protection
System Requirements Lab
Team Fortress 2
TeamSpeak 2 RC2
Unity Web Player
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office Outlook 2007 (KB2412171)
Update for Outlook 2007 Junk Email Filter (KB2483110)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Ventrilo Client
Viewpoint Media Player
VNC Free Edition 4.1.2
Web-Based Email Tools
WebFldrs XP
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format Runtime
Windows Media Player 10
Windows Presentation Foundation
Windows XP Service Pack 3
WinRAR archiver
WinZip 11.1
Wizard101
XML Paper Specification Shared Components Pack 1.0

==== Event Viewer Messages From Past Week ========

1/14/2011 9:42:44 AM, error: Service Control Manager [7034] - The PnkBstrA service terminated unexpectedly. It has done this 1 time(s).
1/14/2011 9:42:44 AM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
1/14/2011 9:42:44 AM, error: Service Control Manager [7031] - The Symantec Management Client service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
1/14/2011 9:42:44 AM, error: Service Control Manager [7031] - The Symantec Endpoint Protection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
1/14/2011 9:42:44 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/14/2011 9:42:43 AM, error: Service Control Manager [7031] - The Symantec Settings Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
1/14/2011 9:42:43 AM, error: Service Control Manager [7031] - The Symantec Event Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 200 milliseconds: Restart the service.
1/14/2011 9:37:15 AM, error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 1 time(s).
1/14/2011 9:37:15 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
1/14/2011 9:37:15 AM, error: Service Control Manager [7034] - The HASP License Manager service terminated unexpectedly. It has done this 1 time(s).
1/14/2011 9:37:14 AM, error: Service Control Manager [7034] - The Cisco Systems, Inc. VPN Service service terminated unexpectedly. It has done this 1 time(s).
1/14/2011 9:37:14 AM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
1/14/2011 9:37:14 AM, error: Service Control Manager [7031] - The Symantec Management Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
1/14/2011 9:37:14 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/14/2011 7:03:47 AM, error: System Error [1003] - Error code 100000c5, parameter1 00000000, parameter2 00000002, parameter3 00000001, parameter4 8054b168.
1/13/2011 9:39:47 PM, error: Service Control Manager [7034] - The VNC Server Version 4 service terminated unexpectedly. It has done this 1 time(s).
1/13/2011 9:39:47 PM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
1/11/2011 4:00:56 PM, error: Service Control Manager [7034] - The LiveUpdate service terminated unexpectedly. It has done this 1 time(s).

==== End Of File ===========================


DDS (Ver_10-12-12.02) - NTFSx86
Run by Desi at 10:39:52.07 on Fri 01/14/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1006 [GMT -8:00]

AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Symantec AntiVirus\Smc.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\system32\hasplms.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec AntiVirus\SmcGui.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
D:\steam\steam.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Desi\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyServer = http=127.0.0.1:8074
uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [DAEMON Tools] "c:\program files\daemon tools\daemon.exe" -lang 1033
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Steam] "d:\steam\steam.exe" -silent
uRun: [\\gameserver\EPSON Stylus Photo R220 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatiaia.exe /fu "c:\docume~1\desi\locals~1\temp\E_SA24.tmp" /EF "HKCU"
uRun: [Auto EPSON Stylus Photo R220 Series on gameserver] c:\windows\system32\spool\drivers\w32x86\3\e_fatiaia.exe /fu "c:\windows\temp\E_S1B.tmp" /EF "HKCU"
uRun: [LogitechSoftwareUpdate] "c:\program files\logitech\video\ManifestEngine.exe" boot
uRun: [RdvLop1xz4R] c:\docume~1\alluse~1\applic~1\RdvLop1xz4R.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [type32] "c:\program files\microsoft intellitype pro\type32.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\point32.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE
mRun: [LogitechVideoRepair] c:\program files\logitech\video\ISStart.exe
mRun: [LogitechVideoTray] c:\program files\logitech\video\LogiTray.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{51fb15f4-ad27-43bc-ad4b-dd0354fb6bbd}\Icon3E5562ED7.ico
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
DPF: Web-Based Email Tools - hxxp://email.secureserver.net/Download.CAB
DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://samsclubus.pnimedia.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\desi\applic~1\mozilla\firefox\profiles\zt9jvtaf.default\
FF - prefs.js: browser.startup.homepage - hxxp://news.google.com/
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\desi\application data\move networks\plugins\npqmp071505000011.dll
FF - plugin: c:\documents and settings\desi\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwbe.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Starfield Zoom: zoomext@starfield - c:\program files\mozilla firefox\extensions\zoomext@starfield
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\desi\application data\Move Networks

============= SERVICES / DRIVERS ===============

R0 enfilter;enfilter;c:\windows\system32\drivers\enfilter.sys [2010-9-13 16512]
R1 gsimrx;gsimrx;c:\windows\system32\drivers\gsimrx.sys [2010-9-13 165952]
R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [2007-7-6 33824]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2009-10-29 108392]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2009-10-29 108392]
R2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-1-29 363344]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec antivirus\Rtvscan.exe [2009-10-29 2477304]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-1-10 102448]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-1-29 20952]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20110113.018\NAVENG.SYS [2011-1-13 86008]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20110113.018\NAVEX15.SYS [2011-1-13 1360760]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-5 135664]
S3 enhd;enhd;c:\windows\system32\drivers\enhd.sys [2010-9-13 19520]
S3 enportv;enportv;d:\encase6\drivers\x32\enportv.sys [2010-9-13 77760]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2007-11-14 394952]

=============== Created Last 30 ================

2011-01-06 00:28:01 -------- d-sh--w- c:\documents and settings\desi\IECompatCache
2011-01-04 05:49:50 53248 ----a-w- c:\windows\system32\drivers\sst192.sys
2011-01-01 05:30:08 5504 -c--a-w- c:\windows\system32\dllcache\mstee.sys
2011-01-01 05:30:08 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2011-01-01 05:30:08 -------- d-----w- c:\docume~1\desi\locals~1\applic~1\Logitech-LS
2011-01-01 05:27:44 91136 ----a-w- c:\windows\system32\kswdmcap.ax
2011-01-01 05:27:44 53760 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2011-01-01 05:27:44 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2011-01-01 05:27:44 43008 ----a-w- c:\windows\system32\ksxbar.ax
2011-01-01 05:27:38 61952 ----a-w- c:\windows\system32\kstvtune.ax
2011-01-01 05:20:47 -------- d-----w- c:\windows\system32\appmgmt
2010-12-26 05:23:09 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-12-26 05:23:09 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-12-26 05:22:36 -------- d-----w- c:\program files\iPod
2010-12-26 05:22:32 -------- d-----w- c:\program files\iTunes
2010-12-26 05:22:32 -------- d-----w- c:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-12-26 05:21:15 -------- d-----w- c:\docume~1\desi\locals~1\applic~1\Apple
2010-12-26 05:21:03 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-12-26 05:21:03 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-12-25 15:38:47 5632 ----a-w- c:\windows\system32\ptpusb.dll
2010-12-25 15:38:47 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2010-12-25 15:38:47 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-12-25 15:38:46 159232 ----a-w- c:\windows\system32\ptpusd.dll
2010-12-22 06:59:10 -------- d-----w- c:\docume~1\desi\locals~1\applic~1\cache
2010-12-22 06:57:49 -------- d-----w- c:\docume~1\desi\locals~1\applic~1\FullTiltPoker
2010-12-22 06:56:43 -------- d-----w- c:\program files\Full Tilt Poker
2010-12-22 02:50:15 1409 ----a-w- c:\windows\QTFont.for
2010-12-18 23:54:09 26015000 ----a-w- C:\Contour-Storyteller-Installer.exe
2010-12-16 02:15:49 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-16 02:15:26 45568 -c----w- c:\windows\system32\dllcache\wab.exe

==================== Find3M ====================

2010-11-30 01:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-30 01:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-19 23:47:07 107832 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-09 14:52:35 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26:58 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26:58 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec
2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys

============= FINISH: 10:46:35.31 ===============
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

========================================================================

Unless you installed Viewpoint Manager knowledgeably...
Go Start>Control Panel>Add\Remove (Programs and Features in Vista), and...
Uninstall any of the following programs associated with Viewpoint:
* Viewpoint Manager
* Viewpoint Media Player
* Viewpoint Toolbar
This program does not do anything bad such as deliver ads or spy on you, but it is considered foistware ("drive-by-install") as it is installed without your consent through programs like AOL, AIM, Compuserve, etc.

=====================================================================

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

=======================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
combofix reboot taking forever...

the reboot has not finished...it has been close to if not over an hour. I left it alone because the last message said not to manually reboot...
 
I ran combofix, it installed the recovery consol, then was doing its thing (the bluse box was up). it said it found a rootkit, rebooted and coninued to run after reboot. It then said that it was going to reboot (i didnt pay attention to any of the other info but it appeared as if it was finished) and to not reboot manually. It has been that way since (stuck on the windows splash screen with the blue boxes cycling thru the status bar)
 
Reboot manually and re-run Combofix one more time.

I also need MBRCheck log.
 
will be away from that system for about an hour...will post when I get back. Thanks again for all your help on this!
 
requested logs...

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000003d

Kernel Drivers (total 139):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xB85A8000 \WINDOWS\system32\KDCOM.DLL
0xB84B8000 \WINDOWS\system32\BOOTVID.dll
0xB7EBD000 sptd.sys
0xB85AA000 \WINDOWS\System32\Drivers\WMILIB.SYS
0xB7EA5000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
0xB7E77000 ACPI.sys
0xB7E66000 pci.sys
0xB80A8000 ohci1394.sys
0xB80B8000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xB80C8000 isapnp.sys
0xB8670000 pciide.sys
0xB8328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xB80D8000 MountMgr.sys
0xB7E47000 ftdisk.sys
0xB85AC000 dmload.sys
0xB7E21000 dmio.sys
0xB8330000 PartMgr.sys
0xB80E8000 VolSnap.sys
0xB7E09000 atapi.sys
0xB80F8000 disk.sys
0xB8108000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB7DE9000 fltmgr.sys
0xB7DD2000 KSecDD.sys
0xB7D45000 Ntfs.sys
0xB7D18000 NDIS.sys
0xB7CFE000 Mup.sys
0xB84BC000 enfilter.sys
0xB82C8000 \SystemRoot\system32\DRIVERS\processr.sys
0xB7249000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xB7235000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB8410000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xB7211000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xB8418000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB71FB000 \SystemRoot\System32\Drivers\AnyDVD.sys
0xB82D8000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xB82E8000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB71D8000 \SystemRoot\system32\DRIVERS\ks.sys
0xB8420000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xB82F8000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xB71B0000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB8308000 \SystemRoot\system32\DRIVERS\nvnetbus.sys
0xB70AB000 \SystemRoot\system32\DRIVERS\NVNRM.SYS
0xB7058000 \SystemRoot\system32\DRIVERS\NVSNPU.SYS
0xB6FF1000 \SystemRoot\System32\Drivers\atll3y0j.SYS
0xB84B0000 \SystemRoot\system32\DRIVERS\fdc.sys
0xB6BB9000 \SystemRoot\system32\DRIVERS\dne2000.sys
0xB87A0000 \SystemRoot\system32\DRIVERS\audstub.sys
0xB6052000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB7C8E000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB4F22000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xB6042000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xB6032000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xB6358000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB4E71000 \SystemRoot\system32\DRIVERS\psched.sys
0xB6022000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xB6350000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xB6348000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB4D81000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xB6002000 \SystemRoot\system32\DRIVERS\termdd.sys
0xB6340000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xB6338000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xB8624000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB4CBF000 \SystemRoot\system32\DRIVERS\update.sys
0xB7CAA000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xB6260000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xB5C94000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xB4EA2000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xB8632000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xB172C000 \SystemRoot\system32\DRIVERS\NVENETFD.sys
0xB032C000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xB0308000 \SystemRoot\system32\drivers\portcls.sys
0xB170C000 \SystemRoot\system32\drivers\drmk.sys
0xABDFC000 \SystemRoot\System32\Drivers\SRTSP.SYS
0xABCB1000 \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110113.018\NAVEX15.SYS
0xABC8C000 \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
0xABC78000 \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110113.018\NAVENG.SYS
0xAD7EA000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xB8198000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xAD442000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xB0FB1000 \SystemRoot\System32\Drivers\SRTSPX.SYS
0xB84A0000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xB863A000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xB4D5D000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xAE866000 \SystemRoot\System32\Drivers\Null.SYS
0xB2517000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xAE83F000 \SystemRoot\System32\Drivers\Beep.SYS
0xB5A61000 \SystemRoot\System32\drivers\vga.sys
0xAE833000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xAD8AC000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xAD432000 \SystemRoot\System32\Drivers\Msfs.SYS
0xAC96B000 \SystemRoot\System32\Drivers\Npfs.SYS
0xAE578000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xABC45000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xABBEC000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xABBC4000 \SystemRoot\system32\DRIVERS\netbt.sys
0xABB9E000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xB62A8000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xABB7C000 \SystemRoot\System32\drivers\afd.sys
0xB8248000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xB0FD1000 \SystemRoot\system32\DRIVERS\netbios.sys
0xABB12000 \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
0xABAE7000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB6A43000 \??\C:\WINDOWS\system32\drivers\oreans32.sys
0xABA77000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xABA3A000 \??\C:\WINDOWS\system32\drivers\gsimrx.sys
0xB63F6000 \SystemRoot\System32\Drivers\Fips.SYS
0xB8400000 \SystemRoot\System32\Drivers\ElbyCDIO.sys
0xAB9DC000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0xAB9BF000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0xB1021000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xAB9A7000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xB8620000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB2537000 \SystemRoot\System32\drivers\Dxapi.sys
0xB6380000 \SystemRoot\System32\watchdog.sys
0xBD000000 \SystemRoot\System32\drivers\dxg.sys
0xB8708000 \SystemRoot\System32\drivers\dxgthk.sys
0xBD012000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xAD80A000 \??\C:\WINDOWS\system32\drivers\mbam.sys
0xAD7F2000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xAB5C9000 \SystemRoot\system32\drivers\wdmaud.sys
0xB8288000 \SystemRoot\system32\drivers\sysaudio.sys
0xAB434000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xAB3DB000 \??\C:\WINDOWS\system32\drivers\aksfridge.sys
0xAB283000 \??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
0xAB1F3000 \??\C:\WINDOWS\system32\drivers\hardlock.sys
0xAB1A7000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xAB087000 \SystemRoot\system32\DRIVERS\srv.sys
0xAB167000 \SystemRoot\system32\DRIVERS\secdrv.sys
0xAABBE000 \SystemRoot\System32\Drivers\HTTP.sys
0xAA8F6000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys
0xA97C6000 \??\C:\DOCUME~1\Desi\LOCALS~1\Temp\kfliypow.sys
0xB8498000 \??\C:\DOCUME~1\Desi\LOCALS~1\Temp\mbr.sys
0xA979B000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll
0x10000000 \Program Files\DAEMON Tools\daemon.dll

Processes (total 54):
0 System Idle Process
4 System
1268 C:\WINDOWS\system32\smss.exe
1324 csrss.exe
1348 C:\WINDOWS\system32\winlogon.exe
1396 C:\WINDOWS\system32\services.exe
1408 C:\WINDOWS\system32\lsass.exe
1572 C:\WINDOWS\system32\nvsvc32.exe
1620 C:\WINDOWS\system32\svchost.exe
1724 svchost.exe
1928 C:\WINDOWS\system32\svchost.exe
324 C:\Program Files\Symantec AntiVirus\Smc.exe
380 svchost.exe
508 svchost.exe
728 C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
940 C:\WINDOWS\system32\spoolsv.exe
1988 svchost.exe
400 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
496 C:\Program Files\Bonjour\mDNSResponder.exe
572 svchost.exe
608 C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
1884 C:\WINDOWS\system32\hasplms.exe
636 C:\Program Files\Java\jre6\bin\jqs.exe
476 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
756 C:\WINDOWS\system32\PnkBstrA.exe
1104 C:\WINDOWS\system32\svchost.exe
1864 C:\Program Files\Symantec AntiVirus\Rtvscan.exe
2144 wdfmgr.exe
2840 alg.exe
3924 C:\WINDOWS\explorer.exe
3940 C:\Program Files\Symantec AntiVirus\SmcGui.exe
2420 C:\WINDOWS\system32\rundll32.exe
3724 C:\Program Files\Microsoft IntelliType Pro\type32.exe
3072 C:\Program Files\Microsoft IntelliPoint\point32.exe
3108 C:\WINDOWS\system32\ctfmon.exe
3128 C:\WINDOWS\RTHDCPL.exe
2916 C:\Program Files\Common Files\Symantec Shared\ccApp.exe
3196 C:\Program Files\Java\jre6\bin\jusched.exe
3480 C:\WINDOWS\system32\rundll32.exe
3600 C:\Program Files\iTunes\iTunesHelper.exe
3628 C:\WINDOWS\system32\LVCOMSX.EXE
3648 C:\Program Files\Logitech\Video\LogiTray.exe
3896 C:\WINDOWS\system32\ctfmon.exe
1788 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
1120 D:\Steam\steam.exe
2724 C:\Program Files\Logitech\Video\FxSvr2.exe
3280 C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
2744 C:\Program Files\iPod\bin\iPodService.exe
2460 C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
2544 C:\Program Files\Mozilla Firefox\firefox.exe
4032 C:\Program Files\Mozilla Firefox\plugin-container.exe
568 C:\Program Files\Internet Explorer\iexplore.exe
1796 C:\Program Files\Internet Explorer\iexplore.exe
2900 C:\Documents and Settings\Desi\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000007`52c65e00 (NTFS)

PhysicalDrive0 Model Number: ST3320620AS

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!


=============x===============x====================x========x


ComboFix 11-01-14.01 - Desi 01/14/2011 17:03:13.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1261 [GMT -8:00]
Running from: c:\documents and settings\Desi\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.

((((((((((((((((((((((((( Files Created from 2010-12-15 to 2011-01-15 )))))))))))))))))))))))))))))))
.

2011-01-06 00:28 . 2011-01-06 00:28 -------- d-sh--w- c:\documents and settings\Desi\IECompatCache
2011-01-04 06:18 . 2011-01-04 06:18 -------- d-----w- c:\program files\Common Files\Skype
2011-01-01 05:30 . 2011-01-01 05:30 -------- d-----w- c:\documents and settings\Desi\Local Settings\Application Data\Logitech-LS
2011-01-01 05:30 . 2008-04-13 18:39 5504 -c--a-w- c:\windows\system32\dllcache\mstee.sys
2011-01-01 05:30 . 2008-04-13 18:39 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2011-01-01 05:27 . 2008-04-14 00:12 91136 ----a-w- c:\windows\system32\kswdmcap.ax
2011-01-01 05:27 . 2008-04-14 00:12 43008 ----a-w- c:\windows\system32\ksxbar.ax
2011-01-01 05:27 . 2008-04-14 00:12 53760 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2011-01-01 05:27 . 2008-04-14 00:12 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2011-01-01 05:27 . 2008-04-14 00:12 61952 ----a-w- c:\windows\system32\kstvtune.ax
2011-01-01 05:07 . 2011-01-01 05:07 -------- d-----w- c:\documents and settings\Desi\Application Data\Logitech
2011-01-01 05:03 . 2011-01-01 05:03 -------- d-----w- c:\documents and settings\Desi\Application Data\Leadertech
2011-01-01 05:01 . 2011-01-01 05:01 -------- d-----w- c:\documents and settings\All Users\Application Data\LogiShrd
2011-01-01 05:01 . 2011-01-01 05:22 -------- d-----w- c:\program files\Logitech
2011-01-01 01:04 . 2011-01-01 01:04 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2010-12-26 05:23 . 2009-05-18 21:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-12-26 05:23 . 2008-04-17 20:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-12-26 05:22 . 2010-12-26 05:22 -------- d-----w- c:\program files\iPod
2010-12-26 05:22 . 2010-12-26 05:23 -------- d-----w- c:\program files\iTunes
2010-12-26 05:22 . 2010-12-26 05:23 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-12-26 05:21 . 2010-12-26 05:21 -------- d-----w- c:\documents and settings\Desi\Local Settings\Application Data\Apple
2010-12-26 05:21 . 2010-12-26 05:21 -------- d-----w- c:\program files\Apple Software Update
2010-12-26 05:21 . 2010-12-26 05:21 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer
2010-12-26 05:21 . 2011-01-01 05:21 -------- dc----w- c:\windows\system32\DRVSTORE
2010-12-26 05:21 . 2010-09-28 23:44 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-12-26 05:21 . 2010-09-28 23:44 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-12-26 05:20 . 2010-12-26 05:22 -------- d-----w- c:\program files\Common Files\Apple
2010-12-26 05:20 . 2010-12-26 05:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-12-25 15:38 . 2008-04-13 18:45 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2010-12-25 15:38 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-12-25 15:38 . 2001-08-18 06:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2010-12-25 15:38 . 2008-04-14 00:12 159232 ----a-w- c:\windows\system32\ptpusd.dll
2010-12-22 06:59 . 2010-12-22 06:59 -------- d-----w- c:\documents and settings\Desi\Local Settings\Application Data\cache
2010-12-22 06:57 . 2011-01-03 00:55 -------- d-----w- c:\documents and settings\Desi\Local Settings\Application Data\FullTiltPoker
2010-12-22 06:56 . 2011-01-03 01:47 -------- d-----w- c:\program files\Full Tilt Poker
2010-12-22 02:50 . 2010-12-22 02:50 1409 ----a-w- c:\windows\QTFont.for
2010-12-18 23:54 . 2010-12-18 23:54 26015000 ----a-w- C:\Contour-Storyteller-Installer.exe
2010-12-16 02:15 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-16 02:15 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-21 02:09 . 2010-01-29 21:25 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-21 02:08 . 2010-01-29 21:25 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-30 01:38 . 2010-11-30 01:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-30 01:38 . 2010-11-30 01:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-19 23:47 . 2007-07-07 02:32 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-11-19 23:47 . 2007-07-07 02:32 107832 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-11-18 18:12 . 2007-06-30 07:15 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-09 14:52 . 2004-08-12 13:25 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-11-06 00:26 . 2004-08-12 13:33 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26 . 2004-08-12 13:21 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26 . 2004-08-12 13:20 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25 . 2004-08-12 13:19 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2004-08-12 13:24 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2004-08-12 13:17 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25 . 2004-08-12 13:33 1853312 ----a-w- c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-09-18 171464]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-15 68856]
"Steam"="d:\steam\steam.exe" [2010-11-17 1242448]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-12-04 14944136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"type32"="c:\program files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 172032]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2004-06-03 204800]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-17 16143872]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-10-29 115560]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-02-19 149280]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-08 1753192]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-30 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-14 421160]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-20 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-21 963976]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-21 443728]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
VPN Client.lnk - c:\windows\Installer\{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}\Icon3E5562ED7.ico [2010-9-13 6144]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\America's Army\\System\\ArmyOps.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe"=
"d:\\Renegade Paintball\\PaintballGame.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Symantec AntiVirus\\Smc.exe"=
"c:\\Program Files\\Symantec AntiVirus\\SNAC.EXE"=
"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=
"d:\\GAMES\\Runes of Magic\\launcher.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\USArmy\\America's Army 3\\Binaries\\AA3Game.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"d:\\GAMES\\Runes of Magic\\Client.exe"=
"c:\\WINDOWS\\system32\\hasplms.exe"=
"d:\\Steam\\steamapps\\dri_desi\\team fortress 2\\hl2.exe"=
"d:\\Steam\\steamapps\\common\\poker night at the inventory\\CelebrityPoker.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"6112:TCP"= 6112:TCP:rp
"6113:TCP"= 6113:TCP:rp
"6114:TCP"= 6114:TCP:rp

R0 enfilter;enfilter;c:\windows\system32\drivers\enfilter.sys [9/13/2010 9:22 PM 16512]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [11/7/2007 6:42 PM 685816]
R1 gsimrx;gsimrx;c:\windows\system32\drivers\gsimrx.sys [9/13/2010 9:22 PM 165952]
R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [7/6/2007 1:44 PM 33824]
R2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/29/2010 1:25 PM 363344]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [1/10/2011 4:00 PM 102448]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/29/2010 1:25 PM 20952]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/5/2010 8:59 PM 135664]
S3 enhd;enhd;c:\windows\system32\drivers\enhd.sys [9/13/2010 9:22 PM 19520]
S3 enportv;enportv;d:\encase6\Drivers\x32\enportv.sys [9/13/2010 9:22 PM 77760]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 4:49 AM 227232]
.
Contents of the 'Scheduled Tasks' folder

2011-01-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 19:50]

2011-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 04:59]

2011-01-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 04:59]

2011-01-13 c:\windows\Tasks\Norton Security Scan for Desi.job
- c:\program files\Norton Security Scan\Nss.exe [2008-09-19 12:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyServer = http=127.0.0.1:8074
uInternet Settings,ProxyOverride = <local>
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
DPF: Web-Based Email Tools - hxxp://email.secureserver.net/Download.CAB
DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://samsclubus.pnimedia.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
FF - ProfilePath - c:\documents and settings\Desi\Application Data\Mozilla\Firefox\Profiles\zt9jvtaf.default\
FF - prefs.js: browser.startup.homepage - hxxp://news.google.com/
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Starfield Zoom: zoomext@starfield - c:\program files\Mozilla Firefox\extensions\zoomext@starfield
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\Desi\Application Data\Move Networks
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-14 17:30
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2648)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2011-01-14 17:44:45
ComboFix-quarantined-files.txt 2011-01-15 01:44
ComboFix2.txt 2011-01-14 23:47

Pre-Run: 2,171,441,152 bytes free
Post-Run: 2,140,065,792 bytes free

- - End Of File - - 813BF982277D94A79D245502666EBCFD
 
No.
Remember? Because of that rootkit hiccup, you ran Combofix twice and it produced two logs.
The recent one, you just posted, but I want to see the previous one, ComboFix2.txt
 
ahh...combofix 2 was the second one. here is the first one that I had to reboot again as it hung on the splash screen:

ComboFix 11-01-14.01 - Desi 01/14/2011 13:36:06.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1529 [GMT -8:00]
Running from: c:\documents and settings\Desi\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\Desi\Recent\Thumbs.db
c:\windows\system32\drivers\sst192.sys
c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.exe

----- BITS: Possible infected sites -----

hxxp://knowledgeadventure.cachefly.net
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_sst192
-------\Service_sst192


((((((((((((((((((((((((( Files Created from 2010-12-14 to 2011-01-14 )))))))))))))))))))))))))))))))
.

2011-01-06 00:28 . 2011-01-06 00:28 -------- d-sh--w- c:\documents and settings\Desi\IECompatCache
2011-01-04 06:18 . 2011-01-04 06:18 -------- d-----w- c:\program files\Common Files\Skype
2011-01-01 05:30 . 2011-01-01 05:30 -------- d-----w- c:\documents and settings\Desi\Local Settings\Application Data\Logitech-LS
2011-01-01 05:30 . 2008-04-13 18:39 5504 -c--a-w- c:\windows\system32\dllcache\mstee.sys
2011-01-01 05:30 . 2008-04-13 18:39 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2011-01-01 05:27 . 2008-04-14 00:12 91136 ----a-w- c:\windows\system32\kswdmcap.ax
2011-01-01 05:27 . 2008-04-14 00:12 43008 ----a-w- c:\windows\system32\ksxbar.ax
2011-01-01 05:27 . 2008-04-14 00:12 53760 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2011-01-01 05:27 . 2008-04-14 00:12 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2011-01-01 05:27 . 2008-04-14 00:12 61952 ----a-w- c:\windows\system32\kstvtune.ax
2011-01-01 05:07 . 2011-01-01 05:07 -------- d-----w- c:\documents and settings\Desi\Application Data\Logitech
2011-01-01 05:03 . 2011-01-01 05:03 -------- d-----w- c:\documents and settings\Desi\Application Data\Leadertech
2011-01-01 05:01 . 2011-01-01 05:01 -------- d-----w- c:\documents and settings\All Users\Application Data\LogiShrd
2011-01-01 05:01 . 2011-01-01 05:22 -------- d-----w- c:\program files\Logitech
2011-01-01 01:04 . 2011-01-01 01:04 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2010-12-26 05:23 . 2009-05-18 21:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-12-26 05:23 . 2008-04-17 20:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-12-26 05:22 . 2010-12-26 05:22 -------- d-----w- c:\program files\iPod
2010-12-26 05:22 . 2010-12-26 05:23 -------- d-----w- c:\program files\iTunes
2010-12-26 05:22 . 2010-12-26 05:23 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-12-26 05:21 . 2010-12-26 05:21 -------- d-----w- c:\documents and settings\Desi\Local Settings\Application Data\Apple
2010-12-26 05:21 . 2010-12-26 05:21 -------- d-----w- c:\program files\Apple Software Update
2010-12-26 05:21 . 2010-12-26 05:21 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer
2010-12-26 05:21 . 2011-01-01 05:21 -------- dc----w- c:\windows\system32\DRVSTORE
2010-12-26 05:21 . 2010-09-28 23:44 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-12-26 05:21 . 2010-09-28 23:44 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-12-26 05:20 . 2010-12-26 05:22 -------- d-----w- c:\program files\Common Files\Apple
2010-12-26 05:20 . 2010-12-26 05:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-12-25 15:38 . 2008-04-13 18:45 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2010-12-25 15:38 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-12-25 15:38 . 2001-08-18 06:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2010-12-25 15:38 . 2008-04-14 00:12 159232 ----a-w- c:\windows\system32\ptpusd.dll
2010-12-22 06:59 . 2010-12-22 06:59 -------- d-----w- c:\documents and settings\Desi\Local Settings\Application Data\cache
2010-12-22 06:57 . 2011-01-03 00:55 -------- d-----w- c:\documents and settings\Desi\Local Settings\Application Data\FullTiltPoker
2010-12-22 06:56 . 2011-01-03 01:47 -------- d-----w- c:\program files\Full Tilt Poker
2010-12-22 02:50 . 2010-12-22 02:50 1409 ----a-w- c:\windows\QTFont.for
2010-12-18 23:54 . 2010-12-18 23:54 26015000 ----a-w- C:\Contour-Storyteller-Installer.exe
2010-12-16 02:15 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-16 02:15 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-21 02:09 . 2010-01-29 21:25 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-21 02:08 . 2010-01-29 21:25 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-30 01:38 . 2010-11-30 01:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-30 01:38 . 2010-11-30 01:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-19 23:47 . 2007-07-07 02:32 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-11-19 23:47 . 2007-07-07 02:32 107832 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-11-18 18:12 . 2007-06-30 07:15 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-09 14:52 . 2004-08-12 13:25 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-11-06 00:26 . 2004-08-12 13:33 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26 . 2004-08-12 13:21 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26 . 2004-08-12 13:20 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25 . 2004-08-12 13:19 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2004-08-12 13:24 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2004-08-12 13:17 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25 . 2004-08-12 13:33 1853312 ----a-w- c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-09-18 171464]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-15 68856]
"Steam"="d:\steam\steam.exe" [2010-11-17 1242448]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-12-04 14944136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"type32"="c:\program files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 172032]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2004-06-03 204800]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-17 16143872]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-10-29 115560]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-02-19 149280]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-08 1753192]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-30 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-14 421160]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-20 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-21 963976]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-21 443728]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
VPN Client.lnk - c:\windows\Installer\{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}\Icon3E5562ED7.ico [2010-9-13 6144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Taskman"=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\America's Army\\System\\ArmyOps.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe"=
"d:\\Renegade Paintball\\PaintballGame.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Symantec AntiVirus\\Smc.exe"=
"c:\\Program Files\\Symantec AntiVirus\\SNAC.EXE"=
"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=
"d:\\GAMES\\Runes of Magic\\launcher.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\USArmy\\America's Army 3\\Binaries\\AA3Game.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"d:\\GAMES\\Runes of Magic\\Client.exe"=
"c:\\WINDOWS\\system32\\hasplms.exe"=
"d:\\Steam\\steamapps\\dri_desi\\team fortress 2\\hl2.exe"=
"d:\\Steam\\steamapps\\common\\poker night at the inventory\\CelebrityPoker.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"6112:TCP"= 6112:TCP:rp
"6113:TCP"= 6113:TCP:rp
"6114:TCP"= 6114:TCP:rp

R0 enfilter;enfilter;c:\windows\system32\drivers\enfilter.sys [9/13/2010 9:22 PM 16512]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [11/7/2007 6:42 PM 685816]
R1 gsimrx;gsimrx;c:\windows\system32\drivers\gsimrx.sys [9/13/2010 9:22 PM 165952]
R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [7/6/2007 1:44 PM 33824]
R2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/29/2010 1:25 PM 363344]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [1/10/2011 4:00 PM 102448]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/29/2010 1:25 PM 20952]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/5/2010 8:59 PM 135664]
S3 enhd;enhd;c:\windows\system32\drivers\enhd.sys [9/13/2010 9:22 PM 19520]
S3 enportv;enportv;d:\encase6\Drivers\x32\enportv.sys [9/13/2010 9:22 PM 77760]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 4:49 AM 227232]
.
Contents of the 'Scheduled Tasks' folder

2011-01-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 19:50]

2011-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 04:59]

2011-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 04:59]

2011-01-13 c:\windows\Tasks\Norton Security Scan for Desi.job
- c:\program files\Norton Security Scan\Nss.exe [2008-09-19 12:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyServer = http=127.0.0.1:8074
uInternet Settings,ProxyOverride = <local>
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
DPF: Web-Based Email Tools - hxxp://email.secureserver.net/Download.CAB
DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://samsclubus.pnimedia.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
FF - ProfilePath - c:\documents and settings\Desi\Application Data\Mozilla\Firefox\Profiles\zt9jvtaf.default\
FF - prefs.js: browser.startup.homepage - hxxp://news.google.com/
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Starfield Zoom: zoomext@starfield - c:\program files\Mozilla Firefox\extensions\zoomext@starfield
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\Desi\Application Data\Move Networks
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-\\gameserver\EPSON Stylus Photo R220 Series - c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE
HKCU-Run-RdvLop1xz4R - c:\docume~1\ALLUSE~1\APPLIC~1\RdvLop1xz4R.exe
Notify-NavLogon - (no file)
SafeBoot-Symantec Antvirus
AddRemove-NVIDIA Display Control Panel - c:\program files\NVIDIA Corporation\Uninstall\nvuninst.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-14 15:29
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3928)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Symantec AntiVirus\Smc.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\windows\system32\hasplms.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\windows\system32\wdfmgr.exe
c:\program files\RealVNC\VNC4\WinVNC4.exe
c:\program files\Symantec AntiVirus\SmcGui.exe
c:\windows\system32\rundll32.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\program files\Logitech\Video\FxSvr2.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe
.
**************************************************************************
.
Completion time: 2011-01-14 15:47:32 - machine was rebooted
ComboFix-quarantined-files.txt 2011-01-14 23:47

Pre-Run: 2,002,903,040 bytes free
Post-Run: 2,169,782,272 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - F2A57514D8AC3AEAA64331CA386E4AE8
 
Good :)

1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code:
DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:8074
uInternet Settings,ProxyOverride = <local>

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000000


3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif



6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
 
here is the latest:

ComboFix 11-01-14.01 - Desi 01/14/2011 19:00:01.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1343 [GMT -8:00]
Running from: c:\documents and settings\Desi\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Desi\Desktop\CFScript.txt
AV: Symantec Endpoint Protection *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.

((((((((((((((((((((((((( Files Created from 2010-12-15 to 2011-01-15 )))))))))))))))))))))))))))))))
.

2011-01-06 00:28 . 2011-01-06 00:28 -------- d-sh--w- c:\documents and settings\Desi\IECompatCache
2011-01-04 06:18 . 2011-01-04 06:18 -------- d-----w- c:\program files\Common Files\Skype
2011-01-01 05:30 . 2011-01-01 05:30 -------- d-----w- c:\documents and settings\Desi\Local Settings\Application Data\Logitech-LS
2011-01-01 05:30 . 2008-04-13 18:39 5504 -c--a-w- c:\windows\system32\dllcache\mstee.sys
2011-01-01 05:30 . 2008-04-13 18:39 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2011-01-01 05:27 . 2008-04-14 00:12 91136 ----a-w- c:\windows\system32\kswdmcap.ax
2011-01-01 05:27 . 2008-04-14 00:12 43008 ----a-w- c:\windows\system32\ksxbar.ax
2011-01-01 05:27 . 2008-04-14 00:12 53760 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2011-01-01 05:27 . 2008-04-14 00:12 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2011-01-01 05:27 . 2008-04-14 00:12 61952 ----a-w- c:\windows\system32\kstvtune.ax
2011-01-01 05:07 . 2011-01-01 05:07 -------- d-----w- c:\documents and settings\Desi\Application Data\Logitech
2011-01-01 05:03 . 2011-01-01 05:03 -------- d-----w- c:\documents and settings\Desi\Application Data\Leadertech
2011-01-01 05:01 . 2011-01-01 05:01 -------- d-----w- c:\documents and settings\All Users\Application Data\LogiShrd
2011-01-01 05:01 . 2011-01-01 05:22 -------- d-----w- c:\program files\Logitech
2011-01-01 01:04 . 2011-01-01 01:04 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2010-12-26 05:23 . 2009-05-18 21:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-12-26 05:23 . 2008-04-17 20:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-12-26 05:22 . 2010-12-26 05:22 -------- d-----w- c:\program files\iPod
2010-12-26 05:22 . 2010-12-26 05:23 -------- d-----w- c:\program files\iTunes
2010-12-26 05:22 . 2010-12-26 05:23 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-12-26 05:21 . 2010-12-26 05:21 -------- d-----w- c:\documents and settings\Desi\Local Settings\Application Data\Apple
2010-12-26 05:21 . 2010-12-26 05:21 -------- d-----w- c:\program files\Apple Software Update
2010-12-26 05:21 . 2010-12-26 05:21 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer
2010-12-26 05:21 . 2011-01-01 05:21 -------- dc----w- c:\windows\system32\DRVSTORE
2010-12-26 05:21 . 2010-09-28 23:44 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-12-26 05:21 . 2010-09-28 23:44 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-12-26 05:20 . 2010-12-26 05:22 -------- d-----w- c:\program files\Common Files\Apple
2010-12-26 05:20 . 2010-12-26 05:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-12-25 15:38 . 2008-04-13 18:45 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2010-12-25 15:38 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-12-25 15:38 . 2001-08-18 06:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2010-12-25 15:38 . 2008-04-14 00:12 159232 ----a-w- c:\windows\system32\ptpusd.dll
2010-12-22 06:59 . 2010-12-22 06:59 -------- d-----w- c:\documents and settings\Desi\Local Settings\Application Data\cache
2010-12-22 06:57 . 2011-01-03 00:55 -------- d-----w- c:\documents and settings\Desi\Local Settings\Application Data\FullTiltPoker
2010-12-22 06:56 . 2011-01-03 01:47 -------- d-----w- c:\program files\Full Tilt Poker
2010-12-22 02:50 . 2010-12-22 02:50 1409 ----a-w- c:\windows\QTFont.for
2010-12-18 23:54 . 2010-12-18 23:54 26015000 ----a-w- C:\Contour-Storyteller-Installer.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-21 02:09 . 2010-01-29 21:25 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-21 02:08 . 2010-01-29 21:25 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-30 01:38 . 2010-11-30 01:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-30 01:38 . 2010-11-30 01:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-19 23:47 . 2007-07-07 02:32 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-11-19 23:47 . 2007-07-07 02:32 107832 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-11-18 18:12 . 2007-06-30 07:15 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-09 14:52 . 2004-08-12 13:25 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-11-06 00:26 . 2004-08-12 13:33 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26 . 2004-08-12 13:21 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26 . 2004-08-12 13:20 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25 . 2004-08-12 13:19 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2004-08-12 13:24 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2004-08-12 13:17 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25 . 2004-08-12 13:33 1853312 ----a-w- c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-09-18 171464]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-15 68856]
"Steam"="d:\steam\steam.exe" [2010-11-17 1242448]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-12-04 14944136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"type32"="c:\program files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 172032]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2004-06-03 204800]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-17 16143872]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-10-29 115560]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-02-19 149280]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-08 1753192]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-30 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-14 421160]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-20 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-21 963976]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-21 443728]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
VPN Client.lnk - c:\windows\Installer\{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}\Icon3E5562ED7.ico [2010-9-13 6144]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\America's Army\\System\\ArmyOps.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe"=
"d:\\Renegade Paintball\\PaintballGame.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Symantec AntiVirus\\Smc.exe"=
"c:\\Program Files\\Symantec AntiVirus\\SNAC.EXE"=
"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=
"d:\\GAMES\\Runes of Magic\\launcher.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\USArmy\\America's Army 3\\Binaries\\AA3Game.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"d:\\GAMES\\Runes of Magic\\Client.exe"=
"c:\\WINDOWS\\system32\\hasplms.exe"=
"d:\\Steam\\steamapps\\dri_desi\\team fortress 2\\hl2.exe"=
"d:\\Steam\\steamapps\\common\\poker night at the inventory\\CelebrityPoker.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"6112:TCP"= 6112:TCP:rp
"6113:TCP"= 6113:TCP:rp
"6114:TCP"= 6114:TCP:rp

R0 enfilter;enfilter;c:\windows\system32\drivers\enfilter.sys [9/13/2010 9:22 PM 16512]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [11/7/2007 6:42 PM 685816]
R1 gsimrx;gsimrx;c:\windows\system32\drivers\gsimrx.sys [9/13/2010 9:22 PM 165952]
R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [7/6/2007 1:44 PM 33824]
R2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/29/2010 1:25 PM 363344]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [1/10/2011 4:00 PM 102448]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/29/2010 1:25 PM 20952]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/5/2010 8:59 PM 135664]
S3 enhd;enhd;c:\windows\system32\drivers\enhd.sys [9/13/2010 9:22 PM 19520]
S3 enportv;enportv;d:\encase6\Drivers\x32\enportv.sys [9/13/2010 9:22 PM 77760]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 4:49 AM 227232]
.
Contents of the 'Scheduled Tasks' folder

2011-01-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 19:50]

2011-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 04:59]

2011-01-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 04:59]

2011-01-15 c:\windows\Tasks\Norton Security Scan for Desi.job
- c:\program files\Norton Security Scan\Nss.exe [2008-09-19 12:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
DPF: Web-Based Email Tools - hxxp://email.secureserver.net/Download.CAB
DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://samsclubus.pnimedia.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
FF - ProfilePath - c:\documents and settings\Desi\Application Data\Mozilla\Firefox\Profiles\zt9jvtaf.default\
FF - prefs.js: browser.startup.homepage - hxxp://news.google.com/
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Starfield Zoom: zoomext@starfield - c:\program files\Mozilla Firefox\extensions\zoomext@starfield
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\Desi\Application Data\Move Networks
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-14 19:26
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2100)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2011-01-14 19:41:37
ComboFix-quarantined-files.txt 2011-01-15 03:41
ComboFix2.txt 2011-01-15 01:45
ComboFix3.txt 2011-01-14 23:47

Pre-Run: 2,156,724,224 bytes free
Post-Run: 2,135,687,168 bytes free

- - End Of File - - EA303FE862C81FDB417F3BC562452D0B
 
Good :)

How is computer doing?

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
do you want me to do the OTL first? MBAM found and deleted the files (do you want that log?) and it is rebooting.
 
here is the mbam log and I am going to run the tdss killer when done sending this

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5520

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/14/2011 7:56:51 PM
mbam-log-2011-01-14 (19-56-51).txt

Scan type: Quick scan
Objects scanned: 140582
Time elapsed: 2 minute(s), 52 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
c:\documents and settings\Desi\application data\cawxerbol\vlwlyfmusbs.exe (Trojan.Downloader) -> 3280 -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\yr87fk3d2dnszapq2 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qbiagdyg (Trojan.Downloader) -> Value: qbiagdyg -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\Desi\application data\cawxerbol\vlwlyfmusbs.exe (Trojan.Downloader) -> Delete on reboot.
c:\documents and settings\Desi\local settings\temp\0.006415587911326237.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\Desi\local settings\temp\google.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\Desi\local settings\temp\cawxerbol\vlwlyfmusbs.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
 
here is the tdss killer report:

2011/01/14 20:22:49.0078 TDSS rootkit removing tool 2.4.13.0 Jan 12 2011 09:51:11
2011/01/14 20:22:49.0078 ================================================================================
2011/01/14 20:22:49.0078 SystemInfo:
2011/01/14 20:22:49.0078
2011/01/14 20:22:49.0078 OS Version: 5.1.2600 ServicePack: 3.0
2011/01/14 20:22:49.0078 Product type: Workstation
2011/01/14 20:22:49.0078 ComputerName: FATAL1TY
2011/01/14 20:22:49.0078 UserName: Desi
2011/01/14 20:22:49.0078 Windows directory: C:\WINDOWS
2011/01/14 20:22:49.0078 System windows directory: C:\WINDOWS
2011/01/14 20:22:49.0078 Processor architecture: Intel x86
2011/01/14 20:22:49.0078 Number of processors: 2
2011/01/14 20:22:49.0078 Page size: 0x1000
2011/01/14 20:22:49.0078 Boot type: Normal boot
2011/01/14 20:22:49.0078 ================================================================================
2011/01/14 20:22:50.0578 Initialize success
2011/01/14 20:23:01.0000 ================================================================================
2011/01/14 20:23:01.0000 Scan started
2011/01/14 20:23:01.0000 Mode: Manual;
2011/01/14 20:23:01.0000 ================================================================================
2011/01/14 20:23:01.0250 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/01/14 20:23:01.0296 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/01/14 20:23:01.0343 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/01/14 20:23:01.0375 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/01/14 20:23:01.0453 aksfridge (730e9d3bb324fb1899005aea63c6782d) C:\WINDOWS\system32\drivers\aksfridge.sys
2011/01/14 20:23:01.0531 AnyDVD (38f5aaefb71100c294bd17190fb3f8d3) C:\WINDOWS\system32\Drivers\AnyDVD.sys
2011/01/14 20:23:01.0593 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/01/14 20:23:01.0718 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/01/14 20:23:01.0750 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/01/14 20:23:01.0812 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/01/14 20:23:01.0859 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/01/14 20:23:01.0890 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/01/14 20:23:01.0937 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
2011/01/14 20:23:01.0953 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
2011/01/14 20:23:02.0000 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys
2011/01/14 20:23:02.0031 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
2011/01/14 20:23:02.0078 CamDrL (cba8bce5bf67a3c619d5ce540bed9cf7) C:\WINDOWS\system32\DRIVERS\Camdrl.sys
2011/01/14 20:23:02.0187 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/01/14 20:23:02.0218 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/01/14 20:23:02.0281 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/01/14 20:23:02.0312 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/01/14 20:23:02.0343 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/01/14 20:23:02.0484 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
2011/01/14 20:23:02.0562 CVPNDRVA (720482888c3778f26eeb83d286a6cdc3) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
2011/01/14 20:23:02.0656 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/01/14 20:23:02.0718 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/01/14 20:23:02.0765 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/01/14 20:23:02.0796 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/01/14 20:23:02.0843 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/01/14 20:23:02.0890 DNE (86d52c32a308f84bbc626bff7c1fb710) C:\WINDOWS\system32\DRIVERS\dne2000.sys
2011/01/14 20:23:02.0937 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/01/14 20:23:02.0984 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2011/01/14 20:23:03.0015 ElbyCDIO (aaa8999a169e39fb8b48ae49cd6ac30a) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
2011/01/14 20:23:03.0031 enfilter (9a3cd230936ee3ae804324476583e374) C:\WINDOWS\system32\drivers\enfilter.sys
2011/01/14 20:23:03.0062 enhd (735a198ae291eca4bea9a266739b61cd) C:\WINDOWS\system32\drivers\enhd.sys
2011/01/14 20:23:03.0187 enportv (5a1c0cfdc7c68bf6e13e58abd60c1e98) D:\EnCase6\Drivers\x32\enportv.sys
2011/01/14 20:23:03.0218 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2011/01/14 20:23:03.0265 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/01/14 20:23:03.0281 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/01/14 20:23:03.0296 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/01/14 20:23:03.0328 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/01/14 20:23:03.0343 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/01/14 20:23:03.0375 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/01/14 20:23:03.0390 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/01/14 20:23:03.0437 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/01/14 20:23:03.0468 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/01/14 20:23:03.0484 gsimrx (ebe44fd8ea2ac2b5a84a9a465c5c88ff) C:\WINDOWS\system32\drivers\gsimrx.sys
2011/01/14 20:23:03.0531 hamachi (7929a161f9951d173ca9900fe7067391) C:\WINDOWS\system32\DRIVERS\hamachi.sys
2011/01/14 20:23:03.0562 hardlock (a9d587e31dbee3e9bd97fefece0ba874) C:\WINDOWS\system32\drivers\hardlock.sys
2011/01/14 20:23:03.0593 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/01/14 20:23:03.0609 HidBth (7bd2de4c85eb4241eed57672b16a7d8d) C:\WINDOWS\system32\DRIVERS\hidbth.sys
2011/01/14 20:23:03.0640 HidIr (bb1a6fb7d35a91e599973fa74a619056) C:\WINDOWS\system32\DRIVERS\hidir.sys
2011/01/14 20:23:03.0671 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/01/14 20:23:03.0734 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/01/14 20:23:03.0796 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
2011/01/14 20:23:03.0828 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/01/14 20:23:03.0968 IntcAzAudAddService (71ae838a88b07268d732f596fc17ced5) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/01/14 20:23:04.0046 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/01/14 20:23:04.0078 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/01/14 20:23:04.0125 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/01/14 20:23:04.0171 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/01/14 20:23:04.0203 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/01/14 20:23:04.0234 IrBus (b43b36b382aea10861f7c7a37f9d4ae2) C:\WINDOWS\system32\DRIVERS\IrBus.sys
2011/01/14 20:23:04.0281 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/01/14 20:23:04.0312 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/01/14 20:23:04.0343 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/01/14 20:23:04.0375 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/01/14 20:23:04.0421 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/01/14 20:23:04.0468 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/01/14 20:23:04.0562 LVUSBSta (c5efbd05a5195402121711a6ebbb271f) C:\WINDOWS\system32\drivers\lvusbsta.sys
2011/01/14 20:23:04.0593 MBAMProtector (836e0e09ca9869be7eb39ef2cf3602c7) C:\WINDOWS\system32\drivers\mbam.sys
2011/01/14 20:23:04.0625 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/01/14 20:23:04.0656 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/01/14 20:23:04.0703 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/01/14 20:23:04.0718 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/01/14 20:23:04.0734 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/01/14 20:23:04.0781 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/01/14 20:23:04.0812 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/01/14 20:23:04.0843 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/01/14 20:23:04.0875 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/01/14 20:23:04.0906 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/01/14 20:23:04.0953 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/01/14 20:23:04.0984 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/01/14 20:23:05.0031 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/01/14 20:23:05.0078 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/01/14 20:23:05.0125 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/01/14 20:23:05.0218 NAVENG (c8ef74e4d8105b1d02d58ea4734cf616) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110114.009\NAVENG.SYS
2011/01/14 20:23:05.0250 NAVEX15 (94b3164055d821a62944d9fe84036470) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110114.009\NAVEX15.SYS
2011/01/14 20:23:05.0312 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/01/14 20:23:05.0359 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/01/14 20:23:05.0421 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/01/14 20:23:05.0453 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/01/14 20:23:05.0500 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/01/14 20:23:05.0546 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/01/14 20:23:05.0578 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/01/14 20:23:05.0625 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/01/14 20:23:05.0671 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/01/14 20:23:05.0703 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/01/14 20:23:05.0750 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/01/14 20:23:05.0781 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/01/14 20:23:06.0015 nv (ed9816dbaf6689542ea7d022631906a1) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/01/14 20:23:06.0234 NVENETFD (cc34564bca235ebad8b308d871efa2df) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
2011/01/14 20:23:06.0265 nvnetbus (46fdb8d07dd4fc81093b0acb243a525d) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
2011/01/14 20:23:06.0312 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/01/14 20:23:06.0343 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/01/14 20:23:06.0390 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/01/14 20:23:06.0421 oreans32 (21dc5b289dce2d32a32baab7bcf29a6a) C:\WINDOWS\system32\drivers\oreans32.sys
2011/01/14 20:23:06.0437 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2011/01/14 20:23:06.0468 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/01/14 20:23:06.0484 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/01/14 20:23:06.0484 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/01/14 20:23:06.0515 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/01/14 20:23:06.0546 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/01/14 20:23:06.0718 Point32 (3b6973d60bde757c53bb76842d31318e) C:\WINDOWS\system32\DRIVERS\point32.sys
2011/01/14 20:23:06.0734 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/01/14 20:23:06.0765 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/01/14 20:23:06.0796 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/01/14 20:23:06.0843 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/01/14 20:23:07.0125 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/01/14 20:23:07.0234 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/01/14 20:23:07.0296 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/01/14 20:23:07.0359 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/01/14 20:23:07.0703 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/01/14 20:23:07.0750 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/01/14 20:23:07.0796 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/01/14 20:23:07.0843 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/01/14 20:23:07.0906 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/01/14 20:23:07.0968 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
2011/01/14 20:23:08.0031 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/01/14 20:23:08.0062 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2011/01/14 20:23:08.0093 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/01/14 20:23:08.0171 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/01/14 20:23:08.0281 SPBBCDrv (e621bb5839cf45fa477f48092edd2b40) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
2011/01/14 20:23:08.0328 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/01/14 20:23:08.0390 sptd (d390675b8ce45e5fb359338e5e649329) C:\WINDOWS\system32\Drivers\sptd.sys
2011/01/14 20:23:08.0390 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: d390675b8ce45e5fb359338e5e649329
2011/01/14 20:23:08.0390 sptd - detected Locked file (1)
2011/01/14 20:23:08.0453 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/01/14 20:23:08.0484 SRTSP (2abf82c8452ab0b9ffc74a2d5da91989) C:\WINDOWS\system32\Drivers\SRTSP.SYS
2011/01/14 20:23:08.0531 SRTSPL (e2f9e5887bea5bd8784d337e06eda31b) C:\WINDOWS\system32\Drivers\SRTSPL.SYS
2011/01/14 20:23:08.0578 SRTSPX (3b974c158fabd910186f98df8d3e23f3) C:\WINDOWS\system32\Drivers\SRTSPX.SYS
2011/01/14 20:23:08.0625 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/01/14 20:23:08.0656 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/01/14 20:23:08.0703 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/01/14 20:23:08.0734 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/01/14 20:23:08.0812 SymEvent (a54ff04bd6e75dc4d8cb6f3e352635e0) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
2011/01/14 20:23:08.0875 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/01/14 20:23:08.0953 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/01/14 20:23:09.0000 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/01/14 20:23:09.0031 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/01/14 20:23:09.0078 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/01/14 20:23:09.0171 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/01/14 20:23:09.0250 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/01/14 20:23:09.0312 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/01/14 20:23:09.0359 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/01/14 20:23:09.0375 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/01/14 20:23:09.0390 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/01/14 20:23:09.0437 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/01/14 20:23:09.0453 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/01/14 20:23:09.0500 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/01/14 20:23:09.0546 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/01/14 20:23:09.0578 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/01/14 20:23:09.0609 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/01/14 20:23:09.0671 VolSnap (0fd6d2221c85dafe1a1a149972463458) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/01/14 20:23:09.0671 Suspicious file (Forged): C:\WINDOWS\system32\drivers\VolSnap.sys. Real md5: 0fd6d2221c85dafe1a1a149972463458, Fake md5: 4c8fcb5cc53aab716d810740fe59d025
2011/01/14 20:23:09.0671 VolSnap - detected Rootkit.Win32.TDSS.tdl3 (0)
2011/01/14 20:23:09.0718 vsdatant (0354ba3a5ba5e28cc247eb5f5dd8793c) C:\WINDOWS\system32\vsdatant.sys
2011/01/14 20:23:09.0890 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/01/14 20:23:09.0953 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/01/14 20:23:10.0046 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/01/14 20:23:10.0171 ================================================================================
2011/01/14 20:23:10.0171 Scan finished
2011/01/14 20:23:10.0171 ================================================================================
2011/01/14 20:23:10.0187 Detected object count: 2
2011/01/14 20:23:39.0375 Locked file(sptd) - User select action: Skip
2011/01/14 20:23:39.0437 VolSnap (0fd6d2221c85dafe1a1a149972463458) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/01/14 20:23:39.0437 Suspicious file (Forged): C:\WINDOWS\system32\drivers\VolSnap.sys. Real md5: 0fd6d2221c85dafe1a1a149972463458, Fake md5: 4c8fcb5cc53aab716d810740fe59d025
2011/01/14 20:23:40.0203 Backup copy found, using it..
2011/01/14 20:23:40.0218 C:\WINDOWS\system32\drivers\VolSnap.sys - will be cured after reboot
2011/01/14 20:23:40.0218 Rootkit.Win32.TDSS.tdl3(VolSnap) - User select action: Cure
2011/01/14 20:23:55.0718 Deinitialize success
 
Aha, there was something...

I want you to delete your Combofix file, download fresh one and run new scan.
 
OTL text report part 1

OTL logfile created on: 1/14/2011 8:40:23 PM - Run 1
OTL by OldTimer - Version 3.2.20.2 Folder = C:\Documents and Settings\Desi\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 69.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29.29 Gb Total Space | 2.02 Gb Free Space | 6.89% Space Free | Partition Type: NTFS
Drive D: | 268.79 Gb Total Space | 95.52 Gb Free Space | 35.54% Space Free | Partition Type: NTFS

Computer Name: FATAL1TY | User Name: Desi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/14 19:51:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Desi\Desktop\OTL.exe
PRC - [2010/12/20 18:08:58 | 000,363,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010/12/20 18:08:56 | 000,443,728 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/01/15 04:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/10/29 15:27:48 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2009/10/29 15:27:46 | 001,864,888 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Smc.exe
PRC - [2009/10/29 15:27:46 | 001,455,432 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\SmcGui.exe
PRC - [2009/10/29 15:27:46 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2009/10/29 15:27:44 | 002,477,304 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2009/04/21 11:59:02 | 002,869,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) -- C:\WINDOWS\system32\hasplms.exe
PRC - [2008/08/29 12:58:16 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/14 16:46:38 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2005/07/19 17:32:18 | 000,221,184 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\LVCOMSX.EXE
PRC - [2005/06/08 15:14:44 | 000,217,088 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Video\LogiTray.exe
PRC - [2005/06/08 14:44:56 | 000,192,512 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Video\FxSvr2.exe


========== Modules (SafeList) ==========

MOD - [2011/01/14 19:51:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Desi\Desktop\OTL.exe
MOD - [2010/08/23 08:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/12/20 18:08:58 | 000,363,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/10/05 08:07:24 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/01/15 04:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/10/29 15:27:48 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2009/10/29 15:27:48 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2009/10/29 15:27:46 | 001,864,888 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Smc.exe -- (SmcService)
SRV - [2009/10/29 15:27:46 | 000,341,320 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec AntiVirus\SNAC.EXE -- (SNAC)
SRV - [2009/10/29 15:27:44 | 002,477,304 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2009/04/21 11:59:02 | 002,869,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Auto | Running] -- C:\WINDOWS\System32\hasplms.exe -- (hasplms)
SRV - [2009/03/20 19:10:15 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2008/08/29 12:58:16 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2006/05/12 15:04:08 | 000,439,248 | ---- | M] (RealVNC Ltd.) [Auto | Stopped] -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe -- (WinVNC4)


========== Driver Services (SafeList) ==========

DRV - [2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/12/16 01:00:00 | 001,360,760 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110114.009\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/12/16 01:00:00 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110114.009\NAVENG.SYS -- (NAVENG)
DRV - [2010/09/13 21:22:19 | 000,165,952 | ---- | M] (Guidance Software Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\gsimrx.sys -- (gsimrx)
DRV - [2010/09/13 21:22:17 | 000,019,520 | ---- | M] (Guidance Software Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\enhd.sys -- (enhd)
DRV - [2010/09/13 21:22:17 | 000,016,512 | ---- | M] (Guidance Software Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\enfilter.sys -- (enfilter)
DRV - [2010/09/13 21:22:16 | 000,077,760 | ---- | M] (Guidance Software Inc.) [Kernel | On_Demand | Stopped] -- D:\EnCase6\Drivers\x32\enportv.sys -- (enportv)
DRV - [2010/07/15 08:09:12 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/07/15 08:09:12 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/07/09 14:38:00 | 010,604,128 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2010/01/19 23:21:01 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/10/29 15:27:48 | 000,320,560 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2009/10/29 15:27:48 | 000,281,648 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)
DRV - [2009/10/29 15:27:48 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2009/10/29 15:27:42 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2009/07/09 13:18:56 | 000,587,776 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (hardlock)
DRV - [2009/01/16 11:42:28 | 000,352,256 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\aksfridge.sys -- (aksfridge)
DRV - [2008/08/29 12:57:18 | 000,306,299 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2008/04/13 10:45:34 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irbus.sys -- (IrBus)
DRV - [2008/04/13 09:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 08:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/03/29 16:36:28 | 000,125,328 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2007/12/18 20:46:49 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2007/11/30 07:23:02 | 000,097,216 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2007/11/14 16:05:16 | 000,394,952 | ---- | M] (Zone Labs, LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2007/11/07 18:42:50 | 000,685,816 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2007/08/07 11:48:33 | 000,025,160 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2007/07/06 13:44:56 | 000,033,824 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\oreans32.sys -- (oreans32)
DRV - [2007/01/18 17:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/04/17 00:31:26 | 004,262,912 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/03/21 21:24:02 | 000,018,944 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/03/21 21:24:00 | 000,052,736 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/05/27 09:31:28 | 000,022,016 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2004/10/08 11:59:12 | 000,326,656 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Camdrl.sys -- (CamDrL) Logitech QuickCam Pro 3000(CamDrl)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-220523388-1336601894-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-220523388-1336601894-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-220523388-1336601894-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-220523388-1336601894-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8075

========== FireFox ==========

FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "http://news.google.com/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.%(version)s
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: wbepaste@starfield:1.1
FF - prefs.js..extensions.enabledItems: zoomext@starfield:1.1
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.1
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/10 13:57:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/10 13:57:41 | 000,000,000 | ---D | M]

[2010/01/20 00:02:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Desi\Application Data\Mozilla\Extensions
[2011/01/14 08:05:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Desi\Application Data\Mozilla\Firefox\Profiles\zt9jvtaf.default\extensions
[2010/01/20 09:57:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Desi\Application Data\Mozilla\Firefox\Profiles\zt9jvtaf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/10/28 09:39:30 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Desi\Application Data\Mozilla\Firefox\Profiles\zt9jvtaf.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/01/14 07:18:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/03 22:18:59 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/04/30 12:14:00 | 000,000,000 | ---D | M] (Starfield Zoom) -- C:\Program Files\Mozilla Firefox\extensions\zoomext@starfield
[2010/03/23 21:46:40 | 000,000,000 | ---D | M] (Move Media Player) -- C:\DOCUMENTS AND SETTINGS\DESI\APPLICATION DATA\MOVE NETWORKS
[2010/02/19 13:11:50 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/04/30 12:14:00 | 000,000,000 | ---D | M] (WBE Paste) -- C:\PROGRAM FILES\STARFIELD\WEB-BASED EMAIL TOOLS
[2009/11/20 12:34:44 | 000,218,624 | ---- | M] (Starfield Technology, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwbe.dll

O1 HOSTS File: ([2011/01/14 15:28:37 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-220523388-1336601894-725345543-1003\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKU\S-1-5-21-220523388-1336601894-725345543-1003..\Run: [DAEMON Tools] C:\Program Files\DAEMON Tools\daemon.exe (DT Soft Ltd.)
O4 - HKU\S-1-5-21-220523388-1336601894-725345543-1003..\Run: [LogitechSoftwareUpdate] C:\Program Files\Logitech\Video\ManifestEngine.exe (Logitech Inc.)
O4 - HKU\S-1-5-21-220523388-1336601894-725345543-1003..\Run: [Steam] d:\steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-220523388-1336601894-725345543-1003..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = C:\WINDOWS\Installer\{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}\Icon3E5562ED7.ico ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-220523388-1336601894-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-220523388-1336601894-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-220523388-1336601894-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-220523388-1336601894-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab (Device Detection)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://samsclubus.pnimedia.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Web-Based Email Tools http://email.secureserver.net/Download.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.238.64.12
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/06/29 23:17:13 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\WINDOWS\System32\lhacm.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\LVCodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2011/01/14 20:22:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Desi\Desktop\tdsskiller
[2011/01/14 19:51:26 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Desi\Desktop\OTL.exe
[2011/01/14 19:50:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Desi\Application Data\cawxerbol
[2011/01/14 18:50:35 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/01/14 13:31:36 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/01/14 13:05:02 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/01/14 13:05:01 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/01/14 13:05:01 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/01/14 13:05:01 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/01/14 12:54:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/01/14 12:52:49 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/01/14 08:58:41 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Desi\Desktop\TFC.exe
[2011/01/05 16:28:01 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Desi\IECompatCache
[2011/01/03 22:18:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2011/01/03 22:18:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2011/01/03 22:16:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Desi\Start Menu\Programs\HDD Fix
[2010/12/31 21:30:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Desi\Local Settings\Application Data\Logitech-LS
[2010/12/31 21:23:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Logitech
[2010/12/31 21:22:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Logitech
[2010/12/31 21:22:41 | 000,029,795 | ---- | C] (Ingenient Technologies, Inc.) -- C:\WINDOWS\System32\ITIG726.acm
[2010/12/31 21:20:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2010/12/31 21:07:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Desi\Application Data\Logitech
[2010/12/31 21:03:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Desi\Application Data\Leadertech
[2010/12/31 21:01:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\LogiShrd
[2010/12/31 21:01:56 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2010/12/31 17:04:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2010/12/25 21:23:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2010/12/25 21:22:36 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/12/25 21:22:32 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/12/25 21:22:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/12/25 21:22:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2010/12/25 21:21:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Desi\Local Settings\Application Data\Apple
[2010/12/25 21:21:14 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/12/25 21:21:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer
[2010/12/25 21:21:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2010/12/25 21:20:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/12/25 21:20:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2010/12/21 22:59:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Desi\Local Settings\Application Data\cache
[2010/12/21 22:57:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Desi\Local Settings\Application Data\FullTiltPoker
[2010/12/21 22:56:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Full Tilt Poker
[2010/12/21 22:56:43 | 000,000,000 | ---D | C] -- C:\Program Files\Full Tilt Poker
[2010/12/18 15:54:09 | 026,015,000 | ---- | C] (Contour) -- C:\Contour-Storyteller-Installer.exe
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/01/14 20:30:01 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
[2011/01/14 20:29:27 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/01/14 20:29:26 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/01/14 20:25:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/01/14 20:21:37 | 001,231,390 | ---- | M] () -- C:\Documents and Settings\Desi\Desktop\tdsskiller.zip
[2011/01/14 19:51:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Desi\Desktop\OTL.exe
[2011/01/14 18:25:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/01/14 18:00:01 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for Desi.job
[2011/01/14 15:28:37 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/01/14 13:31:53 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/01/14 12:50:44 | 004,154,944 | R--- | M] () -- C:\Documents and Settings\Desi\Desktop\ComboFix.exe
[2011/01/14 12:49:11 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Desi\Desktop\MBRCheck.exe
[2011/01/14 10:25:09 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\Desi\Desktop\lio6xq45.exe
[2011/01/14 08:58:26 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Desi\Desktop\TFC.exe
[2011/01/09 09:29:28 | 000,000,084 | -H-- | M] () -- C:\WINDOWS\popcreg.dat
[2011/01/09 09:29:28 | 000,000,025 | ---- | M] () -- C:\WINDOWS\popcinfot.dat
[2011/01/07 17:04:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/01/04 19:54:52 | 002,490,368 | ---- | M] () -- C:\Documents and Settings\Desi\My Documents\AddressBook.mdb
[2011/01/04 07:18:49 | 000,000,264 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~cLDnjfdapEyJT2
[2011/01/04 07:18:49 | 000,000,152 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~cLDnjfdapEyJT2r
[2011/01/04 07:18:43 | 000,000,336 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\cLDnjfdapEyJT2
[2011/01/03 22:18:43 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/01/03 22:16:46 | 000,000,272 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~RdvLop1xz4R
[2011/01/03 22:16:46 | 000,000,152 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~RdvLop1xz4Rr
[2011/01/03 22:16:32 | 000,000,344 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\RdvLop1xz4R
[2010/12/31 21:23:20 | 000,001,648 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Logitech QuickCam.lnk
[2010/12/31 21:23:20 | 000,001,617 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\My Logitech Pictures.lnk
[2010/12/25 21:23:23 | 000,001,546 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/12/25 21:22:11 | 000,001,608 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/12/23 12:27:27 | 000,000,553 | ---- | M] () -- C:\WINDOWS\hegames.ini
[2010/12/21 22:56:59 | 000,000,782 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Full Tilt Poker.lnk
[2010/12/21 18:50:15 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/12/21 18:50:15 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/12/18 15:54:11 | 026,015,000 | ---- | M] (Contour) -- C:\Contour-Storyteller-Installer.exe
[2010/12/16 03:20:46 | 001,557,888 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/12/16 03:03:55 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/01/14 20:21:43 | 001,231,390 | ---- | C] () -- C:\Documents and Settings\Desi\Desktop\tdsskiller.zip
[2011/01/14 13:31:51 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/01/14 13:31:39 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/01/14 13:05:02 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/01/14 13:05:02 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/01/14 13:05:01 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/01/14 13:05:01 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/01/14 13:05:01 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/01/14 12:50:31 | 004,154,944 | R--- | C] () -- C:\Documents and Settings\Desi\Desktop\ComboFix.exe
[2011/01/14 12:49:13 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Desi\Desktop\MBRCheck.exe
[2011/01/14 10:25:27 | 000,296,448 | ---- | C] () -- C:\Documents and Settings\Desi\Desktop\lio6xq45.exe
[2011/01/04 07:18:49 | 000,000,264 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~cLDnjfdapEyJT2
[2011/01/04 07:18:49 | 000,000,152 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~cLDnjfdapEyJT2r
[2011/01/04 07:18:43 | 000,000,336 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\cLDnjfdapEyJT2
[2011/01/03 22:18:43 | 000,001,878 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/01/03 22:16:46 | 000,000,152 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~RdvLop1xz4Rr
[2011/01/03 22:16:45 | 000,000,272 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~RdvLop1xz4R
[2011/01/03 22:16:32 | 000,000,344 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\RdvLop1xz4R
[2010/12/31 21:23:20 | 000,001,648 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Logitech QuickCam.lnk
[2010/12/31 21:23:20 | 000,001,617 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\My Logitech Pictures.lnk
[2010/12/31 21:22:58 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\InstMed.exe
[2010/12/31 21:22:55 | 000,006,812 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/12/25 21:23:23 | 000,001,546 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/12/25 21:22:11 | 000,001,608 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/12/25 21:21:16 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/12/21 22:56:59 | 000,000,782 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Full Tilt Poker.lnk
[2010/12/21 18:50:15 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2010/12/21 18:50:15 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2010/11/21 10:59:20 | 000,196,072 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/10/21 09:17:32 | 000,000,553 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2010/10/19 10:38:12 | 000,000,247 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2010/10/19 08:46:24 | 000,000,030 | ---- | C] () -- C:\WINDOWS\POTATO.INI
[2010/10/06 09:17:46 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/10/05 08:46:41 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2010/09/13 21:22:18 | 000,017,464 | ---- | C] () -- C:\WINDOWS\System32\gsimrxnp.dll
[2010/03/29 06:07:44 | 001,970,176 | ---- | C] () -- C:\WINDOWS\System32\d3dx9.dll
[2010/01/31 10:07:24 | 000,139,152 | ---- | C] () -- C:\Documents and Settings\Desi\Application Data\PnkBstrK.sys
[2010/01/27 21:56:22 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\leverage.drm.log
[2010/01/27 21:06:23 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Desi\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/26 07:43:28 | 000,000,858 | ---- | C] () -- C:\WINDOWS\client.config.ini
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2008/08/29 12:58:26 | 000,197,408 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2008/08/29 12:58:16 | 000,193,312 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2007/12/14 15:55:11 | 000,000,040 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2007/11/21 11:26:20 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/11/16 07:15:52 | 000,000,450 | ---- | C] () -- C:\WINDOWS\ka.ini
[2007/11/07 18:42:50 | 000,685,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2007/07/06 22:20:34 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2007/07/06 18:32:44 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2007/07/06 14:48:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2007/07/06 13:44:56 | 000,033,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\oreans32.sys
[2007/06/29 23:27:26 | 000,000,164 | R--- | C] () -- C:\WINDOWS\avrack.ini
[2007/06/29 23:24:14 | 000,006,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\ALLOW-IO.SYS
[2007/06/29 16:08:31 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/03/19 06:15:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2007/03/19 06:15:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll

========== LOP Check ==========

[2010/01/28 07:15:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AA3DeployClient
[2010/11/11 13:47:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2010/06/26 17:57:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2007/12/14 15:55:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2011/01/14 12:48:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/11/11 14:16:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Visan
[2007/11/08 01:11:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/12/25 21:23:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/11/11 12:35:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Desi\Application Data\.oit
[2011/01/14 19:58:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Desi\Application Data\cawxerbol
[2010/04/14 07:53:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Desi\Application Data\fizzy
[2010/12/31 21:03:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Desi\Application Data\Leadertech
[2010/11/10 17:53:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Desi\Application Data\MyPublisher
[2007/08/27 20:33:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Desi\Application Data\Viewpoint

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2007/06/29 23:17:13 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/09/16 09:19:43 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/01/14 13:31:53 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2011/01/14 19:41:54 | 000,014,939 | ---- | M] () -- C:\ComboFix.txt
[2007/06/29 23:17:13 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/12/18 15:54:11 | 026,015,000 | ---- | M] (Contour) -- C:\Contour-Storyteller-Installer.exe
[2010/12/14 18:40:51 | 000,041,222 | ---- | M] () -- C:\IdleTrackingStream.txt
[2007/06/29 23:17:13 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2007/08/27 18:18:41 | 000,002,176 | -H-- | M] () -- C:\IPH.PH
[2010/01/29 00:38:33 | 005,061,512 | ---- | M] (Malwarebytes Corporation ) -- C:\mbam-setup.exe
[2007/06/29 23:17:13 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/12 05:25:07 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/01/20 01:32:31 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/01/14 20:25:44 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2010/01/29 09:08:09 | 003,550,592 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\procexp.exe
[2011/01/12 22:36:36 | 000,000,317 | ---- | M] () -- C:\rkill.log
[2011/01/14 20:23:55 | 000,044,110 | ---- | M] () -- C:\TDSSKiller.2.4.13.0_14.01.2011_20.22.49_log.txt

< %systemroot%\Fonts\*.com >
[2006/04/18 07:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 06:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 07:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 06:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2007/06/29 23:16:57 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 04:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2008/07/06 02:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2007/06/29 16:05:10 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2007/06/29 16:05:10 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2007/06/29 16:05:10 | 000,917,504 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2010/01/20 01:36:04 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2007/06/29 23:24:07 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Desi\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2007/06/29 23:24:07 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Desi\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2010/01/27 21:12:30 | 000,280,675 | ---- | M] () -- C:\Documents and Settings\Desi\Desktop\AA3DeployInstallerCS.exe
[2011/01/14 12:50:44 | 004,154,944 | R--- | M] () -- C:\Documents and Settings\Desi\Desktop\ComboFix.exe
[2011/01/14 10:25:09 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\Desi\Desktop\lio6xq45.exe
[2011/01/14 12:49:11 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Desi\Desktop\MBRCheck.exe
[2011/01/14 19:51:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Desi\Desktop\OTL.exe
[2011/01/14 08:58:26 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Desi\Desktop\TFC.exe
 
OTL text report part 2

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >
[2007/07/06 14:30:23 | 000,000,545 | ---- | M] () -- C:\Documents and Settings\Desi\My Documents\AA28FullInstaller_FileShack.exe
[2007/07/06 14:28:37 | 001,638,400 | ---- | M] (S.I. Computer Consulting, Inc.) -- C:\Documents and Settings\Desi\My Documents\AADownloadManager_full.exe
[2007/11/07 18:42:43 | 001,914,824 | ---- | M] (DT Soft Ltd.) -- C:\Documents and Settings\Desi\My Documents\daemon410-x86.exe
[2007/07/06 14:47:11 | 002,945,816 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Desi\My Documents\dotnetfx3setup.exe
[2007/08/01 19:45:27 | 001,005,832 | ---- | M] (LogMeIn Inc.) -- C:\Documents and Settings\Desi\My Documents\HamachiSetup-1.0.2.2-en.exe
[2010/09/03 12:15:58 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Desi\My Documents\mbam-setup-1.46.exe
[2010/01/29 00:38:33 | 005,061,512 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Desi\My Documents\mbam-setup.exe
[2010/06/26 17:56:03 | 032,320,248 | ---- | M] () -- C:\Documents and Settings\Desi\My Documents\PlantsVsZombiesSetup.exe
[2010/01/29 09:08:09 | 003,550,592 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\Desi\My Documents\procexp.exe
[2007/07/30 19:34:35 | 000,899,414 | ---- | M] () -- C:\Documents and Settings\Desi\My Documents\SetupDVDDecrypter_3.5.4.0.exe
[2007/08/20 16:19:47 | 005,862,994 | ---- | M] () -- C:\Documents and Settings\Desi\My Documents\ts2_client_rc2_2032.exe
[2007/12/14 21:27:41 | 002,732,032 | ---- | M] () -- C:\Documents and Settings\Desi\My Documents\ventrilo-3.0.1-Windows-i386.exe

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2007/06/29 23:24:07 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Desi\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2011/01/14 20:30:22 | 001,146,880 | ---- | M] () -- C:\Documents and Settings\Desi\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2005/01/28 13:44:28 | 000,192,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/13 16:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2004/08/04 00:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2004/08/04 00:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2008/05/02 06:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/13 09:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/13 16:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2007/04/02 10:07:23 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2007/04/02 10:07:23 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2007/04/02 10:07:24 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2004/08/04 00:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/08/04 00:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


< End of report >
 
Status
Not open for further replies.
Back